Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes releases of Microsoft Defender for Endpoint across Windows, macOS, Linux, Android, and iOS in the past six months.
To learn about Microsoft Defender for Endpoint features that aren't version-specific, see What's new in Microsoft Defender for Endpoint.
Who should read this article
This page is intended primarily for customers with a Microsoft Defender for Endpoint license who regularly deploy, maintain, or validate Defender for Endpoint across their organization. These customers can use this page to find supported releases, component updates, and platform requirements as part of installing and operating Defender for Endpoint in their environments.
For more information on Defender for Endpoint plans and licenses, see the Microsoft 365 licensing guidance.
All supported releases by date
This table includes supported releases for all supported platforms in the past six months. Each release includes a link to the full release details section.
| OS | Build | Month released | Details | Learn more |
|---|---|---|---|---|
| macOS | 101.26012.0012 | February 2026 | - Release version: 20.126012.12.0 - Engine version: 1.1.25100.4000 - Signature version: 1.439.74.0 |
Release details and updates |
| macOS | 101.25122.0008 | February 2026 | - Release version: 20.125122.8.0 - Engine version: 1.1.25100.4000 - Signature version: 1.439.74.0 |
Release details and updates |
| Linux | 101.25122.0004 | February 2026 | - Release version: 30.125122.0004.0 - Engine version: 1.1.25110.3002 - Signature version: 1.443.508.0 |
Release details and updates |
| macOS | 101.25122.0007 | January 2026 | - Release version: 20.125122.7.0 - Engine version: 1.1.25100.3000 - Signature version: 1.443.820.0 |
Release details and updates |
| macOS | 101.25122.0006 | January 2026 | - Release version: 20.125122.6.0 - Engine version: 1.1.25100.4000 - Signature version: 1.439.74.0 |
Release details and updates |
| Windows Antivirus | Platform 4.18.26010.5 / Engine 1.1.26010.1 | January 2026 | - Platform: 4.18.26010.5 - Engine: 1.1.26010.1 - Security intelligence: 1.443.820.0 |
Release details and updates |
| Linux | 101.25102.0005 | January 2026 | - Release version: 30.125102.0005.0 - Engine version: 1.1.25090.6000 - Signature version: 1.439.338.0 |
Release details and updates |
| Linux | 101.25092.0005 | December 2025 | - Release version: 30.125092.0005.0 - Engine version: 1.1.25090.4000 - Signature version: 1.437.18.0 |
Release details and updates |
| Linux | 101.25092.0002 | December 2025 | - Release version: 30.125092.0002.0 - Engine version: 1.1.25090.4000 - Signature version: 1.437.18.0 |
Release details and updates |
| Android | 1.0.8412.0101 | December 2025 | - Build: 1.0.8412.0101 - Released: December 15, 2025 |
Release details and updates |
| Android | 1.0.8321.0101 | December 2025 | - Build: 1.0.8321.0101 - Released: December 2, 2025 |
Release details and updates |
| macOS | 101.25102.0019 | December 2025 | - Release version: 20.125102.19.0 - Engine version: 1.1.25090.2000 - Signature version: 1.435.600.0 |
Release details and updates |
| Linux | 101.25102.0003 | November 2025 | - Release version: 30.125102.0003.0 - Engine version: 1.1.25090.6000 - Signature version: 1.439.338.0 |
Release details and updates |
| Windows Antivirus | 4.18.25110.6 | November 2025 | - Platform: 4.18.25110.6 - Engine: 1.1.25110.1 - Security intelligence: 1.443.6.0 |
Release details and updates |
| iOS | 1.1.70290103 | November 2025 | - Build: 1.1.70290103 - Released: November 6, 2025 |
Release details and updates |
| Android | 1.0.8315.0101 | November 2025 | - Build: 1.0.8315.0101 - Released: November 17, 2025 |
Release details and updates |
| Android | 1.0.8303.0101 | November 2025 | - Build: 1.0.8303.0101 - Released: November 4, 2025 |
Release details and updates |
| macOS | 101.25102.0016 | November 2025 | - Release version: 20.125102.16.0 - Engine version: 1.1.25090.2000 - Signature version: 1.435.600.0 |
Release details and updates |
| iOS | 1.1.70230101 | October 2025 | - Build: 1.1.70230101 - Released: October 26, 2025 |
Release details and updates |
| iOS | 1.1.69250104 | October 2025 | - Build: 1.1.69250104 - Released: October 7, 2025 |
Release details and updates |
| Android | 1.0.8217.0101 | October 2025 | - Build: 1.0.8217.0101 - Released: October 28, 2025 |
Release details and updates |
| Android | 1.0.8201.0101 | October 2025 | - Build: 1.0.8201.0101 - Released: October 2, 2025 |
Release details and updates |
| macOS | 101.25082.0006 | October 2025 | - Release version: 20.125082.6.0 - Engine version: 1.1.25070.3000 - Signature version: 1.437.276.0 |
Release details and updates |
| Linux | 101.25092.0001 | October 2025 | - Release version: 30.125092.0001.0 - Engine version: 1.1.25090.6000 - Signature version: 1.439.558.0 |
Release details and updates |
| Windows Antivirus | 4.18.25100.9008 | October 2025 | - Platform: 4.18.25100.9008 - Engine: 1.1.25100.9002 - Security intelligence: 1.441.131.0 |
Release details and updates |
| iOS | 1.1.68200103 | September 2025 | - Build: 1.1.68200103 - Released: September 4, 2025 |
Release details and updates |
| Android | 1.0.8102.0101 | September 2025 | - Build: 1.0.8102.0101 - Released: September 4, 2025 |
Release details and updates |
| Linux | 101.25082.0003 | September 2025 | - Release version: 30.125082.0003.0 - Engine version: 1.1.25070.4000 - Signature version: 1.435.242.0 |
Release details and updates |
| Linux | 101.25072.0003 | September 2025 | - Release version: 30.125072.0003.0 - Engine version: 1.1.25060.4000 - Signature version: 1.431.4.0 |
Release details and updates |
| macOS | 101.25072.0011 | September 2025 | - Release version: 20.125072.11.0 - Engine version: 1.1.25060.3000 - Signature version: 1.429.309.0 |
Release details and updates |
| iOS | 1.1.68140102 | August 2025 | - Build: 1.1.68140102 - Released: August 19, 2025 |
Release details and updates |
| Android | 1.0.8018.0103 | August 2025 | - Build: 1.0.8018.0103 - Released: August 19, 2025 |
Release details and updates |
| Linux | 101.25062.0003 | August 2025 | - Release version: 30.125062.0003.0 - Engine version: 1.1.25040.4000 - Signature version: 1.429.442.0 |
Release details and updates |
| iOS | 1.1.67040101 | July 2025 | - Build: 1.1.67040101 - Released: July 8, 2025 |
Release details and updates |
| Android | 1.0.7901.0101 | July 2025 | - Build: 1.0.7901.0101 - Released: July 10, 2025 |
Release details and updates |
| Windows | 10.8797.25857.1000 | May 2025 | Supported on: Windows 11 24H2, Windows 11 23H2, Windows 10 22/H2 | Release KBs and updates |
| Windows | 10.8760.27617.1006 | July 2024 | Supported on: Windows 11 24H2, Windows 11 23H2, Windows 10 22/H2 | Release KBs and updates |
Windows releases
This section covers Microsoft Defender for Endpoint EDR MsSense.exe versions. You can also check the file information section in the monthly cumulative rollup updates in the following articles:
- Windows 11 release information
- Windows 10 updates
- Windows Server 2022 updates
- Windows Server 2019 updates
- Windows Server 2025 updates
Windows | May 2025 | 10.8797.25857.1000
Release details
| OS | KB |
|---|---|
| Windows 11 24H2 | KB5058499 |
| Windows 11 23H2 | KB5058502 |
| Windows 10 22/H2 | KB5058481 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Data Loss Prevention (DLP) | Improved Cold Data Scan performance and reliability; general stability enhancements. |
| Identity | Expanded AD entity sync; more entity types and attributes for better visibility. |
| Threat protection | User contaminant improvements. |
| Network Detection & Response (NDR) | Enhanced data telemetry for better insights. |
| SOC experience | Faster, more complete data collection and detection; improved offline environment handling. |
Windows | July 2024 | 10.8760.27617.1006
Release details
| OS | KB |
|---|---|
| Windows 11 24H2 | KB5041865 |
| Windows 11 23H2, Windows 11 22H | KB5041587 |
| Windows 11 21H2 | KB5043067 |
| Windows 10 22H2 | KB5041582 |
| Windows Server 2022 and later | KB5042881 |
| Windows Server 2019 | KB5043050 |
| Windows Server 2016, Windows Server 2012 R2 | KB5005292 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Data Loss Prevention (DLP) | Scoped classification (Know Your Data policy) and activity events across workloads; device group discovery and scoping for custom policy; OCR URL caching for improved image classification performance. |
macOS releases
Defender for Endpoint supports macOS version 15.0.1 or newer. macOS 11 (Big Sur) and 12 (Monterey) are no longer supported.
To share feedback, open Defender for Endpoint on macOS and go to Help > Send feedback.
To get latest features, configure your device for the Beta channel (formerly Insider-Fast) device.
For known issues, see macOS known issues.
macOS | February-2026 | 101.26012.0012
Versions
| Release version | Engine version | Signature version |
|---|---|---|
| 20.126012.12.0 | 1.1.25100.4000 | 1.439.74.0 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| General | CVE‑2025‑68664/5 LangGrinch (langchain vulnerability) |
| General | Mitigation for a possible EDLP performance issue related to MDM profile behavior |
| General | Device Control - policy conditional on secure digital card details |
| General | Bug and performance fixes |
macOS | February 2026 | 101.25122.0008
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 20.125122.8.0 | 1.1.25100.4000 | 1.439.74.0 |
Enhancements and features
Bug and performance fixes
macOS | January 2026 | 101.25122.0007
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 20.125122.7.0 | 1.1.25100.4000 | 1.439.74.0 |
Enhancements and features
Bug and performance fixes
macOS | January 2026 | 101.25122.0006
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 20.125122.6.0 | 1.1.25100.4000 | 1.439.74.0 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| General | Bug and performance fixes. |
macOS | December 2025 | 101.25102.0019
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 20.125102.19.0 | 1.1.25090.2000 | 1.435.600.0 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Vulnerability Management | CVE-2025-55182 (React2Shell) - Microsoft Defender Vulnerability Management (MDVM) can now surface devices that this vulnerability may affect. |
macOS | November 2025 | 101.25102.0016
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 20.125102.16.0 | 1.1.25090.2000 | 1.435.600.0 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| General | Bug and performance fixes. |
macOS | October 2025 | 101.25082.0006
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 20.125082.6.0 | 1.1.25070.3000 | 1.437.276.0 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| General | Bug and performance fixes. |
macOS | September 2025 | 101.25072.0011
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 20.125072.11.0 | 1.1.25060.3000 | 1.429.309.0 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Malware detection | Enhanced detection timing and archive scanning improvements. |
| Diagnostics | Improved diagnostic capabilities and error reporting. |
| Data Loss Prevention (DLP) | Performance and diagnostic improvements for endpoint DLP. |
| General | Bug fixes. |
macOS known issues
In version 2506 (101.25062.0005), attempts to upgrade Microsoft Defender for Endpoint on macOS consistently failed. Other versions of Defender are not impacted. To overcome this issue, there is a supported workaround for supported macOS versions and beta versions of macOS 26. The instructions for the workaround can be found here.
Apple fixed an issue on macOS Ventura upgrade and macOS Sonoma upgrade with the latest OS update. The issue impacts Defender for Endpoint security extensions, and might result in losing Full Disk Access Authorization, impacting the ability of Defender for Endpoint to function properly.
In macOS Sonoma 14.3.1, Apple made a change to the handling of Bluetooth devices that impacts Defender for Endpoint device control's ability to intercept and block access to Bluetooth devices. At this time, the recommended mitigation is to use a version of macOS earlier than 14.3.1.
In macOS Sequoia (version 15.0), if you have Network Protection enabled, you might see crashes of the network extension (NetExt). This issue results in intermittent network connectivity issues for end users. Upgrade to macOS Sequoia version 15.1 or newer.
On macOS Sequoia (Version 15.0 - 15.1.1), users might encounter prompts about incoming network connections from applications when the native firewall is active.
If an end user encounters a prompt for Defender for Endpoint on macOS processes such as wdavdaemon_enterprise or Microsoft Defender Helper, the end user can safely choose the Deny option. This selection doesn't affect Defender for Endpoint's functionality. Enterprises can also add Microsoft Defender to allow incoming connections. This issue is fixed in macOS Sequoia 15.2.
Linux releases
Defender for Endpoint on Linux is updated regularly. While security fixes are included as part of monthly releases, the fixes aren't always listed as a separate Security Patch item in these notes. If a release contains security-related updates, the updates are listed in this article in the specific version section.
For detailed information on Microsoft security updates, see the Microsoft Security Update Guide.
Important
Starting with version 101.24082.0004, Defender for Endpoint on Linux no longer supports the Auditd event provider. We're transitioning completely to the more efficient eBPF technology. This change allows for better performance, reduced resource consumption, and overall improved stability. eBPF support is available since August 2023, and is fully integrated into all updates of Defender for Endpoint on Linux (version 101.23082.0006 and later). We strongly encourage you to adopt the eBPF build, as it provides significant enhancements over Auditd. If eBPF isn't supported on your machines, or if there are specific requirements to remain on Auditd, you have the following options:
- Continue to use Defender for Endpoint on Linux build
101.24072.0000with Auditd. This build continues to be supported for several months, so you have time to plan and execute your migration to eBPF. - If you are on versions later than
101.24072.0000, Defender for Endpoint on Linux relies onnetlinkas a backup supplementary event provider. If a fallback occurs, all operations continue to flow seamlessly. - Review your current Defender for Endpoint on Linux deployment, and begin planning your migration to the eBPF-supported build. For more information on eBPF and how it works, see Use eBPF-based sensor for Microsoft Defender for Endpoint on Linux.
If you have any concerns or need assistance during this transition, contact support.
Linux | February 2026 | 101.25122.0004
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 30.125122.0004.0 | 1.1.25110.3002 | 1.443.508.0 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Network configuration | The following URLs must be allowed to enable Defender on Linux endpoints to receive internal configurations from the cloud: For commercial customers: https://config.edge.skype.com/config/v1 (default)Note: The "skype" string in this URL is a legacy artifact, unrelated to Skype, and retained solely for backward compatibility. For DoD customers: https://config.ecs.dod.teams.microsoft.us/config/v1For GCC High customers: https://config.ecs.gov.teams.microsoft.us/config/v1For GCC Mod customers: https://gccmod.ecs.office.com/config/v1For all the URLs that Linux server endpoints should be able to access, see: - Microsoft Defender for Endpoint streamlined connectivity URLs - commercial (commercial customers) - Microsoft Defender for Endpoint streamlined connectivity URLs - US government environments (US Government customers). |
| Identity | Username information is now preserved for login events including nonexistent users. |
| Diagnostics | Improved validation logic for log file permissions to provide more accurate mdatp health status reporting. |
Linux | January 2026 | 101.25102.0005
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 30.125102.0005.0 | 1.1.25090.6000 | 1.439.338.0 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Vulnerability detection | Enhanced vulnerability detection for React components through improved telemetry. This feature includes support for identifying (CVE-2025-55182), providing more comprehensive security coverage for React-based applications. |
| Agent optimization | Agent process handling is now streamlined by removing the dependency on telemetryd_v2, enabling more efficient and consistent telemetry collection. This change applies to builds 101.24062.0001 and later, with no impact on functionality, data collection, or customer configurations. All features remain intact, and no customer action is required. |
| Platform support | Added support for Debian 13. |
Linux | December 2025 | 101.25092.0005
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 30.125092.0005.0 | 1.1.25090.4000 | 1.437.18.0 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Vulnerability detection | Enhanced vulnerability detection for vulnerable React components through deeper component analysis and enhanced telemetry. This includes support for identifying (CVE-2025-55182), providing more complete security coverage for React-based applications. |
Linux | December 2025 | 101.25092.0002
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 30.125092.0002.0 | 1.1.25090.4000 | 1.437.18.0 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Critical fix | Includes critical fix related to machine identifier ensuring every endpoint is accurately identified as a unique device. |
Linux | November 2025 | 101.25102.0003
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 30.125102.0003.0 | 1.1.25090.6000 | 1.439.338.0 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Library updates | Openssl library is upgraded to version 3.6.0 |
| Library updates | Libcurl library is upgraded to version 8.16.0 |
| Engine updates | The default engine version is now updated to 1.1.25090.6000, and the default signature version is now updated to 1.439.338.0. |
Linux | October 2025 | 101.25092.0001
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 30.125092.0001.0 | 1.1.25090.6000 | 1.439.558.0 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Platform support | Added support for RHEL 10. |
| Engine resiliency | Enhanced engine resiliency through automatic error recovery, preventing excessive logging and minimizing downtime to improve overall reliability. |
| General | Other quality and stability fixes. |
Linux | September 2025 | 101.25082.0003 (Build 1)
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 30.125082.0003.0 | 1.1.25070.4000 | 1.435.242.0 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Vulnerability detection | Vulnerability detection for Langflow, an open-source Python framework for building AI workflows and agents, is now enhanced with dynamic detection using advanced telemetry and Python package scanning. This feature includes the detection of CVE-2025-3248 with a CVSS score of 9.8. |
| Diagnostics | Client Analyzer is now bundled directly within the MDE package, eliminating the need for separate downloads. Both the binary and Python versions are included by default and can be found at /opt/microsoft/mdatp/tools/client_analyzer/. |
| General | Other quality and stability fixes. |
Linux | September 2025 | 101.25072.0003 (Build 2)
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 30.125072.0003.0 | 1.1.25060.4000 | 1.431.4.0 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Device management | Fixed issue to generate unique machine identifiers for each onboarded device—especially useful when deploying Microsoft Defender via Golden image. |
| General | Other stability enhancements and bug fixes. |
Linux | August 2025 | 101.25062.0003
Release details
| Release version | Engine version | Signature version |
|---|---|---|
| 30.125062.0003.0 | 1.1.25040.4000 | 1.429.442.0 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Installation | Defender for Endpoint on Linux now supports installation to a custom location (preview). Support for this feature is being added to the installer script. |
| Security | The mdatp threat quarantine add command now requires superuser (root) privileges. |
| Configuration | Custom definition path can now be updated without stopping Defender for Endpoint, improving operational efficiency and reducing downtime. |
| Compatibility | Running Defender for Endpoint on Linux alongside Fapolicyd is now supported on RHEL and Fedora-based distributions, enabling both antivirus and EDR functionality to operate without conflict. |
| General | Other stability enhancements and bug fixes. |
Android releases
See the full list of Android UX improvements.
Android | December 2025 | 1.0.8412.0101
Release details
| Build | Release Date |
|---|---|
| 1.0.8412.0101 | December 15, 2025 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| General | Performance improvement and bug fixes. |
Android | December 2025 | 1.0.8321.0101
Release details
| Build | Release Date |
|---|---|
| 1.0.8321.0101 | December 2, 2025 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Root detection | Native root detection for Microsoft Defender is now GA. |
| General | Performance improvement and bug fixes. |
Android | November 2025 | 1.0.8315.0101
Release details
| Build | Release Date |
|---|---|
| 1.0.8315.0101 | November 17, 2025 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Root detection | Native root detection for Microsoft Defender is now in preview. |
| General | Performance improvement and bug fixes. |
Android | November 2025 | 1.0.8303.0101
Release details
| Build | Release Date |
|---|---|
| 1.0.8303.0101 | November 4, 2025 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| User experience | Improved user feedback experience and added landscape mode UI support for the Defender app. Learn more |
| Telemetry | Telemetry features to improve app performance monitoring and detect specific scenarios, such as entering landscape mode or invalid authentication attempts. |
| Configuration | Fixed the bug where feedback sending wasn't disabled in Defender app despite 'Control Feedback Sending' key being disabled (set as 0) in Intune app configuration. |
Android | October 2025 | 1.0.8217.0101
Release details
| Build | Release Date |
|---|---|
| 1.0.8217.0101 | October 28, 2025 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| User interface | Refreshed the Defender app with a new icon. |
Android | October 2025 | 1.0.8201.0101
Release details
| Build | Release Date |
|---|---|
| 1.0.8201.0101 | October 2, 2025 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| User experience | Improved UX experience for the onboarding screens. Learn more |
| Global Secure Access | Kerberos SSO support on Android (GA): Kerberos SSO experience for users on Android devices with Global Secure Access is now supported. Users need to install and configure a third-party SSO client. |
| General | Performance Improvement and bug fixes. |
Android | September 2025 | 1.0.8102.0101
Release details
| Build | Release Date |
|---|---|
| 1.0.8102.0101 | September 4, 2025 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Authentication | Resolved the sign-in loop issue for shared device mode. Now, if a user attempts to sign in on a shared device that doesn't support Defender for Endpoint on mobile, the user is redirected back to the sign-in page. |
| Accessibility | Other accessibility bug fixes and performance improvements. |
Android | August 2025 | 1.0.8018.0103
Release details
| Build | Release Date |
|---|---|
| 1.0.8018.0103 | August 19, 2025 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| General | Performance improvements and bug fixes. |
Android | July 2025 | 1.0.7901.0101
Release details
| Build | Release Date |
|---|---|
| 1.0.7901.0101 | July 10, 2025 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| User experience | UX Improvement for home page and tiles screens. Learn more |
iOS releases
For the latest UX improvements, see iOS UX improvements.
iOS | November 2025 | 1.1.70290103
Release details
| Build | Release Date |
|---|---|
| 1.1.70290103 | November 6, 2025 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| User feedback & Telemetry | An improved user feedback experience: See Key Changes - November 2025 for details. Added Landscape mode UI support for the Defender app. Added telemetry features to improve app performance monitoring and detect specific scenarios, such as entering landscape mode or invalid authentication attempts. |
iOS | October 2025 | 1.1.70230101, 1.1.69250104
Release details
| Build | Release Date |
|---|---|
| 1.1.70230101 | October 26, 2025 |
| 1.1.69250104 | October 7, 2025 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Compliance & UX | Simplified return to compliance experience in iOS/iPadOS. See the Blog for more information. Refreshed the Defender app with a new icon. |
| Kerberos SSO & Performance | Global Secure Access Kerberos SSO support on iOS (Preview): Kerberos SSO experience for users on iOS devices with Global Secure Access is now supported. On iOS, to create and deploy profile. See Single sign-on app extension. Performance Improvement and Bug fixes. |
iOS | September 2025 | 1.1.68200103
Release details
| Build | Release Date |
|---|---|
| 1.1.68200103 | September 4, 2025 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Secure Web Gateway | Global Secure Access Internet Profile Support for iOS (Preview) - Enables organizations to protect access to internet and SaaS apps with an identity-based Secure Web Gateway, blocking threats, unsafe content, and malicious traffic from the iPhone and iPads. |
iOS | August 2025 | 1.1.68140102
Release details
| Build | Release Date |
|---|---|
| 1.1.68140102 | August 19, 2025 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| Notifications & Performance | Fixed push notification bug to ensure heartbeat signals are sent reliably. Performance improvements and bug fixes. |
iOS | July 2025 | 1.1.67040101
Release details
| Build | Release Date |
|---|---|
| 1.1.67040101 | July 8, 2025 |
Enhancements and features
| Feature area | Update summary |
|---|---|
| UX | UX Improvement. For more information, see iOS UX Experience. |
Microsoft Defender Antivirus releases
For more information about Microsoft Defender Antivirus updates, see Microsoft Defender Antivirus security intelligence product updates and support.
Windows Antivirus | January 2026 | Platform 4.18.26010.5 | Engine 1.1.26010.1
Release details
| Component | Version | Date |
|---|---|---|
| Platform | 4.18.26010.5 | February 9, 2026 |
| Engine | 1.1.26010.1 | February 3, 2026 |
| Security intelligence1 | 1.445.6.0 | February 9, 2026 |
| Support phase | Security and Critical Updates | - |
1The security intelligence version listed here is relevant to the listed engine release. Newer versions of security intelligence are released regularly. For more information, see Security intelligence updates for Microsoft Defender Antivirus and other Microsoft anti-malware.
Enhancements and features
- Improved performance for Control Folder Access (CFA) when protected folders don't include network folders.
- Fixed proxy issue in the MdeNpDiag utility in the MDEClientAnalyzer support tool.
- Fixed an issue where syntax errors for contextual exclusions could lead to an engine crash.
- Fixed policy incompatibility that prevented unblocking engine updates.
- Fixed regression in the registry service path for the Core service.
- Improved detection in OLEstream objects.
- Fixed race condition during service initialization to read Tamper protection status.
Windows Antivirus | November 2025 | Platform 4.18.25110.6 | Engine 1.1.25110.1
Release details
| Component | Version | Date |
|---|---|---|
| Platform | 4.18.25110.6 | December 17, 2025 |
| Engine | 1.1.25110.1 | December 11, 2025 |
| Security intelligence1 | 1.443.6.0 | December 17, 2025 |
| Support phase | Security and Critical Updates | - |
1The security intelligence version listed here is relevant to the listed engine release. Newer versions of security intelligence are released regularly. For more information, see Security intelligence updates for Microsoft Defender Antivirus and other Microsoft anti-malware.
Enhancements and features
| Feature area | Update summary |
|---|---|
| Performance | Performance improvements when querying WMI due to Behavior Monitor detections. |
| PowerShell compatibility | Fixed potential hang in PowerShell on Server 2016 due to Defender Filter Driver. |
| Application compatibility | Resolved an application compatibility issue due to a loopback with SMB1 enabled. |
| Attack Surface Reduction | Fixed issue with ASR path exclusion requiring extra "" characters to function appropriately. |
| Network Inspection | Resolved high I/O issue with NisSrv.exe due to high volume of network logging events. |
| Threat enumeration | Fixed error in threat enumeration causing repeated failure notifications every 15 minutes in SCCM. |
| Drive mapping | Improved drive mapping enumeration for devices with many drives, which resulted in false positive detections for ASR rules. |
| Service stability | Fixed a crash with Defender related to long scan times causing the service to hang in Windows Server 2019. |
Windows Antivirus | October 2025 | Platform 4.18.25100.9008 | Engine 1.1.25100.9002
Release details
| Component | Version | Date |
|---|---|---|
| Platform | 4.18.25100.9008 | November 17, 2025 |
| Engine | 1.1.25100.9002 | November 6, 2025 |
| Security intelligence1 | 1.441.131.0 | November 17, 2025 |
| Support phase | Security and Critical Updates | - |
1The security intelligence version listed here is relevant to the listed engine release. Newer versions of security intelligence are released regularly. For more information, see Security intelligence updates for Microsoft Defender Antivirus and other Microsoft anti-malware.
Enhancements and features
| Feature area | Update summary |
|---|---|
| Network Inspection Service | Fixed Network Inspection Service stability issue: The service now correctly restarts when memory usage exceeds the threshold, which prevents the service from getting stuck in a faulty or pending state. |
| Anti-malware Service | Reduced startup delay for Anti-malware Service: Improved Defender service startup time by removing its dependency on Core Service startup. This change improves overall system startup performance. |
| x86 compatibility | Fixed crash in Defender settings on x86 devices: Corrected an issue that caused the system to crash when applying Defender configuration settings on 32-bit machines. |
| Service startup | Fixed Defender startup issue: The platform no longer crashes when processing invalid Attack Surface Reduction rule exclusions. |
| System resources | Reduced system resource usage: Defender no longer generates excessive Data Loss Prevention (DLP) logs that caused high disk activity, improving overall performance and stability. |