Microsoft Defender for Business - Frequently asked questions and answers

Use this article to get answers to questions you might have about Defender for Business.

Can I extend my preview trial of Defender for Business or Microsoft Defender for Business servers?

As Defender for Business and Microsoft Defender for Business servers are both now generally available, the preview program for each has ended and can't be extended.

See Get Defender for Business or Get Microsoft Defender for Business servers.

How do I try or buy Defender for Business?

Go to the Defender for Business product page, and select the option to try or buy Defender for Business.

For more information, see Get Defender for Business.

Is there a limit to how many users can be licensed for Defender for Business?

Defender for Business is designed for small and medium-sized businesses who have up to 300 users. If you have more than 300 users, consider an enterprise solution, such as one of the following:

How many devices can I onboard and secure with Defender for Business?

You can onboard and secure up to five client devices per user license.

If you have servers, you'll need the Microsoft Defender for Business servers add-on.

Does Defender for Business protect Mac, Android, and iOS/iPadOS client devices?

Yes. Defender for Business supports protection for Windows, Mac, Android, and iOS/iPadOS devices. See Onboard devices.

  • You can onboard Mac devices using a local script in the Microsoft 365 Defender portal.
  • To onboard Android and iOS/iPadOS devices, you can use Microsoft Intune.

More simplification for Mac, iOS/iPadOS, and Android devices is on the roadmap.

Does Defender for Business support servers?

If you're planning to onboard an instance of Windows Server or Linux Server, you'll need an additional license, such as Microsoft Defender for Business servers.

Alternately, you could use Microsoft Defender for Servers Plan 1 or Plan 2. To learn more, see What happens if I have a mix of Microsoft endpoint security subscriptions? and Onboard devices to Microsoft Defender for Business.

Microsoft Defender for Business servers is available as an add-on to Microsoft 365 Business Premium and the standalone version of Defender for Business. The Microsoft Defender for Business servers license is priced at $3 per server instance. You can either purchase a license for each onboarded server, or choose to offboard servers from Defender for Business.

What is the difference between Microsoft Defender for Business servers and Microsoft Defender for Servers Plan 1 and Plan 2?

Microsoft Defender for Business servers (preview) is an add-on to Defender for Business and Microsoft 365 Business Premium only. It provides a single endpoint security experience for both clients and servers within the Microsoft 365 Defender portal (https://security.microsoft.com) for businesses with up to 300 employees. With a simplified configuration process and device onboarding options, Defender for Business enables customers who don't necessarily have a security background to set up, configure, and protect company devices.

Microsoft Defender for Servers Plan 1/Plan 2 is an enterprise-focused offering that can be purchased with any other Microsoft cloud plan. Microsoft Defender for Servers Plan 1 and Plan 2 are part of Microsoft Defender for Cloud. Microsoft Defender for Servers Plan 1 and Plan 2 include advanced threat hunting with six months of data retention and the Microsoft Threat Experts service. The admin experience for Defender for Cloud resides within the Azure portal (https://portal.azure.com).

Adding Defender for Cloud to a tenant that has Defender for Business won't change the simplified Defender for Business experience. The functionality in Microsoft Defender for Servers Plan 1 or Plan 2 will work with Defender for Business. See What happens if I have a mix of Microsoft endpoint security subscriptions? for more details.

Can I configure more than one web content filtering policy in Defender for Business?

Currently, Defender for Business supports only one uniform web filtering policy per Defender for Business tenant.

See Set up web content filtering.

Can I use non-Microsoft antivirus/antimalware software with Defender for Business?

Although you can technically onboard devices that are running a non-Microsoft antivirus/antimalware solution, you could run into an issue where real-time protection could be turned off on those devices. If real-time protection is turned off on a device, the device will appear to be not protected.

In Defender for Business, real-time protection is turned on by default; however, devices running non-Microsoft antivirus/antimalware software could affect your settings.

To learn more, see I'm seeing indications that some devices aren't protected even though they're onboarded to Defender for Business.

How can I run custom reports with Defender for Business?

Defender for Business currently includes a set of APIs to support robust custom reporting, and a Power BI connector. You could schedule a PowerShell script to generate executive summaries formatted in HTML, and send those summaries via email. See API reference information.

I'm a Microsoft partner. Will I be able to manage multiple tenants from one control panel, or will I have to sign in to each tenant individually?

Defender for Business is enabled in Microsoft 365 Lighthouse for multi-tenant support in a single console (https://lighthouse.microsoft.com).

To learn more, see Overview of Microsoft 365 Lighthouse.

How do I configure attack surface reduction rules and capabilities in Defender for Business?

You can configure standard protection rules in the Microsoft 365 Defender portal (https://security.microsoft.com). You can also use Intune to configure your attack surface reduction policies. See Attack surface reduction capabilities in Defender for Business.

How does Microsoft Intune work with Defender for Business?

If you have Defender for Business as a standalone subscription, you can onboard and secure Windows and Mac devices in the Microsoft 365 Defender portal (https://security.microsoft.com). You can use Microsoft Intune to onboard Windows and Mac computers and mobile devices.

When you enroll devices in Intune and onboard those devices to Defender for Business, you create a connection between Intune and Defender for Business.

You can manage your next-generation protection and firewall protection policies in the Microsoft 365 Defender portal with a simplified configuration experience. These policies are visible in Intune. To manage other settings, such as attack surface reduction policies, you'll use Intune.

If I'm already using Microsoft 365 Business Premium, why do I need Defender for Business?

If you have Microsoft 365 Business Premium, then Defender for Business is included in your subscription. To learn more, see the following articles:

Defender for Business extends security capabilities in Microsoft 365 Business Premium with endpoint protection for your company's devices.

What are the differences between Defender for Business and Defender for Endpoint Plans 1 and 2?

Both Defender for Business and Defender for Endpoint provide strong threat protection capabilities for your company's endpoints. Defender for Business was designed for small and medium-sized businesses (up to 300 employees). With a simplified configuration process and device onboarding options, Defender for Business enables customers who don't necessarily have a security background to set up, configure, and use Defender for Business to protect company devices.

Defender for Endpoint is an enterprise endpoint security platform designed to help organizations like yours to prevent, detect, investigate, and respond to advanced threats.

To learn more about the differences, see Compare Microsoft Defender for Business to Microsoft Defender for Endpoint Plans 1 and 2.

What happens if I have a mix of Microsoft endpoint security subscriptions?

Suppose you have assigned 10 users a Defender for Business license, and you have assigned 10 other users a Defender for Endpoint Plan 2 license. What happens if you have a mix of subscriptions like this example in your tenant?

A tenant with Defender for Business will default to the Defender for Business experience, tenant wide, to help ensure the simplified experience is maintained for small and medium-sized business customers.

For details about licenses and product terms, see Licensing and product terms for Microsoft 365 subscriptions.

My organization has grown to more than 300 employees, and I have a mix of Microsoft endpoint security subscriptions. Can I still use Defender for Business?

Suppose your company has grown from 250 users to 330 users, and you now have a mix of Microsoft endpoint security subscriptions, such as 300 Defender for Business licenses and 30 Microsoft 365 E3 licenses.

Defender for Business and Microsoft 365 Business Premium are for customers who have up to 300 users. For details about licenses and product terms, see Licensing and product terms for Microsoft 365 subscriptions.

If you now have more than 300 users, we recommend getting a subscription that includes Defender for Endpoint for all users. However, we understand that there are scenarios where a customer grows to more than 300 users within a license term.

Referring to our example, suppose you started your license term with 250 Defender for Business licenses, and now you have 300 Defender for Business licenses and 30 Microsoft 365 E3 licenses (Microsoft 365 E3 includes Defender for Endpoint Plan 1). In this case, Defender for Business remains the highest functional Microsoft endpoint security subscription, and the Defender for Business flavor will apply tenant wide. When it's time to renew your subscription, we recommend choosing an enterprise plan, such as one of the following subscriptions:

How can I view my organization's Microsoft subscriptions and user licenses?

You can view your current subscriptions and licenses in the Microsoft 365 admin center (https://admin.microsoft.com).

See Understand subscriptions and licenses in Microsoft 365 for business.