Monday, November 15, 2021

Microsoft Defender for Endpoint Plan 1 Now Generally Available

We are excited to announce the General Availability of Microsoft Defender for Endpoint Plan 1 (P1). MDE P1 demonstrates Microsoft’s commitment to delivering best of breed, multi-platform, and multi-cloud security for all organizations across the globe, providing a foundational set of our market leading endpoint security capabilities for Windows, macOS, Android, and iOS at a lower price point.


The endpoint remains one of the most targeted attack surfaces as new and sophisticated malware and ransomware continue to be prevalent threats. A recent Endpoint Security Report shows that endpoints are responsible for 70% percent of all security breaches, and 42% of all endpoints are unprotected at any given time, while Microsoft security researchers have tracked nearly a 121% increase in organizations who have encountered ransomware over the last year (July 2020 - July 2021).


Keeping up with the speed and sophistication of the rapidly evolving threat landscape requires a different approach to security, one that is based on cloud native technology, built on deep threat and human intelligence, and that can easily scale. It requires robust prevention that uses AI and machine learning to rapidly stop threats and a solution that enables a Zero Trust approach.


What can you expect from MDE P1?

MDE P1 is focused on prevention/EPP including:

  • Industry leading antimalware that is cloud-based with built-in AI that helps to stop ransomware, known and unknown malware, and other threats in their tracks.
  • Attack surface reduction capabilities that harden the device, prevent zero days, and offer granular control over access and behaviors on the endpoint.
  • Device based conditional access that offers an additional layer of data protection and breach prevention and enables a Zero Trust approach.

All these capabilities stand on the same strong foundation that all Microsoft Defender for Endpoint customers benefit from today:

  • Cloud powered solution with nearly infinite scale to meet your needs – no additional IT costs, no compatibility issues, no waiting for updates.
  • Unparalleled breadth and depth of built-in threat and human intelligence powered by machine learning models and AI.
  • A unified solution offering unmatched threat visibility, incident correlation and insight, and a world class SecOps experience as part of Microsoft 365 Defender – our XDR solution.


Customers looking for the complete set of endpoint security capabilities should strongly consider Microsoft Defender for Endpoint Plan 2 (P2) which was previously called Microsoft Defender for Endpoint. P2 is by far the best fit for enterprises that need a solution with advanced threat prevention and detection, deep investigation, and hunting capabilities, and advanced SecOps investigation and remediation tools. P2 includes everything in P1, plus endpoint detection and response, automated investigation and incident response, and threat and vulnerability management and more.


The below table offers a comparison of capabilities are offered in Plan 1 versus Plan 2.



Comparison between Microsoft Defender for Endpoint P1 and P2 capabilities. Microsoft Threat Experts includes Targeted Attack Notifications (TAN) and Experts on Demand (EOD). Customers must apply for TAN and EOD is available for purchase as an add-on.



Try it today

MDE P1 is now available as a standalone SKU licensed per user. Eligible licensed users will be able to use Microsoft Defender for Endpoint Plan 1 on up to five concurrent devices.


Starting next year, MDE P1 will be included as part of Microsoft 365 E3/A3 with the same per user model and device entitlements as stated above. All existing Microsoft 365 E3/A3 customers will be have access to MDE P1. Customers with Microsoft 365 E5 licenses are already entitled to the full, comprehensive MDE P2 solution.


  • For a free trial of Microsoft Defender for Endpoint P1, click here. To learn more about Microsoft 365 E3/A3, click here.
  • For a free trial of Microsoft Defender for Endpoint P2, click here. To lean more about Microsoft 365 E5, click here.


For detailed information on Microsoft Defender for Endpoint P1 capabilities and deployment guidelines please visit our documentation page. Microsoft Defender for Endpoint P1 supports client endpoints running Windows 7*, 8.1, 10, 11, macOS, Android, and iOS. For detailed hardware and software requirements, please visit our documentation.


We’re excited to offer more options for organizations across the globe to be able to adopt our industry leading endpoint security capabilities. Customer feedback is critical to us and our development process. We are grateful to the many customers who have given us their input and look forward to hearing more from you. Please don’t hesitate to reach out with your thoughts either in the comments or by clicking on the “Give feedback” button in Microsoft 365 Defender.


* Windows 7 requires Extended Security Updates (ESU) for support. For more information on Windows 7 ESU, please check out the FAQ



Learn more

To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Posted at