SOLVED

Defender for Servers - Plan 1

%3CLINGO-SUB%20id%3D%22lingo-sub-3348209%22%20slang%3D%22en-US%22%3EDefender%20for%20Servers%20-%20Plan%201%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3348209%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20have%20just%20released%20a%20new%20plan%20for%20Defender%20for%20Servers%20which%20has%20a%20reduced%20set%20of%20functionality%20entitlement%20for%20Azure%20services.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fdefender-for-cloud%2Fdefender-for-servers-introduction%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fdefender-for-cloud%2Fdefender-for-servers-introduction%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPresumably%20this%20is%20because%20Defender%20on%20Servers%20is%20broarder%20than%20just%20Azure%20hosting%20and%20targetting%20multi-cloud%20and%20onprem%20systems.%26nbsp%3B%20What%20isn't%20clear%20from%20the%20documentation%20yet%20is%20if%20Defender%20for%20Servers%20Plan%201%20does%20contain%20all%20the%20features%20of%20Defender%20for%20Endpoint%20Plan%202.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Laurie_Rhodes_0-1652151739671.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F370379i4A17BD34D07D8DAA%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Laurie_Rhodes_0-1652151739671.png%22%20alt%3D%22Laurie_Rhodes_0-1652151739671.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'd%20really%20love%20clarification%20if%20features%20like%20%22Live%20Response%22%20on%20servers%20are%20included%20with%20the%20new%26nbsp%3BDefender%20on%20Servers%20Plan%201%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3348455%22%20slang%3D%22en-US%22%3ERe%3A%20Defender%20for%20Servers%20-%20Plan%201%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3348455%22%20slang%3D%22en-US%22%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F473743%22%20target%3D%22_blank%22%3E%40Laurie_Rhodes%3C%2FA%3E%2C%3CBR%20%2F%3EMy%20understanding%20is%2Fwas%20that%20%22Defender%20for%20Servers%22%20is%20effectively%20the%20cut%20down%20version%20of%20Defender%20for%20Cloud%20and%20is%20more%20of%20a%20commercial%20construct%3F%20But%20thanks%20for%20sharing%20those%20details%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3348640%22%20slang%3D%22en-US%22%3ERe%3A%20Defender%20for%20Servers%20-%20Plan%201%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3348640%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20David.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20name%20changes%20with%20%22Defender%22%20products%20over%20the%20past%20two%20years%20has%20been%20hard%20to%20keep%20up%20with.%20The%20way%20I%20see%20it%20is%20that%20%22Defender%20for%20Cloud%22%20is%20a%20catalogue%20of%20Defender%20products%20that%20protect%20cloud%20services.%20Up%20until%20a%20couple%20of%20months%20ago%20Defender%20for%20Servers%20was%20the%20new%20name%20for%20Windows%20Defender%20%2F%20Microsoft%20Defender%20that%20was%20installed%20on%20Servers.%20Those%20too%20were%20new%20names%20for%20%22Azure%20Anti-Malware%22%20and%20%22Defender%20ATP%22%20which%20had%20advanced%20security%20capability%20within%20the%20endpoint.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20seen%20a%20couple%20of%20Microsoft%20pages%20in%20the%20last%20week%20refer%20to%20the%20Defender%20client%20software%20that's%20deployed%20as%20%22Defender%20for%20Servers%20-%20Plan%201%22%20from%20Security%20Center%20%2F%20Defender%20for%20Cloud%20as%20actually%20being%20%22Defender%20for%20Endpoint%22.%20The%20only%20issue%20with%20saying%20Defender%20for%20Endpoint%20as%20a%20product%20now%20covers%20Servers%20is%20that%20DfE%20has%20two%20different%20plans%20for%20internal%20capability...%20Plan%202%20being%20the%20old%20%22ATP%22%20advanced%20security%20functionality%20in%20the%20client.%20The%20functionality%20matrix%20of%20Defender%20for%20Endpoint%20plans%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Laurie_Rhodes_0-1652161044550.png%22%20style%3D%22width%3A%20513px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F370396i1D12787AF57ED429%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Laurie_Rhodes_0-1652161044550.png%22%20alt%3D%22Laurie_Rhodes_0-1652161044550.png%22%20%2F%3E%3C%2FSPAN%3Edoesnt%20match%20up%20with%20the%20Defender%20for%20Servers%20plans.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20Defender%20for%20Servers%20Plan%201%20really%20is%20Defender%20for%20Endpoint%20Plan%202...%20that's%20great.%3CBR%20%2F%3E...It's%20just%20not%20clear.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3350384%22%20slang%3D%22en-US%22%3ERe%3A%20Defender%20for%20Servers%20-%20Plan%201%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3350384%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F473743%22%20target%3D%22_blank%22%3E%40Laurie_Rhodes%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMDE%20plan%201%20does%20not%20support%20servers%2C%20so%20I%20would%20assume%20defender%20for%20servers%20plan%201%20includes%20MDE%20plan%202.%20I%20do%20agree%20this%20could%20use%20some%20clarification%2C%20since%20the%20defender%20for%20servers%20docs%20are%20a%20bit%20vague%20here.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Jonhed_0-1652184649486.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F370456i494804BE27139B72%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Jonhed_0-1652184649486.png%22%20alt%3D%22Jonhed_0-1652184649486.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Microsoft have just released a new plan for Defender for Servers which has a reduced set of functionality entitlement for Azure services.

https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-servers-introduction

 

Presumably this is because Defender on Servers is broarder than just Azure hosting and targetting multi-cloud and onprem systems.  What isn't clear from the documentation yet is if Defender for Servers Plan 1 does contain all the features of Defender for Endpoint Plan 2.

 

Laurie_Rhodes_0-1652151739671.png

 

I'd really love clarification if features like "Live Response" on servers are included with the new Defender on Servers Plan 1?

 

3 Replies
Hi @Laurie_Rhodes,
My understanding is/was that "Defender for Servers" is effectively the cut down version of Defender for Cloud and is more of a commercial construct? But thanks for sharing those details

Hey David.

The name changes with "Defender" products over the past two years has been hard to keep up with. The way I see it is that "Defender for Cloud" is a catalogue of Defender products that protect cloud services. Up until a couple of months ago Defender for Servers was the new name for Windows Defender / Microsoft Defender that was installed on Servers. Those too were new names for "Azure Anti-Malware" and "Defender ATP" which had advanced security capability within the endpoint.

I have seen a couple of Microsoft pages in the last week refer to the Defender client software that's deployed as "Defender for Servers - Plan 1" from Security Center / Defender for Cloud as actually being "Defender for Endpoint". The only issue with saying Defender for Endpoint as a product now covers Servers is that DfE has two different plans for internal capability... Plan 2 being the old "ATP" advanced security functionality in the client. The functionality matrix of Defender for Endpoint plans

Laurie_Rhodes_0-1652161044550.pngdoesnt match up with the Defender for Servers plans.

If Defender for Servers Plan 1 really is Defender for Endpoint Plan 2... that's great.
...It's just not clear.

best response confirmed by Laurie_Rhodes (Occasional Contributor)
Solution

@Laurie_Rhodes 

MDE plan 1 does not support servers, so I would assume defender for servers plan 1 includes MDE plan 2. I do agree this could use some clarification, since the defender for servers docs are a bit vague here.

Jonhed_0-1652184649486.png