Forum Discussion
Defender for Server
MicrosoftThank you for your questions.
1. To avoid double charge in this case you need to open a support ticket as suggested in our docs: https://docs.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows#if-i-already-have-a-license-for-microsoft-defender-for-endpoint-can-i-get-a-discount-for-microsoft-defender-for-servers
2. The preferred way of onboarding on-premise servers to Defender for Cloud is by using Azure Arc. Only in this case you will get all the features provided by Defender for Servers(e.g. integration with MDE, Vuln Assessments): https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-machines?pivots=azure-arc
3. Intune/MEM is going to be a better option since it can manage MDE on all platforms unlike GPO (only domain-joined windows machines).
StanislavBelov, Thank you so much for your response and information, this will help me and customer to make a decission of which managment method we are going to PoC.
Question that raises to my head is (4) 'Attack surface reduction' is not possible with the new MEM Security Management for MDE. How can we deploy such policies to Servers , does this mean we use GPO for ASR and we can use MEM policies for EDR and Defender AV ?
And (5) is there a table or overview which policies can and cannot be deployed by MEM to Servers ? Like for example Controlled Folder Access , Exploit Protection, Network Protection ?And serious last question (6) for network protection we have switches 'AllowNetworkProtectionOnWinServer' and 'AllowNetworkProtectionDownLevel' what are those for and does 1 mean ENABLE and can we put there in AUDIT mode too and how?
yongrheemsftQ: (6) for network protection we have switches 'AllowNetworkProtectionOnWinServer' and 'AllowNetworkProtectionDownLevel' what are those for and does 1 mean ENABLE and can we put there in AUDIT mode too and how?
A: Please review https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide#known-issues-and-limitations-on-the-new-unified-solution-package-for-windows-server-2012-r2-and-2016- yongrheemsftQ: And (5) is there a table or overview which policies can and cannot be deployed by MEM to Servers ? Like for example Controlled Folder Access , Exploit Protection, Network Protection ?
A: Please keep an eye on https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/security-config-management?view=o365-worldwide#which-solution-should-i-use And re-visit monthly. Thx. - yongrheemsftRE: (4) 'Attack surface reduction' is not possible with the new MEM Security Management for MDE. How can we deploy such policies to Servers , does this mean we use GPO for ASR and we can use MEM policies for EDR and Defender AV ?
A: Keep an eye on the announcements here https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bg-p/MicrosoftDefenderATPBlog
