Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Defender for Servers plan in Microsoft Defender for Cloud reduces security risk and exposure for machines in your organization. It provides recommendations to improve and remediate security posture. Defender for Servers also protects machines against real-time security threats and attacks.
Benefits
Defender for Servers offers several security benefits.
- Protect Azure and on-premises machines: Defender for Servers protects Windows and Linux machines in Azure, and on-premises.
- Centralize management and reporting: Defender for Cloud offers a single view of monitored resources, including machines protected by Defender for Servers. Filter, sort, and cross-reference data to understand, investigate, and analyze machine security.
- Integrate with Defender services: Defender for Servers integrates natively with security capabilities provided by Defender for Endpoint and Microsoft Defender Vulnerability Management.
- Improve posture and reduce risk: Defender for Servers assesses the security posture of machines against compliance standards and provides security recommendations to remediate and improve security posture.
- Protect against threats in near real-time: Defender for Servers identifies and analyzes real-time threats and issues security alerts as needed.
- Get intelligent threat detection: Defender for Cloud evaluates events and detects threats using advanced security analytics and machine-learning technologies with multiple threat intelligence sources, including the Microsoft Security Response Center (MSRC).
Plan protection features
Plan features are summarized in the table.
| Feature | Plan support | Details |
|---|---|---|
| Azure and hybrid support | Supported in Plan 1 and 2 | Defender for Servers can protect Azure VMs, and on-premises machines connected to Defender for Cloud. Review Defender for Servers support and requirements. |
| Threat detection (OS-level) | Supported in Plan 1 and 2 | Defender for Endpoint integration provides OS-level threat detection. |
| Integrated alerts and incidents | Supported in Plan 1 and 2 | Defender for Endpoint alerts and incidents for connected machines are displayed in Microsoft Defender for Cloud, with drill-down in the Defender portal. Learn more. |
| Threat detection (Azure network layer) | Supported in Plan 2 only | Agentless detection identifies threats directed at the control plane on the network, including network-based security alerts for Azure VMs. |
| OS baseline misconfigurations | OS recommendations based on Linux and Windows compute security baselines are supported in Plan 2 only. Other MCSB recommendations in Defender for Cloud continue to be included in free foundational posture management. |
Defender for Cloud assesses and enforces security configurations using built-in Azure policy initiatives, including its default Microsoft Cloud Security Benchmark (MCSB) initiative. Defender for Servers collects machine information using the Azure machine configuration extension. |
| Regulatory compliance assessment | Supported in Plan 1 and 2 | As part of its free foundational posture management, Defender for Cloud provides a couple of default compliance standards. If you have a Defender for Servers plan enabled (or any other paid plan), you can enable other compliance standards. |
| Just-in-time virtual machine access | Supported in Plan 2 only | Just-in-time virtual machine access locks down machine ports to reduce the attack surface. |
| Network map | Supported in Plan 2 only | The network map provides a geographical view of recommendations for hardening your network resources. |
| Free data ingestion (500 MB) | Supported in Plan 2 only | Free data ingestion is available for specific data types in Log Analytics workspaces. Learn more. |
Deployment scope
Enable Defender for Servers at the subscription level, but you can enable and disable Defender for Servers at the resource level if you need deployment granularity, as follows:
| Scope | Plan 1 | Plan 2 |
|---|---|---|
| Enable for an Azure subscription | Yes | Yes |
| Enable for a resource | Yes | No |
| Disable for a resource | Yes | Yes |
- Enable and disable Plan 1 at the resource level per server.
- Plan 2 can't be enabled at the resource level, but you can disable it at the resource level.
After enabling
After you enable a Defender for Servers plan, the following rules apply:
- Trial period: A 30-day trial period begins. You can't stop, pause, or extend this trial period. To enjoy the full 30-day trial, plan ahead to meet your evaluation goals.
- Endpoint protection: Microsoft Defender for Endpoint extension is automatically installed on all supported machines connected to Microsoft Defender for Cloud. Disable automatic provisioning if needed.
- Vulnerability assessment: Microsoft Defender Vulnerability Management is enabled by default on machines with the Microsoft Defender for Endpoint extension installed.
- File integrity monitoring: You set up file integrity monitoring after enabling Defender for Servers Plan 2.
Related content
- Plan your Defender for Servers deployment.
- Review common questions about Defender for Servers.