Can I use Endpoint Protection without enabling Defender for Servers plan?

Dev SS 20 Reputation points
2026-06-04T04:30:47.6033333+00:00

I'd like to confirm the actual behavior of the Endpoint Protection setting under Defender for Cloud's Settings & monitoring page when Defender for Servers is disabled on the subscription.

Based on this document, I understood that Endpoint Protection is a component of Defender for Servers. However, the portal's behavior looks inconsistent :

  • The Vulnerability assessment for machines toggle is entirely disabled, with a tooltip stating "Requires Microsoft Defender for servers" (see attached screenshot).
  • The Endpoint Protection toggle, by contrast, remains editable and can be switched to On even when Defender for Servers is off.

enter image description here

A clarification on this point would help me configure the subscription correctly. Thank you.

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud

Answer accepted by question author

Shubham Sharma 17,835 Reputation points Microsoft External Staff Moderator
2026-06-12T07:33:29.66+00:00

Dev SS

1. What the Endpoint Protection toggle actually does

The Endpoint Protection toggle = Defender for Endpoint (MDE) integration control

It does NOT independently license or enable Defender for Servers Plan 1 (P1)

From Guidance:

MDE integration is automatically enabled when a Defender for Servers plan is enabled

The integration relies on the Defender for Servers plan (P1 or P2) for licensing entitlement

So, the toggle controls integration behavior, not licensing activation.

https://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-defender-for-endpoint

https://learn.microsoft.com/en-us/azure/defender-for-cloud/faq-defender-for-servers

2. Your question:

If I enable only Endpoint Protection (toggle ON) but keep Defender for Servers OFF, do I still get P1 capability?

Answer: No

You do NOT get Defender for Servers Plan 1 capabilities just by turning on Endpoint Protection.

Because:

MDE for servers is licensed via Defender for Servers (P1/P2)

Without the plan enabled, there is no entitlement to onboard servers via Defender for Cloud

In short: -

Endpoint Protection ON + Defender for Servers OFF = Integration toggle enabled = BUT no actual P1 functionality available

3. What happens if the plan IS enabled (for comparison)

When Defender for Servers Plan 1 is enabled:

It includes:

MDE onboarding & integration

EDR capabilities (via Defender for Endpoint)

Defender for Cloud:

automatically deploys MDE agent

integrates alerts and telemetry

https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers-select-plan

4. Billing / Charges

If only Endpoint Protection toggle is ON:

No Defender for Servers charges

Because billing is tied to the plan, not the toggle

If Defender for Servers (P1 or P2) is ON:

Billing starts:

per VM (resource-level billing)

charged while VMs are in billed states (e.g., running/stopped but allocated)

Important:

Simply toggling Endpoint Protection does not trigger billing

Billing begins only when Defender for Servers plan is enabled

https://www.bytes.co.uk/info/news/microsoft-defender-servers-cheat-sheet-faq

https://learn.microsoft.com/en-us/azure/defender-for-cloud/faq-defender-for-servers

Was this answer helpful?

1 person found this answer helpful.
0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Dev SS 20 Reputation points
    2026-06-12T06:32:26.9533333+00:00

    Hi Shubham,

    Thank you for the answer.

    I'd like to confirm my understanding of your statement below.

    there is no separate place to “enable P1” independently of the toggle. The Endpoint Protection toggle itself is the mechanism used to enable the Defender for Servers Plan 1 (P1 / MDE integration) at the resource level.

    Does this mean that enabling only the Endpoint Protection toggle, while leaving the Defender for Servers toggle set to Off (including P1), allows me to use "Defender for Endpoint integration (P1 capability)"?

    And if so, does this start P1 charges on the supported VMs?

    Was this answer helpful?


  2. AI answer

    2026-06-04T04:31:06.4533333+00:00

    Endpoint protection in Defender for Cloud is a feature of the Defender for Servers plan and is designed to work together with that plan.

    From the documented behavior:

    • When a Defender for Servers plan is enabled, Endpoint protection is integrated by default. Defender for Cloud then automatically provisions the Microsoft Defender for Endpoint sensor on supported machines and provides EDR and malware protection capabilities.
    • The same plan enablement also turns on vulnerability assessment by default, which is why the Vulnerability assessment for machines control is explicitly marked as requiring Microsoft Defender for Servers.

    The documentation does not describe a supported scenario where Endpoint protection is used independently of Defender for Servers. Instead, it states that:

    • Defender for Endpoint integration is enabled when a Defender for Servers plan is enabled on the subscription, and
    • Defender for Servers licensing entitles servers to Defender for Endpoint Plan 2 capabilities.

    Therefore, even if the portal UI currently allows toggling Endpoint protection while Defender for Servers is disabled, the supported and documented configuration is to use Endpoint protection as part of an active Defender for Servers plan, not as a standalone feature.


    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.