Help CenterWhat is Microsoft Defender for Endpoint?
Microsoft Defender for Endpoint is a comprehensive endpoint security solution that provides advanced threat protection, endpoint detection and response (EDR), and vulnerability management. It helps organizations detect, investigate, and respond to advanced threats across Windows, macOS, Linux, Android, and iOS devices.
Defender for Endpoint offers two primary licensing plans—P1 and P2—as well as specific solutions for server protection, enabling organizations to tailor their security needs based on the environment.
Microsoft Defender for Endpoint Plans: P1 and P2
Defender for Endpoint comes in two primary plans: Plan 1 (P1) and Plan 2 (P2), each offering different levels of protection and security features.
Defender for Endpoint Plan 1 (P1)
This plan provides essential protection and is suited for organizations looking for a solid defense mechanism for their endpoints. It includes:
- Next-generation protection: Industry-leading anti-virus, anti-malware, and endpoint security.
- Attack surface reduction: Reduces the potential attack vectors by enforcing security policies on devices.
- Device control: Monitors and manages endpoint devices to ensure compliance with security standards.
- Integrated with Microsoft 365 Defender: Seamless integration with Microsoft 365 tools for centralized management.
- Centralized management: Allows security teams to manage security policies and monitor device health.
Who is P1 for?
- Small and medium-sized businesses that need essential endpoint protection without the advanced investigation and response features.
Defender for Endpoint Plan 2 (P2)
P2 offers all the capabilities of P1, with additional features to handle advanced threats and automate response actions. Key features include:
- Endpoint detection and response (EDR): Real-time threat detection and investigation capabilities to respond to advanced attacks.
- Threat & vulnerability management (TVM): Continual monitoring and management of endpoint vulnerabilities to minimize exposure.
- Automated investigation and remediation: Uses artificial intelligence to automate threat investigation and respond to attacks without human intervention.
- Advanced hunting: Powerful query-based threat hunting for advanced security teams.
- Sandboxing and behavioral analytics: Isolates suspicious files and programs for analysis in a secure environment.
- Microsoft Threat Experts: On-demand experts and managed services to assist with threat detection and response.
Who is P2 for?
- Large organizations or those with high-security requirements that need advanced threat detection, investigation, and response capabilities.
Pricing:
Microsoft Defender for Endpoint Plan 1 (P1): $3.00 per user/month
Microsoft Defender for Endpoint Plan 2 (P2): $5.20 per user/month
Microsoft Defender for Endpoint Business Plan
Defender for Endpoint is also bundled into Microsoft 365 business plans, making it easy for small and medium-sized businesses to implement endpoint protection without additional licensing.
Key Features of Microsoft Defender for Business:
- Next-generation protection: Anti-virus, anti-malware, and anti-ransomware protection designed to safeguard against the latest cyber threats.
- Endpoint Detection and Response (EDR): Provides the ability to detect, investigate, and respond to advanced cyber threats with real-time threat intelligence and analytics.
- Threat and Vulnerability Management (TVM): Helps organizations discover vulnerabilities and misconfigurations across their endpoints and provides actionable recommendations to mitigate risks.
- Attack surface reduction: Protects against known vulnerabilities and reduces potential attack vectors by enforcing security policies across endpoints.
- Automated investigation and remediation: Uses artificial intelligence and automation to analyze alerts and respond to incidents quickly, helping reduce the time to detect and remediate threats.
- Simplified management: The solution is easy to configure and deploy, with a centralized console for visibility into security events and policy management.
Microsoft Defender for Business is included with Microsoft 365 Business Premium, offering a full suite of security, collaboration, and productivity tools for SMBs.
Pricing:
The Microsoft Defender for Business servers add-on is designed for small and medium-sized businesses (SMBs) and costs $3 per server, per month.
Defender for Business vs. Defender for Endpoint P1 and P2
Microsoft Defender for Business offers many of the core features of Defender for Endpoint P2, including EDR, TVM, and automated investigation and remediation. However, it is optimized for small to medium businesses (up to 300 users) and comes with simplified management, making it easier to use without requiring a dedicated security team.
This license is an add-on to Microsoft 365 Business Premium or the standalone Defender for Business plan. It provides the same protection for both client devices and servers, making it a cost-effective solution for businesses with up to 300 employees who need to secure both endpoints and server workloads without the complexity of enterprise solutions.
Microsoft Defender for Business Servers
Is an add-on designed for small and medium-sized businesses (SMBs) that extends the functionality of Microsoft Defender for Business to protect server workloads. It provides enterprise-grade security for Windows and Linux servers while maintaining the same simplified management experience as Defender for Business for endpoint devices.
Key Features:
- Simplified Endpoint Protection: Offers an integrated experience for protecting both endpoints and servers in a single console.
- Next-Generation Protection: Provides real-time antivirus and anti-malware scanning, along with behavior-based protection.
- Automated Investigation and Remediation: Uses AI-driven processes to automatically detect, investigate, and remediate security incidents.
- Threat and Vulnerability Management: Helps identify and mitigate vulnerabilities across your servers.
Pricing:
The Microsoft Defender for Business Servers add-on costs $3 per server, per month and can be added to existing Microsoft 365 Business Premium or standalone Defender for Business subscriptions
This solution is ideal for SMBs that need to protect up to 60 servers. For larger-scale server protection or more advanced features, such as extended detection and response (XDR), businesses should consider Microsoft Defender for Servers Plan 2.
Microsoft Defender for Servers
Microsoft Defender for Endpoint also provides protection for server environments, ensuring that critical server workloads are secured. There are two main plans available for server protection—Defender for Servers P1 and Defender for Servers P2.
In the past P2 includes basic Anti-Virus features, but since it has moved as part of an Azure Subscription to Microsoft Defender for Cloud, Defender for Servers P1 and P2 offer the same security features mentioned but are tightly integrated with Azure environments. They provide real-time monitoring and automated remediation for Azure virtual machines (VMs) and hybrid cloud workloads.
Defender for Servers P1 And P2 integrates with Defender for Endpoint and protects servers with all the features, including:
- Attack surface reduction to lower the risk of attack.
- Next-generation protection, including real-time scanning and protection and Microsoft Defender Antivirus.
- EDR, including threat analytics, automated investigation and response, advanced hunting, and Endpoint Attack Notifications.
- Vulnerability assessment and mitigation provided by Microsoft Defender Vulnerability Management (MDVM) as part of the Defender for Endpoint integration. With Plan 2, you can get premium MDVM features, provided by the MDVM add-on.
Defender for Servers and Defender for Endpoint detect threats at the OS level, including virtual machine behavioral detections and fileless attack detection, which generates detailed security alerts that accelerate alert triage, correlation, and downstream response time.
Additional features in Defender For Server P2 include:
Defender for Servers detects threats that are directed at the control plane on the network, including network-based security alerts for Azure virtual machines. Learn more
Enhance your vulnerability management program consolidated asset inventories, security baselines assessments, application block feature, and more. Learn more.
Customize a security policy for your subscription and also compare the configuration of your resources with requirements in industry standards, regulations, and benchmarks. Learn more about regulatory compliance and security policies
Free data ingestion is available for specific data types to Log Analytics workspaces. Data ingestion is calculated per node, per reported workspace, and per day. It's available for every workspace that has a Security or AntiMalware solution installed.
Azure Update Manager remediation of unhealthy resources and recommendations is available at no additional cost for Arc enabled machines.
Just-in-time virtual machine access locks down machine ports to reduce the attack surface. To use this feature, Defender for Cloud must be enabled on the subscription.
File integrity monitoring examines files and registries for changes that might indicate an attack. A comparison method is used to determine whether suspicious modifications have been made to files.
Assesses containers hosted on Linux machines running Docker containers, and then compares them with the Center for Internet Security (CIS) Docker Benchmark.
Provides a geographical view of recommendations for hardening your network resources.
Scans Azure virtual machines by using cloud APIs to collect data.
Pricing For Defender For Server
Defender for Server P1 is priced at $4.906/server/month
Defender for Server P2 is priced at $14.60/server/month
Conclusion
Microsoft Defender for Endpoint and Defender for Servers provide flexible and scalable security solutions for businesses of all sizes. Whether you're a small business in need of basic protection with Plan 1, or an enterprise with advanced security requirements choosing Plan 2, you can ensure comprehensive endpoint and server protection for your organization. Understanding the differences between these plans helps tailor your security investment to your specific needs.