Forum Discussion
Server 2012R2 and Server 2016 not reporting WDATP sensor data
Dave Elerick This functionality is a part of the Threat & Vulnerability Management feature.
Currently, only Windows 10/2019/1903 are supported. I'm led to believe the functionality will be backported into 2012R2/2016 at some point in the future
Dave Elerick This functionality is a part of the Threat & Vulnerability Management feature.
Currently, only Windows 10/2019/1903 are supported. I'm led to believe the functionality will be backported into 2012R2/2016 at some point in the future
Ok DannyC_Gamma , I understand. I guess that MSFT was a bit confusing then with their information and tools. Why would one even want to on-board 2012/2016 servers at this time then? They offer the tool (MMA agent). The current info and tools available on their on-boarding page would make sense if they plan to back-port that functionality, at least to 2016 given Defender is baked in. Odd, but now explainable. Thank you very much.
Just wondering if you have checked the ASC functionality for Server is not what you are looking for?
As far as I know WDATP is focused on Endpoint and when you install MMA on a Server, that ends up reporting to ASC for the three main panels (Compliance, Hygene and Threat Protection).
You will still benefit from the EDR side of it - but all the "other stuff" should be available in ASC, not WDATP.
I understand, but it looks like ASC is at additional cost correct? Right now we have O365 E5/EMS+E5/WDATP purchased. The WDATP Dashboard indicates yes, you can on-board systems via ASC or WDATP directly. When 2012R2/2016 is selected, it gives those two options. While I understand the function of ASC, it seems like the information is confusing as to how much of the WDATP you get with 2012R2/2016 servers. This is prelim work, as we are slated to have FastTrack services engaged in the coming month or so.
- I'm probably not the best person to answer, but AFAIK yes - ASC and WDATP have separate costs.
ASC charges you either consumption based (GB/Day which is the model Microsoft is unifying on) or node based (which is from the OMS days with Security & Compliance Tile, which I loved but I believe sadly we are losing).
WDATP charges you per Identity I believe.
- You still benefit from the EDR functionality so still very much worth deploying across your server estate, in my opinion. The Threat & Vulnerability stuff wasn't part of the original functionality and was seen as being very much a bonus for us.
I will agree that information wasn't great. Also, I seem to recall that, going back to late last year, the MMA wasn't required for 2016 Server. Shows that Microsoft are moving quickly with this product - the evolution has been fairly rapid.This is good info, I really appreciate your reply and your point on the EDR does make sense. Thanks again.
