Microsoft Defender Advanced Threat Protection

Originally called Windows Defender Advanced Threat Protection and known mainly as being the difference between Windows 10 Enterprise E3 and E5, Microsoft Defender ATP is now ready (from a licensing perspective) to provide an Endpoint Protection Platform for both client and server devices. If you’re new to Microsoft Defender ATP then this is a good overview video ( to give you a flavour of the protection, detection and response capabilities.

And so to the licensing, starting with client devices. Microsoft Defender ATP is still included in Windows 10 Enterprise E5, the Windows 10 Enterprise E3 to E5 Step-up licence, as well as Microsoft 365 E5 Security, and Microsoft 365 E5 User SLs. What’s more recent is that there’s now also a standalone User SL available which can be purchased to protect Windows 7 SP1, Windows 8.1 and Windows 10 Pro devices, as well as Mac devices. It’s available in the EA and through CSP, and covers the licensed user for up to 5 devices for about $5 per user per month.

From a server perspective, there’s another new licence – MDATP for Servers – which protects a server VM for, again, about $5 per VM per month. Customers wishing to buy this licence to protect servers must meet some minimum requirements first – they must have a minimum of 50 client MDATP licences, which can be any combination of the licences mentioned above. Microsoft recommend MDATP for Servers as a solution likely to appeal to customers with on-premises virtual machines, and continue to recommend Azure Security Center Standard as the preferred solution for VMs running in Azure. This is around $15 per VM per month and includes all of the Microsoft Defender ATP capability as well as a whole host of additional Azure services.

The May 2020 Product Terms has the relevant licensing rules if you want to check them out on pages 46 (client) and 75 (server). Get the latest Product Terms documents here:

Windows, EMS and ECS Name Changes

It’s all change! Firstly, Microsoft announce that Windows 10 Enterprise will be renamed to Windows 10 Enterprise E3, and that Windows 10 Enterprise E5 will be introduced which includes Windows Defender Advanced Threat Protection.

Then, Enterprise Mobility Suite will be renamed Enterprise Mobility + Security and, again, there will be E3 and E5 flavours of this.

There’s a good diagram here ( which shows you the components of both of these editions.

And finally, the Enterprise Cloud Suite will be called Secure Productive Enterprise E3/E5 containing the relevant Office 365, EM+S and Windows 10 Enterprise plans.

Find the Microsoft announcement here:

Exchange Online Advanced Threat Protection

Microsoft announce Exchange Online Advanced Threat Protection – a new email filtering service that adds on to the protection provided by Exchange Online Protection to protect against specific types of advanced threats.

It will be available in the summer and be licensed with a User SL priced at $2 per month. This very readable Microsoft announcement article is worth a look for some detail on the precise services it will offer and an FAQ: