Oct 02 2022 12:16 PM
Oct 02 2022 12:16 PM
As of September 1, Microsoft has removed the Defender for Endpoint on Servers P1 and P2 licenses, forcing on-premises customers to use Azure ARC / Defender for Cloud!
Onboarding to Azure ARC is not always possible, another agent is required and it requires a huge effort for the management of the subscription, security and assets.
Microsoft will lose EDR customers... This will also show up in the client licenses of Defender for Endpoint. If Microsoft does not want on-premises server customers in their EDR solutions, the customers will not go with two EDR solutions but leave Microsoft and choose antoher EDR / XDR solution for server AND clients. How does Microsoft imagine it if different MSPs provide services for the customer and on premises and Azure are strictly separated? Should the Azure partner then have access to the on-premises systems. That won't happen.
Another bad decision for customers, partners and lastly for Microsoft.
Please revert your decision and make the Defender for Endpoint Server P2 License available again through CSP, EA and Direct.
Oct 14 2022 10:10 AM - edited Oct 24 2022 11:47 AM
@seth, I work with the major \ strategic customers and we are still selling MDE P2 for servers on Enterprise Agreements. The Azure offering is a elevated offering provide the core MDE capability + advanced capabilities such as vulnerability management and file integrity monitoring.
Oct 14 2022 11:53 AM
Oct 24 2022 09:12 AM
@seth Have you learned anything new since your previous posts on how to obtain endpoint for server licensing? I'm trying to get MDE P1 for servers but defender for cloud is forcing me to P2.
Oct 24 2022 11:54 AM - edited Oct 24 2022 02:50 PM
Is this for your personal use or for a small to medium business? What are your reasons that you feel having an enterprise agreement is prohibitive? If you are Microsoft partner you can obtain solutions via the partner program. Otherwise, an EA can be economical even for the smallest customers. I recommend speaking to your reseller.
Here is the link to the descriptions of the available server plans:
Overview of Microsoft Defender for Servers | Microsoft Learn
Note that Plan 1 for Servers actually includes MDE P2 and it is about $4.91 for 730 hours per month (ie. 100% usage). Plan 2 for servers offers a treasure trove of additional capabilities that you can read about in the link above - it's retail is $14.60 for 730 hours per month.
Oct 25 2022 05:59 AM
Oct 25 2022 09:26 AM - edited Oct 25 2022 09:32 AM
My understanding is you ONLY need Azure Arc for the capabilities outside of MDE P2 that are described in the Servers Plan 2. AFAIK - you can use all the same deployment methods for MDE P2 vs if you bought it standalone (e.g. Endpoint Manager etc). I'll verify that with my Technical Specialist - but I am 99% sure.
That said, I have been told that Azure Arc is much simpler to deploy and manage then you have described. I have colleagues with many, many large customers who are successfully leveraging ARC for on-premise devices. I would expect there are some hw \ sw requirements to achieve the scalable deployment. For me so far, a popular case for on-premise use of the Server P2 license is file integrity monitoring on servers that have a regulatory requirement for FIM such as PCI.
Oct 25 2022 09:45 AM
Jan 17 2023 10:35 AM
Can I ask what your solution was? I have a client that has legacy Defender for Endpoint Server licenses and I am not clear on what to transition them to in the CSP. Microsoft support has been not been able to provide an answer for me yet.
Jan 17 2023 10:46 AM
Unfortunately, there is only the option of licensing Defender for Cloud. For example, via Azure Arc onboarding. Microsoft has ignored customer and partner feedback that there is continued high demand for the Defender for Endpoint Server P2 stand alone license for on premises environments. According to my information, it was also removed from new signed Enterprise Agreements.
Our / Costumer solution was to switch EDR for Servers to a different product away from Microsoft.
Feb 01 2023 08:28 PM
small update that i worked with MS azure support recently and can confirm doing the onboarding with Azure Arc is what makes this possible now days. It does mean an extra agent installed for Arc/Log management, but things did go smoothly once I did that onboarding and then configured defender for cloud to leverage P1 server licensing. It adds additional complexity if all you want is Defender EDR on your servers, but I can see the benefits to leveraging more Azure features now that they are available via Arc.
Feb 13 2023 04:07 PM
@LS957458 - You can only have 1 type of MDS (Microsoft Defender for Server, which is part of the Microsoft Defender for Cloud solutions) plan per Azure Subscription. So, if you have already deployed MDS Plan 2 within your subscription, you won't be able to 'downgrade' other servers to Plan 1. The reverse holds true as well.
So, if you want to have a mixture of Plan 1 and Plan for your on-premises and/or in the Cloud (Azure, AWS, and/or GCP), then you need 2 Azure Subscriptions for that same single tenant. Your licensing specialist, MSFT Account Team, and/or your reseller can help you with that process.
Feb 13 2023 04:21 PM
Feb 20 2023 11:34 PM - last edited on Nov 09 2023 12:46 AM by RobertoF
Hi Keith, do you have any information about if Arc is required for Defender for Server Plans? From what I’ve gathered from Microsoft Pages it is recommended but not required. (for additional Defender for Cloud based recommendations) We have some customers running defender on Server with the "old" License Defender for Endpoint Server. We now get the information that we cannot renew this license.
We try to figure out if we need to onboard all Servers to Azure Arc now or if there still is a standalone license and onboarding via Powershell is still a valid choice.
Thanks in advance, cheers Felix