Introduction
We’re introducing the Microsoft Defender Core service for Windows Server 2012 R2 and Windows Server 2016. This new service enhances the stability and performance of Microsoft Defender Antivirus, helping organizations strengthen endpoint protection on legacy server platforms.
When this will happen
- Public Preview: Begins August 28, 2025, via the Beta channel (Prerelease).
- General Availability: Rollout begins in mid-September 2025 across all rings and completes by early October 2025.
How this affects your organizationThe Microsoft Defender Core service will be installed alongside Microsoft Defender Antivirus on supported Windows Server 2012 R2 and Windows Server 2016 running the unified Microsoft Defender for Endpoint client. This service improves performance and reliability but does not change existing antivirus functionality or configurations.
This feature will be enabled by default once the platform is updated to the required version.
What you can do to prepare:
- Update the Microsoft Defender platform to version
4.18.25060.7-0 or newer.
- Allow the following URLs:
- Commercial:
*.events.data.microsoft.com, *.endpoint.security.microsoft.com, *.ecs.office.com
- For US Gov, the ECS URLs are:
- GCC Mod:
*.gccmod.ecs.office.com
- GCC High:
*.config.ecs.gov.teams.microsoft.us
- DOD:
*.config.ecs.dod.teams.microsoft.us
- If using an Application Control application or running a third-party AV and/or EDR, add the following process to the allowed list:
MdCoreSvc – MpDefenderCoreService.exe
Learn about the prerequisites.
Compliance considerationsNo compliance considerations identified, review as appropriate for your organization.