This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

  • Contact Sales
  • Free account
  • Azure pricing

Microsoft Defender for Cloud pricing

  • Request a pricing quote
  • Try Azure for free

Get comprehensive security across multicloud and hybrid environments

Explore pricing options.

Apply filters to customize pricing options to your needs.

Prices are estimates only and are not intended as actual price quotes. Actual pricing may vary depending on the type of agreement entered with Microsoft, date of purchase, and the currency exchange rate. Prices are calculated based on US dollars and converted using London closing spot rates that are captured in the two business days prior to the last business day of the previous month end. If the two business days prior to the end of the month fall on a bank holiday in major markets, the rate setting day is generally the day immediately preceding the two business days. This rate applies to all transactions during the upcoming month. Sign in to the Azure pricing calculator to see pricing based on your current program/offer with Microsoft. Contact an Azure sales specialist for more information on pricing or to request a price quote. See frequently asked questions about Azure pricing.

US government entities are eligible to purchase Azure Government services from a licensing solution provider with no upfront financial commitment, or directly through a pay-as-you-go online subscription.

Important—The price in R$ is merely a reference; this is an international transaction and the final price is subject to exchange rates and the inclusion of IOF taxes. An eNF will not be issued.

Microsoft Defender for Cloud provides comprehensive, cloud-native protections from development to runtime in multicloud environments. Defender for Cloud helps you protect resources across Azure, other clouds, and on-premises through its Free tier and enhanced security capabilities.

Microsoft Defender for Cloud is free for the first 30 days. Any usage beyond 30 days will be automatically charged as per the pricing scheme below.

When you enable Microsoft Defender for Cloud, we automatically enroll and start protecting all your resources unless you explicitly decide to opt-out. For any resource that is protected by Defender for Cloud, you will be charged per the pricing model below.

Cloud Security Posture Management (CSPM)

Microsoft Defender for Cloud offers foundational and advanced cloud security posture management solutions to protect across your multicloud and hybrid environments. Foundational CSPM (for free) provides continuous assessments, security recommendations, Secure Score, and the Microsoft cloud security benchmark across Azure, Amazon Web Services(AWS), and Google Cloud.

Microsoft Defender CSPM provides advanced security posture capabilities including agentless vulnerability scanning, attack path analysis, integrated data-aware security posture, code to cloud contextualization, and an intelligent cloud security graph. Pricing is dependent on cloud size, with billing based only on only Server, Storage account, and Database counts.

Additionally, it includes DevOps security capabilities to empower security teams to manage DevOps security across multi-pipeline environments.

Cloud workload protection plans

Microsoft Defender for Cloud provides cloud workload protection to help organizations quickly prevent, detect, and respond to modern threats across multicloud and hybrid environments. Get advanced threat protection capabilities to secure critical workloads across virtual machines (VMs), containers, databases, storage, app services, APIs, and more.

Additional data charges for virtual machines only

Azure pricing and purchasing options.

defender for business plan price

Connect with us directly

Get a walkthrough of Azure pricing. Understand pricing for your cloud solution, learn about cost optimization and request a custom proposal.

See ways to purchase

Purchase Azure services through the Azure website, a Microsoft representative, or an Azure partner.

Additional resources

Microsoft defender for cloud.

Learn more about Microsoft Defender for Cloud features and capabilities.

Pricing calculator

Estimate your expected monthly costs for using any combination of Azure products.

Review the Service Level Agreement for Microsoft Defender for Cloud.

Documentation

Review technical tutorials, videos, and more Microsoft Defender for Cloud resources.

Frequently asked questions

  • Do I have to upgrade my Kubernetes and Container registries plans to the new Container offering? No. Subscriptions that had either Microsoft Defender for Kubernetes or Microsoft Defender for Container registries enabled prior to December 6, 2021 do not need to upgrade to the new Microsoft Defender for Containers offering. However, you will see an upgrade option inside the portal.
  • What happens to subscriptions with Microsoft Defender for Kubernetes enabled? Customers who currently use Microsoft Defender for Kubernetes will continue to be able to use it for subscriptions where the service is already enabled.
  • What happens to subscriptions with Microsoft Defender for Container registries enabled? Customers who currently use Microsoft Defender for Container registries will continue to be able to use it for subscriptions where the service is already enabled.

Yes. The new Microsoft Defender for Containers plan contains all features that were previously available via Microsoft Defender for Kubernetes and Microsoft Defender for container registries. In addition, the new plan contains a large set of new and improved capabilities and has removed previously existing dependencies on Microsoft Defender for Servers. Brand new features include Kubernetes-native deployment, advanced threat protection with Kubernetes-aware AI analytics and anomaly detection, and runtime visibility of vulnerabilities.

For more details, read this article .

  • What constitutes a transaction for Anomaly Detector API? A transaction is an API call with a request payload size of up to 1,000 data points included in the time series. Each increment of 1,000 data points will be counted as an additional transaction. For example, an API call with request payload size of 2,050 data points is 3 transactions. The maximum request payload size is 8,640 data points. Each data point in the time series is a time stamp/numerical value pair.
  • How is Microsoft Defender for Cosmos DB billed for the Azure Cosmos DB Serverless offer? For Azure Cosmos DB Serverless accounts, Microsoft Defender for Cosmos DB uses a conversion factor of 0.00003125, to convert serverless request units (RUs) to provisioned throughput. For example: An Azure Cosmos DB Serverless account with usage of 215 million RUs per month, will be charged $- for Microsoft Defender for Cosmos DB (215 million RUs * 0.00003125 * $- per 100 RU per second).

Talk to a sales specialist for a walk-through of Azure pricing. Understand pricing for your cloud solution.

Get free cloud services and a $200 credit to explore Azure for 30 days.

defender for business plan price

  • CRM Software
  • Email Marketing Software
  • Help Desk Software
  • Human Resource Software
  • Project Management Software
  • Browse All Categories
  • Accounting Firms
  • Digital Marketing Agencies
  • Advertising Agencies
  • SEO Companies
  • Web Design Companies
  • Blog & Research

Microsoft Defender for Business

Pricing for Microsoft Defender for Business

Microsoft defender for business has 1 pricing plan.

  • Yes, has free trial
  • No free version

Popular alternatives to Microsoft Defender for Business

Looking to learn more about Endpoint Detection and Response software similar to Microsoft Defender for Business ? Check out these popular alternatives that are closest in terms of key features, functionality, and benefits.

AVG Antivirus Business Edition

by Malwarebytes

Symantec Endpoint Security

by Broadcom

ESET Home Office Security Pack

by bitdefender

What do others say about Microsoft Defender for Business pricing?

How should i be thinking about software pricing.

think image

Subscribe for Practical 365 updates

Please turn off your ad blocker and refresh the page to subscribe.

You may withdraw your consent at any time. Please visit our Privacy Statement for additional information

  • Microsoft 365

How does Microsoft Defender for Business compare to Defender for Enterprise?

Avatar photo

Table of Contents

Three licenses are available for Microsoft Defender for Business: Defender for Endpoint Plan 1, Defender for Endpoint Plan 2, and Defender for Business. A Plan 1 license is limited and contains only Antivirus capabilities. Defender for Endpoint Plan 2 is the oldest and default plan, and it covers features such as Antivirus, Endpoint Detection & Response (EDR), Attack Surface Reduction , Advanced Hunting, and Automated Investigation and Response. Defender for Business is a license tailored to small and medium-sized businesses whose feature set sits between Plan 1 and Plan 2. In this article, I discuss the capabilities of Defender for Business.

Comparing Features

A complete comparison between the different license plans is available on Microsoft Learn . Here, I compare Defender for Endpoint Plan 2 against Defender for Business. I ignore Plan 1 because it is a basic plan that misses critical features such as Endpoint Detection & Response. Organizations looking for an Endpoint Protection system should select one with EDR capabilities. EDR provides more in-depth monitoring capabilities compared to a traditional antivirus, as it is not based on signatures but will scan all activity in a cloud database, providing more in-depth detections.

A couple of significant differences exist between Defender for Endpoint Plan 2 and Defender for Business. The two most important ones are listed below, which are covered in depth later in the article.

  • Configuration of the Endpoint agent on workstations is simplified in Defender for Business.
  • The Business license includes no threat-hunting capabilities.

Besides these differences, a couple of minor differences from Defender for Business that are good to know include:

  • The lack of device groups.
  • No way to see the currently logged-on user of a device.
  • Lack of custom detection rules

The Microsoft 365 Kill Chain and Attack Path Management

An effective cybersecurity strategy requires a clear and comprehensive understanding of how attacks unfold. Read this whitepaper to get the expert insight you need to defend your organization!

Threat Hunting

Threat hunting is the most crucial feature not covered by the Business license. But what exactly does this mean, and is the lack of threat hunting a dealbreaker?

When Microsoft states that Defender for Business has no threat hunting capabilities, they mean that there is no way to get a hold of the raw data which Defender for Endpoint collects. The raw data consists of the device timeline , a visual representation of all events collected on an endpoint, and advanced hunting , which allows you to retrieve this data through KQL.

The main reason why people use Microsoft Defender is for incident investigation. If there is an incident, you investigate it thoroughly and check if there are any follow-up actions to take:

  • Should I reset the user’s password?
  • Do I need to reinstall the device?
  • Is there any user education required to avoid such an incident in the future?

Defender for Business is limited to the information Microsoft provides. Each incident has an alert story describing the actions Defender identifies as suspicious, as shown in Figure 1.

How does Microsoft Defender for Business compare to Defender for Enterprise?

While information retrieved from the alert story might be adequate for some investigations, in my experience, the information presented by Defender for Business often lacks details. Sometimes, you need to know which URL the user visited before the attack was launched or which files were modified by a specific process. I typically get this information from the device timeline, but this is unavailable when using Defender for Business.

This is not a disaster, but it means you cannot double-check any incident Microsoft creates. You must trust Microsoft’s detection mechanisms.

The same goes for the lack of advanced hunting. Advanced hunting allows you to create KQL queries to generate an incident if a query has a result. Because advanced hunting is unavailable, you lack the ability to create incidents based on conditions or logic.

As Defender for Business is geared toward small and medium-sized businesses, the above might not be a dealbreaker for organizations without a dedicated security or IT engineer. Diving into logs to get more information is not something every IT engineer will do because they lack the knowledge or time for such investigations.

defender for business plan price

Client Configuration

Defender for Business simplifies the deployment and configuration of your endpoints. In comparison, a typical Defender for Endpoint onboarding is done through the Microsoft Intune portal by deploying the necessary onboarding and configuration policies. Defender for Business supports the onboarding of Intune-enrolled Windows devices through the setup wizard. This means there is no additional configuration using the Intune portal, as Microsoft sets everything in the background. Besides onboarding, Defender for Business also deploys a Microsoft-recommended configuration of the antivirus (including scan configuration) and the endpoint firewall. This is great for small IT teams without in-depth knowledge of the Microsoft security stack.

Minor Differences

Not all license differences are covered on Microsoft’s website, meaning it’s unclear what features you miss. I have run into some features that aren’t in Defender for Business that are useful.:

  • If you navigate to a device’s page, Defender for Endpoint displays a ‘Last Logged-On User’ property showing which user most commonly logs into the device. This is a handy way to identify which end-user is using a device. This type of information is not available for Defender for Business tenants.
  • Device Groups are used to create a logical grouping of different sets of computers. Some examples are servers vs. endpoints, mobile vs. desktop, or active vs. inactive devices .

A Strong Core Set of Features

While there are quite a few differences between Enterprise and Business licenses, the core features remain the same. With a Defender for Business license, we get the following:

  • A fully-fledged, modern Antivirus system configured according to Microsoft best practices.
  • An EDR system using behavior monitoring scans your endpoints and blocks threats if required.
  • Insights into vulnerabilities using the built-in Vulnerability Management license.

Your organization’s appetite for security

Microsoft Defender for Business is a great way for small businesses to use enterprise-grade protection and detection without needing an IT engineer with a good knowledge of endpoint security . It simplifies incident investigation and device onboarding by abstracting more complex workflows from the organization. This makes Defender for Business an excellent fit for small organizations, as it is easy to deploy and maintain.

Nevertheless, Defender for Business is not great for medium-sized organizations that need an in-depth, advanced security solution. Some organizations are below 200 employees and thus eligible for Business licenses but need a higher level of sophistication in their security solution. This type of organization might look for an outsourced SOC or a dedicated security engineer who needs tools such as advanced hunting and the device timeline. For those types of organizations, I recommend a Defender for Endpoint Plan 2 d.

Cybersecurity Risk Management for Active Directory

Discover how to prevent and recover from AD attacks through these Cybersecurity Risk Management Solutions.

About the Author

Avatar photo

Thijs Lecomte

' src=

Hi Thijs Great article, thank you. Not being able to identify users is a problem with Defender for Business. Ate yiu aware of any method of pulling device owners besides manual tagging?

I haven’t and I fear there is none. With MDFB, you don’t have access to the same raw data. You can use the primary user in Intune, but that’s static unfortunately.

Leave a Reply Cancel reply

Latest articles.

Exchange 2019 CU14 Fixes Exploits in the Wild

Exchange 2019 CU14 Fixes Exploits in the Wild

Microsoft released cumulative update 14 for Exchange Server 2019 on February 13, 2024. This update fixes several bugs, but more importantly, contains a fix for a serious security issue that is being exploited in the wild. This is your sign to enable Extended Protection, if you haven't already.

The Critical Need for Integrating Devices with Intune 

The Critical Need for Integrating Devices with Intune 

In this blog, Jon Jarvis reviews the importance of integrating devices with Intune, and the risks that can arise from poorly managed devices.

Microsoft Releases Public Preview of Microsoft 365 Backup

Microsoft Releases Public Preview of Microsoft 365 Backup

If you’re interested in protecting your SharePoint Online, OneDrive for Business, or Exchange Online data, it is useful to understand how Microsoft 365 Backup works and what the software can and cannot do. In this article, Paul Robichaux walks through how to set up and test the preview version of Microsoft 365 Backup.

defender for business plan price

Microsoft Blog for MSPs and IT Pros

Microsoft Defender for Business Breakdown

' src=

By msp4msps

Recently, Microsoft has announced a fork of the Defender for Endpoint offering into two plans. Defender for Endpoint has traditionally been an enterprise grade solution and only included in higher level plans such as E5. Over the past few years Microsoft has made this a standalone offering that could be bolted on to other plans to make it more cost effective. With the fork into the two plans, plan 1 is essentially a lightweight version of the offering. At a high level this plan includes components like Next gen protection and attack surface reduction.

Now Microsoft has also announced that there will be a Microsoft Defender for Business offering that will be included at no additional cost to Microsoft Business Premium ($20/user/month). This is an amazing addition to a sku that is already pretty robust with security offerings. 

Feature Comparison

defender for business plan price

As you can see, Microsoft Defender for Business (as part of M365 Business Premium) includes almost all features that come with plan 2. Here are some descriptions of those high level features(as referenced here) :

  • Threat and vulnerability management  – Helps you to prioritize and focus on the weaknesses that pose the most urgent and the highest risk to your business. By discovering, prioritizing, and remediating software vulnerabilities and misconfigurations you can proactively build a secure foundation for your environment.
  • Attack surface reduction  – Reduces your attack surface (places that your company is vulnerable to a cyberattacks) across your devices and applications using capabilities such as ransomware mitigation, application control, web protection, network protection, network firewall, and attack surface reduction rules.
  • Next-generation protection  – Helps to prevent and protect against threats at your front door with antimalware and antivirus protection—on your devices and in the cloud.
  • Endpoint detection and response   (EDR)  – Get behavioral-based detection and response alerts allowing you to identify persistent threats and remove them from your environment. Manual response actions within Defender for Business will allow you to take action on processes and files, while live response will put you in direct control of a device to help ensure it’s remediated, secured, and ready to go.
  • Automated investigation and remediation  – Helps to scale your security operations by examining alerts and taking immediate action to resolve attacks for you. By reducing alert volume and remediating threats, Defender for Business allows you to prioritize tasks and focus on more sophisticated threats.
  • APIs and integration –  Automate workflows and integrate security data into your existing security platforms and reporting tools. For example, you can pull detections from Defender for Business into your security information and event management tool.

As I mentioned earlier, this offering is being bolted into M365 BP at no additional cost. Defender for Endpoint can still be purchased standalone if you would like to add it on to lower level plans like Business Standard. 

  • $3/User/Month
  • $1.45/User/Month EDU
  • $5.20/User/Month 
  • $2.50/User/Month EDU

defender for business plan price

Business Premium Value

With this addition, Microsoft now has the following capabilities:

  • 365 Email + Apps 
  • File Storage with OneDrive/SharePoint
  • Collab with Teams
  • DLP Policies
  • Azure Information Protection Plan 1 (Standalone $2/user/month, email encryption/document classification)
  • Azure AD Premium p1 (Standalone $6/user, conditional access policies)
  • Defender for Office 365 Plan 1 (standalone $2/user, advanced email protection capabilities)
  • Intune(Standalone $8 user/month, MDM/Device Mgt)
  • Defender for Endpoint(Standalone $3/user/month, EDR)

That is definitely a ton of value for $20/user/month. (Soon to be $22 come March 2022)

Multi-Tenancy

A larger concern for MSPs related to this product is simply the siloed management portals for each customer to configure policies and investigate/remediate threats. Microsoft is solving for this by introducing this feature set for Defender for Business into M365 Lighthouse which is their multi-tenant management solution for MSPs. It will be interesting to see all the capabilities you will have there once that is released. 

Detailed Breakdown

defender for business plan price

Related Post

Nist csf 2.0 with microsoft 365: enablement guide, how to secure microsoft teams | top tips, secure your microsoft 365 environment: a comprehensive guide mapped to cis controls, 5 thoughts on “microsoft defender for business breakdown”.

[…] For more information on this announcement, click here. […]

[…] For more information about this offering, check out my blog post here […]

I’m doing a trial of M365 Business Premium and don’t believe I’m seeing the “Defender for Business” access.. my security.microsoft.com portal only shows Email & Collaboration section on left side. My understanding is there should be “Endpoints” .. any ideas?

may just be a propagation thing. Sorry for my delayed response. Did you get this worked out?

Comments are closed.

Recent Posts

Automatic attack disruption in microsoft defender xdr and containing users during human-operated attacks, pivot via oauth applications across tenants and how to protect/detect with microsoft technology (midnight blizzard), protect against qr code phishing with microsoft defender products, how to use deception in microsoft defender for endpoint/ defender xdr, how to protect microsoft teams with microsoft 365 defender, common mistakes during microsoft defender for endpoint deployments, how to use automatic attack disruption in microsoft 365 defender (bec, aitm & humor).

Jeffrey Appel - Microsoft Security blog

Microsoft Defender for Business – How to use it, and what are the differences with P2?

' src=

Microsoft Defender for Business (MDB) is the new Defender product scoped for small businesses. Defender for Business is a new endpoint security solution now generally available within Microsoft 365 Business Premium and as a standalone solution. Defender for business is scoped up to 300 employees.

Blog updated 3 august 2022 ; added preview information for servers

Currently the following Defender for Endpoint products are available:

Defender for Business

  • Defender for Endpoint P1

Defender for Endpoint P2

  • Server 2012R2 and higher ( preview )

Defender for Business is part of the Microsoft 365 Business Premium license. For customers with Microsoft 365 Business Basic or Standard you can upgrade to Business Premium or use the new standalone Defender for Business product. If you have Microsoft 365 Business Premium, Defender for Business is included.

For managing devices Defender for Business supports currently the following operating systems.

– Windows 10 Business or later – Windows 10 Professional or later – Windows 10 Enterprise or later – macOS (the three most current releases are supported

Usecase of Defender for Business

As already written above, Defender for Business is enterprise Endpoint protection in an easy-to-use format for up to 300 employees. It provides components that are already part of Defender for Endpoint P1 and P2. This blog gives more explanation for the features and differences in comparison with P1 and P2.

Currently, Defender for Business is only focusing on end-user platforms. Windows, macOS, iOS, and Android clients are supported. Support for Windows and Linux servers is not yet available. Microsoft gives the following information for server platforms:

Update 03/08/2022 – added server support : Server support is now available in private preview for Defender for Business. View the announcement

“ We’re adding support for Windows and Linux servers to Microsoft Defender for Business with up to 300 employees, coming later this year with an add-on solution. You will be able to manage client and server endpoints from a single experience. Windows Server experience will be the same as Windows client. Linux servers will use deployment scripts allowing you to integrate into your existing management platforms such as Chef, Puppet, and Ansible.”

Onboarding is currently possible for:

  • Windows 10/11

License and features

For the best onboarding and security management experience it is recommended to use Defender for Business with Microsoft Intune. Intune is included in Microsoft 365 Business Premium.

There is some difference between Defender for Business (standalone) and Microsoft 365 Business Premium where Defender for Business is included. Read more here .

Other protection products part of Microsoft 365 Business Premium

Microsoft 365 Business Premium comes with some other security licensing. The following is available for customers:

Exchange and Defender for Office

Microsoft 365 Business Premium comes with Exchange Online Plan 1 and Defender for Office 365 Plan 1.

Microsoft 365 Business Premium comes with Azure Active Directory Premium Plan 1 and Conditional Access Plan 1.

Information protection

Microsoft 365 Business Premium comes with Azure Information Protection Premium P1.

Important Combination of P1/ P2/ Defender for Cloud

If you have an existing Microsoft Defender for Endpoint license within your tenant this will affect the administrative experience, within the Microsoft 365 Defender security portal. When the Defender for Business service is enabled, the following experience will be changed:

  • Microsoft Defender for Endpoint P1 will be changed to Microsoft Defender for Business.
  • Microsoft Defender for Endpoint P2 will remain in place and Microsoft Defender for Business product experience will not be seen until the Defender for Endpoint P2 license is completely removed from the tenant. At which time Defender for Business experience will be seen.
  • Microsoft Defender for Servers, or Microsoft Defender for Cloud is active within the Azure tenant. This will also impact the Microsoft 365 Defender admin center and switch it to a more advanced Microsoft Defender for Endpoint Plan 2 product experience. Defender for Business experience will not be seen.

Situation: When Defender for Business is enabled and Defender for Cloud integration is enabled for Defender for Cloud; The advanced Defender for Endpoint Plan 2 experience is the default. Check always which licenses are needed for the use-case of the organization and combination of different Defender products.

More product information:

  • Microsoft: New endpoint security for small and medium businesses now available with Defender for Business.
  • Microsoft: Get Microsoft Defender for Business

How to configure Defender for Business ?

For Defender for Business make sure the license is assigned to the signed-in user. After buying or enabling the trial the following license is available; Microsoft Defender for Business

defender for business plan price

To activate the product, visit the Microsoft 365 Defender security center:  www.security.microsoft.com  and go to  Settings > Endpoints .

defender for business plan price

Now the “Welcome to Microsoft Defender for Business” screen is visible. Click on Get Started .

defender for business plan price

First Defender for Business setup

During the setup the end-user can directly configure user permissions, email notifications, and onboarding/ configure Windows devices.

Now we need to make sure the correct users are assigned. Directly from the security.microsoft.com wizard it is possible to assign Security Reader or Security Admin role permissions. Assignments can be created/ changed later in Azure Active Directory. Of course; it is possible to skip the configuration.

defender for business plan price

Same for the email notification. During the email notifications wizard it is possible to select recipients and the specific notification type. it is possible to send notifications for alerts, vulnerabilities or alerts & vulnerabilities. The wizard creates rules in the email notification settings part of security.microsoft.com.

defender for business plan price

Onboard Windows Devices is important. Defender for Business supports different methods for onboarding devices into Defender for Endpoint. Onboarding is similar in comparison to the P1 and P2 solution from Microsoft.

For onboarding the following options are possible;

  • Microsoft Endpoint Manager/ Microsoft Intune
  • Local Script
  • Group Policy
  • VDI Onboarding script

defender for business plan price

The security settings configuration is different compared to Defender for Endpoint P1 and P2. Microsoft starts with default policies with recommended settings that can be applied to Windows devices. The recommended configuration will include Next-generation protection policies and Firewall policies. It is always possible to change settings later in Device configuration or Intune. More information and policy configuration explanation: Understand next-generation protection configuration settings in Microsoft Defender for Business | Microsoft Docs

defender for business plan price

Complete the first-run setup and wait before the Defender instance is enabled. After some minutes (2-3 min) the You’re all set message is visible.

defender for business plan price

The initial wizard creates automatically the connection that is required between Intune (Endpoint Manager) and Microsoft Defender for Business. All default policies are directly created in Intune, and Advanced Features are automatically enabled.

Currently (21-6-2022) all advanced features are enabled, except Preview features, Tamper Protection and Live Response. It is advised to enable Tamper Protection and Live Response. Preview features can be used to get new security features in the early release ring.

Defender for Business Policies

Based on the first initial setup – Microsoft enables baseline settings for Antivirus, Firewall, and Endpoint detection and response.

Settings can be managed in MEM and MDE. Defender for Business uses the MDE security management feature .

In the Endpoint manager portal ( https://endpoint.microsoft.com ), we find under  Endpoint security the following profiles:

  • Antivirus – NGP Windows default policy
  • Firewall – Firewall Windows default policy

defender for business plan price

Note: By default the profiles are deployed to All Devices without any additional filter. Currently there is no Attack Surface Reduction and Endpoint detection and response profile configured. ASR and EDR are not yet available in the modern configuration interface, and can be deployed using Microsoft Intune.

defender for business plan price

From the Microsoft 365 Defender portal (security.microsoft.com) navigate to Device Configuration under Configuration management . The same policies which are visible in MEM can be directly changed from the Defender portal.

defender for business plan price

It is possible to edit the default policies, it is not possible to delete the default policies created during the wizard. Default policies will take the lowest order of precedence, so if another policy is created based on a higher rank the settings will be applied following the order.

Key points to remember about policy order

  • Policies are assigned an order of priority.
  • Devices receive the first applied policy only.
  • You can change the order of priority for policies.
  • Default policies are given the lowest order of priority.

Configuration management

Configuration management is enabled using Microsoft Endpoint Manager. The default configuration is configured based on Windows Client devices. Note : Server is currently not included in the Defender for Business product.

defender for business plan price

Onboarding machine

As already explained different onboarding methods can be used for Windows. For manually onboarding GPO or Local onboarding script can be used.

For local devices not part of MEM it is possible to manage settings using MDE and MEM, based on the security management feature. After onboarding the devices are onboarded in AzureAD and MEM.

Important: Make sure the correct patches and requirements are installed. Update Defender to the latest Defender product update, which is needed for the management feature. Use aka.ms/mdeclientanalyzer for checking the connectivity and update/system status.

Sentinel integration

For exporting events/ alerts it is possible to use Microsoft Sentinel. Based on my test lab the Microsoft Defender for Endpoint connectors works and creates incidents based on Defender for Endpoint alerts.

defender for business plan price

Admin experience

defender for business plan price

Security.microsoft.com admin experience is different for the Endpoint section. Defender for Business is missing the following configuration items:

  • APIs – SIEM
  • Permissions – Roles
  • Permissions – Device groups
  • Rules – Process Memory Indicators
  • Rules – Automation uploads
  • Rules – Automation folder exclusions

There is no support for creating custom device groups. Defender for Business supports the following roles:

More information: Microsoft Defender for Business roles

Incident experience

Defender for Business incident experience is different. In comparison with Defender for Endpoint P2 there are some differences in the incident/ investigation experience.

Advanced Hunting

First, there is no Advanced Hunting. Defender for Endpoint is not saving 30 days of event data and 180 days of retention data. Based on this behavior there is no option to hunt for specific device events.

Defender for Endpoint P2 supports the timeline events. There is no additional event data in Defender for Business, which gives no centralized Device Timeline event.

defender for business plan price

Incident actions

As part of the incident investigation, there are some differences in the alert story. Below is the difference between Defender for Endpoint P2 and Defender for Business based on file type actions.

defender for business plan price

Defender for Business is not supporting the following investigation features:

  • Open file page button
  • Download files
  • Submit to deep analysis
  • Stop and Quarantine Files
  • Ask Defender Experts

Device page experience

The device page contains some differences in comparison with Defender for Endpoint P2. Most of the device actions are available for Defender for Business except the threat expert feature.

What is not available on the device page?

Information

From an information point of view, the most important feature which is missing is the Timeline tab including all related security events. All other information ( alert, security recommendations, inventory….) is available.

defender for business plan price

Defender for Business supports not all Defender for Endpoint P2 reports.

defender for business plan price

The following is available (URL: https://security.microsoft.com/securityreports)

Defender for Business Limitations

Not all features are available in Defender for Business; there is a cap between Defender for Business and Defender P2. Already quite a lot of features are described in this blog. In high-level terms the following is the difference.

Defender for Business includes most of the Defender for Endpoint P2 features. The following differences are available:

  • No advanced Hunting/ threat hunting
  • No Threat Experts services
  • No 6-months data retention
  • No device timeline
  • Servers not yet supported (coming in separate offer)
  • Threat analytics optimized for small and medium-size business
  • No sandbox feature
  • Limited in hunting and file/ remediation

Conditional Access

Conditional Access for specific device risk policies is included in Microsoft 365 Business Premium or AzureAD P1.

Compare Defender plans

For SMBs based on Microsoft 365 Business Premium the Defender for Business product is included. Compared with Defender for Endpoint P2, some advanced features are missing. It brings more value in comparison with Defender for Endpoint P1. Hopefully Microsoft will add more support for Attack Surface Reduction rules and additional policies (Security Baseline) in the centralized policy management.

Based on the price and cost of the license – it is not bad for small businesses.

Microsoft: What is Defender for Business

Microsoft: Defender for Business – Frequently asked questions and answers

Microsoft: Compare security features

How to upgrade from MMA-based Defender for Endpoint to MDE unified solution in Defender for Cloud?

Use automation/playbooks in microsoft sentinel during incident update activity using update triggers, related posts, manage device control with microsoft defender for endpoint and endpoint manager, defender for endpoint device discovery: discover the unmanaged part of the corporate network, 5 manieren om azure active directory accounts veiliger te maken, tips for preventing against new modern identity attacks (aitm, mfa fatigue, prt, oauth), warn/monitor users for shadow it usage with microsoft cloud app security, azure ad sign-in risk policy: zo werkt deze functionaliteit.

' src=

One questions comes to mind, does purchasing one P2 license enable the functionality for all Business endpoints?

' src=

Licensing is user-oriented. This means that each employee needs a Microsoft Defender for Endpoint P2 license. User is allowed to use the software on up to 5 devices, on Windows, MacOS, iOS, Android.

' src=

So, Defender for buisness is now included in Buisness Premium, almost Defender fro Endpoint P2. What happends if you upgrade from Defender for buisness to a P2 license? The onboarding process is different according to Microsoft.

Yes, Defender for Business is using the same onboarding package. Only difference is based on the features and AV management. In P2 it is better to use the complete Intune suite for managing features. Defender Business is created with the device configuration tab.

Note: When upgrading one license the complete licensee is migrating to the MDE P2 license. For getting the correct compliancy, it is needed to buy a P2 license for all machines.

' src=

Hi Jeffrey,

Please guide how to Stream events from Microsoft Defender for Business to Microsoft Sentinel.

Leave a Reply Cancel reply

Save my name, email, and website in this browser for the next time I comment.

Microsoft MVP

defender for business plan price

MDE blog series

defender for business plan price

Supporting this blog

defender for business plan price

Latest topics

Username or Email Address

Remember Me

Registration is closed.

defender for business plan price

Top Contributors in Subscription, account, billing: NoOneCan  -  Dillon Silzer  -  RonBarker  -  VincentChoy   ✅

February 13, 2024

Top Contributors in Subscription, account, billing:

NoOneCan  -  Dillon Silzer  -  RonBarker  -  VincentChoy   ✅

  • Search the community and support articles
  • Microsoft 365 and Office
  • Subscription, account, billing
  • Search Community member

Ask a new question

MS 365 Business premium license include MS Defender Plan1 or Plan2 ?

Is MS 365 business premium license includes MS defender plan2? if not what is the added value in plan2 over plan 1

Report abuse

Replies (2) .

Palcouk

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1?view=o365-worldwide

See compare

https://www.microsoft.com/en-gb/microsoft-365/business/compare-all-microsoft-365-business-products

Was this reply helpful? Yes No

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

Thanks for your feedback.

Vaidya Darpan MSFT

  • Microsoft Agent |

Dear Admin Magnetar,

Thank you for posting in Microsoft Community.

As per your mentioned concern, based on my finding, generally Microsoft Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium and Microsoft Defender for Office 365 Plan 2 is included in Office 365 E5, Office 365 A5, and Microsoft 365 E5. Microsoft Defender for Office 365 Plan 1 and Defender for Office 365 Plan 2 are each available as an add-on for certain subscriptions.

For more information, kindly refer to this official document Microsoft Defender for Office 365 Plan 1 and Plan 2

Furthermore, in order of your scenario, you may further connect with our Business billing support team via phone support or open service request, they will further assist you and provide you information according to your requirement.

Here is official information article about: Get support - Microsoft 365 admin | Microsoft Docs

I would really appreciate your kind cooperation.

Sincerely, Darpan | Microsoft Community Moderator

***Note: In the event that you're unable to reply to this thread, please ensure that your Email address is verified in the Community Website by clicking on Your Account Name > "My Profile" > "Edit Profile" > Add your Email Address > tick "Receive email notifications" checkbox > click on "Save".***

Question Info

  • For business
  • Security and compliance
  • Norsk Bokmål
  • Ελληνικά
  • Русский
  • עברית
  • العربية
  • ไทย
  • 한국어
  • 中文(简体)
  • 中文(繁體)
  • 日本語
  • Mobile Site
  • Staff Directory
  • Advertise with Ars

Filter by topic

  • Biz & IT
  • Gaming & Culture

Front page layout

$6 for apps like Gmail and Docs, and $20 for an AI bot? —

Google launches “gemini business” ai, adds $20 to the $6 workspace bill, google's ai features add a 3x increase over the usual workspace bill..

Ron Amadeo - Feb 21, 2024 10:21 pm UTC

Google launches “Gemini Business” AI, adds $20 to the $6 Workspace bill

Google went ahead with plans to launch Gemini for Workspace today. The big news is the pricing information, and you can see the Workspace pricing page is new, with every plan offering a "Gemini add-on." Google's old AI-for-Business plan, "Duet AI for Google Workspace," is dead, though it never really launched anyway.

Google has a blog post explaining the changes. Google Workspace starts at $6 per user per month for the "Starter" package, and the AI "Add-on," as Google is calling it, is an extra $20 monthly cost per user (all of these prices require an annual commitment). That is a massive price increase over the normal Workspace bill, but AI processing is expensive . Google says this business package will get you "Help me write in Docs and Gmail , Enhanced Smart Fill in Sheets and image generation in Slides ." It also includes the "1.0 Ultra" model for the Gemini chatbot—there's a full feature list here . This $20 plan is subject to a usage limit for Gemini AI features of " 1,000 times per month ."

The new Workspace pricing page, with a

Further Reading

Google's second plan is "Gemini Enterprise," which doesn't come with any usage limits, but it's also only available through a "contact us" link and not a normal checkout procedure. Enterprise is $30 per user per month, and it "includes additional capabilities for AI-powered meetings, where Gemini can translate closed captions in more than 100 language pairs, and soon even take meeting notes."

reader comments

Channel ars technica.

Jeff Bezos' great big February stock sell-off is complete

  • Jeff Bezos has finished selling off 50 million shares in Amazon.
  • The Amazon cofounder disclosed plans to offload the shares, worth roughly $8.5 billion.
  • His last big Amazon selling spree was in 2021 when he prepared to  step down as CEO .

Insider Today

Jeff Bezos has finished selling off 50 million shares in Amazon days after he announced plans to do so.

Earlier this month, it was disclosed that the Amazon founder and executive chairman intended to offload up to 50 million shares, worth roughly $8.5 billion, before January 31, 2025. It turns out he didn't need anywhere near all that time: He wrapped up his sell-off of exactly 50 million shares in just nine trading days this month, securities filings show .

At the end of December, Bezos owned 988 million shares, or just under 10% of Amazon, according to the company's proxy statement. At today's share price, that stake is worth more than $165 billion.

Bezos still has about 938 million shares in Amazon after his sell-off.

Bezos' net worth is $191 billion, according to the Bloomberg Billionaires Index.

His move to Miami could save him $600 million in taxes on the sell-off, as CNBC previously reported. While Washington has a 7% capital gains tax on sales of stocks or bonds worth upwards of $250,000, Florida doesn't have a capital gains tax. For the last 29 years, Bezos has lived in Seattle, where he built Amazon, before he announced in November that he was packing up and heading to Miami .

Bezos' last big Amazon selling spree was in 2021, as he prepared to step down as CEO after 27 years .

defender for business plan price

Watch: Jeff Bezos reportedly just spent $165 million on a Beverly Hills estate — here are all the ways the world's richest man makes and spends his money

defender for business plan price

  • Main content
  • Share full article

Advertisement

Supported by

AT&T Says Service Is Restored After Widespread Cellular Outage

White House officials said the incident was under investigation, but it did not appear to be a cyberattack. Verizon and T-Mobile said their networks were operating normally.

The AT&T logo.

By Jenny Gross and David McCabe

Jenny Gross reported from London and David McCabe reported from Washington.

AT&T said on Thursday that it had fully restored service to its wireless network after a widespread outage temporarily cut off connections for users across the United States for many hours, the cause of which was still under investigation.

The outage, which affected people in cities including Atlanta, Los Angeles and New York, was first reported around 3:30 a.m. Eastern time, according to Downdetector.com , which tracks user reports of telecommunication and internet disruptions. At its peak, the site listed around 70,000 reports of disrupted service for the wireless carrier.

Multiple government agencies said they were looking into the incident, although the Biden administration told reporters that AT&T said there was no reason to think it was a cyberattack.

AT&T did not disclose the scope of the outage, nor the reason for it. When the outage first began on Thursday morning, the company listed the cause as “maintenance activity.”

Jim Greer, an AT&T spokesman, apologized in a statement confirming service was restored and said the company was “taking steps to ensure our customers do not experience this again in the future.”

The outage underscored the importance of connectivity to daily life as individuals and businesses were cut off from communications and the ability to use mobile apps. AT&T advised consumers they could make calls over Wi-Fi and sought to respond to angry customers online. Many phones showed an “SOS” symbol on their screen, signaling they could only make emergency calls, while local governments offered alternate ways to reach 911.

Reports of outages on Downdetector began to fall midmorning, and at one point AT&T’s website showed that outages were limited to users in California , though users in other states were still reporting issues. Cricket, which is owned by AT&T, also reported that its users were experiencing wireless service interruptions and said it was working to restore service.

Reports also surfaced early Thursday that FirstNet, the network AT&T maintains for emergency services personnel, had experienced outages, but AT&T said around 10:30 a.m. that the network was fully operational.

Verizon experienced 3,000 reports of outages at one point on Thursday and T-Mobile about half that. Both companies said in statements that their networks were operating normally.

“Some customers experienced issues this morning when calling or texting with customers served by another carrier,” Verizon said. “We are continuing to monitor the situation.”

In an email, T-Mobile said that it did not experience an outage. “Downdetector is likely reflecting challenges our customers were having attempting to connect to users on other networks.”

Officials in Washington said they were working to understand the cause of the outage. A spokesman for the Federal Communications Commission said its inquiry was being handled by its Public Safety and Homeland Security Bureau, which was in touch with AT&T as well as other providers.

John Kirby, a National Security Council spokesman, said on a call with reporters on Thursday that the Biden administration was told “that AT&T has no reason to think this was a cybersecurity incident,” although he added that they would not be certain until an investigation had been completed.

Mr. Kirby said that, in addition to the F.C.C., the Department of Homeland Security and the F.B.I. were collaborating with technology companies to investigate the outage.

The F.B.I. said in a statement it was in touch with AT&T and would respond accordingly if any malicious activity was found.

Throughout the day, cities urged residents to find alternate ways of reaching emergency or municipal services, like landlines or phones connected to Wi-Fi. The City of Upper Arlington, Ohio , said the fire department might not be notified of fire alarms because of the outage. It urged that any fire alarm be followed up with a 911 call.

The San Francisco Fire Department said on social media that it was aware of an issue affecting AT&T users who were trying to call 911. “We are actively engaged and monitoring this,” the fire department said. “If you are an AT&T customer and cannot get through to 911, then please try calling from a landline.”

The Massachusetts State Police said on social media on Thursday morning that 911 call centers across the state had been flooded with calls from people checking to see if the emergency service worked from their phones. “Please do not do this,” the police said. “If you can successfully place a non-emergency call to another number via your cell service then your 911 service will also work.”

Even in less extreme circumstances, the outage complicated the many elements of life that have come to rely on a reliable connection to the internet.

Staff at the First Watch restaurant in Dania Beach, Fla., had to turn away breakfast customers for a time while the outage prevented them from processing payments.

Debra Maddow, who lives in southwest Houston, said that she first noticed something was off after 7 a.m., when she went to check traffic and Google Maps was offline. Later, she visited a Starbucks to make an urgent call through its free Wi-Fi, she said.

“I’m really frustrated that they’re not telling us anything,” Ms. Maddow said in a phone interview over Wi-Fi. She said she tried to call AT&T for an update, but after a long time on hold, the call was dropped.

Victor Mather , John Keefe , Zolan Kanno-Youngs and Adam Goldman contributed reporting.

Jenny Gross is a reporter for The Times in London covering breaking news and other topics. More about Jenny Gross

David McCabe covers tech policy. He joined The Times from Axios in 2019. More about David McCabe

Explore Our Business Coverage

Dive deeper into the people, issues and trends shaping the world of business..

A Funding Frenzy:  Anthropic, one of the world’s hottest A.I. start-ups, raised $7.3 billion over 2023. Here’s how the funding spree happened .

A Twist on Home Cooking:  Developers are transforming clusters of old homes into micro restaurants, combining the pleasures of dining out with the nostalgic comforts of home .

The Great Compression:  Soaring home prices in the United States have ushered in the era of the 400-square-foot subdivision house. The change could reshape the market .

A Billionaire’s Moonshots:  The entrepreneur Kam Ghaffarian wants to help build the new space economy , one Prada spacesuit and Jeff Koons-filled lunar lander at a time.

E.V. Uncertainty:  In Michigan, one of six battleground states that could determine the 2024 U.S. presidential election, electric vehicles have emerged as a contested piece of the economic future .

A Climate Retreat:  Many of the world’s biggest financial firms spent the past several years pledging to fight climate change. Now, Wall Street has flip-flopped .

  • Pre-Markets
  • U.S. Markets
  • Cryptocurrency
  • Futures & Commodities
  • Funds & ETFs
  • Health & Science
  • Real Estate
  • Transportation
  • Industrials

Small Business

Personal Finance

  • Financial Advisors
  • Options Action
  • Buffett Archive
  • Trader Talk
  • Cybersecurity
  • Social Media
  • CNBC Disruptor 50
  • White House
  • Equity and Opportunity
  • Business Day Shows
  • Entertainment Shows
  • Full Episodes
  • Latest Video
  • CEO Interviews
  • CNBC Documentaries
  • CNBC Podcasts
  • Digital Originals
  • Live TV Schedule
  • Trust Portfolio
  • Trade Alerts
  • Meeting Videos
  • Homestretch
  • Jim's Columns
  • Stock Screener
  • Market Forecast
  • Options Investing
  • Chart Investing

Credit Cards

Credit Monitoring

Help for Low Credit Scores

All Credit Cards

Find the Credit Card for You

Best Credit Cards

Best Rewards Credit Cards

Best Travel Credit Cards

Best 0% APR Credit Cards

Best Balance Transfer Credit Cards

Best Cash Back Credit Cards

Best Credit Card Welcome Bonuses

Best Credit Cards to Build Credit

Find the Best Personal Loan for You

Best Personal Loans

Best Debt Consolidation Loans

Best Loans to Refinance Credit Card Debt

Best Loans with Fast Funding

Best Small Personal Loans

Best Large Personal Loans

Best Personal Loans to Apply Online

Best Student Loan Refinance

All Banking

Find the Savings Account for You

Best High Yield Savings Accounts

Best Big Bank Savings Accounts

Best Big Bank Checking Accounts

Best No Fee Checking Accounts

No Overdraft Fee Checking Accounts

Best Checking Account Bonuses

Best Money Market Accounts

Best Credit Unions

All Mortgages

Best Mortgages

Best Mortgages for Small Down Payment

Best Mortgages for No Down Payment

Best Mortgages with No Origination Fee

Best Mortgages for Average Credit Score

Adjustable Rate Mortgages

Affording a Mortgage

All Insurance

Best Life Insurance

Best Homeowners Insurance

Best Renters Insurance

Best Car Insurance

Travel Insurance

All Credit Monitoring

Best Credit Monitoring Services

Best Identity Theft Protection

How to Boost Your Credit Score

Credit Repair Services

All Personal Finance

Best Budgeting Apps

Best Expense Tracker Apps

Best Money Transfer Apps

Best Resale Apps and Sites

Buy Now Pay Later (BNPL) Apps

Best Debt Relief

All Small Business

Best Small Business Savings Accounts

Best Small Business Checking Accounts

Best Credit Cards for Small Business

Best Small Business Loans

Best Tax Software for Small Business

Filing For Free

Best Tax Software

Best Tax Software for Small Businesses

Tax Refunds

Tax Brackets

Tax By State

Tax Payment Plans

All Help for Low Credit Scores

Best Credit Cards for Bad Credit

Best Personal Loans for Bad Credit

Best Debt Consolidation Loans for Bad Credit

Personal Loans if You Don't Have Credit

Best Credit Cards for Building Credit

Personal Loans for 580 Credit Score or Lower

Personal Loans for 670 Credit Score or Lower

Best Mortgages for Bad Credit

Best Hardship Loans

All Investing

Best IRA Accounts

Best Roth IRA Accounts

Best Investing Apps

Best Free Stock Trading Platforms

Best Robo-Advisors

Index Funds

Mutual Funds

FCC to vote in March on rules for 'all-in' cable and satellite pricing

thumbnail

  • The Federal Communications Commission announced that it will be voting on rules that will require cable and satellite providers to display an "all-in" price for video programming on consumers' bills and promotional materials.
  • "We're working to make it so the advertised price for a service is the price you pay when your bill arrives," FCC Chairwoman Jessica Rosenworcel said.

WASHINGTON — A federal consumer protection watchdog agency on Wednesday announced that it will be voting on rules that will require cable and satellite providers to display an "all-in" price for video programming on consumers' bills and promotional materials.

The Federal Communications Commission's final rules are expected to be largely similar to those the agency initially proposed last year. The commission plans to vote on a final version of the rules during its upcoming March 14 open meeting.

"We're working to make it so the advertised price for a service is the price you pay when your bill arrives," FCC Chairwoman Jessica Rosenworcel said in a statement .  

"Not only will this reduce cost confusion and make it easier for consumers to compare services, but this proposal will also increase competition among cable and broadcast satellite providers through improved price transparency," said Rosenworcel.

The commission voted in December to adopt a proposal to ban cable and satellite companies from charging early termination fees.

The agency is also gearing up to enforce a new labeling format for broadband internet service providers, starting in April.

Read more CNBC politics coverage

  • White House to expand Russia sanctions over Alexei Navalny’s death
  • Appeals court will rehear challenge to Nasdaq board diversity rule, putting mandate at risk
  • Senate bill aims to kill proposed SEC rule on AI conflicts of interest

The FCC rules to be voted on next month are the latest in a string of new regulations across the federal government aimed at eliminating what the Biden administration has labeled "junk fees," undefined or last-minute costs charged to consumers, often at the end of an online transaction.

It is also a cause that President Joe Biden has long supported .

"Too often, these companies hide additional junk fees on customer bills disguised as "broadcast TV" or "regional sports" fees that in reality pay for no additional services," Biden said in a June 2023 statement on the proposed FCC rule.

"These fees really add up: according to one report, they increase customer bills by nearly 25% of the price of base service," said Biden.

Correction: The FCC announced Wednesday it will be voting to finalize price disclosure rules for video programming services. An earlier version mischaracterized the action.

Don't miss these stories from CNBC PRO:

  • Warren Buffett's Berkshire keeps new stock pick secret — again. Here's what it means
  • Michael Burry of 'The Big Short' fame buys Amazon, Alphabet and a dozen other new stocks
  • Move over, Nvidia. There's a new hot AI play that has soared 960% in the past year
  • Morgan Stanley's Slimmon names 3 stocks to buy right now: 'It's going to be a good year for equities'
  • This little-known bank is offering one of the highest CD rates

comscore

defender for business plan price

Copilot for Microsoft 365 is now available for small and medium-sized businesses.

Find the best Microsoft 365 plan for your business

Microsoft 365 business basic.

Originally starting from $6.00 now starting from $6.00

$6.00 $6.00

(Annual subscription–auto renews) 1

Apps and services to kick-start your business, including:

Identity, access, and user management for up to 300 employees

Custom business email ([email protected])

Web and mobile versions of Word, Excel, PowerPoint, and Outlook

Chat, call, and video conference with Microsoft Teams

1 TB of cloud storage per employee

10+ additional apps for your business needs (Microsoft Bookings, Planner, Forms, and others)

Automatic spam and malware filtering

Anytime phone and web support

Microsoft 365 Business Standard

Originally starting from $12.50 now starting from $12.50

$12.50 $12.50

Everything in Business Basic, plus:

Desktop versions of Word, Excel, PowerPoint, and Outlook

Webinars with attendee registration and reporting

New : Collaborative workspaces to co-create using Microsoft Loop

New : Video editing and design tools with Microsoft Clipchamp

Copilot for Microsoft 365 available as an add-on . *

Microsoft 365 Business Premium

Originally starting from $22.00 now starting from $22.00

$22.00 $22.00

Everything in Business Standard, plus:

Advanced identity and access management

Enhanced cyberthreat protection against viruses and phishing attacks

Enterprise-grade device and endpoint protection

Discover, classify, and protect sensitive information

Microsoft 365 Apps for business

Originally starting from $8.25 now starting from $8.25

$8.25 $8.25

Desktop versions of Word, Excel, PowerPoint, and Outlook:

 Desktop versions of Word, Excel, PowerPoint, and Outlook

1 TB of cloud storage per user

Add Copilot to your Microsoft plan *

Sign in to add Copilot to your existing Microsoft 365 business plan.

If you’re not an existing customer, buy a Microsoft 365 plan to get started.

copilot-visual

Explore Microsoft 365

defender for business plan price

Help me choose the right Microsoft 365 plan

Learn more about microsoft 365 for business, learn more about microsoft 365 for enterprise, get just the microsoft 365 desktop apps, frequently asked questions, what is microsoft 365.

Microsoft 365 is the productivity cloud designed to help everyone achieve what matters, in their work and life, with best-in-class Microsoft 365 apps, intelligent cloud services, and advanced security.

On how many devices can I install Microsoft 365 apps if I have a Microsoft 365 business plan?

Install Microsoft 365 apps on up to five PCs or Macs, five tablets, and five mobile devices. Hybrid Windows devices, such as the Microsoft Surface Pro, count as either a PC or a tablet.

What forms of payment can I use?

All major credit cards are accepted. When paying with a credit card, your subscription amount will appear on your credit card statement. Existing customers may be eligible to pay by invoice and can contact support to check their eligibility for this payment method.  Learn more about paying by invoice . For Microsoft 365 business plans, depending on your choice of service, you'll be billed monthly or annually.

What's the difference between monthly, annual, and annual commitment payments?

To provide you with the greatest amount of flexibility, different payment options are available.

Microsoft 365 Business Basic, Microsoft 365 Apps for business, Microsoft 365 Business Standard, and Microsoft 365 Business Premium plans are available for monthly commitment payment or annual commitment payment.

  • Monthly commitment payment:  Pay month by month and cancel at any time.
  • Annual commitment payment:  Sign up for a one-year subscription and benefit from a discount for using this payment option. By default, your billing plan will be set to monthly billing. After your purchase, you can change your billing plan to annual billing within the Microsoft 365 admin center. The Microsoft 365 Enterprise and Office 365 Enterprise plans (including standalone plans such as Exchange Online) and Microsoft 365 Apps for enterprise are available for annual commitment payment.
  • Annual commitment payment:  Sign up for a one-year subscription and choose to pay monthly or for the entire year at the time you sign up.

Can I convert my trial to a paid subscription and retain all my settings and files?

Yes. If you purchase Microsoft 365 licenses for the accounts you create during your free trial, the information and configuration for these users' accounts will remain intact. Once your free trial expires, you’ll have an additional 30 days to purchase Microsoft 365 before your account information is erased. Once your trial account information has been erased, it can’t be retrieved.

Does Microsoft 365 work when I'm not connected to the internet?

The Microsoft 365 apps that you install on your PC or Mac—such as Word, Excel, PowerPoint, and Outlook—are available to you when you’re not online. 

With OneDrive in Microsoft 365, get file storage that you can access when you’re offline. When you make changes while offline, they’ll be synced to OneDrive and across the rest of your devices when you reconnect.

With Outlook, read emails already delivered to your inbox, or draft new emails and meeting requests. Your inbox and outbox will sync across the rest of your devices when you reconnect.

What happens to my data if I cancel my subscription?

Your data is yours. If you decide to cancel your Microsoft 365 subscription, download your data—for example, your email and documents on team sites—and save it to another location. You should save your data before you cancel. After you cancel your subscription, data associated with your Microsoft 365 account will be available to your administrator(s) in a limited function account for 90 days.

Where can I find more answers to frequently asked questions?

Find more answers to frequently asked questions on the  Microsoft 365 for business FAQ page .

What is Microsoft Defender for Business?

Microsoft Defender for Business is an endpoint security solution designed to help businesses with up to 300 employees. It helps protect against cybersecurity threats, including malware and ransomware, in an easy-to-use, cost-effective package. Microsoft Defender for Business is included with Microsoft 365 Business Premium and is available as a standalone product.  Learn more .

How many users can I host for online meetings and video calls using Microsoft Teams?

With Microsoft 365 Business Basic, Microsoft 365 Business Standard, and Microsoft 365 Business Premium plans, you can host online meetings and video calls for up to 300 people using Microsoft Teams. ​

With Microsoft 365 E3 and E5, Microsoft 365 A3 and A5, and Microsoft 365 Government G3 and G5 plans, this limit increases up to 1,000 people.  Learn more . 

For IT providers, what are the options to manage more than one customer at a time?

IT service providers can use Microsoft 365 Lighthouse to secure their Business Premium customers at scale. Learn more .

Copilot for Microsoft 365 frequently asked questions

Find more answers to frequently asked questions. Learn more .

  • [1] Once your paid subscription begins, cancellation policies vary based on your status as a new customer and your product and domain selections on Microsoft. Learn more . Cancel your Microsoft 365 subscription any time by going to the Microsoft 365 admin center. When a subscription is canceled, all associated data will be deleted. Learn more about data retention, deletion, and destruction in Microsoft 365 .
  • [2] After your one-month free trial ends, your subscription will automatically convert into a 12-month paid subscription and you will be charged the applicable subscription fee. Cancel anytime during your free trial to stop future charges. Credit card required to sign-up. Learn more .
  • [*] Copilot for Microsoft 365 may not be available for all markets and languages. To purchase,  enterprise customers  must have a license for Microsoft 365 E3 or E5 or Office 365 E3 or E5, and  business customers  must have a license for Microsoft 365 Business Standard or Business Premium, or a version of these suites that no longer includes Microsoft Teams.

Connect with Microsoft 365 :

Support icon

  • Chat with sales
  • Contact sales

Available Mon to Fri from 6:00 AM to 6:00 PM Pacific Time.

We've detected unusual activity from your computer network

To continue, please click the box below to let us know you're not a robot.

Why did this happen?

Please make sure your browser supports JavaScript and cookies and that you are not blocking them from loading. For more information you can review our Terms of Service and Cookie Policy .

For inquiries related to this message please contact our support team and provide the reference ID below.

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Overview of Microsoft Defender for Endpoint Plan 1

  • 13 contributors
  • Microsoft Defender for Endpoint Plan 1

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help organizations like yours to prevent, detect, investigate, and respond to advanced threats. We are pleased to announce that Defender for Endpoint is now available in two plans:

  • Defender for Endpoint Plan 1 , described in this article; and
  • Defender for Endpoint Plan 2 , generally available, and formerly known as Defender for Endpoint .

The green boxes in the following image depict what's included in Defender for Endpoint Plan 1:

A diagram showing what's included with Defender for Endpoint Plan 1

Use this guide to:

  • Get an overview of what's included in Defender for Endpoint Plan 1
  • Learn how to set up and configure Defender for Endpoint Plan 1
  • Get started using the Microsoft Defender portal, where you can view incidents and alerts, manage devices, and use reports about detected threats
  • Get an overview of maintenance and operations

Defender for Endpoint Plan 1 capabilities

Defender for Endpoint Plan 1 includes the following capabilities:

  • Next-generation protection that includes industry-leading, robust antimalware and antivirus protection
  • Manual response actions , such as sending a file to quarantine, that your security team can take on devices or files when threats are detected
  • Attack surface reduction capabilities that harden devices, prevent zero-day attacks, and offer granular control over endpoint access and behaviors
  • Centralized configuration and management with the Microsoft Defender portal and integration with Microsoft Intune
  • Protection for a variety of platforms , including Windows, macOS, iOS, and Android devices

The following sections provide more details about these capabilities.

Next-generation protection

Next-generation protection includes robust antivirus and antimalware protection. With next-generation protection, you get:

  • Behavior-based, heuristic, and real-time antivirus protection
  • Cloud-delivered protection, which includes near-instant detection and blocking of new and emerging threats
  • Dedicated protection and product updates, including updates related to Microsoft Defender Antivirus

To learn more, see Next-generation protection overview .

Manual response actions

Manual response actions are actions that your security team can take when threats are detected on endpoints or in files. Defender for Endpoint includes certain manual response actions that can be taken on a device that is detected as potentially compromised or has suspicious content. You can also run response actions on files that are detected as threats. The following table summarizes the manual response actions that are available in Defender for Endpoint Plan 1.

To learn more, see the following articles:

  • Take response actions on devices
  • Take response actions on files

Attack surface reduction

Your organization's attack surfaces are all the places where you're vulnerable to cyberattacks. With Defender for Endpoint Plan 1, you can reduce your attack surfaces by protecting the devices and applications that your organization uses. The attack surface reduction capabilities that are included in Defender for Endpoint Plan 1 are described in the following sections.

Attack surface reduction rules

Ransomware mitigation, device control, web protection, network protection, network firewall, application control.

To learn more about attack surface reduction capabilities in Defender for Endpoint, see Overview of attack surface reduction .

Attack surface reduction rules target certain software behaviors that are considered risky. Such behaviors include:

  • Launching executable files and scripts that attempt to download or run other files
  • Running obfuscated or otherwise suspicious scripts
  • Initiating behaviors that apps don't usually initiate during normal work

Legitimate business applications can exhibit such software behaviors; however, these behaviors are often considered risky because they are commonly abused by attackers through malware. Attack surface reduction rules can constrain risky behaviors and help keep your organization safe.

To learn more, see Use attack surface reduction rules to prevent malware infection .

With controlled folder access, you get ransomware mitigation. Controlled folder access allows only trusted apps to access protected folders on your endpoints. Apps are added to the trusted apps list based on their prevalence and reputation. Your security operations team can add or remove apps from the trusted apps list, too.

To learn more, see Protect important folders with controlled folder access .

Sometimes threats to your organization's devices come in the form of files on removable drives, such as USB drives. Defender for Endpoint includes capabilities to help prevent threats from unauthorized peripherals from compromising your devices. You can configure Defender for Endpoint to block or allow removable devices and files on removable devices.

To learn more, see Control USB devices and removable media .

With web protection, you can protect your organization's devices from web threats and unwanted content. Web protection includes web threat protection and web content filtering.

  • Web threat protection prevents access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, and sites that you explicitly block.
  • Web content filtering prevents access to certain sites based on their category. Categories can include adult content, leisure sites, legal liability sites, and more.

To learn more, see web protection .

With network protection, you can prevent your organization from accessing dangerous domains that might host phishing scams, exploits, and other malicious content on the Internet.

To learn more, see Protect your network .

With network firewall protection, you can set rules that determine which network traffic is permitted to flow to or from your organization's devices. With your network firewall and advanced security that you get with Defender for Endpoint, you can:

  • Reduce the risk of network security threats
  • Safeguard sensitive data and intellectual property
  • Extend your security investment

To learn more, see Windows Defender Firewall with advanced security .

Application control protects your Windows endpoints by running only trusted applications and code in the system core (kernel). Your security team can define application control rules that consider an application's attributes, such as its codesigning certificates, reputation, launching process, and more. Application control is available in Windows 10 or later.

To learn more, see Application control for Windows .

Centralized management

Defender for Endpoint Plan 1 includes the Microsoft Defender portal, which enables your security team to view current information about detected threats, take appropriate actions to mitigate threats, and centrally manage your organization's threat protection settings.

To learn more, see Microsoft Defender portal overview .

Role-based access control

Using role-based access control (RBAC), your security administrator can create roles and groups to grant appropriate access to the Microsoft Defender portal ( https://security.microsoft.com ). With RBAC, you have fine-grained control over who can access the Defender for Cloud, and what they can see and do.

To learn more, see Manage portal access using role-based access control .

The Microsoft Defender portal ( https://security.microsoft.com ) provides easy access to information about detected threats and actions to address those threats.

  • The Home page includes cards to show at a glance which users or devices are at risk, how many threats were detected, and what alerts/incidents were created.
  • The Incidents & alerts section lists any incidents that were created as a result of triggered alerts. Alerts and incidents are generated as threats are detected across devices.
  • The Action center lists remediation actions that were taken. For example, if a file is sent to quarantine, or a URL is blocked, each action is listed in the Action center on the History tab.
  • The Reports section includes reports that show threats detected and their status.

To learn more, see Get started with Microsoft Defender for Endpoint Plan 1 .

With the Defender for Endpoint APIs, you can automate workflows and integrate with your organization's custom solutions.

To learn more, see Defender for Endpoint APIs .

Cross-platform support

Most organizations use various devices and operating systems. Defender for Endpoint Plan 1 supports the following operating systems:

  • Windows 10 and 11
  • Windows 7 ( ESU required ) Pro or Enterprise
  • Windows 8.1 Pro, Enterprise, and Pro Education
  • macOS (the three most recent releases are supported)

Servers require an additional license, such as:

  • Microsoft Defender for Servers Plan 1 or Plan 2 ( recommended for enterprise customers ) as part of the Defender for Cloud offering. To learn more. see Overview of Microsoft Defender for Servers .
  • Microsoft Defender for Endpoint for Servers ( recommended for enterprise customers ). To learn more, see Defender for Endpoint onboarding Windows Server .
  • Microsoft Defender for Business servers ( for small and medium-sized businesses who have Microsoft Defender for Business ). To learn more, see How to get Microsoft Defender for Business servers .

See Microsoft licensing and product terms .

  • Set up and configure Defender for Endpoint Plan 1
  • Get started with Defender for Endpoint Plan 1
  • Manage Defender for Endpoint Plan 1
  • Learn about exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community .

Was this page helpful?

Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback .

Submit and view feedback for

Additional resources

IMAGES

  1. Introducing Microsoft Defender for Business: you heard that right... it

    defender for business plan price

  2. Microsoft Defender for Business Breakdown

    defender for business plan price

  3. Microsoft Defender for Business

    defender for business plan price

  4. Microsoft Defender for Business is now available as a standalone

    defender for business plan price

  5. Microsoft Launches Microsoft Defender for Business

    defender for business plan price

  6. Microsoft Defender for Business (SMBs)

    defender for business plan price

COMMENTS

  1. Microsoft Defender for Business

    $3.00 user/month (Includes up to five devices per user; annual subscription—auto renews 6) Try free for 30 days Buy now An easy-to-use standalone product that includes: Up to 300 users Up to five devices per user Enterprise-grade protection across your laptops, desktops, and mobile devices Threat and vulnerability management

  2. Microsoft Defender for Business frequently asked questions

    The Microsoft Defender for Business servers license is priced at $3 per server instance.

  3. Microsoft Defender Vulnerability Management Plans and Pricing

    Follow Microsoft 365 Find information on plans and pricing for Microsoft Defender Vulnerability Management, a risk-based approach to addressing critical vulnerabilities and threats.

  4. Pricing—Microsoft Defender

    Currency: Display pricing by: Microsoft Defender for Cloud provides comprehensive, cloud-native protections from development to runtime in multicloud environments. Defender for Cloud helps you protect resources across Azure, other clouds, and on-premises through its Free tier and enhanced security capabilities.

  5. What is Microsoft Defender for Business?

    Next steps. Defender for Business is an endpoint security solution that was designed especially for the small- and medium-sized business (up to 300 employees). With this endpoint security solution, your company's devices are better protected from ransomware, malware, phishing, and other threats. Defender for Business is available as a ...

  6. Get Microsoft Defender for Business

    Microsoft 365 Business Premium includes Defender for Business, Microsoft Defender for Office 365 Plan 1, and Microsoft 365 Apps (formerly referred to as Office apps). For more information, see Productivity and security for small and medium-sized businesses. Visit the Microsoft 365 Business Premium product page. Choose to try or buy your ...

  7. Microsoft Defender for Business

    USD$22.00 user/month (Annual subscription—auto renews 1) Price does not include GST. Try free for 30 days Buy now A full-featured package to save time and help keep you secure, Microsoft 365 Business Premium includes Microsoft Defender for Business, plus: Defender for Office 365 to help protect email from phishing attacks

  8. Introducing Microsoft Defender for Business

    Published Nov 02 2021 07:55 AM 142K Views undefined UPDATE 2nd May 2022. Microsoft Defender for Business is now generally available. Please see New endpoint security for small and medium businesses now available with Defender for Business. - Mi...

  9. Microsoft Defender for Business preview now available

    For a comparison of all endpoint security solutions from Microsoft please see the Microsoft Defender for Business documentation. Figure 6: Summary comparison of capabilities between Microsoft Defender for Endpoint Plan 1,2, and Microsoft Defender for Business. See documentation for more detail. Feedback and community engagement. We're in preview!

  10. Microsoft Defender for Business is Coming to Business Premium

    As for the pricing details, Microsoft Defender for Business is available for enterprise customers as a standalone purchase ($3/user per month) and it is also included in Microsoft 365 Business ...

  11. Microsoft Defender for Business Pricing 2024

    Microsoft Defender for Business has 1 pricing plan Yes, has free trial No free version Credit Card Required: Not provided by vendor Discount: Information not available Basic $3 Pricing Model: Per User Payment Frequency: Per Month Basic plan includes: Not available Popular alternatives to Microsoft Defender for Business

  12. How does Microsoft Defender for Business compare to Defender for

    Comparing Features A complete comparison between the different license plans is available on Microsoft Learn. Here, I compare Defender for Endpoint Plan 2 against Defender for Business. I ignore Plan 1 because it is a basic plan that misses critical features such as Endpoint Detection & Response.

  13. Microsoft 365 Defender Review

    The Best Small Business CRM Software for 2023; ... and it's also part of the more price-conscious Microsoft 365 E3 plan, which costs $32 per user per month. ... and Defender for Office 365 (Plan 2

  14. Microsoft Defender for Business Breakdown

    Now Microsoft has also announced that there will be a Microsoft Defender for Business offering that will be included at no additional cost to Microsoft Business Premium ($20/user/month). This is an amazing addition to a sku that is already pretty robust with security offerings. Feature Comparison

  15. Microsoft Defender for Office 365

    Microsoft Defender for Office 365 | Microsoft Security Learn how to bring innovative cybersecurity AI to your organization at Microsoft Secure. Register now Microsoft Defender for Office 365 Help secure your email and Microsoft Teams with advanced protection against phishing, business email compromise, ransomware, and other cyberthreats.

  16. Microsoft Defender for Business

    Defender for Business offers functions like: Antimalware and Antivirus, Next-generation protection, Attack surface reduction, Endpoint detection and response, Threat analytics, Centralized management and reporting Microsoft Defender for Business pricing

  17. Microsoft Defender for Business documentation

    Defender for Business is a cybersecurity solution for small and medium-sized businesses to protect devices, such as computers, tablets, and phones. Protect devices with enterprise-grade security at an affordable price. Try or by Defender for Business today!

  18. Microsoft Defender for Business

    Defender for Business supports different methods for onboarding devices into Defender for Endpoint. Onboarding is similar in comparison to the P1 and P2 solution from Microsoft. For onboarding the following options are possible; Microsoft Endpoint Manager/ Microsoft Intune. Local Script. Group Policy.

  19. MS 365 Business premium license include MS Defender Plan1 or Plan2

    Thank you for posting in Microsoft Community. As per your mentioned concern, based on my finding, generally Microsoft Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium and Microsoft Defender for Office 365 Plan 2 is included in Office 365 E5, Office 365 A5, and Microsoft 365 E5. Microsoft Defender for Office 365 Plan ...

  20. Google launches "Gemini Business" AI, adds $20 to the $6 Workspace bill

    This $20 plan is subject to a usage limit for Gemini AI features of "1,000 times per month." Advertisement Enlarge / The new Workspace pricing page, with a "Gemini Add-On" for every plan.

  21. Jeff Bezos' Great Big Amazon Stock Sell-Off Is Complete

    Jeff Bezos swiftly carried out his plan, announced earlier this month, to sell off 50 million shares in Amazon, valued at roughly $8.5 billion.

  22. AT&T Says Service Is Restored After Widespread Cellular Outage

    Dive deeper into the people, issues and trends shaping the world of business. The Great Compression: Soaring home prices in the United States have ushered in the era of the 400-square-foot ...

  23. FCC to vote in March on rules for 'all-in' cable and satellite pricing

    All Small Business. Best Small Business Savings Accounts. Best Small Business Checking Accounts. Best Credit Cards for Small Business. Best Small Business Loans. Best Tax Software for Small ...

  24. Compare All Microsoft 365 Plans

    Apps and services to kick-start your business, including: Identity, access, and user management for up to 300 employees. Custom business email ([email protected]) Web and mobile versions of Word, Excel, PowerPoint, and Outlook. Chat, call, and video conference with Teams. 1 TB of cloud storage per employee.

  25. Amazon founder Jeff Bezos completes $8.5bn share sale plan

    Multi-billionaire Jeff Bezos has sold another 14 million Amazon shares, worth around $2.4bn (£1.9bn). The latest sale brings the total number of shares he has sold in the firm over the last nine ...

  26. Microsoft Defender for Office 365 security comparison

    Microsoft Defender for Office 365 365 Plan 1 (Defender for Office 365 P1). Microsoft Defender for Office 365 365 Plan 2 (Defender for Office 365 P2). Tip

  27. Reddit users say share plans 'beginning of the end'

    But this proved to be short-lived, and Reddit's plan ultimately proved financially beneficial, as it has struck a deal with Google reportedly worth $60m (£47m) so the tech giant can use Reddit ...

  28. Why Walmart is buying Vizio

    Walmart is buying TV-maker Vizio for $2.3 billion in an effort to build its advertising business and rival Amazon. ... Falling prices can indicate weak demand, and consumer spending is a big ...

  29. Unilever Returns To Volume Growth Under Turnaround Plan

    Magnum ice-cream maker Unilever Plc sold more products like deodorant and mayonnaise for the first time in more than two years, as easing price inflation encouraged shoppers to buy more.. Revenue ...

  30. Overview of Microsoft Defender for Endpoint Plan 1

    Defender for Endpoint Plan 1 includes the following capabilities: Next-generation protection that includes industry-leading, robust antimalware and antivirus protection. Manual response actions, such as sending a file to quarantine, that your security team can take on devices or files when threats are detected.