Protecting Windows Server with Windows Defender ATP
Published Oct 04 2018 01:16 PM 151K Views
Microsoft

Windows Defender Advanced Threat Protection (Windows Defender ATP) is a unified security platform that covers endpoint protection platform (EPP) and endpoint detection and response (EDR). Initially we released the product for Windows 10 only, but customers have asked for support on other platforms, Windows Server in particular. This year, we've made Windows Defender ATP available to Windows 7 and Windows 8.1 clients, as well as macOS, Linux, and Windows Server. As we continue engineering a unified security platform, you will see a more seamless approach across platforms.

 

This blog is for enterprise customers who want to use the Windows Defender ATP platform on Windows Server and need practical guidance on what needs to be in place for licensing and infrastructure.

 

Screen Shot 2018-10-04 at 21.54.05.png

 Image: Windows Server 2016 onboarded to Windows Defender ATP 

 

The Microsoft-recommended configuration for the best security is staying current with Windows. While we provide support for previous versions of Windows, the latest releases provide superior security capabilities. If you are running previous versions of Windows, one of the most important things you can be doing is getting a plan to update your Windows environment.  

 

Endpoint protection platform

The endpoint protection platform (EPP) of Windows Defender ATP includes two capabilities: (1) Attack surface reduction (ASR), which helps seal the available attack surface that can be leveraged by threat actors as much as possible, and (2) Next generation protection (NGP), which is a cloud-powered antivirus solution.

 

Attack surface reduction is a set of capabilities that helps organizations reduce the available attack surface. The technologies that power ASR are network protection, exploit protection, controlled folder access, and ASR rules. ASR is available on Windows 10 Fall Creators Update or later and on Windows Server 1803 and later.

 

Operating System

License

Deployment

Configuration

Reporting

Windows 10

Windows E5 or Microsoft 365 Enterprise E5

ASR relies on Windows Defender Antivirus, which is built-in and requires no agent installation

If licensed, through Microsoft Intune or System Center Configuration Manager. Alternatively, PowerShell or Group Policies.

Windows Defender Security Center, or if licensed System Center Configuration Manager or Microsoft Intune

Windows Server 1803, Windows Server 2019

Azure Security Center Pay-As-You-Go

ASR relies on Windows Defender Antivirus, which is built-in and requires no agent installation

If licensed, through System Center Configuration Manager. Alternatively, PowerShell or Group Policies.

Windows Defender Security Center, or if licensed System Center Configuration Manager

 

Windows Defender Antivirus is available to enterprise customers starting with Windows 10 Anniversary Update and Windows Server 2016. Previous versions of Windows and Windows Server continue to leverage System Center Endpoint Protection. The following table has information about Windows Defender Antivirus on different Windows versions and Windows Server versions on-premises, on Azure, or on third-party cloud service.

 

Operating System

License

Deployment

Configuration

Reporting

Windows 10

No additional license required to use Windows Defender Antivirus

Windows Defender Antivirus is built-in and requires no agent installation

If licensed, through Microsoft Intune or System Center Configuration Manager. Alternatively, Group Policies or PowerShell.

If licensed, through Windows Defender Security Center, System Center Configuration Manager or Microsoft Intune

Windows 8.1 and Windows 7

System Center Configuration Manager with System Center Endpoint Protection

System Center Endpoint Protection agent can be deployed through System Center Configuration Manager

System Center Configuration Manager

If licensed, through Windows Defender Security Center or System Center Configuration Manager

Windows Server 1803, Windows Server 2019

No additional license required to use Windows Defender Antivirus

Windows Defender Antivirus is built-in and requires no agent installation

If licensed, through System Center Configuration Manager. Alternatively, Group Policies or PowerShell.

If licensed, through Windows Defender Security Center or System Center Configuration Manager

Windows Server 2016

No additional license required to use Windows Defender Antivirus

Windows Defender Antivirus is built-in and requires no agent installation

If licensed, through System Center Configuration Manager. Alternatively, Group Policies or PowerShell.

If licensed, Windows Defender Security Center, System Center Configuration Manager or Azure Security Center

Windows Server 2012 R2

System Center Configuration Manager with System Center Endpoint Protection

System Center Endpoint Protection agent can be deployed with System Center Configuration Manager

System Center Configuration Manager

System Center Configuration Manager or if licensed, through Windows Defender Security Center or Azure Security Center

Windows Server 2012, Windows Server 2008 R2, Windows Server 2008

 System Center Configuration Manager with System Center Endpoint Protection

System Center Endpoint Protection agent can be deployed with System Center Configuration Manager

System Center Configuration Manager

System Center Configuration Manager or if licensed, through Azure Security Center

(Windows Defender Security Center is the web portal available for Windows Defender ATP customers (requires Windows E5 or Microsoft 365 Enterprise E5)

 

In addition to Windows Defender Antivirus and System Center Endpoint Protection, enterprise customers can use Microsoft Antimalware for Azure for virtual machines that are hosted on Microsoft Azure. Note that If you are a Windows Defender ATP customer you should assess which Antivirus solution best fits your needs.

 

Supporting Documentation:

 

Endpoint detection and response

Endpoint detection and response (EDR) capabilities in Windows Defender ATP were first available to enterprise customers as a built-in solution starting with Windows 10 Anniversary Update and Windows Server 1803, but these capabilities have since expanded to support previous versions of Windows and Windows Server. The following table has information about Windows Defender ATP on different Windows versions and Windows Server versions on-premises, on Azure, or on third-party cloud service.

 

Operating System

License

Deployment

Configuration

Reporting

Windows 10

Windows E5 or Microsoft 365 Enterprise E5

Windows Defender ATP is built-in to the operating system

Local script, Group Policies, System Center Configuration Manager, or Microsoft Intune

Windows Defender Security Center

Windows 8.1 and Windows 7

Windows E5 or Microsoft 365 Enterprise E5

Windows Defender ATP on legacy operating system requires installation of an agent

Agent deployment can be through any preferred deployment method such as System Center Configuration Manager

Windows Defender Security Center

Windows Server 1803, Windows Server 2019

Azure Security Center Pay-As-You-Go

Windows Defender ATP is built-in to the operating system

Local script, group policies and, if licensed, through System Center Configuration Manager

Windows Defender Security Center

Windows Server 2016, Windows Server 2012 R2

Azure Security Center Pay-As-You-Go

Windows Defender ATP on legacy operating system requires installation of an agent

Agent deployment can be through any preferred deployment method such as System Center Configuration Manager

Windows Defender Security Center and Azure Security Center

 

Support for Windows Server 2019 and Windows Server 1803 is currently in public preview for Windows Defender ATP.

 

Supporting Documentation:

 

Windows Defender ATP unified endpoint security platform

Windows Defender ATP is a unified platform that helps keep your business data and users safe from advanced attacks. And with expanded support for Windows Server, previous versions of Windows, and additional client hardware, you can protect a wider array of devices, servers, and endpoints. Your feedback is important to us as we continue to make improvements to Windows Defender ATP.

 

WDATP.png

54 Comments
Co-Authors
Version history
Last update:
‎Jun 09 2021 02:45 PM
Updated by: