MDE unified solution for servers

Frequent Visitor

Hi All,

 

I’m looking into Microsoft Defender for Endpoint’s unified agent integration with Defender for servers.

 

The enable button for the Defender for Endpoint unified solution in our subscription is not available. Not sure how to get this enabled.

 

https://learn.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=wi...

 

Our servers have already been onboarded to MDE using MMA for Server 2012R2 and Server 2016. This method is now considered as legacy. We are using SCEP (Endpoint Protection) to apply our Antivirus policies. I would like to move away from SCEP and use Endpoint Manager (Intune) to manage the Defender AV policies. Hence, the need for the unified solution.

 

Mo_Alom_1-1667231587113.png

 

Needed some clarity around licensing for this solution as well.

 

  • Do we need a license for servers to be on Defender for Endpoint and another for Defender for Cloud? Or would one license such as “Defender for server plan 1 or 2” would suffice for both services.

 

  • We have the license “Microsoft Defender for Endpoint Server” which are not assigned to any server. These were purchased during our transition to Defender ATP (now MDE). Do we need to assign the license to servers or just need to have them, so we are in compliance for MDE?

 

  • If answer to the first point is yes, shall we just cancel the “Microsoft Defender for Endpoint Server” license.

 

  • Can we run a quick POC for the new solution without purchasing the license. Run on one or two servers to check out the solution.

 

Kind regards,

Mo Alom

1 Reply

@Mo_Alom 

The enable button for the Defender for Endpoint unified solution in our subscription is not available. Not sure how to get this enabled.

->The button is only shown in accounts which existed or used the integration since earlier as is explained below. If you do not see the button, that should mean the integration is on by default.

https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/defender-for-servers-plan-2-now-...

Jonhed_0-1667569219843.png

 

 

Do we need a license for servers to be on Defender for Endpoint and another for Defender for Cloud? Or would one license such as “Defender for server plan 1 or 2” would suffice for both services.

->Defender for Server plan 1 and 2 both cover MDE, so if you have defender for servers you do not need defender for endpoint for servers.

 

We have the license “Microsoft Defender for Endpoint Server” which are not assigned to any server. These were purchased during our transition to Defender ATP (now MDE). Do we need to assign the license to servers or just need to have them, so we are in compliance for MDE?

-> I am pretty sure there is no way to assign licenses. You just need to have the appropriate amount.

 

If answer to the first point is yes, shall we just cancel the “Microsoft Defender for Endpoint Server” license.

-> When you have “Microsoft Defender for Endpoint Server” licenses, you can contact Microsoft to adjust the Defender for Servers fee, so that you do not get billed twice for the same thing.

 

Can we run a quick POC for the new solution without purchasing the license. Run on one or two servers to check out the solution.

-> Defender for Servers is billed by usage, while the protected servers are running.

I do think you can activate the plan for 30 days without cost, but can't recall what cases this apply to.