Home
%3CLINGO-SUB%20id%3D%22lingo-sub-323493%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-323493%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CSPAN%20class%3D%22UserName%20lia-user-name%20lia-user-rank-Occasional-Visitor%20lia-component-message-view-widget-author-username%22%3E%3CSPAN%20class%3D%22%22%3E%3CA%20id%3D%22link_44%22%20class%3D%22lia-link-navigation%20lia-page-link%20lia-user-name-link%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F260653%22%20target%3D%22_self%22%3ED8234842%3C%2FA%3E%2C%20the%20licensing%20model%20for%20Windows%20Defender%20ATP%20EDR%20on%20Server%20is%20through%20Azure%20Security%20Center.%20For%20the%20successful%20on-boarding%20you%20will%20want%20to%20ensure%20that%20the%20servers%20are%20first%20added%20to%20Azure%20Security%20Center%20and%20have%20the%20integration%20between%20Azure%20Security%20Center%20and%20Windows%20Defender%20ATP%20enabled.%20If%20that's%20the%20case%20all%20your%20Servers%20in%20Azure%20Security%20Center%20will%20automatically%20show%20up%20in%20the%20Windows%20Defender%20Security%20Center.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-309206%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-309206%22%20slang%3D%22en-US%22%3EEDR%20for%20Server%202012%2F2016%20and%20EPP%20for%20Server%202019%20states%20that%20%22Azure%20Security%20Center%20Pay-As-You-Go%22%20license%20is%20required.%20The%20onboarding%20instructions%20for%20WDATP%20state%20Install%20the%20MMA%20and%20configured%20it%20for%20the%20Defender%20Workspace%20ID.%20If%20you%20attempt%20to%20onboard%20to%20Azure%20Security%20Center%20you%20receive%20a%20separate%20Workspace%20ID.%20We%20want%20all%20of%20our%20devices%20to%20be%20managed%20from%20the%20%22Windows%20Defender%20Security%20Center%22%20as%20the%20WDATP%20technical%20instructions%20specify.%20In%20this%20case%20what%20license%20is%20required%20as%20the%20device%20does%20not%20appear%20in%20the%20Azure%20Security%20Center%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-298932%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298932%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EN%C3%A3o%20deixe%20a%20diversidade%20se%20transformar%20em%20adversidade%20porque%20a%20tecnologia%20j%C3%A1%20%C3%A9%20a%20diferen%C3%A7a%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-298926%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298926%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3Esaber%20lidar%20com%20a%20diversidade%2C%20n%C3%A3o%20%C3%A9%20aceitar%20as%20diferen%C3%A7as%2C%20%C3%A9%20estar%20apto%20e%20seguro%20de%20si%20proprio%20e%20saber%20deixar%20as%20pessoas%20livres%20dentro%20da%20tecnologia%20porque%20l%C3%A1%20e%20onde%20a%20muita%20diversidade%20de%20generos%20de%20varios%20modos%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-272088%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-272088%22%20slang%3D%22en-US%22%3ECertainly%20something%20we%20started%20to%20discuss%20between%20the%20Azure%20Security%20Center%20and%20Windows%20Defender%20ATP%20team.%20For%20now%20you%20want%20to%20make%20sure%20you%20look%20for%20WDATP%20when%20it%20comes%20to%20endpoint%20and%20ASC%20for%20server%20security%20recommendation.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-272087%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-272087%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20suggestion%20Susan.%20I%20will%20defiantly%20pass%20it%20to%20my%20colleague%20who%20is%20responsible%20for%20threat%20analytics.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-268714%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268714%22%20slang%3D%22en-US%22%3E%3CP%3EA%20couple%20of%20questions%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EAbout%20the%20Secure%20Socore%20in%20Windows%20Defender%20ATP%20(securitycenter.windows.com).%20The%20Security%20Controls%20(EDR%2C%20Antivirus%2C%20OS%20Security%20Updates%2C%20Exploint%20Guard%2C%20etc)%20currently%20applied%20to%20Windows%2010%20machines.%20Will%20those%20controles%20also%20apply%20for%20Windows%20Server%20Machines%3F%20(I've%20attached%20a%20screenshot%20of%20the%20controls%20to%20clarify.)%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3ENow%20Azure%20Security%20Center%20has%20it's%20own%20Secure%20Score%2C%20with%20recommanations%20for%20Virtual%20Machines%20(ex%3A%20Apply%20disk%20encryption%2C%20Install%20endpoint%20protection%2C%20etc).%20If%20I%20have%20a%20Windows%20Server%20Machine%20with%20WDATP%20for%20Server%20and%20also%20onboarded%20on%26nbsp%3BAzure%20Security%20Center%2C%20will%20I%20have%20to%20check%20out%20both%26nbsp%3B%3CSPAN%3Esecuritycenter.windows.com%20and%20Azure%20Security%20Center%20for%20Score%20%2F%20Security%20Controles%20%2F%20Recommanations%3F%3C%2FSPAN%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-268530%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268530%22%20slang%3D%22en-US%22%3E%3CP%3EAlerts%20I%20get%2C%20I%20want%20to%20get%20notified%20when%20there%20are%20new%20threat%20analytics%20posted%20to%20the%20console.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-268527%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268527%22%20slang%3D%22en-US%22%3E%3CP%3EHi!%20Happy%20to%20help.%20Both%20Windows%20Defender%20ATP%20and%20Azure%20Security%20Center%20can%20send%20email%20notifications%20when%20new%20stuff%20happens.%20Check%20out%3A%20(WDATP)%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-atp%2Fconfigure-email-notifications-windows-defender-advanced-threat-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-atp%2Fconfigure-email-notifications-windows-defender-advanced-threat-protection%3C%2FA%3E%20and%20(ASC)%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fblogs.msdn.microsoft.com%2Fazuresecurity%2F2016%2F11%2F22%2Ftip-of-the-day-azure-security-center-email-alerts%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.msdn.microsoft.com%2Fazuresecurity%2F2016%2F11%2F22%2Ftip-of-the-day-azure-security-center-email-alerts%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-268378%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268378%22%20slang%3D%22en-US%22%3E%3CP%3EPardon%20for%20the%20additional%20question%2C%20is%20the%20threat%20console%20information%20available%20outside%20of%20the%20security%20center%2C%20or%20is%20there%20a%20way%20to%20get%20alerted%20when%20a%20new%20post%20goes%20up%3F%26nbsp%3B%20Also%20can%20one%20share%20this%20data%20with%20other%20team%20members%2Fpeople%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-268116%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268116%22%20slang%3D%22en-US%22%3E%3CP%3EHi!%26nbsp%3BIt%20is%20the%20same%20console%20securitycenter.windows.com.%20Once%20Azure%20Security%20Center%20support%20this%20Server%20build%20it%20will%20be%20the%20same%20reporting%20story%20like%20other%20versions.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-268050%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268050%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20is%20the%20Server%202019%20ATP%20in%20a%20different%20console%20than%20the%20workstations%20console%3F%20%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsecuritycenter.windows.com%2Fdashboard%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsecuritycenter.windows.com%2Fdashboard%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-651967%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-651967%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F69202%22%20target%3D%22_blank%22%3E%40Milad%20Aslaner%3C%2FA%3E%26nbsp%3Bthank%20you.%20%26nbsp%3BI%20am%20still%20a%20little%20unclear%20about%20which%20workspace%20ID%20to%20install%20MMA%20to.%20%26nbsp%3BI%20already%20have%20servers%20with%20the%20OMS%20agent%20(now%20MMA)%20installed%20using%20my%20log%20analytics%20workspace%20ID.%20%26nbsp%3BHow%20do%20I%20onboard%20these%20same%20servers%20to%20ATP%20now%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-713187%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-713187%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F69202%22%20target%3D%22_blank%22%3E%40Milad%20Aslaner%3C%2FA%3E%20%2C%3C%2FP%3E%3CP%3EI'm%20confused%20over%20licencing%20here%20-%20there%20is%20no%20such%20product%20as%20security%20centre%20'Pay%20as%20you%20go'%20-%20how%20is%20the%20licence%20actually%20working%20here%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20example%20if%20I%20just%20connect%20all%20my%20Azure%20servers%20to%20the%20Defender%20ATP%20workspace%20directly%20and%20don't%20use%20security%20centre%20at%20all%20-%20what%20licence%20is%20required%20for%20that%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3ERich%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-728479%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-728479%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F64296%22%20target%3D%22_blank%22%3E%40Richard%20Harrison%3C%2FA%3E%20the%20pay%20as%20you%20go%20subscription%20information%20can%20be%20found%20here%3A%26nbsp%3B%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Foffers%2Fms-azr-0003p%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fazure.microsoft.com%2Fen-us%2Foffers%2Fms-azr-0003p%2F%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERegarding%20the%20second%20part%20of%20your%20question...%20to%20be%20compliant%20with%20MDATP%20licensing%20for%20servers%2C%20each%20server%20needs%20to%20have%20an%20Azure%20Security%20Center%20Standard%20(per%20node)%20license.%20There%20are%20two%20ways%20to%20license%20ASC%3A%20Pay-as-you-go%20or%20ASC%20reservations.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-728612%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-728612%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F111421%22%20target%3D%22_blank%22%3E%40Chris%20Jones%3C%2FA%3E-%20The%20ASC%20pay-as-you-go%20pricing%20for%20servers%20put%20MDATP%20out%20of%20reach%20for%20us%20(literally%206x%20vs.%20two%20other%20EDR%20products%20we%20had%20quoted)%2C%20but%20I%20just%20went%20looking%20for%20the%20reservations%20you%20mentioned%20and%20can't%20find%20any%20info%20in%20Azure%20portal%20or%20the%20pricing%20calculator.%26nbsp%3B%20Do%20you%20have%20a%20link%20to%20the%20ASC%20reservations%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EJoe%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-728652%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-728652%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F209082%22%20target%3D%22_blank%22%3E%40Joe%20Sanders%3C%2FA%3E%20-%26nbsp%3BI%20understand%20your%20concern%20regarding%20the%20pricing.%20I'd%20recommend%20reaching%20out%20to%20your%20Microsoft%20account%20team%20or%20reseller%20regarding%20this.%20There%20are%20benefits%20if%20you%20have%20MDATP%20client%20licensing%20that%20should%20be%20able%20to%20help%20on%20the%20server%20side%20of%20things%20from%20a%20cost%20perspective.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERegarding%20the%20reservations%2C%20it's%20really%20just%20another%20term%20for%20an%20Azure%20Monetary%20Commitment%20that%20is%20done%20through%20an%20Enterprise%20Agreement.%20If%20you%20don't%20have%20one%2C%20you%20can%20speak%20with%20someone%20about%20setting%20one%20up%20%3CA%20title%3D%22Microsoft%20Azure%20EA%22%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fpurchase-options%2Fenterprise-agreement%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-729065%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-729065%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F303781%22%20target%3D%22_blank%22%3E%40Chris_Jones%3C%2FA%3E%2C%3C%2FP%3E%3CP%3ENow%20you%20are%20making%20things%20even%20more%20confusing%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20on%20earth%20are%20ASC%20reservations%3F%20There%20are%20various%20things%20you%20can%20reserve%20in%20Azure%20but%20ASC%20is%20not%20one%20of%20them%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20the%20statement%20needs%20to%20be%20to%20use%20windows%20defender%20ATP%20portal%20for%20'servers'%20in%20Azure%20they%20have%20to%20attached%20to%20an%20Azure%20Security%20Centre%20standard%20subscription%20-%20as%20simple%20as%20that%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2C%3C%2FP%3E%3CP%3ERich%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-789767%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-789767%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20I%20don't%20quite%20understand%20the%20server%20licencing%20for%20on%20premise%20servers.%20are%20they%20still%20required%20to%20have%20azure%20PAYG%3F%20They%20would%20be%20from%20versions%202008R2%20to%202019.%20Also%2C%20I%20presume%20I%20can%20deploy%20the%20agent%20manually%20or%20via%20GPO%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-267114%22%20slang%3D%22en-US%22%3EProtecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-267114%22%20slang%3D%22en-US%22%3E%3CP%3EWindows%20Defender%20Advanced%20Threat%20Protection%20(Windows%20Defender%20ATP)%20is%20a%20unified%20security%20platform%20that%20covers%20endpoint%20protection%20platform%20(EPP)%20and%20endpoint%20detection%20and%20response%20(EDR).%20Initially%20we%20released%20the%20product%20for%20Windows%2010%20only%2C%20but%20customers%20have%20asked%20for%20support%20on%20other%20platforms%2C%20Windows%20Server%20in%20particular.%20This%20year%2C%20we've%20made%20Windows%20Defender%20ATP%20available%20to%20Windows%207%20and%20Windows%208.1%20clients%2C%20as%20well%20as%20macOS%2C%20Linux%2C%20and%20Windows%20Server.%20As%20we%20continue%20engineering%20a%20unified%20security%20platform%2C%20you%20will%20see%20a%20more%20seamless%20approach%20across%20platforms.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20blog%20is%20for%20enterprise%20customers%20who%20want%20to%20use%20the%20Windows%20Defender%20ATP%20platform%20on%20Windows%20Server%20and%20need%20practical%20guidance%20on%20what%20needs%20to%20be%20in%20place%20for%20licensing%20and%20infrastructure.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3E%26nbsp%3BImage%3A%20Windows%20Server%202016%20onboarded%20to%20Windows%20Defender%20ATP%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20Microsoft-recommended%20configuration%20for%20the%20best%20security%20is%20staying%20current%20with%20Windows.%26nbsp%3BWhile%20we%20provide%20support%20for%20previous%20versions%20of%20Windows%2C%20the%20latest%20releases%20provide%20superior%26nbsp%3Bsecurity%20capabilities.%26nbsp%3BIf%20you%20are%20running%20previous%20versions%20of%20Windows%2C%20one%20of%20the%20most%20important%20things%20you%20can%20be%20doing%20is%20getting%20a%20plan%20to%20update%20your%20Windows%20environment.%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEndpoint%20protection%20platform%3C%2FP%3E%3CP%3EThe%20endpoint%20protection%20platform%20(EPP)%20of%20Windows%20Defender%20ATP%20includes%20two%20capabilities%3A%20(1)%20Attack%20surface%20reduction%20(ASR)%2C%20which%20helps%20seal%20the%20available%20attack%20surface%20that%20can%20be%20leveraged%20by%20threat%20actors%20as%20much%20as%20possible%2C%20and%20(2)%20Next%20generation%20protection%20(NGP)%2C%20which%20is%20a%20cloud-powered%20antivirus%20solution.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAttack%20surface%20reduction%20is%20a%20set%20of%20capabilities%20that%20helps%20organizations%20reduce%20the%20available%20attack%20surface.%20The%20technologies%20that%20power%20ASR%20are%20network%20protection%2C%20exploit%20protection%2C%20controlled%20folder%20access%2C%20and%20ASR%20rules.%20ASR%20is%20available%20on%20Windows%2010%20Fall%20Creators%20Update%20or%20later%20and%20on%20Windows%20Server%201803%20and%20later.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%20%3CP%3EOperating%20System%3C%2FP%3E%20%3CP%3ELicense%3C%2FP%3E%20%3CP%3EDeployment%3C%2FP%3E%20%3CP%3EConfiguration%3C%2FP%3E%20%3CP%3EReporting%3C%2FP%3E%20%3CP%3EWindows%2010%3C%2FP%3E%20%3CP%3EWindows%20E5%20or%20Microsoft%20365%20Enterprise%20E5%3C%2FP%3E%20%3CP%3EASR%20relies%20on%20Windows%20Defender%20Antivirus%2C%20which%20is%20built-in%20and%20requires%20no%20agent%20installation%3C%2FP%3E%20%3CP%3EIf%20licensed%2C%20through%20Microsoft%20Intune%20or%20System%20Center%20Configuration%20Manager.%20Alternatively%2C%20PowerShell%20or%20Group%20Policies.%3C%2FP%3E%20%3CP%3EWindows%20Defender%20Security%20Center%2C%20or%20if%20licensed%20System%20Center%20Configuration%20Manager%20or%20Microsoft%20Intune%3C%2FP%3E%20%3CP%3EWindows%20Server%201803%2C%20Windows%20Server%202019%3C%2FP%3E%20%3CP%3EAzure%20Security%20Center%20Pay-As-You-Go%3C%2FP%3E%20%3CP%3EASR%20relies%20on%20Windows%20Defender%20Antivirus%2C%20which%20is%20built-in%20and%20requires%20no%20agent%20installation%3C%2FP%3E%20%3CP%3EIf%20licensed%2C%20through%20System%20Center%20Configuration%20Manager.%20Alternatively%2C%20PowerShell%20or%20Group%20Policies.%3C%2FP%3E%20%3CP%3EWindows%20Defender%20Security%20Center%2C%20or%20if%20licensed%20System%20Center%20Configuration%20Manager%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWindows%20Defender%26nbsp%3BAntivirus%20is%26nbsp%3Bavailable%20to%20enterprise%20customers%20starting%20with%20Windows%2010%20Anniversary%20Update%20and%20Windows%20Server%202016.%20Previous%20versions%20of%20Windows%20and%20Windows%20Server%20continue%20to%20leverage%20System%20Center%20Endpoint%20Protection.%20The%20following%20table%20has%20information%20about%20Windows%20Defender%20Antivirus%20on%20different%20Windows%20versions%20and%20Windows%20Server%20versions%20on-premises%2C%20on%20Azure%2C%20or%20on%20third-party%20cloud%20service.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%20%3CP%3EOperating%20System%3C%2FP%3E%20%3CP%3ELicense%3C%2FP%3E%20%3CP%3EDeployment%3C%2FP%3E%20%3CP%3EConfiguration%3C%2FP%3E%20%3CP%3EReporting%3C%2FP%3E%20%3CP%3EWindows%2010%3C%2FP%3E%20%3CP%3ENo%20additional%20license%20required%20to%20use%20Windows%20Defender%20Antivirus%3C%2FP%3E%20%3CP%3EWindows%20Defender%20Antivirus%20is%20built-in%20and%20requires%20no%20agent%20installation%3C%2FP%3E%20%3CP%3EIf%20licensed%2C%20through%20Microsoft%20Intune%20or%20System%20Center%20Configuration%20Manager.%20Alternatively%2C%20Group%20Policies%20or%20PowerShell.%3C%2FP%3E%20%3CP%3EIf%20licensed%2C%20through%26nbsp%3BWindows%20Defender%20Security%20Center%2C%20System%20Center%20Configuration%20Manager%20or%20Microsoft%20Intune%3C%2FP%3E%20%3CP%3EWindows%208.1%20and%20Windows%207%3C%2FP%3E%20%3CP%3ESystem%20Center%20Configuration%20Manager%20with%20System%20Center%20Endpoint%20Protection%3C%2FP%3E%20%3CP%3ESystem%20Center%20Endpoint%20Protection%20agent%20can%20be%20deployed%20through%20System%20Center%20Configuration%20Manager%3C%2FP%3E%20%3CP%3ESystem%20Center%20Configuration%20Manager%3C%2FP%3E%20%3CP%3EIf%20licensed%2C%20through%20Windows%20Defender%20Security%20Center%20or%20System%20Center%20Configuration%20Manager%3C%2FP%3E%20%3CP%3EWindows%20Server%201803%2C%20Windows%20Server%202019%3C%2FP%3E%20%3CP%3ENo%20additional%20license%20required%20to%20use%20Windows%20Defender%20Antivirus%3C%2FP%3E%20%3CP%3EWindows%20Defender%20Antivirus%20is%20built-in%20and%20requires%20no%20agent%20installation%3C%2FP%3E%20%3CP%3EIf%20licensed%2C%20through%20System%20Center%20Configuration%20Manager.%20Alternatively%2C%20Group%20Policies%20or%20PowerShell.%3C%2FP%3E%20%3CP%3EIf%20licensed%2C%20through%20Windows%20Defender%20Security%20Center%20or%20System%20Center%20Configuration%20Manager%3C%2FP%3E%20%3CP%3EWindows%20Server%202016%3C%2FP%3E%20%3CP%3ENo%20additional%20license%20required%20to%20use%20Windows%20Defender%20Antivirus%3C%2FP%3E%20%3CP%3EWindows%20Defender%20Antivirus%20is%20built-in%20and%20requires%20no%20agent%20installation%3C%2FP%3E%20%3CP%3EIf%20licensed%2C%20through%20System%20Center%20Configuration%20Manager.%20Alternatively%2C%20Group%20Policies%20or%20PowerShell.%3C%2FP%3E%20%3CP%3EIf%20licensed%2C%20Windows%20Defender%20Security%20Center%2C%20System%20Center%20Configuration%20Manager%20or%20Azure%20Security%20Center%3C%2FP%3E%20%3CP%3EWindows%20Server%202012%20R2%3C%2FP%3E%20%3CP%3ESystem%20Center%20Configuration%20Manager%20with%20System%20Center%20Endpoint%20Protection%3C%2FP%3E%20%3CP%3ESystem%20Center%20Endpoint%20Protection%20agent%20can%20be%20deployed%20with%20System%20Center%20Configuration%20Manager%3C%2FP%3E%20%3CP%3ESystem%20Center%20Configuration%20Manager%3C%2FP%3E%20%3CP%3ESystem%20Center%20Configuration%20Manager%20or%20if%20licensed%2C%20through%20Windows%20Defender%20Security%20Center%20or%20Azure%20Security%20Center%3C%2FP%3E%20%3CP%3EWindows%20Server%202012%2C%20Windows%20Server%202008%20R2%2C%20Windows%20Server%202008%3C%2FP%3E%20%3CP%3E%26nbsp%3BSystem%20Center%20Configuration%20Manager%20with%20System%20Center%20Endpoint%20Protection%3C%2FP%3E%20%3CP%3ESystem%20Center%20Endpoint%20Protection%20agent%20can%20be%20deployed%20with%20System%20Center%20Configuration%20Manager%3C%2FP%3E%20%3CP%3ESystem%20Center%20Configuration%20Manager%3C%2FP%3E%20%3CP%3ESystem%20Center%20Configuration%20Manager%20or%20if%20licensed%2C%20through%20Azure%20Security%20Center%3C%2FP%3E%3CP%3E(Windows%20Defender%20Security%20Center%20is%20the%20web%20portal%20available%20for%20Windows%20Defender%20ATP%20customers%20(requires%20Windows%20E5%20or%20Microsoft%20365%20Enterprise%20E5)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20addition%20to%20Windows%20Defender%20Antivirus%20and%20System%20Center%20Endpoint%20Protection%2C%20enterprise%20customers%20can%20use%20Microsoft%20Antimalware%20for%20Azure%20for%20virtual%20machines%20that%20are%20hosted%20on%20Microsoft%20Azure.%20Note%20that%20If%20you%20are%20a%20Windows%20Defender%20ATP%20customer%20you%20should%20assess%20which%20Antivirus%20solution%20best%20fits%20your%20needs.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESupporting%20Documentation%3A%3C%2FP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-atp%2Fconfigure-attack-surface-reduction%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EConfigure%20Attack%20Surface%20Reduction%3C%2FA%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-antivirus%2Fconfigure-windows-defender-antivirus-features%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EConfigure%20Next%20Generation%20Protection%3C%2FA%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-exploit-guard%2Fwindows-defender-exploit-guard%23requirements%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EAttack%20Surface%20Reduction%20Requirements%3C%2FA%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEndpoint%20detection%20and%20response%3C%2FP%3E%3CP%3EEndpoint%20detection%20and%20response%20(EDR)%20capabilities%20in%20Windows%20Defender%20ATP%20were%20first%20available%20to%20enterprise%20customers%20as%20a%20built-in%20solution%20starting%20with%20Windows%2010%20Anniversary%20Update%20and%20Windows%20Server%201803%2C%20but%20these%20capabilities%20have%20since%20expanded%20to%20support%20previous%20versions%20of%20Windows%20and%20Windows%20Server.%20The%20following%20table%20has%20information%20about%20Windows%20Defender%20ATP%20on%20different%20Windows%20versions%20and%20Windows%20Server%20versions%20on-premises%2C%20on%20Azure%2C%20or%20on%20third-party%20cloud%20service.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%20%3CP%3EOperating%20System%3C%2FP%3E%20%3CP%3ELicense%3C%2FP%3E%20%3CP%3EDeployment%3C%2FP%3E%20%3CP%3EConfiguration%3C%2FP%3E%20%3CP%3EReporting%3C%2FP%3E%20%3CP%3EWindows%2010%3C%2FP%3E%20%3CP%3EWindows%20E5%20or%20Microsoft%20365%20Enterprise%20E5%3C%2FP%3E%20%3CP%3EWindows%20Defender%20ATP%20is%20built-in%20to%20the%20operating%20system%3C%2FP%3E%20%3CP%3ELocal%20script%2C%20Group%20Policies%2C%20System%20Center%20Configuration%20Manager%2C%20or%20Microsoft%20Intune%3C%2FP%3E%20%3CP%3EWindows%20Defender%20Security%20Center%3C%2FP%3E%20%3CP%3EWindows%208.1%20and%20Windows%207%3C%2FP%3E%20%3CP%3EWindows%20E5%20or%20Microsoft%20365%20Enterprise%20E5%3C%2FP%3E%20%3CP%3EWindows%20Defender%20ATP%20on%20legacy%20operating%20system%20requires%20installation%20of%20an%20agent%3C%2FP%3E%20%3CP%3EAgent%20deployment%20can%20be%20through%20any%20preferred%20deployment%20method%20such%20as%20System%20Center%20Configuration%20Manager%3C%2FP%3E%20%3CP%3EWindows%20Defender%20Security%20Center%3C%2FP%3E%20%3CP%3EWindows%20Server%201803%2C%20Windows%20Server%202019%3C%2FP%3E%20%3CP%3EAzure%20Security%20Center%20Pay-As-You-Go%3C%2FP%3E%20%3CP%3EWindows%20Defender%20ATP%20is%20built-in%20to%20the%20operating%20system%3C%2FP%3E%20%3CP%3ELocal%20script%2C%20group%20policies%20and%2C%20if%20licensed%2C%20through%20System%20Center%20Configuration%20Manager%3C%2FP%3E%20%3CP%3EWindows%20Defender%20Security%20Center%3C%2FP%3E%20%3CP%3EWindows%20Server%202016%2C%20Windows%20Server%202012%20R2%3C%2FP%3E%20%3CP%3EAzure%20Security%20Center%20Pay-As-You-Go%3C%2FP%3E%20%3CP%3EWindows%20Defender%20ATP%20on%20legacy%20operating%20system%20requires%20installation%20of%20an%20agent%3C%2FP%3E%20%3CP%3EAgent%20deployment%20can%20be%20through%20any%20preferred%20deployment%20method%20such%20as%20System%20Center%20Configuration%20Manager%3C%2FP%3E%20%3CP%3EWindows%20Defender%20Security%20Center%20and%20Azure%20Security%20Center%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESupport%20for%20Windows%20Server%202019%20and%20Windows%20Server%201803%20is%20currently%20in%20public%20preview%20for%20Windows%20Defender%20ATP.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESupporting%20Documentation%3A%3C%2FP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-atp%2Flicensing-windows-defender-advanced-threat-protection%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EValidate%20licensing%20provisioning%20and%20complete%20set%20up%20for%20Windows%20Defender%20ATP%3C%2FA%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-atp%2Fonboard-configure-windows-defender-advanced-threat-protection%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EOnboard%20machines%20to%20the%20Windows%20Defender%20ATP%20service%3C%2FA%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-atp%2Fconfigure-server-endpoints-windows-defender-advanced-threat-protection%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EOnboard%20servers%20to%20the%20Windows%20Defender%20ATP%20service%3C%2FA%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-wdatp%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EWindows%20Defender%20Advanced%20Threat%20Protection%20(ATP)%20with%20Azure%20Security%20Center%3C%2FA%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fsccm%2Fcore%2Fplan-design%2Fconfigs%2Fsupported-operating-systems-for-clients-and-devices%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ESupported%20OS%20versions%20for%20clients%20and%20devices%20for%20Configuration%20Manager%3C%2FA%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWindows%20Defender%20ATP%20unified%20endpoint%20security%20platform%3C%2FP%3E%3CP%3EWindows%20Defender%20ATP%20is%20a%20unified%20platform%20that%20helps%20keep%20your%20business%20data%20and%20users%20safe%20from%20advanced%20attacks.%20And%20with%20expanded%20support%20for%20Windows%20Server%2C%20previous%20versions%20of%20Windows%2C%20and%20additional%20client%20hardware%2C%20you%20can%20protect%20a%20wider%20array%20of%20devices%2C%20servers%2C%20and%20endpoints.%20Your%20feedback%20is%20important%20to%20us%20as%20we%20continue%20to%20make%20improvements%20to%20Windows%20Defender%20ATP.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-267114%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Emilad.aslaner%40microsoft.com%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-832145%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-832145%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20is%20the%20pricing%20model%20for%20On-Prem%20Windows%20servers%20we're%20monitoring%20through%20the%20Azure%20Security%20Center%3F%20The%20pricing%20wasn't%20explained%20here%3A%26nbsp%3B%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Fazure-security-center-extends-advanced-threat-protection-to-hybrid-cloud-workloads%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Fazure-security-center-extends-advanced-threat-protection-to-hybrid-cloud-workloads%2F%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-858125%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-858125%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F303781%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%40Chris_Jones%3C%2FA%3E%3CSPAN%3E%2C%26nbsp%3B%3C%2FSPAN%3E%26amp%3B%26nbsp%3B%3CSPAN%20class%3D%22UserName%20lia-user-name%20lia-user-rank-Microsoft%20lia-component-message-view-widget-author-username%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F69202%22%20target%3D%22_self%22%3E%3CSPAN%20class%3D%22%22%3EMilad%20Aslaner%2C%3C%2FSPAN%3E%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22UserName%20lia-user-name%20lia-user-rank-Microsoft%20lia-component-message-view-widget-author-username%22%3E%3CSPAN%20class%3D%22%22%3EHas%20there%20been%20any%20clarification%20on%20the%20Licensing%20costs%20for%20running%20MDATP%20on%20Servers%20either%20onPrem%20or%20in%20AWS%20or%20Azure%3F%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22UserName%20lia-user-name%20lia-user-rank-Microsoft%20lia-component-message-view-widget-author-username%22%3E%3CSPAN%20class%3D%22%22%3EMy%20simple%20take%20on%20this%20discussion%20is%20that%20they%20need%20to%20be%20attached%2Fregistered%2Fmonitored%20by%20ASC%20to%20be%20valid%3F%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22UserName%20lia-user-name%20lia-user-rank-Microsoft%20lia-component-message-view-widget-author-username%22%3E%3CSPAN%20class%3D%22%22%3EAnd%20if%20a%20Customer%20is%20already%20using%20MDATO%20either%20via%20M365%20E5%20or%20has%20Windows%2010%20E5%20licenses%20then%20they%20need%20to%20check%20with%20their%20account%20rep%20to%20get%20a%20%22deal%22%3F%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22UserName%20lia-user-name%20lia-user-rank-Microsoft%20lia-component-message-view-widget-author-username%22%3E%3CSPAN%20class%3D%22%22%3EIs%20this%20the%20case%3F%20Just%20trying%20to%20simplify%20it%20for%20a%20customer%20at%20this%20end...%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22UserName%20lia-user-name%20lia-user-rank-Microsoft%20lia-component-message-view-widget-author-username%22%3E%3CSPAN%20class%3D%22%22%3ERegards%2C%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22UserName%20lia-user-name%20lia-user-rank-Microsoft%20lia-component-message-view-widget-author-username%22%3E%3CSPAN%20class%3D%22%22%3EDave%20C%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-858349%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-858349%22%20slang%3D%22en-US%22%3E%3CP%3EFirst%20you%20need%20the%20M365%20E5%20or%20the%20Windows%20E5%2C%20then%20you%20need%20to%20pay%20~15%24%20usd%20per%20machine%20for%20data%20storage%20in%20your%20log%20analytics%20workspace%20attached%20to%20Security%20Centre%2C%20alternatively%20you%20can%20pay%20a%20per%20GB%20cost%20for%20data%20storage.%20%26nbsp%3BEither%20way%20you%20need%20to%20pay%20for%20storage%20based%20on%20how%20long%20you%20wish%20to%20retain%20it.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-867469%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-867469%22%20slang%3D%22en-US%22%3E%3CP%3EHaving%20E5%20is%20not%20a%20requirement%20to%20onboard%20servers%20into%20MDATP.%26nbsp%3B%20Servers%20that%20are%20licensed%20for%20ASC%20can%20be%20onboarded%20into%20MDATP.%26nbsp%3B%20The%20data%20is%20retained%20in%20MDATP%20for%20both%20servers%20or%20workstations%20up%20to%20a%20maximum%20of%206%20months.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1086491%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1086491%22%20slang%3D%22en-US%22%3E%3CP%3EWithin%20my%20tenant%3A%20I%20have%20a%20Pay%20as%20you%20Go%20subscription%2C%20and%20a%20CSP%20subscription.%26nbsp%3B%20I%20have%20a%20Log%20Analytics%20workspace%20in%20each.%26nbsp%3B%20When%20I%20go%20to%20the%20defender%20portal%20%26gt%3B%20settings%20%26gt%3B%20onboarding%20it%20has%20a%20Workspace%20ID%20and%20Workspace%20key%20to%20a%20Log%20Analytics%20workspace%20that%20I%20can't%20identify%20as%20being%20in%20my%20Tenants%20resources%20(I%20got%20to%20All%20Resources%20and%20look%20for%20it%2C%20and%20can't%20find%20it%2C%20wondering%20if%20it%20is%20a%20'special'%20MDATP%20workspace%20that%20isn't%20in%20my%20normal%20resources).%26nbsp%3B%20I%20am%20confused%3A%26nbsp%3B%20am%20I%20supposed%20to%20point%20MMA%20at%20the%20Log%20Analytics%20space%20of%20my%20choice%3F%20or%20the%20one%20defaulted%20by%20defender%20portal%20%26gt%3B%20settings%20%26gt%3B%20onboarding%3F%26nbsp%3B%20Of%20course%2C%20I%20would%20rather%20only%20be%20billed%20for%20one%20space%20per%20machine%20per%20month.%26nbsp%3B%20But%20since%20I%20don't%20even%20see%20the%20one%20workspace%2C%20I%20don't%20even%20know%20if%20that's%20charged%20or%20not.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1091638%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1091638%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Ron%2C%20my%20understanding%20is%20that%20the%20Log%20Analytics%20piece%20in%20the%20MD%20ATP%20is%20effectively%20hidden%20and%20you%20don't%20access%20it%20directly.%3C%2FP%3E%3CP%3EThe%20storage%20consumed%20by%20this%20solution%20is%20not%20charged%20to%20your%20billing%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1091943%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1091943%22%20slang%3D%22en-US%22%3E%3CP%3EYes%20that's%20correct%2C%20the%20workspace%20is%20separate%20and%20won't%20appear%20within%20your%20resources.%26nbsp%3B%20If%20you%20are%20using%20the%20MMA%20(only%20required%20for%20older%20platforms)%20then%20you%20should%20point%20it%20to%20the%20workspace%20specified%20in%20the%20MDATP%20portal.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1126022%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1126022%22%20slang%3D%22en-US%22%3E%3CP%3EOn-prem%20licensing%20question.%20If%20you%20go%20to%20defender%20security%20center%20and%20select%20server%202019%20on-boarding%2C%20it%20just%20gives%20you%20a%20script%20to%20run%20on%20the%20server.%20This%20doesn't%20appear%20to%20actually%20bring%20the%20server%20into%20Azure%20security%20center%20so%20that%20I%20can%20pay%20my%20%2415%2Fmonth%20for%20it.%20So%20in%20this%20case%20do%20I%20need%20to%20manually%20add%20this%20server%20to%20Azure%20Security%20center%2C%20create%20a%20new%20workspace%2C%20set%20the%20price%20tier%20of%20the%20workspace%20to%20standard%2C%20install%20the%20monitoring%20agent%20on%20the%20server%20then%20it%20should%20automatically%20be%20added%20to%20defender%20security%20center%3F%20Just%20not%20sure%20why%20build%20the%20EDR%20engine%20into%20server%202019%20then%20require%20the%20monitoring%20agent%20to%20be%20installed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1141756%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1141756%22%20slang%3D%22en-US%22%3E%3CP%3EMDATP%20is%20~%2415%20per%20server%2Fmonth%20regardless%20of%20whether%20it%20is%20on-prem%20or%20in%20Azure.%20I%20highlighted%20the%20important%20stuff%20below.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Esee%20this%20link%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Fsecurity-center%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Fsecurity-center%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F168199i920C8B0381D69290%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_2.png%22%20title%3D%22clipboard_image_2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F168197i991375F331F658B1%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F168198i5D5637D5CF3B0B6D%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_1.png%22%20title%3D%22clipboard_image_1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1267950%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1267950%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20small%20doubt%20and%20help%20from%20you%20that%20here%20we%20are%20deploying%20Windows%20Defender%20on%20Windows%20Server%202008%20R2%20%2C2012%2C2016%20servers%20.%20Do%20we%20need%20license%20for%20use%20Windows%20defender%20on%20Servers%20opertaing%20system%3F%3C%2FP%3E%3CP%3EMy%20second%20question%20is%20will%20windows%20server%202019%20will%20support%20windows%20defernder%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20sure%20Windows%20Server%202003%2C2000%20will%20not%20support%20Windows%20defender%20but%20need%20your%20help.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20%26amp%3B%20Regards%2C%3C%2FP%3E%3CP%3EDevendra%20Singh%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1268067%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1268067%22%20slang%3D%22en-US%22%3E%3CP%3EOn%20Server%202008%20and%20above%20you%20do%20need%20a%20separate%20license%20for%20MDATP%20(older%20versions%20are%20not%20supported).%20Currently%20this%20licensing%20model%20is%20via%20a%20subscription%20to%20Azure%20Security%20Center%3B%20however%20a%20dedicated%20MDATP%20server%20license%20is%20coming.%3C%2FP%3E%0A%3CP%3EIf%20you%20are%20just%20talking%20about%20Windows%20Defender%20(the%20AV%20only%20component)%20then%20this%20is%20built%20into%20Server%202016%20and%20above%20(including%202019).%26nbsp%3B%20On%20older%20versions%20you%20would%20need%20to%20use%20System%20Center%20Endpoint%20Protection%20(%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconfigmgr%2Fprotect%2Fdeploy-use%2Fendpoint-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconfigmgr%2Fprotect%2Fdeploy-use%2Fendpoint-protection%3C%2FA%3E%3CBR%20%2F%3E%3C%2FFONT%3E)%3C%2FP%3E%0A%3CP%3EHope%20this%20helps.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1268435%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1268435%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20any%20other%20way%20to%20mange%20license%20or%20Onboarding%20machines%20except%20Azure%20security%20center.%3C%2FP%3E%3CP%3EYou%20mean%20on%20Windows%202008%20R2%20and%202012%20R2%20we%20need%20to%20installed%20System%20Endpoint%20Protection%20because%20Inbuild%20operating%20system%20it%20is%20not%20coming%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20installed%20MDM%20agent%20on%20Servers%20manually%20still%20I%20required%20license%20for%20WDATP%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1268525%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1268525%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20I%20said%20we%20are%20going%20to%20be%20releasing%20a%20standalone%20server%20license%20for%20MDATP.%26nbsp%3B%20This%20is%20coming%20soon.%3C%2FP%3E%0A%3CP%3EYes%20on%202008%20or%202012%20there%20is%20no%20built%20in%20Defender%20AV.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhat%20do%20you%20mean%20%22MDM%20agent%22%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1270167%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1270167%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Steve%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20you%20know%20there%20two%20option%20for%20onboarding%20machines.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20through%20Azure%20security%20center%20and%20another%20one%20is%20from%20WDATP%20portal.%3C%2FP%3E%3CP%3ESo%20if%20I%20select%20WDATP%20portal%20onboarding%20machine%20for%20servers%20%2Chow%20I%20will%20use%20licensing%20part.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20clear%20my%20doubt%20about%20licensing%20part%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1270425%22%20slang%3D%22en-US%22%3ERe%3A%20Protecting%20Windows%20Server%20with%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1270425%22%20slang%3D%22en-US%22%3E%3CP%3EOk%20so%20either%20way%20you%20need%20a%20license.%3C%2FP%3E%0A%3CP%3EPrior%20to%20today%20the%20only%20licensing%20mechanism%20for%20MDATP%20on%20servers%20was%20via%20ASC.%26nbsp%3B%20In%20terms%20of%20onboarding%20if%20you%20onboarded%20a%20server%20into%20ASC%20then%20it%20would%20automatically%20onboard%20it%20through%20into%20MDATP.%3C%2FP%3E%0A%3CP%3EThe%20other%20onboarding%20mechanism%20allows%20you%20to%20onboard%20a%20server%20directly%20into%20MDATP%2C%20but%20you%20would%20still%20need%20an%20ASC%20license%2C%20meaning%20you%20would%20then%20need%20to%20onboard%20into%20ASC.%3C%2FP%3E%0A%3CP%3EHowever%20we%20now%20have%20the%20option%20for%20a%20standalone%20MDATP%20license%20for%20servers%20meaning%20that%20you%20can%20purchase%20this%20and%20onboard%20the%20server%20directly%20into%20MDATP%20without%20involving%20ASC.%3C%2FP%3E%0A%3CP%3EHope%20this%20helps.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Windows Defender Advanced Threat Protection (Windows Defender ATP) is a unified security platform that covers endpoint protection platform (EPP) and endpoint detection and response (EDR). Initially we released the product for Windows 10 only, but customers have asked for support on other platforms, Windows Server in particular. This year, we've made Windows Defender ATP available to Windows 7 and Windows 8.1 clients, as well as macOS, Linux, and Windows Server. As we continue engineering a unified security platform, you will see a more seamless approach across platforms.

 

This blog is for enterprise customers who want to use the Windows Defender ATP platform on Windows Server and need practical guidance on what needs to be in place for licensing and infrastructure.

 

Screen Shot 2018-10-04 at 21.54.05.png

 Image: Windows Server 2016 onboarded to Windows Defender ATP 

 

The Microsoft-recommended configuration for the best security is staying current with Windows. While we provide support for previous versions of Windows, the latest releases provide superior security capabilities. If you are running previous versions of Windows, one of the most important things you can be doing is getting a plan to update your Windows environment.  

 

Endpoint protection platform

The endpoint protection platform (EPP) of Windows Defender ATP includes two capabilities: (1) Attack surface reduction (ASR), which helps seal the available attack surface that can be leveraged by threat actors as much as possible, and (2) Next generation protection (NGP), which is a cloud-powered antivirus solution.

 

Attack surface reduction is a set of capabilities that helps organizations reduce the available attack surface. The technologies that power ASR are network protection, exploit protection, controlled folder access, and ASR rules. ASR is available on Windows 10 Fall Creators Update or later and on Windows Server 1803 and later.

 

Operating System

License

Deployment

Configuration

Reporting

Windows 10

Windows E5 or Microsoft 365 Enterprise E5

ASR relies on Windows Defender Antivirus, which is built-in and requires no agent installation

If licensed, through Microsoft Intune or System Center Configuration Manager. Alternatively, PowerShell or Group Policies.

Windows Defender Security Center, or if licensed System Center Configuration Manager or Microsoft Intune

Windows Server 1803, Windows Server 2019

Azure Security Center Pay-As-You-Go

ASR relies on Windows Defender Antivirus, which is built-in and requires no agent installation

If licensed, through System Center Configuration Manager. Alternatively, PowerShell or Group Policies.

Windows Defender Security Center, or if licensed System Center Configuration Manager

 

Windows Defender Antivirus is available to enterprise customers starting with Windows 10 Anniversary Update and Windows Server 2016. Previous versions of Windows and Windows Server continue to leverage System Center Endpoint Protection. The following table has information about Windows Defender Antivirus on different Windows versions and Windows Server versions on-premises, on Azure, or on third-party cloud service.

 

Operating System

License

Deployment

Configuration

Reporting

Windows 10

No additional license required to use Windows Defender Antivirus

Windows Defender Antivirus is built-in and requires no agent installation

If licensed, through Microsoft Intune or System Center Configuration Manager. Alternatively, Group Policies or PowerShell.

If licensed, through Windows Defender Security Center, System Center Configuration Manager or Microsoft Intune

Windows 8.1 and Windows 7

System Center Configuration Manager with System Center Endpoint Protection

System Center Endpoint Protection agent can be deployed through System Center Configuration Manager

System Center Configuration Manager

If licensed, through Windows Defender Security Center or System Center Configuration Manager

Windows Server 1803, Windows Server 2019

No additional license required to use Windows Defender Antivirus

Windows Defender Antivirus is built-in and requires no agent installation

If licensed, through System Center Configuration Manager. Alternatively, Group Policies or PowerShell.

If licensed, through Windows Defender Security Center or System Center Configuration Manager

Windows Server 2016

No additional license required to use Windows Defender Antivirus

Windows Defender Antivirus is built-in and requires no agent installation

If licensed, through System Center Configuration Manager. Alternatively, Group Policies or PowerShell.

If licensed, Windows Defender Security Center, System Center Configuration Manager or Azure Security Center

Windows Server 2012 R2

System Center Configuration Manager with System Center Endpoint Protection

System Center Endpoint Protection agent can be deployed with System Center Configuration Manager

System Center Configuration Manager

System Center Configuration Manager or if licensed, through Windows Defender Security Center or Azure Security Center

Windows Server 2012, Windows Server 2008 R2, Windows Server 2008

 System Center Configuration Manager with System Center Endpoint Protection

System Center Endpoint Protection agent can be deployed with System Center Configuration Manager

System Center Configuration Manager

System Center Configuration Manager or if licensed, through Azure Security Center

(Windows Defender Security Center is the web portal available for Windows Defender ATP customers (requires Windows E5 or Microsoft 365 Enterprise E5)

 

In addition to Windows Defender Antivirus and System Center Endpoint Protection, enterprise customers can use Microsoft Antimalware for Azure for virtual machines that are hosted on Microsoft Azure. Note that If you are a Windows Defender ATP customer you should assess which Antivirus solution best fits your needs.

 

Supporting Documentation:

 

Endpoint detection and response

Endpoint detection and response (EDR) capabilities in Windows Defender ATP were first available to enterprise customers as a built-in solution starting with Windows 10 Anniversary Update and Windows Server 1803, but these capabilities have since expanded to support previous versions of Windows and Windows Server. The following table has information about Windows Defender ATP on different Windows versions and Windows Server versions on-premises, on Azure, or on third-party cloud service.

 

Operating System

License

Deployment

Configuration

Reporting

Windows 10

Windows E5 or Microsoft 365 Enterprise E5

Windows Defender ATP is built-in to the operating system

Local script, Group Policies, System Center Configuration Manager, or Microsoft Intune

Windows Defender Security Center

Windows 8.1 and Windows 7

Windows E5 or Microsoft 365 Enterprise E5

Windows Defender ATP on legacy operating system requires installation of an agent

Agent deployment can be through any preferred deployment method such as System Center Configuration Manager

Windows Defender Security Center

Windows Server 1803, Windows Server 2019

Azure Security Center Pay-As-You-Go

Windows Defender ATP is built-in to the operating system

Local script, group policies and, if licensed, through System Center Configuration Manager

Windows Defender Security Center

Windows Server 2016, Windows Server 2012 R2

Azure Security Center Pay-As-You-Go

Windows Defender ATP on legacy operating system requires installation of an agent

Agent deployment can be through any preferred deployment method such as System Center Configuration Manager

Windows Defender Security Center and Azure Security Center

 

Support for Windows Server 2019 and Windows Server 1803 is currently in public preview for Windows Defender ATP.

 

Supporting Documentation:

 

Windows Defender ATP unified endpoint security platform

Windows Defender ATP is a unified platform that helps keep your business data and users safe from advanced attacks. And with expanded support for Windows Server, previous versions of Windows, and additional client hardware, you can protect a wider array of devices, servers, and endpoints. Your feedback is important to us as we continue to make improvements to Windows Defender ATP.

 

WDATP.png

34 Comments

So is the Server 2019 ATP in a different console than the workstations console?  https://securitycenter.windows.com/dashboard

Microsoft

Hi! It is the same console securitycenter.windows.com. Once Azure Security Center support this Server build it will be the same reporting story like other versions.

Pardon for the additional question, is the threat console information available outside of the security center, or is there a way to get alerted when a new post goes up?  Also can one share this data with other team members/people?

Microsoft

Hi! Happy to help. Both Windows Defender ATP and Azure Security Center can send email notifications when new stuff happens. Check out: (WDATP) https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-e... and (ASC) https://blogs.msdn.microsoft.com/azuresecurity/2016/11/22/tip-of-the-day-azure-security-center-email...

Alerts I get, I want to get notified when there are new threat analytics posted to the console. 

Occasional Contributor

A couple of questions:

 

  • About the Secure Socore in Windows Defender ATP (securitycenter.windows.com). The Security Controls (EDR, Antivirus, OS Security Updates, Exploint Guard, etc) currently applied to Windows 10 machines. Will those controles also apply for Windows Server Machines? (I've attached a screenshot of the controls to clarify.)

 

  • Now Azure Security Center has it's own Secure Score, with recommanations for Virtual Machines (ex: Apply disk encryption, Install endpoint protection, etc). If I have a Windows Server Machine with WDATP for Server and also onboarded on Azure Security Center, will I have to check out both securitycenter.windows.com and Azure Security Center for Score / Security Controles / Recommanations?

 

 

Microsoft

Good suggestion Susan. I will defiantly pass it to my colleague who is responsible for threat analytics.

Microsoft
Certainly something we started to discuss between the Azure Security Center and Windows Defender ATP team. For now you want to make sure you look for WDATP when it comes to endpoint and ASC for server security recommendation.
Occasional Visitor

saber lidar com a diversidade, não é aceitar as diferenças, é estar apto e seguro de si proprio e saber deixar as pessoas livres dentro da tecnologia porque lá e onde a muita diversidade de generos de varios modos

Occasional Visitor

Não deixe a diversidade se transformar em adversidade porque a tecnologia já é a diferença 

Regular Visitor
EDR for Server 2012/2016 and EPP for Server 2019 states that "Azure Security Center Pay-As-You-Go" license is required. The onboarding instructions for WDATP state Install the MMA and configured it for the Defender Workspace ID. If you attempt to onboard to Azure Security Center you receive a separate Workspace ID. We want all of our devices to be managed from the "Windows Defender Security Center" as the WDATP technical instructions specify. In this case what license is required as the device does not appear in the Azure Security Center?
Microsoft

Hi D8234842, the licensing model for Windows Defender ATP EDR on Server is through Azure Security Center. For the successful on-boarding you will want to ensure that the servers are first added to Azure Security Center and have the integration between Azure Security Center and Windows Defender ATP enabled. If that's the case all your Servers in Azure Security Center will automatically show up in the Windows Defender Security Center.

Frequent Contributor

@Milad Aslaner thank you.  I am still a little unclear about which workspace ID to install MMA to.  I already have servers with the OMS agent (now MMA) installed using my log analytics workspace ID.  How do I onboard these same servers to ATP now?

Occasional Contributor

Hi @Milad Aslaner ,

I'm confused over licencing here - there is no such product as security centre 'Pay as you go' - how is the licence actually working here?

 

For example if I just connect all my Azure servers to the Defender ATP workspace directly and don't use security centre at all - what licence is required for that?

 

Thanks,

Rich

Microsoft

@Richard Harrison the pay as you go subscription information can be found here: https://azure.microsoft.com/en-us/offers/ms-azr-0003p/

 

Regarding the second part of your question... to be compliant with MDATP licensing for servers, each server needs to have an Azure Security Center Standard (per node) license. There are two ways to license ASC: Pay-as-you-go or ASC reservations. 

Frequent Visitor

@Chris Jones- The ASC pay-as-you-go pricing for servers put MDATP out of reach for us (literally 6x vs. two other EDR products we had quoted), but I just went looking for the reservations you mentioned and can't find any info in Azure portal or the pricing calculator.  Do you have a link to the ASC reservations?

 

Thanks,

Joe

Microsoft

Hi @Joe Sanders - I understand your concern regarding the pricing. I'd recommend reaching out to your Microsoft account team or reseller regarding this. There are benefits if you have MDATP client licensing that should be able to help on the server side of things from a cost perspective.

 

Regarding the reservations, it's really just another term for an Azure Monetary Commitment that is done through an Enterprise Agreement. If you don't have one, you can speak with someone about setting one up here.

Occasional Contributor

Hi @Chris_Jones,

Now you are making things even more confusing :)

 

What on earth are ASC reservations? There are various things you can reserve in Azure but ASC is not one of them?

 

I think the statement needs to be to use windows defender ATP portal for 'servers' in Azure they have to attached to an Azure Security Centre standard subscription - as simple as that?

 

Cheers,

Rich

Regular Visitor

Hi, I don't quite understand the server licencing for on premise servers. are they still required to have azure PAYG? They would be from versions 2008R2 to 2019. Also, I presume I can deploy the agent manually or via GPO?

Frequent Contributor

What is the pricing model for On-Prem Windows servers we're monitoring through the Azure Security Center? The pricing wasn't explained here: https://azure.microsoft.com/en-us/blog/azure-security-center-extends-advanced-threat-protection-to-h...

Frequent Contributor

Hi @Chris_JonesMilad Aslaner,

 

Has there been any clarification on the Licensing costs for running MDATP on Servers either onPrem or in AWS or Azure?

My simple take on this discussion is that they need to be attached/registered/monitored by ASC to be valid?

And if a Customer is already using MDATO either via M365 E5 or has Windows 10 E5 licenses then they need to check with their account rep to get a "deal"?

 

Is this the case? Just trying to simplify it for a customer at this end...

 

Regards,

Dave C 

 

Frequent Contributor

First you need the M365 E5 or the Windows E5, then you need to pay ~15$ usd per machine for data storage in your log analytics workspace attached to Security Centre, alternatively you can pay a per GB cost for data storage.  Either way you need to pay for storage based on how long you wish to retain it.

Microsoft

Having E5 is not a requirement to onboard servers into MDATP.  Servers that are licensed for ASC can be onboarded into MDATP.  The data is retained in MDATP for both servers or workstations up to a maximum of 6 months.

Regular Visitor

Within my tenant: I have a Pay as you Go subscription, and a CSP subscription.  I have a Log Analytics workspace in each.  When I go to the defender portal > settings > onboarding it has a Workspace ID and Workspace key to a Log Analytics workspace that I can't identify as being in my Tenants resources (I got to All Resources and look for it, and can't find it, wondering if it is a 'special' MDATP workspace that isn't in my normal resources).  I am confused:  am I supposed to point MMA at the Log Analytics space of my choice? or the one defaulted by defender portal > settings > onboarding?  Of course, I would rather only be billed for one space per machine per month.  But since I don't even see the one workspace, I don't even know if that's charged or not.

Frequent Contributor

Hi Ron, my understanding is that the Log Analytics piece in the MD ATP is effectively hidden and you don't access it directly.

The storage consumed by this solution is not charged to your billing ;)

Microsoft

Yes that's correct, the workspace is separate and won't appear within your resources.  If you are using the MMA (only required for older platforms) then you should point it to the workspace specified in the MDATP portal.

Regular Visitor

On-prem licensing question. If you go to defender security center and select server 2019 on-boarding, it just gives you a script to run on the server. This doesn't appear to actually bring the server into Azure security center so that I can pay my $15/month for it. So in this case do I need to manually add this server to Azure Security center, create a new workspace, set the price tier of the workspace to standard, install the monitoring agent on the server then it should automatically be added to defender security center? Just not sure why build the EDR engine into server 2019 then require the monitoring agent to be installed.

 

Thanks.

MDATP is ~$15 per server/month regardless of whether it is on-prem or in Azure. I highlighted the important stuff below.

 

see this link: https://azure.microsoft.com/en-us/pricing/details/security-center/

 

clipboard_image_2.png

clipboard_image_0.png

clipboard_image_1.png

Senior Member

Hi All,

 

I have small doubt and help from you that here we are deploying Windows Defender on Windows Server 2008 R2 ,2012,2016 servers . Do we need license for use Windows defender on Servers opertaing system?

My second question is will windows server 2019 will support windows defernder?

 

 

I am sure Windows Server 2003,2000 will not support Windows defender but need your help.

 

Thanks & Regards,

Devendra Singh 

 

Microsoft

On Server 2008 and above you do need a separate license for MDATP (older versions are not supported). Currently this licensing model is via a subscription to Azure Security Center; however a dedicated MDATP server license is coming.

If you are just talking about Windows Defender (the AV only component) then this is built into Server 2016 and above (including 2019).  On older versions you would need to use System Center Endpoint Protection (https://docs.microsoft.com/en-us/configmgr/protect/deploy-use/endpoint-protection
)

Hope this helps.

 

Senior Member

Is there any other way to mange license or Onboarding machines except Azure security center.

You mean on Windows 2008 R2 and 2012 R2 we need to installed System Endpoint Protection because Inbuild operating system it is not coming?

 

If I installed MDM agent on Servers manually still I required license for WDATP?

 

Thanks in advance.

 

Regards,

 

Microsoft

As I said we are going to be releasing a standalone server license for MDATP.  This is coming soon.

Yes on 2008 or 2012 there is no built in Defender AV.

 

What do you mean "MDM agent"?

Senior Member

Hi Steve,

 

As you know there two option for onboarding machines.

 

One through Azure security center and another one is from WDATP portal.

So if I select WDATP portal onboarding machine for servers ,how I will use licensing part.

 

Please clear my doubt about licensing part 

Microsoft

Ok so either way you need a license.

Prior to today the only licensing mechanism for MDATP on servers was via ASC.  In terms of onboarding if you onboarded a server into ASC then it would automatically onboard it through into MDATP.

The other onboarding mechanism allows you to onboard a server directly into MDATP, but you would still need an ASC license, meaning you would then need to onboard into ASC.

However we now have the option for a standalone MDATP license for servers meaning that you can purchase this and onboard the server directly into MDATP without involving ASC.

Hope this helps.