You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/mde-sdp-strategy.md
+13-6Lines changed: 13 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: emmwalshh
6
6
ms.author: ewalsh
7
7
ms.reviewer: yongrhee
8
8
manager: deniseb
9
-
ms.date: 09/16/2024
9
+
ms.date: 04/29/2025
10
10
ms.topic: conceptual
11
11
ms.service: defender-endpoint
12
12
ms.subservice: ngp
@@ -19,28 +19,35 @@ ms.collection:
19
19
20
20
# Use safe deployment practices to safeguard and manage your environment
21
21
22
-
Microsoft follows safe deployment practices (SDP) to minimize the risk of security updates having an unexpected impact. This article describes Microsoft Defender for Endpoint's approach to SDP and what customers can do to manage their own roll-out processes to add an extra layer of control.
22
+
<!-- Added introductory text to emphasize why updates are important. Mirrors language from https://techcommunity.microsoft.com/blog/microsoftdefenderatpblog/microsoft-defender-for-endpoint%e2%80%99s-safe-deployment-practices/4220342 -->
23
+
24
+
Microsoft Defender for Endpoint helps protect organizations against sophisticated adversaries while optimizing for resiliency, performance, and compatibility, following [best practices for managing security tools in Windows](https://www.microsoft.com/en-us/security/blog/2024/07/27/windows-security-best-practices-for-integrating-and-managing-security-tools/). Keeping Microsoft Defender for Endpoint up to date is essential to ensure your devices have the latest technology and features needed to protect against new malware and attack techniques.
25
+
26
+
Microsoft follows safe deployment practices (SDP) to deliver critical new product capabilities while minimizing the risk of updates having unexpected impacts to endpoint performance and availability. This article describes Defender for Endpoint's approach to SDP and how customers can manage their own roll-out processes to add extra layers of control to meet their own business, technical, and security requirements.
27
+
28
+
## Approach and update types
23
29
24
30
Microsoft Defender for Endpoint ships updates externally only after all the certification and validation tests are completed across multiple iterations of internal devices.
25
31
26
32
Defender for Endpoint applies SDP to two distinct update mechanisms:
27
33
28
-
- Software and driver updates that are updated monthly (can potentially update kernel-mode components).
29
-
- Security intelligence and detection logic updates that can be updated multiple times a day (updates only apply to user-mode components).
34
+
- Software and driver updates that are updated monthly and can potentially update kernel-mode components.
35
+
36
+
- Security intelligence and detection logic updates that can be updated multiple times a day and apply only to user-mode components.
30
37
31
38
## Monthly SDP software and driver updates
32
39
33
40
Defender for Endpoint releases monthly software and driver updates that add new functionality, improve existing features, and resolve bugs.
34
41
35
-
Defender for Endpoint's kernel drivers capture system-wide signals like process execution, file creation, and network activity. These drivers are updated through Windows Update, over a gradual and staged deployment process after spending weeks in stabilization and testing. The deployment evaluation monitors key metrics like reliability, performance, battery, application compatibility, and more across hardware and software configurations.
42
+
Defender for Endpoint's kernel drivers captures system-wide signals like process execution, file creation, and network activity. These drivers are updated through Windows Update, over a gradual and staged deployment process after spending weeks in stabilization and testing. The deployment evaluation monitors key metrics like reliability, performance, battery, application compatibility, and more across hardware and software configurations.
36
43
37
44
The process for rolling out software and driver updates for Defender for Endpoint is shown in this image:
38
45
39
46
:::image type="content" alt-text="Screenshot that shows the process for rolling out software and driver updates for Defender for Endpoint." source="/defender/media/defender-endpoint/mde-software-driver-updates.png" lightbox="/defender/media/defender-endpoint/mde-software-driver-updates.png":::
40
47
41
48
### Microsoft SDP for monthly updates
42
49
43
-
All code and content changes go through engineering release gates along with extensive validations and stability testing. After the certification and validation process, Microsoft ships the updates through multiple groups of devices known as stabilization rings. The first stabilization ring targets Microsoft's hundreds of thousands of employees and millions of internal devices. This helps ensure Microsoft discovers and addresses issues first, before customers.
50
+
All code and content changes go through engineering release gates along with extensive validations and stability testing. After the certification and validation process, Microsoft ships the updates through multiple groups of devices known as stabilization rings. The first stabilization ring targets Microsoft's hundreds of thousands of employees and millions of internal devices. This helps ensure your devices are equipped with the latest technology and features necessary to defend against emerging malware and attack techniques.
44
51
45
52
Within each ring, Microsoft closely monitors quality signals such as product behavior and performance, false positives, as well as functional and reliability issues, before proceeding to roll out the update to a broader set of devices.
0 commit comments