Microsoft Defender for Endpoint Pricing Plans

Microsoft recently announced that Microsoft Defender for Endpoint will soon be available in two plans: P1 and P2. In this article, I will look at how the two plans compare.

With Windows, MacOS, iOS, and Android devices being the most common target for cyber criminals, malware and threats are continuously improving and evolving.

In the most recent announcement, Microsoft revealed that organizations have been under increasing attack from web-based threats and ransomware.

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint is a security suite for end-user devices, like Windows PCs and Android phones, that is designed to protect enterprises against advanced threats including viruses, ransomware, rootkits and other types of malware.

Microsoft Defender for Endpoint is part of the Defender suite, which includes Defender for Endpoint, Defender for Identity, and Defender for Office 365. Defender for Endpoint was originally released as Windows Defender ATP (Advanced Threat Protection), a product which added improvements to the capabilities of the Windows Defender solution included in Windows 10.

Figure1 3
Microsoft Defender for Endpoint (Image Credit: Microsoft)

In 2019, Windows Defender ATP become Microsoft Defender ATP, and included an array of threat protection capabilities.

Microsoft Defender for Endpoint was a single license product that was included in Microsoft 365 E5 (and A5), Microsoft 365 E5 Security (add-on), and Standalone.

In August 2021, Microsoft announced that the single licensed product would be split into two products: Defender for Endpoint P1 (Plan 1) and Defender for Endpoint P2 (Plan 2).

Microsoft Defender for Endpoint subscription plans

Microsoft Defender for Endpoint will soon be available in two plans: P1 and P2. Plan 2 (P2) is available now and it contains advanced features like advanced threat hunting and device discovery. Plan 1 (P1) is currently in preview and it contains the base features like next-generation antimalware and antivirus protection, centralized management, and security reports.

Recently, Microsoft announced that it is “excited to offer a foundational set of our market leading endpoint security capabilities for Windows, macOS, Android and iOS at a lower price, in a new solution named ‘Microsoft Defender for Endpoint Plan 1 (P1), which will be included in Microsoft 365 E3 at no extra cost”.

Microsoft Defender for Endpoint P2 contains the same feature set as the original full-featured Microsoft Defender for Endpoint product. The new Microsoft Defender for Endpoint P1 product gives access to a subset of the features available in the P2 plan.

The following is a high level breakdown of the available features, as described in a Microsoft blog post:

Microsoft Defender for Endpoint Plan 1 Capabilities Overview (Image Credit: Microsoft)
Microsoft Defender for Endpoint Plan 1 Capabilities Overview (Image Credit: Microsoft)

Microsoft Defender for Endpoint (Plan 1) features

Plan 1 contains a subset of the features from the original Defender for Endpoint product, as shown below:

Microsoft Defender for Endpoint Feature P1 P2
Application Control Included Included
Attack Surface Reduction Rules Included Included
Centralized Management Included Included
Controlled Folder Access Included Included
Custom Threat Intelligence Included Included
Device Control Included Included
Device-based Conditional Access Included Included
Endpoint Firewall Included Included
Next-generation Antimalware Included Included
Unified Security Tools Included Included
Web Content Filtering Included Included
Automated Investigation and Remediation Included
Endpoint Detection and Response Included
Microsoft Threat Experts Included
Sandbox (Deep Analysis) Included
Threat Analytics Included
Threat and Vulnerability Management Included

Whilst Microsoft has kept the most advanced features for Plan 2, there are some significant capabilities in Plan 1 that will help organizations stay secure, for example:

Windows Defender Application Control (WDAC) is advanced protection against zero-day threats through the use of a number of configurable rules that determine the integrity of the file or application being executed. Combined with good application management practices, WDAC can be incredibly affective in the fight against new and emerging threats.

Device Control allows organizations to control the use of external devices such as USB or printers, by either reporting on their use, or preventing use, depending on the policy assigned. It is also possible to include exceptions to these report and prevent rules, to meet differing business needs.

Web Content Filtering shifts the responsibility for Web Protection from network and web filter appliances and places it on the endpoint itself. With the recent update in working from home, this means that users are protected no-matter how they browse the web. Web Content Filtering in Microsoft Defender for Endpoint P1 and P2 protects all browsers and apps on the endpoint.

Microsoft Defender for Endpoint (Plan 2) features

Whilst the list of features included in P1 is extensive, it misses out on the advanced capabilities available in P2.

Plan 2 includes Endpoint Detection and Response, alongside Automated Investigation and Remediation, which are advanced features that provide incredibly strong protection from security breaches and attacks. Automated Investigation and Response significantly lowers the time taken to remediate an attack, ensuring the business can get back online more quickly. As the capabilities in Plan 2 are AI-driven, rather than definition based, organizations will be ahead of, and protected against, the latest malware, threats, and zero days.

Microsoft Defender for Endpoint pricing

The new P1 offering no longer requires the expensive E5 option; it is included in Microsoft 365 E3 (and A3). It is available for purchase Standalone, meaning organizations that wish to utilize Defender for Endpoint outside of an M365 E3 or E5 agreement are able to purchase either Plan 1 or Plan 2 as a Standalone option.

Note: Defender for Endpoint P1 is currently in Preview and not available for purchase. Availability and Pricing for the Standalone offering is expected towards the end of 2021.

Affordable threat protection for most organizations

By splitting Microsoft Defender for Endpoint into P1 and P2, Microsoft have provided affordable threat protection for most organizations, which may help ensure they don’t fall back to third-party offerings to meet their endpoint security requirements.

Related articles