Cloud is at the Core of Microsoft Defender Services

• Microsoft Defender services are not useful for customers who cannot connect to Microsoft’s cloud.
• For offline antimalware, customers can still use Endpoint Protection, which was once part of System Center.

Microsoft Defender services all require Internet connectivity to function. As a result, the Microsoft Defender services are not useful for customers who cannot connect systems or services to Microsoft’s cloud for security or compliance reasons, or who are subject to other policy or technical limitations that prevent connectivity to Microsoft’s infrastructure.

The accompanying illustration shows the dependencies between Microsoft Defender for Cloud and Microsoft 365 Defender services, and the clients, servers, and services they can protect. The connectivity requirements affect Microsoft 365 Defender services sold both à la carte and in Microsoft 365 E5 suites, as well as the various independently licensed Microsoft Defender for Cloud services. Although all of these services have software of some type that runs locally on the client or server, or within the Azure services that they help secure, they also all require connectivity to Microsoft’s cloud infrastructure: Microsoft 365 Defender services connect to Microsoft 365 infrastructure, and Microsoft Defender for Cloud connects to Azure infrastructure. This is a change from earlier on-premises Microsoft security products, which could operate apart from connectivity to Microsoft-hosted cloud infrastructure.