Endpoint definitions not updating
In this post, we will look at what changed for Endpoint Protection and Windows Defender in the Windows 10 Creators Update (1703). It is still required to deploy Windows Defender Definition Update KB2267602.
Also, note that the update is still in the Windows Defender product category.
The latest Windows 10 Creators Update (1703), also bring its share of changes for Windows Defender, which then impact Endpoint Protection on the end-user side. This can be seen under Settings / Update & Security / Windows Defender. Windows Defender standalone window The standalone window is now gone.
If it goes through all sources without detecting available definitions, it returns an error and the update attempt is unsuccessful.
Configuration Manager is never listed in the Fallback Order registry key, as the SCEP client does not recognize a Configuration Manger Software Update Point agent (and associated infrastructure) as a valid definition source and cannot pull definitions from Configuration Manager.
The SCEP Client needs to be updated to recognize the SUP as a valid definition source - rather than having to open the Config Mgr Control Panel window, and running a "Software Deployment and Evaluation" cycle.
While in the field we have seen clients use GUPs in different ways, the purpose of the GUPs was to reduce bandwidth requirements.
On a subnet over a WAN link, you would have a single client retrieving definitions from the SEPM.