Hi @milo last , Defender for Endpoint and Defender for Servers both provide endpoint protection, but they have different features and capabilities. Defender for Endpoint is a cloud-based solution that provides advanced endpoint protection, including endpoint detection and response (EDR) capabilities. It requires an internet connection to function properly. On the other hand, Defender for Servers is an on-premises solution that provides endpoint protection for servers. It does not require an internet connection to function properly.
If your servers have no connectivity to the internet, Defender for Servers would be the better choice for you. It provides endpoint protection for servers without requiring an internet connection. However, if you have some servers that can connect using a proxy, you can use Defender for Endpoint for those servers.
It's important to note that if you choose Defender for Servers, you will not have access to the advanced EDR capabilities provided by Defender for Endpoint. However, Defender for Servers does provide basic endpoint protection for servers, including antivirus and antimalware protection.
If you have servers with no internet connectivity, Defender for Servers would be the better choice for you. If you have some servers that can connect using a proxy, you can use Defender for Endpoint for those servers.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James
How does the experience from a device or endpoint's perspective differ between a paid MDE subscription and native/free Windows Defender?
My specific question using an example: If I were sitting down at a Windows 11 machine, is there a CLI command (ideally powershell) that I could run that would tell me if I were on a paid MDE version (and ideally which one P1|P2|etc) vs the native?
My general question is: what GUI or other end user experiences would be different with using a paid MDE version? If I were prepping my end users for a migration from free Windows Defender to paid Microsoft Defender for Business, is there anything I should prep them for (ie, this screen or dialog will look different than what you're used to)?
Videos
Hello community!
Lately, I've noticed a lot of discussions and cases on Reddit and elsewhere about bypassing EDR and Antivirus solutions. There are reports of servers being encrypted despite the presence of XDR/MDR functions from manufacturers, etc. This raises several questions for me, especially about moving all security stacks to Microsoft 365, particularly for clients with a Business Premium subscription. I'm having trouble forming a clear opinion on this.
On one hand, it seems like putting all your eggs in one basket, right? On the other hand, solutions combining AV+EDR with a service like BlackPoint seem more robust to me. Or maybe it would be wiser to have one provider for AV, another for EDR, and yet another for MDR? I also have questions about integrating an MDR solution within the same solution as AV and EDR.
I'm not sure if there's already a thread on this topic; if there is, I'd appreciate the link! What do you think?
Thanks for your insights!
Hey guys!
A pen testing firm has given the recommendations of deploying both Windows Defender AND the EDR on all endpoints for maximum protection.
Im somewhat skeptical of this (mostly for compatibility and performance-related issues) and i'd like to hear the community opinion here.
Are you guys deploying both products on your endpoints? If so, how did it go?
EDIT : I meant the built-in comes with every OS install Windows Defender not the defender package. It would be built-in + something like Crowdstrike or Sentinel One.
I think I'm having a misunderstanding about EDR on Defender.
If I take an out-of-the-box Windows 10 computer without anything applied to it, it won't be EDR correct ?Now If I onboard the computer on Defender with appropriate license, will it have EDR ? How ?
Is it a functionality that gets enabled on the computer (and if so, how do I check ?) or is it just a setting that get switched on the Defender console that reports to the computer and tells it to do some action (meaning that even the default Defender would be able to do it without any extra installation)
The only documentation I find is about EDR in block mode...
EDIT 1 :
Closed.
tl;dr :
There is no visual way to identify the differences between a default Defender and "EDR" Defender for Endpoint other than checking inside Services the "Sense" service or run CMD / Pwsh commands.
Got about 400 users that need an endpoint protection plan...Wondering if it is worth paying the difference on Microsoft Defender for Endpoint Plan 1 and get Microsoft Defender for Endpoint Plan 2.... Getting hassled by auditors, I guess reports from sccm on the Microsoft defender that is shipped with windows doesn't cut it any more.
What is the experience out here? Do you have an opinion on either of them, better yet, maybe both? I would like to hear it.
Hi there!
Have you used Microsoft Defender for Endpoint? What has been your experience with it?
In your opinion, what are the benefits of using Microsoft Defender for Endpoint over other endpoint protection solutions?
What are the potential drawbacks or limitations of using Microsoft Defender for Endpoint?
How effective do you think Microsoft Defender for Endpoint is at detecting and mitigating threats?
How does Microsoft Defender for Endpoint compare to other endpoint protection solutions in terms of ease of use and manageability?
Also, I'm not very well familiar with Microsoft licenses and products, but I'm not sure I understand what is Microsoft Defender for Endpoint.
It is an additional sensor/add-on that upgrade default Microsoft Defender Antivirus or is it a separate, self-contained product?
We have around 6000 endpoints (Windows 30%, Linux 69% and MacOS 1%).
How much would it cost and are there any discounts? Who has dealt with this?