Lateral Movement: Improved user logon activity allows better mapping of attempted movement across the network to or from Servers.Enhanced memory protections help identify potential credential theft activities. Credential Access: Servers often contain sensitive credentials in memory from Administrator maintenance or other activities.The ability to monitor signs of entry via publicly facing, vulnerable services is critical. Initial Access: Servers are often the first point of entry for motivated attackers.Specifically, we modeled across the MITRE tactics which we felt provides the best chances of early alerting and emphasized capturing actionable telemetry across these. As such, the endpoint visibility required to detect and prevent modern-day ransomware attacks was at the center of many of our design decisions for this release. To avoid security controls, we have often seen attackers leveraging machines with older operating systems inside our client’s environments. Improving resiliency against human-operated ransomware attacks The solution does not use or require the installation of the Microsoft Monitoring Agent (MMA).
Overview of capabilities per operating systemĪside from having no specific client prerequisites or dependencies, the solution is functionally equivalent to Microsoft Defender for Endpoint on Windows Server 2019 meaning, all environment requirements around connectivity are the same and you can use the same Group Policy, PowerShell commands and Microsoft Endpoint Configuration Manager* to manage configuration.
It also standardizes capabilities and functionality as it brings a very high level of parity with Microsoft Defender for Endpoint on Windows Server 2019: This new unified solution package reduces complexity by removing dependencies and installation steps. Note: Azure Defender integration and automated deployment will be available at a later time.
Whilst keeping up to date and upholding security hygiene is arguably still the best go-to when it comes to increasing resilience and reducing attack surface, we believe this modern, unified solution brings the best of the Microsoft Defender for Endpoint capabilities for prevention, detection, and response - in a single package. We are proud to introduce the public preview of a completely revamped Microsoft Defender for Endpoint solution stack for Windows Server 2012 R2 and Windows Server 2016. Introducing our modernized, unified solution for Windows Server 2012 R (Public Preview)! Today, we are adding a broad set of prevention, detection and response capabilities, previously only available on Windows Server 2019 and later, to Microsoft Defender for Endpoint on Windows Server 2012R using a modernized, completely revamped solution stack. Our mission for endpoint protection is to cover all endpoints regardless of platform, clients, and servers, and inclusive of mobile, IoT and network devices. In today's threat landscape protecting all your servers is critical, particularly with human-operated and sophisticated ransomware attacks becoming more prevalent.