Enable Endpoint Protection
Implementation Effort: Medium
Security and IT teams must configure Microsoft Defender Antivirus and Defender for Endpoint integration across supported Windows Server versions, including hybrid and multicloud environments.
User Impact: Low
Endpoint protection is enabled and managed by administrators; end users are not directly involved.
Overview
Enabling endpoint protection in Microsoft Defender for Servers involves configuring Microsoft Defender Antivirus and integrating with Microsoft Defender for Endpoint (MDE) to provide real-time protection, threat detection, and response capabilities for Windows Server workloads.
Supported Server Versions
- Windows Server 2016 and later: Microsoft Defender Antivirus is installed by default.
- Windows Server 2012 R2: Requires onboarding to Defender for Endpoint using the modern unified solution 1.
Key Steps to Enable Protection
-
Install or Verify Microsoft Defender Antivirus:
- Use PowerShell or the Add Roles and Features Wizard to install or enable the antivirus and its GUI if needed 1.
-
Enable Real-Time Protection Features:
- Configure behavior monitoring, heuristics, and machine learning-based detection 2.
-
Enable Network Protection:
- Use Microsoft Defender Exploit Guard settings to turn on network filtering and protection 3.
-
Integrate with Defender for Endpoint:
- Defender for Servers Plan 1 and Plan 2 include MDE onboarding.
- Use Azure Policy or scripts to automate onboarding and configuration.
-
Agentless or Agent-Based Deployment:
- Choose between agentless scanning (Plan 2) or agent-based protection using MDE.
Properly enabling endpoint protection ensures that server workloads are continuously monitored and defended against malware, exploits, and advanced threats. This supports the "Assume Breach" principle of Zero Trust by reducing the attack surface and enabling rapid detection and response.