Forum Discussion

Sankaperera's avatar
Sankaperera
Copper Contributor
Aug 01, 2024

Defender for Server without Internet access

Hi All,

 

I don't want to expose my servers to internet using a proxy or any other mechanism.

 

Is there any possibility to deploy & manage Defender for both Windows & Linux servers?

 

If yes, what are the risks and challenges?

 

All servers are Windows 2022 servers. For definition updates, can i use either SCCM or any other product? 

  • Sankaperera 
    Defender Antivirus
    Without internet access you can use Defender Antivirus, which is a traditional Antivirus solution available on windows servers 2016 and up.

    (note, the antivirus in 2016 does not have all the functionality that is available 2019 and up.

     

    You have the option of distributing updates via a share folder, WSUS or MEC, which will not require direct internet access from the protected servers.

     

    Defender Antivirus is integrated in the OS so it does not require Defender for Servers licensing.

     

    Defender for Endpoint(Defender for Servers)

    The EDR solution Defender for Endpoint runs all analytics in the cloud, and will require internet access, either direct or through a proxy.

     

  • Hi Sankaperera 

     

    Defender for Server/Endpoint is a cloud service that requires internet connectivity, whether directly or through a proxy. You now have the option to utilize the new streamlined connectivity, which requires opening traffic only to *.endpoint.security.microsoft.com. I recommend checking out this article for more details > Onboarding devices using streamlined connectivity for Microsoft Defender for Endpoint - Microsoft Defender for Endpoint | Microsoft Learn

    • Sankaperera's avatar
      Sankaperera
      Copper Contributor
      Thank you,

      Still it requires internet connectivity.

      Is it possible push the definition updates via a 3rd party tool and enable required policies via GPO?

      Sanka
      • MatejKlemencic's avatar
        MatejKlemencic
        Brass Contributor
        You can deploy definition updates with WSUS for your Windows Servers. For basic antivirus scanning, you can use Windows Defender Antivirus and manage its policies with GPO or any other management tool. Note that Windows Defender Antivirus does not include advanced features like EDR and advanced reporting, which are part of the Defender for Server add-on.
  • Jonhed's avatar
    Jonhed
    Steel Contributor

    Sankaperera 
    Defender Antivirus
    Without internet access you can use Defender Antivirus, which is a traditional Antivirus solution available on windows servers 2016 and up.

    (note, the antivirus in 2016 does not have all the functionality that is available 2019 and up.

     

    You have the option of distributing updates via a share folder, WSUS or MEC, which will not require direct internet access from the protected servers.

     

    Defender Antivirus is integrated in the OS so it does not require Defender for Servers licensing.

     

    Defender for Endpoint(Defender for Servers)

    The EDR solution Defender for Endpoint runs all analytics in the cloud, and will require internet access, either direct or through a proxy.

     

  • question92120's avatar
    question92120
    Copper Contributor

    For an offline environment, consider using Microsoft Defender Antivirus (Windows only) with on-premises management via Group Policy or MECM, but this won't provide full MDE capabilities. Linux servers would require a different solution.

    You cannot deploy and manage Microsoft Defender for Endpoint on both Windows and Linux servers without internet access. Defender for Endpoint requires internet connectivity for management, updates, and threat intelligence. Microsoft Defender cannot manage Linux servers without internet access.

     

    Consider using ClamAV or Symantec Endpoint Protection for offline antivirus management on Linux servers.

Resources