In this blog post, I will explain what Microsoft 365 Defender for Endpoint is, what different Defender for Endpoint Licensing plans and features are available, and what options you have for servers. I will also add a chart to show the differences between the plans and the platforms they support. I hope you find this blog post helpful and informative.
What is Microsoft 365 Defender for Endpoint?
Microsoft 365 Defender for Endpoint is a comprehensive endpoint security solution that helps enterprises prevent, detect, investigate, and respond to advanced threats. It offers next-generation protection, endpoint detection and response, vulnerability management, and automated investigation and response capabilities for Windows, macOS, Linux, iOS, and Android devices.
Microsoft 365 Defender for Endpoint is part of the Microsoft 365 Defender suite, which also includes Microsoft 365 Defender for Office 365, Microsoft 365 Defender for Identity, and Microsoft Cloud App Security. These solutions work together to provide unified protection across endpoints, email, identities, and cloud apps.
Plans & features
However, not all features are available for all platforms or plans. Depending on your organization’s needs and budget, you can choose from different licensing options for Microsoft 365 Defender for Endpoint. The following chart shows the differences between the plans and the platforms they support:
Chart showing the differences between the plans and the platforms they support
As you can see from the chart, there are three main plans for Microsoft 365 Defender for Endpoint:
- Plan 1: This plan provides basic protection and management features, such as antivirus, antimalware, attack surface reduction, manual response actions, centralized management, security reports, and APIs. It supports Windows 10, Windows 11, iOS, Android OS, and macOS devices.
- Plan 2: This plan provides advanced protection and response features, such as device discovery, device inventory, core vulnerability management capabilities, threat analytics, automated investigation and response, advanced hunting, endpoint detection and response, and endpoint attack notifications. It supports Windows (client only) and non-Windows platforms (macOS, iOS, Android OS, and Linux).
- Business: Defender for Business is an endpoint security solution that was designed especially for the small- and medium-sized business (up to 300 employees). With this endpoint security solution, your company’s devices are better protected from ransomware, malware, phishing, and other threats. Defender for Business is available as a standalone subscription and is included in Microsoft 365 Business Premium
Vulnerability Management add-on: This add-on provides more vulnerability management capabilities for Plan 2 customers, such as security baselines assessment, block vulnerable applications, browser extensions, digital certificate assessment, network share analysis, hardware and firmware assessment, authenticated scan for Windows. It supports Windows (client and server) and non-Windows platforms (macOS, iOS, Android OS, and Linux).
To see wich license you need please check below:
| Feature | Defender for Endpoint Plan 1 | Defender for Endpoint Plan 2 | Defender for Endpoint Business | Defender Vulnerability Management add-on |
| Next-generation protection | Yes | Yes | Yes | |
| Antivirus protection | Yes | Yes | Yes | |
| Antimalware protection | Yes | Yes | Yes | |
| Antispam protection | | | Yes | |
| Attack surface reduction | Yes | Yes | Yes | |
| Manual response actions | Yes | Yes | Yes | |
| Centralized management | Yes | Yes | Yes | |
| Security reports | Yes | Yes | Yes | |
| Centralized reporting | | | Yes | |
| Integration with Microsoft 365 Lighthouse | | | Yes | |
| APIs | Yes | Yes | Yes | |
| Device discovery | | Yes | | |
| Device inventory | | Yes | | |
| Core Defender Vulnerability Management capabilities | | Yes | Yes | |
| Threat Analytics | | Yes | | |
| Automated investigation and response | | Yes | Yes | |
| Advanced hunting | | Yes | | |
| Endpoint detection and response | | Yes | Yes | |
| Endpoint Attack Notifications | | Yes | | |
| Security baselines assessment | | | | Yes |
| Block vulnerable applications | | | | Yes |
| Browser extensions | | | | Yes |
| Digital certificate assessment | | | | Yes |
| Network share analysis | | | | Yes |
| Hardware and firmware assessment | | | | Yes |
| Authenticated scan for Windows | | | | Yes |
If you are wondering what options you have for servers, you can use the Vulnerability Management add-on to protect your Windows servers with Plan 2. Alternatively, you can use Microsoft Defender for Server to protect your Windows Server 2012 R2 or later servers with Plan 1 or Plan 2. Microsoft Defender for Server is a separate product that provides antivirus and antimalware protection for servers.
I hope this blog post helps you understand the Microsoft 365 Defender for Endpoint licensing structure better. If you have any questions or feedback, please leave a comment below.
If you need help on setting up for the first time feel free to read this blog.