Forum Discussion
Defender for Server without Internet access
Hi All,
I don't want to expose my servers to internet using a proxy or any other mechanism.
Is there any possibility to deploy & manage Defender for both Windows & Linux servers?
If yes, what are the risks and challenges?
All servers are Windows 2022 servers. For definition updates, can i use either SCCM or any other product?
Sankaperera
Defender Antivirus
Without internet access you can use Defender Antivirus, which is a traditional Antivirus solution available on windows servers 2016 and up.(note, the antivirus in 2016 does not have all the functionality that is available 2019 and up.
You have the option of distributing updates via a share folder, WSUS or MEC, which will not require direct internet access from the protected servers.
Defender Antivirus is integrated in the OS so it does not require Defender for Servers licensing.
Defender for Endpoint(Defender for Servers)
The EDR solution Defender for Endpoint runs all analytics in the cloud, and will require internet access, either direct or through a proxy.
- MatejKlemencicBrass Contributor
Hi Sankaperera
Defender for Server/Endpoint is a cloud service that requires internet connectivity, whether directly or through a proxy. You now have the option to utilize the new streamlined connectivity, which requires opening traffic only to *.endpoint.security.microsoft.com. I recommend checking out this article for more details > Onboarding devices using streamlined connectivity for Microsoft Defender for Endpoint - Microsoft Defender for Endpoint | Microsoft Learn
- SankapereraCopper ContributorThank you,
Still it requires internet connectivity.
Is it possible push the definition updates via a 3rd party tool and enable required policies via GPO?
Sanka- MatejKlemencicBrass ContributorYou can deploy definition updates with WSUS for your Windows Servers. For basic antivirus scanning, you can use Windows Defender Antivirus and manage its policies with GPO or any other management tool. Note that Windows Defender Antivirus does not include advanced features like EDR and advanced reporting, which are part of the Defender for Server add-on.
- JonhedSteel Contributor
Sankaperera
Defender Antivirus
Without internet access you can use Defender Antivirus, which is a traditional Antivirus solution available on windows servers 2016 and up.(note, the antivirus in 2016 does not have all the functionality that is available 2019 and up.
You have the option of distributing updates via a share folder, WSUS or MEC, which will not require direct internet access from the protected servers.
Defender Antivirus is integrated in the OS so it does not require Defender for Servers licensing.
Defender for Endpoint(Defender for Servers)
The EDR solution Defender for Endpoint runs all analytics in the cloud, and will require internet access, either direct or through a proxy.
- question92120Copper Contributor
For an offline environment, consider using Microsoft Defender Antivirus (Windows only) with on-premises management via Group Policy or MECM, but this won't provide full MDE capabilities. Linux servers would require a different solution.
You cannot deploy and manage Microsoft Defender for Endpoint on both Windows and Linux servers without internet access. Defender for Endpoint requires internet connectivity for management, updates, and threat intelligence. Microsoft Defender cannot manage Linux servers without internet access.Consider using ClamAV or Symantec Endpoint Protection for offline antivirus management on Linux servers.