Forum Discussion

fatshark_2k's avatar
fatshark_2k
Brass Contributor
Mar 04, 2022

Defender for Server

We are on the verge of starting a PoC with Defender for Server. I know of this wel written blog but this blog raises some questions (https://techcommunity.microsoft.com/t5/microsoft-defender-for-clo...
fatshark_2k's avatar
fatshark_2k
Brass Contributor
Mar 07, 2022

StanislavBelov, Thank you so much for your response and information, this will help me and customer to make a decission of which managment method we are going to PoC.

Question that raises to my head is (4) 'Attack surface reduction' is not possible with the new MEM Security Management for MDE. How can we deploy such policies to Servers , does this mean we use GPO for ASR and we can use MEM policies for EDR and Defender AV ?

And (5) is there a table or overview which policies can and cannot be deployed by MEM to Servers ? Like for example Controlled Folder Access , Exploit Protection, Network Protection ?

And serious last question (6) for network protection we have switches 'AllowNetworkProtectionOnWinServer' and 'AllowNetworkProtectionDownLevel' what are those for and does 1 mean ENABLE and can we put there in AUDIT mode too and how?

yongrheemsft's avatar
yongrheemsft
Icon for Microsoft rankMicrosoft
Mar 07, 2022
Q: (6) for network protection we have switches 'AllowNetworkProtectionOnWinServer' and 'AllowNetworkProtectionDownLevel' what are those for and does 1 mean ENABLE and can we put there in AUDIT mode too and how?

A: Please review https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide#known-issues-and-limitations-on-the-new-unified-solution-package-for-windows-server-2012-r2-and-2016

Resources