Difference between Microsoft Defender for Cloud and Microsoft Defender Endpoint ?

MyAzQuery 166

What is the difference between Microsoft Defender for Cloud and Microsoft Defender Endpoint ?

JamesTran-MSFT 36,361 Reputation points Microsoft Employee

2022-08-08T20:55:12.727+00:00

@MyAzQuery
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Accepted answer

Andrew Blumhardt 9,491 Reputation points Microsoft Employee

2022-08-06T19:36:10.447+00:00

MDE is a combo of cloud-integrated, enterprise antivirus with a continuous vulnerability assessment that recommends how to make devices mode secure. MDE largely monitors what is happening on devices and servers. MDE also includes manual response and investigation tools. MDE can manage servers, but it is highly focused on end user devices.

MDFC is designed to protect Azure subscriptions and the resources in those subscriptions. It can be extended to AWS, GCP, and on-prem servers for Server, SQL, and container monitoring.

MDFC has no antivirus capabilities. The sub-solution, Defender for Servers is only for servers (obviously). MDFC focuses on monitoring how these resources are accessed externally. MDFC also has a vulnerability assessment for resources and servers. The server assessment can use the same TVM engine as MDE. Like MDE, MFDC provides security alerts and hardening recommendations.

Defender for Servers includes a license for MDE servers. You usually want both on servers (servers need MDE for AV). MDE for (non-server) devices is part of the M365 E3/E5 license.
Please sign in to rate this answer.

14 people found this answer helpful.
MyAzQuery 166 Reputation points

2022-08-10T13:25:49.197+00:00

Thanks for simplifying your answer , making it easy to understand.

so for Antivirus for my azure Linux VM, i need MDE. What license is required for using this. Is this license tied to Azure AD license ?

If i have Az storage accounts in my subscription with private endpoints, then i will need MDFC for protection , i think. What is the license required to get MDFC
Sign in to comment

1 additional answer

Ed Harrison-MSFT 301 Reputation points

2022-08-05T15:18:33.097+00:00
Hi @MyAzQuery ,

Microsoft Defender is the overall "brand" for Microsoft security products, and while these do have similar names as you've spotted they are different products.

In summary:

Microsoft Defender for Endpoint, is an enterprise endpoint security platform - it incorporates things like next generation antivirus, but also include behavioral sensors, leverages cloud based security analytics and threat intelligence in order to provide security for Windows, macOS, Linux, Andoid and iOS endpoints. This link provides a good overview and starting point for more information.

Microsoft Defender for Cloud provides "Cloud Security Posture Management" (CSPM), providing a security analysis of all the resources in your cloud estates, and Cloud Workload Protection (CWP) which gives specific protection for your resources such as VMs, cloud storage, databases, security keys, containers, etc. This link provides a starting point on this service.

One of the workload protections in Defender for Cloud is "Defender for Servers" - one of the ways this provides protection of your servers is by including a license to run Defender for Endpoint on the VM, hence giving you the antivirus and other endpoint protection on that system. However, Defender for Servers also provides other protections such as Just in Time access control and adaptive network hardening.

In short, if you're looking to provide antivirus and other protections for something like your windows endpoints (i.e. the PCs your employees use on a daily basis) then Defender for Endpoint is the product you're after. If you are looking to protect all your resources in the cloud (Azure, AWS, GCP) then Defender for Cloud is what you're after.

I hope this helps - if so, please upvote and "mark as answer" so that others will find this in the future.

-----
Please sign in to rate this answer.

23 people found this answer helpful.
MyAzQuery 166 Reputation points

2022-08-06T11:44:36.17+00:00

Can we say Microsoft Defender for Cloud is included in Microsoft Defender Endpoint ? i mean , can we say that we dont need Microsoft Defender for Cloud is not required if we have Microsoft Defender Endpoint , because it covers kind of both ?
My requirement is to have Antivirus & Vulnerability protection for Azure CentOS VM ?

Does Defender Endpoint apply to Azure VM running on Linux CENTOS ?

Ed Harrison-MSFT 301 Reputation points

2022-08-08T09:14:02.85+00:00

@MyAzQuery - as Andrew says below, Defender for Endpoint and Defender for Cloud are different products and it's definitely not correct to say that Defender for Endpoint includes Defender for Cloud.

Defender for Endpoint is typically licensed per user (for example, as part of an M365 E5 bundle) and is designed to give antivirus and malware protection for an end user system (e.g. your users' windows laptops or desktops). To use it on servers there are two options - either license it using the "Defender for Servers" feature of Microsoft Defender for Cloud - this is charged based only on the uptime of your servers. Alternatively, there is a standalone server product you can license, but this is a relatively complex licensing model for enterprise users (if you're an enterprise, you should talk to your Microsoft sales partner for this).

In your case, if you have a Linux VM (i.e. a server) running in Azure that you want protect with antivirus, then it sounds like you want to enable Defender for Cloud on your subscription, specifically the "Defender for Servers" plan. If you just want antivirus, then the "P1" plan will provide you with the MDE license to run the antivirus pieces (there is also a more expensive P2 plan, which provides additional protection features, it's all covered in the docs mentioned previously).

MyAzQuery 166 Reputation points

2022-08-10T13:48:03.21+00:00

Whatever Microsoft Defender for Cloud options that i see , when i go to the azure pricing calculator site, https://azure.microsoft.com/en-us/pricing/calculator/ , .... Is this MIcrosoft Defender for Endpoint or is it Microsoft Defender for Cloud related to per subscription ?

Does not Defender for Cloud give Antivirus capabilities ? is it only for monitoring azure resources , like who is able to access it ?

Ed Harrison-MSFT 301 Reputation points

2022-08-10T14:05:31.86+00:00

@MyAzQuery - Both the Defender for Servers plans include a license for Defender for Endpoint in order to give you the antivirus protection you need. Plan 1 is, basically, just antivirus, whereas Plan 2 provides a lot of additional features - see https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-servers-introduction for the full details.

In your case, as you have an Azure VM, you would just need to enable Defender for Cloud on the subscription which has your VM, then enable whichever Defender for Server plan you want (probably just Plan 1).

You mention that you also have Azure storage accounts - if these are in the same subscription, you just enable the "Defender for Storage" feature from within the Defender for Cloud portal.

The process for enabling Defender for Cloud is documented at https://learn.microsoft.com/en-us/azure/defender-for-cloud/get-started.

As with your Azure VM - Defender for cloud is just charged based on usage to your normal Azure billing account; if you decide after a couple of days that you don't want it any more, then you just disable it and you'll have only been charged for the time you were protecting your VM, or the amount of storage you were protecting.

Sathish K 5 Reputation points

2023-07-18T13:13:08.6033333+00:00

If the Customer has 150 E5 Licenses and they want to onboard Azure servers to Defender for Endpoint ( as part of the Microsoft 365 Defender --->Endpoints, some of the deployment method includes Local script, Group Policy. how does the licenses get validated?

Nichlas Melin 0 Reputation points

2023-08-23T12:06:03.2433333+00:00

So far so good, but I cant find any information of which flavour the Microsoft Defender for Endpoint Server is coming in. For Microsoft Defender for Cloud Server (and clients) there are plan 1 and plan 2. Can you clarify that or direct where I can find that information.

Mark Mulholland 0 Reputation points

2023-10-16T19:16:00.5766667+00:00

Great answer, but then Defender CSPM is released which seems to overlap considerably with Defender for Servers Plan 2, but not quite. All implying that you need this as well. Although the literature isn't clear on this. Thoughts?
Sign in to comment