Defender for Endpoint: How Licensing Works [ex Defender ATP]

[Sassy_Social_Share]

As businesses face the increasing threats of cyber-attacks, security platforms like Microsoft Defender for Endpoint are becoming a critical defense tool.

Built into Windows 10 and across Microsoft’s Cloud Services, and offering threat detection and prevention, the platform helps firms stay alert and respond rapidly to cyber-threats.

The big business benefits of Defender for Endpoint, formerly known as Microsoft Defender ATP, include:

  • Endpoint detection and response (EDR)
  • Threat and vulnerability management
  • Cloud-based protection
  • Automated investigation and remediation
  • Reducing attack surfaces

This level of advanced protection requires a license—and, as with the former Defender ATP licensing requirements, Defender for Endpoint’s options will depend on your IT infrastructure and organizational needs.

A laptop with Microsoft Defender in the screen

Defender for Endpoint Licensing Options & Costs

A standalone license for the Defender for Endpoint must be purchased through a Microsoft Cloud Solution Provider.

  • The standard business license costs $5.20 per month per user for up to 5 machines.
  • Licenses for academic organizations cost $2.50 per user.

There are two licensing options for Defender for Endpoint: enabling Azure Defender in the Azure Secure Center and onboarding Endpoint for servers.

Azure Security Center with Azure Defender enabled

Azure Defender for servers protects workloads running in Microsoft Azure. Integrating with existing Azure services, it provides increased threat defenses, hunts down threats across Windows and Linux machines with file monitoring, and assesses vulnerabilities,  powered by Qualys (with no additional cost, license, or even a Qualys account).

Additionally, Azure Defender includes an integrated license for Defender for Endpoint.

You won’t need to pay extra or need a separate license. If you have an Azure Defender subscription, you can access Defender for Endpoint, with Microsoft promising that the combined power of both delivers comprehensive EDR capabilities.

Defender for Endpoint monitors the system and sends an alert to the Azure Defender Security Center if it identifies a threat, where your team can investigate and take action.

After a 30-day free trial, Azure Defender for servers costs $0.026 per server per hour, plus 500 MB per day and can be accessed through the Security Center’s ‘Pricing & Settings’ option.

Screenshot of Microsoft website where you can start your Azure 30 days trial for free

Choose a subscription or workspace to protect, then click ‘Azure Defender on’ and save. For full protection, select the subscription containing the protected workloads; remember that enabling at the workspace level offers limited security in comparison.

Microsoft Defender for Endpoint for Server (one per covered area)

With Defender for Endpoint integrated into the Windows Server OS, you’re able to use the Microsoft 365 Defender console to detect and investigate attacks.

Supported servers are:

  • Windows Server 2008 R2 SP1
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server (SAC) version 1803 and later
  • Windows Server 2019 and later
  • Windows Server 2019 core edition

However, you’ll need a combined minimum of 50 licenses at a cost of $4.99 per server per month for at least one of the following to one server license per covered Operating System Environment.

  • Microsoft Defender for Endpoint
  • Windows E5/A5
  • Microsoft 365 E5/A5
  • Microsoft 365 E5/A5 Security

Onboarding Windows Servers to the Defender for Endpoint means configuration. Depending on your server type, Microsoft offers several options for onboarding.

For Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows 2016, you can onboard using Microsoft Monitoring Agent (MMA), the Microsoft Endpoint Manager (2012 or later), or via the Azure Security Center.

A Defender for Endpoint standalone license is required to onboard through MMA or Endpoint Manager.

For Windows Server (SAC) version 1803 and later, Windows Server 2019 and later, and Windows Server 2019 core edition, your deployment options are local script, group policy, Microsoft Endpoint Configuration Manager, System Center Configuration Manager, and VDI onboarding scripts.

The Different Requirements for Licensing

To ensure protection across all networks and devices, your IT system must meet minimum requirements before you can onboard Microsoft Defender for Endpoint.

Hardware and Software Requirements

Defender for Endpoint’s hardware requirements must match the hardware requirements of the software that supports the tool.

Microsoft advises that devices must run one of these operating system versions:

  • Windows 7 SP1 Enterprise
  • Windows 7 SP1 Pro
  • Windows 8.1 Enterprise
  • Windows 8.1 Pro
  • Windows 10 Enterprise
  • Windows 10 Enterprise LTSC 2016 or later
  • Windows 10 Education
  • Windows 10 Pro
  • Windows server
  • Windows 10 Pro Education
  • Windows Virtual Desktop

Note that both Windows 7 editions need ESU for support.

Other Software Requirements

Outside of the Windows ecosphere, Defender for Endpoint can run on Linux, macOS, iOS, and Android, allowing teams access to a centralized portal whichever operating system they use. However, a subscription or license must be assigned to the app user.

You’ll need to use a supported internet browser when accessing Defender for Endpoint. Currently, you can use Microsoft Edge or Google Chrome.

Microsoft advises that while other browsers like Firefox and Opera can be used to access Defender for Endpoint, they’re not technically supported by the tool.

Two mobile phones with the logo of Google Chrome and Microsoft Edge
Google Chrome and Microsoft Edge are the supported internet browsers when accessing Defender for Endpoint

Defender for Endpoint uses information gleaned from Microsoft Defender Antivirus as it scans files. It can then make sense of that information to provide up-to-the-minute threat detection.

If your company uses a third-party antivirus, you’ll need to place Microsoft Defender AV into passive mode, or exclude devices from any group policies you might use.

Before you onboard, determine where you want Defender for Endpoint data to be stored. During setup, you’ll need to choose between the UK, the EU, or the US region—and this can’t be changed afterwards.

You should also enable diagnostic settings, which should be on by default, but it’s worth checking using the ‘sc qc diagtrack’ command. If the start type isn’t set to Auto Start, run ‘sc config diagtrack start=auto’ in Command Prompt.

Licensing Requirements

You’ll need one of the following licenses to use Defender for Endpoint across your organization:

  • Windows 10 Enterprise E5
  • Windows 10 Education A5
  • Microsoft 365 E5 (M365 E5) with Windows 10 Enterprise E5
  • Microsoft 365 A5 (M365 A5)
  • Microsoft 365 E5 Security
  • Microsoft 365 A5 Security
  • Microsoft Defender for Endpoint

You won’t need a separate license for RDSH VMs.

To take advantage of the Defender ATP’s EDR and Endpoint Protection Platform (EPP) capabilities, you’ll need a different license depending on your Windows operating system.

Endpoint Protection Platform (EPP)

EPP is an endpoint-deployed service designed to reduce your attack surfaces while offering ‘next-generation protection’, a cloud-based AV solution.

A man clicking on a locker in a interactive screen

In case you use:

  • Windows 10

License through:

  • Windows E5 or Microsoft 365 Enterprise 5

And if you use:

  • Windows Server 1803 or Windows Server 2019

License through:

  • Azure Security Center pay-as-you-go

Full EPP security means complementing Defender for Endpoint with Microsoft Defender AV. This may mean you’ll need the separate System Center Configuration Manager with System Center Endpoint Protection license if you use:

  • Windows 8.1
  • Windows 7
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2

Defender AV comes included in the following, with no need for an extra license:

  • Windows 10
  • Windows Server 1803
  • Windows Server 2016
  • Windows Server 2019

Configurations vary from OS to OS and depend on how you’ve licensed the product. For more information, speak to a Logic V expert advisor.

How Defender for Endpoint Helps Your Business

Microsoft’s licensing and pricing model is complicated, but the value proposition is simple: increased threat protection and detection in a hostile online environment.

No business can afford repeated fines for avoidable data breaches, or costly downtime, which impacts reputation and the bottom line.

As cyber-threats continue to evolve, becoming smarter, more sophisticated, even more brutal, licensed security tools such as Defender for Endpoint are critical to keeping your business online. Fortify your defenses: contact our team and transform your business through the art of digitization.

Get started with Azure and expand you business efforts at a lower cost