In my website’s upcoming blog post series, I will explore the detailed aspects of Microsoft Defender for Endpoint (MDE) regarding servers. This series will provide in-depth information about the Defender endpoint service tailored explicitly for the Servers platform.
Defender for Endpoint:
This robust enterprise endpoint security platform has been meticulously crafted to empower networks to effectively prevent, detect, investigate, and respond to various advanced threats. By providing comprehensive security measures, Microsoft Defender for Endpoint ensures that enterprise networks are equipped to handle diverse security challenges, offering peace of mind to organizations and their stakeholders.
Defender for Endpoint uses technology built into Windows 10 and Microsoft’s cloud service to detect and respond to advanced threats. This includes endpoint behavioural sensors, cloud security analytics, and threat intelligence.
- Endpoint behavioural sensors: The sensors in Windows 10 collect and process behavioural signals, which are then sent to Microsoft Defender for Endpoint in the cloud.
- Cloud security analytics: Cloud security analytics use big data and machine learning to translate behavioural signals into insights, detections, and recommended responses to threats.
- Threat intelligence: It is generated by Microsoft and partners, helps identify attacker tools, techniques, and procedures and triggers alerts when observed in sensor data.
Microsoft Defender XDR
Microsoft Defender XDR helps develop an all-encompassing security package for organizations. This package is designed to seamlessly cover endpoints, identity, email, and applications, providing detection, prevention, investigation, and automated response to sophisticated cyber threats. Notably, Microsoft Defender for Endpoint plays a vital role within the comprehensive Microsoft Defender XDR platform, encompassing various other Defender products. The Defender XDR platform includes the following Defender products:
- Microsoft Defender for Endpoint
- Microsoft Defender for Office 365
- Microsoft Defender for Identity
- Microsoft Defender for Cloud Apps
- Microsoft Defender Vulnerability Management
- Microsoft Defender for Cloud
- Microsoft Entra ID Protection
- Microsoft Data Loss Prevention
- App Governance
Defender for Endpoint – Solution
Microsoft Defender for Endpoint is an endpoint security solution that includes:
- Risk-based vulnerability management and assessment
- Attack surface reduction capabilities
- Behavioural-based and cloud-powered next-generation protection
- Endpoint detection and response (EDR)
- Automatic investigation and remediation
- Managed hunting services
The below picture illustrates the components involved in the Defender for Endpoint solution.
Microsoft Defender for Endpoint-related information is stored in a data centre in Europe, Australia, the United Kingdom, the United States, Switzerland, or India. This ensures that customers can meet their regulatory obligations and maintain control over their data, benefiting from the advanced threat detection and response capabilities of Microsoft Defender for Endpoint, Microsoft 365 Defender and Microsoft Defender for Identity.
Microsoft Defender for Endpoint data is retained for 180 days and visible across the portal. It is available while the license is under a grace period or suspended mode, and it will be erased from Microsoft’s systems and made unrecoverable 180 days after contract termination or expiration. The advanced hunting investigation experience makes the data accessible via a query for 30 days.
Software, Licensing and Other Requirements:
Microsoft Defender for Endpoint requires one of the following Microsoft licensing offers for Server Operating systems:
- Microsoft Defender for Server Plan 1 or Plan 2 (Microsoft Defender for Cloud offering with Azure Defender enabled)
- Microsoft Defender for Business Servers (for small and medium-sized businesses only).
- Microsoft Defender for Endpoint for Server.
Access to Defender for Endpoint dashboard (Defender Dashboard)is done through a browser. The following browsers are supported:
- Microsoft Edge
- Google Chrome
The Supported Server Operating Systems versions are:
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server, version 1803 or later
- Windows Server 2019 and later.
- Linux.
Internet Requirements:
For the Defender for Endpoint sensor to communicate with the Defender for Endpoint cloud service and report cyber data, devices must have internet connectivity, either directly or through a proxy. For more information on additional proxy configuration settings, see Configure device proxy and Internet connection settings | Microsoft Docs.
Thanks for your time. In the next blog post, we will examine how to implement the MDE for the Server OS machines in more detail.
Santhosh has over 15 years of experience in the IT organization. Working as a Cloud Infrastructure Architect and has a wide range of expertise in Microsoft technologies, with a specialization in public & private cloud services for enterprise customers. My varied background includes work in cloud computing, virtualization, storage, networks, automation and DevOps.
