Microsoft Defender for Endpoint
Microsoft Defender Antivirus is the next-generation protection component of Microsoft Defender for Endpoint. This protection brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices in your organisation.
Microsoft Defender for Endpoint (EDR) is Microsoft’s next-generation device based threat protection solution. This is not to be confused with Microsoft defender for Office 365 which focuses on protecting your Microsoft Office 365 environment.
Microsoft EDR is integrated into the heart of Windows 10 and as you climb the editions of Windows 10 or add additional subscription licenses such as the security suite EMS E3 or E5, Microsoft Intune or purchase Microsoft Defender for Endpoint as a subscription, so do its features and capabilities.
What is the difference between traditional Anti-virus software and Microsoft Defender for Endpoint EDR?
Endpoint Detection and Response (EDR) is the new model of endpoint (anti-virus) protection software. EDR is intelligence-driven and unlike traditional anti-virus software that kicks in at the point that malware is detected, EDR is able to identify and prevent threats before they start to run or impact on systems.
What’s more, EDR is able to take a centralised, company-wide view on what’s happening and where necessary, initiate automated investigations, block irregular activity (not just malware) and compile a forensic analysis of the situation. IT or security operations teams are also able to leverage EDR tools to manually initiate investigations to search for known vulnerabilities and threats on a company-wide level.
Part of the new Defender range of products and designed to integrate fully with Windows 10 and Microsoft 365, Microsoft Defender for Endpoint is our recommended EDR solution. Microsoft Defender for Endpoint replaces any existing Anti-Virus product and is available on a per user, per month subscription basis.
Compare plans and capabilities for Microsoft Defender for Endpoint
Defender for Business
Defender for Business brings enterprise-level security to small and medium-sized organisations (under 300 seats). Built off of the same three pillars of NGP, EDR and TVM Defender for Business offers an advanced security suite to small and medium-sized businesses. As this product is aimed at smaller organisations the Advanced Hunting feature of EDR is not included as this feature is seen to only be required to enterprise organisations with full security teams.
Plan 1
Advanced version of standards Microsoft Defender Anti-Virus, uses next-gen protection and the ability to centrally manage the systems.
Plan 2
Enterprise-level products based on the following three pillars (more than 300 seats):
Next-Gen Protection (Advanced Anti-Virus)
To further reinforce the security perimeter of your network, Microsoft Defender for Endpoint uses next-generation protection designed to catch all types of emerging threats.
Endpoint Detection and Response (EDR)
Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. Advanced hunting provides a query-based threat-hunting tool that lets you proactively find breaches and create custom detections.
Threat and Vulnerability Management
This built-in capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
Customer size | < 300 Seats | > 300 Seats | |
---|---|---|---|
Endpoint Capabilities | Microsoft Defender for Business |
Microsoft Defender for Endpoint Plan 1 |
Microsoft Defender for Endpoint Plan 2 |
Centralised Management | ✔ | ✔ | ✔ |
Simplified Client Configuration | ✔ | ||
Threat and Vulnerability Management | ✔ | ✔ | |
Attack Surface Reduction | ✔ | ✔ | ✔ |
Next-Gen Protection | ✔ | ✔ | ✔ |
Endpoint Detection and Response | ✔ | ✔ | |
Automated Investigation and Response | ✔ | ✔ | |
Threat Hunting with 6-Months Data Retention | ✔ | ||
Threat Analytics | ✔ | ✔ | |
Cross Platform Support for Windows, MacOS, iOS and Android | ✔ | ✔ | ✔ |
Microsoft Threat Experts | |
✔ | |
Partner APIs | ✔ | ✔ | ✔ |
If you would like to talk to one of our experts about Microsoft Defender for Endpoint and which plan is the best suited to your organisation’s needs simply arrange a meeting or pick up the phone.
Microsoft 365 Defender family
Defender for Endpoint
Microsoft Defender Antivirus is the next-generation protection component of Microsoft Defender for Endpoint. This protection brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices in your organisation.
From £2.50 to £3.90
per user per month
Billing conditions apply
Defender for Office 365
Defender for Office 365 helps organisations secure their systems by offering a comprehensive suite of prevention, detection, investigation and hunting, response and remediation, awareness and training, and secure posture features.
From £1.64 to £4.10
per user per month
Billing conditions apply
Defender for Identity
Microsoft Defender for Identity is a cloud-based security solution from Microsoft that is used in conjunction with an organisation’s on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions.
From £4.10
per user per month
Billing conditions apply
Defender for Cloud Apps
Cloud App Security (CASB) allows organisations to better understand their overall cloud position across software as a service apps (SaaS) and cloud services and add controls to protect sensitive information.
From £2.60
per user per month
Billing conditions apply