MDE is a combo of cloud-integrated, enterprise antivirus with a continuous vulnerability assessment that recommends how to make devices mode secure. MDE largely monitors what is happening on devices and servers. MDE also includes manual response and investigation tools. MDE can manage servers, but it is highly focused on end user devices.
MDFC is designed to protect Azure subscriptions and the resources in those subscriptions. It can be extended to AWS, GCP, and on-prem servers for Server, SQL, and container monitoring.
MDFC has no antivirus capabilities. The sub-solution, Defender for Servers is only for servers (obviously). MDFC focuses on monitoring how these resources are accessed externally. MDFC also has a vulnerability assessment for resources and servers. The server assessment can use the same TVM engine as MDE. Like MDE, MFDC provides security alerts and hardening recommendations.
Defender for Servers includes a license for MDE servers. You usually want both on servers (servers need MDE for AV). MDE for (non-server) devices is part of the M365 E3/E5 license.
Answer from Andrew Blumhardt on learn.microsoft.comMDE is a combo of cloud-integrated, enterprise antivirus with a continuous vulnerability assessment that recommends how to make devices mode secure. MDE largely monitors what is happening on devices and servers. MDE also includes manual response and investigation tools. MDE can manage servers, but it is highly focused on end user devices.
MDFC is designed to protect Azure subscriptions and the resources in those subscriptions. It can be extended to AWS, GCP, and on-prem servers for Server, SQL, and container monitoring.
MDFC has no antivirus capabilities. The sub-solution, Defender for Servers is only for servers (obviously). MDFC focuses on monitoring how these resources are accessed externally. MDFC also has a vulnerability assessment for resources and servers. The server assessment can use the same TVM engine as MDE. Like MDE, MFDC provides security alerts and hardening recommendations.
Defender for Servers includes a license for MDE servers. You usually want both on servers (servers need MDE for AV). MDE for (non-server) devices is part of the M365 E3/E5 license.
Hi @MyAzQuery ,
Microsoft Defender is the overall "brand" for Microsoft security products, and while these do have similar names as you've spotted they are different products.
In summary:
- Microsoft Defender for Endpoint, is an enterprise endpoint security platform - it incorporates things like next generation antivirus, but also include behavioral sensors, leverages cloud based security analytics and threat intelligence in order to provide security for Windows, macOS, Linux, Andoid and iOS endpoints. This link provides a good overview and starting point for more information.
- Microsoft Defender for Cloud provides "Cloud Security Posture Management" (CSPM), providing a security analysis of all the resources in your cloud estates, and Cloud Workload Protection (CWP) which gives specific protection for your resources such as VMs, cloud storage, databases, security keys, containers, etc. This link provides a starting point on this service.
One of the workload protections in Defender for Cloud is "Defender for Servers" - one of the ways this provides protection of your servers is by including a license to run Defender for Endpoint on the VM, hence giving you the antivirus and other endpoint protection on that system. However, Defender for Servers also provides other protections such as Just in Time access control and adaptive network hardening.
In short, if you're looking to provide antivirus and other protections for something like your windows endpoints (i.e. the PCs your employees use on a daily basis) then Defender for Endpoint is the product you're after. If you are looking to protect all your resources in the cloud (Azure, AWS, GCP) then Defender for Cloud is what you're after.
I hope this helps - if so, please upvote and "mark as answer" so that others will find this in the future.
-----
Hi,
Defender for Cloud is the name of the service. Defender for servers is a feature within that service. For example within Defender for Cloud you also have other features like Defender for Containers, Databases, Storage, App Service, Key Vault and Resource Manager. This can be seen on the pricing. Defender for servers has two SKUs - Plan 1 and Plan 2. It is unclear what are your requirements but overall as Defender for servers is part of Defender for Cloud you do not have to choose between one or the other.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hello!
In general, Microsoft Defender for Cloud (MDC) includes Microsoft Defender for Servers (MDS). Defender for Servers leverages Microsoft Defender for Endpoint (MDE) for its server protection piece, but on top of that, it adds capabilities to Server Monitoring, Access Management, Network Hardening, etc.
If you use the Defender for Server (Defender for Cloud) in Azure, Defender (MDE.Windows/Linux Extension) will install itself automatically on all servers in your subscription. It is called automatic provisioning. You can check this setting via these steps: Microsoft Azure => Microsoft Defender for Cloud => Environment settings => => Defender plans => on the Servers tab choose under Monitoring coverage Settings button => Endpoint protection must be turned on.
If you don't use Defender for Server (Defender for Cloud), then go to https://security.microsoft.com/ and follow these steps: Settings => Endpoints => Device management => Onboarding => select OS, download the script, run it and wait up to 12-24 hours, when you can see MDE.Windows/Linux extension installed on the server.
I recommend this article which explains the difference between these two services:
https://medium.com/microsoftazure/microsoft-defender-endpoint-microsoft-defender-for-cloud-for-servers-53c95d8c8d92
You can also check out the Defender for Servers Plan features:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers-select-plan#plan-features
Note: You must choose a server management model: Defender for Server (Defender for Cloud) or Defender for Endpoint. Because there are different tariffs for services. Defender for Cloud has pay-as-you-go model, but Defender for Endpoint has a model with licenses.
If the above response was helpful, please feel free to "Accept as Answer" and click "Yes" so it can be beneficial to the community.
I guess that at the simplest level, Defender for Cloud will help protect your Cloud (Azure) workloads (although it can also track and protect some outside resources) whereas Defender for Endpoint protects your devices (Windows clients, but also other platforms).
As part of Defender for Cloud, you can select Defender for Servers either at the Premium 1 (P1) or Premium (P2) level.
Then, Defender for Office 365 protects your Microsoft 365 data (Exchange mailboxes, SharePoint sites and Teams...), Defender for Identity protects your onsite Active Directory and Defender for Cloud Apps help track and protect your users when navigating the Internet.
I hope the above helps.
This previous answer should help you https://learn.microsoft.com/en-us/answers/questions/956836/difference-between-microsoft-defender-for-cloud-an
Microsoft Defender for Cloud is a comprehensive CNAPP solution for securing your enterprise's entire environment. It includes Defender for Servers, Microsoft Defender for IoT, and Microsoft Defender for storage. On the other hand, Microsoft Defender for Cloud Apps is a subset of Microsoft Cloud App Security that provides advanced threat protection for your cloud apps and services. It helps you identify and remediate cloud app security risks, control access to apps based on risk level, and detect and respond to threats. So, while Microsoft Defender for Cloud covers a broader range of security solutions for your enterprise's environment, Microsoft Defender for Cloud Apps focuses specifically on securing your cloud apps and services.
Microsoft Defender for Cloud
- Scope: Protects cloud workloads and infrastructure across Azure, AWS, GCP, and on-prem hybrid environments.
- Primary Focus:
- Cloud Security Posture Management (CSPM): Assess compliance, misconfigurations, and security posture.
- Cloud Workload Protection (CWP): Protects VMs, containers, databases, and other resources.
- Key Features:
- Security recommendations for resources.
- Threat detection for servers, containers, and cloud services.
- Integration with Azure Policy and regulatory compliance dashboards.
- Use Case: If you want to secure IaaS, PaaS, and hybrid workloads, this is your too
Microsoft Defender for Cloud Apps
- Scope: Protects SaaS applications and provides visibility into cloud app usage.
- Primary Focus:
- Cloud Access Security Broker (CASB): Discover and control SaaS apps.
- App Governance: Monitor OAuth apps and risky permissions.
- Key Features:
- Shadow IT discovery (unsanctioned apps).
- Session controls for real-time monitoring.
- OAuth app risk assessment and governance.
- Use Case: If you want to secure SaaS apps like Microsoft 365, Salesforce, Google Workspace, and manage OAuth permissions, this is your tool.
I've been looking at Microsoft's docs, but I'm getting a bit confused. I want something that will both monitor my Azure virtual machines for malicious activity and deal with any malicious activity. Does Defender for endpoint, or Defender for Cloud fit the bill better? Thanks