M365 Archive

MC687846 - New Microsoft Defender Antivirus services on Windows Devices

Message Center

This announcement expired on Aug 26, 2024 and is no longer active in Message Center.

Summary

Microsoft Defender Antivirus on Windows 10 and Windows 11 will be shipping with a new service called Microsoft Defender Core service. The rollout will occur in stages, starting with a preview in November 2023 and worldwide rollout in April 2024. To prepare, users need to update the Platform Update to the latest version and allow specific URLs. If using an Application Control application or running a 3rd party AV and/or EDR, add the Microsoft Defender Core Service process to the allowed list.

Message ID

MC687846

View in Message Center

Last Updated

Jul 5, 2024

Published Nov 7, 2023

View version history

Service

Microsoft Defender XDR

Tag

Updated message
New feature
User impact
Admin impact

More information

Updated July 5, 2024: We have updated the rollout timeline and content below. Thank you for your patience.

Microsoft Defender Antivirus on Windows 10 and Windows 11 will be shipping with a new service:

  • Microsoft Defender Core service.

When this will happen:

Preview: November ‘23 to Beta channel (Prerelease).

Worldwide: We will roll out to all rings (Current Channel (Preview), Current Channel (Staged) and Current Channel (Broad)) during late April 2024 (previously mid-April).

GCC Moderate, GCC High and DOD: We will roll out to all rings (Current Channel (Preview), Current Channel (Staged) and Current Channel (Broad)) during mid-July 2024 (previously late June).

How this will affect your organization:

To enhance your endpoint security experience, we are shipping the Microsoft Defender Core service which will help with stability and performance of Microsoft Defender Antivirus.

What you need to do to prepare:

  1. Update the Platform Update to the latest version 4.18.23110.0 or newer
  2. Allow the following URL’s:
    • Commercial:
      • *.events.data.microsoft.com
      • *.endpoint.security.microsoft.com
      • *.ecs.office.com
    • For US Gov, the ECS URL’s are:
      • GCC Mod: *.gccmod.ecs.office.com
      • GCC High: *.config.ecs.gov.teams.microsoft.us
      • DOD: *.config.ecs.dod.teams.microsoft.us
  3. If using an Application Control application or running a 3rd party AV and/or EDR, add the following process to the allowed list.
    • Microsoft Defender Core Service – MdCoreSvc - MpDefenderCoreService.exe


Version history

6 versions tracked

Updated 5 times since Jan 12, 2024. Microsoft Message Center only ever shows the current version; this archive preserves the history.

Compare latest to previous (v5)Compare latest to original (v1)

Compare any two versions

From
To
  1. Jul 5, 2024 · 05:07 PMLatest · v6

    Changed: Body, End date

  2. Jun 21, 2024 · 05:58 PMv5

    Changed: Body

    View this versionCompare to latest
  3. Apr 18, 2024 · 10:37 PMv4

    Changed: Body

    View this versionCompare to latest
  4. Mar 5, 2024 · 09:44 PMv3

    Changed: Body, End date

    View this versionCompare to latest
  5. Jan 12, 2024 · 11:25 PMv2

    Changed: Body

    View this versionCompare to latest
  6. Jan 12, 2024 · 11:25 PMOriginal · v1

    Changed: Initial version

    View this versionCompare to latest