Sep 24 2022 10:44 AM
Sep 24 2022 10:44 AM
We are planning to deploy Defender for Endpoint EDR for one of our clients who has around 500 endpoint devices(Windows Laptops/Desktops), 70 Windows Servers, 6 Linux servers etc. Could you suggest the ideal Defender for Endpoint plan which can cover all these devices? Thank you.
Sep 26 2022 01:38 AM
To answer your questions, I need a little more information:
1. What Microsoft 365 or Office 365 licenses is your client already using?
2. What platform are the servers running on? Are they still on-premises, running in Microsoft Azure, or elsewhere?
3. What are your customer's minimum requirements or what minimum requirements do you have yourself?
Looking forward to your reply.
Sep 27 2022 09:49 AM
@Tiennes Thanks for the reply.
1. Our customer is currently using another email platform and not O365. Is O365 account mandatory for Defender for Endpoint?
2. All servers are On-Prem. Different variants of Windows(2012, 2016, 2019 etc.) and Linux(Ubuntu, CentOS) servers. Endpoints are primarily Windows 10.
3. The customer wants an EDR tool with antivirus capabilities which supports Endpoints, Servers etc.
Sep 30 2022 05:46 PM
Helo @AnandRMenon, the best option for users and their endpoints, max 5, is Microsoft 365 E5, this includes collaboration, productivity, office apps on desktop, security, and compliance. It has EPP (Antivirus/Antimalware) and EDR (UEBA/IA). For servers, regardless of whether they are Linux or Windows, it is recommended that they have Microsoft Defender for Server Plan 2, this includes EPP and EDR. Also, directly from Azure with Microsoft Defender for Cloud, this includes vulnerability management.
Security for IT, Microsoft 365, Security for OT, Microsoft Defender for Cloud or Microsoft Defender for Server Plan 2.
It is not necessary for the client to move to Microsoft 365, but this would improve visibility, analysis and automation in security, if the client is still in Google, there is no problem, but collaboration would be in one provider and security in another, this is not recommended. If the customer insists on staying that way then they should centralize the security events in a SIEM + SOAR, recommended the Microsoft Sentinel.
Sep 30 2022 10:35 PM