Last updated on 9. October 2022
Okay when you first research how you can secure your servers with Defender product you will find different solutions.
At first this was very confusing for me because you can integrate servers with “Defender for Cloud” and with “Defender for Endpoint”. So, what is the difference between these two or is it the same?
Microsoft Defender for Endpoint for servers
This is the classical Defender you are using for your clients and is reachable under https://security.microsoft.com.
What you must consider when you are planning to integrate server systems inside the Defender is that you need at least 50 M365 E5/A5 licenses to be eligible to buy the license “Defender for Endpoint for server”. Furthermore, this license is like a “Defender for Endpoint Plan 2” license.
So currently you cannot integrate server systems when using the business license because you cannot gain the needed licenses and when you are using Plan 1 Defender and buy the Defender license for server your Defender Portal will upgrade to Plan 2. That is the moment when your licensing is not compliant anymore because every client/user would need a Defender for Endpoint Plan 2 license.
Let us assume you have the needed licenses and integrate your server system into Defender for Endpoint. You can manage your server systems in Defender Portal and use Endpoint Manager for Endpoint Security configurations.
Currently the cost is about $5,30 per user/server. If you have bought Defender licenses for servers and want to use Defender for Cloud, you are eligible for an upgrade.
Defender for Cloud
You configure this defender solution in the Azure portal and the special part is that when you are already using Defender for Endpoint and deploy Plan 1 to the servers, they will automatically register in Defender for Endpoint Portal.
Furthermore, you get a threat and vulnerability management to check your configuration for known threats.
Currently the cost for the Plan 1 is $4,80 and Plan 2 about $15.
Conclusion
I recommend using the Defender for Cloud Plan 1 when you are using basic functionalities. If you plan to integrate the system in Microsoft Sentinel, you should think about using Plan 2. At least the 500MB Log Analytic data ingestion is one of the nice features for Plan 2.
Be First to Comment