![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 57.99999999999999%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)
Azure Stack HCI
A hyperconverged infrastructure operating system delivered as an Azure service that provides security, performance, and feature updates.
358 questions
Hello Jamie Childs
Welcome to Microsoft Q&A Platform, thanks for posting your query here.
I just checked with internal team on this. If you are referring to M365D to manage MDE (Defender for Endpoint), global policies like tampering, web browsing etc works just fine and if you are referring to “configuration policies” they are not exposed on server (requires Intune) only for clients.
MDE on HCI is supported with limitations.
You can use MDE, and can license it in any ways you have, including MDC (Server Plans).
You can expect a limited functionality around M365D management, around vulnerability managements and related items (scoring, recommended security settings, KB installed).
Ref:
Defender support for Azure Stack HCI 23H2 is explained here : https://learn.microsoft.com/en-us/azure-stack/hci/manage/manage-security-with-defender-for-cloud
Azure Stack HCI supports ASR in a preview fashion is explained here : https://learn.microsoft.com/en-us/azure-stack/hci/manage/azure-site-recovery
Hope this helps.