Skip to main content
  • EN

Following on from the CrowdStrike Channel File 291 Incident and the subsequent crashing of Windows Systems and recovery efforts, it is a timely reminder of testing the deploying of updates before it is released more widely. Unfortunately, there was not a lot anyone could do with the CrowdStrike issue, due to the way the Channel File 291 update was released.  

On that note, if Microsoft Defender is being utilised within your environment, you can easily control the rollout process of latest updates for the following Microsoft Defender Components: 

  • Engine Updates 

  • Platform Updates 

  • Security Intelligence Updates 

Via GPO 

If ADMX Templates have not been updated recently, grab the latest Windows Defender Templates from https://github.com/microsoft/defender-updatecontrols and import them into your AD environment.  

Navigate to: 

Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus 

The settings are: 

  • Select the channel for Microsoft Defender monthly engine updates 

  • Select the channel for Microsoft Defender monthly platform updates 

  • Select the channel for Microsoft Defender daily security intelligence updates 

More information on what the different channels offer can be found here: https://learn.microsoft.com/en-us/defender-endpoint/manage-gradual-rollout#update-channels-for-monthly-updates  

 

Via Intune 

In Microsoft Intune Admin Center > Devices > Windows > Configuration > Create > New Policy.  

In the blade that appears, select the following: 

  • Platform: Windows 10 and later 

  • Profile type: Settings Catalog 

  • Click ‘Create’ 

 On the next step, give this Policy a descriptive name and ‘Add Settings.’ In the blade that appears, search for ‘Channel’ and in the list that appears, select ‘Defender.’ Tick the desired option and then from the drop down, select the required update channel 

Next, assign some test devices to ensure that no issues appear and subsequently increase the scope of devices to apply the settings to.  

I would recommend creating multiple policies with different update channels and deploying them to a subset of devices as recommended and per organisational requirements. 

 

Resources: 

If you have any questions, please let me know. 

Very interesting as I didn't know this about Defender.  Really great read.  Thanks for sharing.

Thanks for sharing! Many customers will still be using GPOs instead of intune for the near future so thank you for the templates link!

Thanks for sharing @dips !
Very usefull !

Welcome! Hope it's useful to everyone!

Thanks for providing this useful article @dips. I will also inform my colleagues in the Microsoft sector about it. 
 

Welcome @Dynamic :) 

Thank you @dips , this is something that is good to know and must be implemented properly.

Comment


Terms & Conditions