This is the first blog in a short series where I'm sharing excerpts from my eBook Demystifying Microsoft Defender for Servers, available for purchase here.
So for this first blog, I'm going to cover off the product features, explaining the key differences between the P1 / P2 licences
Similar to the desktop version, Microsoft Defender for Servers comes in two different licence plans, 1 and 2. Where monthly pricing would normally be a fixed price, Microsoft now charge each plan based on per server usage (uptime) at the following prices:
Plan 1 $5 per server per month
Plan 2 $15 per server per month
"Licence plans are selected within the Microsoft Defender for Cloud portal, and will be covered off later on within the eBook".
Note:
Licences are applied to a subscription or log analytics workspace, so be mindful you can’t onboard all of your servers to one location with an aim to have different licence plans assigned.
Defender for Servers Plan 1
Feature | Description |
Microsoft Defender for Endpoint | Attack Surface Reduction Next gen protection including real-time scanning and protection EDR including threat analytics, automated investigation and response, advanced hunting and endpoint attack notifications. Vulnerability assessment and mitigation. |
Licencing | Charged per hour when server is in use |
Defender for Endpoint Provisioning | Defender for Servers automatically provisions the Defender for Endpoint sensor on every supported machine that's connected to Defender for Cloud |
Unified View | Alerts from Defender for Endpoint appear in the Defender for Cloud portal. You can get detailed information in the Defender for Endpoint portal. |
Threat detection for OS-level (agent based) | Defender for Servers and Defender for Endpoint detect threats at the OS level, including virtual machine behavioural detections and fileless attack detection, which generates detailed security alerts that accelerate alert triage, correlation, and downstream response time. |
Defender for Servers Plan 2
Note: Plan 2 includes all of the features from Plan 1 too.
Feature | Description |
Threat detection for network-level (agentless security alerts) | Defender for Servers detects threats that are directed at the control plane on the network, including network-based security alerts for Azure virtual machines only |
Microsoft Defender Vulnerability Management (MDVM) Add-on | Consolidated asset inventories, security baselines assessments & application block feature |
Security Policy and Regulatory Compliance | Create custom security policies for your subscription(s) and measure your configurations against industry standards, regulations and benchmarks. |
System updates and patches | Remediation of unhealthy resources and recommendations is available at no additional cost for Arc enabled Servers |
Just-in-time virtual machine access | Just-in-time virtual machine access locks down machine ports to reduce the attack surface. To use this feature, Defender for Cloud must be enabled on the subscription. |
File Integrity Monitoring | Examines files and registries for changes that might indicate an attack. A comparison method is used to determine whether suspicious modifications have been made to files. |
Docker Host hardening | Assesses containers hosted on Linux machines running Docker containers, and then compares them with the Center for Internet Security (CIS) Docker Benchmark |
Network Map | Provides a geographical view of recommendations for hardening your network resources. (Azure hosted resources only) |
Agentless Scanning | Scans Azure virtual machines by using cloud APIs to collect data. |
Log Analytics 500MB free data ingestion | Free data ingestion for the following data types: SecurityAlert SecurityBaseline SecurityBaselineSummary SecurityDetection SecurityEvent WindowsFirewall ProtectionStatus Update & UpdateSummary MDCFileIntegrityMonitoringEvents
Note: Your daily allowance is based on the total of servers x 500MB. If one server uses 200MB and the other uses 700MB, your total is 900MB, and therefore under the 1000MB limit. |
Supported Platforms
Microsoft Defender for Servers is supported on the following operating systems and cloud platforms. However there are both patch and hardware requirements which are covered off later within this eBook.
Windows Server
Windows Server 2012 R2
Windows Server 2016
Windows Server, version 1803 or later
Windows Server 2019 and later
Windows Server 2019 core edition
Windows Server 2022
Windows Server 2022 core edition
Windows Server 2025 (NEW!)
Linux Server
The following Linux server distributions and x64 (AMD64/EM64T) and x86_64 versions are supported:
Red Hat Enterprise Linux 7.2 or higher
Red Hat Enterprise Linux 8.x
Red Hat Enterprise Linux 9.x
CentOS 7.2 or higher
Ubuntu 16.04 LTS
Ubuntu 18.04 LTS
Ubuntu 20.04 LTS
Ubuntu 22.04 LTS
Ubuntu 24.04 LTS
Debian 9 - 12
SUSE Linux Enterprise Server 12.x
SUSE Linux Enterprise Server 15.x
Oracle Linux 7.2 or higher
Oracle Linux 8.x
Oracle Linux 9.x
Amazon Linux 2
Amazon Linux 2023
Fedora 33-38
Rocky 8.7 and higher
Rocky 9.2 and higher
Alma 8.4 and higher
Alma 9.2 and higher
Mariner 2
Cloud Platforms
Azure
AWS
GCP
Interested to know more?
Buy your discounted copy of Demystifying Microsoft Defender for Servers here.
Comments