Docs: Recommend Defender for Servers Plan 2 as preferred server onboarding option#505
Conversation
|
Learn Build status updates of commit 20c7e45: ✅ Validation status: passed
For more details, please refer to the build report. |
|
Can you review the proposed changes? Important: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
|
@jongABCDsudo-rm-rf : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
|
@jongABCDsudo-rm-rf : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
There was a problem hiding this comment.
Pull request overview
This PR updates the Defender for Endpoint server onboarding entry point to explicitly recommend Microsoft Defender for Servers Plan 2 (via Microsoft Defender for Cloud) as the preferred licensing/onboarding path for most server workloads, helping readers avoid choosing the standalone Defender for Endpoint for servers offer by default.
Changes:
- Adds a new TIP in the Server plans section recommending Defender for Servers Plan 2 as the default choice for most organizations.
- Summarizes why Plan 2 is preferred and points readers to Defender for Servers plan feature-comparison documentation.
- Clarifies when standalone server licensing options are still appropriate alternatives.
| > For most organizations, Microsoft recommends onboarding servers through **Microsoft Defender for Servers Plan 2** as part of [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-servers-overview). Plan 2 includes the same Defender for Endpoint server protection capabilities as the standalone "Microsoft Defender for Endpoint for servers" SKU, and adds capabilities specific to server workloads: agentless vulnerability, malware, and secrets scanning; file integrity monitoring; just-in-time machine access; regulatory compliance assessment; premium Microsoft Defender Vulnerability Management; OS configuration assessment against the Microsoft Cloud Security Benchmark; and a free 500 MB/day data ingestion allowance per protected machine. Defender for Cloud also automatically onboards the Defender for Endpoint extension to supported Azure VMs and Azure Arc-enabled machines, removing the need for per-machine onboarding scripts. For a feature comparison, see [Defender for Servers plan features](/azure/defender-for-cloud/defender-for-servers-overview#plan-protection-features). | ||
| > | ||
| > If you have a specific reason not to use Defender for Cloud (for example, fully air-gapped environments or workloads under a separate licensing perimeter), the standalone *Microsoft Defender for Endpoint for servers* SKU and *Microsoft Defender for Business servers* are valid alternatives. |
Adds an explicit recommendation in the "Server plans" section of
defender-endpoint/onboard-server.mdidentifying Microsoft Defender for Servers Plan 2 as the preferred onboarding option for server workloadsToday the article lists three valid licensing options without indicating which one Microsoft recommends for typical scenarios:
Customers and partners frequently default to the standalone "Microsoft Defender for Endpoint for servers" SKU on the assumption it is functionally equivalent to Defender for Servers Plan 2, missing capabilities that are specific to Plan 2.
This guidance is already implied across
azure/defender-for-cloud/defender-for-servers-overview.mdandazure/defender-for-cloud/plan-defender-for-servers-select-plan.md, but it is not surfaced on the Defender for Endpoint server onboarding entry-point article that most readers land on first.Related