Ivan Avelancio | August 4, 2022
Microsoft Defender for Endpoint has many available methods to deploy and manage onboarding and configurations using Microsoft Endpoint Manager (which includes Intune), and there is no shortage of capabilities surrounding the deployment methods. However, server capabilities for non-managed servers have been primarily deferred to resources outside of MEM. The options to manage servers using Microsoft Defender for Endpoint (MDE) have previously been limited to Group Policy management, Security Center group management, or manual approaches to onboarding a cloud-based Server class OS.
To change this, Microsoft announced the release of Defender for Servers earlier this year. This is a consumption-based method that is enabled through your Azure subscription. This feature provides automatic enablement of threat protection and advanced defenses to your Windows Server and Linux machines that exist in Azure and multi-cloud environments managed within Azure Arc.
Defender for Servers is offered in two plans. Plan 1 was made available in April 2022 and Plan 2 was just recently announced. In this blog, we’ll outline what each plan offers and answer the most frequently asked questions we see related to these new features.
Comparing Defender for Servers: Plan 1 v Plan 2
Both Defender for Server plans aim to align the integration experience between Microsoft Defender for Endpoint with Microsoft Defender for Cloud.
With the added functionality for Microsoft Defender for Endpoint (MDE), Microsoft’s Defender for Server plans broaden your protection capabilities with more options to onboard Azure managed servers. While both plans include a selection of vulnerability discovery and management tools for your machines, we’ll outline what’s available in Plan 1, along with the extensive new features to expect in Plan 2.
Microsoft Defender for Servers Plan 1 deploys Microsoft Defender for Endpoint to your servers, along with the following capabilities:
- Licenses are charged per hour instead of per seat, lowering costs for protecting virtual machines only when they are in use
- Deploys automatically to all cloud workloads so that you know they’re protected when they spin up
- Alerts and vulnerable data from Microsoft Defender for Endpoint is shown in Microsoft Defender for Cloud
Microsoft Defender for Servers Plan 2 includes all the benefits of Plan 1, in addition to the following:
- Security policy and regulatory compliance
- Log-analytics: 500 MB are provided for free
- Vulnerability assessment using Qualys: Provides real-time identification of vulnerabilities in your Azure and hybrid virtual machines
- Threat detections: OS level, network layer, control plane
- Adaptive application controls: Provides an automated solution for defining allowlists of known-safe applications for your machines, including security alerts should an unsafe application run
- File integrity monitoring: Examines files and registries of operating systems, application software, and others for changes that may indicate an attack
- Just-in time VM access: Locks down the inbound traffic to your VMs to reduce exposure to attacks and provides easy access to connect with VMs when needed
- Adaptive network hardening: Provides recommendations to further harden the NSG rules using a machine learning algorithm to allow traffic only from specific IP and port tuples
With Plan 2, Microsoft has aligned the integration experience between Microsoft Defender for Endpoint (MDE) and both Plan 1 and Plan 2 of the Microsoft Defender Servers Plans. In addition, this new MDE unified solution adds Tamper Protection, EDR in block mode, improved detection capabilities, and more.
Frequently Asked Questions
What servers can this capability manage?
Windows Server 2012R2 and 2016 OS’s that are Azure VMs or Managed systems within Azure Arc, for multi-cloud, multi-platform support.
How do I onboard devices that are non-managed?
The use of this feature would require the Defender for Server Plan licensed in Azure, then it is automatically installed and enabled with base functionality.
How does this feature enable server protection?
To apply configurations to an unmanaged endpoint that needs a cloud dependency, the Server object will have to be in Azure AD as an Azure VM or managed within Azure Arc. The installation is automatic based on licensing.
By default, Plan 2 is selected when you set the Defender for Servers plan to On. However, this can be changed at any point.
Where do I enable this feature?
It is enabled by default with the license activation. If the license was activated previously, you will see the following:
It can be found under [Subscription Name]>>Security>>Environment Settings>> [Subscription Name]>>Enable unified solution .
Note: An active subscription with the Defender for Server Plan feature previously licensed is required to view. If this button in not present, then the conditions are enabled by default when you activate the licensing after June 20, 2022 .
Next Steps: Enable Your Enhanced Security Features
Considering today’s volatile threat landscape, it’s time to broaden your protection capabilities. Taking advantage of Defender for Servers’ enhanced security features will offer threat detection and protect your machines.
For pricing information, visit Microsoft’s pricing page where you can apply filters to explore customized options that fit your specific needs.
To learn more about licensing, VM provisioning, or Defender for Endpoint, contact an Arraya expert to start a conversation.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.