Apr 23 2022 01:27 AM
I have a large estate of Windows Enterprise 10 21H2 machines on-prem (not Azure VMs) running Windows Defender AV with endpoint protection enabled. I wish to monitor certain file for changes. I used do this with OSSEC but was wondering if I can do this with Defender? I see there is some capability for this in defender for cloud but I assume this only works for Azure deployed Windows instances?
May 12 2022 05:39 AM - edited May 12 2022 05:40 AM
SolutionThis feature requires Defender for Servers Plan 2.
Defender for Servers includes a Defender for Endpoint license, but also includes several other unrelated features, such as this File Integrity Monitoring.
Defender for Servers can be used with Azure Arc on machines outside of Azure,
but this does not support Windows Clients, so I don't think this works in your case.
https://docs.microsoft.com/en-us/azure/azure-arc/servers/prerequisites#supported-environments (Even if you could use Defender for Servers, this would be very expensive since you would be billed per machines)
May 13 2022 05:09 AM
Jul 11 2022 03:37 PM
Jul 11 2022 03:38 PM
Jul 12 2022 04:43 AM
May 12 2022 05:39 AM - edited May 12 2022 05:40 AM
SolutionThis feature requires Defender for Servers Plan 2.
Defender for Servers includes a Defender for Endpoint license, but also includes several other unrelated features, such as this File Integrity Monitoring.
Defender for Servers can be used with Azure Arc on machines outside of Azure,
but this does not support Windows Clients, so I don't think this works in your case.
https://docs.microsoft.com/en-us/azure/azure-arc/servers/prerequisites#supported-environments (Even if you could use Defender for Servers, this would be very expensive since you would be billed per machines)