This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
- Contact Sales
- Free account
- Azure pricing
Microsoft Defender for Cloud pricing
- Request a pricing quote
- Try Azure for free
Get comprehensive security across multicloud and hybrid environments
Explore pricing options.
Apply filters to customize pricing options to your needs.
Prices are estimates only and are not intended as actual price quotes. Actual pricing may vary depending on the type of agreement entered with Microsoft, date of purchase, and the currency exchange rate. Prices are calculated based on US dollars and converted using London closing spot rates that are captured in the two business days prior to the last business day of the previous month end. If the two business days prior to the end of the month fall on a bank holiday in major markets, the rate setting day is generally the day immediately preceding the two business days. This rate applies to all transactions during the upcoming month. Sign in to the Azure pricing calculator to see pricing based on your current program/offer with Microsoft. Contact an Azure sales specialist for more information on pricing or to request a price quote. See frequently asked questions about Azure pricing.
US government entities are eligible to purchase Azure Government services from a licensing solution provider with no upfront financial commitment, or directly through a pay-as-you-go online subscription.
Important—The price in R$ is merely a reference; this is an international transaction and the final price is subject to exchange rates and the inclusion of IOF taxes. An eNF will not be issued.
Microsoft Defender for Cloud provides comprehensive, cloud-native protections from development to runtime in multicloud environments. Defender for Cloud helps you protect resources across Azure, other clouds, and on-premises through its Free tier and enhanced security capabilities.
Microsoft Defender for Cloud is free for the first 30 days. Any usage beyond 30 days will be automatically charged as per the pricing scheme below.
When you enable Microsoft Defender for Cloud, we automatically enroll and start protecting all your resources unless you explicitly decide to opt-out. For any resource that is protected by Defender for Cloud, you will be charged per the pricing model below.
Cloud Security Posture Management (CSPM)
Microsoft Defender for Cloud offers foundational and advanced cloud security posture management solutions to protect across your multicloud and hybrid environments. Foundational CSPM (for free) provides continuous assessments, security recommendations, Secure Score, and the Microsoft cloud security benchmark across Azure, Amazon Web Services(AWS), and Google Cloud.
Microsoft Defender CSPM provides advanced security posture capabilities including agentless vulnerability scanning, attack path analysis, integrated data-aware security posture, code to cloud contextualization, and an intelligent cloud security graph. Pricing is dependent on cloud size, with billing based only on only Server, Storage account, and Database counts.
Additionally, it includes DevOps security capabilities to empower security teams to manage DevOps security across multi-pipeline environments.
Cloud workload protection plans
Microsoft Defender for Cloud provides cloud workload protection to help organizations quickly prevent, detect, and respond to modern threats across multicloud and hybrid environments. Get advanced threat protection capabilities to secure critical workloads across virtual machines (VMs), containers, databases, storage, app services, APIs, and more.
Additional data charges for virtual machines only
Azure pricing and purchasing options.
Connect with us directly
Get a walkthrough of Azure pricing. Understand pricing for your cloud solution, learn about cost optimization and request a custom proposal.
See ways to purchase
Purchase Azure services through the Azure website, a Microsoft representative, or an Azure partner.
Microsoft defender for cloud.
Learn more about Microsoft Defender for Cloud features and capabilities.
Estimate your expected monthly costs for using any combination of Azure products.
Review the Service Level Agreement for Microsoft Defender for Cloud.
Review technical tutorials, videos, and more Microsoft Defender for Cloud resources.
Frequently asked questions
- Do I have to upgrade my Kubernetes and Container registries plans to the new Container offering? No. Subscriptions that had either Microsoft Defender for Kubernetes or Microsoft Defender for Container registries enabled prior to December 6, 2021 do not need to upgrade to the new Microsoft Defender for Containers offering. However, you will see an upgrade option inside the portal.
- What happens to subscriptions with Microsoft Defender for Kubernetes enabled? Customers who currently use Microsoft Defender for Kubernetes will continue to be able to use it for subscriptions where the service is already enabled.
- What happens to subscriptions with Microsoft Defender for Container registries enabled? Customers who currently use Microsoft Defender for Container registries will continue to be able to use it for subscriptions where the service is already enabled.
Yes. The new Microsoft Defender for Containers plan contains all features that were previously available via Microsoft Defender for Kubernetes and Microsoft Defender for container registries. In addition, the new plan contains a large set of new and improved capabilities and has removed previously existing dependencies on Microsoft Defender for Servers. Brand new features include Kubernetes-native deployment, advanced threat protection with Kubernetes-aware AI analytics and anomaly detection, and runtime visibility of vulnerabilities.
For more details, read this article .
- What constitutes a transaction for Anomaly Detector API? A transaction is an API call with a request payload size of up to 1,000 data points included in the time series. Each increment of 1,000 data points will be counted as an additional transaction. For example, an API call with request payload size of 2,050 data points is 3 transactions. The maximum request payload size is 8,640 data points. Each data point in the time series is a time stamp/numerical value pair.
- How is Microsoft Defender for Cosmos DB billed for the Azure Cosmos DB Serverless offer? For Azure Cosmos DB Serverless accounts, Microsoft Defender for Cosmos DB uses a conversion factor of 0.00003125, to convert serverless request units (RUs) to provisioned throughput. For example: An Azure Cosmos DB Serverless account with usage of 215 million RUs per month, will be charged $- for Microsoft Defender for Cosmos DB (215 million RUs * 0.00003125 * $- per 100 RU per second).
Talk to a sales specialist for a walk-through of Azure pricing. Understand pricing for your cloud solution.
Get free cloud services and a $200 credit to explore Azure for 30 days.
- CRM Software
- Email Marketing Software
- Help Desk Software
- Human Resource Software
- Project Management Software
- Browse All Categories
- Accounting Firms
- Digital Marketing Agencies
- Advertising Agencies
- SEO Companies
- Web Design Companies
- Blog & Research
Pricing for Microsoft Defender for Business
Microsoft defender for business has 1 pricing plan.
- Yes, has free trial
- No free version
Popular alternatives to Microsoft Defender for Business
Looking to learn more about Endpoint Detection and Response software similar to Microsoft Defender for Business ? Check out these popular alternatives that are closest in terms of key features, functionality, and benefits.
What do others say about Microsoft Defender for Business pricing?
How should i be thinking about software pricing.
Subscribe for Practical 365 updates
Please turn off your ad blocker and refresh the page to subscribe.
You may withdraw your consent at any time. Please visit our Privacy Statement for additional information
- Microsoft 365
How does Microsoft Defender for Business compare to Defender for Enterprise?
Table of Contents
Three licenses are available for Microsoft Defender for Business: Defender for Endpoint Plan 1, Defender for Endpoint Plan 2, and Defender for Business. A Plan 1 license is limited and contains only Antivirus capabilities. Defender for Endpoint Plan 2 is the oldest and default plan, and it covers features such as Antivirus, Endpoint Detection & Response (EDR), Attack Surface Reduction , Advanced Hunting, and Automated Investigation and Response. Defender for Business is a license tailored to small and medium-sized businesses whose feature set sits between Plan 1 and Plan 2. In this article, I discuss the capabilities of Defender for Business.
A complete comparison between the different license plans is available on Microsoft Learn . Here, I compare Defender for Endpoint Plan 2 against Defender for Business. I ignore Plan 1 because it is a basic plan that misses critical features such as Endpoint Detection & Response. Organizations looking for an Endpoint Protection system should select one with EDR capabilities. EDR provides more in-depth monitoring capabilities compared to a traditional antivirus, as it is not based on signatures but will scan all activity in a cloud database, providing more in-depth detections.
A couple of significant differences exist between Defender for Endpoint Plan 2 and Defender for Business. The two most important ones are listed below, which are covered in depth later in the article.
- Configuration of the Endpoint agent on workstations is simplified in Defender for Business.
- The Business license includes no threat-hunting capabilities.
Besides these differences, a couple of minor differences from Defender for Business that are good to know include:
- The lack of device groups.
- No way to see the currently logged-on user of a device.
- Lack of custom detection rules
The Microsoft 365 Kill Chain and Attack Path Management
An effective cybersecurity strategy requires a clear and comprehensive understanding of how attacks unfold. Read this whitepaper to get the expert insight you need to defend your organization!
Threat hunting is the most crucial feature not covered by the Business license. But what exactly does this mean, and is the lack of threat hunting a dealbreaker?
When Microsoft states that Defender for Business has no threat hunting capabilities, they mean that there is no way to get a hold of the raw data which Defender for Endpoint collects. The raw data consists of the device timeline , a visual representation of all events collected on an endpoint, and advanced hunting , which allows you to retrieve this data through KQL.
The main reason why people use Microsoft Defender is for incident investigation. If there is an incident, you investigate it thoroughly and check if there are any follow-up actions to take:
- Should I reset the user’s password?
- Do I need to reinstall the device?
- Is there any user education required to avoid such an incident in the future?
Defender for Business is limited to the information Microsoft provides. Each incident has an alert story describing the actions Defender identifies as suspicious, as shown in Figure 1.
While information retrieved from the alert story might be adequate for some investigations, in my experience, the information presented by Defender for Business often lacks details. Sometimes, you need to know which URL the user visited before the attack was launched or which files were modified by a specific process. I typically get this information from the device timeline, but this is unavailable when using Defender for Business.
This is not a disaster, but it means you cannot double-check any incident Microsoft creates. You must trust Microsoft’s detection mechanisms.
The same goes for the lack of advanced hunting. Advanced hunting allows you to create KQL queries to generate an incident if a query has a result. Because advanced hunting is unavailable, you lack the ability to create incidents based on conditions or logic.
As Defender for Business is geared toward small and medium-sized businesses, the above might not be a dealbreaker for organizations without a dedicated security or IT engineer. Diving into logs to get more information is not something every IT engineer will do because they lack the knowledge or time for such investigations.
Defender for Business simplifies the deployment and configuration of your endpoints. In comparison, a typical Defender for Endpoint onboarding is done through the Microsoft Intune portal by deploying the necessary onboarding and configuration policies. Defender for Business supports the onboarding of Intune-enrolled Windows devices through the setup wizard. This means there is no additional configuration using the Intune portal, as Microsoft sets everything in the background. Besides onboarding, Defender for Business also deploys a Microsoft-recommended configuration of the antivirus (including scan configuration) and the endpoint firewall. This is great for small IT teams without in-depth knowledge of the Microsoft security stack.
Not all license differences are covered on Microsoft’s website, meaning it’s unclear what features you miss. I have run into some features that aren’t in Defender for Business that are useful.:
- If you navigate to a device’s page, Defender for Endpoint displays a ‘Last Logged-On User’ property showing which user most commonly logs into the device. This is a handy way to identify which end-user is using a device. This type of information is not available for Defender for Business tenants.
- Device Groups are used to create a logical grouping of different sets of computers. Some examples are servers vs. endpoints, mobile vs. desktop, or active vs. inactive devices .
A Strong Core Set of Features
While there are quite a few differences between Enterprise and Business licenses, the core features remain the same. With a Defender for Business license, we get the following:
- A fully-fledged, modern Antivirus system configured according to Microsoft best practices.
- An EDR system using behavior monitoring scans your endpoints and blocks threats if required.
- Insights into vulnerabilities using the built-in Vulnerability Management license.
Your organization’s appetite for security
Microsoft Defender for Business is a great way for small businesses to use enterprise-grade protection and detection without needing an IT engineer with a good knowledge of endpoint security . It simplifies incident investigation and device onboarding by abstracting more complex workflows from the organization. This makes Defender for Business an excellent fit for small organizations, as it is easy to deploy and maintain.
Nevertheless, Defender for Business is not great for medium-sized organizations that need an in-depth, advanced security solution. Some organizations are below 200 employees and thus eligible for Business licenses but need a higher level of sophistication in their security solution. This type of organization might look for an outsourced SOC or a dedicated security engineer who needs tools such as advanced hunting and the device timeline. For those types of organizations, I recommend a Defender for Endpoint Plan 2 d.
Cybersecurity Risk Management for Active Directory
Discover how to prevent and recover from AD attacks through these Cybersecurity Risk Management Solutions.
About the Author
Hi Thijs Great article, thank you. Not being able to identify users is a problem with Defender for Business. Ate yiu aware of any method of pulling device owners besides manual tagging?
I haven’t and I fear there is none. With MDFB, you don’t have access to the same raw data. You can use the primary user in Intune, but that’s static unfortunately.
Leave a Reply Cancel reply
Exchange 2019 CU14 Fixes Exploits in the Wild
Microsoft released cumulative update 14 for Exchange Server 2019 on February 13, 2024. This update fixes several bugs, but more importantly, contains a fix for a serious security issue that is being exploited in the wild. This is your sign to enable Extended Protection, if you haven't already.
The Critical Need for Integrating Devices with Intune
In this blog, Jon Jarvis reviews the importance of integrating devices with Intune, and the risks that can arise from poorly managed devices.
Microsoft Releases Public Preview of Microsoft 365 Backup
If you’re interested in protecting your SharePoint Online, OneDrive for Business, or Exchange Online data, it is useful to understand how Microsoft 365 Backup works and what the software can and cannot do. In this article, Paul Robichaux walks through how to set up and test the preview version of Microsoft 365 Backup.
Microsoft Blog for MSPs and IT Pros
Microsoft Defender for Business Breakdown
Recently, Microsoft has announced a fork of the Defender for Endpoint offering into two plans. Defender for Endpoint has traditionally been an enterprise grade solution and only included in higher level plans such as E5. Over the past few years Microsoft has made this a standalone offering that could be bolted on to other plans to make it more cost effective. With the fork into the two plans, plan 1 is essentially a lightweight version of the offering. At a high level this plan includes components like Next gen protection and attack surface reduction.
Now Microsoft has also announced that there will be a Microsoft Defender for Business offering that will be included at no additional cost to Microsoft Business Premium ($20/user/month). This is an amazing addition to a sku that is already pretty robust with security offerings.
As you can see, Microsoft Defender for Business (as part of M365 Business Premium) includes almost all features that come with plan 2. Here are some descriptions of those high level features(as referenced here) :
- Threat and vulnerability management – Helps you to prioritize and focus on the weaknesses that pose the most urgent and the highest risk to your business. By discovering, prioritizing, and remediating software vulnerabilities and misconfigurations you can proactively build a secure foundation for your environment.
- Attack surface reduction – Reduces your attack surface (places that your company is vulnerable to a cyberattacks) across your devices and applications using capabilities such as ransomware mitigation, application control, web protection, network protection, network firewall, and attack surface reduction rules.
- Next-generation protection – Helps to prevent and protect against threats at your front door with antimalware and antivirus protection—on your devices and in the cloud.
- Endpoint detection and response (EDR) – Get behavioral-based detection and response alerts allowing you to identify persistent threats and remove them from your environment. Manual response actions within Defender for Business will allow you to take action on processes and files, while live response will put you in direct control of a device to help ensure it’s remediated, secured, and ready to go.
- Automated investigation and remediation – Helps to scale your security operations by examining alerts and taking immediate action to resolve attacks for you. By reducing alert volume and remediating threats, Defender for Business allows you to prioritize tasks and focus on more sophisticated threats.
- APIs and integration – Automate workflows and integrate security data into your existing security platforms and reporting tools. For example, you can pull detections from Defender for Business into your security information and event management tool.
As I mentioned earlier, this offering is being bolted into M365 BP at no additional cost. Defender for Endpoint can still be purchased standalone if you would like to add it on to lower level plans like Business Standard.
- $1.45/User/Month EDU
- $2.50/User/Month EDU
Business Premium Value
With this addition, Microsoft now has the following capabilities:
- 365 Email + Apps
- File Storage with OneDrive/SharePoint
- Collab with Teams
- DLP Policies
- Azure Information Protection Plan 1 (Standalone $2/user/month, email encryption/document classification)
- Azure AD Premium p1 (Standalone $6/user, conditional access policies)
- Defender for Office 365 Plan 1 (standalone $2/user, advanced email protection capabilities)
- Intune(Standalone $8 user/month, MDM/Device Mgt)
- Defender for Endpoint(Standalone $3/user/month, EDR)
That is definitely a ton of value for $20/user/month. (Soon to be $22 come March 2022)
A larger concern for MSPs related to this product is simply the siloed management portals for each customer to configure policies and investigate/remediate threats. Microsoft is solving for this by introducing this feature set for Defender for Business into M365 Lighthouse which is their multi-tenant management solution for MSPs. It will be interesting to see all the capabilities you will have there once that is released.
Nist csf 2.0 with microsoft 365: enablement guide, how to secure microsoft teams | top tips, secure your microsoft 365 environment: a comprehensive guide mapped to cis controls, 5 thoughts on “microsoft defender for business breakdown”.
[…] For more information on this announcement, click here. […]
[…] For more information about this offering, check out my blog post here […]
I’m doing a trial of M365 Business Premium and don’t believe I’m seeing the “Defender for Business” access.. my security.microsoft.com portal only shows Email & Collaboration section on left side. My understanding is there should be “Endpoints” .. any ideas?
may just be a propagation thing. Sorry for my delayed response. Did you get this worked out?
Comments are closed.
Automatic attack disruption in microsoft defender xdr and containing users during human-operated attacks, pivot via oauth applications across tenants and how to protect/detect with microsoft technology (midnight blizzard), protect against qr code phishing with microsoft defender products, how to use deception in microsoft defender for endpoint/ defender xdr, how to protect microsoft teams with microsoft 365 defender, common mistakes during microsoft defender for endpoint deployments, how to use automatic attack disruption in microsoft 365 defender (bec, aitm & humor).
Microsoft Defender for Business – How to use it, and what are the differences with P2?
Microsoft Defender for Business (MDB) is the new Defender product scoped for small businesses. Defender for Business is a new endpoint security solution now generally available within Microsoft 365 Business Premium and as a standalone solution. Defender for business is scoped up to 300 employees.
Blog updated 3 august 2022 ; added preview information for servers
Currently the following Defender for Endpoint products are available:
Defender for Business
- Defender for Endpoint P1
Defender for Endpoint P2
- Server 2012R2 and higher ( preview )
Defender for Business is part of the Microsoft 365 Business Premium license. For customers with Microsoft 365 Business Basic or Standard you can upgrade to Business Premium or use the new standalone Defender for Business product. If you have Microsoft 365 Business Premium, Defender for Business is included.
For managing devices Defender for Business supports currently the following operating systems.
– Windows 10 Business or later – Windows 10 Professional or later – Windows 10 Enterprise or later – macOS (the three most current releases are supported
Usecase of Defender for Business
As already written above, Defender for Business is enterprise Endpoint protection in an easy-to-use format for up to 300 employees. It provides components that are already part of Defender for Endpoint P1 and P2. This blog gives more explanation for the features and differences in comparison with P1 and P2.
Currently, Defender for Business is only focusing on end-user platforms. Windows, macOS, iOS, and Android clients are supported. Support for Windows and Linux servers is not yet available. Microsoft gives the following information for server platforms:
Update 03/08/2022 – added server support : Server support is now available in private preview for Defender for Business. View the announcement
“ We’re adding support for Windows and Linux servers to Microsoft Defender for Business with up to 300 employees, coming later this year with an add-on solution. You will be able to manage client and server endpoints from a single experience. Windows Server experience will be the same as Windows client. Linux servers will use deployment scripts allowing you to integrate into your existing management platforms such as Chef, Puppet, and Ansible.”
Onboarding is currently possible for:
- Windows 10/11
License and features
For the best onboarding and security management experience it is recommended to use Defender for Business with Microsoft Intune. Intune is included in Microsoft 365 Business Premium.
There is some difference between Defender for Business (standalone) and Microsoft 365 Business Premium where Defender for Business is included. Read more here .
Other protection products part of Microsoft 365 Business Premium
Microsoft 365 Business Premium comes with some other security licensing. The following is available for customers:
Exchange and Defender for Office
Microsoft 365 Business Premium comes with Exchange Online Plan 1 and Defender for Office 365 Plan 1.
Microsoft 365 Business Premium comes with Azure Active Directory Premium Plan 1 and Conditional Access Plan 1.
Microsoft 365 Business Premium comes with Azure Information Protection Premium P1.
Important Combination of P1/ P2/ Defender for Cloud
If you have an existing Microsoft Defender for Endpoint license within your tenant this will affect the administrative experience, within the Microsoft 365 Defender security portal. When the Defender for Business service is enabled, the following experience will be changed:
- Microsoft Defender for Endpoint P1 will be changed to Microsoft Defender for Business.
- Microsoft Defender for Endpoint P2 will remain in place and Microsoft Defender for Business product experience will not be seen until the Defender for Endpoint P2 license is completely removed from the tenant. At which time Defender for Business experience will be seen.
- Microsoft Defender for Servers, or Microsoft Defender for Cloud is active within the Azure tenant. This will also impact the Microsoft 365 Defender admin center and switch it to a more advanced Microsoft Defender for Endpoint Plan 2 product experience. Defender for Business experience will not be seen.
Situation: When Defender for Business is enabled and Defender for Cloud integration is enabled for Defender for Cloud; The advanced Defender for Endpoint Plan 2 experience is the default. Check always which licenses are needed for the use-case of the organization and combination of different Defender products.
More product information:
- Microsoft: New endpoint security for small and medium businesses now available with Defender for Business.
- Microsoft: Get Microsoft Defender for Business
How to configure Defender for Business ?
For Defender for Business make sure the license is assigned to the signed-in user. After buying or enabling the trial the following license is available; Microsoft Defender for Business
To activate the product, visit the Microsoft 365 Defender security center: www.security.microsoft.com and go to Settings > Endpoints .
Now the “Welcome to Microsoft Defender for Business” screen is visible. Click on Get Started .
First Defender for Business setup
During the setup the end-user can directly configure user permissions, email notifications, and onboarding/ configure Windows devices.
Now we need to make sure the correct users are assigned. Directly from the security.microsoft.com wizard it is possible to assign Security Reader or Security Admin role permissions. Assignments can be created/ changed later in Azure Active Directory. Of course; it is possible to skip the configuration.
Same for the email notification. During the email notifications wizard it is possible to select recipients and the specific notification type. it is possible to send notifications for alerts, vulnerabilities or alerts & vulnerabilities. The wizard creates rules in the email notification settings part of security.microsoft.com.
Onboard Windows Devices is important. Defender for Business supports different methods for onboarding devices into Defender for Endpoint. Onboarding is similar in comparison to the P1 and P2 solution from Microsoft.
For onboarding the following options are possible;
- Microsoft Endpoint Manager/ Microsoft Intune
- Local Script
- Group Policy
- VDI Onboarding script
The security settings configuration is different compared to Defender for Endpoint P1 and P2. Microsoft starts with default policies with recommended settings that can be applied to Windows devices. The recommended configuration will include Next-generation protection policies and Firewall policies. It is always possible to change settings later in Device configuration or Intune. More information and policy configuration explanation: Understand next-generation protection configuration settings in Microsoft Defender for Business | Microsoft Docs
Complete the first-run setup and wait before the Defender instance is enabled. After some minutes (2-3 min) the You’re all set message is visible.
The initial wizard creates automatically the connection that is required between Intune (Endpoint Manager) and Microsoft Defender for Business. All default policies are directly created in Intune, and Advanced Features are automatically enabled.
Currently (21-6-2022) all advanced features are enabled, except Preview features, Tamper Protection and Live Response. It is advised to enable Tamper Protection and Live Response. Preview features can be used to get new security features in the early release ring.
Defender for Business Policies
Based on the first initial setup – Microsoft enables baseline settings for Antivirus, Firewall, and Endpoint detection and response.
Settings can be managed in MEM and MDE. Defender for Business uses the MDE security management feature .
In the Endpoint manager portal ( https://endpoint.microsoft.com ), we find under Endpoint security the following profiles:
- Antivirus – NGP Windows default policy
- Firewall – Firewall Windows default policy
Note: By default the profiles are deployed to All Devices without any additional filter. Currently there is no Attack Surface Reduction and Endpoint detection and response profile configured. ASR and EDR are not yet available in the modern configuration interface, and can be deployed using Microsoft Intune.
From the Microsoft 365 Defender portal (security.microsoft.com) navigate to Device Configuration under Configuration management . The same policies which are visible in MEM can be directly changed from the Defender portal.
It is possible to edit the default policies, it is not possible to delete the default policies created during the wizard. Default policies will take the lowest order of precedence, so if another policy is created based on a higher rank the settings will be applied following the order.
Key points to remember about policy order
- Policies are assigned an order of priority.
- Devices receive the first applied policy only.
- You can change the order of priority for policies.
- Default policies are given the lowest order of priority.
Configuration management is enabled using Microsoft Endpoint Manager. The default configuration is configured based on Windows Client devices. Note : Server is currently not included in the Defender for Business product.
As already explained different onboarding methods can be used for Windows. For manually onboarding GPO or Local onboarding script can be used.
For local devices not part of MEM it is possible to manage settings using MDE and MEM, based on the security management feature. After onboarding the devices are onboarded in AzureAD and MEM.
Important: Make sure the correct patches and requirements are installed. Update Defender to the latest Defender product update, which is needed for the management feature. Use aka.ms/mdeclientanalyzer for checking the connectivity and update/system status.
For exporting events/ alerts it is possible to use Microsoft Sentinel. Based on my test lab the Microsoft Defender for Endpoint connectors works and creates incidents based on Defender for Endpoint alerts.
Security.microsoft.com admin experience is different for the Endpoint section. Defender for Business is missing the following configuration items:
- APIs – SIEM
- Permissions – Roles
- Permissions – Device groups
- Rules – Process Memory Indicators
- Rules – Automation uploads
- Rules – Automation folder exclusions
There is no support for creating custom device groups. Defender for Business supports the following roles:
More information: Microsoft Defender for Business roles
Defender for Business incident experience is different. In comparison with Defender for Endpoint P2 there are some differences in the incident/ investigation experience.
First, there is no Advanced Hunting. Defender for Endpoint is not saving 30 days of event data and 180 days of retention data. Based on this behavior there is no option to hunt for specific device events.
Defender for Endpoint P2 supports the timeline events. There is no additional event data in Defender for Business, which gives no centralized Device Timeline event.
As part of the incident investigation, there are some differences in the alert story. Below is the difference between Defender for Endpoint P2 and Defender for Business based on file type actions.
Defender for Business is not supporting the following investigation features:
- Open file page button
- Download files
- Submit to deep analysis
- Stop and Quarantine Files
- Ask Defender Experts
Device page experience
The device page contains some differences in comparison with Defender for Endpoint P2. Most of the device actions are available for Defender for Business except the threat expert feature.
What is not available on the device page?
From an information point of view, the most important feature which is missing is the Timeline tab including all related security events. All other information ( alert, security recommendations, inventory….) is available.
Defender for Business supports not all Defender for Endpoint P2 reports.
The following is available (URL: https://security.microsoft.com/securityreports)
Defender for Business Limitations
Not all features are available in Defender for Business; there is a cap between Defender for Business and Defender P2. Already quite a lot of features are described in this blog. In high-level terms the following is the difference.
Defender for Business includes most of the Defender for Endpoint P2 features. The following differences are available:
- No advanced Hunting/ threat hunting
- No Threat Experts services
- No 6-months data retention
- No device timeline
- Servers not yet supported (coming in separate offer)
- Threat analytics optimized for small and medium-size business
- No sandbox feature
- Limited in hunting and file/ remediation
Conditional Access for specific device risk policies is included in Microsoft 365 Business Premium or AzureAD P1.
Compare Defender plans
For SMBs based on Microsoft 365 Business Premium the Defender for Business product is included. Compared with Defender for Endpoint P2, some advanced features are missing. It brings more value in comparison with Defender for Endpoint P1. Hopefully Microsoft will add more support for Attack Surface Reduction rules and additional policies (Security Baseline) in the centralized policy management.
Based on the price and cost of the license – it is not bad for small businesses.
Microsoft: What is Defender for Business
Microsoft: Defender for Business – Frequently asked questions and answers
Microsoft: Compare security features
How to upgrade from MMA-based Defender for Endpoint to MDE unified solution in Defender for Cloud?
Use automation/playbooks in microsoft sentinel during incident update activity using update triggers, related posts, manage device control with microsoft defender for endpoint and endpoint manager, defender for endpoint device discovery: discover the unmanaged part of the corporate network, 5 manieren om azure active directory accounts veiliger te maken, tips for preventing against new modern identity attacks (aitm, mfa fatigue, prt, oauth), warn/monitor users for shadow it usage with microsoft cloud app security, azure ad sign-in risk policy: zo werkt deze functionaliteit.
One questions comes to mind, does purchasing one P2 license enable the functionality for all Business endpoints?
Licensing is user-oriented. This means that each employee needs a Microsoft Defender for Endpoint P2 license. User is allowed to use the software on up to 5 devices, on Windows, MacOS, iOS, Android.
So, Defender for buisness is now included in Buisness Premium, almost Defender fro Endpoint P2. What happends if you upgrade from Defender for buisness to a P2 license? The onboarding process is different according to Microsoft.
Yes, Defender for Business is using the same onboarding package. Only difference is based on the features and AV management. In P2 it is better to use the complete Intune suite for managing features. Defender Business is created with the device configuration tab.
Note: When upgrading one license the complete licensee is migrating to the MDE P2 license. For getting the correct compliancy, it is needed to buy a P2 license for all machines.
Please guide how to Stream events from Microsoft Defender for Business to Microsoft Sentinel.
Leave a Reply Cancel reply
Save my name, email, and website in this browser for the next time I comment.
MDE blog series
Supporting this blog
Username or Email Address
Registration is closed.
Top Contributors in Subscription, account, billing: NoOneCan - Dillon Silzer - RonBarker - VincentChoy ✅
February 13, 2024
Top Contributors in Subscription, account, billing:
NoOneCan - Dillon Silzer - RonBarker - VincentChoy ✅
- Search the community and support articles
- Microsoft 365 and Office
- Subscription, account, billing
- Search Community member
Ask a new question
MS 365 Business premium license include MS Defender Plan1 or Plan2 ?
Is MS 365 business premium license includes MS defender plan2? if not what is the added value in plan2 over plan 1
Replies (2) .
Was this reply helpful? Yes No
Sorry this didn't help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
Thanks for your feedback.
- Microsoft Agent |
Dear Admin Magnetar,
Thank you for posting in Microsoft Community.
As per your mentioned concern, based on my finding, generally Microsoft Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium and Microsoft Defender for Office 365 Plan 2 is included in Office 365 E5, Office 365 A5, and Microsoft 365 E5. Microsoft Defender for Office 365 Plan 1 and Defender for Office 365 Plan 2 are each available as an add-on for certain subscriptions.
For more information, kindly refer to this official document Microsoft Defender for Office 365 Plan 1 and Plan 2
Furthermore, in order of your scenario, you may further connect with our Business billing support team via phone support or open service request, they will further assist you and provide you information according to your requirement.
Here is official information article about: Get support - Microsoft 365 admin | Microsoft Docs
I would really appreciate your kind cooperation.
Sincerely, Darpan | Microsoft Community Moderator
***Note: In the event that you're unable to reply to this thread, please ensure that your Email address is verified in the Community Website by clicking on Your Account Name > "My Profile" > "Edit Profile" > Add your Email Address > tick "Receive email notifications" checkbox > click on "Save".***
- For business
- Security and compliance
- Norsk Bokmål
- Mobile Site
- Staff Directory
- Advertise with Ars
Filter by topic
- Biz & IT
- Gaming & Culture
Front page layout
$6 for apps like Gmail and Docs, and $20 for an AI bot? —
Google launches “gemini business” ai, adds $20 to the $6 workspace bill, google's ai features add a 3x increase over the usual workspace bill..
Ron Amadeo - Feb 21, 2024 10:21 pm UTC
Google went ahead with plans to launch Gemini for Workspace today. The big news is the pricing information, and you can see the Workspace pricing page is new, with every plan offering a "Gemini add-on." Google's old AI-for-Business plan, "Duet AI for Google Workspace," is dead, though it never really launched anyway.
Google has a blog post explaining the changes. Google Workspace starts at $6 per user per month for the "Starter" package, and the AI "Add-on," as Google is calling it, is an extra $20 monthly cost per user (all of these prices require an annual commitment). That is a massive price increase over the normal Workspace bill, but AI processing is expensive . Google says this business package will get you "Help me write in Docs and Gmail , Enhanced Smart Fill in Sheets and image generation in Slides ." It also includes the "1.0 Ultra" model for the Gemini chatbot—there's a full feature list here . This $20 plan is subject to a usage limit for Gemini AI features of " 1,000 times per month ."
Google's second plan is "Gemini Enterprise," which doesn't come with any usage limits, but it's also only available through a "contact us" link and not a normal checkout procedure. Enterprise is $30 per user per month, and it "includes additional capabilities for AI-powered meetings, where Gemini can translate closed captions in more than 100 language pairs, and soon even take meeting notes."
Channel ars technica.
Jeff Bezos' great big February stock sell-off is complete
- Jeff Bezos has finished selling off 50 million shares in Amazon.
- The Amazon cofounder disclosed plans to offload the shares, worth roughly $8.5 billion.
- His last big Amazon selling spree was in 2021 when he prepared to step down as CEO .
Jeff Bezos has finished selling off 50 million shares in Amazon days after he announced plans to do so.
Earlier this month, it was disclosed that the Amazon founder and executive chairman intended to offload up to 50 million shares, worth roughly $8.5 billion, before January 31, 2025. It turns out he didn't need anywhere near all that time: He wrapped up his sell-off of exactly 50 million shares in just nine trading days this month, securities filings show .
At the end of December, Bezos owned 988 million shares, or just under 10% of Amazon, according to the company's proxy statement. At today's share price, that stake is worth more than $165 billion.
Bezos still has about 938 million shares in Amazon after his sell-off.
Bezos' net worth is $191 billion, according to the Bloomberg Billionaires Index.
His move to Miami could save him $600 million in taxes on the sell-off, as CNBC previously reported. While Washington has a 7% capital gains tax on sales of stocks or bonds worth upwards of $250,000, Florida doesn't have a capital gains tax. For the last 29 years, Bezos has lived in Seattle, where he built Amazon, before he announced in November that he was packing up and heading to Miami .
Bezos' last big Amazon selling spree was in 2021, as he prepared to step down as CEO after 27 years .
Watch: Jeff Bezos reportedly just spent $165 million on a Beverly Hills estate — here are all the ways the world's richest man makes and spends his money
- Main content
- Share full article
AT&T Says Service Is Restored After Widespread Cellular Outage
White House officials said the incident was under investigation, but it did not appear to be a cyberattack. Verizon and T-Mobile said their networks were operating normally.
By Jenny Gross and David McCabe
Jenny Gross reported from London and David McCabe reported from Washington.
AT&T said on Thursday that it had fully restored service to its wireless network after a widespread outage temporarily cut off connections for users across the United States for many hours, the cause of which was still under investigation.
The outage, which affected people in cities including Atlanta, Los Angeles and New York, was first reported around 3:30 a.m. Eastern time, according to Downdetector.com , which tracks user reports of telecommunication and internet disruptions. At its peak, the site listed around 70,000 reports of disrupted service for the wireless carrier.
Multiple government agencies said they were looking into the incident, although the Biden administration told reporters that AT&T said there was no reason to think it was a cyberattack.
AT&T did not disclose the scope of the outage, nor the reason for it. When the outage first began on Thursday morning, the company listed the cause as “maintenance activity.”
Jim Greer, an AT&T spokesman, apologized in a statement confirming service was restored and said the company was “taking steps to ensure our customers do not experience this again in the future.”
The outage underscored the importance of connectivity to daily life as individuals and businesses were cut off from communications and the ability to use mobile apps. AT&T advised consumers they could make calls over Wi-Fi and sought to respond to angry customers online. Many phones showed an “SOS” symbol on their screen, signaling they could only make emergency calls, while local governments offered alternate ways to reach 911.
Reports of outages on Downdetector began to fall midmorning, and at one point AT&T’s website showed that outages were limited to users in California , though users in other states were still reporting issues. Cricket, which is owned by AT&T, also reported that its users were experiencing wireless service interruptions and said it was working to restore service.
Reports also surfaced early Thursday that FirstNet, the network AT&T maintains for emergency services personnel, had experienced outages, but AT&T said around 10:30 a.m. that the network was fully operational.
Verizon experienced 3,000 reports of outages at one point on Thursday and T-Mobile about half that. Both companies said in statements that their networks were operating normally.
“Some customers experienced issues this morning when calling or texting with customers served by another carrier,” Verizon said. “We are continuing to monitor the situation.”
In an email, T-Mobile said that it did not experience an outage. “Downdetector is likely reflecting challenges our customers were having attempting to connect to users on other networks.”
Officials in Washington said they were working to understand the cause of the outage. A spokesman for the Federal Communications Commission said its inquiry was being handled by its Public Safety and Homeland Security Bureau, which was in touch with AT&T as well as other providers.
John Kirby, a National Security Council spokesman, said on a call with reporters on Thursday that the Biden administration was told “that AT&T has no reason to think this was a cybersecurity incident,” although he added that they would not be certain until an investigation had been completed.
Mr. Kirby said that, in addition to the F.C.C., the Department of Homeland Security and the F.B.I. were collaborating with technology companies to investigate the outage.
The F.B.I. said in a statement it was in touch with AT&T and would respond accordingly if any malicious activity was found.
Throughout the day, cities urged residents to find alternate ways of reaching emergency or municipal services, like landlines or phones connected to Wi-Fi. The City of Upper Arlington, Ohio , said the fire department might not be notified of fire alarms because of the outage. It urged that any fire alarm be followed up with a 911 call.
The San Francisco Fire Department said on social media that it was aware of an issue affecting AT&T users who were trying to call 911. “We are actively engaged and monitoring this,” the fire department said. “If you are an AT&T customer and cannot get through to 911, then please try calling from a landline.”
The Massachusetts State Police said on social media on Thursday morning that 911 call centers across the state had been flooded with calls from people checking to see if the emergency service worked from their phones. “Please do not do this,” the police said. “If you can successfully place a non-emergency call to another number via your cell service then your 911 service will also work.”
Even in less extreme circumstances, the outage complicated the many elements of life that have come to rely on a reliable connection to the internet.
Staff at the First Watch restaurant in Dania Beach, Fla., had to turn away breakfast customers for a time while the outage prevented them from processing payments.
Debra Maddow, who lives in southwest Houston, said that she first noticed something was off after 7 a.m., when she went to check traffic and Google Maps was offline. Later, she visited a Starbucks to make an urgent call through its free Wi-Fi, she said.
“I’m really frustrated that they’re not telling us anything,” Ms. Maddow said in a phone interview over Wi-Fi. She said she tried to call AT&T for an update, but after a long time on hold, the call was dropped.
Victor Mather , John Keefe , Zolan Kanno-Youngs and Adam Goldman contributed reporting.
Jenny Gross is a reporter for The Times in London covering breaking news and other topics. More about Jenny Gross
David McCabe covers tech policy. He joined The Times from Axios in 2019. More about David McCabe
Explore Our Business Coverage
Dive deeper into the people, issues and trends shaping the world of business..
A Funding Frenzy: Anthropic, one of the world’s hottest A.I. start-ups, raised $7.3 billion over 2023. Here’s how the funding spree happened .
A Twist on Home Cooking: Developers are transforming clusters of old homes into micro restaurants, combining the pleasures of dining out with the nostalgic comforts of home .
The Great Compression: Soaring home prices in the United States have ushered in the era of the 400-square-foot subdivision house. The change could reshape the market .
A Billionaire’s Moonshots: The entrepreneur Kam Ghaffarian wants to help build the new space economy , one Prada spacesuit and Jeff Koons-filled lunar lander at a time.
E.V. Uncertainty: In Michigan, one of six battleground states that could determine the 2024 U.S. presidential election, electric vehicles have emerged as a contested piece of the economic future .
A Climate Retreat: Many of the world’s biggest financial firms spent the past several years pledging to fight climate change. Now, Wall Street has flip-flopped .
- U.S. Markets
- Futures & Commodities
- Funds & ETFs
- Health & Science
- Real Estate
- Financial Advisors
- Options Action
- Buffett Archive
- Trader Talk
- Social Media
- CNBC Disruptor 50
- White House
- Equity and Opportunity
- Business Day Shows
- Entertainment Shows
- Full Episodes
- Latest Video
- CEO Interviews
- CNBC Documentaries
- CNBC Podcasts
- Digital Originals
- Live TV Schedule
- Trust Portfolio
- Trade Alerts
- Meeting Videos
- Jim's Columns
- Stock Screener
- Market Forecast
- Options Investing
- Chart Investing
Help for Low Credit Scores
All Credit Cards
Find the Credit Card for You
Best Credit Cards
Best Rewards Credit Cards
Best Travel Credit Cards
Best 0% APR Credit Cards
Best Balance Transfer Credit Cards
Best Cash Back Credit Cards
Best Credit Card Welcome Bonuses
Best Credit Cards to Build Credit
Find the Best Personal Loan for You
Best Personal Loans
Best Debt Consolidation Loans
Best Loans to Refinance Credit Card Debt
Best Loans with Fast Funding
Best Small Personal Loans
Best Large Personal Loans
Best Personal Loans to Apply Online
Best Student Loan Refinance
Find the Savings Account for You
Best High Yield Savings Accounts
Best Big Bank Savings Accounts
Best Big Bank Checking Accounts
Best No Fee Checking Accounts
No Overdraft Fee Checking Accounts
Best Checking Account Bonuses
Best Money Market Accounts
Best Credit Unions
Best Mortgages for Small Down Payment
Best Mortgages for No Down Payment
Best Mortgages with No Origination Fee
Best Mortgages for Average Credit Score
Adjustable Rate Mortgages
Affording a Mortgage
Best Life Insurance
Best Homeowners Insurance
Best Renters Insurance
Best Car Insurance
All Credit Monitoring
Best Credit Monitoring Services
Best Identity Theft Protection
How to Boost Your Credit Score
Credit Repair Services
All Personal Finance
Best Budgeting Apps
Best Expense Tracker Apps
Best Money Transfer Apps
Best Resale Apps and Sites
Buy Now Pay Later (BNPL) Apps
Best Debt Relief
All Small Business
Best Small Business Savings Accounts
Best Small Business Checking Accounts
Best Credit Cards for Small Business
Best Small Business Loans
Best Tax Software for Small Business
Filing For Free
Best Tax Software
Best Tax Software for Small Businesses
Tax By State
Tax Payment Plans
All Help for Low Credit Scores
Best Credit Cards for Bad Credit
Best Personal Loans for Bad Credit
Best Debt Consolidation Loans for Bad Credit
Personal Loans if You Don't Have Credit
Best Credit Cards for Building Credit
Personal Loans for 580 Credit Score or Lower
Personal Loans for 670 Credit Score or Lower
Best Mortgages for Bad Credit
Best Hardship Loans
Best IRA Accounts
Best Roth IRA Accounts
Best Investing Apps
Best Free Stock Trading Platforms
FCC to vote in March on rules for 'all-in' cable and satellite pricing
- The Federal Communications Commission announced that it will be voting on rules that will require cable and satellite providers to display an "all-in" price for video programming on consumers' bills and promotional materials.
- "We're working to make it so the advertised price for a service is the price you pay when your bill arrives," FCC Chairwoman Jessica Rosenworcel said.
WASHINGTON — A federal consumer protection watchdog agency on Wednesday announced that it will be voting on rules that will require cable and satellite providers to display an "all-in" price for video programming on consumers' bills and promotional materials.
The Federal Communications Commission's final rules are expected to be largely similar to those the agency initially proposed last year. The commission plans to vote on a final version of the rules during its upcoming March 14 open meeting.
"We're working to make it so the advertised price for a service is the price you pay when your bill arrives," FCC Chairwoman Jessica Rosenworcel said in a statement .
"Not only will this reduce cost confusion and make it easier for consumers to compare services, but this proposal will also increase competition among cable and broadcast satellite providers through improved price transparency," said Rosenworcel.
The commission voted in December to adopt a proposal to ban cable and satellite companies from charging early termination fees.
The agency is also gearing up to enforce a new labeling format for broadband internet service providers, starting in April.
Read more CNBC politics coverage
- White House to expand Russia sanctions over Alexei Navalny’s death
- Appeals court will rehear challenge to Nasdaq board diversity rule, putting mandate at risk
- Senate bill aims to kill proposed SEC rule on AI conflicts of interest
The FCC rules to be voted on next month are the latest in a string of new regulations across the federal government aimed at eliminating what the Biden administration has labeled "junk fees," undefined or last-minute costs charged to consumers, often at the end of an online transaction.
It is also a cause that President Joe Biden has long supported .
"Too often, these companies hide additional junk fees on customer bills disguised as "broadcast TV" or "regional sports" fees that in reality pay for no additional services," Biden said in a June 2023 statement on the proposed FCC rule.
"These fees really add up: according to one report, they increase customer bills by nearly 25% of the price of base service," said Biden.
Correction: The FCC announced Wednesday it will be voting to finalize price disclosure rules for video programming services. An earlier version mischaracterized the action.
Don't miss these stories from CNBC PRO:
- Warren Buffett's Berkshire keeps new stock pick secret — again. Here's what it means
- Michael Burry of 'The Big Short' fame buys Amazon, Alphabet and a dozen other new stocks
- Move over, Nvidia. There's a new hot AI play that has soared 960% in the past year
- Morgan Stanley's Slimmon names 3 stocks to buy right now: 'It's going to be a good year for equities'
- This little-known bank is offering one of the highest CD rates
Copilot for Microsoft 365 is now available for small and medium-sized businesses.
Find the best Microsoft 365 plan for your business
Microsoft 365 business basic.
Originally starting from $6.00 now starting from $6.00
(Annual subscription–auto renews) 1
Apps and services to kick-start your business, including:
Identity, access, and user management for up to 300 employees
Custom business email ([email protected])
Web and mobile versions of Word, Excel, PowerPoint, and Outlook
Chat, call, and video conference with Microsoft Teams
1 TB of cloud storage per employee
10+ additional apps for your business needs (Microsoft Bookings, Planner, Forms, and others)
Automatic spam and malware filtering
Anytime phone and web support
Microsoft 365 Business Standard
Originally starting from $12.50 now starting from $12.50
Everything in Business Basic, plus:
Desktop versions of Word, Excel, PowerPoint, and Outlook
Webinars with attendee registration and reporting
New : Collaborative workspaces to co-create using Microsoft Loop
New : Video editing and design tools with Microsoft Clipchamp
Copilot for Microsoft 365 available as an add-on . *
Microsoft 365 Business Premium
Originally starting from $22.00 now starting from $22.00
Everything in Business Standard, plus:
Advanced identity and access management
Enhanced cyberthreat protection against viruses and phishing attacks
Enterprise-grade device and endpoint protection
Discover, classify, and protect sensitive information
Microsoft 365 Apps for business
Originally starting from $8.25 now starting from $8.25
Desktop versions of Word, Excel, PowerPoint, and Outlook:
Desktop versions of Word, Excel, PowerPoint, and Outlook
1 TB of cloud storage per user
Add Copilot to your Microsoft plan *
Sign in to add Copilot to your existing Microsoft 365 business plan.
If you’re not an existing customer, buy a Microsoft 365 plan to get started.
Explore Microsoft 365
Help me choose the right Microsoft 365 plan
Learn more about microsoft 365 for business, learn more about microsoft 365 for enterprise, get just the microsoft 365 desktop apps, frequently asked questions, what is microsoft 365.
Microsoft 365 is the productivity cloud designed to help everyone achieve what matters, in their work and life, with best-in-class Microsoft 365 apps, intelligent cloud services, and advanced security.
On how many devices can I install Microsoft 365 apps if I have a Microsoft 365 business plan?
Install Microsoft 365 apps on up to five PCs or Macs, five tablets, and five mobile devices. Hybrid Windows devices, such as the Microsoft Surface Pro, count as either a PC or a tablet.
What forms of payment can I use?
All major credit cards are accepted. When paying with a credit card, your subscription amount will appear on your credit card statement. Existing customers may be eligible to pay by invoice and can contact support to check their eligibility for this payment method. Learn more about paying by invoice . For Microsoft 365 business plans, depending on your choice of service, you'll be billed monthly or annually.
What's the difference between monthly, annual, and annual commitment payments?
To provide you with the greatest amount of flexibility, different payment options are available.
Microsoft 365 Business Basic, Microsoft 365 Apps for business, Microsoft 365 Business Standard, and Microsoft 365 Business Premium plans are available for monthly commitment payment or annual commitment payment.
- Monthly commitment payment: Pay month by month and cancel at any time.
- Annual commitment payment: Sign up for a one-year subscription and benefit from a discount for using this payment option. By default, your billing plan will be set to monthly billing. After your purchase, you can change your billing plan to annual billing within the Microsoft 365 admin center. The Microsoft 365 Enterprise and Office 365 Enterprise plans (including standalone plans such as Exchange Online) and Microsoft 365 Apps for enterprise are available for annual commitment payment.
- Annual commitment payment: Sign up for a one-year subscription and choose to pay monthly or for the entire year at the time you sign up.
Can I convert my trial to a paid subscription and retain all my settings and files?
Yes. If you purchase Microsoft 365 licenses for the accounts you create during your free trial, the information and configuration for these users' accounts will remain intact. Once your free trial expires, you’ll have an additional 30 days to purchase Microsoft 365 before your account information is erased. Once your trial account information has been erased, it can’t be retrieved.
Does Microsoft 365 work when I'm not connected to the internet?
The Microsoft 365 apps that you install on your PC or Mac—such as Word, Excel, PowerPoint, and Outlook—are available to you when you’re not online.
With OneDrive in Microsoft 365, get file storage that you can access when you’re offline. When you make changes while offline, they’ll be synced to OneDrive and across the rest of your devices when you reconnect.
With Outlook, read emails already delivered to your inbox, or draft new emails and meeting requests. Your inbox and outbox will sync across the rest of your devices when you reconnect.
What happens to my data if I cancel my subscription?
Your data is yours. If you decide to cancel your Microsoft 365 subscription, download your data—for example, your email and documents on team sites—and save it to another location. You should save your data before you cancel. After you cancel your subscription, data associated with your Microsoft 365 account will be available to your administrator(s) in a limited function account for 90 days.
Where can I find more answers to frequently asked questions?
Find more answers to frequently asked questions on the Microsoft 365 for business FAQ page .
What is Microsoft Defender for Business?
Microsoft Defender for Business is an endpoint security solution designed to help businesses with up to 300 employees. It helps protect against cybersecurity threats, including malware and ransomware, in an easy-to-use, cost-effective package. Microsoft Defender for Business is included with Microsoft 365 Business Premium and is available as a standalone product. Learn more .
How many users can I host for online meetings and video calls using Microsoft Teams?
With Microsoft 365 Business Basic, Microsoft 365 Business Standard, and Microsoft 365 Business Premium plans, you can host online meetings and video calls for up to 300 people using Microsoft Teams.
With Microsoft 365 E3 and E5, Microsoft 365 A3 and A5, and Microsoft 365 Government G3 and G5 plans, this limit increases up to 1,000 people. Learn more .
For IT providers, what are the options to manage more than one customer at a time?
IT service providers can use Microsoft 365 Lighthouse to secure their Business Premium customers at scale. Learn more .
Copilot for Microsoft 365 frequently asked questions
Find more answers to frequently asked questions. Learn more .
-  Once your paid subscription begins, cancellation policies vary based on your status as a new customer and your product and domain selections on Microsoft. Learn more . Cancel your Microsoft 365 subscription any time by going to the Microsoft 365 admin center. When a subscription is canceled, all associated data will be deleted. Learn more about data retention, deletion, and destruction in Microsoft 365 .
-  After your one-month free trial ends, your subscription will automatically convert into a 12-month paid subscription and you will be charged the applicable subscription fee. Cancel anytime during your free trial to stop future charges. Credit card required to sign-up. Learn more .
- [*] Copilot for Microsoft 365 may not be available for all markets and languages. To purchase, enterprise customers must have a license for Microsoft 365 E3 or E5 or Office 365 E3 or E5, and business customers must have a license for Microsoft 365 Business Standard or Business Premium, or a version of these suites that no longer includes Microsoft Teams.
Connect with Microsoft 365 :
- Chat with sales
- Contact sales
Available Mon to Fri from 6:00 AM to 6:00 PM Pacific Time.
We've detected unusual activity from your computer network
To continue, please click the box below to let us know you're not a robot.
Why did this happen?
For inquiries related to this message please contact our support team and provide the reference ID below.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Overview of Microsoft Defender for Endpoint Plan 1
- 13 contributors
- Microsoft Defender for Endpoint Plan 1
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help organizations like yours to prevent, detect, investigate, and respond to advanced threats. We are pleased to announce that Defender for Endpoint is now available in two plans:
- Defender for Endpoint Plan 1 , described in this article; and
- Defender for Endpoint Plan 2 , generally available, and formerly known as Defender for Endpoint .
The green boxes in the following image depict what's included in Defender for Endpoint Plan 1:
Use this guide to:
- Get an overview of what's included in Defender for Endpoint Plan 1
- Learn how to set up and configure Defender for Endpoint Plan 1
- Get started using the Microsoft Defender portal, where you can view incidents and alerts, manage devices, and use reports about detected threats
- Get an overview of maintenance and operations
Defender for Endpoint Plan 1 capabilities
Defender for Endpoint Plan 1 includes the following capabilities:
- Next-generation protection that includes industry-leading, robust antimalware and antivirus protection
- Manual response actions , such as sending a file to quarantine, that your security team can take on devices or files when threats are detected
- Attack surface reduction capabilities that harden devices, prevent zero-day attacks, and offer granular control over endpoint access and behaviors
- Centralized configuration and management with the Microsoft Defender portal and integration with Microsoft Intune
- Protection for a variety of platforms , including Windows, macOS, iOS, and Android devices
The following sections provide more details about these capabilities.
Next-generation protection includes robust antivirus and antimalware protection. With next-generation protection, you get:
- Behavior-based, heuristic, and real-time antivirus protection
- Cloud-delivered protection, which includes near-instant detection and blocking of new and emerging threats
- Dedicated protection and product updates, including updates related to Microsoft Defender Antivirus
To learn more, see Next-generation protection overview .
Manual response actions
Manual response actions are actions that your security team can take when threats are detected on endpoints or in files. Defender for Endpoint includes certain manual response actions that can be taken on a device that is detected as potentially compromised or has suspicious content. You can also run response actions on files that are detected as threats. The following table summarizes the manual response actions that are available in Defender for Endpoint Plan 1.
To learn more, see the following articles:
- Take response actions on devices
- Take response actions on files
Attack surface reduction
Your organization's attack surfaces are all the places where you're vulnerable to cyberattacks. With Defender for Endpoint Plan 1, you can reduce your attack surfaces by protecting the devices and applications that your organization uses. The attack surface reduction capabilities that are included in Defender for Endpoint Plan 1 are described in the following sections.
Attack surface reduction rules
Ransomware mitigation, device control, web protection, network protection, network firewall, application control.
To learn more about attack surface reduction capabilities in Defender for Endpoint, see Overview of attack surface reduction .
Attack surface reduction rules target certain software behaviors that are considered risky. Such behaviors include:
- Launching executable files and scripts that attempt to download or run other files
- Running obfuscated or otherwise suspicious scripts
- Initiating behaviors that apps don't usually initiate during normal work
Legitimate business applications can exhibit such software behaviors; however, these behaviors are often considered risky because they are commonly abused by attackers through malware. Attack surface reduction rules can constrain risky behaviors and help keep your organization safe.
To learn more, see Use attack surface reduction rules to prevent malware infection .
With controlled folder access, you get ransomware mitigation. Controlled folder access allows only trusted apps to access protected folders on your endpoints. Apps are added to the trusted apps list based on their prevalence and reputation. Your security operations team can add or remove apps from the trusted apps list, too.
To learn more, see Protect important folders with controlled folder access .
Sometimes threats to your organization's devices come in the form of files on removable drives, such as USB drives. Defender for Endpoint includes capabilities to help prevent threats from unauthorized peripherals from compromising your devices. You can configure Defender for Endpoint to block or allow removable devices and files on removable devices.
To learn more, see Control USB devices and removable media .
With web protection, you can protect your organization's devices from web threats and unwanted content. Web protection includes web threat protection and web content filtering.
- Web threat protection prevents access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, and sites that you explicitly block.
- Web content filtering prevents access to certain sites based on their category. Categories can include adult content, leisure sites, legal liability sites, and more.
To learn more, see web protection .
With network protection, you can prevent your organization from accessing dangerous domains that might host phishing scams, exploits, and other malicious content on the Internet.
To learn more, see Protect your network .
With network firewall protection, you can set rules that determine which network traffic is permitted to flow to or from your organization's devices. With your network firewall and advanced security that you get with Defender for Endpoint, you can:
- Reduce the risk of network security threats
- Safeguard sensitive data and intellectual property
- Extend your security investment
To learn more, see Windows Defender Firewall with advanced security .
Application control protects your Windows endpoints by running only trusted applications and code in the system core (kernel). Your security team can define application control rules that consider an application's attributes, such as its codesigning certificates, reputation, launching process, and more. Application control is available in Windows 10 or later.
To learn more, see Application control for Windows .
Defender for Endpoint Plan 1 includes the Microsoft Defender portal, which enables your security team to view current information about detected threats, take appropriate actions to mitigate threats, and centrally manage your organization's threat protection settings.
To learn more, see Microsoft Defender portal overview .
Role-based access control
Using role-based access control (RBAC), your security administrator can create roles and groups to grant appropriate access to the Microsoft Defender portal ( https://security.microsoft.com ). With RBAC, you have fine-grained control over who can access the Defender for Cloud, and what they can see and do.
To learn more, see Manage portal access using role-based access control .
The Microsoft Defender portal ( https://security.microsoft.com ) provides easy access to information about detected threats and actions to address those threats.
- The Home page includes cards to show at a glance which users or devices are at risk, how many threats were detected, and what alerts/incidents were created.
- The Incidents & alerts section lists any incidents that were created as a result of triggered alerts. Alerts and incidents are generated as threats are detected across devices.
- The Action center lists remediation actions that were taken. For example, if a file is sent to quarantine, or a URL is blocked, each action is listed in the Action center on the History tab.
- The Reports section includes reports that show threats detected and their status.
To learn more, see Get started with Microsoft Defender for Endpoint Plan 1 .
With the Defender for Endpoint APIs, you can automate workflows and integrate with your organization's custom solutions.
To learn more, see Defender for Endpoint APIs .
Most organizations use various devices and operating systems. Defender for Endpoint Plan 1 supports the following operating systems:
- Windows 10 and 11
- Windows 7 ( ESU required ) Pro or Enterprise
- Windows 8.1 Pro, Enterprise, and Pro Education
- macOS (the three most recent releases are supported)
Servers require an additional license, such as:
- Microsoft Defender for Servers Plan 1 or Plan 2 ( recommended for enterprise customers ) as part of the Defender for Cloud offering. To learn more. see Overview of Microsoft Defender for Servers .
- Microsoft Defender for Endpoint for Servers ( recommended for enterprise customers ). To learn more, see Defender for Endpoint onboarding Windows Server .
- Microsoft Defender for Business servers ( for small and medium-sized businesses who have Microsoft Defender for Business ). To learn more, see How to get Microsoft Defender for Business servers .
See Microsoft licensing and product terms .
- Set up and configure Defender for Endpoint Plan 1
- Get started with Defender for Endpoint Plan 1
- Manage Defender for Endpoint Plan 1
- Learn about exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community .
Was this page helpful?
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback .
Submit and view feedback for