Understand endpoint detection and response

With Microsoft Defender for Servers, you gain access to and can deploy Microsoft Defender for Endpoint to your server resources. Microsoft Defender for Endpoint is a holistic, cloud-delivered, endpoint security solution. The main features include:

• Risk-based vulnerability management and assessment
• Attack surface reduction
• Behavioral based and cloud-powered protection
• Endpoint detection and response (EDR)
• Automatic investigation and remediation
• Managed hunting services

You can learn about Defender for Cloud's integration with Microsoft Defender for Endpoint by watching this video from the Defender for Cloud in the Field video series: Defender for Servers integration with Microsoft Defender for Endpoint

For more information about migrating servers from Defender for Endpoint to Defender for Cloud, see the Microsoft Defender for Endpoint to Microsoft Defender for Cloud Migration Guide.

Benefits of integrating Microsoft Defender for Endpoint with Defender for Cloud

Microsoft Defender for Endpoint protects your Windows and Linux machines whether they're hosted in Azure, hybrid clouds (on-premises), or multicloud environments.

The protections include:

• Advanced post-breach detection sensors. Defenders for Endpoint's sensors collect a vast array of behavioral signals from your machines.

• Vulnerability assessment from Microsoft Defender Vulnerability Management. With Microsoft Defender for Endpoint installed, Defender for Cloud can show vulnerabilities discovered by Defender Vulnerability Management and also offer this module as a supported vulnerability assessment solution. Learn more in Investigate weaknesses with Microsoft Defender Vulnerability Management.

  This module also brings the software inventory features described in Access a software inventory and can be automatically enabled for supported machines with the auto deploy settings.

• Analytics-based, cloud-powered, post-breach detection. Defender for Endpoint quickly adapts to changing threats. It uses advanced analytics and big data. It's amplified by the power of the Intelligent Security Graph with signals across Windows, Azure, and Office to detect unknown threats. It provides actionable alerts and enables you to respond quickly.

• Threat intelligence. Defender for Endpoint generates alerts when it identifies attacker tools, techniques, and procedures. It uses data generated by Microsoft threat hunters and security teams, augmented by intelligence provided by partners.

When you integrate Defender for Endpoint with Defender for Cloud, you gain access to the benefits from the following extra capabilities:

• Automated onboarding. Defender for Cloud automatically enables the Defender for Endpoint sensor on all supported machines connected to Defender for Cloud.

• Single pane of glass. The Defender for Cloud portal pages displays Defender for Endpoint alerts. To investigate further, use Microsoft Defender for Endpoint's own portal pages where you'll see additional information such as the alert process tree and the incident graph. You can also see a detailed machine timeline that shows every behavior for a historical period of up to six months.

  

What are the requirements for the Microsoft Defender for Endpoint tenant?

A Defender for Endpoint tenant is automatically created, when you use Defender for Cloud to monitor your machines.

• Location: Data collected by Defender for Endpoint is stored in the geo-location of the tenant as identified during provisioning. Customer data - in pseudonymized form - might also be stored in the central storage and processing systems in the United States. After you've configured the location, you can't change it. If you have your own license for Microsoft Defender for Endpoint and need to move your data to another location, contact Microsoft support to reset the tenant.

• Moving subscriptions: If you've moved your Azure subscription between Azure tenants, some manual preparatory steps are required before Defender for Cloud will deploy Defender for Endpoint. For full details, contact Microsoft support.

Related content

• Enable the Microsoft Defender for Endpoint integration