Videos
Which Microsoft Defender for Endpoint plan is supported in Defender for Servers?
Defender for Servers Plan 1 and Plan 2 provides the capabilities of Microsoft Defender for Endpoint Plan 2, including endpoint detection and response (EDR).
What are the licensing requirements for Microsoft Defender for Endpoint?
Licenses for Defender for Endpoint for Servers are included with Defender for Servers.
Does disabling Defender for Servers Plan 2 automatically remove the plan from my workspace?
Disabling the Defender for Servers Plan 2 on your subscription doesn't automatically disable the plan on your workspace. If Defender for Servers Plan 2 is enabled on a workspace, you need to manually disable it in the workspace settings to stop data collection and turn off the feature.
Learn how to disable the Defender for Servers plan.
Hi,
Defender for Cloud is the name of the service. Defender for servers is a feature within that service. For example within Defender for Cloud you also have other features like Defender for Containers, Databases, Storage, App Service, Key Vault and Resource Manager. This can be seen on the pricing. Defender for servers has two SKUs - Plan 1 and Plan 2. It is unclear what are your requirements but overall as Defender for servers is part of Defender for Cloud you do not have to choose between one or the other.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hello!
In general, Microsoft Defender for Cloud (MDC) includes Microsoft Defender for Servers (MDS). Defender for Servers leverages Microsoft Defender for Endpoint (MDE) for its server protection piece, but on top of that, it adds capabilities to Server Monitoring, Access Management, Network Hardening, etc.
If you use the Defender for Server (Defender for Cloud) in Azure, Defender (MDE.Windows/Linux Extension) will install itself automatically on all servers in your subscription. It is called automatic provisioning. You can check this setting via these steps: Microsoft Azure => Microsoft Defender for Cloud => Environment settings => => Defender plans => on the Servers tab choose under Monitoring coverage Settings button => Endpoint protection must be turned on.
If you don't use Defender for Server (Defender for Cloud), then go to https://security.microsoft.com/ and follow these steps: Settings => Endpoints => Device management => Onboarding => select OS, download the script, run it and wait up to 12-24 hours, when you can see MDE.Windows/Linux extension installed on the server.
I recommend this article which explains the difference between these two services:
https://medium.com/microsoftazure/microsoft-defender-endpoint-microsoft-defender-for-cloud-for-servers-53c95d8c8d92
You can also check out the Defender for Servers Plan features:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers-select-plan#plan-features
Note: You must choose a server management model: Defender for Server (Defender for Cloud) or Defender for Endpoint. Because there are different tariffs for services. Defender for Cloud has pay-as-you-go model, but Defender for Endpoint has a model with licenses.
If the above response was helpful, please feel free to "Accept as Answer" and click "Yes" so it can be beneficial to the community.
Hey everyone,
I’m currently trying to figure out how to deploy Defender for Endpoint on our Windows and Linux servers. We already have a 3rd party EDR running on them right now.
We’ve got some servers in Azure and others in our on-prem datacenter. About 60% of them are connected to Azure Arc. We have Defender for Servers Plan 2 licenses, and from what I understand, it needs to be activated at the Azure subscription level.
Since I haven’t really done this before, it’s all a bit confusing for me.
Here’s some questions that are popping up in my mind:
If I activate Defender for Endpoint Plan 2 in our Azure sub, will it automatically start onboarding all the servers running in Azure and those connected to Arc, regardless if they’re on-prem or not? Some servers are in different subs, and I’m not sure if I need to do something specific with those, or if there’s anything special to worry about.
Also, how do I time removing the old 3rd party EDR? I’m a bit concerned about issues if Defender and the 3rd party EDR are both running at the same time on those servers.
Finally, I’m wondering how to manage the different settings for Defender AV. Some servers are in a workgroup and others in an AD domain. GPO for the AD domain joined ones seems like the way to go, but maybe a PowerShell script for the workgroup servers?