In the Windows 10 Fall Creators Update, Windows Defender ATP has extended its advanced attack detection and investigation capabilities by adding platform support to include Windows Server operating systems.
A new Windows Defender ATP sensor for server monitors activities on the server endpoint and reports them to the Windows Defender ATP cloud service to detect attacker activities and enable incident response.
In some cases though, security policies may prevent servers from connecting to the internet and communicating with the service.
If your IT security policy does not allow servers on your network to connect to the Internet, they can be configured to communicate to the Windows Defender ATP cloud service without requiring internet connectivity using the OMS gateway while retaining compliance with IT security policy:
The OMS Gateway is an HTTP forward proxy that will collect data and send it to the Windows Defender ATP service on behalf of the server
Windows Defender ATP data is sent through a server that has the OMS Gateway installed on it and can access the Internet
OMS gateway efficiently transfers data from the Windows Defender ATP without analyzing any of the transferred data
See the product guides to get more information on how monitored servers can be on boarded and send data to the Windows Defender ATP service when they do not have Internet access: