Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreig7ocmtfoghibkfs3eoebtxapim4awanuo3kwc77grvfw677f527y",
    "uri": "at://did:plc:xxrzfynfiasdpbxteqxi4jgq/app.bsky.feed.post/3mea7qm7dxrj2"
  },
  "description": "Starting March 2026, Microsoft Defender Antivirus with MDE configuration management will stop storing readable exclusion values in the local registry. Organizations must use supported PowerShell cmdlets like Get-MpPreference to retrieve antivirus settings. Registry-based monitoring will no longer...",
  "path": "/m365-message-center/message/mc1227621/",
  "publishedAt": "2026-02-07T01:00:03.000Z",
  "site": "https://blog.tophhie.cloud",
  "tags": [
    "Troubleshoot Microsoft Defender Antivirus settings - Microsoft Defender for Endpoint | Microsoft Learn"
  ],
  "textContent": "🚨\n\n**Major Update:** This post contains a significant change that may impact your organisation.\n\n**[Introduction]**\n\nMicrosoft Defender Antivirus on Windows is updating how antivirus configuration settings, such as exclusions, are stored when **Microsoft Defender for Endpoint (MDE)** configuration management is enabled. Starting with platform release **4.18.25110.6** , devices using MDE configuration management will no longer store readable exclusion values in the local device registry. Organizations must retrieve configuration using supported Microsoft Defender PowerShell cmdlets, such as **Get-MpPreference**.\n\n**[When this will happen:]**\n\nGeneral Availability (Worldwide): We will begin rolling out **early March 2026** and expect to complete by **late March 2026**.\n\n**[How this affects your organization:]**\n\n**Who is affected:**\n\n  * Organizations using **Microsoft Defender for Endpoint configuration management**.\n  * Admins or tools relying on **registry-based monitoring** of antivirus settings.\n\n\n\n**What will happen:**\n\n  * Antivirus exclusion values will **no longer be readable** from the local device registry.\n  * Registry‑based extraction of exclusions will no longer be supported.\n  * Supported Microsoft Defender PowerShell cmdlets (such as **Get-MpPreference**) will become the **required** method to retrieve antivirus configuration settings.\n  * Devices not using MDE configuration management are **not affected**.\n  * The feature is **on by default** for tenants using MDE configuration management.\n\n\n\n**[What you can do to prepare:]**\n\n  * Update monitoring workflows and scripts to use supported PowerShell cmdlets such as:\n    * `Get-MpPreference`\n    * `Get-MpComputerStatus`\n  * Review internal documentation on retrieving antivirus settings.\n  * Notify helpdesk or monitoring teams that registry-based queries will no longer return exclusion data.\n\n\n\nLearn more: Troubleshoot Microsoft Defender Antivirus settings - Microsoft Defender for Endpoint | Microsoft Learn (will be updated to reflect this change)\n\n**[Compliance considerations:]**\n\nNo compliance considerations identified, review as appropriate for your organization.",
  "title": "MC1227621: Microsoft Defender Antivirus: Change to exclusion storage when using MDE configuration management",
  "updatedAt": "2026-02-07T01:00:03.000Z"
}