The history of Microsoft Defender for Endpoint for Servers is a confusing one, and one that I have been trying to keep track of and define the exact situation for a while. And it does keep changing so let’s look at the changes that have happened with the licencing and finally discuss the Defender for Cloud option that Microsoft seemingly would prefer – and frankly I agree…
What I do know is:
1. Originally, you could only buy it as an add-on if you had 50 or more Microsoft Defender for Endpoint licences.
2. Then Microsoft announced that you couldn’t buy in any more from 1 Sept 2022,
3. … except maybe if you had an EA agreement.
4. Then, at some point it was reintroduced to the CSP pricelist.
And so just for fun, I bought one to make sure.
Defender for Endpoint for Server Licences
Still not satisfied I really want to understand the changes that have taken place, so I’ve been digging through the licence site. From here you can look at the licencing agreements for all products across the various licences programs and go back in time and check the old licences.
So, we can see that it was available one did indeed need a combined minimum of 50 licenses Microsoft Defender for Endpoint.
So that’s all well and good but if we compare it to today it no longer exists.
Only actually it does – it’s just a name change to confuse us…
Microsoft Defender for Endpoint (server) is now Microsoft Defender for Endpoint for Servers.
Reference
https://www.microsoft.com/licensing/terms/productoffering/MicrosoftDefenderforEndpointforservers/MCA
So, we have most the answer. It does appear to have disappeared at some stage, also when through a minor name change and eligibility requirements have been relaxed. But, should one buy it or is there a better way?
Microsoft Defender for Business servers
Before we go any further, we have to acknowledge that there is also Microsoft Defender for Business servers look at.
Two things to notice:
- You must be using M365 Business Premium and Microsoft Defender for Business
- You can have a maximum of 60 servers licenced with Microsoft Defender for Business servers.
Microsoft Defender for Endpoint Plan 1 or Plan 2
The following table is a breakdown of the features included in Microsoft Defender for Endpoint Plan 1 and Plan 2.
Microsoft Defender for Endpoint Plan 1 (P1) Features
- Next-generation protection (includes antimalware and antivirus)
- Attack surface reduction
- Manual response actions
- Centralized management
- Security reports
- APIs
- Support for Windows 10, Windows 11, iOS, Android OS, and macOS devices
The green boxes in the following image show what is included in Defender for Endpoint Plan 1:
Microsoft Defender for Endpoint Plan 2 (P2) Features
Microsoft Defender for Endpoint P2 delivers all the capabilities of Microsoft Defender for Endpoint P1 with additional capabilities such as endpoint detection and response, automated investigation and remediation, threat and vulnerability management, threat intelligence, sandbox, and Microsoft threat experts..
- Device discovery
- Device inventory
- Core Defender Vulnerability Management capabilities
- Threat Analytics
- Automated investigation and response
- Advanced hunting
- Endpoint detection and response
- Endpoint Attack Notifications
- Support for Windows client and server
- Support for Non-Windows platforms (macOS, iOS, Android, and Linux)
For details, see Microsoft Defender for Endpoint documentation
But we are interested in servers and Defender for Endpoint for Servers is the equivalent of Microsoft Defender for Endpoint P2.
Microsoft Defender for Cloud
Microsoft Defender for Cloud offers two paid plans for Defender for Server:
- Microsoft Defender for Servers Plan 1
- Microsoft Defender for Servers Plan 2
For a full list of the differences between Plan 1 and 2 you can check here: https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers-select-plan
Both Microsoft Defender for Cloud server Plan 1 and Plan 2 include the equivalent functionality of Microsoft Defender for Endpoint Plan 2.
Defender for Endpoint for servers vs Defender for Cloud Server
So finally, now lets get down to a decision.
- Defender for Endpoint for Servers = $4.99
- Microsoft Defender for Servers Plan 1 = $0.007/server/hour
As Defender for Cloud – Defender for Servers licensing is charged per hour instead of per seat, you will only be charged when the server is in use. But if the server is on constant that works out at $5.11 based on 730 hours.
There are of course lots of other features as part of Defender for Cloud and by enabling the Foundational CSPM you can start getting deeper insights into the security configuration of you cloud resources.
One last note, if you have Defender for Endpoint for Servers licences and wish to make the switch to Microsoft Defender for Cloud you can get a discount/rebate but I’ve never persoanlly gone through that process but mspeak to your friendly licence MSP.
So I hope this helps makes sense of some of the options open to you, especially after the changes over the last few years. My go to option is definitely Defender for Cloud but let me know what you are using.
I have written this partially to check in with my own knowledge, and I’ve done my best to ensure it is correct but please, as with all things, always check for yourself. If you do find any errors of omissions please let me know below.
You are no the only one who has found this confusing. I’m glad they have brough back the individual licences but I agree that Microsoft for Cloud is a preferable option. Thanks,
Thanks Guy
I’m in the process of onboarding my on-prem servers to Microsoft for Cloud via Arc but I have individual licences for MDE for I will let you know how it goes with any rebates/discounts. Thanks for the post.
That’s great. To the best of my knowledge speak to you MSP but it is also worth opening a support ticket with alll the details, through the Azure portal probably. Let me know how it goes!
Thanks for the article. I had a client asking me about this at the end of last year so this has been quite a help with clarifying.