Microsoft Defender service description
Microsoft Defender for Business and Microsoft Defender for Business Servers add-on
Microsoft Defender for Business is an endpoint security solution designed for small and medium-sized businesses (up to 300 employees). Defender for Business is available as a standalone solution and is also included as part of Microsoft 365 Business Premium. With this endpoint security solution, small and medium-sized business (SMB) organization devices are better protected from ransomware, malware, phishing, and other threats.
Microsoft Defender for Business servers provides endpoint security for Windows and Linux Servers for small and medium-sized businesses. The Defender for Business servers experience delivers the same level of protection for both clients and servers within a single admin experience inside of Defender for Business, helping you to protect all your endpoints in one location.
Available plans
Microsoft Defender for Business
For detailed plan information on subscriptions that enable users for Microsoft Defender for Business, see the Microsoft 365 business plan comparison and Microsoft 365 Enterprise plan comparison.
Microsoft Defender for Business is included as part of the Microsoft 365 Business Premium subscription plan.
A standalone version of Defender for Business is also available as an option for small and medium business (SMBs) with up to 300 employees. To learn more, see How to get Microsoft Defender for Business.
Microsoft Defender for Business Servers add-on
Customers are required to have at least one license of Microsoft 365 Business Premium or Microsoft Defender for Business to purchase and use the Microsoft Defender for Business servers add-on.
Note that the maximum quantity/seat cap is 60 licenses per customer for Defender for Business servers.
How do users benefit from the service?
The addition of Microsoft Defender for Business into Microsoft 365 Business Premium strengthens Business Premium’s existing productivity and security offering by adding cross-platform endpoint protection and sophisticated ransomware defenses with technologies like endpoint detection and response and automated investigation and remediation.
The standalone version of Defender for Business provides the option for small and medium businesses with up to 300 employees to get enterprise-grade endpoint security technology at an affordable price.
How is the service provisioned/deployed?
If you have Microsoft 365 Business Premium, you can access Defender for Business via the Microsoft Defender portal.
By default, Microsoft Defender for Business features are enabled at the tenant level for all users within the tenant. For information on how to set up and configure Defender for Business, see Microsoft Defender for Business documentation | Microsoft Docs.
Learn more
For more information, see Microsoft Defender for Business.
For more information, see Get Microsoft Defender for Business servers | Microsoft Learn.
Review the Microsoft Defender for Business technical documentation for more information and links to more resources.
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps is a comprehensive SaaS security solution that enables organizations to prevent and protect against advanced threats rising from the use of SaaS apps. It enables organizations to discover applications in their environment, strengthen app security posture, govern app-to-app behaviors, defend against advanced threats employing SaaS apps as attack technique, and secure use of generative AI apps.
Available plans
Microsoft Defender for Cloud Apps is available as a standalone license and is also available as part of the following plans:
- Enterprise Mobility + Security E5
- Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/G5/F5 Security
- Microsoft 365 E5/A5/G5/F5 Compliance
- Microsoft 365 F5 Security & Compliance
- Microsoft 365 E5/F5/G5 Information Protection and Governance
For detailed plan information on subscriptions that enable users for Microsoft Defender for Cloud Apps, see the Microsoft 365 business plan comparison and Microsoft 365 Enterprise plan comparison.
For detailed plan information on subscriptions that enable users for Microsoft Defender for Cloud Apps and are currently available in European Economic Area (EEA) countries and Switzerland, see the Microsoft 365 business plan comparison for EEA and Microsoft 365 Enterprise plan comparison for EEA.
To benefit from the Conditional Access App Control capabilities in Defender for Cloud Apps, users must also be licensed for Microsoft Entra ID P1, which is included in Enterprise Mobility + Security F1/F3/E3/A3/G3, Enterprise Mobility + Security E5, Microsoft 365 E3/A3/G3, Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/G5/F5 Security, and Microsoft 365 F5 Security & Compliance.
How is the service provisioned/deployed?
By default, Microsoft Defender for Cloud Apps is enabled at the tenant level for all users within the tenant.
How can the service be applied only to users in the tenant who are licensed for the service?
Admins can scope Microsoft Defender for Cloud Apps deployments to licensed users by using the scoped deployment capabilities available in the service. For more information, see Scoped deployment.
Learn more
For more information, see Microsoft Defender for Cloud Apps.
See Getting started with Microsoft Defender for Cloud Apps for next steps.
Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is an AI-powered endpoint security solution across Windows, macOS, Linux, Android, iOS and IoT devices that includes:
- Risk-based vulnerability management and assessment
- Attack surface reduction capabilities
- Behavioral based and cloud-powered next generation protection
- Endpoint detection and response (EDR)
- Automatic investigation and remediation
- Managed hunting services
Available plans
Microsoft Defender for Endpoint Plan 1 (P1)
Microsoft Defender for Endpoint P1 delivers core endpoint protection capabilities such as next generation anti-malware, attack surface reduction rules, device control, endpoint firewall, network protection, application control, and more. For details, see Microsoft Defender for Endpoint Plan 1 and Plan 2.
Microsoft Defender for Endpoint P1 is available as a standalone user subscription license and as part of Microsoft 365 E3/A3/G3.
Microsoft Defender for Endpoint Plan 2 (P2)
Microsoft Defender for Endpoint P2 delivers comprehensive endpoint protection capabilities including all the capabilities of Microsoft Defender for Endpoint P1 with additional capabilities such as endpoint detection and response, automated investigation and remediation, threat and vulnerability management, threat intelligence (threat analytics), sandbox (deep analysis), and Microsoft Threat Experts. For details, see Microsoft Defender for Endpoint documentation.
Microsoft Defender for Endpoint P2 is available as a standalone license and as part of the following plans:
- Windows 11 Enterprise E5/A5
- Windows 10 Enterprise E5/A5
- Microsoft 365 E5/A5/G5 (which includes Windows 10 or Windows 11 Enterprise E5)
- Microsoft 365 E5/A5/G5/F5 Security
- Microsoft 365 F5 Security & Compliance
Microsoft Defender for Endpoint for Servers
Microsoft Defender for Endpoint for Servers provides leading security for traditional on-prem server workloads, Windows, and Linux servers. It provides advanced detection and automatic attack disruption capabilities through the Microsoft Defender XDR console and provides deep insights into server activities and coverage for kernel and memory attack detection to enable scale response actions. A separate license is required for each Operating System Environment (OSE) for servers or virtual machines.
For detailed plan information on subscriptions that enable users for Microsoft Viva, see the Microsoft 365 business plan comparison and Microsoft 365 Enterprise plan comparison.
For detailed plan information on subscriptions that enable users for Microsoft Viva and are currently available in European Economic Area (EEA) countries and Switzerland, see the Microsoft 365 business plan comparison for EEA and Microsoft 365 Enterprise plan comparison for EEA.
Learn more
For more information, see Microsoft Defender for Endpoint.
Microsoft Defender for Identity
Microsoft Defender for Identity is a cloud service that helps protect enterprise hybrid environments from multiple types of advanced targeted cyber-attacks and insider threats.
Available plans
Microsoft Defender for Identity is a per-user subscription license available as a standalone and included in the following plans:
- Enterprise Mobility + Security E5/A5
- Microsoft 365 E5/A5/G5
- Microsoft 365 E5/A5/G5/F5 Security
- Microsoft F5 Security & Compliance
- Microsoft Defender for Identity for Users
These plans provide the rights to benefit from Microsoft Defender for Identity.
For detailed plan information on subscriptions that enable users for Microsoft Defender for Identity, see the Microsoft 365 business plan comparison and Microsoft 365 Enterprise plan comparison.
For detailed plan information on subscriptions that enable users for Microsoft Defender for Identity and are currently available in European Economic Area (EEA) countries and Switzerland, see the Microsoft 365 business plan comparison for EEA and Microsoft 365 Enterprise plan comparison for EEA.
How do users benefit from the service?
SecOp analysts and security professionals benefit from the ability of Microsoft Defender for Identity to detect and investigate advanced threats, compromised identities, and malicious insider actions. End users benefit by having their data monitored by Microsoft Defender for Identity.
How is the service provisioned/deployed?
Microsoft Defender for Identity features are enabled at the tenant level for all users within the tenant. Some tenant services, such as Microsoft Defender for Identity, aren't currently capable of limiting benefits to specific users. To review the terms and conditions governing the use of Microsoft products and Professional Services acquired through Microsoft Licensing programs, see the Product Terms.
Learn more
For more information on configuring Microsoft Defender for Identity, see Deploy Microsoft Defender for Identity with Microsoft Defender XDR.
Microsoft Defender Vulnerability Management
Defender Vulnerability Management delivers asset visibility, intelligent assessments, and built-in remediation tools for Windows, macOS, Linux, Android, iOS, and network devices. Leveraging Microsoft threat intelligence, breach likelihood predictions, business contexts, and devices assessments, Defender Vulnerability Management rapidly and continuously prioritizes the biggest vulnerabilities on your most critical assets and provides security recommendations to mitigate risk.
Available plans
Microsoft Defender Vulnerability Management core and premium capabilities are available as a standalone user subscription license.
Defender Vulnerability Management core capabilities are available in Microsoft Defender for Endpoint Plan 2.
Microsoft Defender Vulnerability Management premium capabilities are available as an add-on for Microsoft Defender for Endpoint Plan 2 customers.
Defender Vulnerability Management premium is available as an add-on to organizations with:
- Microsoft Defender for Endpoint Plan 2 (standalone)
- Microsoft 365 E5/A5/G5
- Microsoft 365 E5/A5/F5/G5 Security
- Microsoft 365 F5 Security and Compliance add-on
- Windows 11 Enterprise E5/A5/G5
- Windows 10 Enterprise E5/A5/G5
For detailed plan information see Compare Microsoft Defender Vulnerability Management plans and capabilities | Microsoft Learn.
For detailed plan information on subscriptions that enable users for Microsoft Defender Vulnerability Management, see the Microsoft 365 business plan comparison and Microsoft 365 Enterprise plan comparison.
For detailed plan information on subscriptions that enable users for Microsoft Defender Vulnerability Management and are currently available in European Economic Area (EEA) countries and Switzerland see the Microsoft 365 business plan comparison for EEA and Microsoft 365 Enterprise plan comparison for EEA.
Defender Vulnerability Management standalone: Customers who do not have Defender for Endpoint Plan 2 can complement their endpoint detection and response (EDR) solution with the Defender Vulnerability Management standalone to meet their vulnerability management program needs.
Defender Vulnerability Management add-on: Microsoft Defender for Endpoint Plan 2 includes core vulnerability management capabilities that can be enhanced by adding new advanced vulnerability management tools included with the Microsoft Defender Vulnerability Management add-on.
Microsoft Defender Vulnerability Management add-on to Microsoft Defender for Endpoint for servers: Provides premium vulnerability management capabilities for customers with Microsoft Defender for Endpoint for servers.
Microsoft Defender for Servers Plan 1 and Defender for Servers Plan 2 also includes access to vulnerability management capabilities.
Messaging
To stay informed of upcoming changes, including new and changed features, planned maintenance, or other important announcements, visit the Message center.
Licensing terms
For licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the Product Terms site.
Accessibility
Microsoft remains committed to the security of your data and the accessibility of our services. For more information, see the Microsoft Trust Center and the Office Accessibility Center.