Microsoft Defender for Endpoint: how to protect Servers

Microsoft Defender for Endpoint

Questo articolo รจ disponibile anche in lingua italiana al seguente link: Microsoft Defender for Endpoint: proteggere i server |

New chapter about Microsoft Defender for Endpoint and today we will see how to protect servers.

All servers are managed by Azure Security Center. The licensing is different from Windows 10 because necessary enable the Azure Defender plan and this means 15 euro/server. All the servers onboarded with Microsoft Management Agent (MMA) will are able to be protected with Microsoft Defender.


To onboard a server there are many ways: for example, if you have many servers is better use Microsoft Endpoint Configuration Manager (aka SCCM) or Group Policy Object (GPO). In this case I will deploy the agent manually and the process change by Operating Systems because from Windows Server 2008 R2 to Windows Server 2016 is required use the MMA but from Windows Server v1803 and above must be used a .bat file with onboarding process. The reason is because the new versions integrate by default Windows Security Defender.

Onboarding via MMA
Download Onboarding Script
Onboarding via Script

Onboarding via MECM

With Microsoft Endpoint Configuration Manager the onboarding process changes between Windows Server v1803 and previous versions.

Onboarding via MECM for Windows Server 2016 and previous


After few minutes the server will be available into Microsoft Defender web portal.

Protect from Malware

The procedure to protect items from malware, like Egregor, is the same of clients and if you want more details, check this article: Microsoft Defender for Endpoint: prevent Egregor Ransomware.

Get Started

Onboard Windows servers to the Microsoft Defender for Endpoint service