Deploying Defender for Business without o365 accounts

Actually, when you say, "their company policy does not allow them to store any business data in clouds abroad" you should be more specific because this could potentially exclude all solutions with cloud-based management, not just Defender.

That said, it is not strictly necessary for users to log into their O365 accounts for Defender for Business to work. However, doing so could bring significant advantages.

Some detail to license:

• Each user license allows you to register up to 5 devices.
• The solution has a limit of 300 users, as it is designed for SMBs.

For deployment in fully on-premises environments, you can use:

• https://learn.microsoft.com/en-us/defender-endpoint/configure-endpoints-script
• https://learn.microsoft.com/en-us/defender-endpoint/configure-endpoints-gp
• https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection?redirectedfrom=MSDN#bkmk_2207

Defender for Business offers a highly comprehensive cloud-based management tool packed with information and features, accessible via the Microsoft 365 Defender portal: https://security.microsoft.com.

Through this portal, you can:

• Monitor threats and alerts across all enrolled devices.
• Configure protection policies like attack surface reduction (ASR) rules, web filtering, and more.
• Access detailed threat analytics and reporting to improve security posture.
• Even for small and medium-sized businesses, this portal provides a centralized and user-friendly way to manage endpoint security effectively.

Even though it's not recent, I recommend watching this https://youtu.be/umhUNzMqZto?si=JhWScQBzfJsA34A-.

It provides valuable insights and can help clarify several aspects of using and managing Microsoft Defender for Business.