Compare security features in Microsoft 365 plans for small and medium-sized businesses
Important
This article provides a high-level overview of features and capabilities that are included in Microsoft Defender for Business (as a standalone plan) and Microsoft 365 Business Premium (which includes Defender for Business). It's not intended to be a service description or licensing contract document. For more detailed information, see the following resources:
Microsoft offers a wide variety of cloud solutions and services, including plans for small and medium-sized businesses. For example, Microsoft 365 Business Premium includes security and device-management capabilities, along with productivity features such as Office apps. This article describes the security features in Microsoft 365 Business Premium, Microsoft Defender for Business, and Microsoft Defender for Endpoint.
Use this article to:
- Compare Defender for Business to Microsoft 365 Business Premium.
- Compare Defender for Business (standalone) to Defender for Endpoint Plan 1 and Plan 2.
Tip
Defender for Business is available as a standalone security solution for small and medium-sized businesses. Defender for Business is now included in Microsoft 365 Business Premium. If you already have Microsoft 365 Business Basic or Standard, consider either upgrading to Microsoft 365 Business Premium or adding Defender for Business to your current subscription to get more threat protection capabilities for your devices.
Compare Defender for Business to Microsoft 365 Business Premium
Defender for Business provides advanced security protection for your devices, with next-generation protection, endpoint detection and response, and threat & vulnerability management. Microsoft 365 Business Premium includes Defender for Business and provides more cybersecurity and productivity capabilities.
The following table provides more information about what's included in each plan:
Plan | Description |
---|---|
Defender for Business (standalone) | Antivirus, antimalware, and ransomware protection for devices
|
Microsoft 365 Business Premium | Defender for Business plus productivity and additional security capabilities
|
(a) Microsoft Intune is required to modify or customize attack surface reduction rules. Intune can be added on to the standalone version of Defender for Business. Intune is included in Microsoft 365 Business Premium.
(b) Microsoft Intune is required to onboard iOS and Android devices. See Onboard devices to Microsoft Defender for Business.
Compare Defender for Business to Defender for Endpoint Plan 1 and Plan 2
Defender for Business brings the enterprise-grade capabilities of Defender for Endpoint to small and medium-sized businesses. The following table compares security features and capabilities in Defender for Business to the enterprise offerings, Microsoft Defender for Endpoint Plans 1 and 2.
Feature/capability | Defender for Business (standalone) |
Defender for Endpoint Plan 1 (for enterprise customers) |
Defender for Endpoint Plan 2 (for enterprise customers) |
---|---|---|---|
Centralized management [1] |
![]() |
![]() |
![]() |
Simplified client configuration |
![]() |
||
Microsoft Defender Vulnerability Management |
![]() |
![]() |
|
Attack surface reduction capabilities [2] |
![]() |
![]() |
![]() |
Next-generation protection |
![]() |
![]() |
![]() |
Endpoint detection and response [3] |
![]() |
![]() |
|
Automated investigation and response [4] |
![]() |
![]() |
|
Threat hunting and six months of data retention [5] |
![]() |
||
Threat analytics [6] |
![]() |
![]() |
|
Cross-platform support (Windows, Mac, iOS, and Android OS) [7] |
![]() |
![]() |
![]() |
Microsoft Threat Experts |
![]() |
||
Partner APIs |
![]() |
![]() |
![]() |
Microsoft 365 Lighthouse integration (For viewing security incidents across customer tenants) |
![]() |
![]() |
![]() |
(1) Onboard and manage devices in the Microsoft 365 Defender portal (https://security.microsoft.com) or by using Microsoft Intune (https://intune.microsoft.com).
(2) Intune is required to configure and manage ASR rules.
(3) Endpoint detection and response (EDR) capabilities in Defender for Business include behavior-based detection and the following manual response actions:
- Run antivirus scan
- Isolate device
- Add an indicator to block or allow a file
(4) In Defender for Business, automated investigation and response is turned on by default, tenant wide. Turning off automated investigation and response affects real-time protection. See Review settings for advanced features.
(5) There's no timeline view in Defender for Business.
(6) In Defender for Business, threat analytics are optimized for small and medium-sized businesses.
(7) To onboard servers, another license is required. See the following articles:
- Onboard devices to Defender for Business
- Onboard devices and configure Microsoft Defender for Endpoint capabilities
Tip
Also see Compare Microsoft endpoint security plans and Microsoft 365 licensing guidance for security & compliance.
Next steps
Feedback
Submit and view feedback for