Defender ATP definition updates

New Automox customer/Admin here. Just onboarding my fleet and had a question about managing defender definitions. We’re a Defender ATP customer, also leveraging Intune for system/policy management. We’ve decided to offload the patching to Automox.

So I’m following this best practice article :

Question is, do you all let Automox manage your defender definitions? Or any Intune folks out there that let MS handle that? Kind of on the fence of which way to go.

I use a patch-only policy in Automox that runs daily for patching important things that never need a reboot when installed - such as Defender (KB2267602, KB915597), the Servicing Stack, and Zoom.


Patching Zoom Daily? I get why…what about browsers? Daily? Weekly?

Browsers don’t have critical vulnerabilities that often, and one of the pain points of patching browsers often (especially Firefox) is that they sometimes require the browser to restart which can be annoying to users. Personally I’d be fine with a monthly schedule for them but it’s up to you and your business’s security policy. As long as you keep an eye out on patch Tuesday for critical CVEs that might relate to browsers and then patch those right away.

Well, that’s kind of left over from when everyone was transferring to Zoom at the beginning of Covid. They were putting out security fixes constantly. They seem to have things secure and stabilized these days and that’s probably not a necessary daily update. On the other hand, since it won’t patch if it’s in use, it seems like it’s worth trying to patch it as often as possible to try and catch it when it’s not in use by your users. It’s up to you on that one, that was just my use-case.