Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Confused about What / how to install defender for servers.

Copper Contributor

Hi,

 

we currently have all our Microsoft servers in azure. Currently they all have Sophos AV on them. I have been tasked with changing these boxes over to Defender for Servers. When I start to look into the documentation I am getting confused as to what I need to do. DO I need an azure policy to install defender ? Do I need to on-board these devices. Do I manages these devices through https://security.microsoft.com/ the same as the Windows desktop clients. Where do I put int he exceptions for AV ? It was all so much simpler in sophos. Any help much appreciated.

 

Thanks

 

4 Replies
I feel your pain as there are many options available with no right or obvious approach. However, if you are licensed for Intune, then you can manage MDE policies for both Servers (Comes with some limitations) and endpoints. Have a look at Endpoint Security profile settings in Intune.
Is AV supported on server 2008 R2 ? The documentation is all over the place.
AV is not supported on Server 2008R2. Legacy System Centre Endpoint Protection (SCEP) is needed to manage Servers 2008R2. Server 2012R2 and above can use the Next Generation Protection Antivirus.
What OS versions are we talking about? Your best bet is probably to Migrate them to Azure using Azure Ark agent and then enable a Defender for Cloud Plan to Onboard them into Defender for Endpoint.

Technically speaking, you can just run the Onboarding script on your On-Prem Server estate and they will successfully Onboard to Defender for Endpoint. Still, you won't be officially licensed to manage them.

I can try to help with any questions you may have.