This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.
Today, we're excited to announce the release of Microsoft Defender for Endpoint’s unified agent integration with Microsoft Defender for Servers Plan 2. With this release, we align the integration experience between Microsoft Defender for Endpoint (MDE) and both Microsoft Defender for Servers Plans.
In April 2022, we introduced Microsoft Defender for Servers Plan 1 as an entry-level SKU that offers Cloud Security Posture Management (CSPM) capabilities such as Secure Score and security recommendations in addition to integration with Microsoft Defender for Endpoint. With its release, we also introduced integration with MDE’s unified solution that allows us to remove dependency with Log Analytics Agent and the workspace solution to deploy MDE to down-level Windows operating systems. With today’s change, MDE integration is completely based on the two machine extensions MDE.Windows and MDE.Linux which are available for Azure VMs, and non-Azure machines that are connected through Azure Arc-enabled servers.
To enable the MDE unified solution in existing subscriptions you can opt-in on the subscription’s environment settings/integrations page.
When clicking the Enable unified solution button, you will be asked to confirm deployment to all existing and future Windows Server 2012 R2 and 2016 machines. Once done, Defender for Cloud will deploy the MDE.Windows extension to all Windows Server 2012 R2 and 2016 machines in that subscription. The extension will then install the MDE unified solution and connect it to your MDE backend while, at the same time, deactivating the legacy MDE sensor.
Frequently asked questions
Please see below answers to questions related to integration with the MDE unified solution.
What happens when the MDE unified solution is deployed to a machine that already had MDE integration enabled?
Once the MDE.Windows extension is deployed to a machine, it will try to install the MDE unified solution. Once the installation successfully completed, it will stop and disable the MDE process in Log Analytics agent.
What are the prerequisites to enable the MDE unified solution?
You need to enable one of the Defender for Servers plans and MDE integration with Defender for Cloud. Also, make sure your machines meet the networking requirements. For a list of system prerequisites, please see this documentation.
Will I lose access to a machine’s protection history in MDE by upgrading to the unified solution?
No, the unified solution will replace the legacy sensor using the same resource information in MDE. It will be a transparent change from an MDE perspective.
What are the benefits of upgrading to the new MDE unified solution?
The new MDE unified solution adds a variety of improvements over the legacy solution, such as Tamper Protection, EDR in block mode, improved detection capabilities, and more. For a full list of improvements, see this documentation. In addition, the new unified solution package removes all dependencies to Log Analytics agent for onboarding and integrating into Defender for Cloud.
Will I be forced to use the unified solution on my legacy Windows machines?
No, we do not force you to leverage the MDE unified solution. However, since it comes with several major improvements (see above), we encourage you to enable it.
How can I enable integration with the new unified solution at scale?
You can use the Microsoft.Security/settings REST API to programmatically enable the MDE unified solution on a subscription.
| Parameter | Value |
| API call | PUT |
| API URI | https://management.microsoft.com/subscriptions/<subscriptionId>/providers/Microsoft.Security/settings&api-version=2022-05-01-preview |
| API version | 2022-05-01 |
| JSON body |
Is the unified solution available on multicloud connectors?
Yes, the new MDE unified solution can be deployed to Azure VMs and non-Azure machines connected through Azure Arc. In addition it is automatically deployed when enabling any Defender for Servers plan on our multicloud connectors. To learn more about Defender for Cloud's multicloud capabilities, please see https://aka.ms/mdcmc.
Now, it’s your turn: go ahead, check it out, and let us know what you think about the new onboarding experience for MDE in Microsoft Defender for Servers.
Acknowledgements
Special thanks to Netta Norman and Erel Hansav for the great partnership and technical review.