Upgrading Defender to the latest version (235318)

Upgrading Defender to the latest version

What is the path to upgrade my Defender environment to the latest version? Can I upgrade from older versions?

Can I upgrade from a previous version of Defender to the latest version?

You must be currently running Defender 5.8.1 or 5.8.2 to upgrade to version 5.9.x or 5.10.
If you are running an older version, such as 5.6 or 5.7, you will need to upgrade to version 5.8.2 first, and then upgrade a second time to 5.10.


You must be currently running Defender 5.9.5 or later to upgrade to version 5.11.



Is it possible to have a mixed environment with multiple versions of Defender components?

While we recommend having all One Identity Defender components running the same version, the core functionality of the product has remained consistent over the last few version, so that it is possible for 5.7, 5.8, 5.9 and 5.10 components to work together without major issues.

While we cannot guarantee 100% compatibility in a mixed environment, an older version of Desktop Login, for example, should still be able to authenticate to a newer version of the Security Server and vise versa. This should prevent disruption to your production environment while the upgrades are in progress.


Does the existing licensing carry forward to the new version?

Yes. Your existing licenses will be carried forward when you upgrade to a new version and there is no need to re-apply any of the your existing licensing. If you purchase additional licenses, these can be added to your legacy license count.

The only consideration with regards to licensing is the change in format that occurred between the 5.7 and 5.8 versions. The format of the licenses has remained the same since 5.8. More information on this change can be found in KB 178179 and KB 44179.


Are there any other considerations when performing the upgrade?

The Defender product has been re-branded between the 5.7 and 5.8 versions and has now changed to One Identity in the 5.9 version. The Program Files folder path has also changed names as a result of these branding changes. While it is fully supported to perform an in place upgrade, some inconsistency may be seen in log files that are still located under the legacy folder paths.

An optional suggestion is to make a backup of any logs and configuration settings, then uninstall the previous version of the Defender components,  and perform a fresh install of the new Defender 5.10 components. This process is not required, but may cause less inconsistency moving forward.

Uninstalling individual components, such as the Security Server service, or the Desktop Login client would have no effect on the data stored in Active Directory. All objects stored in the Defender OU, such as Tokens, Licenses, Access Nodes, Policies etc, would not be affected by the removal of the individual software components.

When performing a fresh install of the new components, you would need to re-enter the configuration information, such as server addresses, ports, shared secrets and service account credentials. This information should be documented before removing the old version.


For more information on the changes in One Identity Defender 5.10, please refer to the Release Notes.

The term "components" mentioned in this article, refers to the separate pieces of software that comprise the Defender product, such as the Defender Security Server, Defender Administration Console, Defender Desktop Login, Defender Management Portal etc. A full list of the components can be found in the product documentation.