Difference between Defender for Cloud and Defender for Servers

Thiago Cardoso 25 Reputation points
2024-03-05T13:12:07.1433333+00:00

Hello people!

I want to protect my Servers but I don't understand the difference between one and the other, could anyone clarify this question? Is this the best way to protect a them like we protect an Endpoint?

Thank you so much!

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,339 questions
0 comments No comments
{count} votes

Accepted answer
  1. Stanislav Zhelyazkov 23,421 Reputation points MVP
    2024-03-05T14:05:12.0966667+00:00

    Hi,

    Defender for Cloud is the name of the service. Defender for servers is a feature within that service. For example within Defender for Cloud you also have other features like Defender for Containers, Databases, Storage, App Service, Key Vault and Resource Manager. This can be seen on the pricing. Defender for servers has two SKUs - Plan 1 and Plan 2. It is unclear what are your requirements but overall as Defender for servers is part of Defender for Cloud you do not have to choose between one or the other.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


1 additional answer

Sort by: Most helpful
  1. Oleksandr Romaniuk 465 Reputation points
    2024-03-06T09:28:20.9366667+00:00

    Hello!

    In general, Microsoft Defender for Cloud (MDC) includes Microsoft Defender for Servers (MDS). Defender for Servers leverages Microsoft Defender for Endpoint (MDE) for its server protection piece, but on top of that, it adds capabilities to Server Monitoring, Access Management, Network Hardening, etc.

    If you use the Defender for Server (Defender for Cloud) in Azure, Defender (MDE.Windows/Linux Extension) will install itself automatically on all servers in your subscription. It is called automatic provisioning. You can check this setting via these steps: Microsoft Azure => Microsoft Defender for Cloud => Environment settings => <your subscription> => Defender plans => on the Servers tab choose under Monitoring coverage Settings button => Endpoint protection must be turned on.

    If you don't use Defender for Server (Defender for Cloud), then go to https://security.microsoft.com/ and follow these steps: Settings => Endpoints => Device management => Onboarding => select OS, download the script, run it and wait up to 12-24 hours, when you can see MDE.Windows/Linux extension installed on the server.

    I recommend this article which explains the difference between these two services:
    https://medium.com/microsoftazure/microsoft-defender-endpoint-microsoft-defender-for-cloud-for-servers-53c95d8c8d92

    You can also check out the Defender for Servers Plan features:

    https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers-select-plan#plan-features

    Note: You must choose a server management model: Defender for Server (Defender for Cloud) or Defender for Endpoint. Because there are different tariffs for services. Defender for Cloud has pay-as-you-go model, but Defender for Endpoint has a model with licenses.


    If the above response was helpful, please feel free to "Accept as Answer" and click "Yes" so it can be beneficial to the community.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.