Use this article to get answers to questions you might have about Defender for Business.
Can I extend my preview trial of Defender for Business or Microsoft Defender for Business servers?
As Defender for Business and Microsoft Defender for Business servers are both now generally available, the preview program for each has ended and can't be extended.
How do I try or buy Defender for Business?
Go to the Defender for Business product page, and select the option to try or buy Defender for Business.
For more information, see Get Defender for Business.
Is there a limit to how many users can be licensed for Defender for Business?
Defender for Business is designed for small and medium-sized businesses who have up to 300 users. If you have more than 300 users, consider an enterprise solution, such as one of the following:
How many devices can I onboard and secure with Defender for Business?
You can onboard and secure up to five client devices per user license.
If you have servers, you'll need an additional license, such as Microsoft Defender for Business servers.
Does Defender for Business protect Mac, Android, and iOS/iPadOS client devices?
Yes. Defender for Business supports protection for Windows, Mac, Android, and iOS/iPadOS devices. See Onboard devices.
Does Defender for Business support servers?
If you're planning to onboard an instance of Windows Server or Linux Server, you'll need an additional license, such as Microsoft Defender for Business servers.
Alternately, you could use Microsoft Defender for Servers Plan 1 or Plan 2. To learn more, see What happens if I have a mix of Microsoft endpoint security subscriptions? and Onboard devices to Microsoft Defender for Business.
Microsoft Defender for Business servers is available as an add-on to Microsoft 365 Business Premium and the standalone version of Defender for Business. The Microsoft Defender for Business servers license is priced at $3 per server instance. You can either purchase a license for each onboarded server, or choose to offboard servers from Defender for Business.
If you have more than 60 servers, you'll need to get Microsoft Defender for Servers Plan 1 or Plan 2.
What is the difference between Microsoft Defender for Business servers and Microsoft Defender for Servers Plan 1 and Plan 2?
The following table compares server options for Defender for Business customers:
|Microsoft Defender for Business servers||Microsoft Defender for Servers Plan 1 / Plan 2|
|Microsoft Defender for Business servers is an add-on to Defender for Business and Microsoft 365 Business Premium only.
Provides a single endpoint security experience for both clients and servers within the Microsoft Defender portal (https://security.microsoft.com).
Designed for businesses with up to 300 employees.
Enables customers who don't necessarily have a security background to set up, configure, and protect company devices, including servers.
|Microsoft Defender for Servers Plan 1/Plan 2 is an enterprise-focused offering that can be purchased with any other Microsoft cloud plan.
Part of Microsoft Defender for Cloud.
Includes advanced threat hunting with six months of data retention and the Microsoft Threat Experts service.
The admin experience for Defender for Cloud resides within the Azure portal (https://portal.azure.com).
Adding Defender for Cloud to a tenant that has Defender for Business won't change the simplified Defender for Business experience. The functionality in Microsoft Defender for Servers Plan 1 or Plan 2 will work with Defender for Business. See What happens if I have a mix of Microsoft endpoint security subscriptions? for more details.
Can I configure more than one web content filtering policy in Defender for Business?
Currently, Defender for Business supports only one uniform web filtering policy per Defender for Business tenant.
Can I use non-Microsoft antivirus/antimalware software with Defender for Business?
Although you can technically onboard devices that are running a non-Microsoft antivirus/antimalware solution, you could run into an issue where real-time protection could be turned off on those devices. If real-time protection is turned off on a device, the device will appear to be not protected.
In Defender for Business, real-time protection is turned on by default; however, devices running non-Microsoft antivirus/antimalware software could affect your settings.
Are device control capabilities available in Microsoft Defender for Business?
Device control in Microsoft Defender for Endpoint prevents users, endpoints, or both from using unauthorized removable storage media.
These capabilities can be configured in Defender for Business, as described in the following table:
|Windows||Attack surface reduction rules||On Windows devices, you can configure device control through ASR rules. You'll need Microsoft Intune to set up your ASR rules. Intune is not included in the standalone version of Defender for Business, but you can add it on. Intune is included in Microsoft 365 Business Premium.
ASR capabilities in Defender for Business
|Mac||Jamf or Intune||You can use Jamf or Intune to set up device control on Mac. See Device Control for macOS.|
How do I run custom reports with Defender for Business?
Defender for Business currently includes a set of APIs to support robust custom reporting, and a Power BI connector. You could schedule a PowerShell script to generate executive summaries formatted in HTML, and send those summaries via email. See API reference information. Also see Microsoft Defender for Business and Microsoft partner resources.
I'm a Microsoft partner. Will I be able to manage multiple tenants from one control panel, or will I have to sign in to each tenant individually?
Several options are available, including Microsoft 365 Lighthouse and using APIs to integrate with your tools. See Microsoft Defender for Business and Microsoft partner resources.
- Defender for Business integrates with Microsoft 365 Lighthouse for multi-tenant support in a single console (https://lighthouse.microsoft.com). See Overview of Microsoft 365 Lighthouse.
- You can use the Defender for Endpoint APIs to integrate Defender for Business with your remote monitoring and management (RMM) tools and your professional service automation (PSA) software. See Microsoft Defender for Business and Microsoft partner resources.
How do I configure attack surface reduction rules and capabilities in Defender for Business?
Use Intune to configure your attack surface reduction rules. Other attack surface reduction capabilities can be configured in the Microsoft Defender portal. See Attack surface reduction capabilities in Defender for Business.
How does Microsoft Intune work with Defender for Business?
If you have Defender for Business as a standalone subscription, you can onboard and secure Windows and Mac devices in the Microsoft Defender portal (https://security.microsoft.com). You can use Microsoft Intune to onboard Windows and Mac computers and mobile devices.
When you enroll devices in Intune and onboard those devices to Defender for Business, you create a connection between Intune and Defender for Business.
You can manage your next-generation protection and firewall protection policies in the Microsoft Defender portal with a simplified configuration experience. These policies are visible in Intune. To manage other settings, such as attack surface reduction policies, you'll use Intune.
If I'm already using Microsoft 365 Business Premium, why do I need Defender for Business?
If you have Microsoft 365 Business Premium, then Defender for Business is included in your subscription. Defender for Business provides advanced threat protection for your organization's devices. To learn more, see Overview of Defender for Business
Microsoft 365 Business Premium also includes Microsoft Defender for Office 365 Plan 1, which provides protection for your company's email and Office files.
What are the differences between Defender for Business and Defender for Endpoint Plans 1 and 2?
Both Defender for Business and Defender for Endpoint provide strong threat protection capabilities for your company's devices (also referred to as endpoints). Defender for Business was designed for small and medium-sized businesses (up to 300 employees). With a simplified configuration process and device onboarding options, Defender for Business enables customers who don't necessarily have a security background to set up, configure, and use Defender for Business to protect company devices.
Defender for Endpoint is an enterprise endpoint security platform designed to help organizations like yours to prevent, detect, investigate, and respond to advanced threats.
To learn more, see Microsoft Defender for Endpoint.
What happens if I have a mix of Microsoft endpoint security subscriptions?
Suppose you have assigned 10 users a Defender for Business license, 10 other users a Defender for Endpoint Plan 1 license, and 5 other users a Defender for Endpoint Plan 2 license. What happens if you have a mix of subscriptions like this example in your tenant?
Currently, a tenant with Defender for Business will default to the Defender for Business experience, tenant wide, even if you have Defender for Endpoint licenses in your tenant. If you have a mix of Defender for Business and Defender for Endpoint licenses, all users and onboarded devices will receive Defender for Business capabilities.
For more information about licenses and product terms, see Licensing and product terms for Microsoft 365 subscriptions.
My organization has grown to more than 300 employees, and I have a mix of Microsoft endpoint security subscriptions. Can I still use Defender for Business?
Suppose your company has grown from 250 users to 330 users, and you now have a mix of Microsoft endpoint security subscriptions, such as 300 Defender for Business licenses and 30 Microsoft 365 E3 licenses.
Defender for Business and Microsoft 365 Business Premium are for customers who have up to 300 users. If you now have more than 300 users, we recommend getting a subscription that includes Defender for Endpoint for all users. However, we understand that there are scenarios where a customer grows to more than 300 users within a license term.
Referring to our example, suppose you started your license term with 250 Defender for Business licenses, and now you have 300 Defender for Business licenses and 30 Microsoft 365 E3 licenses (Microsoft 365 E3 includes Defender for Endpoint Plan 1). Defender for Business features and capabilities will apply tenant wide. When it's time to renew your subscription, we recommend choosing an enterprise plan, such as one of the following subscriptions:
- Microsoft 365 E5 (includes Defender for Endpoint Plan 2 plus Defender for Office 365 Plan 2)
- Microsoft 365 E3 (includes Defender for Endpoint Plan 1)
- Defender for Endpoint Plan 1 or 2
For details about licenses and product terms, see Licensing and product terms for Microsoft 365 subscriptions.
How do I view my organization's Microsoft subscriptions and user licenses?
You can view your current subscriptions and licenses in the Microsoft 365 admin center (https://admin.microsoft.com). Choose Settings > Endpoints > Licenses.