Compare security features in Microsoft 365 plans for small and medium-sized businesses

Microsoft offers a wide variety of cloud solutions and services, including several different plans for small and medium-sized businesses. For example, Microsoft 365 Business Premium includes security and device management capabilities, along with productivity features, like Office apps. This article is designed to help clarify what security features, such as device protection, are included in Microsoft 365 Business Premium, Microsoft Defender for Business, and Microsoft Defender for Endpoint.

Got a minute? Please take our short survey about security. We'd love to hear from you!

Use this article to:

You don't have to have a Microsoft 365 subscription to buy and use Microsoft Defender for Business. Microsoft Defender for Business is included in Microsoft 365 Business Premium, and it is available as a standalone security solution for small and medium-sized businesses. If you already have Microsoft 365 Business Basic or Standard, consider adding either upgrading to Microsoft 365 Business Premium or adding Microsoft Defender for Business to get more threat protection capabilities.

Compare security features in Microsoft Defender for Business to Microsoft 365 Business Premium

Note

This article is intended to provide a high-level overview of threat protection features included in Microsoft Defender for Business (as a standalone plan) and Microsoft 365 Business Premium (which includes Defender for Business). This article is not intended to serve as a service description or licensing contract document. For more information, see the Microsoft 365 licensing guidance for security & compliance.

As of March 1, 2022, Defender for Business is included in Microsoft 365 Business Premium. Defender for Business is also available as a standalone subscription. The following table compares security features and capabilities in Defender for Business (standalone) to Microsoft 365 Business Premium.

Feature/Capability Microsoft Defender for Business
(standalone)
Microsoft 365 Business Premium
(includes Defender for Business)
Email protection Yes
- Email scanning with Microsoft Defender Antivirus
Yes
- Exchange Online Protection
- Email scanning with Microsoft Defender Antivirus
Antispam protection Yes
- For devices
Yes
- For devices
- For Microsoft 365 email content, such as messages and attachments
Antimalware protection Yes
- For devices
Yes
- For devices
- For Microsoft 365 email content, such as messages and attachments
Next-generation protection
(antivirus and antimalware protection)
Yes
- Microsoft Defender Antivirus is included in Windows 10 and later
Yes
- Microsoft Defender Antivirus is included in Windows 10 and later
- Next-generation protection policies for onboarded devices
Attack surface reduction
(ASR rules in Windows 10 or later and firewall protection)
Yes Yes
Endpoint detection and response
(behavior-based detection and manual response actions)
Yes Yes
Automated investigation and response Yes Yes
Threat & vulnerability management Yes Yes
Centralized management and reporting Yes Yes
APIs
(for integration with custom apps or reporting solutions)
Yes Yes

Compare Microsoft Defender for Business to Microsoft Defender for Endpoint Plans 1 and 2

Defender for Business brings enterprise-grade capabilities of Defender for Endpoint to small and medium-sized businesses. The following table compares security features and capabilities in Defender for Business to the enterprise offerings, Microsoft Defender for Endpoint Plans 1 and 2.

Feature/Capability Defender for Business
(standalone)
Defender for Endpoint Plan 1
(for enterprise customers)
Defender for Endpoint Plan 2
(for enterprise customers)
Centralized management Yes [1] Yes Yes
Simplified client configuration Yes No No
Threat & vulnerability management Yes No Yes
Attack surface reduction capabilities Yes Yes Yes
Next-generation protection Yes Yes Yes
Endpoint detection and response Yes [2] No Yes
Automated investigation and response Yes [3] No Yes
Threat hunting and six months of data retention No [4] No Yes
Threat analytics Yes [5] No Yes
Cross-platform support
(Windows, macOS, iOS, and Android OS)
Yes [6] Yes Yes
Microsoft Threat Experts No No Yes
Partner APIs Yes Yes Yes
Microsoft 365 Lighthouse integration
(For viewing security incidents across customer tenants)
Yes Yes [7] Yes [7]

(1) Onboard and manage devices in the Microsoft 365 Defender portal (https://security.microsoft.com) or with Microsoft Intune, managed in the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com).

(2) Endpoint detection and response (EDR) capabilities in Defender for Business include behavior-based detection and the following four types of manual response actions:

  • Run antivirus scan
  • Isolate device
  • Stop and quarantine a file
  • Add an indicator to block or allow a file

(3) In Defender for Business, automated investigation and response is turned on by default, tenant wide. If you turn off automated investigation and response, it affects real-time protection. See Review settings for advanced features.

(4) There is no timeline view in Defender for Business.

(5) In Defender for Business, threat analytics are optimized for small and medium-sized businesses.

(6) See Onboard devices to Microsoft Defender for Business.

(7) The ability to view incidents across tenants using Defender for Endpoint is new!

Next steps