Merge pull request #2400 from DebLanger/US544916_FIM

v-ccolin · web-flow · commit 3e21b21b998c · 2026-03-22T08:12:28.000Z
Us544916 FIM
diff --git a/articles/defender-for-cloud/file-integrity-monitoring-enable-defender-endpoint.md b/articles/defender-for-cloud/file-integrity-monitoring-enable-defender-endpoint.md
@@ -4,7 +4,7 @@ description: Learn how to enable File Integrity Monitoring when you collect data
 author: Elazark
 ms.author: elkrieger
 ms.topic: how-to
-ms.date: 06/25/2025
+ms.date: 03/22/2026
 ms.custom: sfi-image-nochange
 #customer intent: As a security administrator, I want to enable File Integrity Monitoring so that I can detect unauthorized changes to critical files.
 ---
@@ -18,9 +18,9 @@ After you enable Defender for Servers Plan 2, follow the instructions in this ar
 > [!NOTE]
 >
 > - If you use a previous version of File Integrity Monitoring with the Log Analytics agent (Microsoft Monitoring agent (MMA)) or the Azure Monitor agent (AMA), you can [migrate to the new File Integrity Monitoring experience](migrate-file-integrity-monitoring.md).
-> - From June 2025 onwards, File Integrity Monitoring powered by Microsoft Defender for Endpoint requires a minimum version. [Update the agent](#verify-defender-for-endpoint-client-version) as needed.
->   - Windows: 10.8760 or later.
->   - Linux: 30.124082 or later.
+> - File Integrity Monitoring powered by Microsoft Defender for Endpoint requires a minimum agent version. [Update the agent](#verify-defender-for-endpoint-client-version) as needed.
+>   - **Windows (legacy machines/downlevel clients)**: Defender for Servers Windows client (MDE agent) version 10.8799 or later.
+>   - **Linux**: 30.124082 or later.
 
 ## Prerequisites
 
diff --git a/articles/defender-for-cloud/file-integrity-monitoring-overview.md b/articles/defender-for-cloud/file-integrity-monitoring-overview.md
@@ -4,7 +4,7 @@ description: Learn about tracking file change with file integrity monitoring in
 author: Elazark
 ms.author: elkrieger
 ms.topic: concept-article
-ms.date: 08/12/2025
+ms.date: 03/22/2026
 ---
 
 # File integrity monitoring
@@ -34,9 +34,19 @@ File integrity monitoring uses the Microsoft Defender for Endpoint agent and age
 - Collected file integrity monitoring data is part of the [500-MB benefit included in Defender for Servers Plan 2](data-ingestion-benefit.md).
 - File integrity monitoring gives information about file and resource changes. It includes the source of the change, account details, indication of who made the changes, and information about the initiating process.
 
-### Migrate to the new version
+## Version requirements
 
-File integrity monitoring previously used the Log Analytics agent (also known as the Microsoft Monitoring agent (MMA)) or the Azure Monitor agent (AMA) to collect data. If you're using file integrity monitoring with one of these legacy methods, you can [migrate file integrity monitoring](migrate-file-integrity-monitoring.md) to use Defender for Endpoint.
+To ensure proper file integrity monitoring functionality, machines must run the **Defender for Servers Windows client (Microsoft Defender for Endpoint agent) version 10.8799 or above**. This requirement is especially important for:
+
+- Legacy Windows machines (downlevel clients)
+- Environments transitioning from MMA or AMA-based FIM
+
+> [!IMPORTANT]
+> Due to a pipeline change in Microsoft Defender for Endpoint, users with existing FIM deployments on legacy Windows machines must update their MDE agent to version 10.8799 or above to continue receiving file integrity monitoring data.
+
+### Migrate legacy AMA/MMA clients to MDE-based file integrity monitoring
+
+If you're currently using file integrity monitoring with legacy agent-based methods (Log Analytics agent/Microsoft Monitoring Agent (MMA) or Azure Monitor Agent (AMA)), you need to migrate to the MDE-based (Microsoft Defender for Endpoint) approach. This migration ensures continued functionality and access to enhanced capabilities. Learn how to [migrate file integrity monitoring](migrate-file-integrity-monitoring.md) from legacy AMA/MMA clients to the MDE-based solution.
 
 ## Configure file integrity monitoring
 
diff --git a/articles/defender-for-cloud/release-notes.md b/articles/defender-for-cloud/release-notes.md
@@ -2,7 +2,7 @@
 title: What's new in Microsoft Defender for Cloud features
 description: What's new and updated in Microsoft Defender for Cloud features
 ms.topic: overview
-ms.date: 03/11/2026
+ms.date: 03/22/2026
 ---
 
 # What's new in Defender for Cloud features
@@ -31,13 +31,28 @@ This article summarizes what's new in Microsoft Defender for Cloud. It includes
 
 | Date | Category | Update |
 | -------- | -------- | -------- |
+| March 22, 2026| Update | [File Integrity Monitoring requires MDE agent version 10.8799+ for legacy Windows machines](#file-integrity-monitoring-requires-mde-agent-version-108799-for-legacy-windows-machines) |
 | March 12, 2026 | GA | [Kubernetes gated deployment support for AKS Automatic (GA)](#kubernetes-gated-deployment-support-for-aks-automatic-ga) |
 | March 11, 2026 | GA| [Severity‑based risk assignment for "Not evaluated" recommendations](#severitybased-risk-assignment-for-not-evaluated-recommendations) |
 | March 10, 2026| Preview |[Code to runtime enrichment for recommendations](#code-to-runtime-enrichment-for-recommendations-preview)|
 | March 10, 2026 | Preview | [On-demand malware scanning of Azure Files in Microsoft Defender for Storage](#on-demand-malware-scanning-of-azure-files-in-microsoft-defender-for-storage-preview) |
 | March 04, 2026 | Deprecation | [Deprecation of preview of container and container images vulnerability recommendations](#deprecation-of-preview-of-container-and-container-images-vulnerability-recommendations) |
 | March 04, 2026 | Preview |[New individual recommendations format in Azure portal (Preview)](#new-individual-recommendations-format-in-azure-portal-preview)|
 
+### File Integrity Monitoring requires MDE agent version 10.8799+ for legacy Windows machines
+
+March 22, 2026
+
+Due to a pipeline change in Microsoft Defender for Endpoint (MDE), File Integrity Monitoring now requires the **Defender for Servers Windows client (Microsoft Defender for Endpoint agent) version 10.8799 or above** for proper functionality on legacy Windows machines (downlevel clients).
+
+**Key details:**
+
+- **Affected systems**: Legacy Windows machines (Windows Server 2016, Windows Server 2012 R2, and other downlevel clients)
+- **Required version**: Defender for Servers Windows client (MDE agent) 10.8799 or later
+- **Impact**: FIM monitoring will not function properly on versions below the minimum requirement
+
+Learn more about [File Integrity Monitoring](file-integrity-monitoring-overview.md) and how to [enable File Integrity Monitoring](file-integrity-monitoring-enable-defender-endpoint.md).
+
 ### Kubernetes gated deployment support for AKS Automatic (GA)
 
 March 12, 2026
@@ -186,7 +201,7 @@ Learn more about [reviewing security recommendations](review-security-recommenda
 
 | Date | Category | Update |
 | -------- | -------- | -------- |
-| February 22, 2026 | Preview | [Container runtime anti-malware detection and blocking (Preview)](#container-runtime-anti-malware-detection-and-blocking-preview) |
+| February 22, 2026 | Preview | [Container runtime anti-malware detection and blocking (Preview)](#container-runtime-anti-malware-detection-and-blocking-preview) 
 | February 22, 2026 | Update - Preview | [Binary drift now supports blocking (Preview)](#binary-drift-now-supports-blocking-preview) |
 | February 10, 2026| Preview | [Database-level recommendations experience for SQL Vulnerability Assessment findings (Preview)](#database-level-recommendations-experience-for-sql-vulnerability-assessment-preview) |
 | February 10, 2026| GA | [Scanning support for Minimus and Photon OS container images](#scanning-support-for-minimus-and-photon-os-container-images) |
