Microsoft Defender for Business - Frequently asked questions and answers

Use this article to get answers to questions you might have about Defender for Business.

Can I extend my preview trial of Defender for Business?

As Defender for Business is now generally available, the preview program has ended and can't be extended.

See Get Microsoft Defender for Business.

How do I try or buy Defender for Business?

Go to the Microsoft Defender for Business web page, and select the option to try or buy Defender for Business.

For more information, see Get Microsoft Defender for Business.

Is there a limit to how many users can be licensed for Defender for Business?

Defender for Business is designed for small and medium-sized businesses who have up to 300 users. If you have more than 300 users, consider an enterprise solution, such as one of the following:

How many devices can I onboard and secure with Defender for Business?

You can onboard and secure up to five devices per user license.

Does Defender for Business support servers?

Server support is coming soon. This new server offering will have a licensing prerequisite of Microsoft 365 Business Premium or Microsoft Defender for Business (standalone).

Does Defender for Business protect macOS, Android, and iOS/iPadOS client devices?

Yes. Defender for Business supports protection for macOS, Android, and iOS/iPadOS devices. See Onboard devices.

  • You can onboard macOS devices using a local script in the Microsoft 365 Defender portal.
  • To onboard Android and iOS/iPadOS devices, you must have a license for Microsoft Intune. Intune is included in Microsoft 365 Business Premium, and can be purchased for Defender for Business (standalone).

More simplification for macOS, iOS/iPadOS, and Android devices is on the roadmap.

Can I configure more than one web content filtering policy in Defender for Business?

Currently, Defender for Business supports only one uniform web filtering policy per Defender for Business tenant.

See Set up web content filtering.

Can I use non-Microsoft antivirus/antimalware software with Defender for Business?

Although you can technically onboard devices that are running a non-Microsoft antivirus/antimalware solution, you could run into an issue where real-time protection could be turned off on those devices. If real-time protection is turned off on a device, the device will appear to be not protected.

In Defender for Business, real-time protection is turned on by default; however, devices running non-Microsoft antivirus/antimalware software could affect your settings.

To learn more, see I'm seeing indications that some devices aren't protected even though they're onboarded to Defender for Business.

How can I run custom reports with Defender for Business?

Defender for Business currently includes a set of APIs to support robust custom reporting, and a Power BI connector. You could schedule a PowerShell script to generate executive summaries formatted in HTML, and send those summaries via email. See API reference information.

I'm a Microsoft partner. Will I be able to manage multiple tenants from one control panel, or will I have to sign in to each tenant individually?

Defender for Business is enabled in Microsoft 365 Lighthouse for multi-tenant support in a single console (https://lighthouse.microsoft.com).

To learn more, see Overview of Microsoft 365 Lighthouse.

How do I configure attack surface reduction rules and capabilities in Defender for Business?

Simplified configuration for attack surface reduction rules and capabilities via Defender for Business in the Microsoft 365 Defender portal (https://security.microsoft.com) isn't supported yet. If you have Microsoft Intune, you can use the Microsoft Endpoint Manager admin center to configure your attack surface reduction policies. See Attack surface reduction policy for endpoint security in Intune.

If I don't currently have Microsoft Intune, do I need an another license to use features that are included in both Defender for Business and Intune?

If you have Defender for Business as a standalone subscription and you don't have Intune, you can onboard and secure Windows and macOS devices in the Microsoft 365 Defender portal (https://security.microsoft.com).

You can also manage your next-generation protection and firewall protection policies in the Microsoft 365 Defender portal with a simplified configuration experience.

To manage other settings, such as attack surface reduction policies, or to onboard other devices, such as Android or iOS/iPadOS devices, you'll need Intune. Intune is included in Microsoft 365 Business Premium, and can be purchased for Defender for Business (standalone) subscriptions.

If I'm already using Microsoft 365 Business Premium, why do I need Defender for Business?

If you have Microsoft 365 Business Premium, then Defender for Business is included in your subscription. To learn more, see the following articles:

Defender for Business extends security capabilities in Microsoft 365 Business Premium with endpoint protection for your company's devices.

What are the differences between Defender for Business and Defender for Endpoint Plans 1 and 2?

Both Defender for Business and Defender for Endpoint provide strong threat protection capabilities for your company's endpoints. Defender for Business was designed for small and medium-sized businesses (up to 300 employees). With a simplified configuration process and device onboarding options, Defender for Business enables customers who don't necessarily have a security background to set up, configure, and use Defender for Business to protect company devices.

To learn more about the differences, see Compare Microsoft Defender for Business to Microsoft 365 Business Premium.

What happens if I have a mix of Microsoft endpoint security subscriptions?

Suppose you have assigned 10 users a Defender for Business license, and you have assigned 10 other users a Defender for Endpoint Plan 2 license. What happens if you have a mix of subscriptions like this example in your tenant?

The highest functional Microsoft endpoint security subscription sets the experience for your tenant. Using our example, your tenant experience would be Defender for Endpoint Plan 2 for all 20 users. You can now contact support and request an override for your tenant experience.

Referring to our example, you could request an override to keep the simplified Defender for Business experience, even if you have some Defender for Endpoint Plan 2 licenses. See Get support for Microsoft 365 for business.

In the coming months, the default settings will change. When that happens, a tenant with Defender for Business will default to the Defender for Business flavor, tenant wide. This default behavior will help ensure the simplified experience is maintained for small and medium-sized business customers.

For details about licenses and product terms, see Licensing and product terms for Microsoft 365 subscriptions.

My organization has grown to more than 300 employees, and I have a mix of Microsoft endpoint security subscriptions. Can I still use Defender for Business?

Suppose your company has grown from 250 users to 330 users, and you now have a mix of Microsoft endpoint security subscriptions, such as 300 Defender for Business licenses and 30 Microsoft 365 E3 licenses.

Defender for Business and Microsoft 365 Business Premium are for customers who have up to 300 users. For details about licenses and product terms, see Licensing and product terms for Microsoft 365 subscriptions.

If you now have more than 300 users, we recommend getting a subscription that includes Defender for Endpoint for all users. However, we understand that there are scenarios where a customer grows to more than 300 users within a license term.

Referring to our example, suppose you started your license term with 250 Defender for Business licenses, and now you have 300 Defender for Business licenses and 30 Microsoft 365 E3 licenses (Microsoft 365 E3 includes Defender for Endpoint Plan 1). In this case, Defender for Business remains the highest functional Microsoft endpoint security subscription, and the Defender for Business flavor will apply tenant wide. When it's time to renew your subscription, we recommend choosing an enterprise plan, such as one of the following subscriptions:

How are my Defender for Business security reports affected if I have more than 300 users?

Defender for Business is designed for customers who have up to 300 employees. If you have more than 300 users and a mix of licenses, such as 300 Defender for Business licenses, and 30 Defender for Endpoint Plan 1 licenses, your security reports for Defender for Business will show data for only the users who are assigned Defender for Business licenses.

In this case, all users will be protected by Defender for Business, but your Defender for Business reports won't show data for the 30 users who are assigned Defender for Endpoint Plan 1 licenses.

To learn more about reports in Defender for Business, see Reports in Microsoft Defender for Business.

How can I view my organization's Microsoft subscriptions and user licenses?

You can view your current subscriptions and licenses in the Microsoft 365 admin center (https://admin.microsoft.com).

See Understand subscriptions and licenses in Microsoft 365 for business.