Forum Discussion
Solved
Microsoft Defender for Servers
Hello,
What is the best practice to enroll on-premises servers?
I seem to get confusing information. Do we really need Azure Arc?
The idea is to use Intune and I can use Ad connect to enroll them in Azure however I can't see them in Intune although they are visible in Azure portal.
JiPeg74 if your servers are onboarded in MDE and you turn on the below feature, you will see your servers appearing in Intune and you can enforce security settings from Intune to your servers
ā
8 Replies
- For enrolling on-premises servers in Microsoft Defender for Endpoint, Azure Arc is recommended but not strictly necessary. You can also use Microsoft Endpoint Configuration Manager (MECM) or Group Policy for management, depending on your environment and requirements.
- No, you don't need Azure Arc, unless you would like to use Defender for cloud for server.
Please note that Defender for endpoint for server and Defender for Cloud for server are two different products.
Dedenfer for endpoint for server (For antivirus, EDR etc) doesn't need an Azure Arc server.
If you are using Active directory for managing your on-premises servers, then the easiest way to onboard them is by using Group policy.
Can find the detailed steps about how to onboard with Group Policy from https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide.- Thanks for this clarification with Azure Arc...
What about if I need to manage the security controls with Intune. Will the servers appear immediately in intune. I am talking if I use the new feature: Zero touch ? And if they automatically appear in Intune, are the control policy have the same limitations as for Windows 10 and 11 workstations?JiPeg74 if your servers are onboarded in MDE and you turn on the below feature, you will see your servers appearing in Intune and you can enforce security settings from Intune to your servers
ā
- if you need to enroll your on-premises servers to Microsoft Defender for Servers, you can onboard them to Microsoft Defender for Endpoint and now with the new feature the servers can be automatically to Defender for servers with zero touch with the direct onboarding.
https://learn.microsoft.com/en-us/azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.
