Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes Microsoft Defender for Endpoint features that are in preview or generally available (GA) in the latest release.
Learn more:
- What's new in Microsoft Defender for Endpoint on other operating systems and services
- Preview features
October 2025
| Feature | Preview/GA | Description | 
|---|---|---|
| Streamlined connectivity support for US government environments (GCC, GCC High, DoD) | Preview | Defender for Endpoint now supports streamlined connectivity for US government cloud environments. This enhancement simplifies onboarding by reducing the number of required service endpoints and improves reliability across restricted networks. For more information, see the required connectivity settings. | 
| Isolation exclusions | GA | The Isolation exclusions feature is now generally available. Isolation exclusions allow designated processes or endpoints to bypass the restrictions of network isolation, ensuring essential functions continue while limiting broader network exposure. | 
August 2025
| Feature | Preview/GA | Description | 
|---|---|---|
| Configure offline security intelligence updates for Microsoft Defender for Endpoint on macOS | Preview | Enables organizations to update security intelligence (antivirus definitions/signatures) on macOS endpoints offline from a local mirror server. | 
July 2025
| Feature | Preview/GA | Description | 
|---|---|---|
| Azure Stack HCI OS support (version 23H2 and later) | Preview | Added support for Azure Stack HCI OS, version 23H2 and later. Support for Azure Stack HCI OS is rolling out across commercial and government clouds. | 
| Microsoft Defender Core service | GA | Microsoft Defender Core service, now in GA, helps with the stability and performance of Microsoft Defender Antivirus. | 
April 2025
| Feature | Preview/GA | Description | 
|---|---|---|
| Contain IP addresses of undiscovered devices | Preview | Containing an IP address prevents attackers from spreading attacks to other noncompromised devices. | 
| Attack Surface Reduction (ASR) Rules | GA | Two new ASR rules are now generally available: - Block rebooting machine in Safe Mode: Prevents the execution of commands to restart machines in Safe Mode. - Block use of copied or impersonated system tools: Blocks the use of executable files that are identified as copies of Windows system tools. These files are either duplicates or impostors of the original system tools. | 
| ARM64-based Linux server support | GA | - Defender for Endpoint now supports ARM64-based Linux servers on Ubuntu, RHEL, Debian, SUSE Linux, Amazon Linux, and Oracle Linux. - All product capabilities that are supported on AMD64 devices are now supported on ARM64-based Linux servers. For more information, see: - Tech Community Blog: Defender for Endpoint extends support to ARM-based Linux servers - Microsoft Defender for Endpoint on Linux | 
February 2025
| Feature | Preview/GA | Description | 
|---|---|---|
| Aggregated reporting in Microsoft Defender for Endpoint | GA | Aggregated reporting extends signal reporting intervals to significantly reduce the size of reported events while preserving essential event properties. | 
November-December 2024
| Feature | Preview/GA | Description | 
|---|---|---|
| New demonstration scenarios | GA | Five new demonstration scenarios are available: - AMSI demos - Cloud protection demo - Controlled folder access (block ransomware) demo - Endpoint detection and response (EDR) detection test - URL reputation (SmartScreen) demo | 
August 2024
| Feature | Preview/GA | Description | 
|---|---|---|
| Network protection feature enabled by default on Android | GA | Users now see a network protection card in the Android app, along with App Protection and Web Protection. | 
July 2024
| Feature | Preview/GA | Description | 
|---|---|---|
| Monitor OT devices in the device inventory | Preview | You can now monitor OT devices in addition to IoT devices in the device inventory, as part of the integration with Microsoft Defender for IoT in the Defender portal. - Added the All devices tab and renamed the IoT devices tab to IoT/OT devices. - Added Device type, Device subtype, Vendor, Model, and Site filters and columns to the device inventory. Some filters are only visible on specific tabs and only for customers with a Defender for IoT license. Learn more. - Added ability to search Mac devices and Mac addresses. - Added a system tag showing the production site name (read only), used for the Defender for IoT site security feature, as part of the device group. Note: If OT devices are discovered but a Defender for IoT license isn't set up, the device inventory displays partial data and a message indicating the number of unprotected OT devices. Learn more about the initial device inventory view with detected OT devices. | 
| Learning hub resources moved | GA | Learning hub resources have moved from the Microsoft Defender portal to free.blessedness.top. - Access Microsoft Defender XDR Ninja training, learning paths, training modules and more. - Browse the list of learning paths, and filter by product, role, level, and subject. | 
What's new in Defender for Endpoint on other operating systems and services
| Platform/service | Link | 
|---|---|
| Windows | What's new in Defender for Endpoint on Windows | 
| macOS | What's new in Defender for Endpoint on macOS | 
| Linux | What's new in Defender for Endpoint on Linux | 
| Android | What's new in Defender for Endpoint on Android | 
| iOS | What's new in Defender for Endpoint on iOS | 
| Microsoft Defender XDR | What's new in Microsoft Defender XDR | 
| Microsoft Defender for Office 365 | What's new in Microsoft Defender for Office 365 | 
| Microsoft Defender for Identity | What's new in Microsoft Defender for Identity | 
| Microsoft Defender for Cloud Apps | What's new in Microsoft Defender for Cloud Apps | 
| Microsoft Defender Vulnerability Management | What's new in Microsoft Defender Vulnerability Management |