Microsoft has successfully addressed a significant issue affecting various features of Microsoft 365 Defender, now referred to as Defender XDR, which arose following the installation of July’s Windows Server updates. This enterprise defense suite is designed to enhance an organization’s ability to detect, prevent, investigate, and respond to security incidents across endpoints, identities, email, and applications.
Impact on Windows Server 2022
The problem specifically impacted systems running Windows Server 2022, primarily disrupting the Network Detection and Response (NDR) service. This disruption also had a cascading effect on other Defender functionalities that depend on the NDR service for data collection, including Incident Response and Device Inventory.
In an update shared on the Windows release health dashboard, Microsoft confirmed, “This issue was resolved by Windows updates released August 13, 2024 (KB5041160), and later.” The company strongly advises users to install the latest updates, emphasizing that they contain crucial improvements and resolutions for various issues, including the one at hand.
Monitoring System Health
Windows administrators can verify whether their systems are affected by this issue by checking the service health page within the Microsoft 365 admin center for any new alerts.
Additional Fixes and Ongoing Challenges
In a related development, Microsoft has also rectified another known issue that was causing LPD printing jobs to fail across Windows Server 2022, 2019, and 2016 systems after the July 2024 security updates were applied. Furthermore, an emergency fix was deployed in May for Windows Server 2019 to resolve a bug that resulted in 0x800f0982 errors following the May 2024 Patch Tuesday security updates.
Earlier in the same month, Microsoft tackled several known issues that disrupted VPN connections across both client and server platforms, led to unexpected reboots of domain controllers, and caused NTLM authentication failures after the installation of April’s Windows Server security updates.
Despite these efforts, Microsoft continues to address a lingering bug that emerged from last month’s updates, which affects remote desktop connections on systems running Windows Server 2012 and later. This issue manifests intermittently, with users experiencing logon session losses approximately every 30 minutes, necessitating reconnections to the server. “This issue might occur intermittently,” the company noted, highlighting the ongoing challenge for users relying on the legacy protocol (Remote Procedure Call over HTTP) in Remote Desktop Gateway.