Microsoft Defender for Endpoint Preview Bringing Perks for Windows Server 2012 R2 and Windows Server 2016 Users
Microsoft this week announced a "revamped solution stack" for Microsoft Defender for Endpoint that promises to bolster protections and simplify setups when using Windows Server 2012 R2 and Windows Server 2016 products.
However, the added support for Windows Server 2012 R2 and Windows Server 2016 products in Microsoft Defender for Endpoint is still at the preview stage, and there are lots of caveats. Moreover, Microsoft Defender for Endpoint (formerly known as "Microsoft Defender Advanced Threat Protection") requires having top-tier E5-type licensing in place.
The E5 licensing requirement looked like kind of a buzz-kill, based on comments found in Microsoft's Twitter announcement on the new unified solution stack preview.
However, if organizations have that E5 licensing, then this so-called "modernized unified solution" promises to bring similar Microsoft Defender for Endpoint protections to those older servers that typically were just previously available in the Windows Server 2019 product. The announcement stated that "the solution is functionally equivalent to Microsoft Defender for Endpoint on Windows Server 2019."
Moreover, Group Policy templates used with Windows Server 2019 will work for the older servers.
"You can now use the Group Policy templates for Windows Server 2019 to manage Defender on Windows Server 2012 R2 & 2016," the announcement indicated.
Microsoft Defender for Endpoint Unified Solution Perks
Here's the list of improvements available for those older server products with the new unified solution package, according to a Microsoft "Onboard Windows servers" document description:
In addition, the new unified solution doesn't require using the Microsoft Monitoring Agent to get the Microsoft Defender for Endpoint protections. The use of this agent previously was required for Windows Server 2012 R2 and Windows Server 2016.
Microsoft offers this technical document for organizations wanting to switch from using the Microsoft Monitoring Agent approach. IT pros can use Microsoft Endpoint Configuration Manager for this switch, but it'll only be fully automated with the version 2111 release, the document explained, in a note.
Unified Solution Preview Caveats
The new unified solution stack for Microsoft Defender for Endpoint is just at the preview stage for use with Windows Server 2012 R2 and Windows Server 2016. The known issues, as described in Microsoft's "Onboard Windows servers" document, could be problematic.
For instance, the Azure Security Center won't yet show alerts, per the document:
For Windows Server 2012 R2 and 2016 running the modern unified solution preview, integration with Azure Security Center / Azure Defender for Servers for alerting and automated deployment is not yet available. Whilst you can install the new solution on these machines, no alerts will be displayed in Azure Security Center.
Also, the new unified solution stack doesn't have support for the "OMS Gateway" proxy server to connect to Microsoft Defender for Endpoint cloud services. It's just not supported.
Microsoft Defender Antivirus will lack a user interface when used with Windows Server 2012 R2 with the new unified solution stack preview. Microsoft Defender Antivirus "only allows for basic operations" on Windows Server 2016 with the preview.
Windows Server 2012 R2 and Windows Server 2016 users aren't getting all Attack Surface Reduction rules with the preview, the document indicated. The details weren't cataloged.
Lastly "operating system upgrades are not supported" when using the new unified solution stack preview.
Possibly, the above caveats are just temporary road blocks as Microsoft plans "to have full Azure Defender integration coming to public preview in Q1 of 2022!" per the announcement.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.