Defender for Endpoint Server standalone license


As of September 1, Microsoft has removed the Defender for Endpoint on Servers P1 and P2 licenses, forcing on-premises customers to use Azure ARC / Defender for Cloud!

Onboarding to Azure ARC is not always possible, another agent is required and it requires a huge effort for the management of the subscription, security and assets.


Microsoft will lose EDR customers... This will also show up in the client licenses of Defender for Endpoint. If Microsoft does not want on-premises server customers in their EDR solutions, the customers will not go with two EDR solutions but leave Microsoft and choose antoher EDR / XDR solution for server AND clients. How does Microsoft imagine it if different MSPs provide services for the customer and on premises and Azure are strictly separated? Should the Azure partner then have access to the on-premises systems. That won't happen.


Another bad decision for customers, partners and lastly for Microsoft.


Please revert your decision and make the Defender for Endpoint Server P2 License available again through CSP, EA and Direct. 

8 Replies

@seth,  I work with the major \ strategic customers and we are still selling MDE P2 for servers on Enterprise Agreements.  The Azure offering is a elevated offering provide the core MDE capability + advanced capabilities such as vulnerability management and file integrity monitoring. 

The product name is Defender Endpoint Server and the part # is 1NZ-00004
That's nice that you speak for your EA Bubble. But it is no longer available in Direct and CSP for new customers / renew subscriptions. Not everyone wants or can sign an EA. Even more stupid was the idea to make it different in the contracts.

@seth  Have you learned anything new since your previous posts on how to obtain endpoint for server licensing?  I'm trying to get MDE P1 for servers but defender for cloud is forcing me to P2.

HI Seth,

Is this for your personal use or for a small to medium business? What are your reasons that you feel having an enterprise agreement is prohibitive?   If you are Microsoft partner you can obtain solutions via the partner program.  Otherwise, an EA can be economical even for the smallest customers.   I recommend speaking to your reseller. 

Here is the link to the descriptions of the available server plans:

Overview of Microsoft Defender for Servers | Microsoft Learn

Note that Plan 1 for Servers actually includes MDE P2 and it is about $4.91 for 730 hours per month (ie. 100% usage).     Plan 2 for servers offers a treasure trove of additional capabilities that you can read about in the link above - it's retail is $14.60 for 730 hours per month. 

“Onboarding to Azure ARC is not always possible, another agent is required and it requires a huge effort for the management of the subscription, security and assets.”

There are customers where on-premises infrastructure is strictly separated from Azure. Azure is also often operated by other administrators or partners than the on prem systems. So it expands access to the on prem systems just because you want to use an edr. This is compliance and security issue. Maybe not every on oprem customer wants to mess around with the complexity in azure and possibly implement an insecure solution! This applies to customers of all sizes…

My understanding is you ONLY need Azure Arc for the capabilities outside of MDE P2 that are described in the Servers Plan 2. AFAIK - you can use all the same deployment methods for MDE P2 vs if you bought it standalone (e.g. Endpoint Manager etc). I'll verify that with my Technical Specialist - but I am 99% sure.

That said, I have been told that Azure Arc is much simpler to deploy and manage then you have described.    I have colleagues with many, many large customers who are successfully leveraging ARC for on-premise devices.    I would expect there are some hw \ sw requirements to achieve the scalable deployment.    For me so far, a popular case for on-premise use of the Server P2 license is file integrity monitoring on servers that have a regulatory requirement for FIM such as PCI.

I think you don't want to understand or hear that ARC / Azure Integration for on-prem is not an option for many customers and partners for a variety of reasons.

How am I supposed to pay for the licenses without ARC or Defender for Cloud onboarding? With the standalone license I run a onboarding script and have nothing to do with Azure!

Maybe a few voices outside of your bubble: