Forum Discussion

Diddler431's avatar
Diddler431
Copper Contributor
Jan 12, 2026

Defender for servers (P1)

Hey guys, I enabled my Defender for cloud trial licens (P1) for my Windows servers. They are onboarded and i can see them visually in the (security.microsoft.com) EDR Portal. My enforcement sc...
Azure Defender for Servers
microsoft defender for endpoint
AladinH's avatar
AladinH
Iron Contributor
Jan 13, 2026

Hi Diddler431​,

Defender for Servers (P1) is meant to be enabled at the subscription level and managed through Defender for Cloud and Azure Policy, not Intune. When servers are onboarded to Defender for Endpoint, they appear in security.microsoft.com, but they do not automatically create Entra ID device objects - that’s expected behavior. Intune AV policies only work for client OS (Windows 10/11), so Windows Servers won’t show up in Entra or be targetable by Intune groups unless you manually register them, which Microsoft does not recommend.

Best practice is to onboard the servers to Azure Arc, which gives them an Azure resource identity and allows Defender for Cloud to enforce AV and security settings using Azure Policy. Once Arc is in place, Defender becomes the management authority (instead of “unknown”), and policies apply at the subscription or resource-group level. In short: keep Intune for endpoints, and use Defender for Cloud + Azure Arc for servers - that’s the supported and scalable model.

Resources