Forum Discussion

Ambarish Haridathan's avatar
Ambarish Haridathan
Copper Contributor
May 29, 2020

Endpoint Protection not installed on non-Azure servers

Hi all,   I've used the "Onboard servers to Security Center" with a workspace for our non Azure servers. The agent got installed successfully and could see the server on Microsoft Defender ATP as...
threat protection
Eli's avatar
Eli
Icon for Microsoft rankMicrosoft
Jun 14, 2020
Not Reporting means just that. How is the Heartbeat?
Ambarish Haridathan's avatar
Ambarish Haridathan
Copper Contributor
Jun 14, 2020

Eli I don't have much expertise on the query part, but found the query

 

Heartbeat
| where TimeGenerated > ago(1h)
 
I could see that the server in question is showing up on this list from the query
Is there anything in specific I should be looking at?
  • Eli's avatar
    Eli
    Icon for Microsoft rankMicrosoft
    Jun 15, 2020

    Ambarish Haridathan log existence by itself is not enough, you need to see that it is current (at least once a day).

    Please check this out for better troubleshooting:

    https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows-troubleshoot

     

    If further help still required and if you have Microsoft Support SR# please send it over so I can internally investigate further, else please create one and refer my name (Eli Sagie) as reference.

    • Ambarish Haridathan's avatar
      Ambarish Haridathan
      Copper Contributor
      Jun 21, 2020

      Eli I checked the troubleshooting steps from the link you shared and everything seems to be ok in terms of connectivity. I've messaged you the existing ticket I have with MS as well. Thank you

      • Ambarish Haridathan's avatar
        Ambarish Haridathan
        Copper Contributor
        Jul 12, 2020

        Eli got some updates from the Microsoft support

         

        From MS Team:

        As per our investigation and discussion with MDATP engineers. Windows Defender is compatible with Windows 10, Server 2016 and 2019 only. For Windows 2012 server. System Center Endpoint Protection(SCEP) is one of the compatible AV for Server 2012.

         

        Referred Document:

        Microsoft Defender Antivirus compatibility:

         

        https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-eu.mimecast.com%2Fs%2F0Hw9CBPKLU0EDxiv81n7%3Fdomain%3Dnam06.safelinks.protection.outlook.com&data=02%7C01%7C%7Ce73e394576224ff2c1b008d822072116%7C77062e0dc7da46b08b044c018aa88a0d%7C0%7C0%7C637296761320595657&sdata=MeARV2GngpJMZ%2BPgkGRC8D3zIIM9n40QUon5uRObLYM%3D&reserved=0

         

         

        However, I found in the link from MS that 2012 is supported 

        https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-eu.mimecast.com%2Fs%2FgmCGCwKYmckYv5tqB6Kj%3Fdomain%3Dnam06.safelinks.protection.outlook.com&data=02%7C01%7C%7Ce73e394576224ff2c1b008d822072116%7C77062e0dc7da46b08b044c018aa88a0d%7C0%7C0%7C637296761320585658&sdata=64U6BXAR9N5ahO1qRv61d4RPsWa4gSv0Rwdyxo2burY%3D&reserved=0

         

        Another engineer from Microsoft Security team confirmed the following:

        SCEP will provide all the features of MDATP. And also 2012 R2 has SCEP as its Anti Virus, Defender is just an Anti Malware Service

         

        Does it mean that I can I safely assume that I manually install the SCEP client on all Windows 2012 servers along with MMA agent and consider that it gives the same protection as Defender ATP?

         

        Also, I can assign the same hardening policies which I will be applying on other server versions for Defender ATP and will get in effect?

         

        Please advise.