Videos
Which Microsoft Defender for Endpoint plan is supported in Defender for Servers?
Defender for Servers Plan 1 and Plan 2 provides the capabilities of Microsoft Defender for Endpoint Plan 2, including endpoint detection and response (EDR).
What are the licensing requirements for Microsoft Defender for Endpoint?
Licenses for Defender for Endpoint for Servers are included with Defender for Servers.
Does disabling Defender for Servers Plan 2 automatically remove the plan from my workspace?
Disabling the Defender for Servers Plan 2 on your subscription doesn't automatically disable the plan on your workspace. If Defender for Servers Plan 2 is enabled on a workspace, you need to manually disable it in the workspace settings to stop data collection and turn off the feature.
Learn how to disable the Defender for Servers plan.
Hey everyone,
I’m currently trying to figure out how to deploy Defender for Endpoint on our Windows and Linux servers. We already have a 3rd party EDR running on them right now.
We’ve got some servers in Azure and others in our on-prem datacenter. About 60% of them are connected to Azure Arc. We have Defender for Servers Plan 2 licenses, and from what I understand, it needs to be activated at the Azure subscription level.
Since I haven’t really done this before, it’s all a bit confusing for me.
Here’s some questions that are popping up in my mind:
If I activate Defender for Endpoint Plan 2 in our Azure sub, will it automatically start onboarding all the servers running in Azure and those connected to Arc, regardless if they’re on-prem or not? Some servers are in different subs, and I’m not sure if I need to do something specific with those, or if there’s anything special to worry about.
Also, how do I time removing the old 3rd party EDR? I’m a bit concerned about issues if Defender and the 3rd party EDR are both running at the same time on those servers.
Finally, I’m wondering how to manage the different settings for Defender AV. Some servers are in a workgroup and others in an AD domain. GPO for the AD domain joined ones seems like the way to go, but maybe a PowerShell script for the workgroup servers?
I was reading this documentation where it says doesn't . https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide It says specifically "The standalone versions of Defender for Endpoint Plan 1 and Plan 2 do not include server licenses. To onboard servers, such as endpoints running Windows Server or Linux, you'll need Defender for Servers Plan 1 or Plan 2 as part of the Defender for Cloud offering. To learn more. see Overview of Microsoft Defender for Servers"
However, when you access the MDE interface from security.microsoft.com -> setting -> endpoint -> onboarding, you can download a package to onboard different versions of windows server.
There's even a documentation on how to do the process: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide
I'm not sure if it is legally to onboard an on-premises server to MDE, without the need of any Microsoft Defender for Endpoint Server license.
I was reading more documentation, from this link: https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-servers-introduction
And there's a MDE server plan 1 and MDE server plan 2 but it is part of Microsoft Defender for cloud, and then you can integrate it with Microsoft Defender for Endpoint.
So, my question is, is it legally to onboard a server to MDE without the need of any server license or using Microsoft Defender for cloud ? Because the defender for cloud is a totally different feature, oriented to azure services and to apply it to on-premise devices you need to use an Arc extension.