Defender for Servers Security Alerts Improvements
Published Jan 17 2023 01:03 PM 9,276 Views

Effective, modern server protection requires sophisticated endpoint threat detection and response with market-leading threat intelligence. With Microsoft Defender for Servers' completed integration with Microsoft Defender for Endpoint, a named market leader in EDR by Gartner and Forrester, you can deploy Defender for Endpoint to protect your Azure, multicloud, and on-premises servers. Defender for Endpoint protections include advanced post-breach detection sensors, behavioral based and cloud-powered protection, and endpoint detection and response (EDR). 


As part of Defender for Servers’ security alert quality improvement process, in April 2023, some alerts for Windows and Linux servers will be removed and instead sourced from Defender for Endpoint. Note that all security scenarios covered by the deprecated alerts are fully covered Defender for Endpoint threat alerts. With this change, organizations will not only maintain all their existing security coverage but will also see a significant reduction in redundant alerts and greater alert accuracy, with fewer false positives. 

  • If you already have the Defender for Endpoint integration enabled, there is no action required on your part. In April 2023, you may experience a decrease in your alerts volume, but you will maintain the same level of protection with less alert noise. 
  • If you currently do not have the Defender for Endpoint integration enabled in Defender for Servers, you will need to enable the integration to maintain and improve your alert coverage. All Defender for Server customers can access the full value from the Defender for Endpoint integration at no additional cost.  

Learn more about the security alerts that will be deprecated in April 2023.


How to enable Defender for Endpoint in Defender for Cloud

There are multiple ways to enable MDE integration for Windows and Linux through Defender for Cloud portal. Learn more about the prerequisites and your enablement options.  


Defender for Endpoint enablement on multiple subscriptions

In Defender for Cloud’s Overview blade, we are introducing a new Insight campaign that enables you to watch which subscriptions can be affected by the upcoming deprecation as they do not have Defender for Endpoint integration enabled. 




By clicking “Show affected subscriptions”, you’ll be able to watch all the relevant subscriptions without MDE integration enabled, as well as the number of affected resources.   








You can then select some or all of them and enable the integration at scale and track the deployment using custom workbook that we have published on Github. 

Note that if you don't have affected subscriptions, you will not see subscriptions on this plane.  


Additional Resources:


Version history
Last update:
‎Jan 17 2023 01:03 PM
Updated by: