Forum Discussion
Suggestion for Ideal Defender for Endpoint License Plan
Helo AnandRMenon, the best option for users and their endpoints, max 5, is Microsoft 365 E5, this includes collaboration, productivity, office apps on desktop, security, and compliance. It has EPP (Antivirus/Antimalware) and EDR (UEBA/IA). For servers, regardless of whether they are Linux or Windows, it is recommended that they have Microsoft Defender for Server Plan 2, this includes EPP and EDR. Also, directly from Azure with Microsoft Defender for Cloud, this includes vulnerability management.
Security for IT, Microsoft 365, Security for OT, Microsoft Defender for Cloud or Microsoft Defender for Server Plan 2.
It is not necessary for the client to move to Microsoft 365, but this would improve visibility, analysis and automation in security, if the client is still in Google, there is no problem, but collaboration would be in one provider and security in another, this is not recommended. If the customer insists on staying that way then they should centralize the security events in a SIEM + SOAR, recommended the Microsoft Sentinel.
- John Thanks for the detailed reply. Currently for Endpoints, we plan MDE Plan 2 and for Servers, Defender for Servers Plan 1 since it already has MDE integration(also, advanced features in Servers Plan 2 may not be needed in this scenario). But one confusing aspect is, Defender for Endpoint has a per user subscription whereas Defender for Servers has a per server subscription. It would have been great if MDE was also based on asset, i.e per endpoint since it's an endpoint-based tool and not a user-baser tool like O365.
Also Defender for Servers primarily needs an Azure subscription. But our customer has no Azure presence currently. So in this scenario, they need to pay for MDE Plan 2, Azure Subscription and then Defender for Servers Plan 1.
Regards,
Anand R Menon- Hi John, any leads on this? Thanks.
