Plan Defender for Servers deployment

Defender for Servers extends protection to your Windows and Linux machines running in Azure, AWS, GCP, and on-premises. Defender for Servers integrates with Microsoft Defender for Endpoint to provide endpoint detection and response (EDR), and also provides a host of additional threat protection features.

This guide helps you to design and plan an effective Microsoft Defender for Servers deployment. Defender for Servers is one of the paid plans provided by Microsoft Defender for Cloud.

About this guide

This planning guide is aimed at cloud solution and infrastructure architects, security architects and analysts, and anyone else involved in protecting cloud/hybrid servers and workloads. The guide aims to answer these questions:

  • What does Defender for Servers do, and how is it deployed?
  • Where will my data be stored, and what Log Analytics workspaces do I need?
  • Who needs access?
  • Which Defender for Servers plan should I choose, and which vulnerability assessment solution should I use?
  • When do I need Azure Arc, and which agents/extensions must be deployed?
  • How do I scale a deployment?

Before you begin

Deployment overview

Here's a quick overview of the deployment process.

Summary overview of the deployment steps for Defender for Servers.

Next steps

After kicking off the planning process, review the second article in this planning series to understand how your data is stored, and Log Analytics workspace requirements.