Update FIM documentation with MDE agent version requirements

DebLanger · DebLanger · commit 77070fafd78c · 2026-01-22T11:36:05.000+02:00
- Updated file-integrity-monitoring-overview.md with version requirements section
- Removed version info from migrate-file-integrity-monitoring.md per feedback
- Updated file-integrity-monitoring-enable-defender-endpoint.md with correct version (10.8799) for legacy Windows machines
- Added release note entry for MDE agent version requirement due to pipeline change
diff --git a/articles/defender-for-cloud/file-integrity-monitoring-enable-defender-endpoint.md b/articles/defender-for-cloud/file-integrity-monitoring-enable-defender-endpoint.md
@@ -18,9 +18,9 @@ After you enable Defender for Servers Plan 2, follow the instructions in this ar
 > [!NOTE]
 >
 > - If you use a previous version of File Integrity Monitoring with the Log Analytics agent (Microsoft Monitoring agent (MMA)) or the Azure Monitor agent (AMA), you can [migrate to the new File Integrity Monitoring experience](migrate-file-integrity-monitoring.md).
-> - From June 2025 onwards, File Integrity Monitoring powered by Microsoft Defender for Endpoint requires a minimum version. [Update the agent](#verify-defender-for-endpoint-client-version) as needed.
->   - Windows: 10.8760 or later.
->   - Linux: 30.124082 or later.
+> - File Integrity Monitoring powered by Microsoft Defender for Endpoint requires a minimum agent version. [Update the agent](#verify-defender-for-endpoint-client-version) as needed.
+>   - **Windows (legacy machines/downlevel clients)**: 10.8799 or later.
+>   - **Linux**: 30.124082 or later.
 
 ## Prerequisites
 
diff --git a/articles/defender-for-cloud/migrate-file-integrity-monitoring.md b/articles/defender-for-cloud/migrate-file-integrity-monitoring.md
@@ -18,22 +18,7 @@ The previous version of file integrity monitoring used the Log Analytics agent (
 
 - You must enable Defender for Servers Plan 2 to use file integrity monitoring.
 - Migration is relevant if file integrity monitoring is currently enabled using MMA or AMA.
-- Machines protected by Defender for Servers Plan 2 must run the Microsoft Defender for Endpoint agent version **10.8799 or above**. This is particularly critical for legacy Windows machines (downlevel clients).
-- To check agent status and version on machines in your environment, [use this workbook](https://aka.ms/DfServersDashboard).
-
-## Important: Version requirements for legacy Windows machines
-
-Due to a recent pipeline change in Microsoft Defender for Endpoint, users migrating from MMA or AMA-based file integrity monitoring must ensure their MDE agent meets the minimum version requirement:
-
-- **Minimum required version**: 10.8799
-- **Affected systems**: Primarily legacy Windows machines (downlevel clients)
-- **Impact**: FIM monitoring will not function properly on versions below 10.8799
-
-### Checking and updating MDE agent version
-
-1. Use the [Defender for Servers dashboard workbook](https://aka.ms/DfServersDashboard) to verify agent versions across your environment
-2. For machines running older versions, update the MDE agent through your standard deployment method
-3. Verify FIM functionality resumes after the agent update
+- Machines protected by Defender for Servers Plan 2 must run the Microsoft Defender for Endpoint agent. To check agent status on machines in your environment, [use this workbook](https://aka.ms/DfServersDashboard) to do that.
 
 ## Migrate from MMA
 
diff --git a/articles/defender-for-cloud/release-notes.md b/articles/defender-for-cloud/release-notes.md
@@ -31,8 +31,29 @@ This article summarizes what's new in Microsoft Defender for Cloud. It includes
 
 |Date | Category | Update|
 | -------- | -------- | -------- |
+|January 22, 2026| Update | [File Integrity Monitoring requires MDE agent version 10.8799+ for legacy Windows machines](#file-integrity-monitoring-requires-mde-agent-version-108799-for-legacy-windows-machines) |
 |January 8, 2026| Preview | [Microsoft Security Private Link (Preview)](#microsoft-security-private-link-preview) |
 
+### File Integrity Monitoring requires MDE agent version 10.8799+ for legacy Windows machines
+
+January 22, 2026
+
+Due to a pipeline change in Microsoft Defender for Endpoint (MDE), File Integrity Monitoring now requires Microsoft Defender for Endpoint agent version 10.8799 or above for proper functionality on legacy Windows machines (downlevel clients).
+
+**Key details:**
+
+- **Affected systems**: Legacy Windows machines (Windows Server 2016, Windows Server 2012 R2, and other downlevel clients)
+- **Required version**: MDE agent 10.8799 or later
+- **Impact**: FIM monitoring will not function properly on versions below the minimum requirement
+
+**Action required:**
+
+Users with File Integrity Monitoring enabled on legacy Windows machines should update their MDE agent to version 10.8799 or above to continue receiving file integrity monitoring data. Use the [Defender for Servers dashboard workbook](https://aka.ms/DfServersDashboard) to verify agent versions across your environment.
+
+For Windows Server 2016 and Windows Server 2012 R2, you must update machines manually to the latest agent version by installing [KB 5005292 from the Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005292).
+
+Learn more about [File Integrity Monitoring](file-integrity-monitoring-overview.md) and how to [enable File Integrity Monitoring](file-integrity-monitoring-enable-defender-endpoint.md).
+
 ## Microsoft Security Private Link (Preview)
 
 January 8, 2026
