Defender for Endpoint onboarding Windows Server
Applies to:
- Microsoft Defender for Endpoint Server
- Microsoft Defender for Servers
Want to experience Defender for Endpoint? Sign up for a free trial.
You'll need to go through the onboarding section of the Defender for Endpoint portal to onboard any of the supported devices. Depending on the device, you'll be guided with appropriate steps and provided management and deployment tool options suitable for the device.
Defender for Endpoint extends support to also include the Windows Server operating system. This support provides advanced attack detection and investigation capabilities seamlessly through the Microsoft Defender XDR console. Support for Windows Server provides deeper insight into server activities, coverage for kernel and memory attack detection, and enables response actions.
This topic describes how to onboard specific Windows servers to Microsoft Defender for Endpoint.
For guidance on how to download and use Windows Security Baselines for Windows servers, see Windows Security Baselines.
Windows Server onboarding overview
You'll need to complete the following general steps to successfully onboard servers 2008 R2, 2012 R2, 2016, 2019, 2022.
Windows Server 2012 R2 and Windows Server 2016
- Download installation and onboarding packages.
- Apply the installation package.
- Follow the onboarding steps for the corresponding tool.
Windows Server Semi-Annual Enterprise Channel and Windows Server 2019
- Download the onboarding package.
- Follow the onboarding steps for the corresponding tool.
Offboard Windows servers
You can offboard Windows Server 2012 R2, Windows Server 2016, Windows Server (SAC), Windows Server 2019, and Windows Server 2019 Core edition with the same method available for Windows 10 client devices.
- Offboard devices using Configuration Manager
- Offboard devices using Mobile Device Management tools
- Offboard devices using Group Policy
- Offboard devices using a local script
After offboarding, you can proceed to uninstall the unified solution package on Windows Server 2012 R2 and Windows Server 2016.
For other Windows server versions, you have two options to offboard Windows servers from the service:
- Uninstall the MMA agent
- Remove the Defender for Endpoint workspace configuration
Note
These offboarding instructions for other Windows server versions also apply if you are running the previous Microsoft Defender for Endpoint for Windows Server 2016 and Windows Server 2012 R2 that requires the MMA. Instructions to migrate to the new unified solution are at Server migration scenarios in Microsoft Defender for Endpoint.
Related topics
- Onboard Windows devices using Microsoft Endpoint Configuration Manager
- Onboard Windows devices using Group Policy
- Onboard non-persistent virtual desktop infrastructure (VDI) devices
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.