MC1142620 - Microsoft Defender Core Service coming to Windows Server 2012 R2 and Windows Server 2016

Introduction

We’re introducing the Microsoft Defender Core service for Windows Server 2012 R2 and Windows Server 2016. This new service enhances the stability and performance of Microsoft Defender Antivirus, helping organizations strengthen endpoint protection on legacy server platforms.

• Public Preview: Begins August 28, 2025, via the Beta channel (Prerelease).
• General Availability: Rollout begins in mid-September 2025 across all rings and completes by early October 2025.

The Microsoft Defender Core service will be installed alongside Microsoft Defender Antivirus on supported Windows Server 2012 R2 and Windows Server 2016 running the unified Microsoft Defender for Endpoint client. This service improves performance and reliability but does not change existing antivirus functionality or configurations.

This feature will be enabled by default once the platform is updated to the required version.

• Update the Microsoft Defender platform to version 4.18.25060.7-0 or newer.
• Allow the following URLs:
• Commercial: *.events.data.microsoft.com, *.endpoint.security.microsoft.com, *.ecs.office.com
• For US Gov, the ECS URLs are:
• GCC Mod: *.gccmod.ecs.office.com
• GCC High: *.config.ecs.gov.teams.microsoft.us
• DOD: *.config.ecs.dod.teams.microsoft.us
• If using an Application Control application or running a third-party AV and/or EDR, add the following process to the allowed list:
• MdCoreSvc – MpDefenderCoreService.exe

Learn about the prerequisites.

No compliance considerations identified, review as appropriate for your organization.