Microsoft has evolved the Microsoft 365 Defender products over time. The product line used to be known as Microsoft Defender Threat Protection and has since been rebranded. It is made up of the following offerings:

  • Defender for Identity (hybrid identity security solution)
  • Defender for Endpoint (EDR, AV)
  • Defender for Office 365 (Anti-malware, anti-phishing)
  • Cloud App Security (CASB)

The licensing model and what you can see within the newly rebranded security center can get a little confusing so I wanted to write up this post to bring some clarity. The big piece to note its that these products are all uniquely integrated and can provide correlated alerts/automated investigations across users (hybrid or cloud native), devices, applications, and email.

Pricing Changes
Note that the pricing listed is subject to change, use the deep links I provided in this article to doublecheck!


All of the Defender Products can be purchased standalone in CSP. They can be bolted on to existing plans you have today, even in the Business suite. It may be that you do not want to adopt the entire product suite and its more cost effective to mix and match individual skus. Standalone licensing is also a great way to trial the product at a very low cost.

Enterprise Plans

On the left-column, there is office 365 E5 and Microsoft 365 E5. Both of these products are a little pricier but they also include a wide range of features including email, office apps, advanced security, and advanced compliance. More information around what is all included can be found here. Each of these would include the entire Microsoft Defender Suite of Offerings. EMS+E5 and Windows 10 Enterprise E5 also come with the defender suite but would need to be bolted on to a base plan that has email/office apps.


Its possible you could evaluate the E5 offerings and find that you don’t need all of the additional features they offer. The price point may be another factor and is not what you can sell to customer, especially not in SMB. For that reason, you may look to bundle offerings together like you see above here. You could bundle in the standalone products into a Business Premium offering. Additionally, you could bundle together E3 with Microsoft 365 E5 Security Add-on if you were looking to come in at a lower price point with less of the compliance features baked in.

Further Considerations

Microsoft also has lightweight versions of Defender for Endpoint and Defender for Office 365 that I wanted to touch on as well.

Microsoft recently announced a Plan 1 for Defender for Endpoint. This version should be more cost effective (prices TBD) and it includes some of the Attack Surface Reduction and Next Gen protection features.

Defender for Office 365 has had a plan 1 and plan 2 for much longer. Plan 1 is included in Microsoft 365 Business Premium and it includes baseline protection for anti-malware/anti-spam/anti-phishing/anti-spoofing. Plan 2 includes more automation, advanced threat hunting, and attack simulator training.

Conclusion and Helpful Resources

I hope this article provided some clarity to licensing with Microsoft 365 Defender. There are obviously more way’s to mix and match the licensing than I showed here but this give you a firm base to start with. Here are some more helpful articles from Microsoft:

Microsoft Licensing Guidance for Security and Compliance

Enterprise Plan Comparison

Leave a Reply

Your email address will not be published. Required fields are marked *

Join our Early Access waitlist!

Join the IT Revolution: Start Here!