Microsoft have announced the preview of “Microsoft Defender for Endpoint Plan 1”.
Microsoft Defender for Endpoint (MDfE) is the new name for “Microsoft Defender Advanced Threat Protection” (MDATP), which is the differentiator between Windows 10 E3 and E5. The existing version of MDfE will become Plan 2 and the newly introduced Plan 1 will contain a subset of features.
What’s included?
The Plan 1 offering will include:
- Next-generation protection
- This includes anti-virus and anti-malware cover
- Attack surface reduction
- These include:
- Ransomware mitigation
- Web protection
- Network firewall
- and more
- These include:
- Manual response actions
- These are:
- Run anti-virus scan
- Isolate device
- Stop and quarantine
- Indicators to block/allow files
- These are:
- Centralised management
- Includes access to the Microsoft 365 Defender portal with RBAC access and reporting.
- It will also include:
- Security reports
- APIs
The MS Docs page states that MDfE P1 will support:
- Windows 10 1709 and later
- macOS Big Sur, Catalina, and Mojave
- iOS
- Android OS
although the MS Tech Community page states “Windows 7, 8.1, 10, 11, macOS, Android, and iOS“.
Differences between Plan 1 & Plan 2
Features exclusive to Plan 2 include:
- Device discovery
- Threat & vulnerability management
- Automated investigation & response
- Advanced hunting
- Endpoint detection & response
- Microsoft Threat Experts
- Support for Windows Server
- Support for Linux
Licensing
MDfE Plan 1 will be included in Microsoft 365 E3/A3 and will also be available as a standalone license.
You can check out the preview of MDfE P1 here – Preview signup.
Cloudy with a chance of Licensing 
One Reply to “Microsoft introduce Defender for Endpoint Plan 1”