Microsoft Defender

Microsoft announce that they are consolidating their threat protection products under the Microsoft Defender brand, delivering two experiences: Microsoft 365 Defender for end-user environments, and Azure Defender for cloud and hybrid infrastructures.

Microsoft 365 Defender prevents, detects and responds to threats across identities, endpoints, cloud apps, email and documents in end-user environments, and consists of the following rebranded products:

  • Microsoft 365 Defender (previously Microsoft Threat Protection)
  • Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
  • Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
  • Microsoft Defender for Identity (previously Azure Advanced Threat Protection)

Azure Defender delivers capabilities to protect multi-cloud and hybrid workloads including virtual machines, databases, containers and IoT, and is an evolution of the Azure Security Center threat protection capabilities, consisting of:

  • Azure Defender for Servers (previously Azure Security Center Standard Edition)
  • Azure Defender for IoT (previously Azure Security Center for IoT)
  • Azure Defender for SQL (previously Advanced Threat Protection for SQL)

To find out more, you can read the announcement here: or watch a video here:

Microsoft Defender Advanced Threat Protection

Originally called Windows Defender Advanced Threat Protection and known mainly as being the difference between Windows 10 Enterprise E3 and E5, Microsoft Defender ATP is now ready (from a licensing perspective) to provide an Endpoint Protection Platform for both client and server devices. If you’re new to Microsoft Defender ATP then this is a good overview video ( to give you a flavour of the protection, detection and response capabilities.

And so to the licensing, starting with client devices. Microsoft Defender ATP is still included in Windows 10 Enterprise E5, the Windows 10 Enterprise E3 to E5 Step-up licence, as well as Microsoft 365 E5 Security, and Microsoft 365 E5 User SLs. What’s more recent is that there’s now also a standalone User SL available which can be purchased to protect Windows 7 SP1, Windows 8.1 and Windows 10 Pro devices, as well as Mac devices. It’s available in the EA and through CSP, and covers the licensed user for up to 5 devices for about $5 per user per month.

From a server perspective, there’s another new licence – MDATP for Servers – which protects a server VM for, again, about $5 per VM per month. Customers wishing to buy this licence to protect servers must meet some minimum requirements first – they must have a minimum of 50 client MDATP licences, which can be any combination of the licences mentioned above. Microsoft recommend MDATP for Servers as a solution likely to appeal to customers with on-premises virtual machines, and continue to recommend Azure Security Center Standard as the preferred solution for VMs running in Azure. This is around $15 per VM per month and includes all of the Microsoft Defender ATP capability as well as a whole host of additional Azure services.

The May 2020 Product Terms has the relevant licensing rules if you want to check them out on pages 46 (client) and 75 (server). Get the latest Product Terms documents here:

Windows, EMS and ECS Name Changes

It’s all change! Firstly, Microsoft announce that Windows 10 Enterprise will be renamed to Windows 10 Enterprise E3, and that Windows 10 Enterprise E5 will be introduced which includes Windows Defender Advanced Threat Protection.

Then, Enterprise Mobility Suite will be renamed Enterprise Mobility + Security and, again, there will be E3 and E5 flavours of this.

There’s a good diagram here ( which shows you the components of both of these editions.

And finally, the Enterprise Cloud Suite will be called Secure Productive Enterprise E3/E5 containing the relevant Office 365, EM+S and Windows 10 Enterprise plans.

Find the Microsoft announcement here:

Exchange Online Advanced Threat Protection

Microsoft announce Exchange Online Advanced Threat Protection – a new email filtering service that adds on to the protection provided by Exchange Online Protection to protect against specific types of advanced threats.

It will be available in the summer and be licensed with a User SL priced at $2 per month. This very readable Microsoft announcement article is worth a look for some detail on the precise services it will offer and an FAQ: