Use this article to get answers to questions you might have about Defender for Business.
Go to the Defender for Business product page, and select the option to try or buy Defender for Business.
For more information, see Get Defender for Business.
Defender for Business is designed for small and medium-sized businesses who have up to 300 users. If you have more than 300 users, consider an enterprise solution, such as one of the following:
You can onboard and secure up to five client devices per user license.
If you have servers, you'll need an additional license, such as Microsoft Defender for Business servers.
Yes. Defender for Business supports protection for Windows, Mac, Android, and iOS/iPadOS devices. See Onboard devices.
- You can onboard Windows and Mac client devices using a local script in the Microsoft Defender portal.
- To onboard Android and iOS/iPadOS devices, you can use Microsoft Intune or mobile threat defense capabilities in Defender for Business.
If you're planning to onboard an instance of Windows Server or Linux Server, you'll need an additional license, such as Microsoft Defender for Business servers.
Alternately, you could use Microsoft Defender for Servers Plan 1 or Plan 2. To learn more, see What happens if I have a mix of Microsoft endpoint security subscriptions? and Onboard devices to Microsoft Defender for Business.
Microsoft Defender for Business servers is available as an add-on to Microsoft 365 Business Premium and the standalone version of Defender for Business. The Microsoft Defender for Business servers license is priced at $3 per server instance. You can either purchase a license for each onboarded server, or choose to offboard servers from Defender for Business.
If you have more than 60 servers, you'll need to get another license, such as Microsoft Defender for Servers Plan 1 or Plan 2.
What is the difference between Microsoft Defender for Business servers and Microsoft Defender for Servers Plan 1 and Plan 2?
The following table compares server options for Defender for Business customers:
Microsoft Defender for Business servers | Microsoft Defender for Servers Plan 1 / Plan 2 |
---|---|
Microsoft Defender for Business servers is an add-on to Defender for Business and Microsoft 365 Business Premium only. Provides a single endpoint security experience for both clients and servers within the Microsoft Defender portal (https://security.microsoft.com). Designed for businesses with up to 300 employees. Enables customers who don't necessarily have a security background to set up, configure, and protect company devices, including servers. |
Microsoft Defender for Servers Plan 1/Plan 2 is an enterprise-focused offering that can be purchased with any other Microsoft cloud plan. Part of Microsoft Defender for Cloud. Includes advanced threat hunting with six months of data retention and the Microsoft Threat Experts service. The admin experience for Defender for Cloud resides within the Azure portal (https://portal.azure.com). |
Adding Defender for Cloud to a tenant that has Defender for Business doesn't change the simplified Defender for Business experience. The functionality in Microsoft Defender for Servers Plan 1 or Plan 2 work2 with Defender for Business. See What happens if I have a mix of Microsoft endpoint security subscriptions? for more details.
Currently, Defender for Business supports only one uniform web filtering policy per Defender for Business tenant.
Although you can technically onboard devices that are running a non-Microsoft antivirus/antimalware solution, you could run into an issue where real-time protection could be turned off on those devices. If real-time protection is turned off on a device, the device appears to be not protected.
In Defender for Business, real-time protection is turned on by default; however, devices running non-Microsoft antivirus/antimalware software could affect your settings.
To learn more, see I'm seeing indications that some devices aren't protected even though they're onboarded to Defender for Business.
Device control in Microsoft Defender for Endpoint prevents users, endpoints, or both from using unauthorized removable storage media.
These capabilities can be configured in Defender for Business, as described in the following table:
OS | Method | Notes |
---|---|---|
Windows | Attack surface reduction rules | On Windows devices, you can configure device control through ASR rules. You'll need Microsoft Intune to set up your ASR rules. Intune is not included in the standalone version of Defender for Business, but you can add it on. Intune is included in Microsoft 365 Business Premium. ASR capabilities in Defender for Business |
Mac | Jamf or Intune | You can use Jamf or Intune to set up device control on Mac. See Device Control for macOS. |
Defender for Business currently includes a set of APIs to support robust custom reporting, and a Power BI connector. You could schedule a PowerShell script to generate executive summaries formatted in HTML, and send those summaries via email. See API reference information. Also see Microsoft Defender for Business and Microsoft partner resources.
I'm a Microsoft partner. Will I be able to manage multiple tenants from one control panel, or will I have to sign in to each tenant individually?
Several options are available, including Microsoft 365 Lighthouse and using APIs to integrate with your tools. See Microsoft Defender for Business and Microsoft partner resources.
- Defender for Business integrates with Microsoft 365 Lighthouse for multi-tenant support in a single console (https://lighthouse.microsoft.com). See Overview of Microsoft 365 Lighthouse.
- You can use the Defender for Endpoint APIs to integrate Defender for Business with your remote monitoring and management (RMM) tools and your professional service automation (PSA) software. See Microsoft Defender for Business and Microsoft partner resources.
Use Intune to configure your attack surface reduction rules. Other attack surface reduction capabilities can be configured in the Microsoft Defender portal. See Attack surface reduction capabilities in Defender for Business.
If you have Defender for Business as a standalone subscription, you can onboard and secure Windows and Mac devices in the Microsoft Defender portal (https://security.microsoft.com). You can use Microsoft Intune to onboard Windows and Mac computers and mobile devices.
When you enroll devices in Intune and onboard those devices to Defender for Business, you create a connection between Intune and Defender for Business.
You can manage your next-generation protection and firewall protection policies in the Microsoft Defender portal with a simplified configuration experience. These policies are visible in Intune. To manage other settings, such as attack surface reduction policies, you'll use Intune.
If you have Microsoft 365 Business Premium, then Defender for Business is included in your subscription. Defender for Business provides advanced threat protection for your organization's devices. To learn more, see Overview of Defender for Business
Microsoft 365 Business Premium also includes Microsoft Defender for Office 365 Plan 1, which provides protection for your company's email and Office files.
Both Defender for Business and Defender for Endpoint provide strong threat protection capabilities for your company's devices (computers, phones, and tablets, which are also referred to as endpoints). Defender for Business was designed for small and medium-sized businesses (up to 300 employees). With a simplified configuration process and device onboarding options, Defender for Business enables customers who don't necessarily have a security background to set up, configure, and use Defender for Business to protect company devices.
Defender for Endpoint is an enterprise endpoint security platform designed to help organizations like yours to prevent, detect, investigate, and respond to advanced threats. To learn more, see Microsoft Defender for Endpoint.
Suppose you have assigned 10 users a Defender for Business license, 10 other users a Defender for Endpoint Plan 1 license, and 5 other users a Defender for Endpoint Plan 2 license. What happens if you have a mix of subscriptions like this example in your tenant?
Depending on your subscription settings, your tenant can retain the Defender for Business experience, which includes a simplified configuration process. However, if you change your subscription settings to apply Microsoft Defender for Endpoint Plan 2 features and capabilities across devices, you're no longer using your Defender for Business licenses. In addition, the simplified configuration experience in Defender for Business changes to advanced settings in Defender for Endpoint. For more information, see Manage your subscription settings.
For more information about licenses and product terms, see Licensing and product terms for Microsoft 365 subscriptions.
My organization has grown to more than 300 employees, and I have a mix of Microsoft endpoint security subscriptions. Can I still use Defender for Business?
Suppose your company has grown from 250 users to 330 users, and you now have a mix of Microsoft endpoint security subscriptions, such as 300 Defender for Business licenses and 30 Microsoft 365 E3 licenses.
Defender for Business and Microsoft 365 Business Premium are for customers who have up to 300 users. If you now have more than 300 users, we recommend getting a subscription that includes Defender for Endpoint for all users. However, we understand that there are scenarios where a customer grows to more than 300 users within a license term.
Referring to our example, suppose you started your license term with 250 Defender for Business licenses, and now you have 300 Defender for Business licenses and 30 Microsoft 365 E3 licenses (Microsoft 365 E3 includes Defender for Endpoint Plan 1). Defender for Business features and capabilities apply tenant wide. When it's time to renew your subscription, we recommend choosing an enterprise plan, such as one of the following subscriptions:
- Microsoft 365 E5 (includes Defender for Endpoint Plan 2 plus Defender for Office 365 Plan 2)
- Microsoft 365 E3 (includes Defender for Endpoint Plan 1)
- Defender for Endpoint Plan 1 or 2
For details about licenses and product terms, see Licensing and product terms for Microsoft 365 subscriptions.
You can view your current subscriptions and licenses in the Microsoft 365 admin center (https://admin.microsoft.com). Choose Settings > Endpoints > Licenses.
Also see Understand subscriptions and licenses in Microsoft 365 for business.