Feb 01 2021 09:34 AM
Feb 01 2021 09:34 AM
I have some questions that I am currently not able to find a clear answer to that I hoped someone could help.
Here's where I am. I have Windows Servers (2008R2/2012/2016) and Linux VMs in Azure. I am looking to replace the current McAfee ePo solution.
I have Azure Security Center, and expect to pay for Azure Defender licences @ £10.88/$14.60 per VM per month.
I can see my VMs in Azure Security Center and I can see a recommendation here to enable endpoint protection (Install endpoint protection solution on virtual machines).
When I look at the minimum requirements for Microsoft Defender for Endpoint here (Minimum requirements for Microsoft Defender for Endpoint - Windows security | Microsoft Docs) it notes the use of Microsoft Defender for EndPoint Trial, which links back to a page offering details on pricing for enterprise and starting a free trial. But what is this for? 365? I'm only looking to protect VMs in Azure.
Do I need to use the Microsoft Defender Portal (https://securitycenter.windows.com.) to provide protection to my Azure VMs to replace ePo? Following this guide seems to suggest that I need to complete my dedicated cloud instance of Microsoft Defender for Endpoint (McAfee to Microsoft Defender for Endpoint - Prepare - Windows security | Microsoft Docs).
I also find links suggesting that Windows Server 2008R2/2012/2019 and Linus are supported for endpoint
And also other links that state Windows Server 2019 and Linux are not supported for Endpoint.
I can't seem to track the right level of information on this and am looking for some assistance. End game is, i'd like to move away from McAfee ePo, and have my new solution support Windows Server (2008R2/2012/2016/2019) and Linux OS Server VMs only.
So what do I need? :)
Appreciate any help.
Feb 03 2021 06:34 AM
Feb 03 2021 08:38 AM
Thank you for the detailed response. This does seem clearer now.
So I guess I can say that my VMs in the subscription which are already protected by the "Azure Defender enabled" Security Center would therefore already have a licence for the EDR which will be automatically onboarded (except Linux/2019) in the new portal?
In terms of AV (in the classic sense) I can also seek to install the Anti-malware extension in the Azure Portal Security Center by installing "endpoint protection solution on virtual machines". Which in turn installs the Microsoft Antimalware extension to supported Windows OS?
Finally, my Linux nodes in the new ATP (Microsoft Defender) portal, I presume that's about as protected as I can get in terms of 'anti-virus' protection once I on-board them?
Feb 04 2021 11:57 PMSolution