Microsoft Defender for Endpoint Now Offers Protections for Windows Server 2012 R2 and Windows Server 2016
Microsoft on Monday announced that its Microsoft Defender for Endpoint security solution now supports older Windows Server products, namely Windows Server 2012 R2 and Windows Server 2016.
The Microsoft Defender for Endpoint support for those older server products is now at the "general availability" (GA) commercial-release stage, having been at the preview stage back in October. Microsoft Defender for Endpoint (previously called "Microsoft Defender Advanced Threat Protection") had some support for those older server products earlier. However, with this GA release, Microsoft has introduced a "revamped solution stack," which apparently ups its functionality and eases things greatly for IT pros.
For instance, Microsoft is claiming that the new Microsoft Defender for Endpoint protections for Windows Server 2012 R2 and Windows Server 2016, now at GA, are essentially "functionally equivalent" the protections already obtained for Windows Server 2019.
Microsoft further explained that equivalence. The announcement stated that "all environment requirements around connectivity are the same and you can use the same Group Policy, PowerShell commands and Microsoft Endpoint Configuration Manager* to manage configuration."
The Microsoft Monitoring Agent (MMA) isn't required anymore with the revamped solution stack, so orgs that previously used MMA with Configuration Manager have to follow some Server migration steps if they want to tap the new improvements, the announcement clarified.
Perks for Older Servers
Organizations using Windows Server 2012 R2 and Windows Server 2016 get many perks with the revamped Microsoft Defender for Endpoint security solution.
For instance, the revamp is bringing Microsoft Defender Antivirus protection for those older servers. Organizations will have access to Attack Surface Reduction rules and can implement Potentially Unwanted Application blocking. They'll also get "endpoint detection and response in block mode," which adds protections when Microsoft Defender Antivirus "is not the primary antivirus product" that's running. An Automated Investigation and Response capability kicks in with security alerts, too, and much more.
The protections afforded with the revamped Microsoft Defender for Endpoint were "previously only available on Windows Server 2019 and later," explained Tanmay Ganacharya, partner director for security research for Microsoft Defender for Endpoint, in a Monday Twitter post.
The enhanced Microsoft Defender for Endpoint support for Windows Server 2012 R2 may seem to be arriving a bit late, since the product is only supported through Oct. 10, 2023. However, Microsoft has an Extended Security Update program in place for the server, an option that pushes out its end-of-life date by about three more years to 2026 for those willing to pay for it. Lifecycle details can be found at this Microsoft search page.
Requirements and Licensing
Microsoft has already updated its documentation for organizations wanting to take advantage of the revamped solution stack for Microsoft Defender for Endpoint. There are lots of caveats to follow. Many IT pro deployment questions were answered within the Monday announcement by Paul Huijbregts, a Microsoft Tech Community employee.
Top-tier E5-type licensing is needed to use Microsoft Defender for Endpoint, which could dampen enthusiasm a bit for the new enhancements. Update 4/13: E5 licensing is only required "if you need MDE on servers," explained Wes Miller, a Directions on Microsoft analyst and Microsoft licensing expert, in a Twitter post. "It needs a secondary license if you go that way."
Organizations can also license Microsoft Defender for Endpoint via Microsoft's Plan 1 and Plan 2 offerings.
"The new Microsoft Defender for Servers Plan 1 mentioned (licensed through Azure) doesn't require E5 on clients and is probably the most cost effective now," Miller added.
Huijbregts had two additional news tidbits to convey regarding the announcement. First, the revamped solution stack can be tried by users of "the new Microsoft Defender for Server P1 offering." Second, users of "the existing Microsoft Defender for Server (now labeled P2)" product can start "gradually upgrading from the current, MMA-based solution, in the following weeks."
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.