we currently have all our Microsoft servers in azure. Currently they all have Sophos AV on them. I have been tasked with changing these boxes over to Defender for Servers. When I start to look into the documentation I am getting confused as to what I need to do. DO I need an azure policy to install defender ? Do I need to on-board these devices. Do I manages these devices through https://security.microsoft.com/ the same as the Windows desktop clients. Where do I put int he exceptions for AV ? It was all so much simpler in sophos. Any help much appreciated.
I feel your pain as there are many options available with no right or obvious approach. However, if you are licensed for Intune, then you can manage MDE policies for both Servers (Comes with some limitations) and endpoints. Have a look at Endpoint Security profile settings in Intune.