Mar 04 2022 11:36 AM
Mar 04 2022 11:36 AM
We are on the verge of starting a PoC with Defender for Server.
I know of this wel written blog but this blog raises some questions (https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/microsoft-defender-for-cloud-poc...)
(1) For starter we have 100 Microsoft Defender for Endpoint Server licenses. So if we enable Defender for Server via Defender for Cloud Plan we are going to pay double, via the license and the 15$ per server/month. I presume this is not the way to deploy Defender for Server right ?
(2) What is nowadays the best approach to onboard on-premises server to Defender for Server;
- is it via the (legacy) MMA agent and onboard package
- or via the (new) unified agent and onboard package
- or can we onboard the on-premises server to Azure Arc and let the unified agent be auto-deployed via Defender for Cloud but NOT enabling Defender for Server switch to ON (so enable Defender for Cloud Plan but not enable the Defender for Server toggle to ON)
(3) What is todays best apprach for configuring defender for server policies (EDR, ASR etc) , via Intune or via GPO ?
Mar 07 2022 06:10 AM
Mar 07 2022 07:47 AM - edited Mar 07 2022 07:48 AM
@Stanislav Belov, Thank you so much for your response and information, this will help me and customer to make a decission of which managment method we are going to PoC.
Question that raises to my head is (4) 'Attack surface reduction' is not possible with the new MEM Security Management for MDE. How can we deploy such policies to Servers , does this mean we use GPO for ASR and we can use MEM policies for EDR and Defender AV ?
And (5) is there a table or overview which policies can and cannot be deployed by MEM to Servers ? Like for example Controlled Folder Access , Exploit Protection, Network Protection ?
And serious last question (6) for network protection we have switches 'AllowNetworkProtectionOnWinServer' and 'AllowNetworkProtectionDownLevel' what are those for and does 1 mean ENABLE and can we put there in AUDIT mode too and how?
Mar 07 2022 01:38 PM
Mar 07 2022 01:40 PM
Mar 07 2022 01:45 PM