This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 39%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
In the Microsoft Advisory it states Turn on Azure Defender for required servers
Quick question on this. We use Sophos so I do not think there will be any benefit of enabling Defender in Azure for machines. Would you agree? I don't think Defender would offer us anything in addition to what we are getting already and will just cost extra.
This question might be related to Sophos in our case but can also relate to any antivirus/ Malware system installed in customer environment. I realize installing multiple anti virus software can impact performance and I also realize Defender changes were made on server 2016 and above by Microsoft which changes the behaviour, unlike Windows 10 where it would disable if it encountered a third part anti-virus system already installed.
Thanks in advance.
P.S. The tags here need to be improved. Defender option only available for Windows 10 makes no sense. What about Cloud Defender?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Hi @AnnaG Thank you for reaching out to us. As I understand you have Sophos has antivirus/malware solution in your customer environment, talking about Azure Defender/Defender for Cloud.
To be honest, Defender for Cloud brings more value, its not just antivirus solution, Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP). Defender for Cloud continually assesses your security posture, secures your workloads from known security risks, defends your workloads in real-time so you can react immediately and prevent security events from developing.
Microsoft Defender for Servers brings threat detection and advanced defenses to your Windows. This plan includes the integrated license for Microsoft Defender for Endpoint, security baselines and OS level assessments, vulnerability assessment scanning, adaptive application controls (AAC), File Integrity Monitoring (FIM), and more.
Microsoft Defender for Endpoint ( MDE ) not just antivirus solution, it provides a full endpoint detection and response (EDR) solution.
Defender for Endpoint features include:
Reference:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction
following table summarizes features available in defender for servers
Lessons learned from the field with Microsoft Defender for Cloud
Let me know if you have any further questions, please feel free to post back.
Regarding the tags, will work with my team on improving the same, thank you for your feedback on this.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.
But you should never have more than one anti-virus system installed on a server which is endpoint protection. This means I guess we can eliminate Defender endpoint protection only right?
The Microsoft documentation explains all the features and does an excellent job selling the suite but makes no mention of conflicts which is why the post.
In actual fact, even Sophos were slow updating their web site (as I had to email them about this) because Microsoft changed the behaviour of Windows Defender on 2016 and above. I realize Azure Defender endpoint protection might offer more but I still dont think it should be installed if any antivirus is installed. Ransomware, it does not matter. You can have as many of these as you want. Agree?
@AnnaG Yes you are right, On Windows Server, if you're running a non-Microsoft antivirus product, you can uninstall Microsoft Defender Antivirus to prevent conflict. If the device is onboarded to Microsoft Defender for Endpoint, you can use Microsoft Defender Antivirus in passive mode.
Following article summarizes the state of Microsoft Defender Antivirus in several scenarios.
Azure Defender endpoint protection might offer more but I still dont think it should be installed if any antivirus is installed. Ransomware, it does not matter. You can have as many of these as you want. Agree? - To answer this you can onboard server to defender for cloud only ( dont use the integration switch to onboard the servers to defender for endpoint as you are already having Spohos on the server operating system ) and utilize defender for cloud features to improve the security posture of servers as mentioned in the above response.
Let me know if you have any further questions.