Ideal Defender for Endpoint Plan

Question

Hi Team,

Currently my team is looking for an ideal Defender for Endpoint plan which supports both Windows,Linux Servers and Endpoints. While checking Microsoft Learn, some mention servers require Defender for Servers plan and in some others, it's mentioned Defender for Endpoint Plan 2 supports Server machines too. It's a bit confusing. So actually are servers also supported in MDE Plan 2? Or is there any other plan which includes both Endpoints and Servers? Thank you.

Regards,
Anand R Menon

Answer 1

Hi Anand,

Thank you for posting your query.

Kindly check the information below to answer your query.

Microsoft Defender for Endpoint Plan 1:

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help organizations like yours to prevent, detect, investigate, and respond to advanced threats. We are pleased to announce that Defender for Endpoint is now available in two plans:

Defender for Endpoint Plan 1, described in this article; and
Defender for Endpoint Plan 2, generally available, and formerly known as Defender for Endpoint.

Go to this link for your reference https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1?view=o365-worldwide

------------------------------------------------------------------------------------------------------------------------------------------------

If the answer is helpful kindly click "Accept as Answer" and upvote it. Thanks.

Answer 2

Defender for Endpoint does not perform a license check during onboarding though licensing is expected. End-users get up to 5 concurrent devices each with a M365 E3/E5 license. There is a stand-alone Defender for Endpoint [correction] license for Windows and Linux servers. I believe this is only available from resellers. The recommended way to acquire an MDE licenses for servers is through Defender for Servers. Both Plan 1 and Plan 2 options in Defender for Servers include MDE. Azure virtual servers onboarded to Defender for Servers will be automatically added to MDE by an extension.

To clarify the difference, Defender for Endpoint provides enterprise management of Defender Antivirus, monitoring of system hardening, and monitoring of software vulnerabilities using an assessment solution called Threat and Vulnerability Management. Defender for Endpoint also relies on Endpoint Manager or GPO to configure the AV client and system lockdown policies. Endpoint Manager\Intune\GPO manages the settings and MDE monitors the results and responds to undesirable activities.

Defender for Servers is part of Defender for Cloud (MDFC). This is included in every subscription to help protect the resources in a subscription. Primarily to monitor how those resources are accessed and used to identify signs of misuse. Much like MDE, this also provides feedback on resource hardening and risk exposures. Defender for Servers is the server-focused component of MDFC. It can be extended to servers outside of Azure. It adds several server-centric features, alerts on misuse, and performs a vulnerability assessment (using the same engine as MDE TVM). There is an overlap between MDFC and MDE in the assessment activity. MDFC does not provide Antivirus and relies on MDE to provide full protection for servers.

Answer 3

@Andrew Blumhardt Thanks for the detailed answer. Regarding Defender for Servers or MDFC, it's an inbuilt component of Azure. So while purchasing from resellers, how will the licensing work? So we still need to enable the base Azure subscription to assign those licenses? Like Pay-as-you-Go? Thank you.