Plan Defender for Servers Deployment
Implementation Effort: Medium
Planning requires security and IT teams to evaluate server workloads, choose the appropriate Defender for Servers plan, and configure deployment scope and methods across Azure and hybrid environments.
User Impact: Low
Deployment planning and execution are handled by administrators and security teams; end users are not directly involved.
Overview
Planning a deployment of Defender for Servers in Microsoft Defender for Cloud involves selecting the right plan (Plan 1 or Plan 2), determining the deployment scope (subscription or resource level), and configuring the necessary integrations and policies.
- Plan 1 includes core endpoint detection and response (EDR) via Microsoft Defender for Endpoint.
- Plan 2 adds advanced features such as agentless scanning, vulnerability management, file integrity monitoring, just-in-time access, and compliance assessments 1.
Deployment Scope Options:
- Subscription-level: Recommended for broad coverage and easier management.
- Resource-level: Offers granularity, useful for phased rollouts or specific workloads.
Deployment Methods:
- Use Azure Policy or scripts to enable plans based on resource tags or groups.
- Plan 1 can be enabled/disabled at the resource level.
- Plan 2 must be enabled at the subscription level but can be selectively disabled per resource 1.
Proper planning ensures consistent protection, avoids coverage gaps, and aligns with organizational security and compliance goals. This supports the "Assume Breach" principle of Zero Trust by ensuring all server workloads are proactively protected and monitored.