Forum Discussion
Microsoft Defender for Server onbaording Best Practices
Hi nurhossainesl,
Onboarding Microsoft Defender for Servers (formerly known as Windows Defender Antivirus) and Microsoft Defender for Endpoint (MDE) in your environment is a crucial step in enhancing your server security. Here are the recommended steps to onboard MDC, MDE, and Azure Sentinel in your scenario:
1. Preparation:
- Ensure your Windows servers are up to date.
- Confirm you have the right licenses for Microsoft Defender.
2. Active Directory:
- Since your servers are in a workgroup, manage them individually.
3. Microsoft Defender for Servers (MDC):
- Uninstall any existing antivirus.
- Install Microsoft Defender for Servers.
- Configure its settings via Group Policy or PowerShell.
4. Microsoft Defender for Endpoint (MDE):
- Set up a group for your servers.
- Manually install the MDE agent on each server.
- Servers will report to Microsoft Defender Security Center.
5. Azure Sentinel Integration:
- Set up Azure Sentinel in your Azure subscription.
- Configure data connectors to collect security data.
- Create custom detection rules and workbooks.
- Integrate it with MDE for enhanced threat intelligence.
6. Ongoing Management:
- Regularly monitor security alerts in Microsoft Defender Security Center and Azure Sentinel.
- Update security policies based on threats.
- Keep servers patched.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)