Skip to main content
🦉
Message CenterMicrosoft 365 Updates
HomePermissionsTenant FinderPortfolio
🦉
M365 Message Centerby Cengiz YILMAZ

Track the latest updates, features, and announcements for Microsoft 365 services. Comprehensive archive of service updates and important changes.

Quick Links

HomePermissionsTenant FinderPortfolio

Connect

© 2026 M365 Message Center. Created with ❤ by Cengiz YILMAZ

Data sourced from Microsoft 365 Message Center • Not affiliated with Microsoft

  1. Home
  2. /
  3. MC1227621

Microsoft Defender Antivirus: Change to exclusion storage when using MDE security settings management

Plan for Change
Major Change

Message ID

MC1227621
View in Admin Center

Services

Microsoft Defender XDR

Summary

Starting March 2026, Microsoft Defender Antivirus with MDE security settings will stop storing readable exclusions in the local registry. Organizations must use PowerShell cmdlets like Get-MpPreference to retrieve settings. Registry-based monitoring will no longer work; update scripts and notify teams accordingly.

Details

Updated February 13, 2026: We have updated the content. Thank you for your patience. 

Introduction

Microsoft Defender Antivirus on Windows is updating how antivirus configuration settings, such as exclusions, are stored when Microsoft Defender for Endpoint (MDE) security settings management is enabled. Starting with platform release 4.18.25110.6, devices using MDE security settings management will no longer store readable exclusion values in the local device registry. Organizations must retrieve configuration using supported Microsoft Defender PowerShell cmdlets, such as Get-MpPreference.

When this will happen:

General Availability (Worldwide): We will begin rolling out early March 2026 and expect to complete by late March 2026.

How this affects your organization:

Who is affected:

  • Organizations using Microsoft Defender for Endpoint security settings management.
  • Admins or tools relying on registry-based monitoring of antivirus settings.

What will happen:

  • Defender antivirus configuration, such as exclusions, values will no longer be readable from the local device registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender. As such registry‑based extractions will no longer be supported.
  • Supported Microsoft Defender PowerShell cmdlets (such as Get-MpPreference) will become the required method to retrieve antivirus configuration settings.
  • Devices not using MDE configuration management are not affected.
  • The feature is on by default for tenants using MDE configuration management.

What you can do to prepare:

  • Update monitoring workflows and scripts to use supported PowerShell cmdlets such as:
    • Get-MpPreference
    • Get-MpComputerStatus
  • Review internal documentation on retrieving antivirus settings.
  • Notify helpdesk or monitoring teams that registry-based queries will no longer return exclusion data.

Learn more: Troubleshoot Microsoft Defender Antivirus settings - Microsoft Defender for Endpoint | Microsoft Learn (will be updated to reflect this change)

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

Timeline

Published
Feb 6, 2026
Message published to Message Center
Updated
Feb 13, 2026
Message content updated
End Date
May 1, 2026
Message timeline ends

Tags

#Updated message#Feature update#Admin impact

Category

Plan for Change

Related Messages

Similar updates

MC1192257●

Microsoft Defender Threat Intelligence: Convergence with Microsoft Defender and Microsoft Sentinel

Dec 5, 2025
MC1237728

Advanced Hunting: new actions to block attachments and top-level URL domains

Feb 23, 2026
MC1220762●

Retirement notice: MDE and XDR Advanced Hunting APIs retiring; migrate to Microsoft Graph Security API

Jan 22, 2026
MC1052160●

Microsoft Defender XDR services: Changes to the IdentityInfo table in Advanced Hunting

Apr 10, 2025
MC912708●

Microsoft Defender for Identity: "Alert notifications" feature will retire starting in November 2024

Oct 17, 2024