Introducing Microsoft Defender for Business: you heard that right… it’s *included* with Business PremiumAlex Fields
Remember a couple of months ago when Microsoft announced Microsoft Defender for Endpoint P1? Many critical eyes in the community quickly pointed out that Business Premium customers were apparently left out to dry, even though the SMB is where we need the most help when it comes to endpoint security. The new P1 SKU was only included in Microsoft 365 E3, sadly.
Well, there was a reason for this apparent “oversight” after all! As the Beatles say, “you were only waiting for this moment to arrive.”
Microsoft Defender for Business is probably the biggest announcement at Ignite this year for the SMB, and certainly the most important update to the Business Premium plan since the addition of Azure AD Premium P1 back in April of 2020. Indeed: this is a true mic drop moment for Microsoft, and I imagine that many endpoint security vendors are feeling more than a little nervous at this point.
Of course, adding yet another Defender product on to the cart is going to confuse some people, but the simplest way to describe MDB is that this is the SMB’s version of Microsoft Defender for Endpoint P2 (doesn’t include every single feature but it’s pretty close). The P2 SKU as you may recall is included in the Microsoft 365 E5 and E5 Security bundles, and is available standalone via CSP. In the US, this is still a fairly expensive product, weighing in over USD $5/user/month. By contrast, Defender for Business finally brings us the advanced security features of a full-bodied endpoint security solution at an affordable SMB price.
In fact, it is included with Microsoft 365 Business Premium, and is also available standalone for USD $3/user/month. Pretty cool, huh? To see what is included (as well as what is being left out) of this SKU, see the below (this is my current understanding, will update if I learn differently):
This is a pretty fantastic feature set, especially given that it is just going to be thrown into Microsoft 365 Business Premium, which is already considered the Gold Standard in the SMB space anyway, and is likely the most widely deployed subscription world wide. My understanding is that this product will also include some new SMB-specific interfaces and integrations with Lighthouse eventually, which further enhance this product and distinguish it from its Enterprise counterparts.
Speaking of which, Microsoft Defender for Endpoint (in case you hadn’t heard) is award-winning, Gartner Magic Quadrant, Enterprise-capable security software, so it is a VERY BIG DEAL that it is now available to the SMB at virtually no extra cost. What reason could you possibly have for continuing to pay for an additional endpoint solution on top of this? I think it is going to be difficult to justify that extra spend in the long term.
Yes, there is a temporary “switching cost” to converting existing customers and learning this new tool, but as a service provider, it is also a question and calculation you will eventually need to face. The truth of the matter is that this development certainly does threaten some endpoint security solution providers out there who focus on SMBs via the MSP channel, however it also presents a massive opportunity to MSPs who are willing to make the switch quickly. You will almost certainly be ahead of the pack for doing so, and of course as an added benefit, you will be able to offer a more competitive (and often more full-featured) solution to your customers and prospective customers, which is already integrated with the Microsoft platform.
We will certainly have more to say about this as more information becomes available. Today is only the first announcement, and the public preview has not even launched yet. Stay tuned for more!
Where does it say it’s included in Business Premium? When can we expect to see it?
They do not have a date announced yet for public preview, but just say it is coming “soon” but there is a webinar scheduled on the 18th, so maybe we hear more there!
The reference to inclusion in Business Premium is on their blog, under the section called “Cost-effective”:
You don’t call it out but another great thing in the announcement is that IT partner can manage this new capabilities in a multi-tenant manner from the M365 Lighthouse
While that is true, it is also not going to be ready on day 1–they say some alerts, etc. will be surfaced but the ability to manage policy at scale, etc. I believe is still some ways off.
This is a very interesting development! I’d just been exploring this very topic with a view to better understanding Microsoft’s Endpoint offerings, in case we could get something just as good and more integrated, but for less money than our charity price on ESET (which has generally been excellent, and the price is very good!). I’d just concluded that nothing comes close right now (mostly being far more expensive!). But this being thrown in for free with our Business Premium licences certainly ticks the cost-effective box. And dumping ESET would let us dump PROTECT server we run to configure the Endpoint Security installs… and that would be a big win! (I must say ERA/EMSC/PROTECT Server has been an excellent way for us to manage everything so far, but why run your own server, when you don’t need to!). I’m guessing the fine details and general availability will come too late for us to make use of this year, but this could be the last year we renew our ESET licences.
Any thoughts on whether this will support MacOS too? (I’m guessing yes, but might not be as good on Macs? Or might arrive later?)
Mac, Android, iOS all have support, yes.
At the moment P1 and P2 does not work stand alone. It need Intune.
This is why it is the best to add into BP.
Just wondered if you knew anything more about the API’s and integration bit? Or where we can get any more information thinking about Azure Sentinel and lighthouse SOC that we can offer
There will be a webinar on the 18th, and possibly some Q+A as part of that. Would be a good time to ask some of these questions!
This is awesome! Does your defender for endpoint course include all of the relevant content for this?
It is a brand new product that is not yet in preview, so not yet, no. I do talk about the (expected) differences in feature sets, and I purposefully chose to focus on the features that I knew would be included ultimately in the SMB product (so we don’t spend time in that course on features which are not going to be part of the SMB offering).
Do you know if there will be a Defender for Business Server license available similar to Microsoft Defender for Endpoint for Server licenses?
Also, Defender for Endpoint P1/P2 requires that you have a combined minimum of 50 licenses before you can acquire Defender for Endpoint for Server licenses, do you know if there will be a lower minimum threshold of licenses needed before we can acquire server licenses for Defender for Business?
What I do know so far about the Server piece is that it is still being debated internally at Microsoft. I have advocated for giving us the Server licensing option at a much lower threshold such as 5 user licenses, or just allowing us to access it with any number of licenses. But I am not sure where they are at with it. I can also report that Server support is NOT going to be included in the Public Preview, but that it may change when it goes to GA next year (I think they are trying to figure out what the market needs are still).
Do you know if it will be possible from a technical standpoint (depoloyment via Intune, administration, …), to combine Defender for Business and Defender for Endpoint in a MS365 Business Premium / MS365 E3 environment? I mean if you are a company running both license versions within the same tenant. MS365 E3 users would have the Security E5 addon or Defender for Endpoint P2 license.
So far I do not see how they would technically prevent this scenario, but they also suggested in their webinar Q+A the two are not supposed to be mixed. In their mind, companies under 300 seats just go all in on Business Premium. At or over 300 would go Enterprise. But in the real world we do see some mix-n-match, for example larger mid-sized orgs who acquire other companies and bring those in under their larger corporate umbrella as semi-independent business units. So once this is in the wild it will be interesting to see if they change their position on that (and I am not aware of a technical “block” they could implement against this at the moment).