Microsoft defender for endpoints
Question
How often MS releases the security intelligence updates in a day? any document to refer to will help.
Also what is the method to uninstall security intelligence updates from Windows and mac devices (using jamf pro)
Answer ( 1 )
There are five locations where you can specify where an endpoint should obtain updates.
More details https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus?view=o365-worldwide
Microsoft Update
Windows Server Update Service
Microsoft Endpoint Configuration Manager
Network file share
Security intelligence updates for Microsoft Defender Antivirus and other Microsoft anti-malware
I have not been close to Jamf update and macOS updates of a defender but this is what I can see. The Jamf will be configuring these policies on end-user devices.
To update Microsoft Defender for Endpoint on macOS, a program named Microsoft AutoUpdate (MAU) is used. By default, MAU automatically checks for updates daily, but you can change that to weekly, monthly, or manually.
Following are the Defender updates available More details on https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide
Microsoft Defender update for Windows operating system installation images Review antimalware update packages for your OS installation images (WIM and VHD files). Get Microsoft Defender Antivirus updates for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, Windows Server 2022, and Windows Server 2016 installation images.
Manage how protection updates are downloaded and applied Protection updates can be delivered through many sources.
Manage when protection updates should be downloaded and applied You can schedule when protection updates should be downloaded.
Manage updates for endpoints that are out of date If an endpoint misses an update or scheduled scan, you can force an update or scan the next time a user signs in.
Manage event-based forced updates You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events.
Manage updates for mobile devices and virtual machines (VMs) You can specify settings, such as whether updates should occur on battery power, which is especially useful for mobile devices and virtual machines.
Microsoft Defender for Endpoint update for EDR Sensor You can update the EDR sensor (MsSense.exe) that is included in the new Microsoft Defender for Endpoint unified solution package released in 2021.