Forum Discussion
Microsoft Defender for Endpoint Confusion
- Hi
You are correct, if you have Azure Defender Enabled, they will automatically all be licensed for MDE. Alll but 2019/Linux will be onboarded automatically
You are correct that you can use the anti-malware extensions. It does pratically the same. From within the security center, in Threat & Vulnerability Management you can see if they have AV enabled
If your Linux is in security center, that's all good. Just make sure EDR is enabled for them as well: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/edr-for-linux-is-now-generally-available/ba-p/2048539
When you protect machines with Azure Security Center, you receive a license for Microsoft Defender for Endpoint. Defender for Endpoint is the EDR solution from Microsoft which can protect Windows, Windows Server, Linux, MacOS, Android and iOS.
Azure Security Center isn't an EDR solution and for EDR detections, you need to use the Security Center portal. This will contain all the machines that are protection with Microsoft Defender for Endpoint.
To onboard servers (install EDR) you can use Azure Security Center. When you enable Security Center for Virtual Machines, Windows Server 2008R2,2012,2016 is automatically onboarded.
Windows Server 2019 & Linux need to be manually onboarded. This is done through a script, which is described here: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-sac-version-1803-windows-server-2019-and-windows-server-2019-core-edition
Now that Defender for Endpoint is an EDR, not an AV. For AV, there are also some differences between the different OS'es: https://www.thecloudtechnologist.com/defender-for-endpoint-mdatp-for-windows-servers/
Do let me know if you have any questions
Hey there,
Thank you for the detailed response. This does seem clearer now.
So I guess I can say that my VMs in the subscription which are already protected by the "Azure Defender enabled" Security Center would therefore already have a licence for the EDR which will be automatically onboarded (except Linux/2019) in the new portal?
In terms of AV (in the classic sense) I can also seek to install the Anti-malware extension in the Azure Portal Security Center by installing "endpoint protection solution on virtual machines". Which in turn installs the Microsoft Antimalware extension to supported Windows OS?
Finally, my Linux nodes in the new ATP (Microsoft Defender) portal, I presume that's about as protected as I can get in terms of 'anti-virus' protection once I on-board them?
Much appreciated.
- Hi
You are correct, if you have Azure Defender Enabled, they will automatically all be licensed for MDE. Alll but 2019/Linux will be onboarded automatically
You are correct that you can use the anti-malware extensions. It does pratically the same. From within the security center, in Threat & Vulnerability Management you can see if they have AV enabled
If your Linux is in security center, that's all good. Just make sure EDR is enabled for them as well: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/edr-for-linux-is-now-generally-available/ba-p/2048539- Hello guys,
how to assign defender licenses for windows server 2016/2019 ?
