cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Defender for Server

fatshark_2k
Brass Contributor

‎Mar 04 2022 11:36 AM

‎Mar 04 2022 11:36 AM

Defender for Server

We are on the verge of starting a PoC with Defender for Server.
I know of this wel written blog but this blog raises some questions (https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/microsoft-defender-for-cloud-poc...)

(1) For starter we have 100 Microsoft Defender for Endpoint Server licenses. So if we enable Defender for Server via Defender for Cloud Plan we are going to pay double, via the license and the 15$ per server/month. I presume this is not the way to deploy Defender for Server right ?
(2) What is nowadays the best approach to onboard on-premises server to Defender for Server;
- is it via the (legacy) MMA agent and onboard package
- or via the (new) unified agent and onboard package
- or can we onboard the on-premises server to Azure Arc and let the unified agent be auto-deployed via Defender for Cloud but NOT enabling Defender for Server switch to ON (so enable Defender for Cloud Plan but not enable the Defender for Server toggle to ON)
(3) What is todays best apprach for configuring defender for server policies (EDR, ASR etc) , via Intune or via GPO ?

2,078 Views
0 Likes
5 Replies
Reply
5 Replies
Stanislav Belov

‎Mar 07 2022 06:10 AM

‎Mar 07 2022 06:10 AM

Re: Defender for Server

Hello there,
Thank you for your questions.
1. To avoid double charge in this case you need to open a support ticket as suggested in our docs: https://docs.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=win...
2. The preferred way of onboarding on-premise servers to Defender for Cloud is by using Azure Arc. Only in this case you will get all the features provided by Defender for Servers(e.g. integration with MDE, Vuln Assessments): https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-machines?pivots=azure-a...
3. Intune/MEM is going to be a better option since it can manage MDE on all platforms unlike GPO (only domain-joined windows machines).
0 Likes
Reply
fatshark_2k

‎Mar 07 2022 07:47 AM - edited ‎Mar 07 2022 07:48 AM

‎Mar 07 2022 07:47 AM - edited ‎Mar 07 2022 07:48 AM

Re: Defender for Server

@Stanislav Belov, Thank you so much for your response and information, this will help me and customer to make a decission of which managment method we are going to PoC.

Question that raises to my head is (4) 'Attack surface reduction' is not possible with the new MEM Security Management for MDE. How can we deploy such policies to Servers , does this mean we use GPO for ASR and we can use MEM policies for EDR and Defender AV ?

And (5) is there a table or overview which policies can and cannot be deployed by MEM to Servers ? Like for example Controlled Folder Access , Exploit Protection, Network Protection ?

And serious last question (6) for network protection we have switches 'AllowNetworkProtectionOnWinServer' and 'AllowNetworkProtectionDownLevel' what are those for and does 1 mean ENABLE and can we put there in AUDIT mode too and how?

0 Likes
Reply
Yong Rhee

‎Mar 07 2022 01:38 PM

‎Mar 07 2022 01:38 PM

Re: Defender for Server

RE: (4) 'Attack surface reduction' is not possible with the new MEM Security Management for MDE. How can we deploy such policies to Servers , does this mean we use GPO for ASR and we can use MEM policies for EDR and Defender AV ?
A: Keep an eye on the announcements here https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bg-p/MicrosoftDefenderATPBlog
0 Likes
Reply
Yong Rhee

‎Mar 07 2022 01:40 PM

‎Mar 07 2022 01:40 PM

Re: Defender for Server

Q: And (5) is there a table or overview which policies can and cannot be deployed by MEM to Servers ? Like for example Controlled Folder Access , Exploit Protection, Network Protection ?
A: Please keep an eye on https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/security-config-management... And re-visit monthly. Thx.
0 Likes
Reply
Yong Rhee

‎Mar 07 2022 01:45 PM

‎Mar 07 2022 01:45 PM

Re: Defender for Server

Q: (6) for network protection we have switches 'AllowNetworkProtectionOnWinServer' and 'AllowNetworkProtectionDownLevel' what are those for and does 1 mean ENABLE and can we put there in AUDIT mode too and how?

A: Please review https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-endpoints...
0 Likes
Reply