Defender for Endpoint server licensing

I will preface this with the ‘standard’ disclosure here that:

1. I am not a licensing expert

2. You should speak with a licensing expert to obtain clarification and verification of anything here

3. I have done my best in regards the information presented here but it may change over time, so again see point 2.

With that out of the way, a very common question I receive is around the licensing of servers with Defender for Endpoint. The summary I have found, taken from a reply from Microsoft licensing I found is the following:

In order to be eligible to purchase Microsoft Defender for Endpoint Server SKU, you must have already purchased a combined minimum of any of the following, Windows E5/A5, Microsoft 365 E5/A5 or Microsoft 365 E5 Security subscription licenses. Microsoft Defender for Endpoint Server is an add-on for customers with a combined minimum of 50 licenses of eligible Microsoft Defender for Endpoint SKUs.

Microsoft Defender for Endpoint (Server)

When you have acquired a separate Microsoft Defender for Endpoint (Server) license, you cannot assign them to a specific server or whatsoever. You need to make sure you own the number of licenses with the amount of Windows Servers you want to provision with Microsoft Defender for Endpoint (Server). If you don’t have the right amount of licenses in your Microsoft 365 tenant, then you can still roll out MDE for Server because there is no technical limitation to it, you are just not compliant at that moment in an audit.

Microsoft Defender for Cloud

If you do have not enough licenses of the products from above, you cannot license your Windows Serves with a separate MDE for Server license. Then you have to use Microsoft Defender for Cloud.

When your Windows Servers are already running within Azure, it’s just enabling the Defender Standard license and enabling your server protection. When your Windows Servers are running On-Premise (e.x. VMware ESXi/Hyper-V) you have to install the Arc Agent on your servers and then they are visible as Virtual Machines in your Microsoft Azure Portal.

Conclusion

You got two ways of licensing your Windows Servers with MDE for Servers. Through Microsoft Defender for Cloud, then you do not have to acquire at minimum 50 Windows E5/A5, Microsoft 365 E5/A5, and Microsoft 365 E5 Security User SLs licenses. Or acquire a separate MDE for Server license when you have at least 50 Windows E5/A5, Microsoft 365 E5/A5, and Microsoft 365 E5 Security User SLs licenses.

More info:

For most, this boils down to the fact that if you don’t have at least 50 x Microsoft 365 E5 (and I also assume, or Defender for Endpoint P2), then you need to purchase Microsoft Defender for Cloud using the Azure portal to cover any servers for Defender for Endpoint.

This would seem to imply that if you implement Defender for Business, when it becomes fully available, you’ll need to use Defender for Cloud even if you have 50 or more licenses. That may of course change when Defender for Business goes GA but my guess at this stage would be it won’t.

Now, even if you have 50 or more licenses of Microsoft E5 (or again I assume, or Defender for Endpoint P2), then you’ll need to purchase the Defender for Endpoint (Server) license for each server you wish to cover. That license is available in 2 versions, monthly and annually:

Monthly Billing

MS SKU = 350158A2-F253-4EA3-988E-EEF9D1B828CF
MICROSOFT CSP MICROSOFT DEFENDER FOR ENDPOINT SVR MTH SUB – AU$7.10 ex


Annual Billing

MICROSOFT CSP MICROSOFT DEFENDER FOR ENDPOINT SVR ANL SUB – AU$85.20 ex


As I also understand it, this Defender for Endpoint (Server) SKU can also only be purchased via CSP not direct. That means, it has to be purchased through a reseller not via the Microsoft 365 administration portal using just a credit card.

The more common option I suspect, given the limitations, is going to be Microsoft Defender for Cloud, which is purchased via Azure.

image

Which means you fire up the Azure pricing calculator and plug in the details to obtain a price. That should result in the above result of around A$21 per month, per server.

Hopefully, all this answers most questions and I’ve done my best to ensure it is correct but as always, please check for yourself. For most, the solution to licensing servers for Defender for Endpoint will mean obtaining Microsoft Defender for Cloud and the cost for that will be about A$21 per server per month.

8 thoughts on “Defender for Endpoint server licensing

  1. hello to all, according to the current MS licensing terms, for Defender for endpoint (server) keep the following:
    Eligibility to acquire Microsoft Defender for Endpoint (server)
    Customers with a combined minimum of 50 licenses for one or more of the following may acquire Microsoft Defender for Endpoint (server) licenses (one per covered Server OSE): Microsoft Defender for Endpoint (per user), Windows E5/A5, Microsoft 365 E5/A5 and Microsoft 365 E5 Security User SLs.

    so there is another option in CSP for companies that have purchased 50x DfEndpoint per user to add the server licenses.
    reference: https://www.microsoft.com/licensing/terms/productoffering/MicrosoftDefenderforEndpointServer/MCA

    Like

    1. You got two ways of licensing your Windows Servers with MDE for Servers. Through Microsoft Defender for Cloud, then you do not have to acquire at minimum 50 Windows E5/A5, Microsoft 365 E5/A5, and Microsoft 365 E5 Security User SLs licenses. Or acquire a separate MDE for Server license when you have at least 50 Windows E5/A5, Microsoft 365 E5/A5, and Microsoft 365 E5 Security User SLs licenses.

      Like

    2. Hi Nikos,

      Were you able to confirm if you are eligible to purchase Defender for Endpoint Server licenses if you have 50+ Defender for Endpoint user licenses?

      The documentation page for MS Defender and the blog above doesn’t include “Microsoft Defender for Endpoint (per user)” however, the customer terms state this as you mentioned above.

      Like

      1. Thanks @directorcia

        My specific scenario is for a non-profit organisation that has grown above 300 users and is therefore ineligible for Defender for Business. Currently using a combination of M365 BP and M365 E3 licenses.

        It is possible to purchase defender for endpoint plan 2 for all users. We also have the ability to purchase defender for server (non-profit staff pricing) through the portal. Does this mean we meet the eligibility criteria?

        The documentation states you need 50x M365 E5 or M365 E5 Security. Customer terms include Defender for Endpoint user licenses as well.

        Like

Leave a Reply to Nikos Ps. Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s