This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 22%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I have some questions on Microsoft Defender for endpoint on server VM that I am currently not able to find a clear answer to.
Here's where I am. I have Windows Servers (2008R2/2012/2016) and Linux VMs in Azure. I am looking to replace the current McAfee ePo solution.
I have Azure Security Center, and expect to pay for Azure Defender licences @ £10.88/$14.60 per VM per month.
I can see my VMs in Azure Security Center and I can see a recommendation here to enable endpoint protection (Install endpoint protection solution on virtual machines). Which will install the antimalware extension. All good so far.
When I look at the minimum requirements for Microsoft Defender for Endpoint here (https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements) it notes the use of Microsoft Defender for EndPoint Trial, which links back to a page offering details on pricing for enterprise and starting a free trial. But what is this for? 365? I'm only looking to protect VMs in Azure.
Do I need to use the Microsoft Defender Portal (https://securitycenter.windows.com.) to provide protection to my Azure VMs to replace ePo? Following this guide seems to suggest that I need to complete my dedicated cloud instance of Microsoft Defender for Endpoint (https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare)
I also find links suggesting that Windows Server 2008R2/2012/2019 and Linux are supported for endpoint
And also other links that state Windows Server 2019 and Linux are not supported for Endpoint.
https://learn.microsoft.com/en-us/azure/security-center/security-center-wdatp
I can't seem to track the right level of information on this and am looking for some assistance. End game is, i'd like to move away from McAfee ePo, and have my new solution support Windows Server (2008R2/2012/2016/2019) and Linux OS Server VMs only.
So what do I need? :)
Appreciate any help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@JamesPowell-6973 You would need Microsoft Defender for Endpoint. the updated document that you already found, mentions that the latest compatible OS
Windows server 2019 and Linux.
The other older documents will be updated to reflect the same information and avoid public confusion.
Once you have the License, you can use the Azure security center to onboard the servers to Defender for endpoint. Read option 2 here. Windows Server 2019, which must be onboarded via local script though.
The Security Center console displays Microsoft Defender for Endpoint alerts. but if you would like more detailed information or investigate further, you use Microsoft Defender for Endpoint's own portal pages where you'll see additional information such as the alert process tree and the incident graph. You can also see a detailed machine timeline that shows every behavior for a historical period of up to six months.
-----------------------------------------------------------------------------------------------------------------
If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.
This is fantastic information thank you so much.
So just to clarify my understanding.
My current Windows Server 2008R2/2012/2016/2019 and Linux hosts that are enabled in the Azure Defender enabled Security Center, are currently in effect protected from Virus and Malware as part of this service. And I can see any alerts for these hosts in the Security Center console in the Azure portal.
I can also, as part of my already existing Azure Defender enabled security center licencing (approx $15 per month per host) onboard these hosts of all OS types into the Microsoft Defender Security Center Portal (securitycenter.windows.com) at no extra cost. And here I can see more detailed information such as alert process trees and incident graphs.
Anything here not accurate?
Much appreciated
@JamesPowell-6973 Your understanding is correct.
Just as FYI :
Microsoft Defender is the leading Microsoft extended detection and response (XDR) solution for threat protection, composed of two products:
Microsoft 365 Defender and Azure Defender.
Azure Defender provides XDR for Azure and hybrid environments. Microsoft 365 Defender helps stop attacks across Microsoft 365 services and auto-heals affected assets.
Thank you.
So would my statement be accurate with regard to licencing? My Defender enabled Security Center licenced VM would automatically enroll in ATP, or I could do it manually at no extra cost?
@JamesPowell-6973 Yes, your devices protected by Azure Defender will automatically enroll in Microsoft Defender Advance TP. Make sure to check this box
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 92%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJV%3C/text%3E%3C/svg%3E)
Hi All,
Still, it looks like I onboarded all my servers through security center and with the new portals I don't see any server listed in the M365 security portal, within my defender for Azure dashboard all servers are onboarded and I get alerts. However, if I want to investigate an incident with some advanced queries like in Defender for Endpoint dashboards I can't find my Azure Servers.
Does anybody have a clear overview of which features are enabled in which portal and how they can be integrated as a single pane of glass ?
Thanks in advance!