Add MDE agent version requirements for FIM on legacy Windows machines

DebLanger · DebLanger · commit 4a6a316f276b · 2026-01-22T10:44:04.000+02:00
- Added version requirement section to file-integrity-monitoring-overview.md
- Updated prerequisites in migrate-file-integrity-monitoring.md
- Users with FIM and legacy Windows machines must update to MDE agent version 10.8799+ due to pipeline change
diff --git a/articles/defender-for-cloud/file-integrity-monitoring-overview.md b/articles/defender-for-cloud/file-integrity-monitoring-overview.md
@@ -34,6 +34,16 @@ File integrity monitoring uses the Microsoft Defender for Endpoint agent and age
 - Collected file integrity monitoring data is part of the [500-MB benefit included in Defender for Servers Plan 2](data-ingestion-benefit.md).
 - File integrity monitoring gives information about file and resource changes. It includes the source of the change, account details, indication of who made the changes, and information about the initiating process.
 
+## Version requirements
+
+To ensure proper file integrity monitoring functionality, machines must run Microsoft Defender for Endpoint agent version **10.8799 or above**. This requirement is especially important for:
+
+- Legacy Windows machines (downlevel clients)
+- Environments transitioning from MMA or AMA-based FIM
+
+> [!IMPORTANT]
+> Due to a pipeline change in Microsoft Defender for Endpoint, users with existing FIM deployments on legacy Windows machines must update their MDE agent to version 10.8799 or above to continue receiving file integrity monitoring data.
+
 ### Migrate to the new version
 
 File integrity monitoring previously used the Log Analytics agent (also known as the Microsoft Monitoring agent (MMA)) or the Azure Monitor agent (AMA) to collect data. If you're using file integrity monitoring with one of these legacy methods, you can [migrate file integrity monitoring](migrate-file-integrity-monitoring.md) to use Defender for Endpoint.
diff --git a/articles/defender-for-cloud/migrate-file-integrity-monitoring.md b/articles/defender-for-cloud/migrate-file-integrity-monitoring.md
@@ -18,7 +18,22 @@ The previous version of file integrity monitoring used the Log Analytics agent (
 
 - You must enable Defender for Servers Plan 2 to use file integrity monitoring.
 - Migration is relevant if file integrity monitoring is currently enabled using MMA or AMA.
-- Machines protected by Defender for Servers Plan 2 must run the Microsoft Defender for Endpoint agent. To check agent status on machines in your environment, [use this workbook](https://aka.ms/DfServersDashboard) to do that.
+- Machines protected by Defender for Servers Plan 2 must run the Microsoft Defender for Endpoint agent version **10.8799 or above**. This is particularly critical for legacy Windows machines (downlevel clients).
+- To check agent status and version on machines in your environment, [use this workbook](https://aka.ms/DfServersDashboard).
+
+## Important: Version requirements for legacy Windows machines
+
+Due to a recent pipeline change in Microsoft Defender for Endpoint, users migrating from MMA or AMA-based file integrity monitoring must ensure their MDE agent meets the minimum version requirement:
+
+- **Minimum required version**: 10.8799
+- **Affected systems**: Primarily legacy Windows machines (downlevel clients)
+- **Impact**: FIM monitoring will not function properly on versions below 10.8799
+
+### Checking and updating MDE agent version
+
+1. Use the [Defender for Servers dashboard workbook](https://aka.ms/DfServersDashboard) to verify agent versions across your environment
+2. For machines running older versions, update the MDE agent through your standard deployment method
+3. Verify FIM functionality resumes after the agent update
 
 ## Migrate from MMA
 
