Compare security features in Microsoft 365 plans for small and medium-sized businesses

Important

This article provides a high-level overview of features and capabilities that are included in Microsoft Defender for Business (as a standalone plan) and Microsoft 365 Business Premium (which includes Defender for Business). It's not intended to be a service description or licensing contract document. For more detailed information, see the following resources:

Microsoft offers a wide variety of cloud solutions and services, including plans for small and medium-sized businesses. For example, Microsoft 365 Business Premium includes security and device-management capabilities, along with productivity features such as Office apps. This article describes the security features in Microsoft 365 Business Premium, Microsoft Defender for Business, and Microsoft Defender for Endpoint.

Use this article to:

Tip

Defender for Business is available as a standalone security solution for small and medium-sized businesses. Defender for Business is now included in Microsoft 365 Business Premium. If you already have Microsoft 365 Business Basic or Standard, consider either upgrading to Microsoft 365 Business Premium or adding Defender for Business to your current subscription to get more threat protection capabilities for your devices.

Compare Defender for Business to Microsoft 365 Business Premium

Defender for Business provides advanced security protection for your devices, with next-generation protection, endpoint detection and response, and threat & vulnerability management. Microsoft 365 Business Premium includes Defender for Business and provides more cybersecurity and productivity capabilities.

Diagram comparing Defender for Business to Microsoft 365 Business Premium.

The following table provides more information about what's included in each plan:

Plan Description
Defender for Business (standalone) Antivirus, antimalware, and ransomware protection for devices
Microsoft 365 Business Premium Defender for Business plus productivity and additional security capabilities

(a) Microsoft Intune is required to modify or customize attack surface reduction rules. Intune can be added on to the standalone version of Defender for Business. Intune is included in Microsoft 365 Business Premium.

(b) Microsoft Intune is required to onboard iOS and Android devices. See Onboard devices to Microsoft Defender for Business.

Compare Defender for Business to Defender for Endpoint Plan 1 and Plan 2

Defender for Business brings the enterprise-grade capabilities of Defender for Endpoint to small and medium-sized businesses. The following table compares security features and capabilities in Defender for Business to the enterprise offerings, Microsoft Defender for Endpoint Plans 1 and 2.

Feature/capability Defender for Business
(standalone)
Defender for Endpoint Plan 1
(for enterprise customers)
Defender for Endpoint Plan 2
(for enterprise customers)
Centralized management [1] Included Included Included
Simplified client configuration Included
Microsoft Defender Vulnerability Management Included Included
Attack surface reduction capabilities [2] Included Included Included
Next-generation protection Included Included Included
Endpoint detection and response [3] Included Included
Automated investigation and response [4] Included Included
Threat hunting and six months of data retention [5] Included
Threat analytics [6] Included Included
Cross-platform support
(Windows, Mac, iOS, and Android OS) [7]
Included Included Included
Microsoft Threat Experts Included
Partner APIs Included Included Included
Microsoft 365 Lighthouse integration
(For viewing security incidents across customer tenants)
Included Included Included

(1) Onboard and manage devices in the Microsoft 365 Defender portal (https://security.microsoft.com) or by using Microsoft Intune (https://intune.microsoft.com).

(2) Intune is required to configure and manage ASR rules.

(3) Endpoint detection and response (EDR) capabilities in Defender for Business include behavior-based detection and the following manual response actions:

  • Run antivirus scan
  • Isolate device
  • Add an indicator to block or allow a file

(4) In Defender for Business, automated investigation and response is turned on by default, tenant wide. Turning off automated investigation and response affects real-time protection. See Review settings for advanced features.

(5) There's no timeline view in Defender for Business.

(6) In Defender for Business, threat analytics are optimized for small and medium-sized businesses.

(7) To onboard servers, another license is required. See the following articles:

Next steps