You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/mde-sdp-strategy.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: emmwalshh
6
6
ms.author: ewalsh
7
7
ms.reviewer: yongrhee
8
8
manager: deniseb
9
-
ms.date: 09/16/2024
9
+
ms.date: 04/29/2025
10
10
ms.topic: conceptual
11
11
ms.service: defender-endpoint
12
12
ms.subservice: ngp
@@ -21,7 +21,7 @@ ms.collection:
21
21
22
22
<!-- Added introductory text to emphasize why updates are important. Mirrors language from https://techcommunity.microsoft.com/blog/microsoftdefenderatpblog/microsoft-defender-for-endpoint%e2%80%99s-safe-deployment-practices/4220342 -->
23
23
24
-
Microsoft Defender for Endpoint helps protect organizations against sophisticated adversaries while optimizing for resiliency, performance, and compatibility, following [best practices for managing security tools in Windows](https://www.microsoft.com/en-us/security/blog/2024/07/27/windows-security-best-practices-for-integrating-and-managing-security-tools/). Keeping Microsoft Defender for Endpoint up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques.
24
+
Microsoft Defender for Endpoint helps protect organizations against sophisticated adversaries while optimizing for resiliency, performance, and compatibility, following [best practices for managing security tools in Windows](https://www.microsoft.com/en-us/security/blog/2024/07/27/windows-security-best-practices-for-integrating-and-managing-security-tools/). Keeping Microsoft Defender for Endpoint up to date is essential to ensure your devices have the latest technology and features needed to protect against new malware and attack techniques.
25
25
26
26
Microsoft follows safe deployment practices (SDP) to deliver critical new product capabilities while minimizing the risk of updates having unexpected impacts to endpoint performance and availability. This article describes Defender for Endpoint's approach to SDP and how customers can manage their own roll-out processes to add extra layers of control to meet their own business, technical, and security requirements.
27
27
@@ -39,15 +39,15 @@ Defender for Endpoint applies SDP to two distinct update mechanisms:
39
39
40
40
Defender for Endpoint releases monthly software and driver updates that add new functionality, improve existing features, and resolve bugs.
41
41
42
-
Defender for Endpoint's kernel drivers capture system-wide signals like process execution, file creation, and network activity. These drivers are updated through Windows Update, over a gradual and staged deployment process after spending weeks in stabilization and testing. The deployment evaluation monitors key metrics like reliability, performance, battery, application compatibility, and more across hardware and software configurations.
42
+
Defender for Endpoint's kernel drivers captures system-wide signals like process execution, file creation, and network activity. These drivers are updated through Windows Update, over a gradual and staged deployment process after spending weeks in stabilization and testing. The deployment evaluation monitors key metrics like reliability, performance, battery, application compatibility, and more across hardware and software configurations.
43
43
44
44
The process for rolling out software and driver updates for Defender for Endpoint is shown in this image:
45
45
46
46
:::image type="content" alt-text="Screenshot that shows the process for rolling out software and driver updates for Defender for Endpoint." source="/defender/media/defender-endpoint/mde-software-driver-updates.png" lightbox="/defender/media/defender-endpoint/mde-software-driver-updates.png":::
47
47
48
48
### Microsoft SDP for monthly updates
49
49
50
-
All code and content changes go through engineering release gates along with extensive validations and stability testing. After the certification and validation process, Microsoft ships the updates through multiple groups of devices known as stabilization rings. The first stabilization ring targets Microsoft's hundreds of thousands of employees and millions of internal devices. This helps ensure Microsoft discovers and addresses issues first, before customers.
50
+
All code and content changes go through engineering release gates along with extensive validations and stability testing. After the certification and validation process, Microsoft ships the updates through multiple groups of devices known as stabilization rings. The first stabilization ring targets Microsoft's hundreds of thousands of employees and millions of internal devices. This helps ensure your devices are equipped with the latest technology and features necessary to defend against emerging malware and attack techniques.
51
51
52
52
Within each ring, Microsoft closely monitors quality signals such as product behavior and performance, false positives, as well as functional and reliability issues, before proceeding to roll out the update to a broader set of devices.
0 commit comments