Forum Discussion

subhashPonmala's avatar
subhashPonmala
Copper Contributor
Nov 25, 2024

Need help to finalize the approach and deployment plan for one of the case study

Planning the deployment of Microsoft Defender for Server in a Diverse Server Landscape

Planning and deploying Microsoft Defender for Server for a customer with a complex server environment consisting of:

  • 10 Windows Servers (both on-premise and hosted with Azure)
  • 10 Linux Servers (both on-premise and hosted with Azure)
  • 5 Windows Servers hosted on AWS
  • 5 Linux Servers hosted on AWS
  • A subset of Linux servers without internet connectivity

Scenario:

The customer's primary concern is ensuring comprehensive protection across all environments while minimizing disruption to their business operations. They aim to implement Microsoft Defender for Server as their unified security solution replacing their existing Trellix. The customer requires insights into the capabilities, considerations, limitations, and steps involved in successfully deploying the solution across this diverse landscape. Your plan should detail the capabilities and limitations of Defender for Server in addressing the security needs of these environments. Key considerations include ensuring unified security coverage across all platforms, overcoming connectivity challenges, and addressing the limitations of AWS-hosted servers. The approach should involve defining prerequisites, Commercials impact, minimizing business impact, coordinating team participation from the customer’s side, and establishing a realistic time frame for onboarding all 30 servers. The goal is to deliver a comprehensive, strategic plan that ensures minimal disruption and optimal security for the customer’s infrastructure.

Additionally wants to know how to address the below challenges customer encountered during earlier POC:

  • In the event of troubleshooting where we need to narrow down issue is not happening due to Defender policies, what is the approach to be taken to disable for the policies till troubleshooting completes
  • How to ensure that any newly build custom applications are not considered as PUA/PUP by Defender
  • How to Ensure that full scan/ scheduled scan doesn’t impact the performance
  • How to monitor for any activities being blocked by Smartscreen policies

 

 

1 Reply

  • TSaLx's avatar
    TSaLx
    Copper Contributor
    • In the event of troubleshooting where we need to narrow down issue is not happening due to Defender policies, what is the approach to be taken to disable for the policies till troubleshooting completes ---- MDEanalyzer
    • How to ensure that any newly build custom applications are not considered as PUA/PUP by Defender ---- Sign your Code, Submit your file to Microsoft
    • How to Ensure that full scan/ scheduled scan doesn’t impact the performance ----- never do full scan
    • How to monitor for any activities being blocked by Smartscreen policies ----- KQL

     

Resources