Introducing new security and compliance add-ons for Microsoft 365 Business Premium
Small and medium businesses (SMBs) are under pressure like never before. Cyber threats are evolving rapidly, and regulatory requirements are becoming increasingly complex. Microsoft 365 Business Premium is our productivity and security solution designed for SMBs (25–300 users). It includes Office apps, Teams, advanced security such as Microsoft Defender for Business, and device management — all in one cost-effective package. Today, we’re taking that a step further. We’re excited to announce three new Microsoft 365 Business Premium add-ons designed to supercharge security and compliance. Tailored for medium-sized organizations, these add-ons bring enterprise-grade security, compliance, and identity protection to the Business Premium experience without the enterprise price tag. Microsoft Defender Suite for Business Premium: $10/user/month Cyberattacks are becoming more complex. Attackers are getting smarter. Microsoft Defender Suite provides end-to-end security to safeguard your businesses from identity attacks, device threats, email phishing, and risky cloud apps. It enables SMBs to reduce risks, respond faster, and maintain a strong security posture without adding complexity. It includes: Protect your business from identity threats: Microsoft Entra ID P2 offers advanced security and governance features including Microsoft Entra ID Protection and Microsoft Entra ID Governance. Microsoft Entra ID protection offers risk-based conditional access that helps block identity attacks in real time using behavioral analytics and signals from both user risk and sign-in risk. It also enables SMBs to detect, investigate, and remediate potential identity-based risks using sophisticated machine learning and anomaly detection capabilities. With detailed reports and alerts, your business is notified of suspicious user activities and sign-in attempts, including scenarios like a password-spray where attackers try to gain unauthorized access to company employee accounts by trying a small number of commonly used passwords across many different accounts. ID Governance capabilities are also included to help automate workflows and processes that give users access to resources. For example, IT admins historically manage the onboarding process manually and generate repetitive user access requests for Managers to review which is time consuming and inefficient. With ID Governance capabilities, pre-configured workflows facilitate the automation of employee onboarding, user access, and lifecycle management throughout their employment, streamlining the process and reducing onboarding time. Microsoft Defender for Identity includes dedicated sensors and connectors for common identity elements that offer visibility into your unique identity landscape and provide detailed posture recommendations, robust detections and response actions. These powerful detections are then automatically enriched and correlated with data from other domains across Defender XDR for true incident-level visibility. Keep your devices safe: Microsoft Defender for Endpoint Plan 2 offers industry-leading antimalware, cyberattack surface reduction, device-based conditional access, comprehensive endpoint detection and response (EDR), advanced hunting with support for custom detections, and attack surface reduction capabilities powered by Secure Score. Secure email and collaboration: With Microsoft Defender for Office 365 P2, you gain access to cyber-attack simulation training, which provides SMBs with a safe and controlled environment to simulate real-world cyber-attacks, helping to train employees in recognizing phishing attempts. Additionally automated response capabilities and post-breach investigations help reduce the time and resources required to identify and remediate potential security breaches. Detailed reports are also available that capture information on employees’ URL clicks, internal and external email distribution, and more. Protect your cloud apps: Microsoft Defender for Cloud Apps is a comprehensive, AI-powered software-as-a-service (SaaS) security solution that enables IT teams to identify and manage shadow IT and ensure that only approved applications are used. It protects against sophisticated SaaS-based attacks, OAuth attacks, and risky interactions with generative AI apps by combining SaaS app discovery, security posture management, app-to-app protection, and integrated threat protection. IT teams can gain full visibility into their SaaS app landscape, understand the risks and set up controls to manage the apps. SaaS security posture management quickly identifies app misconfigurations and provides remediation actions to reduce the attack surface. Microsoft Purview Suite for Business Premium: $10/user/month Protect against insider threats Microsoft Purview Insider Risk Management uses behavioral analytics to detect risky activities, like an employee downloading large volumes of files before leaving the company. Privacy is built in, so you can act early without breaking employee trust. Protect sensitive data wherever it goes Microsoft Purview Information Protection classifies and labels sensitive data, so the right protections follow the data wherever it goes. Think of it as a ‘security tag’ that stays attached to a document whether it’s stored in OneDrive, shared in Teams, or emailed outside the company. Policies can be set based on the ‘tag’ to prevent data oversharing, ensuring sensitive files are only accessible to the right people. Microsoft Purview Data Loss Prevention (DLP) works in the background to stop sensitive information, like credit card numbers or health data, from being accidentally shared with unauthorized people Microsoft Purview Message Encryption adds another layer by making sure email content stays private, even when sent outside the organization. Microsoft Purview Customer Key gives organizations control of their own encryption keys, helping meet strict regulatory requirements. Ensure data privacy and compliant communications Microsoft Purview Communication Compliance monitors and flags inappropriate or risky communications to protect against policy and compliance violations. Manage information through its lifecycle Microsoft Purview Records and Data Lifecycle Management helps businesses meet compliance obligations by applying policies that enable automatic retention or deletion of data. Stay investigation-ready Microsoft Purview eDiscovery (Premium) makes it easier to respond to internal investigations, legal holds, or compliance reviews. Instead of juggling multiple systems, you can search, place holds, and export information in one place — ensuring legal and compliance teams work efficiently. Microsoft Purview Audit (Premium) provides deeper audit logs and analytics to trace activity like file access, email reads, or user actions. This level of detail is critical for incident response and forensic investigations, helping SMBs maintain regulatory readiness and customer trust. Together, these capabilities help SMBs operate with the same level of compliance and data protection as large enterprises but simplified for smaller teams and tighter budgets. Microsoft Defender and Purview Suites for Business Premium: $15/user/month The new Microsoft Defender and Purview Suites unite the full capabilities of Microsoft Defender and Purview into a single, cost-effective package. This all-in-one solution delivers comprehensive security, compliance, and data protection, while helping SMB customers unlock up to 68% savings compared to buying the products separately, making it easier than ever to safeguard your organization without compromising on features or budget. FAQ Q: When will these new add-ons be available for purchase? A: They will be available for purchase as add-ons to Business Premium in September 2025. Q: How can I purchase? A: You can purchase these as add-ons to your Business Premium subscription through Microsoft Security for SMBs website or through your Partner. Q: Are there any seat limits for the add-on offers? A: Yes. Customers can purchase a mix of add-on offers, but the total number of seats across all add-ons is limited to 300 per customer, with a minimum of 25 seats. Q: Does Microsoft 365 Business Premium plus Microsoft Defender Suite allow mixed licensing for endpoint security solutions? A: Microsoft Defender for Business does not support mixed licensing so a tenant with Defender for Business (included in Microsoft 365 Business Premium) along with Defender for Endpoint Plan 2 (included in Microsoft 365 Security) will default to Defender for Business. For example, if you have 80 users licensed for Microsoft 365 Business Premium and you’ve added Microsoft Defender Suite for 30 of those users, the experience for all users will default to Defender for Business. If you would like to change that to the Defender for Endpoint Plan 2 experience, you should license all users for Defender for Endpoint Plan 2 (either through standalone or Microsoft Defender Suite) and then contact Microsoft Support to request the switch for your tenant. You can learn more here. Q: Can customers who purchased the E5 Security Suite as an add-on to Microsoft 365 Business Premium transition to the new Defender Suite starting from the October billing cycle? A: Yes. Customers currently using the Microsoft 365 E5 Security add-on with Microsoft 365 Business Premium are eligible to transition to the new Defender Suite beginning with the October billing cycle. For detailed guidance, please refer to the guidelines here. Q: As a Partner, how do I build Managed Detection and Response (MDR) services with MDB? A: For partners or customers looking to build their own security operations center (SOC) with MDR, Defender for Business supports the streaming of device events (device file, registry, network, logon events and more) to Azure Event Hub, Azure Storage, and Microsoft Sentinel to support advanced hunting and attack detection. If you are using the streaming API for the first time, you can find step-by-step instructions in the Microsoft 365 Streaming API Guide on configuring the Microsoft 365 Streaming API to stream events to your Azure Event Hubs or to your Azure Storage Account. To learn more about Microsoft Security solutions for SMBs you can visit our website.
Big protection for small businesses — the latest in Microsoft security innovation
Discover how Defender for Business standalone simplifies mobile security for iOS and Android devices without device management, and how monthly security summary reports help businesses communicate the value of cybersecurity tools. Plus, explore the new device exposure score feature in Microsoft 365 Lighthouse.Elevating security for SMBs with AI-powered email protection and new partner initiatives
Cybersecurity is increasingly top of mind for small and medium businesses (SMBs) with a recent survey indicating that 94% consider cybersecurity critical to their business 1 . This is understandable, as 1 in 3 SMBs say they have experienced a cyberattack 2 , underscoring a need to bring sophisticated security to SMBs, but in an affordable and easy to use package. Continuing on our mission to bring enterprise-grade security to customers of all sizes, we are excited to announce that we’re bringing AI-powered email and collaboration protection to Microsoft Defender for Office 365 and Microsoft 365 Business Premium to better protect SMBs. Since partners play a critical role in helping secure SMB customers, we’re also announcing new integrations and programs to help them better serve their customers. Enhanced email and collaboration security with intent-based detections backed by LLM for SMBs Phishing emails are no longer clumsy, error-ridden messages with apparent mistakes. Our research teams have found that bad actors have begun using Gen AI to craft phishing emails, enhancing the language and customization, making them increasingly difficult to spot. Moreover, they use AI to engage in prolonged conversations with targets to extract money via payroll fraud, invoicing scams, or simply to gather PII (Personally Identifiable Information). Thus, we are excited to announce that Microsoft Defender for Office 365 now provides AI-powered email and collaboration security, using purpose-built Large Language Models (LLM) at scale. These models have been trained on one of the largest datasets in the industry and enable more accurate identification of text-only attacks like Business Email Compromise (BEC). Our solution interprets email language to understand and identify attacker intent and classify threats at machine speed. With an initial rollout to select customers over the past few months, we have seen impressive results of a 99.995% attacker intent detection accuracy and filtering, and 140K BEC emails blocked daily based on the LLM alone. Defender for Office 365 can effectively predict and neutralize attacks by recognizing malicious intent and safeguard your inbox against sophisticated social engineering tactics. We are now rolling out the new LLM-powered email analysis and filtering to Defender for Office 365 Plan 1 customers, which is also included in Microsoft 365 Business Premium. New SMB initiatives to help easily deliver security services at scale Managed Service Provider (MSP) partners play a critical role in helping secure SMB customers’ IT environments. We are introducing integrations and strategic programs to help MSPs better serve their customers. Huntress Managed Detection and Response integration with Microsoft Defender for Business and Microsoft Entra: With the global shortage in cybersecurity professionals many partners also face a lack of in-house security specialists. For those partners who want to resell security services but do not have the resources to invest in an in-house SOC, we are pleased to announce Microsoft Defender for Business and Microsoft Entra integrations with Huntress’ Managed Detection and Response (MDR) solution, designed for MSPs serving SMBs. Huntress’ 24/7 Security Operations Center (SOC) will triage, manage and remediate incidents and alerts for Defender for Business, helping expand the MSPs defenses and extending protection for joint customers without requiring any additional partner investment for in-house SOC. The integration is available to standalone Defender for Business and Microsoft 365 Business Premium customers starting today. Huntress is also integrating with Microsoft Entra ID to help ensure that joint customers use multifactor authentication (MFA) and Huntress to provide risk-based conditional access policies to protect their users and accounts. The Entra ID integration will be available by end of 2024. Training and readiness with Arrow and TDSYNNEX: Additionally, we are thrilled to announce strategic initiatives with Arrow and TDSYNNEX to enable their MSPs with training and readiness on Microsoft Defender for Business. This year-long collaboration provides resources and support for MSPs primarily in North America and Europe as they look to expand their security service offerings through Microsoft solutions. Microsoft SMB verified solution with MISA SMBs have unique requirements different from traditional Enterprise-centric security solutions. The Microsoft Intelligent Security Association (MISA) is thrilled to welcome SMB verified solution status to its portfolio. This status highlights technology solutions that are purpose built to meet the needs of SMBs, and the MSPs who manage IT and Security on their behalf. MISA members who meet the qualifying criteria and have gone through engineering review, will receive a specialized MISA member badge showcasing the verification and will be featured in the MISA partner catalog. We are excited to launch this status with our first two SMB verified partners: Blackpoint Cyber and Huntress. Learn more at Ignite 2024: Attend the sessions below to learn more about what’s happening in the SMB space: Date Time (CST) Location Session 11/19 1:30pm - 1:45pm Theater (THR553) Detect and respond to next gen email threats with Defender for Office 365 (add to your schedule) 11/20 2:30 - 4:30pm MSFT Expert Meetup Hub Huntress 11/21 12:30 - 2:30pm MSFT Expert Meetup Hub Blackpoint Cyber Additional Information: To learn more about Microsoft Security solutions for SMBs, including Microsoft 365 Business Premium and Microsoft Defender for Business, please visit our website. To learn more about MISA, visit the website. To learn more about Microsoft SMB verified solution, view the eligibility criteria. To get started on your SMB managed services journey, our partner playbooks – Microsoft 365 Business Premium Partner Playbook and Microsoft Defender for Business Partner kit – provide you with sales and technical trainings as well as customer ready assets. References 1,2 SMB Cybersecurity Report 2024Announcing mandatory multifactor authentication for the Microsoft 365 admin center
Reposting from the Microsoft 365 Blog what was originally published on November 11, 2024. Microsoft is committed to continuously enhancing security for all our users and customer organizations. One of the pillars of the Microsoft Secure Future Initiative is to protect identities and secrets, and multifactor authentication (MFA) is a proven approach to substantially reduce the risk of unauthorized access to user accounts. Starting February 3rd, 2025, Microsoft will begin requiring MFA for all user accounts accessing the Microsoft 365 admin center. This requirement will be rolled out in phases at the tenant level. You will receive a message through the Microsoft 365 admin center Message center approximately 30 days before your tenant is eligible for enforcement. Recommended actions Global admins: To set up MFA in your organization now, visit the MFA setup guide at aka.ms/MFAWizard or refer to Set up multifactor authentication for Microsoft 365 Users accessing the Microsoft 365 admin center: Check your verification methods and add one if needed by going to aka.ms/mfasetup. What is multifactor authentication and why is it important? Multi-factor authentication (MFA) is a security feature that requires you to provide two or more pieces of evidence to prove your identity when you sign in to an online service. These pieces of evidence can be something you know (such as a password or a PIN), something you have (such as a phone or a security key), or something you are (such as a fingerprint or a face scan). MFA adds an extra layer of protection to your account and your data, reducing the risk of unauthorized access even if your password is compromised. MFA is especially important for the Microsoft 365 admin center, where you can manage your organization's settings, users, licenses, subscriptions and more. Research by Microsoft shows that MFA leads to a 99.22% reduction in risk of account compromise. MFA will help you: Prevent unauthorized access to your Microsoft 365 admin accounts and the sensitive accounts, data, and resources that you manage Enhance your reputation and trust among your customers, partners, and stakeholders, who expect you to safeguard their data and privacy Help you reduce the risk of data breaches, identity theft, phishing, ransomware, and other cyberattacks that can compromise your business and your data Thank you for your cooperation and commitment to creating a more secure future We appreciate your understanding and your support as we implement this important security measure. We know that using MFA may require some adjustments, and we believe that the benefits greatly outweigh the efforts. We are confident that MFA will help you enhance your data security and your peace of mind, and we are here to help you with any issues or feedback that you may have along the way. FAQ - Microsoft 365 admin center - Mandatory MFA MFA Readiness and Verification What if I need more time to prepare for this requirement? We understand that some customers may need additional time to prepare for this MFA requirement. Therefore, Microsoft will allow extensions for customers with complex environments or technical barriers. Global Administrators can go to the Azure portal to postpone the start date of enforcement. A few important notes on requesting postponement: Global Administrators must have elevated access before postponing the start date of MFA enforcement on this page. For multi-tenant organizations, Global Administrators must perform this action for every tenant for which they would like to postpone the start date of enforcement. Extension requests will extend the enforcement for the Microsoft 365 admin center as well as the Azure portal, Microsoft Entra admin center, and the Microsoft Intune admin center. If you have already submitted a request for an extension in the Azure portal, the extension will apply to the Microsoft 365 admin center. If you need assistance with postponing your MFA enforcement date, contact support. How do I know if I am ready for MFA as an admin user accessing the Microsoft 365 admin center? If you have enrolled in MFA and have added a verification method, you will be able to satisfy the requirement. Go to aka.ms/mfasetup, review your verification methods and add one if needed. How do I know if this requirement impacts my organization? Microsoft will be rolling out this requirement to all users accessing the Microsoft 365 admin center. You will receive a message center post approximately 30 days before your tenant is eligible for enforcement. If your organization has already set up a qualifying MFA policy for your admin users or for all users in your organization, and users accessing the Microsoft 365 admin center have registered for MFA and added a verification method, then no further action is required at this time. As a Microsoft 365 administrator, how do I know if my organization has an MFA policy applied to Microsoft 365 admin center sign-in? If your Microsoft 365 tenant was created on or after October 22, 2019, Security defaults may already be enabled in your organization. To check if security defaults are enabled, sign in to the Microsoft Entra admin center as at least a Security Administrator. Navigate to Identity > Overview > Properties and view Security defaults. If security defaults are enabled, you will see "Your organization is currently using security defaults." next to a green check mark, and you are already meeting the requirement. If your organization is using Conditional Access policies in Microsoft Entra and you already have a conditional access policy through which users sign in to the Microsoft 365 admin center with MFA, then you are already meeting the requirement. While Security defaults and Conditional Access are recommended approaches for setting up your MFA policies, some organizations set MFA policies on a per-user basis. You can also check per-user MFA settings to review and enable each user account with MFA. What if I don't add an MFA verification method before this mandatory MFA requirement is applied for my tenant? Will I be locked out of my account? Will I still be able to access the Microsoft 365 admin center? No, you will not be locked out of your account. Yes, you will still be able to access the Microsoft 365 admin center. If you have not added an MFA verification method by the time the MFA requirement was enforced for your tenant, you will be prompted to register MFA for your account and add a verification method when you attempt to access the Microsoft 365 admin center. If a user is locked out, there may be another reason. Follow the guidance on Account has been locked - Microsoft Support. For further assistance with account lock-out, contact support. MFA Policies and Requirements Can I opt out of this requirement? No. This security measure is important to the safety and security of Microsoft 365 customer organizations and users. Increasingly, MFA is an industry standard baseline security requirement. Does this requirement impact all Microsoft 365 users? No. The mandatory MFA requirement for the Microsoft 365 admin center only impacts users accessing the Microsoft 365 admin center at this time. While MFA is not currently required for general Microsoft 365 services, Microsoft recommends that all Microsoft 365 users use MFA to safeguard user accounts and your organization. Does this requirement impact Microsoft Graph PowerShell or API? No. This requirement does not impact the use of Microsoft Graph PowerShell or API at this time. Does this requirement apply to emergency access accounts? Emergency access accounts (also known as break glass accounts) are privileged accounts not assigned to a specific user and intended to mitigate the risk of accidental account lockout. If your organization has set up emergency access accounts, note that these accounts are also required to sign in with MFA once enforcement begins. We recommend updating emergency access accounts to use passkey (FIDO2) or configure certificate-based authentication for MFA. Both of these methods satisfy the MFA requirement. Third-party Identity Providers Our organization uses a third-party identity provider (IdP) for MFA. Will this satisfy the requirement? Yes. Use of external MFA solutions will meet the requirement through external authentication methods in Microsoft Entra ID. If your MFA provider is integrated directly with this federated IdP, the federated IdP must be configured to send an MFA claim. Will third-party IdPs through the legacy Conditional Access custom controls preview satisfy the requirement? No. As you may know, in 2020, Microsoft provided a preview of Conditional Access custom controls to enable the use of third-party MFA providers with Azure Active Directory. This approach to third-party MFA was found to be too limited and has been replaced by external authentication methods in Microsoft Entra ID. Implementation and Support I'm part of a small organization with only a few admin users that need to access the Microsoft 365 admin center. What's the easiest way for me to satisfy this requirement with minimal disruption to our users? Admin users should simply go to aka.ms/mfasetup and add a verification method such as Microsoft Authenticator. Once the Microsoft 365 admin center MFA requirement is rolled out to your tenant, admin users will be prompted to sign in with MFA using the method your admins have added. How do I turn on security defaults? You may use the steps outlined in the documentation to turn on security defaults here: Security defaults in Microsoft Entra ID - Microsoft Entra | Microsoft Learn How do I require MFA through Conditional Access in Microsoft Entra? You may use the steps outlined in the documentation to create a Conditional Access policy which requires MFA here: Require MFA for all users with Conditional Access - Microsoft Entra ID | Microsoft Learn. I am part of an organization with multiple Microsoft 365 tenants. Will Microsoft 365 admin center MFA enforcement roll out to all our tenants at the same time? Not necessarily. The MFA requirement will roll out in phases at the tenant level starting February 3rd, 2025. For organizations with multiple Microsoft 365 tenants, MFA for Microsoft 365 admin center sign-in may be enforced for your tenants at different times. We recommend you apply MFA across all your Microsoft 365 tenants as soon as possible. I need help. Who can I contact? We are committed to helping you through this important security measure now and into the future. If you need assistance, contact support.
