For SMBs, Microsoft offers a new layer of server protection
Do you run a small business with on-premises servers?
Chances are, you rely on technology that includes servers, whether they’re Windows- or Linux-based. With that in mind, Microsoft recently announced it’s previewing “server protection for small business” — bundling the offering with Microsoft Defender for Business.
This is noteworthy because until now, most Endpoint Detection and Response (EDR) solutions have been expensive and typically only deployed by larger enterprises. (EDR is an integrated, layered approach to endpoint protection that combines real-time continuous monitoring and endpoint data analytics with rule-based automated response.)
As Microsoft notes in the blog post announcing the move:
“The Microsoft Defender for Business servers experience delivers the same level of protection for both clients and servers within a single admin experience inside of Defender for Business, helping you to protect all your endpoints in one location.”
Currently users can activate a trial for each server through the Microsoft 365 Defender security portal (which also recommends security settings to make your servers more secure). When Microsoft officially releases the product, it will cost $3 per server, per month. If you are a Microsoft 365 for Business customer, you can begin a trial and see what impact deploying it to your servers will have.
There are several ways to onboard servers; you can use local scripts, group policy, or Configuration manager. One of the easiest ways to try out the new offering is to use the script process. First, turn on preview offerings by going to https://security.microsoft.com, go to Settings > Endpoints > General > Advanced features > Preview features. (Here’s a more direct link.)
In the navigation pane, choose Settings > Endpoints, and then under Device management, choose Onboarding. Now select an operating system, such as Windows Server 1803, 2019, and 2022, and in the Deployment method section, choose Local script. Note: for these newer systems, you only need run this script; no other installation steps are required. Simply run the command line as an elevated command. (If you don’t provide the onboarding script…