Microsoft Defender Advanced Threat Protection

Originally called Windows Defender Advanced Threat Protection and known mainly as being the difference between Windows 10 Enterprise E3 and E5, Microsoft Defender ATP is now ready (from a licensing perspective) to provide an Endpoint Protection Platform for both client and server devices. If you’re new to Microsoft Defender ATP then this is a good overview video ( to give you a flavour of the protection, detection and response capabilities.

And so to the licensing, starting with client devices. Microsoft Defender ATP is still included in Windows 10 Enterprise E5, the Windows 10 Enterprise E3 to E5 Step-up licence, as well as Microsoft 365 E5 Security, and Microsoft 365 E5 User SLs. What’s more recent is that there’s now also a standalone User SL available which can be purchased to protect Windows 7 SP1, Windows 8.1 and Windows 10 Pro devices, as well as Mac devices. It’s available in the EA and through CSP, and covers the licensed user for up to 5 devices for about $5 per user per month.

From a server perspective, there’s another new licence – MDATP for Servers – which protects a server VM for, again, about $5 per VM per month. Customers wishing to buy this licence to protect servers must meet some minimum requirements first – they must have a minimum of 50 client MDATP licences, which can be any combination of the licences mentioned above. Microsoft recommend MDATP for Servers as a solution likely to appeal to customers with on-premises virtual machines, and continue to recommend Azure Security Center Standard as the preferred solution for VMs running in Azure. This is around $15 per VM per month and includes all of the Microsoft Defender ATP capability as well as a whole host of additional Azure services.

The May 2020 Product Terms has the relevant licensing rules if you want to check them out on pages 46 (client) and 75 (server). Get the latest Product Terms documents here: