Microsoft rolled out two endpoint changes this week that look like product updates but are actually configuration decisions MSPs need to make before August. Defender for Endpoint on Linux now supports centrally managed scheduled antivirus scans, while Edge Stable is moving to a two-week release cycle starting with version 152 on August 27. Both changes force a decision about how much automation versus manual validation your clients can tolerate.
Close the Linux scan gap
Until now, Linux endpoints in Defender for Endpoint relied on real-time protection or ad hoc manual scans. Microsoft has added scheduled scans in public preview, configurable through security settings management policies in the Defender portal or through local Managed JSON for Ansible, Puppet, or Chef. You can set hourly quick scans, daily quick scans at a fixed time, or weekly scans with a choice of quick or full scan type. The agent must be version 101.26032.0000 or later.
For MSPs, this matters because Linux servers and workstations often sit outside the same compliance rhythm as Windows. If you have been relying on cron scripts or manual checklists to scan Linux, this is a chance to fold those endpoints into the same centralized schedule as the rest of the fleet. The operational value is consistency: one policy surface, one set of logs, and fewer one-off scripts to maintain. It also closes a common audit gap where Linux endpoints were technically protected but not demonstrably scanned on a schedule.
Pick an Edge channel before August 27
Edge Stable is moving from a roughly four-week cycle to a two-week cycle starting with Edge 152 on August 27, 2026. Each update will be smaller, but there will be twice as many of them. The Extended Stable channel keeps its existing eight-week cadence, so the channel decision becomes the main lever for each client.
The validation burden is the practical problem. If your client’s line-of-business apps need a full compatibility pass before every browser update, a two-week cycle will strain that process. For those clients, Extended Stable is the safer default. For clients with lighter app dependencies, staying on Stable gives faster security fixes and features. Microsoft specifically recommends adding a Beta pilot group so you catch issues before they reach Stable. That advice is worth following: a small Beta ring buys you the validation time the new cadence takes away.
Edge Stable will deliver roughly half the content of previous updates twice as often, starting August 27.
What to do this week
- Audit Linux Defender coverage: Identify Linux endpoints running Defender and check whether agent versions are 101.26032.0000 or later.
- Replace cron with policy: For clients using cron scripts or manual Linux scans, plan a move to Defender’s scheduled scan policies for centralized logging and compliance.
- Classify clients by Edge channel: Decide which clients stay on Stable, which move to Extended Stable, and which need a Beta pilot group before August 27.
- Compress validation playbooks: Update browser test runbooks so a two-week cycle is actually workable, or document why Extended Stable is required.
Sources
- Microsoft Defender for Endpoint: Scheduled Scans for Linux (Sayan Roy)
- Microsoft Edge Moves to Two-Week Release Cycle (Windows Blog)
