top of page

MS Defender for Servers - Product Features

Updated: May 7


ree

This is the first blog in a short series where I'm sharing excerpts from my eBook Demystifying Microsoft Defender for Servers, available for purchase here.


So for this first blog, I'm going to cover off the product features, explaining the key differences between the P1 / P2 licences


Similar to the desktop version, Microsoft Defender for Servers comes in two different licence plans, 1 and 2. Where monthly pricing would normally be a fixed price, Microsoft now charge each plan based on per server usage (uptime) at the following prices:


  • Plan 1 $5 per server per month

  • Plan 2 $15 per server per month


"Licence plans are selected within the Microsoft Defender for Cloud portal, and will be covered off later on within the eBook". 


Note:

Licences are applied to a subscription or log analytics workspace, so be mindful you can’t onboard all of your servers to one location with an aim to have different licence plans assigned.


Defender for Servers Plan 1

Feature

Description

Microsoft Defender for Endpoint

Attack Surface Reduction

Next gen protection including real-time scanning and protection

EDR including threat analytics, automated investigation and response, advanced hunting and endpoint attack notifications.

Vulnerability assessment and mitigation.

Licencing

Charged per hour when server is in use

Defender for Endpoint Provisioning

Defender for Servers automatically provisions the Defender for Endpoint sensor on every supported machine that's connected to Defender for Cloud

Unified View

Alerts from Defender for Endpoint appear in the Defender for Cloud portal. You can get detailed information in the Defender for Endpoint portal.

Threat detection for OS-level (agent based)

Defender for Servers and Defender for Endpoint detect threats at the OS level, including virtual machine behavioural detections and fileless attack detection, which generates detailed security alerts that accelerate alert triage, correlation, and downstream response time.


Defender for Servers Plan 2


Note: Plan 2 includes all of the features from Plan 1 too.


Feature

Description

Threat detection for network-level (agentless security alerts)

Defender for Servers detects threats that are directed at the control plane on the network, including network-based security alerts for Azure virtual machines only

Microsoft Defender Vulnerability Management (MDVM) Add-on

Consolidated asset inventories, security baselines assessments & application block feature

Security Policy and Regulatory Compliance

Create custom security policies for your subscription(s) and measure your configurations against industry standards, regulations and benchmarks.

System updates and patches

Remediation of unhealthy resources and recommendations is available at no additional cost for Arc enabled Servers

Just-in-time virtual machine access

Just-in-time virtual machine access locks down machine ports to reduce the attack surface. To use this feature, Defender for Cloud must be enabled on the subscription.

File Integrity Monitoring

Examines files and registries for changes that might indicate an attack. A comparison method is used to determine whether suspicious modifications have been made to files.

Docker Host hardening

Assesses containers hosted on Linux machines running Docker containers, and then compares them with the Center for Internet Security (CIS) Docker Benchmark

Network Map

Provides a geographical view of recommendations for hardening your network resources. (Azure hosted resources only)

Agentless Scanning

Scans Azure virtual machines by using cloud APIs to collect data.

Log Analytics 500MB free data ingestion

Free data ingestion for the following data types:

SecurityAlert

SecurityBaseline

SecurityBaselineSummary

SecurityDetection

SecurityEvent

WindowsFirewall

ProtectionStatus

Update & UpdateSummary

MDCFileIntegrityMonitoringEvents

 

Note: Your daily allowance is based on the total of servers x 500MB. If one server uses 200MB and the other uses 700MB, your total is 900MB, and therefore under the 1000MB limit.


Supported Platforms


Microsoft Defender for Servers is supported on the following operating systems and cloud platforms. However there are both patch and hardware requirements which are covered off later within this eBook.


Windows Server


  • Windows Server 2012 R2

  • Windows Server 2016

  • Windows Server, version 1803 or later

  • Windows Server 2019 and later

  • Windows Server 2019 core edition

  • Windows Server 2022

  • Windows Server 2022 core edition

  • Windows Server 2025 (NEW!)


Linux Server


The following Linux server distributions and x64 (AMD64/EM64T) and x86_64 versions are supported:

 

  • Red Hat Enterprise Linux 7.2 or higher

  • Red Hat Enterprise Linux 8.x

  • Red Hat Enterprise Linux 9.x

  • CentOS 7.2 or higher

  • Ubuntu 16.04 LTS

  • Ubuntu 18.04 LTS

  • Ubuntu 20.04 LTS

  • Ubuntu 22.04 LTS

  • Ubuntu 24.04 LTS

  • Debian 9 - 12

  • SUSE Linux Enterprise Server 12.x

  • SUSE Linux Enterprise Server 15.x

  • Oracle Linux 7.2 or higher

  • Oracle Linux 8.x

  • Oracle Linux 9.x

  • Amazon Linux 2

  • Amazon Linux 2023

  • Fedora 33-38

  • Rocky 8.7 and higher

  • Rocky 9.2 and higher

  • Alma 8.4 and higher

  • Alma 9.2 and higher

  • Mariner 2


Cloud Platforms


  • Azure

  • AWS

  • GCP



Interested to know more?


Buy your discounted copy of Demystifying Microsoft Defender for Servers here.

Comments

© 2024 Security Ninja Ltd. All Rights Reserved.

Surrey, United Kingdom.

Company No. 15689079  (England & Wales)

bottom of page