This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 43%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Hello Experts,
I have a SCCM site where i am working on deployment of windows defender definition updates, it's just a primary site managing around 700 clients but the problem i am facing is we have 2 sources selected for defender updates first is config manager and second is Microsoft server but still we are not getting a good compliance rate. The rate is as low as 2%(around 14-15 clients out of 700).
I have a ADR created for deployment of defender updates and then in the policy i have set to go to second source if the definition updates are 12 hours old but it didn't improved the compliance.
My understanding is - The sources are from where the updates will be downloaded, all the client machine will look to config manager first for downloading the definition updates and if they don't get it from there then they will reach out to Microsoft update servers to download the updates after 12 hours....Is this correct ? or i am missing something. What can i do to improve the compliance.
Please, suggest.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 84%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Try to make sure you don't have a Group Policy with different settings that contradict with what you have mentioned .
Also , Try to set Microsoft source as the first source and see if that will improve the compliance
We could pick one client at random to check if the Windows Defender is installed successfully by the following picture. If so, but the report to SCCM is not compliant, it seems that the Windows Defender is installed from Microsoft. If not, maybe we could check the ADR from CM is deployed to the client.
The sources are from where the updates will be downloaded, all the client machine will look to config manager first for downloading the definition updates and if they don't get it from there then they will reach out to Microsoft update servers to download the updates after 12 hours....Is this correct?
If you enable this setting, definition update sources will be contacted in the order specified. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted. If not, it will be downloaded from other specified source. For limitation of time, Microsoft has not explained it.
If the response is helpful, please click "Accept Answer" and upvote it.
May we know the current status of the question? If there is any other assistance we can provide, please feel free to let us know, we will do our best to help you.
Best regards,
Amanda You