What is Microsoft Defender for Business?


Fresh from the mind of...

Photo of author

Sam Vesey

Technical Director
Sam is an IT and Cyber Security expert, holding a vast array of industry certifications including CCNP, OSCP and CCNA x2.

Sam is certified to Network Professional level and takes ownership of the bzb IT technical blueprint. His primary responsibility is to ensure bzb IT is at the forefront of understanding how SMEs adopt the latest IT in a secure & profitable way

What is Microsoft Defender for Business, and could it suit your Business?

Small and Medium Enterprises (SMEs) are the backbone of the UK economy and a vital component in the supply chain. In a digital world, this prominence comes with a downside. An increasingly competitive marketplace, coupled with lower budgets for Security Controls is resulting in SMEs quickly becoming a more attractive target for malicious actors compared to larger enterprises.

The past few years have seen SMEs adopt “the cloud” for many of their workflows. This move has given us greater flexibility, mobility, and ultimately changed how we all live our lives for the better. It’s also shifted the risk landscape SMEs face, placing greater importance and autonomy on the Endpoint and highlighting the requirement for a Zero Trust Architecture. “Trust, but verify” is dead, which seems rather poignant given current world events.

With greater importance on the Endpoint and advances in attacker sophistication, traditional Endpoint protection such as anti-virus just doesn’t cut the mustard. The problem SMEs face is Enterprise features such as “Endpoint Detection and Response (EDR)” and “Threat and Vulnerability Management” typically come with an Enterprise price tag. With the launch of Microsoft Defender for Business, Microsoft says no longer.

What does Defender for Business include?

Defender for Business is a collection of capabilities bundled into a single Managed Security Services offering. The table below shows all the features:

Device security capabilities\SKUMicrosoft Defender for Business
Centralized management
Simplified Firewall and Antivirus configuration for Windows
Threat and Vulnerability Management
Attack Surface Reduction
Next-Gen Protection
Endpoint Detection and Response
Automated Investigation and Remediation
Threat Hunting and 6-months data retentionEnterprise Feature Only
Threat Analytics
Cross platform support for Windows, MacOS, iOS, and Android clients
Windows server and Linux serverMicrosoft Defender for Business servers add-on
Microsoft Threat ExpertsEnterprise Feature Only
Partner APIs
Microsoft 365 Lighthouse for viewing security incidents across customers

Let’s summarise this

Microsoft Defender for Business is an accessible product for SMEs, it’s available in two options, part of business premium or a standalone product. It provides functionality in all five key functions listed in the NIST Cyber Security Framework (CSF) – Identify, Protect, Detect, Respond and Recover.

  1. Identify: Threat & Vulnerability Management – Delivers asset visibility, intelligent assessments, and built-In remediation tools for Windows, macOS, Linux, Android, iOS and network devices. Continuously prioritizes the biggest vulnerabilities on your most critical assets and provides security recommendations to mitigate risk.
  2. Protect: Attack Surface Reduction – Your attack surface is all the places where an attacker could compromise your devices or network. Attack surface reduction rules constrain certain software behaviours that are sometimes seen in legitimate applications but are often considered risky.
  3. Protect, Detect and Respond: Next Generation Protection – Best seen as an Add-On to the OS in-built Microsoft Defender Antivirus. Next-Generation Protection adds key functionality to antivirus such as behaviour-based, heuristic and real-time av protection.
  4. Detect, Respond and Recover: Endpoint Detection & Response (EDR) – Endpoint detection and response capabilities in Defender provide advanced attack detection that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
  5. Recover: Auto Investigation & Remediation – Auto Investigation & Remediation (AIR) uses various inspection algorithms and is based on processes that are used by security analysts. AIR is designed to examine alerts and take immediate action to resolve breaches, reducing the load, improving response times and reducing damage caused.

How can you buy Defender for Business

Defender for Business is only available to SMEs (under 300 users) and can be purchased as a standalone product or as part of Microsoft 365 Business Premium. As we’re all now accustomed to when buying from Microsoft, the license is a per-user license and allows use of the product on 5 endpoints owned/operated by the licensed user. Seperately, Defender for Business Server (Windows and Linux) add-on is available as of Feb 2023. The add-on license is only available if you’re already using one of the above licenses.

Given the feature set available, Microsoft has done a great job with the price point, best seen as comparable to most AntiVirus offerings.

What do we think?

It’s remarkable that Microsoft has squeezed so many features into such a low price point. Defender for Business is a game changer for SMEs, bridging the gap between Enterprise features and realistic budgets. Microsoft 365 Business Premium is feature rich but can be a budget step too far for some, Defender for Business as a standalone license is a viable replacement to standard third-party AntiVirus products but includes Vulnerability Management, Next Generation Protection & Endpoint Detection and Response.

We’re looking forward to continuing our journey in integrating more Defender products for our clients. As technology advances, we’re investing significant resources in leading the way in integrating the latest and greatest for SMEs in the South West.

Related articles