Whether in the cloud or on-premises, organizations know how important it is to keep servers secure and up to date. Companies also know how challenging it can be to manage the vulnerabilities and patches across server environments, especially with a large and diverse number of servers.
That’s why Microsoft has Microsoft Defender for Servers. This subscription helps organizations identify, prioritize, and remediate vulnerabilities on servers using the same unified console and agent used for endpoint protection.
But not all plans are created equal. To get the most out of Defender for Servers, it is vital to select the right plan. In this blog post, we will explain the differences between Plan 1 and Plan 2, and why we advocate for selecting Plan 2 whenever possible.
What is Microsoft Defender for Servers?
Microsoft Defender for Servers is a subscription that helps discover and assess the security posture of servers, both in the cloud and on-premises. It scans servers for vulnerabilities, such as missing patches, misconfigurations, or insecure software versions, and assigns them a severity score based on the CVSS framework.
Companies can then use the Vulnerability Management dashboard in Microsoft Defender for Endpoint to view the vulnerability assessment results, filter and sort them by various criteria, such as server group, operating system, or exposure level, and drill down into the details of each vulnerability.
The dashboard can also prioritize the vulnerabilities based on their impact and exploitability and show the recommended actions to remediate them. IT can then apply the patches manually or use the integration with Microsoft Endpoint Manager or other third-party tools to automate the patch deployment process.
By using Defender for Servers, organizations can gain visibility into the security state of servers, reduce the attack surface, and improve compliance posture.
What are the differences between Plan 1 and Plan 2?
Defender for Servers is available in two plans: Plan 1 and Plan 2. Both plans offer the same core functionality of scanning and assessing servers for vulnerabilities, but Plan 2 offers some additional features that make it more powerful and flexible.
Here are some of the key differences between Plan 1 and Plan 2:
- Plan 1 only supports Windows Server operating systems, while Plan 2 supports both Windows Server and Linux operating systems. This means that if an organization has a mixed server environment, Plan 2 can scan and assess all servers with a single solution.
- Plan 1 only supports scanning servers that are connected to the internet or a VPN, while Plan 2 supports scanning servers that are isolated or behind firewalls. This means servers that are not directly accessible from the internet, such as domain controllers or database servers, can use Plan 2 to scan without compromising security.
- Plan 1 only supports scanning servers that are managed by Microsoft Endpoint Manager or Azure Arc, while Plan 2 supports scanning servers that are managed by any tool or platform. This means that if an organization has servers that are managed by other solutions, such as AWS Systems Manager or VMware vCenter, Plan 2 can be used to scan them without changing existing management processes.
- Plan 1 only provides vulnerability assessment results in the Microsoft Defender for Endpoint console, while Plan 2 provides vulnerability assessment results in both the Microsoft Defender for Endpoint console and the Azure Security Center console. This means that if an organization uses Azure Security Center to monitor and protect cloud resources, IT teams can use Plan 2 to view and manage server vulnerabilities alongside other cloud security alerts and recommendations.
Why should organizations upgrade to Plan 2?
Plan 2 offers some significant advantages over Plan 1 when it comes to Vulnerability Management for Servers. By upgrading to Plan 2, you can:
- Scan and assess all servers, regardless of their operating system, network connectivity, or management tool
- Get a comprehensive and consistent view of server vulnerabilities across both Microsoft Defender for Endpoint and Azure Security Center
- Leverage the advanced features of Azure Security Center, such as Secure Score, regulatory compliance standards, threat protection alerts, and remediation tasks
For organizations who want to get the most out of Vulnerability Management for Servers, we recommend upgrading to Plan 2 as soon as possible.
How can we help?
We specialize in helping customers secure and optimize their server environments. We have extensive experience deploying and managing Microsoft Defender for Endpoint and Azure Security Center, and we can help you upgrade to Plan 2 and take full advantage of Microsoft’s Vulnerability Management solutions.
If you are interested in learning more about how we can help you, please contact us today. We will be happy to provide you with a free consultation and a quote for our services.