Use this article to get answers to questions you might have about Defender for Business.
How do I try or buy Defender for Business?
We recommend working with a Microsoft partner.
If you prefer to try or buy Defender for Business on your own, go to the Defender for Business product page, and select the option to try or buy Defender for Business.
For more information, see Get Defender for Business.
Is there a limit to how many users can be licensed for Defender for Business?
Defender for Business is designed for small and medium-sized businesses who have up to 300 users. If you have more than 300 users, consider an enterprise solution, such as one of the following:
How many devices can I onboard and secure with Defender for Business?
You can onboard and secure up to five client devices per user license.
If you have servers, you'll need an additional license, such as Microsoft Defender for Business servers.
Does Defender for Business protect Mac, Android, and iOS/iPadOS client devices?
Yes. Defender for Business supports protection for Windows, Mac, Android, and iOS/iPadOS devices. See Onboard devices.
Does Defender for Business support servers?
If you're planning to onboard an instance of Windows Server or Linux Server, you'll need an additional license, such as Microsoft Defender for Business servers. This license is available as an add-on to Microsoft 365 Business Premium and the standalone version of Defender for Business. The Microsoft Defender for Business servers license is priced at $3 per server instance. You can either purchase a license for each onboarded server, or choose to offboard servers from Defender for Business.
If you have more than 60 servers, you'll need to get another license, such as Microsoft Defender for Endpoint Server or Microsoft Defender for Servers Plan 1 or Plan 2. For more information, see Onboard servers to Microsoft Defender for Endpoint.
What is the difference between Microsoft Defender for Business servers and Microsoft Defender for Servers Plan 1 and Plan 2?
The following table compares server options for Defender for Business customers:
| Server license | Description |
|---|---|
| Microsoft Defender for Business servers | Microsoft Defender for Business servers is an add-on to Defender for Business and Microsoft 365 Business Premium. This offering enables small and medium sized businesses (up to 300 users) to onboard and protect servers and client devices in the Microsoft Defender portal. |
| Microsoft Defender for Servers Plan 1 / Plan 2 | Microsoft Defender for Servers Plan 1/Plan 2 is an enterprise-focused offering that can be purchased with any other Microsoft cloud plan. This offering is part of Microsoft Defender for Cloud, and includes advanced threat hunting with six months of data retention and the Microsoft Threat Experts service. The admin experience for Defender for Cloud resides within the Azure portal (https://portal.azure.com). |
Adding Defender for Cloud to a tenant that has Defender for Business doesn't change the simplified configuration experience that Defender for Business offers. The functionality in Microsoft Defender for Servers Plan 1 or Plan 2 work with Defender for Business.
Can I configure more than one web content filtering policy in Defender for Business?
Currently, Defender for Business supports only one uniform web filtering policy per Defender for Business tenant.
Can I use non-Microsoft antivirus/antimalware software with Defender for Business?
Although you can technically onboard devices that are running a non-Microsoft antivirus/antimalware solution, you could run into an issue where real-time protection could be turned off on those devices. If real-time protection is turned off on a device, the device appears to be not protected.
In Defender for Business, real-time protection is turned on by default; however, devices running non-Microsoft antivirus/antimalware software could affect your settings.
To learn more, see I'm seeing indications that some devices aren't protected even though they're onboarded to Defender for Business.
Are device control capabilities available in Microsoft Defender for Business?
Device control in Microsoft Defender for Endpoint prevents users, endpoints, or both from using unauthorized removable storage media.
These capabilities can be configured in Defender for Business, as described in the following table:
| OS | Method | Notes |
|---|---|---|
| Windows | Attack surface reduction rules | On Windows devices, you can configure device control through ASR rules. You'll need Microsoft Intune to set up your ASR rules. Intune is not included in the standalone version of Defender for Business, but you can add it on. Intune is included in Microsoft 365 Business Premium. ASR capabilities in Defender for Business |
| Mac | Jamf or Intune | You can use Jamf or Intune to set up device control on Mac. See Device Control for macOS. |
How do I run custom reports with Defender for Business?
Defender for Business uses the Defender for Endpoint APIs for all the capabilities that are available in Defender for Business. You can use the APIs with a reporting tool. As an example scenario, you can use a Power BI connector and schedule a PowerShell script to generate executive summaries formatted in HTML, and send those summaries via email.
For more information, see the following resources:
I'm a Microsoft partner. Will I be able to manage multiple tenants from one control panel, or will I have to sign in to each tenant individually?
Several options are available, including Microsoft 365 Lighthouse and using APIs to integrate with your tools. See Microsoft Defender for Business and Microsoft partner resources.
Defender for Business integrates with Microsoft 365 Lighthouse for multi-tenant support in a single console (https://lighthouse.microsoft.com). See Overview of Microsoft 365 Lighthouse.
You can use the Defender for Endpoint APIs to integrate Defender for Business with your remote monitoring and management (RMM) tools and your professional service automation (PSA) software. See Microsoft Defender for Business and Microsoft partner resources.
How do I configure attack surface reduction rules and capabilities in Defender for Business?
Use Intune to configure your attack surface reduction rules. Other attack surface reduction capabilities can be configured in the Microsoft Defender portal. See Attack surface reduction capabilities in Defender for Business.
How does Microsoft Intune work with Defender for Business?
Defender for Business capabilities are integrated with endpoint security policies in the Microsoft Intune admin center. You can use either the Microsoft Defender portal or the Intune admin center to onboard devices and configure security policies. Some capabilities, such as controlled folder access and attack surface reduction rules must be configured in the Intune admin center.
For more information, see the following articles:
If I'm already using Microsoft 365 Business Premium, why do I need Defender for Business?
Defender for Business provides advanced threat protection for your organization's devices. Microsoft 365 Business Premium includes Defender for Business together with other capabilities, such as Defender for Office 365 Plan to protect your organization's email and files, and Azure Information Protection Plan 1, sensitivity labeling, and data loss prevention for email and files.
For more information about what's included with each plan, see Microsoft 365 User Subscription Suites for Small and Medium-sized Businesses.
What are the differences between Defender for Business and Defender for Endpoint Plans 1 and 2?
Defender for Business is designed for small and medium-sized businesses who have up to 300 users. Capabilities in Defender for Business include next-generation protection, attack surface reduction, endpoint detection & response (EDR), and automated investigation and remediation. Defender for Business also features simplified configuration and device onboarding options that streamline the overall setup and configuration process.
Defender for Endpoint is an enterprise endpoint security platform designed to help organizations prevent, detect, investigate, and respond to advanced threats.
- Defender for Endpoint Plan 1 includes next-generation protection and attack surface reduction capabilities.
- Defender for Endpoint Plan 2 extends Plan 1 capabilities with core vulnerability management capabilities, EDR, automated investigation & remediation, threat hunting, and six months of data retention.
The following table summarizes some differences between Defender for Business and Defender for Endpoint:
| Capabilities | Defender for Business | Defender for Endpoint Plan 1 | Defender for Endpoint Plan 2 |
|---|---|---|---|
| Centralized management | ✔ | ✔ | ✔ |
| Simplified firewall and antivirus configuration for Windows | ✔ | ||
| Vulnerability management (core capabilities) | ✔ | ✔ | |
| Attack surface reduction | ✔ | ✔ | ✔ |
| Next-generation protection | ✔ | ✔ | ✔ |
| Endpoint detection & response (EDR) | ✔ (optimized) |
✔ | |
| Automatic attack disruption | ✔ | ✔ | |
| Automated investigation & remediation | ✔ | ✔ | |
| Monthly security summary reporting | ✔ | ✔ | |
| 30 days advanced hunting and six months of data retention in the device timeline | ✔ | ||
| Threat analytics | ✔ (optimized) |
✔ | |
| Cross-platform support (Mac, iOS, Android) |
✔ | ✔ | ✔ |
| Windows Server and Linux Server (requires server licenses) |
✔ | ✔ | ✔ |
| Microsoft Threat Experts | ✔ | ||
| Microsoft 365 Lighthouse (optimized; for CSPs only) |
✔ | ||
| Microsoft Defender multi-tenant management | ✔ | ✔ | ✔ |
| APIs | ✔ | ✔ | ✔ |
Can I have a mix of Microsoft endpoint security subscriptions?
Microsoft Defender for Business does not support mixed licensing, so a tenant with Defender for Business (which is included in Microsoft 365 Business Premium) along with Defender for Endpoint Plan 2 (which is included in Microsoft 365 E5 Security) defaults to the Defender for Business experience.
For example, if you have 80 users licensed for Defender for Business (as part of a Microsoft 365 Business Premium subscription), and you add Microsoft 365 E5 Security for 30 of those users, the experience for all users defaults to Defender for Business. If you want to change that to the Defender for Endpoint Plan 2 experience, you should license all users for Defender for Endpoint Plan 2 (either through the standalone version of Defender for Endpoint Plan 2 or Microsoft 365 E5 Security), and then contact Microsoft Support to request the switch for your tenant.
For more information, see Manage your subscription settings.
For more information about licenses and product terms, see Licensing and product terms for Microsoft 365 subscriptions.
My organization has grown to more than 300 employees, and I have a mix of Microsoft endpoint security subscriptions. Can I still use Defender for Business?
Suppose your company has grown from 250 users to 330 users, and you now have a mix of Microsoft endpoint security subscriptions, such as 300 Defender for Business licenses and 30 Microsoft 365 E3 licenses.
Defender for Business and Microsoft 365 Business Premium are for customers who have up to 300 users. If you now have more than 300 users, we recommend getting a subscription that includes Defender for Endpoint for all users. However, we understand that there are scenarios where a customer grows to more than 300 users within a license term.
Referring to our example, suppose you started your license term with 250 Defender for Business licenses, and now you have 300 Defender for Business licenses and 30 Microsoft 365 E3 licenses (Microsoft 365 E3 includes Defender for Endpoint Plan 1). Defender for Business features and capabilities apply tenant wide. When it's time to renew your subscription, we recommend choosing an enterprise plan, such as one of the following subscriptions:
- Microsoft 365 E5 (includes Defender for Endpoint Plan 2 plus Defender for Office 365 Plan 2)
- Microsoft 365 E3 (includes Defender for Endpoint Plan 1)
- Defender for Endpoint Plan 1 or 2
For details about licenses and product terms, see Licensing and product terms for Microsoft 365 subscriptions.
How do I view my organization's Microsoft subscriptions and user licenses?
You can view your current subscriptions and licenses in the Microsoft 365 admin center (https://admin.microsoft.com). Choose Settings > Endpoints > Licenses.
Also see Understand subscriptions and licenses in Microsoft 365 for business.