Microsoft Defender for Endpoint confusion

AzureJP 21 Reputation points
2021-02-02T09:47:34.39+00:00

I have some questions on Microsoft Defender for endpoint on server VM that I am currently not able to find a clear answer to.

Here's where I am. I have Windows Servers (2008R2/2012/2016) and Linux VMs in Azure. I am looking to replace the current McAfee ePo solution.

I have Azure Security Center, and expect to pay for Azure Defender licences @ £10.88/$14.60 per VM per month.

I can see my VMs in Azure Security Center and I can see a recommendation here to enable endpoint protection (Install endpoint protection solution on virtual machines). Which will install the antimalware extension. All good so far.

When I look at the minimum requirements for Microsoft Defender for Endpoint here (https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements) it notes the use of Microsoft Defender for EndPoint Trial, which links back to a page offering details on pricing for enterprise and starting a free trial. But what is this for? 365? I'm only looking to protect VMs in Azure.

Do I need to use the Microsoft Defender Portal (https://securitycenter.windows.com.) to provide protection to my Azure VMs to replace ePo? Following this guide seems to suggest that I need to complete my dedicated cloud instance of Microsoft Defender for Endpoint (https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare)

I also find links suggesting that Windows Server 2008R2/2012/2019 and Linux are supported for endpoint

https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements

And also other links that state Windows Server 2019 and Linux are not supported for Endpoint.

https://learn.microsoft.com/en-us/azure/security-center/security-center-wdatp

I can't seem to track the right level of information on this and am looking for some assistance. End game is, i'd like to move away from McAfee ePo, and have my new solution support Windows Server (2008R2/2012/2016/2019) and Linux OS Server VMs only.

So what do I need? :)

Appreciate any help.

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,213 questions
0 comments No comments
{count} votes

Accepted answer
  1. VipulSparsh-MSFT 16,236 Reputation points Microsoft Employee
    2021-02-03T04:59:59.387+00:00

    @JamesPowell-6973 You would need Microsoft Defender for Endpoint. the updated document that you already found, mentions that the latest compatible OS
    Windows server 2019 and Linux.

    The other older documents will be updated to reflect the same information and avoid public confusion.
    Once you have the License, you can use the Azure security center to onboard the servers to Defender for endpoint. Read option 2 here. Windows Server 2019, which must be onboarded via local script though.

    The Security Center console displays Microsoft Defender for Endpoint alerts. but if you would like more detailed information or investigate further, you use Microsoft Defender for Endpoint's own portal pages where you'll see additional information such as the alert process tree and the incident graph. You can also see a detailed machine timeline that shows every behavior for a historical period of up to six months.

    -----------------------------------------------------------------------------------------------------------------

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.


1 additional answer

Sort by: Most helpful
  1. Jeroen Vandeleur 1 Reputation point
    2021-12-01T05:57:16.437+00:00

    Hi All,

    Still, it looks like I onboarded all my servers through security center and with the new portals I don't see any server listed in the M365 security portal, within my defender for Azure dashboard all servers are onboarded and I get alerts. However, if I want to investigate an incident with some advanced queries like in Defender for Endpoint dashboards I can't find my Azure Servers.

    Does anybody have a clear overview of which features are enabled in which portal and how they can be integrated as a single pane of glass ?

    Thanks in advance!

    0 comments No comments