Forum Discussion

XPaulo's avatar
XPaulo
Copper Contributor
Dec 17, 2020

Microsoft Defender for Endpoint for Server isolation capability

Hello,

I've been struggling to find this information and decided to post this here.

Microsoft Defender for Endpoint (formerly MDATP) has the capability to isolate registered devices via a click in the MDATP portal.

Microsoft Defender for Endpoint is now also available for servers under the name Microsoft Defender for Endpoint for Server.

When deployed to a server do I also have the capability to isolate that endpoint (which is a Windows 2016 or Windows 2019 server) in the same way?

Does anybody know?
Thanks

P.

  • shoando Thanks for your input. OK, so 2016 needs the agent but for 2019 would it work, since AFAIU, it is native in the OS. Am I correct?

  • shoando's avatar
    shoando
    Brass Contributor

    For operating systems that use the Microsoft Monitoring Agent, isolation is not available.XPaulo 

    • XPaulo's avatar
      XPaulo
      Copper Contributor

      shoando So after some tests, you're right

      I'm able to isolate 2019 Servers just as Windows 10. There is no need to install an agent

      For Windows 2016, you need the MAM agent to get the events in your tenant.

      Even though the GUI gives you the possibility to isolate a device or run an AV scan, it does not do anything. You see the actions pending in the action center and can't even undo them (as such they remain greyed out after you clicked on them for that specific server)

       

      • Gurdev Singh's avatar
        Gurdev Singh
        Iron Contributor

        This is good information as I am struggling to find a single official Microsoft doc that states that explicitly. All Microsoft documentation talks about how EDR is possible for older server platforms 2008/2012/2016 using the MMA agent. They should really clarify that it's only Threat Detection not full EDR as no response actions possible in MMA agent.

        That would save people like us few hours of wasted time and frustration.

    • XPaulo's avatar
      XPaulo
      Copper Contributor

      shoando Thanks for your input. OK, so 2016 needs the agent but for 2019 would it work, since AFAIU, it is native in the OS. Am I correct?

Resources