Defender for Servers Plan 2 now integrates with Defender for Endpoint unified solution

Hi Garretta86, 
from an MDE perspective, it's a transparent change, so existing configuration will apply. Regarding testing on a particular machine without enabling the integration on the whole subscription, yes, that is possible via REST API:

1. You need to retrieve the MDE Onboarding Package as Base64Encoded package. This can be done with a GET request against 

   https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.Security/mdeOnboardings?api-version=2021-10-01-preview​

2. You need to deploy the extension to your machine. To do it, you can run a PUT request against 

   https://management.azure.com/<resourceId>/extensions/MDE.Windows?api-version=<api-Version>​

    (see below the different parameters for the JSON body and API call):
   
   

   Parameter	Value
   API Call	PUT
   API URI	https://management.azure.com/<resourceId>/extensions/MDE.Windows?api-version=<api-Version>
   ResourceId	Azure Resource ID
   MachineType	Compute (for Azure VMs), HybridCompute (for Azure Arc machines)
   MachineTypePath	virtualMachines (for Azure VMs), machines (for Azure Arc machines)
   API Version	2015-06-15 (for Azure VMs), 2020-08-02 (for Azure Arc machines)
   Based64EncodedPackage	result from the GET request in step 1

The PUT request needs to contain the following JSON body (replace the <attributes> with values from the table above):

{
  "name": "MDE.Windows",
  "id": "<ResourceId>/extensions/MDE.Windows",
  "type": " Microsoft.<MachineType>/<MachineTypePath>/extensions",",
  "location": "<location_of_vm>",
  "properties": {
    "autoUpgradeMinorVersion": true,
    "publisher": "Microsoft.Azure.AzureDefenderForServers",
    "type": "MDE.Windows",
    "typeHandlerVersion": "1.0",
    "settings": {
        "azureResourceId": "<ResourceId>",
        "vNextEnabled": "true"
    },
    "protectedSettings": {
      "defenderForEndpointOnboardingScript": "<Base64EncodedPackage>"
    }
  }
}