Back

Defender for Endpoint P1 & P2 Pricing, Features, and Comparison

Microsoft is taking steps to bring the best cybersecurity features to more businesses One of their flagship products for enterprise cybersecurity De...

5 min read
Published on Dec 21, 2021
Defender for Endpoint P1 & P2 Pricing, Features, and Comparison

Microsoft is taking steps to bring the best cybersecurity features to more businesses. One of their flagship products for enterprise cybersecurity, Defender for Endpoint, is being split into two separate options. This will allow the software to have a broader appeal, and further its reach. In order to decide which is best for your business, you’ll need to understand the reason for the split and how the two options compare.

Why Are They Splitting?

In its original form, Defender for Endpoint was a complete solution for the most demanding cybersecurity needs at large enterprises. This made the project a less attractive option for smaller companies who didn’t need all the features and couldn’t justify the price. Indeed, by splitting the product into a smaller subset of features, now known as Plan 1, Microsoft brings it to more organizations. Going forward, the full-featured version of Defender for Endpoint will be referred to as Plan 2.

Microsoft Defender for Endpoint Cost

Microsoft Defender for Endpoint is available as a standalone product or as part of Microsoft 365, with Plan 1 at $3 per user and Plan 2 at $5.20 per user. A free trial is available for Microsoft Defender for Endpoint.

Defender for Endpoint Plan 1 and Plan 2 Feature Comparison

The lower price afforded by the reduced feature set of Plan 1 means that Defender for Endpoint will now be an option for more businesses. But what exactly has been removed, and what remains? Let’s take a look at the features that remain in Plan 1 and those that remain unique to Plan 2.

Included in Plan 1

Defender for Endpoint plan 1 contains the following subset of Defender for Endpoint’s full feature set:

Attack Surface Reduction Rules

Certain software behaviors are used most often in risky code. While there are usually legitimate uses as well, these behaviors show up most commonly in malware. By preventing these behaviors from running, Defender for Endpoint reduces the number of surfaces your systems can be attacked by.

Ransomware Mitigation

Malicious code often takes over important files and refuses to grant you access to them unless you pay a ransom. Defender for Endpoint can control which processes can access important folders, so ransomware never gets the access needed to hold your data hostage.

Device Control

If you’ve watched any spy movies, you’ve likely seen a character insert a USB drive into a computer to insert malicious code. This is a real threat. Indeed, Defender for Endpoint helps you prevent it by limiting the access that unauthorized peripherals have.

Web Protection

There are two threats that unlimited access to the internet allows for. First, and most importantly, there are a number of phishing sites, exploit sites, and other malicious websites in the wild. Defender for Endpoint automatically blocks access to known security threats. Secondly, you can block access to other risky sites by category, such as adult content, sites that may open your organization to legal liability, or leisure sites that may reduce workforce productivity.

Network Protection

Web protection provides extensive support to protect your organization’s internet-enabled applications from accessing malicious web content. However, it only works on certain web-enabled applications, such as Microsoft Edge. Network protection extends the capability of web protection to the operating system level, preventing applications that secretly access the internet from harming your machine.

Network Firewall

The network firewall allows you to take more custom control over what traffic is allowed to and from your network. With a set of rules that you create, you can, then, reduce the risk of network security threats and safeguard sensitive data.

Application Control

Malicious applications are a major threat vector for cyberattacks. With application control, Defender for Endpoint can limit the applications that are allowed to run on your system. It can also work on a variety of rules, including the presence of codesigning certificates, application reputation, launching process, and more.

Included in Plan 2

a woman using Defender for Endpoint in the office.

Defender for Endpoint Plan 2 includes everything in Plan 1, as well as the following features:

Endpoint Detection and Response

Defender for Endpoint brings in advanced threat protection by detecting, investigating, and responding to endpoint threats that have made it past the first level of security checks. With a query-based tool, you can, indeed, proactively find breaches and create custom automatic detections.

Automated Investigation and Remediation

Alerting a human to potential threats so they can respond is a good first step, but still allows threats to persist until manual intervention can occur. Defender for Endpoint’s automated investigation and remediation shut down threats within minutes.

Threat and Vulnerability Management

In a large organization, the responsibilities of threat detection and remediation can be spread across several teams. With threat and vulnerability management, coordination between the various teams enhances in much the same way that project management tools enhance productivity in other areas. This then reduces the time needed to respond to threats.

Threat Analytics

Big data has enabled advanced algorithms to make our lives easier in many ways, but detecting patterns that humans can’t and automatically responding to them. The advanced threat analytics Defender for Endpoint captures provides the data Defender needs to identify threats and generate alerts faster.

Microsoft Threat Experts

Microsoft’s team of threat experts is at your disposal with Defender for Endpoint Plan 2. You can engage with a security expert from within the Defender Security Center to get timely and accurate answers. In addition, you receive managed threat monitoring and analysis for quicker alerts to security threats that make it past the other defenses.

Integrations

Defender for Endpoint Plan 2 integrates with the applications your organization uses on a daily basis, including:

  • Azure Defender
  • Azure Sentinel
  • Microsoft Cloud App Security
  • Intune
  • Microsoft Defender for Identity
  • Microsoft Defender for Office
  • Lastly, Skype for Business

Learn More About Defender for Endpoint

Agile IT is a Microsoft Gold Partner with 16 Gold competencies including Security and Windows management, and seventeen years of experience in licensing, migrating, and managing Microsoft Cloud Environments. Thus, to find out more about how you can reduce license costs while expanding and simplifying security, schedule a consultation with a cloud advisor today to schedule a consultation with a cloud advisor today.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

How MSPs, RPOs, and C3PAOs Help Organizations Achieve CMMC Compliance

How MSPs Help Organizations Achieve CMMC Compliance

MSPs, RPOs, and C3PAOs play a crucial role in CMMC compliance. Learn how to choose the right consultant, third-party auditor, or provider to meet CMMC certification requirements.

May 20, 2025
8 min read
CMMC Compliance Requirements for Level 1 Level 2 and Level 3

CMMC Compliance Requirements for Level 1 Level 2 and Level 3

CMMC certification requires different cybersecurity controls at each level. Learn the key requirements for Level 1, Level 2, and Level 3 compliance and how they align with NIST 800-171.

May 16, 2025
5 min read
Common Questions About Azure Migration Answered

Common Questions About Azure Migration Answered

Get answers to the most common Azure migration questions. Learn about costs, best practices, security, compliance, and troubleshooting cloud migration challenges.

Apr 29, 2025
3 min read
AVD vs W365 in GCC high reducing your CMMC scope

AVD vs W365 in GCC High Reducing Your CMMC Scope and Simplifying Compliance

Comparing AVD vs W365 for GCC High? Learn how each can reduce your CMMC assessment scope and simplify security and compliance management in government environments.

Apr 28, 2025
7 min read
Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

Implementing Cybersecurity Policies for CMMC Compliance and Managing CUI

CMMC compliance requires well-documented cybersecurity policies. Learn how to implement security controls, create an SSP and POA&M, and manage Controlled Unclassified Information (CUI).

Apr 25, 2025
7 min read
CMMC compliance for DoD contractors

CMMC Compliance Requirements for DoD Contractors and Subcontractors in the Defense Industry

CMMC compliance is mandatory for DoD contractors and subcontractors. Learn about certification levels, requirements, and the consequences of failing to meet compliance.

Apr 24, 2025
6 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation