Install Microsoft Defender for Endpoints on Windows servers.

The Windows Server operating system is now supported by Defender for Endpoint. With this functionality, the Microsoft 365 Defender console offers improved attack detection and investigation capabilities. Support for Windows Server allows reaction actions, offers coverage for kernel and memory attack detection, and offers better visibility into server activity.

How to enroll particular Windows servers to Microsoft Defender for Endpoint is covered in this post.

See Windows Security Baselines for instructions on how to get and utilize Windows Security Baselines for Windows servers.

Overview of Windows Server onboarding

To effectively onboard servers, you must follow the general processes listed below.


Microsoft Defender for Servers integration

Microsoft Defender for Endpoint and Microsoft Defender for Servers work together without any issues. As a Microsoft Defender for Cloud customer, you may automatically onboard servers, have servers being watched by Microsoft Defender for Cloud appear in Defender for Endpoint, and carry out in-depth investigations. Visit Protect your endpoints with Defender for Cloud’s integrated EDR solution for more details. Endpoint Security from Microsoft.

Microsoft Windows Server 2016 and Windows Server 2012 R2:

· Download the installation and orientation files.

· Install the setup package.

· Observe the onboarding procedures for the relevant tool.

Windows Server 2019 and Windows Server Semi-Annual Enterprise Channel:

· Get the onboarding packet here

· Observe the onboarding procedures for the relevant tool.

2012 R2 and 2016 versions of Windows Server:

New features of Windows Server 2012 R2 and 2016 in the contemporary unified solution

Prior to April 2022, Windows Server 2012 R2 and Windows Server 2016 onboarding required the deployment of the Microsoft Monitoring Agent (MMA).

By eliminating installation requirements and processes, the new unified solution package streamlines the server onboarding process. Additionally, it offers a greatly increased feature set. Please see Defending Windows Server 2012 R2 and 2016 for further details.

The unified solution installs Microsoft Defender Antivirus and/or the EDR sensor, depending on the server you’re onboarding. The components that are installed and those that come standard are listed in the following table.

Microsoft Windows Server 2012 R2 prerequisites

There are no further prerequisites, and the needs listed below will already be met, if you have properly updated your computers with the most recent monthly rollup package.

To determine whether the minimal prerequisites have been satisfied for a successful installation, the installer package will check if the aforementioned components have previously been updated via an update: ·

Update for customer experience and diagnostic telemetry ·

Update for Universal C Runtime in Windows ·

Security Update for Windows Server 2012 R2 (KB3045999)

Microsoft Windows Server 2016 prerequisites

Installing the most recent SSU and LCU versions on the server is advised.

· It is necessary to install the Servicing Stack Update (SSU) from September 14, 2021 or later.

· Installing the most recent cumulative update (LCU) requires that it be from after September 20, 2018.

· Make sure Microsoft Defender Antivirus is updated and enabled. See Re-enable Defender Antivirus on Windows Server if it was disabled and Re-enable Defender Antivirus on Windows Server if it was removed for further details on how to activate Defender Antivirus on Windows Server.

· Ascertain that Microsoft Defender Antivirus is activated and up to date. For further information on how to activate Defender Antivirus on Windows Server, see Re-enable

Defender Antivirus on Windows Server if it was uninstalled and Re-enable Defender Antivirus on Windows Server if it was deactivated.

Conditions needed to use third-party security solutions

Microsoft Defender Antivirus must be operated in passive mode if you want to utilize a third-party anti-malware program me. Throughout the installation and onboarding process, you must keep in mind to switch to passive mode.

Microsoft Defender for Endpoint update packages for Windows Server 2012 R2 and 2016

Make sure Windows Update KB5005292 is installed or approved if you want to regularly receive product updates and fixes for the EDR Sensor component. Additionally, see Manage Microsoft Defender Antivirus updates and apply baselines to keep security components up to date.

This new “Microsoft Defender for Endpoint update for EDR Sensor” is accessible under the category “Microsoft Defender for Endpoint” if you’re using Windows Server Update Services (WSUS) and/or Microsoft Endpoint Configuration Manager.

Professional Labs is the Best Cloud Managed Services Provider Oman, for more details contact
Contact Us | Professional labs (