Merge pull request #4367 from MicrosoftDocs/main

m365-skilling-repo-management[bot] · web-flow · commit 3c687547ded8 · 2025-06-29T14:32:47.000Z
[AutoPublish] main to live - 06/29 07:30 PDT | 06/29 20:00 IST
diff --git a/ATPDocs/ops-guide/ops-guide.md b/ATPDocs/ops-guide/ops-guide.md
@@ -13,7 +13,7 @@ This article summarizes the Microsoft Defender for Identity activities we recomm
 
 |Cadence  |Tasks  |
 |---------|---------|
-|**Daily**     | - [Triage incidents by priority](ops-guide-daily.md#triage-incidents-by-priority) <br> - [Investigate users with a high investigation score](ops-guide-daily.md#investigate-users-with-a-high-investigation-score) <br>- [Configure tuning rules for benign true positives / false positive alerts](ops-guide-daily.md#configure-tuning-rules-for-benign-true-positives--false-positive-alerts)<br> - [Review the ITDR dashboard](ops-guide-daily.md#review-the-itdr-dashboard) <br>- [Proactively hunt](ops-guide-daily.md#proactively-hunt) <br> - [Review Defender for Identity health issues](ops-guide-daily.md#review-defender-for-identity-health-issues)   |
+|**Daily**     | - [Triage incidents by priority](ops-guide-daily.md#triage-incidents-by-priority) <br>- [Configure tuning rules for benign true positives / false positive alerts](ops-guide-daily.md#configure-tuning-rules-for-benign-true-positives--false-positive-alerts)<br> - [Review the ITDR dashboard](ops-guide-daily.md#review-the-itdr-dashboard) <br>- [Proactively hunt](ops-guide-daily.md#proactively-hunt) <br> - [Review Defender for Identity health issues](ops-guide-daily.md#review-defender-for-identity-health-issues)   |
 |**Weekly**     |- [Review Secure score recommendations](ops-guide-weekly.md#review-secure-score-recommendations) <br>  - [Review and respond to emerging threats](ops-guide-weekly.md#review-and-respond-to-emerging-threats) <br>- [Proactively hunt](ops-guide-weekly.md#proactively-hunt)   |
 |**Monthly**     | - [Review tuned alerts and adjust tuning if needed](ops-guide-monthly.md#review-tuned-alerts-and-adjust-tuning-if-needed) <br> - [Track new changes in Microsoft Defender XDR and Defender for Identity](ops-guide-monthly.md#track-new-changes-in-microsoft-defender-xdr-and-defender-for-identity)     |
 | **Quarterly / Ad hoc** <br>Depending on your organization's needs and processes | - [Review Microsoft service health](ops-guide-quarterly.md#review-microsoft-service-health) <br> - [Review server setup process to include sensors](ops-guide-quarterly.md#review-server-setup-process-to-include-sensors) <br>- [Check domain configuration via PowerShell](ops-guide-quarterly.md#check-domain-configuration-via-powershell) |
diff --git a/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus.md b/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus.md
@@ -81,7 +81,7 @@ Each source has typical scenarios that depend on how your network is configured,
 |---|---|
 |Windows Server Update Service|You're using Windows Server Update Service to manage updates for your network.|
 |Microsoft Update|You want your endpoints to connect directly to Microsoft Update. This option is useful for endpoints that irregularly connect to your enterprise network, or if you don't use Windows Server Update Service to manage your updates.|
-|File share|You have devices that aren't connected to the Internet (such as virtual machines, or VMs). You can use your Internet-connected VM host to download the updates to a network share, from which the VMs can obtain the updates. See the [VDI deployment guide](deployment-vdi-microsoft-defender-antivirus.md) for how file shares are used in virtual desktop infrastructure (VDI) environments.|
+|UNC Share|You have devices that aren't connected to the Internet (such as virtual machines, or VMs). You can use your Internet-connected VM host to download the updates to a network share, from which the VMs can obtain the updates. See the [VDI deployment guide](deployment-vdi-microsoft-defender-antivirus.md) for how file shares are used in virtual desktop infrastructure (VDI) environments. Platform updates can also be deployed using this method. |
 |Microsoft Endpoint Configuration Manager|You're using Microsoft Endpoint Configuration Manager to update your endpoints.|
 |Security intelligence updates and platform updates for Microsoft Defender Antivirus and other Microsoft anti-malware (formerly referred to as MMPC)|[Make sure devices are updated to support SHA-2](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). Microsoft Defender Antivirus Security intelligence and platform updates are delivered through Windows Update. As of October 21, 2019, security intelligence updates and platform updates are SHA-2 signed exclusively. <br/>Download the latest protection updates because of a recent infection or to help provision a strong, base image for [VDI deployment](deployment-vdi-microsoft-defender-antivirus.md). This option should be used only as a final fallback source, and not the primary source. It's only to be used if updates can't be downloaded from Windows Server Update Service or Microsoft Update for [a specified number of days](manage-outdated-endpoints-microsoft-defender-antivirus.md#set-the-number-of-days-before-protection-is-reported-as-out-of-date).|
 
@@ -274,6 +274,32 @@ On a Windows File Server set up a network file share (UNC/mapped drive) to downl
     > [!NOTE]
     > Do not add the x64 (or x86) folder in the path. The `mpcmdrun.exe` process adds it automatically.
 
+## Enable platform updates using UNC share
+
+To enable platform updates using UNC share, download KB4052623 and copy it into the architecture folders as `updateplatform.exe`. These files are updated monthly and need to get manually updated by you.
+
+KB4052623 is available for the following architectures:
+
+* [x86](https://go.microsoft.com/fwlink/?LinkID=870379&clcid=0x409&arch=x86)
+
+* [amd64](https://go.microsoft.com/fwlink/?LinkID=870379&clcid=0x409&arch=x64)
+
+* [arm64](https://go.microsoft.com/fwlink/?LinkID=851034&clcid=0x409&arch=arm64) 
+
+**Example structure**
+
+```dos
+[UNC Share]\ 
+    x86\ 
+       mpam-fe.exe 
+       mpam-d.exe 
+       updateplatform.exe 
+    x64\ 
+       mpam-fe.exe 
+       mpam-d.exe 
+       updateplatform.exe 
+```
+
 ## Related articles
 
 - [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md)
diff --git a/defender-endpoint/microsoft-defender-antivirus-updates.md b/defender-endpoint/microsoft-defender-antivirus-updates.md
@@ -71,6 +71,7 @@ You can manage the distribution of updates through one of the following methods:
 - [Windows Server Update Service (WSUS)](/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus)
 - [Microsoft Configuration Manager](/configmgr/sum/understand/software-updates-introduction)
 - The usual methods you use to deploy Microsoft and Windows updates to endpoints in your network.
+- UNC Share
 
 For more information, see [Manage the sources for Microsoft Defender Antivirus protection updates](/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus).
 
