Defending Windows Server 2012 R2 and 2016

Published Oct 07 2021 04:03 PM 30.7K Views
Microsoft

Introduction

In today's threat landscape protecting all your servers is critical, particularly with human-operated and sophisticated ransomware attacks becoming more prevalent. Our mission for endpoint protection is to cover all endpoints regardless of platform, clients, and servers, and inclusive of mobile, IoT and network devices.

 

Today, we are adding a broad set of prevention, detection and response capabilities, previously only available on Windows Server 2019 and later, to Microsoft Defender for Endpoint on Windows Server 2012R2 and 2016 using a modernized, completely revamped solution stack.

 

Introducing our modernized, unified solution for Windows Server 2012 R2 and 2016 (Public Preview)!

We are proud to introduce the public preview of a completely revamped Microsoft Defender for Endpoint solution stack for Windows Server 2012 R2 and Windows Server 2016. Whilst keeping up to date and upholding security hygiene is arguably still the best go-to when it comes to increasing resilience and reducing attack surface, we believe this modern, unified solution brings the best of the Microsoft Defender for Endpoint capabilities for prevention, detection, and response - in a single package.

 

PaulHb_0-1635896849196.png

 

Server onboarding steps. Note: Azure Defender integration and automated deployment will be available at a later time.

 

 

This new unified solution package reduces complexity by removing dependencies and installation steps. It also standardizes capabilities and functionality as it brings a very high level of parity with Microsoft Defender for Endpoint on Windows Server 2019:

 
PaulHb_1-1635896849524.png

 

Overview of capabilities per operating system

 

Aside from having no specific client prerequisites or dependencies, the solution is functionally equivalent to Microsoft Defender for Endpoint on Windows Server 2019; meaning, all environment requirements around connectivity are the same and you can use the same Group Policy, PowerShell commands and Microsoft Endpoint Configuration Manager* to manage configuration. The solution does not use or require the installation of the Microsoft Monitoring Agent (MMA).

 

Improving resiliency against human-operated ransomware attacks

To avoid security controls, we have often seen attackers leveraging machines with older operating systems inside our client’s environments. As such, the endpoint visibility required to detect and prevent modern-day ransomware attacks was at the center of many of our design decisions for this release.

 

Specifically, we modeled across the MITRE tactics which we felt provides the best chances of early alerting and emphasized capturing actionable telemetry across these. Some areas include:

 

  • Initial Access: Servers are often the first point of entry for motivated attackers. The ability to monitor signs of entry via publicly facing, vulnerable services is critical.
  • Credential Access: Servers often contain sensitive credentials in memory from Administrator maintenance or other activities. Enhanced memory protections help identify potential credential theft activities.
  • Lateral Movement: Improved user logon activity allows better mapping of attempted movement across the network to or from Servers
  • Defense Evasion: Improved hardening via tampering protection provides security controls the best chance of preventing Ransomware’s most harmful effects on high value assets, such as Servers.

 

Next steps

You can start testing today by simply visiting the Microsoft 365 Defender portal. If you have enabled preview features, you can download the installation and onboarding packages from the new onboarding page:

 

PaulHb_2-1635896849630.png

 

A screenshot of the new onboarding page option

PaulHb_3-1635896849631.png

 

A screenshot of the new installer

 

  • Before installation, please ensure your machines are fully updated and continue to apply the latest component updates containing important security improvements and bug fixes. For the EDR sensor on Windows Server 2012 R2 & 2016, we now have a new update package available: KB5005292. Note that at time of publication the EDR sensor component is already up to date so there may not yet be an update published. 
  • On Windows Server 2016, verify that Microsoft Defender Antivirus is installed, is active and up to date. You can download and install the latest platform version using Windows Update. Alternatively, download the update package manually from the Microsoft Update Catalog  or from the Antimalware and cyber security portal .
  • Ensure you meet all connectivity requirements; they match those for Windows Server 2019.
  • You can now use the Group Policy templates for Windows Server 2019 to manage Defender on Windows Server 2012 R2 & 2016.
  • Please take a look at New functionality in the modern unified solution for Windows Server 2012 R2 and 2016 Preview for known issues and limitations.
  • Microsoft Endpoint Configuration Manager 2107 with the hotfix rollup or later is required to support configuration of the preview solution, including through Microsoft Endpoint Configuration Manager tenant attach. Automated deployment and onboarding will be available upon GA.
  • We are also excited to have full Azure Defender integration coming to public preview in Q1 of 2022!

 

*If you have previously onboarded your servers using the Microsoft Monitoring Agent (MMA) either manually or though Microsoft Endpoint Configuration Manager, follow the guidance provided in Server migration for helpful steps to help you to migrate to the new solution. 

114 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-2824960%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2824960%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20fantastic%20news%2C%20thanks%20for%20the%20support%20on%20downlevel%20server%20OS!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783292%22%20slang%3D%22en-US%22%3EDefending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783292%22%20slang%3D%22en-US%22%3E%3CP%3E%3CFONT%20size%3D%225%22%3E%3CSTRONG%3EIntroduction%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3EIn%20today's%20threat%20landscape%20protecting%20all%20your%20servers%20is%20critical%2C%20particularly%20with%20human-operated%20and%20sophisticated%20ransomware%20attacks%20becoming%20more%20prevalent.%20Our%20mission%20for%20endpoint%20protection%20is%20to%20cover%20all%20endpoints%20regardless%20of%20platform%2C%20clients%2C%20and%20servers%2C%20and%20inclusive%20of%20mobile%2C%20IoT%20and%20network%20devices.%20Today%2C%20we%20are%20extending%20protections%20in%20Microsoft%20Defender%20for%20Endpoint%20that%20are%20already%20available%20for%20Windows%20Server%202019%20and%20later%20to%20Windows%20Server%202012R2%20and%202016.%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%225%22%3E%3CSTRONG%3EIntroducing%20our%20modern%2C%20unified%20solution%20for%20Windows%20Server%202012%20R2%20and%202016%20(Public%20Preview)!%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3EWe%20are%20proud%20to%20introduce%20the%20public%20preview%20of%20a%20completely%20revamped%20Microsoft%20Defender%20for%20Endpoint%20solution%20stack%20for%20Windows%20Server%202012%20R2%20and%20Windows%20Server%202016.%20Whilst%20keeping%20up%20to%20date%20and%20upholding%20security%20hygiene%20is%20arguably%20still%20the%20best%20go-to%20when%20it%20comes%20to%20increasing%20resilience%20and%20reducing%20attack%20surface%2C%20we%20believe%20this%20modern%2C%20unified%20solution%20brings%20the%20best%20of%20the%20Microsoft%20Defender%20for%20Endpoint%20capabilities%20for%20prevention%2C%20detection%2C%20and%20response%20-%20in%20a%20single%20package.%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22server-onboarding-tools-methods.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F316048i07EF37B276ACCB46%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22server-onboarding-tools-methods.png%22%20alt%3D%22Server%20onboarding%20steps.%20Note%3A%20Azure%20Defender%20integration%20and%20automated%20deployment%20will%20be%20available%20at%20a%20later%20time.%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EServer%20onboarding%20steps.%20Note%3A%20Azure%20Defender%20integration%20and%20automated%20deployment%20will%20be%20available%20at%20a%20later%20time.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3EThis%20new%20unified%20solution%20package%20reduces%20complexity%20by%20removing%20dependencies%20and%20installation%20steps.%20It%20also%20standardizes%20capabilities%20and%20functionality%20as%20it%20brings%20a%20very%20high%20level%20of%20parity%20with%20Microsoft%20Defender%20for%20Endpoint%20on%20Windows%20Server%202019%3A%3C%2FFONT%3E%3C%2FP%3E%0A%3CDIV%20id%3D%22tinyMceEditorPaulHb_0%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22PaulHb_0-1633643254431.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F316050i162700C6A1E870F7%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22PaulHb_0-1633643254431.png%22%20alt%3D%22Overview%20of%20capabilities%20per%20operating%20system%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EOverview%20of%20capabilities%20per%20operating%20system%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3EAside%20from%20having%20%3CSTRONG%3Eno%20specific%20client%20prerequisites%20or%20dependencies%3C%2FSTRONG%3E%2C%20the%20solution%20is%20functionally%20equivalent%20to%20Microsoft%20Defender%20for%20Endpoint%20on%20Windows%20Server%202019%3B%20meaning%2C%20all%20environment%20requirements%20around%20connectivity%20are%20the%20same%20and%20you%20can%20use%20the%20same%20Group%20Policy%2C%20PowerShell%20commands%20and%20Microsoft%20Endpoint%20Configuration%20Manager*%20to%20manage%20configuration.%20The%20solution%20does%20not%20use%20or%20require%20the%20installation%20of%20the%20Microsoft%20Monitoring%20Agent%20(MMA).%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3EImproving%20resiliency%20against%20human-operated%20ransomware%20attacks%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3ETo%20avoid%20security%20controls%2C%20we%20have%20often%20seen%20attackers%20leveraging%20machines%20with%20older%20operating%20systems%20inside%20our%20client%E2%80%99s%20environments.%20As%20such%2C%20the%20endpoint%20visibility%20required%20to%20detect%20and%20prevent%20modern-day%20ransomware%20attacks%20was%20at%20the%20center%20of%20many%20of%20our%20design%20decisions%20for%20this%20release.%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3ESpecifically%2C%20we%20modeled%20across%20the%20%3CA%20href%3D%22https%3A%2F%2Fattack.mitre.org%2Ftactics%2Fenterprise%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EMITRE%20tactics%3C%2FA%3E%20which%20we%20felt%20provides%20the%20best%20chances%20of%20early%20alerting%20and%20emphasized%20capturing%20actionable%20telemetry%20across%20these.%20Some%20areas%20include%3A%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3EInitial%20Access%3C%2FSTRONG%3E%3A%20Servers%20are%20often%20the%20first%20point%20of%20entry%20for%20motivated%20attackers.%20The%20ability%20to%20monitor%20signs%20of%20entry%20via%20publicly%20facing%2C%20vulnerable%20services%20is%20critical.%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3ECredential%20Access%3A%3C%2FSTRONG%3E%20Servers%20often%20contain%20sensitive%20credentials%20in%20memory%20from%20Administrator%20maintenance%20or%20other%20activities.%20Enhanced%20memory%20protections%20help%20identify%20potential%20credential%20theft%20activities.%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3ELateral%20Movement%3A%3C%2FSTRONG%3E%20Improved%20user%20logon%20activity%20allows%20better%20mapping%20of%20attempted%20movement%20across%20the%20network%20to%20or%20from%20Servers%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3EDefense%20Evasion%3A%3C%2FSTRONG%3E%20Improved%20hardening%20via%20tampering%20protection%20provides%20security%20controls%20the%20best%20chance%20of%20preventing%20Ransomware%E2%80%99s%20most%20harmful%20effects%20on%20high%20value%20assets%2C%20such%20as%20Servers.%3C%2FFONT%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3ENext%20steps%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3EYou%20can%20start%20testing%20today%20by%20simply%20visiting%20the%20%3CA%20href%3D%22https%3A%2F%2Fsecurity.microsoft.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20365%20Defender%20portal%3C%2FA%3E.%20If%20you%20have%20enabled%20preview%20features%2C%20you%20can%20download%20the%20installation%20and%20onboarding%20packages%20from%20the%20new%20onboarding%20page%3A%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22PaulHb_0-1632511603044.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F312752i3246B9097DA97C84%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22PaulHb_0-1632511603044.png%22%20alt%3D%22A%20screenshot%20of%20the%20new%20onboarding%20page%20option%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EA%20screenshot%20of%20the%20new%20onboarding%20page%20option%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22PaulHb_1-1632511342490.png%22%20style%3D%22width%3A%20304px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F312751i519BFF8F6A358785%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22PaulHb_1-1632511342490.png%22%20alt%3D%22A%20screenshot%20of%20the%20new%20installer%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EA%20screenshot%20of%20the%20new%20installer%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CFONT%20size%3D%224%22%3EBefore%20installation%2C%20please%20ensure%20your%20machines%20are%20fully%20updated%20and%20continue%20to%20apply%20the%20latest%20component%20updates%20containing%20important%20security%20improvements%20and%20bug%20fixes.%20For%20the%20EDR%20sensor%20on%20Windows%20Server%202012%20R2%20%26amp%3B%202016%2C%20we%20now%20have%20a%20new%20update%20package%20available%3A%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fmicrosoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EKB5005292%3C%2FA%3E.%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20size%3D%224%22%3E%3CSPAN%3EOn%20Windows%20Server%202016%2C%20verify%20that%20Microsoft%20Defender%20Antivirus%20is%20installed%2C%20is%20active%20and%20up%20to%20date.%20You%20can%20download%20and%20install%20the%20latest%20platform%20version%20using%20Windows%20Update.%20Alternatively%2C%20download%20the%20update%20package%20manually%20from%20the%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.catalog.update.microsoft.com%2FSearch.aspx%3Fq%3DKB4052623%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22pl-e%22%3EMicrosoft%20Update%20Catalog%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bor%20from%20the%20%3CA%20href%3D%22https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D870379%26amp%3Barch%3Dx64%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EAntimalware%20and%20cyber%20security%20portal%3C%2FA%3E%3C%2FSPAN%3E%3C%2FFONT%3E%3CFONT%20size%3D%224%22%3E.%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20size%3D%224%22%3EEnsure%20you%20meet%20all%20connectivity%20requirements%3B%20they%20match%20those%20for%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fconfigure-proxy-internet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EWindows%20Server%202019%3C%2FA%3E.%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20size%3D%224%22%3EYou%20can%20now%20use%20the%20Group%20Policy%20templates%20for%20Windows%20Server%202019%20to%20manage%20Defender%20on%20Windows%20Server%202012%20R2%20%26amp%3B%202016.%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20size%3D%224%22%3EPlease%20take%20a%20look%20at%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fconfigure-server-endpoints%23new-functionality-in-the-modern-unified-solution-for-windows-server-2012-r2-and-2016-preview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ENew%20functionality%20in%20the%20modern%20unified%20solution%20for%20Windows%20Server%202012%20R2%20and%202016%20Preview%3C%2FA%3E%20for%20known%20issues%20and%20limitations.%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20size%3D%224%22%3EWe%20are%20also%20excited%20to%20have%20full%20Azure%20Defender%20integration%20coming%20to%20public%20preview%20in%20Q1%20of%202022!%3C%2FFONT%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%223%22%3E*If%20you%20have%20previously%20onboarded%20your%20servers%20using%20the%20Microsoft%20Monitoring%20Agent%20(MMA)%20either%20manually%20or%20though%20Microsoft%20Endpoint%20Configuration%20Manager%2C%20follow%20the%20guidance%20provided%20in%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fserver-migration%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EServer%20migration%3C%2FA%3E%26nbsp%3Bfor%20helpful%20steps%20to%20help%20you%20to%20migrate%20to%20the%20new%20solution.%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2783292%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22PaulHb_1-1633463641870.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F315391i41141BBB6316075B%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22PaulHb_1-1633463641870.png%22%20alt%3D%22Industry-leading%20endpoint%20security%20across%20platforms%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EIndustry-leading%20endpoint%20security%20across%20platforms%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3EReducing%20complexity%20and%20improving%20resiliency%20with%20the%20new%20unified%20solution%20package%20for%20Microsoft%20Defender%20for%20Endpoint%20for%20Windows%20Server%202012%20R2%20and%20Windows%20Server%202016.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2825979%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2825979%22%20slang%3D%22en-US%22%3E%3CP%3EAwesome%2C%20many%20have%20been%20waiting%20for%20this!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2826216%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2826216%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20news.%20In%20essence%2C%20does%20this%20mean%20that%20we%20now%20have%20native%20anti-virus%20protection%20for%20Windows%202012%20R2%3F%20Up%20until%20now%2C%20Windows%20Defender%20Anti-Virus%20is%20only%20available%20for%20Windows%202016%20and%20above.%20Microsoft%20Defender%20for%20Endpoint%20did%20not%20include%20an%20AV%20solution%20as%20it%20was%20reliant%20on%20the%20existing%20solution%20and%20was%20an%20XDR%20solution%3F%3CBR%20%2F%3E%3CBR%20%2F%3ESecondly%2C%20has%20any%20behaviour%20changed%20in%20terms%20of%20re-enabling%20Windows%20Anti-virus%20for%20Defender%20on%20a%202016%20server%20if%20a%20third-party%20were%20previously%20installed%20and%20then%20removed%3F%20I've%20seen%20cases%20where%20a%20well%20known%20third-party%20AV%20solution%20has%20been%20removed%20from%202016%20and%20MDfE%20installed%20but%20the%20underlying%20Windows%20Defender%20AV%20feature%20remains%20disabled%20so%20no%20AV%20protection.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2827196%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2827196%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F23526%22%20target%3D%22_blank%22%3E%40Paul%20Bendall%3C%2FA%3E%26nbsp%3Bthis%20indeed%20means%20the%20unified%20install%20package%20delivers%20Defender%20Antivirus%20on%20Windows%20Server%202012R2%20to%20Microsoft%20Defender%20for%20Endpoint%20customers.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20recommendation%20on%20server%20OS%20is%20to%20remove%20Defender%20if%20you%20are%20using%20a%20third%20party%20AV%20solution%20-%20unless%20you%20are%20using%20passive%20mode%20which%20is%20only%20available%20when%20running%20Microsoft%20Defender%20for%20Endpoint.%20This%20mode%20is%20now%20also%20available%20with%20the%20new%20solution.%20Please%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fmicrosoft-defender-antivirus-compatibility%3Fview%3Do365-worldwide%23antivirus-protection-with-defender-for-endpoint%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Eread%20more%20about%20this%20here%3C%2FA%3E.%20%3CBR%20%2F%3EFor%202016%20servers%20where%20you%20are%20already%20in%20a%20disabled%20state%20and%20you%20are%20switching%20from%203rd%20party%20read%20up%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fswitch-to-microsoft-defender-setup%3Fview%3Do365-worldwide%23reinstallenable-microsoft-defender-antivirus-on-your-endpoints%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehere.%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EOnce%20you%20have%20followed%20the%20instructions%20at%20the%20link%20above%20(remove%20disablement%20and%2For%20install%20the%20feature)%20and%20you%20notice%20Defender%20is%20still%20not%20running%20%E2%80%9Cmpcmdrun.exe%20-wdenable%E2%80%9D%20usually%20does%20the%20trick.%20Don%E2%80%99t%20forget%20to%20update%20the%20OS%2C%20including%20Defender%20Antivirus%20platform%20updates%2C%20all%20the%20way%20to%20the%20latest%20(at%20time%20of%20writing%204.18.2109.6)%20product%20version%20before%20installing%20the%20package.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2827715%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2827715%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3Ecould%20the%20new%20MDE%20agent%20co-exist%20with%20the%20MMA%20agent%20when%20it%20is%20used%20by%20the%20customer%20for%20Log%20analytics%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3EMichael%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2827722%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2827722%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F424288%22%20target%3D%22_blank%22%3E%40thommck%3C%2FA%3E%26nbsp%3Bthis%20is%20a%20revamped%20solution%20stack%20-%20there%20is%20indeed%20an%20existing%20solution%20already.%20Note%20all%20the%20new%20features!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2827805%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2827805%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F93886%22%20target%3D%22_blank%22%3E%40Michael%20Obernberger%3C%2FA%3E%26nbsp%3Byes.%20When%20you%20install%20the%20new%20solution%2C%20the%20MMA%20will%20no%20longer%20be%20used%20by%20Microsoft%20Defender%20for%20Endpoint%20-%20but%20the%20MMA%20will%20stay%20as%20is%20and%20if%20you%20have%20other%20workspaces%20connected%20they%20will%20continue%20to%20function.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2828251%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2828251%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20do%20we%20download%20the%20EDR%20sensor%20update%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fmicrosoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EKB5005292%26nbsp%3B%3C%2FA%3E%3CSPAN%3EClicking%20on%20the%20link%20takes%20you%20to%20Microsoft%20Catalog%20site%20with%20no%20results%2C%20confusing..%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2828265%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2828265%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1035318%22%20target%3D%22_blank%22%3E%40GeoffMauch%3C%2FA%3E%26nbsp%3Bthe%20current%20package%20contains%20the%20most%20up%20to%20date%20version%20of%20the%20EDR%20sensor%20already%3A%20as%20such%2C%20there%20is%20no%20update%20package%20available%26nbsp%3Byet%20(as%20there%20is%20nothing%20to%20update).%20Thanks%20for%20the%20interest!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2829163%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2829163%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20great%20news%20and%20looking%20forward%20to%20trying.%20On%20another%20note%2C%20are%20there%20any%20upcoming%20changes%2Fenhancements%20%26nbsp%3Baround%20support%20for%20offline%20devices%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20support%20a%20point-of-sale%20environment%20%26nbsp%3Band%20the%20current%20solution%20to%20support%20offline%20devices%20is%20a%20bit%20cumbersome.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fonboard-offline-machines%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fonboard-offline-machines%3Fview%3Do365-worldwide%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2829492%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2829492%22%20slang%3D%22en-US%22%3E%3CP%3EWhy%20don%E2%80%99t%20you%20support%20Windows%20Server%202012%20(not%20R2)%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2834167%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2834167%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20indeed%20wonderful%20news!%20Do%20we%20know%20by%20when%20this%20will%20move%20from%20Preview%20to%20GA%3F%20Any%20timelines%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2827537%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2827537%22%20slang%3D%22en-US%22%3E%3CP%3EWait%20what!%3F%20I'm%20confused%20%3Adizzy_face%3A%3C%2FP%3E%3CP%3EI%20thought%20Defender%20for%20Endpoint%20was%20already%20available%20to%20older%20OS%20(including%202008R2)%20through%20the%20Azure%20Defender%20for%20Servers%20licence.%3C%2FP%3E%3CP%3EThat's%20certainly%20what%20this%20page%20makes%20it%20look%20like%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-wdatp%3Ftabs%3Dwindows%23availability%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-wdatp%3Ftabs%3Dwindows%23availability%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20am%20I%20not%20understanding%3F%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22thommck_0-1633707411884.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F316228i7068A170381C180C%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22thommck_0-1633707411884.png%22%20alt%3D%22thommck_0-1633707411884.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2834741%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2834741%22%20slang%3D%22en-US%22%3E%3CP%3EBeen%20waiting%20for%20this.%20But%2C%20just%20like%20everything%20else%20that%20you've%20done%20with%20the%20Defender%20platform%2C%20you're%20making%20people%20jump%20through%20hoops.%26nbsp%3B%20The%20md4ws.msi%20can't%20be%20installed%20from%20a%20remote%20desktop%20session%20...%20are%20you%20guys%20kidding%20me.%26nbsp%3B%20All%20these%20pre-requisites%20to%20take%20care%20of%20that%20is%20confusing%20and%20links%20to%2010%20different%20pages%20...%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2834820%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2834820%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1182266%22%20target%3D%22_blank%22%3E%40yycc1%3C%2FA%3E%26nbsp%3B-%20can%20you%20elaborate%20on%20not%20being%20able%20to%20install%20from%20a%20remote%20desktop%20session%20please%2C%20do%20you%20have%20an%20example%20of%20those%20links%20to%2010%20different%20pages%20-%20we've%20put%20in%20a%20lot%20of%20effort%20to%20update%20the%20documentation%2C%20what%20did%20we%20miss%3F%20As%20long%20as%20you%20have%20administrative%20permissions%2C%20you%20should%20be%20able%20to%20install.%20Thanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2834826%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2834826%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F477867%22%20target%3D%22_blank%22%3E%40tanves%3C%2FA%3E%26nbsp%3Bwe%20are%20working%20hard%20to%20give%20it%20the%20GA%20seal%20of%20approval%20as%20soon%20as%20possible%2C%20but%20I%20can't%20give%20an%20ETA%20just%20yet%20-%20keep%20checking%20back%20here%20and%20thanks%20for%20the%20interest!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2834844%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2834844%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1180269%22%20target%3D%22_blank%22%3E%40JDogg0514%3C%2FA%3E%26nbsp%3BDefender%20Antivirus%20can%20be%20used%20%22disconnected%22%20on%20all%20supported%20platforms%20(%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-for-endpoint%2Fprotecting-disconnected-devices-with-microsoft-defender-atp%2Fba-p%2F500341%22%20target%3D%22_blank%22%3EProtecting%20disconnected%20devices%20with%20Microsoft%20Defender%20ATP%20-%20Microsoft%20Tech%20Community%3C%2FA%3E).%20But%20please%20note%20that%20Microsoft%20Defender%20for%20Endpoint%20provides%20not%20only%20security%20monitoring%20and%20centralized%20security%20operations%20but%20also%20cloud-delivered%20additional%20protection%20against%20new%20threats%20-%20which%20are%20crucial%20capabilities%20to%20have%20the%20best%20defense.%20As%20such%2C%20we%20highly%20recommend%20considering%20to%20connect%20the%20environment%20using%20outbound-only%20proxy%20or%20alike%20solutions%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fconfigure-proxy-internet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fconfigure-proxy-internet%3C%2FA%3E).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2835110%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2835110%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F49633%22%20target%3D%22_blank%22%3E%40PaulHb%3C%2FA%3E%26nbsp%3B%20%26nbsp%3Bplease%20see%20my%20comments%20below.%26nbsp%3B%20I%20reproduced%20my%20steps%20for%20you%20with%20comments.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20wording%20is%20very%20perplexing%3A%20%22The%20new%20unified%20solution%20package%20makes%20it%20easier%20to%20onboard%20servers%20by%20removing%20dependencies%20and%20installation%20steps.%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20main%20article%20link%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fconfigure-server-endpoints%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fconfigure-server-endpoints%3Fview%3Do365-worldwide%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2)%20says%20to%20onboard%20using%20new%20method%2C%20follow%20this%20link%20for%20server%20migration%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fserver-migration%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fserver-migration%3Fview%3Do365-worldwide%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E3)%20make%20sure%20you're%20on%20KB5005292%20but%20it%20brings%20you%20to%20a%20invalid%20page%2Fsearch%20on%20the%20catalog%20site%20(I'm%20doing%20this%20setup%20as%20a%20one-off%20on%20a%20test%20server%20and%20was%20going%20to%20manually%20download%20the%20update%2Fetc).%26nbsp%3B%20Fiddling%20around%2C%20I%20eventually%20find%20it%20the%20intended%20KB%20on%20another%20machine.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.catalog.update.microsoft.com%2FSearch.aspx%3Fq%3DKB5005292%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.catalog.update.microsoft.com%2FSearch.aspx%3Fq%3DKB5005292%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E4)%20on%20the%20server%20migration%20page%2C%20there's%20like%204%20different%20install%20options%20depending%20on%20how%20you%20onboarded%20something%20previously.%20why%20can't%20it%20be%20simple.%20for%20all%20the%20resouces%20at%20your%20disposal%2C%20it's%20so%20manual.%26nbsp%3B%20The%20section%20that%20starts%20with%20%22Installer%20Script%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22To%20facilitate%20upgrades%20when%20Microsoft%20Endpoint%20Configuration%20Manager%20or%20Azure%20Defender%20are%20not%20in%20use%20or%20not%20yet%20available%20to%20perform%20the%20upgrade%2C%20you%20can%20use%20this%26nbsp%3Bupgrade%20script.%20It%20can%20help%20automate%20the%20following%20required%20steps%3A%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fserver-migration%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fserver-migration%3Fview%3Do365-worldwide%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E5)%20finally%2C%20I%20say%20F%20it%20and%20go%20directly%20to%20the%20onboarding%20page.%20For%202012R2%20and%202016%20preview%2C%20now%20I%20have%20to%20choose%20between%20a%20'download%20installation%20package'%20or%20'download%20onboarding%20package'.%26nbsp%3B%26nbsp%3BWhich%20one%20am%20I%20supposed%20to%20use%3F%3F%3F%20How%20do%20I%20know%20that%20my%20server%20has%20properly%20installed%20whatever%20list%20of%20pre-requisites%20are%20...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsecuritycenter.windows.com%2Fpreferences2%2Fonboarding%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsecuritycenter.windows.com%2Fpreferences2%2Fonboarding%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E6)%20are%20ASR%20rules%20something%20that%20still%20needs%20to%20be%20manually%20enabled%20for%20each%20server%20onboarded%3F%20since%20I%20had%20to%20do%20this%20for%20each%20W10%20endpoint%20onboarded%20...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2835525%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2835525%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1182266%22%20target%3D%22_blank%22%3E%40yycc1%3C%2FA%3E.%20As%20a%20general%20statement%2C%20we%20need%20to%20ensure%20we%20have%20coverage%20of%20a%20variety%20of%20situations%20in%20managed%20environments%20but%20that%20at%20a%20high%20level%20you%20can%20certainly%20jump%20to%20%235%20for%20a%20simple%20environment%20or%20test%20deployment.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20short%20answer%20and%20to%20summarize%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EIf%20you%20are%20already%20running%20the%20existing%20solution%20and%20are%20not%20running%20SCEP%2C%20you%20can%20in%20fact%20apply%20the%20installer%20package%20then%20apply%20the%20onboarding%20script.%3C%2FLI%3E%0A%3CLI%3EFor%20new%20installations%2C%20ensure%20the%20OS%20and%20Defender%20Antivirus%20are%20updated%20then%20follow%202%20steps%3A%20run%20the%20installer%20and%20execute%20the%20onboarding%20script.%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3EIf%20you%20need%20to%20automate%20at%20scale%20or%20have%20specifics%20in%20your%20environment%2C%20the%20server%20migration%20scenarios%20should%20help%20you%20reach%20the%20desired%20end%20state%20and%20the%20installer%20script%20is%20a%20useful%20support%20tool%20to%20help%20you%20orchestrate%20the%20required%20steps.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt's%20unfortunate%20this%20is%20not%20your%20takeaway%20(the%20high%20level%20steps%20are%20at%20%3CSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fconfigure-server-endpoints%3Fview%3Do365-worldwide%23windows-server-onboarding-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOnboard%20Windows%20servers%20to%20the%20Microsoft%20Defender%20for%20Endpoint%20service%20%7C%20Microsoft%20Docs%3F)%26nbsp%3B%3C%2FA%3E%3C%2FSTRONG%3Eso%20let%20me%26nbsp%3Blet%20me%20answer%20each%20of%20your%20points%20in%20sequence%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1.%20The%20previous%20solution%20required%20the%20installation%20and%20configuration%20of%20the%20Microsoft%20Monitoring%20Agent%20as%20well%20as%20SCEP%20on%20Windows%20Server%202012%20R2.%20Installation%20and%20configuration%20of%20the%20Microsoft%20Monitoring%20Agent%20and%20enabling%20Defender%20Antivirus%20on%20Windows%20Server%202016%20(as%20well%20as%20having%20to%20meet%20dependencies%20for%20running%20the%20Microsoft%20Monitoring%20Agent%20on%20both%20OS).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20new%20package%20still%20requires%20the%20enablement%20of%20Defender%20Antivirus%2C%20however%20it%20takes%20away%20the%20need%20for%20the%20Microsoft%20Monitoring%20Agent%20and%20its%20dependencies.%20Prerequisites%20will%20be%20met%20by%20simply%20updating%20the%20operating%20system%20using%20the%20latest%20rollup%20packages.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E2.%20Assuming%20you%20have%20updated%20the%20servers%20(and%20you%20should%2C%20always)%20this%20means%20installation%20of%20the%20.MSI%20package%20then%20execution%20of%20the%20onboarding%20script%20are%20your%20only%202%20steps%20to%20take.%20Note%20that%20we%20are%20aware%20of%20the%20complexities%20involved%20in%20running%20a%20controlled%20datacenter%20environment%20and%20as%20such%20we%20provide%20detailed%20instructions%2C%20to%20give%20customers%20the%20opportunity%20to%20deploy%20at%20scale%20as%20opposed%20to%20a%20manual%2C%20single%20server%20deployment.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E3.%20There%20has%20been%20no%20update%20released%20yet%2C%20however%20in%20preparation%20for%20the%20arrival%20of%20this%20update%2C%20we%20would%20like%20to%20inform%20customers%20using%20patch%20management%20software%20ahead%20of%20time%20that%20this%20is%20coming.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E4.%20There%20are%20various%20starting%20points%20possible%20we%20need%20to%20account%20for%2C%20including%20from%203rd%20party%20or%20alternative%20deployment%20tools%20or%20methods.%20Please%20choose%20the%20one%20that%20most%20closely%20resembles%20what%20is%20relevant%20to%20your%20environment.%20The%20installer%20script%20is%20very%20capable%20and%20helps%20overcome%20some%20of%20the%20variance.%20Our%20customers%20are%20in%20control%20of%20their%20datacenters%20and%20we%20aim%20to%20offer%20flexibility%20aside%20from%20ease%20of%20use.%20The%20basic%20onboarding%20steps%20are%20captured%20at%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fconfigure-server-endpoints%3Fview%3Do365-worldwide%23windows-server-onboarding-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOnboard%20Windows%20servers%20to%20the%20Microsoft%20Defender%20for%20Endpoint%20service%20%7C%20Microsoft%20Docs.%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20customers%20using%20Microsoft%20Endpoint%20Configuration%20Manager%20or%20Azure%20Defender%20we%20will%20have%20additional%20full%2C%20automated%2Forchestrated%20deployment%20options%20available%20soon.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E5.%20This%20is%20not%20a%20choice%20rather%20than%20two%20steps%20instead%20of%20the%20one%20for%20newer%20OS%20like%20Windows%20Server%202019%20and%20Windows%2010%2C%20where%20all%20components%20have%20been%20built%20into%20the%20operating%20system.%20The%20diagram%20at%20the%20top%20of%20the%20this%20page%20and%20the%20overall%20onboarding%20page%20for%20servers%20(again%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fconfigure-server-endpoints%3Fview%3Do365-worldwide%23windows-server-onboarding-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOnboard%20Windows%20servers%20to%20the%20Microsoft%20Defender%20for%20Endpoint%20service%20%7C%20Microsoft%20Docs%3C%2FA%3E)%20both%20reflect%20this.%20Again%2C%20prerequisites%20should%20already%20be%20met%20by%20applying%20regular%20Windows%20updates%20and%20ensuring%20Defender%20Antivirus%20is%20already%20up%20to%20date%20on%20Windows%20Server%202016.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E6.%20ASR%20rules%20are%20configurable%20mitigations%20that%20can%20impact%20production%20workloads.%20As%20such%2C%20we%20always%20advise%20to%20enable%20these%20in%20audit%20mode%20first%20regardless%20of%20OS.%20I%20would%20also%20advise%20that%20in%20any%20managed%20datacenter%20environment%2C%20the%20introduction%20of%20change%20should%20be%20evaluated%20according%20to%20an%20organization's%20risk%20appetite%20and%20process.%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fattack-surface-reduction-faq%3Fview%3Do365-worldwide%23%3A~%3Atext%3DWhile%2520you%2520are%2520running%2520the%2520rules%2520in%2520audit%2Cenabling%2520rules%2520in%2520increasingly%2520broader%2520subsets%2520of%2520devices.%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAttack%20surface%20reduction%20frequently%20asked%20questions%20(FAQ)%20%7C%20Microsoft%20Docs%3C%2FA%3E%26nbsp%3Bprovides%20a%20great%20starting%20point.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHope%20this%20helps.%20As%20always%2C%20feel%20free%20to%20suggest%20changes%20to%20our%20public%20documentation%20if%20you%20feel%20something%20can%20be%20improved!%20There's%20a%20feedback%20button%20on%20each%20page.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2835589%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2835589%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F49633%22%20target%3D%22_blank%22%3E%40PaulHb%3C%2FA%3E%26nbsp%3Bcan%20you%20please%20answer%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F23526%22%20target%3D%22_blank%22%3E%40Paul%20Bendall%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20Microsoft%20released%20a%20new%20antimalware%20for%20Windows%20Server%202012%20R2%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20well%20aware%20that%20Windows%20Defender%20is%20built%20in%20to%20Windows%20Server%202016%20but%20you%20also%20need%20to%20install%20Microsoft%20Monitoring%20Agent%20on%202016%20for%20MDE%2C%20unlike%202019.%26nbsp%3B%20I%20currently%20have%20System%20Center%20Endpoint%20Protection%20deployed%20to%20Windows%20Server%202008%20R2%20and%20Windows%20Server%202012%20R2%2C%20which%20is%20the%20Microsoft%20supported%20configuration%20for%20MDE.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2835705%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2835705%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1049405%22%20target%3D%22_blank%22%3E%40Duncan_Clay%3C%2FA%3E%26nbsp%3BI%20did%20provide%20an%20answer%20above%3F%20To%20elaborate%20in%20case%20of%20confusion%3A%20The%20new%20Microsoft%20Defender%20for%20Endpoint%20package%20%3CSTRONG%3Einstalls%3C%2FSTRONG%3E%20Defender%20Antivirus%20on%202012%20R2%20because%20as%20you%20point%20out%2C%20it's%20not%20built%20in%20like%20on%20Windows%20Server%202016.%20In%20addition%2C%20included%20in%20the%20same%20installer%20package%2C%20is%20an%20updated%20EDR%20sensor.%20There%20is%20no%20longer%20a%20requirement%2C%20on%20either%20OS%2C%20to%20install%20the%20Microsoft%20Monitoring%20Agent.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20summarize%3A%20the%20unified%20installation%20package%20installs%20both%20Defender%20Antivirus%20(2012%20R2)%20and%20the%20updated%20EDR%20sensor%20(both).%20This%20is%20also%20why%20SCEP%20should%20be%20uninstalled%20first.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2835812%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2835812%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F49633%22%20target%3D%22_blank%22%3E%40PaulHb%3C%2FA%3E%26nbsp%3BHow%20to%20verify%20if%20it's%20working%20as%20expected%20on%202012%20R2%3F%3C%2FP%3E%3CP%3EGet-MPCompurterStatus%20give%20%22strange%22%20values%20%3A%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EAMEngineVersion%20%3A%200.0.0.0%3CBR%20%2F%3EAMProductVersion%20%3A%204.18.2110.2%3CBR%20%2F%3EAMRunningMode%20%3A%20Normal%3CBR%20%2F%3EAMServiceEnabled%20%3A%20True%3CBR%20%2F%3EAMServiceVersion%20%3A%204.18.2110.2%3CBR%20%2F%3EAntispywareEnabled%20%3A%20True%3CBR%20%2F%3EAntispywareSignatureAge%20%3A%204294967295%3CBR%20%2F%3EAntispywareSignatureLastUpdated%20%3A%3CBR%20%2F%3EAntispywareSignatureVersion%20%3A%200.0.0.0%3CBR%20%2F%3EAntivirusEnabled%20%3A%20True%3CBR%20%2F%3EAntivirusSignatureAge%20%3A%204294967295%3CBR%20%2F%3EAntivirusSignatureLastUpdated%20%3A%3CBR%20%2F%3EAntivirusSignatureVersion%20%3A%200.0.0.0%3CBR%20%2F%3EBehaviorMonitorEnabled%20%3A%20False%3CBR%20%2F%3EComputerID%20%3Axxxxxx%3A%3CBR%20%2F%3EComputerState%20%3A%200%3CBR%20%2F%3EFullScanAge%20%3A%204294967295%3CBR%20%2F%3EFullScanEndTime%20%3A%3CBR%20%2F%3EFullScanStartTime%20%3A%3CBR%20%2F%3EIoavProtectionEnabled%20%3A%20False%3CBR%20%2F%3EIsTamperProtected%20%3A%20False%3CBR%20%2F%3EIsVirtualMachine%20%3A%20True%3CBR%20%2F%3ELastFullScanSource%20%3A%200%3CBR%20%2F%3ELastQuickScanSource%20%3A%200%3CBR%20%2F%3ENISEnabled%20%3A%20False%3CBR%20%2F%3ENISEngineVersion%20%3A%200.0.0.0%3CBR%20%2F%3ENISSignatureAge%20%3A%204294967295%3CBR%20%2F%3ENISSignatureLastUpdated%20%3A%3CBR%20%2F%3ENISSignatureVersion%20%3A%200.0.0.0%3CBR%20%2F%3EOnAccessProtectionEnabled%20%3A%20False%3CBR%20%2F%3EQuickScanAge%20%3A%204294967295%3CBR%20%2F%3EQuickScanEndTime%20%3A%3CBR%20%2F%3EQuickScanStartTime%20%3A%3CBR%20%2F%3ERealTimeProtectionEnabled%20%3A%20False%3CBR%20%2F%3ERealTimeScanDirection%20%3A%201%3CBR%20%2F%3ETamperProtectionSource%20%3A%20N%2FA%3CBR%20%2F%3ETDTMode%20%3A%20N%2FA%3CBR%20%2F%3ETDTStatus%20%3A%20N%2FA%3CBR%20%2F%3ETDTTelemetry%20%3A%20N%2FA%3CBR%20%2F%3EPSComputerName%20%3A%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2836049%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2836049%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F717974%22%20target%3D%22_blank%22%3E%40LoicM%3C%2FA%3E%26nbsp%3Blooks%20like%20missing%20security%20intelligence%20-%20are%20you%20able%20to%20update%20them%20(have%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fconfigure-proxy-internet%3Fview%3Do365-worldwide%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Econnectivity%20requirements%3C%2FA%3E%20been%20met%20eg%20can%20the%20machine%20reach%20an%20update%20source)%3F%20Take%20a%20look%20at%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fmanage-updates-baselines-microsoft-defender-antivirus%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EManage%20Microsoft%20Defender%20Antivirus%20updates%20and%20apply%20baselines%20%7C%20Microsoft%20Docs%3C%2FA%3E%26nbsp%3Bas%20you%20will%20need%20to%20set%20up%20automatic%20updates%20(for%20any%20machine%20running%20Defender%20Antivirus%20in%20all%20fairness)%2C%20and%20there%20are%20various%20options%20to%20do%20so%20(WSUS%2C%20Internet%2C%20SCCM%2C%20file%20share%2C%20MMPC).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20a%20quick%20fix%20(for%20testing)%20you%20can%20consider%20downloading%20and%20applying%20the%20latest%20security%20intelligence%20%3CA%20href%3D%22https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D121721%26amp%3Barch%3Dx64%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Emanually%3C%2FA%3E.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2837494%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2837494%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F49633%22%20target%3D%22_blank%22%3E%40PaulHb%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20Paul%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20you're%20good.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20having%20problems%20running%20the%20script%20found%20on%20github%20at%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmicrosoft%2Fmdefordownlevelserver%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EGitHub%20-%20microsoft%2Fmdefordownlevelserver%3C%2FA%3E.%26nbsp%3B%20See%20my%20output%20below%3A-%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Tha_Dude_0-1634036538835.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F316699i262D8FF3D3BF16B6%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Tha_Dude_0-1634036538835.png%22%20alt%3D%22Tha_Dude_0-1634036538835.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20tell%20me%20how%20I%20can%20get%20this%20to%20work%20please%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20Regards%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EAsif%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2838285%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2838285%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20your%20post.%3C%2FP%3E%3CP%3EIt%20is%20interesting%20to%20see%20Windows%20client%20supports%20more%20features%20than%20Windows%20Server.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2836300%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2836300%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F49633%22%20target%3D%22_blank%22%3E%40PaulHb%3C%2FA%3E%26nbsp%3Bthank%20you%20for%20leaving%20no%20doubt%20in%20my%20mind.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20will%20simplify%20the%20deployment%20and%20configuration%20considerably%20for%20those%20that%20haven't%20yet%20deployed%20MDE%2C%20especially%20for%20those%20without%20any%20Server%202008%20R2%20(which%20still%20requires%20.NET%204.x%2C%20SCEP%2C%20MMA%20and%20it's%20own%20GPOs).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20had%20just%20completed%20a%20pilot%20rollout%20to%20Server%202008%20R2%20%2F%202012%20R2%20%2F%202016%20%2F%201803%20%2F%202019%20%2F%202022.%26nbsp%3B%20I%20will%20have%20to%20revisit%20the%20Server%202012%20R2%20endpoints%20in%20the%20pilot%20group%20and%20replace%20SCEP%20with%20MD4WS%20(Microsoft%20Defender%20for%20Windows%20Server%202012%20R2)%2C%20remove%20the%20MMA%20workspace%20config%20(cannot%20uninstall%20MMA%20as%20it%20is%20used%20by%20SCOM)%2C%20and%20migrate%20all%20the%20Endpoint%20Protection%20GPO%20settings%20into%20Microsoft%20Defender%20Antivirus%20GPO%20settings%20before%20proceeding%20with%20the%20full%20rollout.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20believe%20these%20are%20the%20pros%20and%20cons%20of%20using%20MD4WS%20with%20MDE%20vs%20SCEP%20with%20MDE%3C%2FP%3E%3CUL%3E%3CLI%3EPro%3A%20Simplified%20deployment%3C%2FLI%3E%3CLI%3EPro%3A%20Uses%20same%20GPO%20settings%20as%20Microsoft%20Defender%20Antivirus%20(Server%202016%2F2019%2F2022)%3C%2FLI%3E%3CLI%3EPro%3A%20More%20security%20capabilities%20than%20SCEP%20with%20MDE%2C%20such%20as%20ASR%20and%20PUA%20blocking%3C%2FLI%3E%3CLI%3EPro%3A%20Anticipate%20it%20will%20be%20supported%20longer%20than%20SCEP%3C%2FLI%3E%3CLI%3ECon%3A%20Currently%20in%20preview%3C%2FLI%3E%3CLI%3ECon%3A%20%22%3CEM%3EOn%20Windows%20Server%202012%20R2%2C%20there%20is%20no%20user%20interface%20for%20Microsoft%20Defender%20Antivirus%3C%2FEM%3E%22.%26nbsp%3B%20Unlike%20SCEP%2C%20or%20WD%20on%20Server%202016%2C%20this%20makes%20it%20harder%20to%20verify%20GPOs%20have%20successfully%20applied%2C%20and%20provides%20no%20interaction%20for%20end%20users.%26nbsp%3B%20Get-MpComputerStatus%20is%20your%20new%20friend%3C%2FLI%3E%3C%2FUL%3E%3CP%3EI%20will%20miss%20the%20user%20interface%2C%20but%20I%20cannot%20pass%20up%20the%20enhanced%20security%20capabilities.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20another%20question%20for%20clarification%20that%20I%20haven't%20seen%20answered.%26nbsp%3B%20Does%20MD4WS%20support%20Auto%20Exclusions%3F%26nbsp%3B%20Documentation%20states%20at%20least%20Server%202016%2C%20but%20that%20could%20now%20be%20outdated.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fconfigure-server-exclusions-microsoft-defender-antivirus%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fconfigure-server-exclusions-microsoft-defender-antivirus%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2845976%22%20slang%3D%22en-US%22%3ERe%3A%20Defending%20Windows%20Server%202012%20R2%20and%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2845976%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F49633%22%20target%3D%22_blank%22%3E%40PaulHb%3C%2FA%3E%26nbsp%3Bthanks%20for%20the%20article.%20Will%20Windows%20Admin%20Center%20Security%20Plugin%20reflect%20the%20changes%20with%20Azure%20Defender%20and%20not%20installing%20any%20client%20on%20Server%202019%20or%20later%3F%26nbsp%3B%3C%2FP%3E%3CP%3EOr%20vice%20versa%20only%20install%20the%20client%20on%20Server%202012%20%2F%202016%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Nov 12 2021 10:27 AM
Updated by:
www.000webhost.com