Microsoft Defender for Business requirements
This article describes the requirements for Defender for Business.
What to do
Review the requirements
The following table lists the basic requirements you need to configure and use Defender for Business.
|Subscription||Microsoft 365 Business Premium or Defender for Business (standalone).
See How to get Defender for Business.
|Datacenter||One of the following datacenter locations:
- European Union
- United Kingdom
- United States
|User accounts||- User accounts are created in the Microsoft 365 admin center (https://admin.microsoft.com).
- Licenses for Defender for Business (or Microsoft 365 Business Premium) are assigned in the Microsoft 365 admin center.
To get help with this task, see Add users and assign licenses.
|Permissions||To sign up for Defender for Business, you must be a Global Admin.
To access the Microsoft 365 Defender portal, users must have one of the following roles in Azure AD assigned:
- Security Reader
- Security Admin
- Global AdminTo learn more, see Roles and permissions in Defender for Business.
|Browser||Microsoft Edge or Google Chrome|
|Client computer operating system||To manage devices in the Microsoft 365 Defender portal, your devices must be running one of the following operating systems:
- Windows 10 or 11 Business
- Windows 10 or 11 Professional
- Windows 10 or 11 Enterprise
- Mac (the three most-current releases are supported)
Make sure that KB5006738 is installed on the Windows devices.
|Mobile devices||To onboard mobile devices, such as iOS or Android OS, you can use Mobile threat defense capabilities (preview) or Microsoft Intune (see note 1 below).
For more details about onboarding devices, including requirements for mobile threat defense (preview), see Onboard devices to Microsoft Defender for Business.
|Server license||To onboard a device running Windows Server or Linux Server, you'll need an additional license, such as Microsoft Defender for Business servers (see note 2 below).|
|Additional server requirements||Windows Server endpoints must meet the requirements for Defender for Endpoint, and enforcement scope must be turned on.
1. In the Microsoft 365 Defender portal, go to Settings > Endpoints > Configuration management > Enforcement scope.
2. Select Use MDE to enforce security configuration settings from MEM, select Windows Server.
3. Select Save.
Linux Server endpoints must meet the prerequisites for Microsoft Defender for Endpoint on Linux.
Microsoft Intune is not included in the standalone version of Defender for Business, but Intune can be added on. Intune is included in Microsoft 365 Business Premium.
To onboard servers, we recommend using Microsoft Defender for Business servers. Alternately, you could use Microsoft Defender for Servers Plan 1 or Plan 2. To learn more, see What happens if I have a mix of Microsoft endpoint security subscriptions? and Onboard devices to Microsoft Defender for Business.
Azure Active Directory (Azure AD) is used to manage user permissions and device groups. Azure AD is included in your Defender for Business subscription.
- If you don't have a Microsoft 365 subscription before you start your trial, Azure AD will be provisioned for you during the activation process.
- If you do have another Microsoft 365 subscription when you start your Defender for Business trial, you can use your existing Azure AD service.
Security defaults are included in Defender for Business. If you prefer to use Conditional Access policies instead, you'll need Azure AD Premium Plan 1 (included in Microsoft 365 Business Premium). To learn more, see Multi-factor authentication.
- If you don't already have Defender for Business, see Get and provision Microsoft Defender for Business.
- If you're starting a trial subscription, see the Trial user guide: Microsoft Defender for Business.
- If you're ready to set up Defender for Business for your organization, see Set up and configure Microsoft Defender for Business.
Submit and view feedback for