Recently, Microsoft has announced a fork of the Defender for Endpoint offering into two plans. Defender for Endpoint has traditionally been an enterprise grade solution and only included in higher level plans such as E5. Over the past few years Microsoft has made this a standalone offering that could be bolted on to other plans to make it more cost effective. With the fork into the two plans, plan 1 is essentially a lightweight version of the offering. At a high level this plan includes components like Next gen protection and attack surface reduction.
Now Microsoft has also announced that there will be a Microsoft Defender for Business offering that will be included at no additional cost to Microsoft Business Premium ($20/user/month). This is an amazing addition to a sku that is already pretty robust with security offerings.
As you can see, Microsoft Defender for Business (as part of M365 Business Premium) includes almost all features that come with plan 2. Here are some descriptions of those high level features(as referenced here):
- Threat and vulnerability management – Helps you to prioritize and focus on the weaknesses that pose the most urgent and the highest risk to your business. By discovering, prioritizing, and remediating software vulnerabilities and misconfigurations you can proactively build a secure foundation for your environment.
- Attack surface reduction – Reduces your attack surface (places that your company is vulnerable to a cyberattacks) across your devices and applications using capabilities such as ransomware mitigation, application control, web protection, network protection, network firewall, and attack surface reduction rules.
- Next-generation protection – Helps to prevent and protect against threats at your front door with antimalware and antivirus protection—on your devices and in the cloud.
- Endpoint detection and response (EDR) – Get behavioral-based detection and response alerts allowing you to identify persistent threats and remove them from your environment. Manual response actions within Defender for Business will allow you to take action on processes and files, while live response will put you in direct control of a device to help ensure it’s remediated, secured, and ready to go.
- Automated investigation and remediation – Helps to scale your security operations by examining alerts and taking immediate action to resolve attacks for you. By reducing alert volume and remediating threats, Defender for Business allows you to prioritize tasks and focus on more sophisticated threats.
- APIs and integration – Automate workflows and integrate security data into your existing security platforms and reporting tools. For example, you can pull detections from Defender for Business into your security information and event management tool.
As I mentioned earlier, this offering is being bolted into M365 BP at no additional cost. Defender for Endpoint can still be purchased standalone if you would like to add it on to lower level plans like Business Standard.
- $1.45/User/Month EDU
- $2.50/User/Month EDU
Business Premium Value
With this addition, Microsoft now has the following capabilities:
- 365 Email + Apps
- File Storage with OneDrive/SharePoint
- Collab with Teams
- DLP Policies
- Azure Information Protection Plan 1 (Standalone $2/user/month, email encryption/document classification)
- Azure AD Premium p1 (Standalone $6/user, conditional access policies)
- Defender for Office 365 Plan 1 (standalone $2/user, advanced email protection capabilities)
- Intune(Standalone $8 user/month, MDM/Device Mgt)
- Defender for Endpoint(Standalone $3/user/month, EDR)
That is definitely a ton of value for $20/user/month.
A larger concern for MSPs related to this product is simply the siloed management portals for each customer to configure policies and investigate/remediate threats. Microsoft is solving for this by introducing this feature set for Defender for Business into M365 Lighthouse which is their multi-tenant management solution for MSPs. It will be interesting to see all the capabilities you will have there once that is released.