Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Defender for Endpoint Pricing Plans

Microsoft recently announced that Microsoft Defender for Endpoint will soon be available in two plans: P1 and P2. In this article, I will look at how the two plans compare.

With Windows, MacOS, iOS, and Android devices being the most common target for cyber criminals, malware and threats are continuously improving and evolving.

In the most recent announcement, Microsoft revealed that organizations have been under increasing attack from web-based threats and ransomware.

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint is a security suite for end-user devices, like Windows PCs and Android phones, that is designed to protect enterprises against advanced threats including viruses, ransomware, rootkits and other types of malware.

Microsoft Defender for Endpoint is part of the Defender suite, which includes Defender for Endpoint, Defender for Identity, and Defender for Office 365. Defender for Endpoint was originally released as Windows Defender ATP (Advanced Threat Protection), a product which added improvements to the capabilities of the Windows Defender solution included in Windows 10.

Figure1 3 — Microsoft Defender for Endpoint (Image Credit: Microsoft)

In 2019, Windows Defender ATP become Microsoft Defender ATP, and included an array of threat protection capabilities.

Microsoft Defender for Endpoint was a single license product that was included in Microsoft 365 E5 (and A5), Microsoft 365 E5 Security (add-on), and Standalone.

In August 2021, Microsoft announced that the single licensed product would be split into two products: Defender for Endpoint P1 (Plan 1) and Defender for Endpoint P2 (Plan 2).

Microsoft Defender for Endpoint subscription plans

Microsoft Defender for Endpoint will soon be available in two plans: P1 and P2. Plan 2 (P2) is available now and it contains advanced features like advanced threat hunting and device discovery. Plan 1 (P1) is currently in preview and it contains the base features like next-generation antimalware and antivirus protection, centralized management, and security reports.

Recently, Microsoft announced that it is “excited to offer a foundational set of our market leading endpoint security capabilities for Windows, macOS, Android and iOS at a lower price, in a new solution named ‘Microsoft Defender for Endpoint Plan 1 (P1), which will be included in Microsoft 365 E3 at no extra cost”.

Microsoft Defender for Endpoint P2 contains the same feature set as the original full-featured Microsoft Defender for Endpoint product. The new Microsoft Defender for Endpoint P1 product gives access to a subset of the features available in the P2 plan.

The following is a high level breakdown of the available features, as described in a Microsoft blog post:

Microsoft Defender for Endpoint Plan 1 Capabilities Overview (Image Credit: Microsoft)

Microsoft Defender for Endpoint (Plan 1) features

Plan 1 contains a subset of the features from the original Defender for Endpoint product, as shown below:

Microsoft Defender for Endpoint Feature	P1	P2
Application Control	Included	Included
Attack Surface Reduction Rules	Included	Included
Centralized Management	Included	Included
Controlled Folder Access	Included	Included
Custom Threat Intelligence	Included	Included
Device Control	Included	Included
Device-based Conditional Access	Included	Included
Endpoint Firewall	Included	Included
Next-generation Antimalware	Included	Included
Unified Security Tools	Included	Included
Web Content Filtering	Included	Included
Automated Investigation and Remediation		Included
Endpoint Detection and Response		Included
Microsoft Threat Experts		Included
Sandbox (Deep Analysis)		Included
Threat Analytics		Included
Threat and Vulnerability Management		Included

Whilst Microsoft has kept the most advanced features for Plan 2, there are some significant capabilities in Plan 1 that will help organizations stay secure, for example:

Windows Defender Application Control (WDAC) is advanced protection against zero-day threats through the use of a number of configurable rules that determine the integrity of the file or application being executed. Combined with good application management practices, WDAC can be incredibly affective in the fight against new and emerging threats.

Device Control allows organizations to control the use of external devices such as USB or printers, by either reporting on their use, or preventing use, depending on the policy assigned. It is also possible to include exceptions to these report and prevent rules, to meet differing business needs.

Web Content Filtering shifts the responsibility for Web Protection from network and web filter appliances and places it on the endpoint itself. With the recent update in working from home, this means that users are protected no-matter how they browse the web. Web Content Filtering in Microsoft Defender for Endpoint P1 and P2 protects all browsers and apps on the endpoint.

Microsoft Defender for Endpoint (Plan 2) features

Whilst the list of features included in P1 is extensive, it misses out on the advanced capabilities available in P2.

Plan 2 includes Endpoint Detection and Response, alongside Automated Investigation and Remediation, which are advanced features that provide incredibly strong protection from security breaches and attacks. Automated Investigation and Response significantly lowers the time taken to remediate an attack, ensuring the business can get back online more quickly. As the capabilities in Plan 2 are AI-driven, rather than definition based, organizations will be ahead of, and protected against, the latest malware, threats, and zero days.

Microsoft Defender for Endpoint pricing

The new P1 offering no longer requires the expensive E5 option; it is included in Microsoft 365 E3 (and A3). It is available for purchase Standalone, meaning organizations that wish to utilize Defender for Endpoint outside of an M365 E3 or E5 agreement are able to purchase either Plan 1 or Plan 2 as a Standalone option.

Note: Defender for Endpoint P1 is currently in Preview and not available for purchase. Availability and Pricing for the Standalone offering is expected towards the end of 2021.

Affordable threat protection for most organizations

By splitting Microsoft Defender for Endpoint into P1 and P2, Microsoft have provided affordable threat protection for most organizations, which may help ensure they don’t fall back to third-party offerings to meet their endpoint security requirements.

Related articles

Deploy Microsoft Defender Application Control (Previously WDAC)

by Dean Ellerby
Oct 7, 2021

Dean is a Microsoft Enterprise Mobility MVP, Microsoft Certified Trainer, and Workspace Solution Architect at CDW. He is a co-organizer at the Cloud Management Community, providing both live events and recorded instructional videos.

What is a Roaming User Profile on Windows?

Sep 1, 2023
Oct 24, 2023
Microsoft Releases June 2023 Patch Tuesday Updates

Jun 13, 2023
Troubleshooting Guide: Fixing the “User Profile Service Failed The Sign-In” Error

Jul 19, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.