This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 31%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EML%3C/text%3E%3C/svg%3E)
We are planning to migrate from Symantec® Endpoint Security to Microsoft, specifically looking for EDR and XDR features for our On Prem servers that have no connectivity to the internet. Should we use Defender for Endpoint or Defender for Servers? We are also considering if servers can connect using proxy.
Hi @milo last , Defender for Endpoint and Defender for Servers both provide endpoint protection, but they have different features and capabilities. Defender for Endpoint is a cloud-based solution that provides advanced endpoint protection, including endpoint detection and response (EDR) capabilities. It requires an internet connection to function properly. On the other hand, Defender for Servers is an on-premises solution that provides endpoint protection for servers. It does not require an internet connection to function properly.
If your servers have no connectivity to the internet, Defender for Servers would be the better choice for you. It provides endpoint protection for servers without requiring an internet connection. However, if you have some servers that can connect using a proxy, you can use Defender for Endpoint for those servers.
It's important to note that if you choose Defender for Servers, you will not have access to the advanced EDR capabilities provided by Defender for Endpoint. However, Defender for Servers does provide basic endpoint protection for servers, including antivirus and antimalware protection.
If you have servers with no internet connectivity, Defender for Servers would be the better choice for you. If you have some servers that can connect using a proxy, you can use Defender for Endpoint for those servers.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.000000000000004%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
Microsoft Defender for Server, on the other hand, is designed to protect servers specifically and doesn't require an internet connection for its core functionality. It provides threat protection using built-in sensors that monitor server system events and behaviors.
You could also look into using Microsoft Configuration Manager for device management. Here is a guide for best practice from Microsoft: