Integration with Microsoft Defender for Cloud

Applies to:

Microsoft Defender for Endpoint can integrate with Microsoft Defender for Cloud to provide a comprehensive Windows server protection solution. With this integration, Microsoft Defender for Cloud can use the power of Defender for Endpoint to provide improved threat detection for Windows Servers.

The following capabilities are included in this integration:

  • Automated onboarding - Defender for Endpoint sensor is automatically enabled on Windows Servers that are onboarded to Microsoft Defender for Cloud. For more information on Microsoft Defender for Cloud onboarding, see Use the integrated Microsoft Defender for Endpoint license.

    Note

    The integration between Microsoft Defender for servers and Microsoft Defender for Endpoint has been expanded to support Windows Server 2019 and Windows Virtual Desktop (WVD).

  • Windows servers monitored by Microsoft Defender for Cloud will also be available in Defender for Endpoint - Microsoft Defender for Cloud seamlessly connects to the Defender for Endpoint tenant, providing a single view across clients and servers. In addition, Defender for Endpoint alerts will be available in the Microsoft Defender for Cloud console.

  • Server investigation - Microsoft Defender for Cloud customers can access the Microsoft 365 Defender portal to perform detailed investigation to uncover the scope of a potential breach.

Important

  • When you use Microsoft Defender for Cloud to monitor servers, a Defender for Endpoint tenant is automatically created (in the US for US users, in the EU for European and UK users).
    Data collected by Defender for Endpoint is stored in the geo-location of the tenant as identified during provisioning.
  • If you use Defender for Endpoint before using Microsoft Defender for Cloud, your data will be stored in the location you specified when you created your tenant even if you integrate with Microsoft Defender for Cloud at a later time.
  • Once configured, you cannot change the location where your data is stored. If you need to move your data to another location, you need to contact Microsoft Support to reset the tenant.
    Server endpoint monitoring utilizing this integration has been disabled for Office 365 GCC customers.