Picture of a server that could now be using Defender for Endpoint to Windows Server 2012 R2 and 2016..

Microsoft Expands its Defender for Endpoint to Windows Server 2012 R2 and 2016

Microsoft has several different operating systems for servers. Businesses and organizations have different needs, and Microsoft understands that. For a variety of reasons, some companies may not be able or want to upgrade their servers to newer operating systems. But they still need to be protected against modern attacks, which are only growing more adept. That’s why it’s such great news that Microsoft is now offering its Defender for Endpoint to Windows Server 2012 R2 and 2016.

Bringing Defender for Endpoint to Windows Server 2012 R2 and 2016

This “modernized, completely revamped” Microsoft Defender for Endpoint solution stack is now available in public preview for Windows Server 2012 R2 and 2016. It’s a unified package that combines prevention, detection, and response for complete protection. The new availability expands what was previously offered only for Windows 2019 and later. The addition is part of Microsoft’s goal of bringing endpoint protection to every kind of endpoint—mobile, network, and IoT in addition to desktop, and across various platforms and servers.

Microsoft Expands its Defender for Endpoint to Windows Server 2012 R2 and 2016 1

Full Yet Simplified Functionality

This new version of Defender for Endpoint removes installation steps and does not have client prerequisites or dependencies. Installing Microsoft Monitoring Agent (MMA) isn’t necessary (but if you’ve previously used MMA, Microsoft provides steps to migrate over to the new solution stack). Without those requirements, it still brings standardized capabilities of Defender for Endpoint to Windows Server 2012 R2 and 2016, on par with the functionality for Windows Server 2019. The environment would look the same as it does for the 2019 version, and administrators can control it with Microsoft Endpoint Configuration Manager just the same. PowerShell commands and Group Policy are also the same as they are for Windows Server 2019. This means that the solution stack for Windows Server 2012 R2 and 2016 more closely aligns with the versions for Windows 10 and 11 now too. For a full comparison of features, see the following chart:

Operating System Windows 10 & 11 Windows 2012 R2 (1) Windows Server 2016 (1) Windows Server 2019 & 2022 Windows Server 1803+
Attack Surface Reduction rulesYYYYY
Device ControlYNNNN
Network ProtectionYYYYY
Next-generation protectionYYYYY
Tamper ProtectionYYYYY
Web ProtectionYYYYY
Advanced HuntingYYYYY
Custom file indicatorsYYYYY
Custom network indicatorsYYYYY
EDR Block & Passive ModeYYYYY
Sense detection sensorYYYYY
Endpoint & network device discoveryYNNNN
Automated Investigation & Response (AIR)YYYYY
Device response capabilities: isolation, collect investigation package, run AV scanYYYYY
File response capabilities: collect file, deep analysis, block, file, stop, and quarantine processesYYYYY
Live ResponseYYYYY

(1) Refers to the modern, unified solution for Windows Server 2012 and 2016. For more information, see Onboard Windows Servers to the Defender for Endpoint service.


Windows 7, 8, 1, Windows Server 2008 R2 include support for EDR sensor, and AV using System Center Endpoint Protection (SCEP).

New Improvements in Microsoft Defender for Endpoint

The new, unified package also has a number of improvements for increased security. These include:

  • Better detection capabilities
  • Enhanced Microsoft Defender Antivirus
  • Controlled Folder Access
  • Potentially Unwanted Application (PUA) blocking
  • More response capabilities on devices and files
  • Endpoint Detection & Response (EDR) in Block Mode
  • Live Response
  • Defense specifically modeled in response to Mitre tactics, which pinpoint specific attack types and actions
  • Also coming soon: full Azure Defender integration available in public preview in the first quarter of 2022

A big difference for Windows Servers 2012 R2 and 2016 specifically is the response capabilities that are now available. Attack detection at endpoints was possible before, but this brings full EDR to these legacy servers and delivers stronger protection for them than ever before.

Setting Up Defender for Endpoint On Your 2012 R2 and 2016 Server

The expansion of Microsoft Defender for Endpoint to Windows Server 2012 R2 and 2016 is a big security advancement and will surely be welcome news for Microsoft customers who use those server operating systems. If you’re in that group and want to get started with this offering, you can visit the Microsoft 365 Defender Portal, where there is a new onboarding page. (Just make sure you have preview features enabled, since this is still in public preview.) You’ll want to also ensure that all your updates are current and that you meet all connectivity requirements. And if you’re using Windows Server 2016, check that you have Microsoft Defender Antivirus installed, active and up to date. You may also want to check out the known issues and limitations that are specific to 2012 R2 and 2016.

If you have questions or want to talk further about offerings like Microsoft Defender for Endpoint, feel free to reach out to us!


Defender for Endpoint is also now pairing up with Intel Threat Detection Technology for better ransomware defense. For other Microsoft news, see our posts on Product Name Changes and Improvements to Secure Score as well.

Leave a Comment