Microsoft has introduced Effective Settings reporting to Microsoft Defender for Endpoint, launching in March 2026. This feature allows Security Admins to see the actual security policies enforced on each device, rather than relying solely on intended configurations.
Key Features of Effective Settings
- Actual configuration visibility: displays the security settings enforced on a device, including antivirus, attack surface reduction (ASR) rules, and any exclusions.
- Source tracking lets you see whether Intune Group Policy (GPO) or a local setting is controlling each policy.
- Conflict resolution: identifies when different sources try to set a policy but fail, and helps you troubleshoot conflicts more easily.
- Centralized reporting column: find this feature in the Microsoft Defender portal under Device Inventory. Go to Configuration Management, then the Effective Settings tab.
Benefits for Security Teams
- No guessing: admins can confirm security policies are applied, reducing risks.
- Easy troubleshooting: see exactly why a setting may not work.
- Accurate, real-time data replaces outdated policy info.
This feature bridges the gap between intended and actual policy enforcement, especially in mixed environments, using GPO, Intune, and Configuration Manager.
In addition to Effective Settings, recent updates to the Microsoft Defender portal offer new ways for security teams to view and manage critical files and data.
Microsoft has significantly improved configuration and vulnerability reporting features.
Microsoft now makes it easier to track release notes and platform updates.
This month, Microsoft introduced new features and improvements for Microsoft Defender for Endpoint. These updates boost security, visibility, and management options for businesses.
Microsoft is previewing a new library management feature in the Defender portal. With this feature, security analysts can now view and manage files and scripts used during live response. The preview provides a central list of all uploaded files and their details. Analysts can also upload, view, and delete files outside live response sessions.
The Effective Settings tab, available under Device Inventory in Configuration Management for commercial customers, lets administrators see which configuration values are actually applied, their sources, and helps spot any policy settings that did not apply to reduce security gaps.
Upgraded Device Vulnerabilities Report Experience
Microsoft has released an updated Device Vulnerabilities report. The new report no longer includes the section showing vulnerable Windows 10/11 versions over time. It now only provides a device group filter and offers limited historical data. The changes give an immediate, clearer view without waiting 30 days.
Vulnerable Components Page Renamed To Software Components
Microsoft has renamed the page previously called “Vulnerable Components” to “Software Components.” This change reflects that Defender Vulnerability Management now covers all software components in an organization, not only those that are vulnerable.
Finally, there’s a naming update: the “What’s New” page is now “New Features in Windows Defender for Endpoint.” This page features both new features and direct links to the latest release notes. Now, release notes for all supported operating systems appear on a single unified page, making it easier to review updates across platforms, as older pages redirect to this consolidated view.
Source: Microsoft Defender for Endpoint Updates Boost Visibility and Control
