Endpoint Security AV and FW Policies for Servers using Endpoint Manager

Copper Contributor

I was wondering what the eta for Windows Servers to be supported in Intune/Endpoint Manager for configuring FW and AV Policies.


Today I can manage Windows 10 and Mac Devices in Microsoft Endpoint Manager and update AV, FW, and EDR Policies.


I'm looking at rolling out Microsoft Defender for Endpoint service to several thousand Windows Servers and Linux Servers wanted a to know if their is any Plans to support this in Endpoint Manager with a Co-Managed Setup like you can do for users laptops.  

2 Replies
I agree that the support of Windows Servers would be nice to have asap in Intune/MEM, but haven't heard any news there for a long time.
As part of their security policies, many companies require their employees to run specific types of antivirus software and firewalls on their computers. However, what about servers? Do you have any policies in place to ensure that your servers are protected from viruses and other malicious threats? If not, my answer will help you create the endpoint security policies you need to protect your servers from threats by using Endpoint Manager's advanced deployment options and automated processes.

Endpoint Protection is expected in the coming months. You can configure the Windows Firewall for each Windows Server as part of an operating system configuration. You can also configure the firewall on a Linux Server as part of an operating system configuration. For more information about how to configure these firewalls, see Configure the Windows Firewall on a Server.

You can read more about MSE Endpoint at Manage Microsoft Defender for Endpoint configuration settings on devices with Microsoft Endpoint Manager | Microsoft Learn. Natively, MSE Endpoint cannot be configured by using the Intune console or by using the Intune API. Instead, you have to use a PowerShell script. The script invokes the MSE Endpoint PowerShell Module and uses it to configure the security settings. The script can either be run on the servers or can be run from the Intune management server, depending on certain requirements.