Forum Discussion
Defender for Servers (p1 and p2) - Policies? (gpo/intune)
Hello Microsoft and Community members!
I have a very brief question after reading up on Defender for Servers (and Defender for Endpoint) learn pages after the vacations 🙂 (i notice they all had updates). However, there is still no information regarding Defender for Servers and how to manage the EDR system (policies in intunes, GPO or SCCM).
- If we enable the Defender for Servers in the Defender for Cloud plane, will all these policies (such as Antivirus, ASR and EDR) automatically be enabled? And if so, which ASR rules are in block mode, which are in audit mode - what server exclusions are on by default? (if any) etc etc.
Intune policies for MDE dont have all settings for servers, so previously we have had to manage everything through MDE onboarding and GPO's for servers (and intune for desktops). But when setting up Defender for Servers there is not a single mention about any of these settings for the EDR/Antimalware agent (ASR, Antivirus etc etc - i belive there are many tenants that have simply just enabled Defender for Servers in Defender for Cloud and are missing out on everything ASR etc - or?).
Thanks!
1 Reply
Hi john66571 , just enabling the plans is not enough; you must then deploy the policies via GPO\Intune according to your needs.
So if for example you want to enable ASR rules you'll have to make dedicated policies where you're going to define which ones to enable and in what mode (block and audit only); same thing for antivirus settings.
