You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/design-solutions-securing-server-client-endpoints/includes/2-specify-server-security-requirements.md
The Endpoint Security (ES) domain is organized into two pillars:
24
24
25
-
**Cloud endpoint threat protection—Deploy comprehensive threat detection and response capabilities for servers, including behavioral analysis and extended detection and response (XDR) integration:
25
+
-**Cloud endpoint threat protection**: Deploy comprehensive threat detection and response capabilities for servers, including behavioral analysis and extended detection and response (XDR) integration.
26
26
27
-
| Control | Requirement | Implementation guidance |
28
-
| --- | --- | --- |
29
-
| ES-1 | Use Endpoint Detection and Response (EDR) | Deploy EDR solutions like Microsoft Defender for Endpoint to detect, investigate, and respond to advanced threats on servers. Includes subcontrols for EDR deployment (ES-1.1), XDR integration (ES-1.2), and EDR automation (ES-1.3). |
30
-
| ES-2 | Use modern anti-malware software | Require anti-malware solutions that provide real-time protection, behavior monitoring, and integration with cloud-based threat intelligence |
27
+
| Control | Requirement | Implementation guidance |
28
+
| --- | --- | --- |
29
+
| ES-1 | Use Endpoint Detection and Response (EDR) | Deploy EDR solutions like Microsoft Defender for Endpoint to detect, investigate, and respond to advanced threats on servers. Includes subcontrols for EDR deployment (ES-1.1), XDR integration (ES-1.2), and EDR automation (ES-1.3). |
30
+
| ES-2 | Use modern anti-malware software | Require anti-malware solutions that provide real-time protection, behavior monitoring, and integration with cloud-based threat intelligence |
31
31
32
-
**Cloud endpoint security configuration—Enforce security baselines and hardening standards across all servers:
32
+
-**Cloud endpoint security configuration**: Enforce security baselines and hardening standards across all servers.
33
33
34
-
| Control | Requirement | Implementation guidance |
35
-
| --- | --- | --- |
36
-
| ES-3 | Ensure anti-malware software and signatures are updated | Configure automatic updates for anti-malware definitions and engines; specify maximum acceptable age for signatures |
34
+
| Control | Requirement | Implementation guidance |
35
+
| --- | --- | --- |
36
+
| ES-3 | Ensure anti-malware software and signatures are updated | Configure automatic updates for anti-malware definitions and engines; specify maximum acceptable age for signatures |
37
37
38
38
These controls apply across Windows and Linux servers in Azure, AWS, GCP, and on-premises environments. Microsoft Defender for Servers implements ES-1 and ES-2 through its integration with Defender for Endpoint. For detailed implementation guidance, see [Endpoint security controls in MCSB v2](/security/benchmark/azure/mcsb-v2-endpoint-security).
0 commit comments