Home
%3CLINGO-SUB%20id%3D%22lingo-sub-267114%22%20slang%3D%22en-US%22%3EProtecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-267114%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EWindows%20Defender%20Advanced%20Threat%20Protection%20(%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2FWindowsForBusiness%2Fwindows-atp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EWindows%20Defender%20ATP%3C%2FA%3E)%20is%20a%20unified%20security%20platform%20that%20covers%20endpoint%20protection%20platform%20(EPP)%20and%20endpoint%20detection%20and%20response%20(EDR).%20Initially%20we%20released%20the%20product%20for%20Windows%2010%20only%2C%20but%20customers%20have%20asked%20for%20support%20on%20other%20platforms%2C%20Windows%20Server%20in%20particular.%20This%20year%2C%20we've%20made%20Windows%20Defender%20ATP%20available%20to%20Windows%207%20and%20Windows%208.1%20clients%2C%20as%20well%20as%20macOS%2C%20Linux%2C%20and%20Windows%20Server.%20As%20we%20continue%20engineering%20a%20unified%20security%20platform%2C%20you%20will%20see%20a%20more%20seamless%20approach%20across%20platforms.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EThis%20blog%20is%20for%20enterprise%20customers%20who%20want%20to%20use%20the%20Windows%20Defender%20ATP%20platform%20on%20Windows%20Server%20and%20need%20practical%20guidance%20on%20what%20needs%20to%20be%20in%20place%20for%20licensing%20and%20infrastructure.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F55537iAF9CF709D7E1E454%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Screen%20Shot%202018-10-04%20at%2021.54.05.png%22%20title%3D%22Screen%20Shot%202018-10-04%20at%2021.54.05.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3CEM%3E%3CSPAN%3EImage%3A%20Windows%20Server%202016%20onboarded%20to%20Windows%20Defender%20ATP%26nbsp%3B%3C%2FSPAN%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EThe%20Microsoft-recommended%20configuration%20%3C%2FSPAN%3E%3CSPAN%3Efor%20%3C%2FSPAN%3Ethe%20best%20security%20is%20staying%20current%20with%20Windows.%26nbsp%3BWhile%20we%20provide%20support%20for%20previous%20versions%20of%20Windows%2C%20the%20latest%20releases%20provide%20superior%26nbsp%3Bsecurity%20capabilities.%26nbsp%3B%3CSPAN%3EIf%20you%20are%20running%20previous%20versions%20of%20Windows%2C%20one%20of%20the%20most%20important%20things%20you%20can%20be%20doing%20is%20getting%20a%20plan%20to%20update%20your%20Windows%20environment.%20%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EEndpoint%20protection%20platform%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EThe%20endpoint%20protection%20platform%20(EPP)%20of%20Windows%20Defender%20ATP%20includes%20two%20capabilities%3A%20(1)%20Attack%20surface%20reduction%20(ASR)%2C%20which%20helps%20seal%20the%20available%20attack%20surface%20that%20can%20be%20leveraged%20by%20threat%20actors%20as%20much%20as%20possible%2C%20and%20(2)%20Next%20generation%20protection%20(NGP)%2C%20which%20is%20a%20cloud-powered%20antivirus%20solution.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EAttack%20surface%20reduction%20is%20a%20set%20of%20capabilities%20that%20helps%20organizations%20reduce%20the%20available%20attack%20surface.%20The%20technologies%20that%20power%20ASR%20are%20network%20protection%2C%20exploit%20protection%2C%20controlled%20folder%20access%2C%20and%20ASR%20rules.%20ASR%20is%20available%20on%20Windows%2010%20Fall%20Creators%20Update%20or%20later%20and%20on%20Windows%20Server%201803%20and%20later.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20width%3D%22619%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22137%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%3EOperating%20System%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22120%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%3ELicense%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22128%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%3EDeployment%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22131%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%3EConfiguration%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%3EReporting%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22137%22%3E%3CP%3E%3CSPAN%3EWindows%2010%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22120%22%3E%3CP%3E%3CSPAN%3EWindows%20E5%20or%20Microsoft%20365%20Enterprise%20E5%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22128%22%3E%3CP%3E%3CSPAN%3EASR%20relies%20on%20Windows%20Defender%20Antivirus%2C%20which%20is%20built-in%20and%20requires%20no%20agent%20installation%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22131%22%3E%3CP%3E%3CSPAN%3EIf%20licensed%2C%20through%20Microsoft%20Intune%20or%20System%20Center%20Configuration%20Manager.%20Alternatively%2C%20PowerShell%20or%20Group%20Policies.%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSPAN%3EWindows%20Defender%20Security%20Center%2C%20%3C%2FSPAN%3E%3CSPAN%3Eor%20if%20licensed%20System%20Center%20Configuration%20Manager%20or%20Microsoft%20Intune%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22137%22%3E%3CP%3E%3CSPAN%3EWindows%20Server%201803%2C%20Windows%20Server%202019%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22120%22%3E%3CP%3E%3CSPAN%3EAzure%20Security%20Center%20Pay-As-You-Go%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22128%22%3E%3CP%3E%3CSPAN%3EASR%20relies%20on%20Windows%20Defender%20Antivirus%2C%20which%20is%20built-in%20and%20requires%20no%20agent%20installation%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22131%22%3E%3CP%3E%3CSPAN%3EIf%20licensed%2C%20through%20System%20Center%20Configuration%20Manager.%20Alternatively%2C%20PowerShell%20or%20Group%20Policies.%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSPAN%3EWindows%20Defender%20Security%20Center%2C%20%3C%2FSPAN%3E%3CSPAN%3Eor%20if%20licensed%20System%20Center%20Configuration%20Manager%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EWindows%20Defender%26nbsp%3BAntivirus%20is%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Bavailable%20to%20enterprise%20customers%20starting%20with%20Windows%2010%20Anniversary%20Update%20%3C%2FSPAN%3E%3CSPAN%3Eand%20Windows%20Server%202016.%20Previous%20versions%20of%20Windows%20and%20Windows%20Server%20%3C%2FSPAN%3E%3CSPAN%3Econtinue%20to%20leverage%20%3C%2FSPAN%3E%3CSPAN%3ESystem%20Center%20Endpoint%20Protection.%20The%20%3C%2FSPAN%3E%3CSPAN%3Efollowing%20table%20has%20information%20about%20Windows%20Defender%20Antivirus%20on%20different%20Windows%20versions%20and%20Windows%20Server%20versions%20on-premises%2C%20on%20Azure%2C%20or%20on%20third-party%20cloud%20service.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CTABLE%20width%3D%22647%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2297%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%3EOperating%20System%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%3ELicense%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%3EDeployment%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22168%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%3EConfiguration%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22175%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%3EReporting%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2297%22%3E%3CP%3E%3CSPAN%3EWindows%2010%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSPAN%3ENo%20additional%20license%20required%20to%20use%20Windows%20Defender%20Antivirus%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSPAN%3EWindows%20Defender%20Antivirus%20is%20built-in%20and%20requires%20no%20agent%20installation%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22168%22%3E%3CP%3E%3CSPAN%3EIf%20licensed%2C%20through%20Microsoft%20Intune%20or%20System%20Center%20Configuration%20Manager.%20Alternatively%2C%20Group%20Policies%20or%20PowerShell.%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22175%22%3E%3CP%3E%3CSPAN%3EIf%20licensed%3C%2FSPAN%3E%3CSPAN%3E%2C%20through%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3BWindows%20Defender%20Security%20Center%2C%20System%20Center%20Configuration%20Manager%20or%20Microsoft%20Intune%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2297%22%3E%3CP%3E%3CSPAN%3EWindows%208.1%20and%20Windows%207%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSPAN%3ESystem%20Center%20Configuration%20Manager%20with%20System%20Center%20Endpoint%20Protection%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSPAN%3ESystem%20Center%20Endpoint%20Protection%20agent%20can%20be%20deployed%20through%20System%20Center%20Configuration%20Manager%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22168%22%3E%3CP%3E%3CSPAN%3ESystem%20Center%20Configuration%20Manager%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22175%22%3E%3CP%3E%3CSPAN%3EIf%20licensed%2C%20through%20Windows%20Defender%20Security%20Center%20or%20System%20Center%20Configuration%20Manager%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2297%22%3E%3CP%3E%3CSPAN%3EWindows%20Server%201803%2C%20Windows%20Server%202019%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSPAN%3ENo%20additional%20license%20required%20to%20use%20Windows%20Defender%20Antivirus%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSPAN%3EWindows%20Defender%20Antivirus%20is%20built-in%20and%20requires%20no%20agent%20installation%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22168%22%3E%3CP%3E%3CSPAN%3EIf%20licensed%2C%20through%20System%20Center%20Configuration%20Manager.%20Alternatively%2C%20Group%20Policies%20or%20PowerShell.%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22175%22%3E%3CP%3E%3CSPAN%3EIf%20licensed%2C%20through%20Windows%20Defender%20Security%20Center%20or%20System%20Center%20Configuration%20Manager%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2297%22%3E%3CP%3E%3CSPAN%3EWindows%20Server%202016%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSPAN%3ENo%20additional%20license%20required%20to%20use%20Windows%20Defender%20Antivirus%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSPAN%3EWindows%20Defender%20Antivirus%20is%20built-in%20and%20requires%20no%20agent%20installation%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22168%22%3E%3CP%3E%3CSPAN%3EIf%20licensed%2C%20through%20System%20Center%20Configuration%20Manager.%20Alternatively%2C%20Group%20Policies%20or%20PowerShell.%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22175%22%3E%3CP%3E%3CSPAN%3EIf%20licensed%2C%20Windows%20Defender%20Security%20Center%2C%20System%20Center%20Configuration%20Manager%20or%20Azure%20Security%20Center%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2297%22%3E%3CP%3E%3CSPAN%3EWindows%20Server%202012%20R2%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSPAN%3ESystem%20Center%20Configuration%20Manager%20with%20System%20Center%20Endpoint%20Protection%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSPAN%3ESystem%20Center%20Endpoint%20Protection%20agent%20can%20be%20deployed%20with%20System%20Center%20Configuration%20Manager%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22168%22%3E%3CP%3E%3CSPAN%3ESystem%20Center%20Configuration%20Manager%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22175%22%3E%3CP%3E%3CSPAN%3ESystem%20Center%20Configuration%20Manager%20or%20if%20licensed%2C%20through%20Windows%20Defender%20Security%20Center%20or%20Azure%20Security%20Center%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2297%22%3E%3CP%3E%3CSPAN%3EWindows%20Server%202012%2C%20Windows%20Server%202008%20R2%2C%20Windows%20Server%202008%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSPAN%3E%26nbsp%3BSystem%20Center%20Configuration%20Manager%20with%20System%20Center%20Endpoint%20Protection%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E%3CSPAN%3ESystem%20Center%20Endpoint%20Protection%20agent%20can%20be%20deployed%20with%20System%20Center%20Configuration%20Manager%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22168%22%3E%3CP%3E%3CSPAN%3ESystem%20Center%20Configuration%20Manager%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22175%22%3E%3CP%3E%3CSPAN%3ESystem%20Center%20Configuration%20Manager%20or%20if%20licensed%2C%20through%20Azure%20Security%20Center%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%3CEM%3E(Windows%20Defender%20Security%20Center%20is%20the%20web%20portal%20available%20for%20Windows%20Defender%20ATP%20customers%20(requires%20Windows%20E5%20or%20Microsoft%20365%20Enterprise%20E5)%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EIn%20addition%20to%20Windows%20Defender%20Antivirus%20and%20System%20Center%20Endpoint%20Protection%2C%20enterprise%20customers%20can%20use%20Microsoft%20Antimalware%20for%20Azure%20for%20virtual%20machines%20that%20are%20hosted%20on%20Microsoft%20Azure.%20Note%20that%20If%20you%20are%20a%20Windows%20Defender%20ATP%20customer%20you%20should%20assess%20which%20Antivirus%20solution%20best%20fits%20your%20needs.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%3ESupporting%20Documentation%3A%20%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-atp%2Fconfigure-attack-surface-reduction%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EConfigure%20Attack%20Surface%20Reduction%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-antivirus%2Fconfigure-windows-defender-antivirus-features%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EConfigure%20Next%20Generation%20Protection%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-exploit-guard%2Fwindows-defender-exploit-guard%23requirements%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAttack%20Surface%20Reduction%20Requirements%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EEndpoint%20detection%20and%20response%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EEndpoint%20detection%20and%20response%20(EDR)%20capabilities%20in%20Windows%20Defender%20ATP%20were%20first%20available%20to%20enterprise%20customers%20as%20a%20built-in%20solution%20starting%20with%20Windows%2010%20%3C%2FSPAN%3E%3CSPAN%3EAnniversary%20Update%20and%20Windows%20Server%201803%2C%20but%20these%20capabilities%20have%20since%20expanded%20to%20support%20previous%20versions%20of%20Windows%20and%20Windows%20Server.%20The%20%3C%2FSPAN%3E%3CSPAN%3Efollowing%20table%20has%20information%20about%20Windows%20Defender%20ATP%20on%20different%20Windows%20versions%20and%20Windows%20Server%20versions%20on-premises%2C%20on%20Azure%2C%20or%20on%20third-party%20cloud%20service.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20width%3D%22635%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22131%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%3EOperating%20System%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22116%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%3ELicense%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%3EDeployment%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22142%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%3EConfiguration%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22122%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%3EReporting%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22131%22%3E%3CP%3E%3CSPAN%3EWindows%2010%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22116%22%3E%3CP%3E%3CSPAN%3EWindows%20E5%20or%20Microsoft%20365%20Enterprise%20E5%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3E%3CSPAN%3EWindows%20Defender%20ATP%20is%20built-in%20to%20the%20operating%20system%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22142%22%3E%3CP%3E%3CSPAN%3ELocal%20script%2C%20Group%20Policies%2C%20System%20Center%20Configuration%20Manager%2C%20or%20Microsoft%20Intune%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22122%22%3E%3CP%3E%3CSPAN%3EWindows%20Defender%20Security%20Center%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22131%22%3E%3CP%3E%3CSPAN%3EWindows%208.1%20and%20Windows%207%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22116%22%3E%3CP%3E%3CSPAN%3EWindows%20E5%20or%20Microsoft%20365%20Enterprise%20E5%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3E%3CSPAN%3EWindows%20Defender%20ATP%20on%20legacy%20operating%20system%20requires%20installation%20of%20an%20agent%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22142%22%3E%3CP%3E%3CSPAN%3EAgent%20deployment%20can%20be%20through%20any%20preferred%20deployment%20method%20such%20as%20System%20Center%20Configuration%20Manager%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22122%22%3E%3CP%3E%3CSPAN%3EWindows%20Defender%20Security%20Center%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22131%22%3E%3CP%3E%3CSPAN%3EWindows%20Server%201803%2C%20Windows%20Server%202019%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22116%22%3E%3CP%3E%3CSPAN%3EAzure%20Security%20Center%20Pay-As-You-Go%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3E%3CSPAN%3EWindows%20Defender%20ATP%20is%20built-in%20to%20the%20operating%20system%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22142%22%3E%3CP%3E%3CSPAN%3ELocal%20script%2C%20group%20policies%20and%2C%20if%20licensed%2C%20through%20System%20Center%20Configuration%20Manager%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22122%22%3E%3CP%3E%3CSPAN%3EWindows%20Defender%20Security%20Center%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22131%22%3E%3CP%3E%3CSPAN%3EWindows%20Server%202016%2C%20Windows%20Server%202012%20R2%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22116%22%3E%3CP%3E%3CSPAN%3EAzure%20Security%20Center%20Pay-As-You-Go%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3E%3CSPAN%3EWindows%20Defender%20ATP%20on%20legacy%20operating%20system%20requires%20installation%20of%20an%20agent%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22142%22%3E%3CP%3E%3CSPAN%3EAgent%20deployment%20can%20be%20through%20any%20preferred%20deployment%20method%20such%20as%20System%20Center%20Configuration%20Manager%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22122%22%3E%3CP%3E%3CSPAN%3EWindows%20Defender%20Security%20Center%20and%20Azure%20Security%20Center%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ESupport%20for%20Windows%20Server%202019%20and%20Windows%20Server%201803%20is%20currently%20in%20public%20preview%20for%20Windows%20Defender%20ATP.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%3ESupporting%20Documentation%3A%20%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-atp%2Flicensing-windows-defender-advanced-threat-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EValidate%20licensing%20provisioning%20and%20complete%20set%20up%20for%20Windows%20Defender%20ATP%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-atp%2Fonboard-configure-windows-defender-advanced-threat-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EOnboard%20machines%20to%20the%20Windows%20Defender%20ATP%20service%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-atp%2Fconfigure-server-endpoints-windows-defender-advanced-threat-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EOnboard%20servers%20to%20the%20Windows%20Defender%20ATP%20service%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-wdatp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EWindows%20Defender%20Advanced%20Threat%20Protection%20(ATP)%20with%20Azure%20Security%20Center%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fsccm%2Fcore%2Fplan-design%2Fconfigs%2Fsupported-operating-systems-for-clients-and-devices%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESupported%20OS%20versions%20for%20clients%20and%20devices%20for%20Configuration%20Manager%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWindows%20Defender%20ATP%20unified%20endpoint%20security%20platform%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EWindows%20Defender%20ATP%20is%20a%20unified%20platform%20that%20helps%20keep%20your%20business%20data%20and%20users%20safe%20from%20advanced%20attacks.%20And%20with%20expanded%20support%20for%20Windows%20Server%2C%20previous%20versions%20of%20Windows%2C%20and%20additional%20client%20hardware%2C%20you%20can%20protect%20a%20wider%20array%20of%20devices%2C%20servers%2C%20and%20endpoints.%20Your%20feedback%20is%20important%20to%20us%20as%20we%20continue%20to%20make%20improvements%20to%20Windows%20Defender%20ATP.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20937px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F55539i467D9A8C7674CE11%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22WDATP.png%22%20title%3D%22WDATP.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-267114%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Emilad.aslaner%40microsoft.com%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-323493%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-323493%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CSPAN%20class%3D%22UserName%20lia-user-name%20lia-user-rank-Occasional-Visitor%20lia-component-message-view-widget-author-username%22%3E%3CSPAN%20class%3D%22%22%3E%3CA%20id%3D%22link_44%22%20class%3D%22lia-link-navigation%20lia-page-link%20lia-user-name-link%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F260653%22%20target%3D%22_self%22%3ED8234842%3C%2FA%3E%2C%20the%20licensing%20model%20for%20Windows%20Defender%20ATP%20EDR%20on%20Server%20is%20through%20Azure%20Security%20Center.%20For%20the%20successful%20on-boarding%20you%20will%20want%20to%20ensure%20that%20the%20servers%20are%20first%20added%20to%20Azure%20Security%20Center%20and%20have%20the%20integration%20between%20Azure%20Security%20Center%20and%20Windows%20Defender%20ATP%20enabled.%20If%20that's%20the%20case%20all%20your%20Servers%20in%20Azure%20Security%20Center%20will%20automatically%20show%20up%20in%20the%20Windows%20Defender%20Security%20Center.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-309206%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-309206%22%20slang%3D%22en-US%22%3EEDR%20for%20Server%202012%2F2016%20and%20EPP%20for%20Server%202019%20states%20that%20%22Azure%20Security%20Center%20Pay-As-You-Go%22%20license%20is%20required.%20The%20onboarding%20instructions%20for%20WDATP%20state%20Install%20the%20MMA%20and%20configured%20it%20for%20the%20Defender%20Workspace%20ID.%20If%20you%20attempt%20to%20onboard%20to%20Azure%20Security%20Center%20you%20receive%20a%20separate%20Workspace%20ID.%20We%20want%20all%20of%20our%20devices%20to%20be%20managed%20from%20the%20%22Windows%20Defender%20Security%20Center%22%20as%20the%20WDATP%20technical%20instructions%20specify.%20In%20this%20case%20what%20license%20is%20required%20as%20the%20device%20does%20not%20appear%20in%20the%20Azure%20Security%20Center%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-298932%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298932%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EN%C3%A3o%20deixe%20a%20diversidade%20se%20transformar%20em%20adversidade%20porque%20a%20tecnologia%20j%C3%A1%20%C3%A9%20a%20diferen%C3%A7a%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-298926%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298926%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3Esaber%20lidar%20com%20a%20diversidade%2C%20n%C3%A3o%20%C3%A9%20aceitar%20as%20diferen%C3%A7as%2C%20%C3%A9%20estar%20apto%20e%20seguro%20de%20si%20proprio%20e%20saber%20deixar%20as%20pessoas%20livres%20dentro%20da%20tecnologia%20porque%20l%C3%A1%20e%20onde%20a%20muita%20diversidade%20de%20generos%20de%20varios%20modos%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-272088%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-272088%22%20slang%3D%22en-US%22%3ECertainly%20something%20we%20started%20to%20discuss%20between%20the%20Azure%20Security%20Center%20and%20Windows%20Defender%20ATP%20team.%20For%20now%20you%20want%20to%20make%20sure%20you%20look%20for%20WDATP%20when%20it%20comes%20to%20endpoint%20and%20ASC%20for%20server%20security%20recommendation.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-272087%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-272087%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20suggestion%20Susan.%20I%20will%20defiantly%20pass%20it%20to%20my%20colleague%20who%20is%20responsible%20for%20threat%20analytics.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-268714%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268714%22%20slang%3D%22en-US%22%3E%3CP%3EA%20couple%20of%20questions%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EAbout%20the%20Secure%20Socore%20in%20Windows%20Defender%20ATP%20(securitycenter.windows.com).%20The%20Security%20Controls%20(EDR%2C%20Antivirus%2C%20OS%20Security%20Updates%2C%20Exploint%20Guard%2C%20etc)%20currently%20applied%20to%20Windows%2010%20machines.%20Will%20those%20controles%20also%20apply%20for%20Windows%20Server%20Machines%3F%20(I've%20attached%20a%20screenshot%20of%20the%20controls%20to%20clarify.)%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3ENow%20Azure%20Security%20Center%20has%20it's%20own%20Secure%20Score%2C%20with%20recommanations%20for%20Virtual%20Machines%20(ex%3A%20Apply%20disk%20encryption%2C%20Install%20endpoint%20protection%2C%20etc).%20If%20I%20have%20a%20Windows%20Server%20Machine%20with%20WDATP%20for%20Server%20and%20also%20onboarded%20on%26nbsp%3BAzure%20Security%20Center%2C%20will%20I%20have%20to%20check%20out%20both%26nbsp%3B%3CSPAN%3Esecuritycenter.windows.com%20and%20Azure%20Security%20Center%20for%20Score%20%2F%20Security%20Controles%20%2F%20Recommanations%3F%3C%2FSPAN%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-268530%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268530%22%20slang%3D%22en-US%22%3E%3CP%3EAlerts%20I%20get%2C%20I%20want%20to%20get%20notified%20when%20there%20are%20new%20threat%20analytics%20posted%20to%20the%20console.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-268527%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268527%22%20slang%3D%22en-US%22%3E%3CP%3EHi!%20Happy%20to%20help.%20Both%20Windows%20Defender%20ATP%20and%20Azure%20Security%20Center%20can%20send%20email%20notifications%20when%20new%20stuff%20happens.%20Check%20out%3A%20(WDATP)%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-atp%2Fconfigure-email-notifications-windows-defender-advanced-threat-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-atp%2Fconfigure-email-notifications-windows-defender-advanced-threat-protection%3C%2FA%3E%20and%20(ASC)%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fblogs.msdn.microsoft.com%2Fazuresecurity%2F2016%2F11%2F22%2Ftip-of-the-day-azure-security-center-email-alerts%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.msdn.microsoft.com%2Fazuresecurity%2F2016%2F11%2F22%2Ftip-of-the-day-azure-security-center-email-alerts%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-268378%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268378%22%20slang%3D%22en-US%22%3E%3CP%3EPardon%20for%20the%20additional%20question%2C%20is%20the%20threat%20console%20information%20available%20outside%20of%20the%20security%20center%2C%20or%20is%20there%20a%20way%20to%20get%20alerted%20when%20a%20new%20post%20goes%20up%3F%26nbsp%3B%20Also%20can%20one%20share%20this%20data%20with%20other%20team%20members%2Fpeople%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-268116%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268116%22%20slang%3D%22en-US%22%3E%3CP%3EHi!%26nbsp%3BIt%20is%20the%20same%20console%20securitycenter.windows.com.%20Once%20Azure%20Security%20Center%20support%20this%20Server%20build%20it%20will%20be%20the%20same%20reporting%20story%20like%20other%20versions.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-268050%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268050%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20is%20the%20Server%202019%20ATP%20in%20a%20different%20console%20than%20the%20workstations%20console%3F%20%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsecuritycenter.windows.com%2Fdashboard%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsecuritycenter.windows.com%2Fdashboard%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-651967%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-651967%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F69202%22%20target%3D%22_blank%22%3E%40Milad%20Aslaner%3C%2FA%3E%26nbsp%3Bthank%20you.%20%26nbsp%3BI%20am%20still%20a%20little%20unclear%20about%20which%20workspace%20ID%20to%20install%20MMA%20to.%20%26nbsp%3BI%20already%20have%20servers%20with%20the%20OMS%20agent%20(now%20MMA)%20installed%20using%20my%20log%20analytics%20workspace%20ID.%20%26nbsp%3BHow%20do%20I%20onboard%20these%20same%20servers%20to%20ATP%20now%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-713187%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-713187%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F69202%22%20target%3D%22_blank%22%3E%40Milad%20Aslaner%3C%2FA%3E%20%2C%3C%2FP%3E%3CP%3EI'm%20confused%20over%20licencing%20here%20-%20there%20is%20no%20such%20product%20as%20security%20centre%20'Pay%20as%20you%20go'%20-%20how%20is%20the%20licence%20actually%20working%20here%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20example%20if%20I%20just%20connect%20all%20my%20Azure%20servers%20to%20the%20Defender%20ATP%20workspace%20directly%20and%20don't%20use%20security%20centre%20at%20all%20-%20what%20licence%20is%20required%20for%20that%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3ERich%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-728479%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-728479%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F64296%22%20target%3D%22_blank%22%3E%40Richard%20Harrison%3C%2FA%3E%20the%20pay%20as%20you%20go%20subscription%20information%20can%20be%20found%20here%3A%26nbsp%3B%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Foffers%2Fms-azr-0003p%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fazure.microsoft.com%2Fen-us%2Foffers%2Fms-azr-0003p%2F%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERegarding%20the%20second%20part%20of%20your%20question...%20to%20be%20compliant%20with%20MDATP%20licensing%20for%20servers%2C%20each%20server%20needs%20to%20have%20an%20Azure%20Security%20Center%20Standard%20(per%20node)%20license.%20There%20are%20two%20ways%20to%20license%20ASC%3A%20Pay-as-you-go%20or%20ASC%20reservations.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-728612%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-728612%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F111421%22%20target%3D%22_blank%22%3E%40Chris%20Jones%3C%2FA%3E-%20The%20ASC%20pay-as-you-go%20pricing%20for%20servers%20put%20MDATP%20out%20of%20reach%20for%20us%20(literally%206x%20vs.%20two%20other%20EDR%20products%20we%20had%20quoted)%2C%20but%20I%20just%20went%20looking%20for%20the%20reservations%20you%20mentioned%20and%20can't%20find%20any%20info%20in%20Azure%20portal%20or%20the%20pricing%20calculator.%26nbsp%3B%20Do%20you%20have%20a%20link%20to%20the%20ASC%20reservations%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EJoe%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-728652%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-728652%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F209082%22%20target%3D%22_blank%22%3E%40Joe%20Sanders%3C%2FA%3E%20-%26nbsp%3BI%20understand%20your%20concern%20regarding%20the%20pricing.%20I'd%20recommend%20reaching%20out%20to%20your%20Microsoft%20account%20team%20or%20reseller%20regarding%20this.%20There%20are%20benefits%20if%20you%20have%20MDATP%20client%20licensing%20that%20should%20be%20able%20to%20help%20on%20the%20server%20side%20of%20things%20from%20a%20cost%20perspective.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERegarding%20the%20reservations%2C%20it's%20really%20just%20another%20term%20for%20an%20Azure%20Monetary%20Commitment%20that%20is%20done%20through%20an%20Enterprise%20Agreement.%20If%20you%20don't%20have%20one%2C%20you%20can%20speak%20with%20someone%20about%20setting%20one%20up%20%3CA%20title%3D%22Microsoft%20Azure%20EA%22%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fpurchase-options%2Fenterprise-agreement%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-729065%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-729065%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F303781%22%20target%3D%22_blank%22%3E%40Chris_Jones%3C%2FA%3E%2C%3C%2FP%3E%3CP%3ENow%20you%20are%20making%20things%20even%20more%20confusing%20%3A-)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20on%20earth%20are%20ASC%20reservations%3F%20There%20are%20various%20things%20you%20can%20reserve%20in%20Azure%20but%20ASC%20is%20not%20one%20of%20them%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20the%20statement%20needs%20to%20be%20to%20use%20windows%20defender%20ATP%20portal%20for%20'servers'%20in%20Azure%20they%20have%20to%20attached%20to%20an%20Azure%20Security%20Centre%20standard%20subscription%20-%20as%20simple%20as%20that%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2C%3C%2FP%3E%3CP%3ERich%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Windows Defender Advanced Threat Protection (Windows Defender ATP) is a unified security platform that covers endpoint protection platform (EPP) and endpoint detection and response (EDR). Initially we released the product for Windows 10 only, but customers have asked for support on other platforms, Windows Server in particular. This year, we've made Windows Defender ATP available to Windows 7 and Windows 8.1 clients, as well as macOS, Linux, and Windows Server. As we continue engineering a unified security platform, you will see a more seamless approach across platforms.

 

This blog is for enterprise customers who want to use the Windows Defender ATP platform on Windows Server and need practical guidance on what needs to be in place for licensing and infrastructure.

 

Screen Shot 2018-10-04 at 21.54.05.png

 Image: Windows Server 2016 onboarded to Windows Defender ATP 

 

The Microsoft-recommended configuration for the best security is staying current with Windows. While we provide support for previous versions of Windows, the latest releases provide superior security capabilities. If you are running previous versions of Windows, one of the most important things you can be doing is getting a plan to update your Windows environment.  

 

Endpoint protection platform

The endpoint protection platform (EPP) of Windows Defender ATP includes two capabilities: (1) Attack surface reduction (ASR), which helps seal the available attack surface that can be leveraged by threat actors as much as possible, and (2) Next generation protection (NGP), which is a cloud-powered antivirus solution.

 

Attack surface reduction is a set of capabilities that helps organizations reduce the available attack surface. The technologies that power ASR are network protection, exploit protection, controlled folder access, and ASR rules. ASR is available on Windows 10 Fall Creators Update or later and on Windows Server 1803 and later.

 

Operating System

License

Deployment

Configuration

Reporting

Windows 10

Windows E5 or Microsoft 365 Enterprise E5

ASR relies on Windows Defender Antivirus, which is built-in and requires no agent installation

If licensed, through Microsoft Intune or System Center Configuration Manager. Alternatively, PowerShell or Group Policies.

Windows Defender Security Center, or if licensed System Center Configuration Manager or Microsoft Intune

Windows Server 1803, Windows Server 2019

Azure Security Center Pay-As-You-Go

ASR relies on Windows Defender Antivirus, which is built-in and requires no agent installation

If licensed, through System Center Configuration Manager. Alternatively, PowerShell or Group Policies.

Windows Defender Security Center, or if licensed System Center Configuration Manager

 

Windows Defender Antivirus is available to enterprise customers starting with Windows 10 Anniversary Update and Windows Server 2016. Previous versions of Windows and Windows Server continue to leverage System Center Endpoint Protection. The following table has information about Windows Defender Antivirus on different Windows versions and Windows Server versions on-premises, on Azure, or on third-party cloud service.

 

Operating System

License

Deployment

Configuration

Reporting

Windows 10

No additional license required to use Windows Defender Antivirus

Windows Defender Antivirus is built-in and requires no agent installation

If licensed, through Microsoft Intune or System Center Configuration Manager. Alternatively, Group Policies or PowerShell.

If licensed, through Windows Defender Security Center, System Center Configuration Manager or Microsoft Intune

Windows 8.1 and Windows 7

System Center Configuration Manager with System Center Endpoint Protection

System Center Endpoint Protection agent can be deployed through System Center Configuration Manager

System Center Configuration Manager

If licensed, through Windows Defender Security Center or System Center Configuration Manager

Windows Server 1803, Windows Server 2019

No additional license required to use Windows Defender Antivirus

Windows Defender Antivirus is built-in and requires no agent installation

If licensed, through System Center Configuration Manager. Alternatively, Group Policies or PowerShell.

If licensed, through Windows Defender Security Center or System Center Configuration Manager

Windows Server 2016

No additional license required to use Windows Defender Antivirus

Windows Defender Antivirus is built-in and requires no agent installation

If licensed, through System Center Configuration Manager. Alternatively, Group Policies or PowerShell.

If licensed, Windows Defender Security Center, System Center Configuration Manager or Azure Security Center

Windows Server 2012 R2

System Center Configuration Manager with System Center Endpoint Protection

System Center Endpoint Protection agent can be deployed with System Center Configuration Manager

System Center Configuration Manager

System Center Configuration Manager or if licensed, through Windows Defender Security Center or Azure Security Center

Windows Server 2012, Windows Server 2008 R2, Windows Server 2008

 System Center Configuration Manager with System Center Endpoint Protection

System Center Endpoint Protection agent can be deployed with System Center Configuration Manager

System Center Configuration Manager

System Center Configuration Manager or if licensed, through Azure Security Center

(Windows Defender Security Center is the web portal available for Windows Defender ATP customers (requires Windows E5 or Microsoft 365 Enterprise E5)

 

In addition to Windows Defender Antivirus and System Center Endpoint Protection, enterprise customers can use Microsoft Antimalware for Azure for virtual machines that are hosted on Microsoft Azure. Note that If you are a Windows Defender ATP customer you should assess which Antivirus solution best fits your needs.

 

Supporting Documentation:

 

Endpoint detection and response

Endpoint detection and response (EDR) capabilities in Windows Defender ATP were first available to enterprise customers as a built-in solution starting with Windows 10 Anniversary Update and Windows Server 1803, but these capabilities have since expanded to support previous versions of Windows and Windows Server. The following table has information about Windows Defender ATP on different Windows versions and Windows Server versions on-premises, on Azure, or on third-party cloud service.

 

Operating System

License

Deployment

Configuration

Reporting

Windows 10

Windows E5 or Microsoft 365 Enterprise E5

Windows Defender ATP is built-in to the operating system

Local script, Group Policies, System Center Configuration Manager, or Microsoft Intune

Windows Defender Security Center

Windows 8.1 and Windows 7

Windows E5 or Microsoft 365 Enterprise E5

Windows Defender ATP on legacy operating system requires installation of an agent

Agent deployment can be through any preferred deployment method such as System Center Configuration Manager

Windows Defender Security Center

Windows Server 1803, Windows Server 2019

Azure Security Center Pay-As-You-Go

Windows Defender ATP is built-in to the operating system

Local script, group policies and, if licensed, through System Center Configuration Manager

Windows Defender Security Center

Windows Server 2016, Windows Server 2012 R2

Azure Security Center Pay-As-You-Go

Windows Defender ATP on legacy operating system requires installation of an agent

Agent deployment can be through any preferred deployment method such as System Center Configuration Manager

Windows Defender Security Center and Azure Security Center

 

Support for Windows Server 2019 and Windows Server 1803 is currently in public preview for Windows Defender ATP.

 

Supporting Documentation:

 

Windows Defender ATP unified endpoint security platform

Windows Defender ATP is a unified platform that helps keep your business data and users safe from advanced attacks. And with expanded support for Windows Server, previous versions of Windows, and additional client hardware, you can protect a wider array of devices, servers, and endpoints. Your feedback is important to us as we continue to make improvements to Windows Defender ATP.

 

WDATP.png

18 Comments

So is the Server 2019 ATP in a different console than the workstations console?  https://securitycenter.windows.com/dashboard

Microsoft

Hi! It is the same console securitycenter.windows.com. Once Azure Security Center support this Server build it will be the same reporting story like other versions.

Pardon for the additional question, is the threat console information available outside of the security center, or is there a way to get alerted when a new post goes up?  Also can one share this data with other team members/people?

Microsoft

Hi! Happy to help. Both Windows Defender ATP and Azure Security Center can send email notifications when new stuff happens. Check out: (WDATP) https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-e... and (ASC) https://blogs.msdn.microsoft.com/azuresecurity/2016/11/22/tip-of-the-day-azure-security-center-email...

Alerts I get, I want to get notified when there are new threat analytics posted to the console. 

Occasional Contributor

A couple of questions:

 

  • About the Secure Socore in Windows Defender ATP (securitycenter.windows.com). The Security Controls (EDR, Antivirus, OS Security Updates, Exploint Guard, etc) currently applied to Windows 10 machines. Will those controles also apply for Windows Server Machines? (I've attached a screenshot of the controls to clarify.)

 

  • Now Azure Security Center has it's own Secure Score, with recommanations for Virtual Machines (ex: Apply disk encryption, Install endpoint protection, etc). If I have a Windows Server Machine with WDATP for Server and also onboarded on Azure Security Center, will I have to check out both securitycenter.windows.com and Azure Security Center for Score / Security Controles / Recommanations?

 

 

Microsoft

Good suggestion Susan. I will defiantly pass it to my colleague who is responsible for threat analytics.

Microsoft
Certainly something we started to discuss between the Azure Security Center and Windows Defender ATP team. For now you want to make sure you look for WDATP when it comes to endpoint and ASC for server security recommendation.
Occasional Visitor

saber lidar com a diversidade, não é aceitar as diferenças, é estar apto e seguro de si proprio e saber deixar as pessoas livres dentro da tecnologia porque lá e onde a muita diversidade de generos de varios modos

Occasional Visitor

Não deixe a diversidade se transformar em adversidade porque a tecnologia já é a diferença 

Regular Visitor
EDR for Server 2012/2016 and EPP for Server 2019 states that "Azure Security Center Pay-As-You-Go" license is required. The onboarding instructions for WDATP state Install the MMA and configured it for the Defender Workspace ID. If you attempt to onboard to Azure Security Center you receive a separate Workspace ID. We want all of our devices to be managed from the "Windows Defender Security Center" as the WDATP technical instructions specify. In this case what license is required as the device does not appear in the Azure Security Center?
Microsoft

Hi D8234842, the licensing model for Windows Defender ATP EDR on Server is through Azure Security Center. For the successful on-boarding you will want to ensure that the servers are first added to Azure Security Center and have the integration between Azure Security Center and Windows Defender ATP enabled. If that's the case all your Servers in Azure Security Center will automatically show up in the Windows Defender Security Center.

Frequent Contributor

@Milad Aslaner thank you.  I am still a little unclear about which workspace ID to install MMA to.  I already have servers with the OMS agent (now MMA) installed using my log analytics workspace ID.  How do I onboard these same servers to ATP now?

Frequent Visitor

Hi @Milad Aslaner ,

I'm confused over licencing here - there is no such product as security centre 'Pay as you go' - how is the licence actually working here?

 

For example if I just connect all my Azure servers to the Defender ATP workspace directly and don't use security centre at all - what licence is required for that?

 

Thanks,

Rich

Microsoft

@Richard Harrison the pay as you go subscription information can be found here: https://azure.microsoft.com/en-us/offers/ms-azr-0003p/

 

Regarding the second part of your question... to be compliant with MDATP licensing for servers, each server needs to have an Azure Security Center Standard (per node) license. There are two ways to license ASC: Pay-as-you-go or ASC reservations. 

Occasional Visitor

@Chris Jones- The ASC pay-as-you-go pricing for servers put MDATP out of reach for us (literally 6x vs. two other EDR products we had quoted), but I just went looking for the reservations you mentioned and can't find any info in Azure portal or the pricing calculator.  Do you have a link to the ASC reservations?

 

Thanks,

Joe

Microsoft

Hi @Joe Sanders - I understand your concern regarding the pricing. I'd recommend reaching out to your Microsoft account team or reseller regarding this. There are benefits if you have MDATP client licensing that should be able to help on the server side of things from a cost perspective.

 

Regarding the reservations, it's really just another term for an Azure Monetary Commitment that is done through an Enterprise Agreement. If you don't have one, you can speak with someone about setting one up here.

Frequent Visitor

Hi @Chris_Jones,

Now you are making things even more confusing :-)

 

What on earth are ASC reservations? There are various things you can reserve in Azure but ASC is not one of them?

 

I think the statement needs to be to use windows defender ATP portal for 'servers' in Azure they have to attached to an Azure Security Centre standard subscription - as simple as that?

 

Cheers,

Rich