Microsoft Defender for Business - Frequently asked questions and answers

Use this article to get answers to questions you might have about Defender for Business.

Can I extend my preview trial of Defender for Business?

As Defender for Business is now generally available, the preview program has ended and cannot be extended.

See Get Microsoft Defender for Business.

How do I try or buy Defender for Business?

Go to the Microsoft Defender for Business web page, and select the option to try or buy Defender for Business.

For more information, see Get Microsoft Defender for Business.

Is there a limit to how many users can be licensed for Defender for Business?

Defender for Business is designed for small and medium-sized businesses who have up to 300 users. If you have more than 300 users, consider an enterprise solution, such as Defender for Endpoint or Microsoft 365 Defender.

How many devices can I onboard and secure with Defender for Business?

You can onboard and secure up to 5 devices per user license.

Does Defender for Business support servers?

Server support is coming soon. This new server offering will have a licensing prerequisite of Microsoft 365 Business Premium or Microsoft Defender for Business (standalone).

Does Defender for Business protect macOS, Android, and iOS/iPadOS client devices?

Yes. Defender for Business supports protection for macOS, Android, and iOS/iPadOS devices. See Onboard devices.

  • You can onboard macOS devices using a local script in the Microsoft 365 Defender portal.
  • To onboard Android and iOS/iPadOS devices, you must have a license for Microsoft Intune. Intune is included in Microsoft 365 Business Premium, and can be purchased for Defender for Business (standalone).

Additional simplification for macOS, iOS/iPadOS, and Android devices is on the roadmap.

Can I configure more than one web content filtering policy in Defender for Business?

Currently, Defender for Business supports only one uniform web filtering policy per Defender for Business tenant.

See Set up web content filtering.

Can I use non-Microsoft antivirus/antimalware software with Defender for Business?

Although you can technically onboard devices that are running a non-Microsoft antivirus/antimalware solution, you could run into an issue where real-time protection could be turned off on those devices. If real-time protection is turned off on a device, the device will appear to be not protected.

In Defender for Business, real-time protection is turned on by default; however, devices running non-Microsoft antivirus/antimalware software could affect your settings.

To learn more, see I'm seeing indications that some devices aren't protected even though they're onboarded to Defender for Business.

How can I run custom reports with Defender for Business?

Defender for Business currently includes a set of APIs to support robust custom reporting, and a Power BI connector. You could schedule a PowerShell script to generate executive summaries formatted in HTML, and send those summaries via email. See API reference information.

I'm a Microsoft partner. Will I be able to manage multiple tenants from one control panel, or will I have to sign in to each tenant individually?

Defender for Business is enabled in Microsoft 365 Lighthouse for multi-tenant support in a single console (https://lighthouse.microsoft.com).

To learn more, see Overview of Microsoft 365 Lighthouse.

How do I configure attack surface reduction rules and capabilities in Defender for Business?

Simplified configuration for attack surface reduction rules and capabilities via Defender for Business in the Microsoft 365 Defender portal (https://security.microsoft.com) isn't supported yet. If you have Microsoft Intune, you can use the Microsoft Endpoint Manager admin center to configure your attack surface reduction policies. See Attack surface reduction policy for endpoint security in Intune.

If I do not currently have Microsoft Intune, do I need an additional license to use features that are included in both Defender for Business and Intune?

If you have Defender for Business as a standalone subscription and you do not have Intune, you can onboard and secure Windows and macOS devices in the Microsoft 365 Defender portal (https://security.microsoft.com).

You can also manage your next-generation protection and firewall protection policies in the Microsoft 365 Defender portal with a simplified configuration experience.

To manage other settings, such as attack surface reduction policies, or to onboard other devices, such as Android or iOS/iPadOS devices, you'll need Intune. Intune is included in Microsoft 365 Business Premium, and can be purchased for Defender for Business (standalone) subscriptions.

If I'm already using Microsoft 365 Business Premium, why do I need Defender for Business?

If you have Microsoft 365 Business Premium, then Defender for Business is included in your subscription. To learn more, see the following articles:

Defender for Business extends security capabilities in Microsoft 365 Business Premium with endpoint protection for your company's devices.

What are the differences between Defender for Business and Defender for Endpoint Plans 1 and 2?

Both Defender for Business and Defender for Endpoint provide strong threat protection capabilities for your company's endpoints. Defender for Business was designed for small and medium-sized businesses (up to 300 employees). With a simplified configuration process and device onboarding options, Defender for Business enables customers who do not necessarily have a security background to set up, configure, and use Defender for Business to protect company devices.

To learn more about the differences, see Compare Microsoft Defender for Business to Microsoft 365 Business Premium.

What happens if I have a mix of Microsoft 365 Defender subscriptions?

Suppose you have assigned 10 users a Defender for Business license, and you have assigned 10 other users a Defender for Endpoint Plan 2 license. What happens if you have a mix of subscriptions like this example in the same tenant?

Mixed licenses are not supported. The highest functional Defender license sets the experience for the tenant.

Using our example, the tenant experience will be Defender for Endpoint Plan 2 for all 20 users.

Note that Defender for Business and Microsoft 365 Business Premium are for customers who have up to 300 users. For customers who need more than 300 user licenses, we recommend getting an enterprise subscription that includes Microsoft Defender for Endpoint Plan 1 or Plan 2.

For details about licenses, see Licensing and product terms for Microsoft 365 subscriptions.

I have another Microsoft Cloud subscription. Why am I not seeing Microsoft Defender for Business in my portal?

Currently, whenever a customer has multiple subscriptions, the highest subscription takes precedence. Here are some examples:

  • Example 1: If you have Microsoft Defender for Endpoint Plan 2 (purchased or trial subscription), and you get Microsoft Defender for Business, Defender for Endpoint Plan 2 takes precedence. In this case, you won't see the Defender for Business experience.
  • Example 2: If you have Microsoft Defender for Cloud (purchased or trial subscription), and you get Defender for Business, Defender for Cloud takes precedence. In this case, you won't see the Defender for Business experience.