Summary
Details
Introduction
We’re introducing the Microsoft Defender Core service for Windows Server 2012 R2 and Windows Server 2016. This new service enhances the stability and performance of Microsoft Defender Antivirus, helping organizations strengthen endpoint protection on legacy server platforms.
When this will happen- Public Preview: Begins August 28, 2025, via the Beta channel (Prerelease).
- General Availability: Rollout begins in mid-September 2025 across all rings and completes by early October 2025.
The Microsoft Defender Core service will be installed alongside Microsoft Defender Antivirus on supported Windows Server 2012 R2 and Windows Server 2016 running the unified Microsoft Defender for Endpoint client. This service improves performance and reliability but does not change existing antivirus functionality or configurations.
This feature will be enabled by default once the platform is updated to the required version.
- Update the Microsoft Defender platform to version
4.18.25060.7-0or newer. - Allow the following URLs:
- Commercial:
*.events.data.microsoft.com,*.endpoint.security.microsoft.com,*.ecs.office.com - For US Gov, the ECS URLs are:
- GCC Mod:
*.gccmod.ecs.office.com - GCC High:
*.config.ecs.gov.teams.microsoft.us - DOD:
*.config.ecs.dod.teams.microsoft.us - If using an Application Control application or running a third-party AV and/or EDR, add the following process to the allowed list:
MdCoreSvc–MpDefenderCoreService.exe
Learn about the prerequisites.
No compliance considerations identified, review as appropriate for your organization.
Change History
Never Miss a Microsoft 365 Update
Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.