Microsoft Defender for Endpoint Plan 1 and Plan 2

Applies to

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. Defender for Endpoint provides advanced threat protection that includes antivirus, antimalware, ransomware mitigation, and more, together with centralized management and reporting. Two plans are available:

Compare Defender for Endpoint plans

The following table describes what's included in each plan at a high level.

Defender for Endpoint Plan 1 Defender for Endpoint Plan 2
Next-generation protection
(includes antimalware and antivirus)

Attack surface reduction

Manual response actions

Centralized management

Security reports


Defender for Endpoint Plan 1, plus:

Device discovery

Threat and vulnerability management

Automated investigation and response

Advanced hunting

Endpoint detection and response

Microsoft Threat Experts

Support for Windows 10, iOS, Android OS, and macOS devices Support for Windows (client and server) and non-Windows platforms
(macOS, iOS, Android, and Linux)
To try Defender for Endpoint Plan 1, visit To try Defender for Endpoint Plan 2, visit

Next steps