Skip to Content

MC1227621 Microsoft Defender Antivirus: Change to exclusion storage when using MDE configuration management

By: Author Alex Lim

Posted on

Categories Update

Home » Update » MC1227621 Microsoft Defender Antivirus: Change to exclusion storage when using MDE configuration management

Summary

  • Microsoft Defender Antivirus will stop storing readable exclusion values in the local registry when MDE configuration management is enabled.
  • Organizations must use PowerShell cmdlets like Get-MpPreference to retrieve antivirus configuration settings.
  • Registry-based monitoring of antivirus settings will no longer be supported.
  • Devices not using MDE configuration management will not be affected by this change.
  • Admins should update workflows and scripts and inform support teams about the impact on registry-based queries.

Admin Impact: Medium
User Impact: Low
Release Start: 01 Mar 2026
Release End: 31 Mar 2026
Services: Defender XDR
Category: Plan for change
Tags: Feature Update, Admin Action

History

2/6/2026 Item Added to Message Center

Microsoft Message

Introduction

Microsoft Defender Antivirus on Windows is updating how antivirus configuration settings, such as exclusions, are stored when Microsoft Defender for Endpoint (MDE) configuration management is enabled. Starting with platform release 4.18.25110.6, devices using MDE configuration management will no longer store readable exclusion values in the local device registry. Organizations must retrieve configuration using supported Microsoft Defender PowerShell cmdlets, such as Get-MpPreference.

When this will happen

General Availability (Worldwide): We will begin rolling out early March 2026 and expect to complete by late March 2026.

How this affects your organization

Who is affected:

  • Organizations using Microsoft Defender for Endpoint configuration management.
  • Admins or tools relying on registry-based monitoring of antivirus settings.

What will happen:

  • Antivirus exclusion values will no longer be readable from the local device registry.
  • Registry‑based extraction of exclusions will no longer be supported.
  • Supported Microsoft Defender PowerShell cmdlets (such as Get-MpPreference) will become the required method to retrieve antivirus configuration settings.
  • Devices not using MDE configuration management are not affected.
  • The feature is on by default for tenants using MDE configuration management.

What you can do to prepare

  • Update monitoring workflows and scripts to use supported PowerShell cmdlets such as:
    • Get-MpPreference
    • Get-MpComputerStatus
  • Review internal documentation on retrieving antivirus settings.
  • Notify helpdesk or monitoring teams that registry-based queries will no longer return exclusion data.

Learn more: Troubleshoot Microsoft Defender Antivirus settings – Microsoft Defender for Endpoint | Microsoft Learn (will be updated to reflect this change)

Compliance considerations

No compliance considerations identified, review as appropriate for your organization.