Share via

Licenses & Pre-requisites aren't clear for Security Management with Microsoft Defender for Endpoint

Ranjithkumar Duraisamy 226 Reputation points
2024-12-03T15:49:52.8866667+00:00

Hi, I would like to understand a few things from the perspective of Defender for Servers. Before that, let me tell you the scenario that made me ask these questions!

Scenario:

  1. Built a couple of servers(Domain joined - 1 and Workgroup - 1) on-prem in the motive of managing it through MDE.
  2. Ran on-boarding script on both servers
  3. Both servers immediately showed up over the MDE Portal

Questions:

  1. is there any specific license and pre-requisites required other than what already mentioned in the MS Learn?
  2. why are the servers not showing up in Intune or Entra ID Portal, where I was supposed to create groups and target policies for these servers?
  3. What's the ideal time for the synthetic registration in Entra ID/Intue? what logs or events should we verify to understand the delay in synthetic registration with Entra ID?
  4. How do we force it to happen?

Note: MDE Plan 2 is active in the tenant, Security management settings are already ON in the MDE.

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,874 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,365 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 50,676 Reputation points Microsoft Vendor
    2024-12-10T02:15:36.7833333+00:00

    @Ranjithkumar Duraisamy, thanks for posting in Q&A. For managing servers through Microsoft Defender for Endpoint (MDE), you need to ensure you have the appropriate licenses. Since you mentioned MDE Plan 2 is active, you're covered for the advanced features. However, for Defender for Servers, you need either:

    • Microsoft Defender for Servers Plan 1 or Plan 2 (part of Microsoft Defender for Cloud) 1.
    • Microsoft Defender for Endpoint for Servers.

    Additionally, ensure your servers meet the minimum requirements for onboarding to Defender for Endpoint, such as supported operating systems and necessary configurations

    https://learn.microsoft.com/en-us/defender-endpoint/minimum-requirements

    For windows server, this can't be enrolled into Intune. We can configure integration of Microsoft Defender for Endpoint with Intune and follow the link below to use Intune endpoint security policies to manage Microsoft Defender for Endpoint on windows servers that are not enrolled with Intune

    https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration

    In addition, please ensure the windows servers met the above requirement and onboard the device to Microsoft Defender for Endpoint to see if it can occur on Intune and Microsoft Entra ID.

    The synthetic registration process can vary, but typically it should complete within a few hours. If there are delays, you can check the following logs: Event Viewer: Look for logs under Applications and Services Logs > Microsoft > Windows > User Device Registration.to see if there's any finding.

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.