Compare Microsoft endpoint security plans

Microsoft endpoint security plans, such as Microsoft Defender for Endpoint and Microsoft 365 Defender, were designed to help enterprise organizations prevent, detect, investigate, and respond to advanced threats. Microsoft Defender for Business and Microsoft 365 Business Premium provide similar capabilities, optimized for small and medium-sized businesses. These plans provide advanced threat protection with antivirus and antimalware protection, ransomware mitigation, and more, together with centralized management and reporting.

This article helps clarify what's included in the following plans:

• Microsoft Defender for Endpoint Plan 1
• Microsoft Defender for Endpoint Plan 2
• Microsoft Defender Vulnerability Management add-on
• Microsoft Defender for Business

Important

This article provides a summary of threat protection capabilities in Microsoft endpoint security plans; however, it's not intended to be a service description or licensing contract document. For more detailed information, see the following resources:

• Microsoft 365 licensing guidance for security & compliance
• Microsoft 365 Education

Compare Microsoft endpoint security plans

The following table summarizes what's included in Microsoft endpoint security plans.

Plan	What's included
Defender for Endpoint Plan 1	- Next-generation protection (includes antimalware and antivirus) - Attack surface reduction - Manual response actions - Centralized management - Security reports - APIs - Support for Windows 10, iOS, Android OS, and macOS devices
Defender for Endpoint Plan 2	All of the Defender for Endpoint Plan 1 capabilities, plus: - Device discovery - Device inventory - Core Defender Vulnerability Management capabilities - Threat Analytics - Automated investigation and response - Advanced hunting - Endpoint detection and response - Endpoint Attack Notifications - Support for Windows (client only) and non-Windows platforms (macOS, iOS, Android, and Linux)
Defender Vulnerability Management add-on	More Defender Vulnerability Management capabilities for Defender for Endpoint Plan 2: - Security baselines assessment - Block vulnerable applications - Browser extensions - Digital certificate assessment - Network share analysis - Support for Windows (client and server) and non-Windows platforms (macOS, iOS, Android, and Linux)
Defender for Business [1]	Services optimized for small and medium-sized businesses include: - Email protection - Antispam protection - Antimalware protection - Next-generation protection - Attack surface reduction - Endpoint detection and response - Automated investigation and response - Vulnerability management - Centralized reporting - APIs (for integration with custom apps or reporting solutions) - Integration with Microsoft 365 Lighthouse

(1) Microsoft Defender for Business is available as a standalone subscription for small and medium-sized businesses. It's also included as part of Microsoft 365 Business Premium. These plans feature advanced security capabilities with a simplified setup and configuration experience. See Compare Microsoft Defender for Business to Microsoft 365 Business Premium.

Tip

For more detailed information, see the following resources:

• Microsoft 365 licensing guidance for security & compliance
• Microsoft 365 Education

Options for onboarding servers

Defender for Endpoint Plan 1 and 2 (standalone), Defender for Business (standalone), and Microsoft 365 Business Premium don't include server licenses. To onboard servers, choose from the following options:

• Microsoft Defender for Servers Plan 1 or Plan 2 (recommended for enterprise customers) as part of the Defender for Cloud offering. To learn more. see Overview of Microsoft Defender for Servers.
• Microsoft Defender for Business servers (recommended for small and medium-sized businesses who have Microsoft Defender for Business). To learn more, see How to get Microsoft Defender for Business servers.
• Microsoft Defender for Endpoint for Servers (if you already have these licenses). See Defender for Endpoint onboarding Windows Server.

Mixed licensing scenarios

Suppose that your organization is using a mix of Microsoft endpoint security subscriptions, such as Defender for Endpoint Plan 1 and Defender for Endpoint Plan 2. Currently, the highest functional Microsoft endpoint security subscription sets the experience for your tenant. In this example, your tenant experience would be Defender for Endpoint Plan 2 for all users.

However, you can contact support and request an override for your tenant experience. That is, you could request an override to keep the Defender for Endpoint Plan 1 experience for all users.

• For more information about licenses and product terms, see Licensing and product terms for Microsoft 365 subscriptions.
• For information about how to contact support, see Contact Microsoft Defender for Endpoint support.

Tip

If your organization is a small or medium-sized business, see What happens if I have a mix of Microsoft endpoint security subscriptions?

Start a trial

• To try Defender for Endpoint, go to the Defender for Endpoint trial sign-up page.
• To try the Microsoft Defender Vulnerability Management add-on for Defender for Endpoint Plan 2, visit https://aka.ms/AddonPreviewTrial.

See also

• Get started with Microsoft Security (trial offers)
• Microsoft Defender for Endpoint
• Microsoft Defender for Business (endpoint protection for small and medium-sized businesses)
• Microsoft 365 licensing guidance for security & compliance
• Exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus