Antivirus Migration from McAfee to Defender for Server

Question

Hi All,

I am currently working on a plan to migrate my antivirus for my servers from mcAfee to Microsoft defender for Server. I would like to know

1. if there is a recommended plan on how to go about this?
2. is there a url where I can have an estimate of the license cost for my servers.
3. are there different plans and what is the recommended plan.
4. any general guide on how to go about this migration

Thank you,

Answer 1

@AO Thank you for reaching out to us, As I understand you are planning to migrate/move from a non-Microsoft endpoint protection solution to Microsoft Defender for Endpoint.

Would recommend to review this doc - https://learn.microsoft.com/en-us/defender-endpoint/switch-to-mde-overview which has the detailed steps, process of migrating to Defender for Endpoint can be achieved in three phases as mentioned in this doc.

Reference:

https://learn.microsoft.com/en-us/defender-endpoint/migration-guides

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bd-p/MicrosoftDefenderATP

For license details - https://learn.microsoft.com/en-us/defender-endpoint/minimum-requirements

Above mentioned doc should be the best guide to begin with, if in case you have further questions would recommend engaging our consulting team who can assist you further on this.

Also, came across this youtube video - https://www.youtube.com/watch?v=_MiNDetIAvk which might help here.

Let me know if you have further questions, feel free to post back.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

Answer 2

MDE does not block onboarding for unlicensed servers, though you will need to true up eventually. Stand-alone licenses for servers can still be purchased through resellers. There are no public links on this but talk to your Microsoft sales contacts if interested.

The recommended way to license servers for MDE is actually Defender for Servers (part of Defender for Cloud). There are two D4S options, P1 and P2, both include MDE server licenses. Though Linux is only supported on P2. Generally, P1 pricing is comparable in price to a stand-alone license, though P2 is more expensive. If you have a large number of non-Azure Linux servers, you might prefer stand-alone licensing.

D4S onboarding of Azure VMs is rather seamless. All Azure policy and extensions. Though onboarding non-Azure servers may require Azure Arc. D4S is moving to an agentless model soon. Refer to current docs.

By default, D4S will onboard these servers to MDE automatically. Though this onboarding can be disabled if you prefer traditional MDE onboarding (script, MECM, GPO). You may prefer to control the timing of MDE onboarding.

When migrating from a 3rd party AV, the best approach is to deploy MDE side-by-side with your 3rd party AV. The MDAV service will run in a passive mode. Verify that passive mode activation was successful and become familiar with the wide range of features that do function in passive mode. When you are ready, begin disabling or removing your 3rd party AV and verify MDAV is in active mode. These active/passive transitions should be automatic but verify to be sure. it may not be automatic with older Windows OS and Linux. This ensures that your servers are never without AV protection.