Deploy Defender for Endpoint
Implementation Effort: Medium
Security and IT teams must validate licensing, configure onboarding methods, and ensure compatibility across supported Windows Server versions and environments.
User Impact: Low
Deployment is handled by administrators; end users are not directly involved.
Overview
Deploying Microsoft Defender for Endpoint (MDE) in Defender for Servers provides advanced endpoint detection and response (EDR), threat analytics, and vulnerability management for Windows Server workloads. This integration is included in both Defender for Servers Plan 1 and Plan 2, and is essential for securing hybrid and multicloud environments.
Supported Platforms
- Windows Server 2012 R2 (requires unified onboarding)
- Windows Server 2016, 2019, 2022, and 2025 (Defender Antivirus is built-in and can be enabled directly) 1
Deployment Steps
-
Validate Licensing:
- Ensure Defender for Servers Plan 1 or Plan 2 is enabled in Microsoft Defender for Cloud.
- Confirm that Microsoft Defender for Endpoint licensing is included 2.
-
Choose Onboarding Method:
- Use Microsoft Defender for Cloud to auto-onboard Azure VMs.
- For non-Azure machines (on-premises, AWS, GCP), onboard via Azure Arc and use the unified onboarding package 3.
-
Install Microsoft Defender Antivirus (if not already installed):
-
Use PowerShell:
Install-WindowsFeature -Name Windows-Defender
-