More details on Microsoft Defender for Business (MDB)Alex Fields
Perhaps the biggest Microsoft product announcement this year for SMB customers was Microsoft Defender for Business, an Enterprise-grade endpoint security solution which is based on the wildly successful Microsoft Defender for Endpoint product. As previously noted on this blog, MDB will be included with Microsoft 365 Business Premium, which we consider to be the Gold Standard SKU for SMB’s, and Microsoft’s flagship bundle offering for organizations with less than 300 users. However, you can also buy the MDB product standalone (for example, MDB would be available even for organizations on another platform such as Google Workspace).
At the time of this writing, the pricing that has been announced for General Availability (GA) is USD $3/user/month for the standalone version. Note however that the Business Premium bundle is on track for a modest price bump: it is going from USD $20/user/month up to USD $22/user/month, per an announcement from earlier this year. Even with the price increase, this SKU is still by far the best value in the Microsoft ecosystem, or indeed, any other ecosystem I am aware of (even more so now that we will have a full-bodied endpoint security solution included).
Now the last time I wrote about this, we took a brief look at what I believed would be included with MDB when it eventually goes to GA next year (the Public Preview phase is expected to start before the end of the year). Now we have confirmed details on what is officially included, outlined in the below slide:
The first thing to note is that if your customers are firmly located in the SMB space (defined here as less than 300 users), then Microsoft Defender for Business is likely to be the only solution you need to worry about. For larger mid-sized organizations or Enterprise organizations, you would look toward Microsoft Defender for Endpoint P1 and P2, which are included in Microsoft 365 E3 and E5, respectively.
But just look at that feature list for MDB! It seems too good to be true, doesn’t it? Well, based on what we know so far, they really are bringing most of the E5, enterprise-grade goodness down to the SMB for us. The major features from P2 which have been “left out” make sense to me: Threat Hunting and 6-months data retention, would be an example of something which is generally used by dedicated SOC analysts, which is not a very common thing to find in the SMB at all. (By the way, for those who still want the option, know that the same endpoint data is “collectable” via Sentinel or Partner APIs, so you can still gather raw historical data if you want to using one of those other options). And Microsoft Threat Experts is an add-on service that is only sold to larger organizations anyway.
Therefore the features we have in MDB are geared more toward the IT Generalist (which describes most of the IT consultants out there who already serve the SMB), with the goal of making the higher-end security functionality easier to understand and implement for managed customers. Now I want to stress here that you probably would not roll this out to a small business who was not also being managed by an IT service provider: the features have been simplified so as not to require cybersecurity specialists, but that does not imply that there is no expertise whatsoever required to implement and manage the product. Indeed, from what I have seen so far, MDB will still require some set up and configuration (e.g. off-boarding from previous endpoint solutions and on-boarding to the new service, as well as deploying policies and identifying any necessary exceptions, etc.).
Public Preview first, then GA will see more functionality open up
The public preview for MDB should arrive within the next few weeks (no specific dates yet but very soon), at which time we will have an even clearer picture, and more to report. Understand that not all of the features will be available during the preview, and that more will be released in General Availability (GA), particularly with regard to Microsoft 365 Lighthouse (multi-tenant management capabilities for partners). I do not yet have a full comparison of what is going to be in Preview versus GA but as soon as I know I will get that information out.
In the meantime the slides I have included in this blog post came from this webinar, which I co-starred in! Check it out for more information (this presentation just took place this morning, and the recording should available soon).