Microsoft Defender · Pricing Plans

Microsoft Defender Plans Pricing

Microsoft Defender is a portfolio of security products with two distinct pricing models. Endpoint / XDR / Identity products (Defender for Endpoint Plan 1/2, Defender for Identity, Defender for Office 365, Defender for Cloud Apps, Defender XDR) are licensed per-user-per-month, often bundled into Microsoft 365 E5 / E5 Security / E5 Mobility + Security. Defender for Cloud (CSPM/CWP) is consumption-priced per resource per hour with Plan 1 (CSPM) free tier and Plan 2 (Defender Plans) per-resource hourly meters. Defender for Business (SMB SKU) is $3/user/month or bundled with M365 Business Premium.

17 Plans API Commons Plans

View Source

SecurityEndpoint ProtectionXDRCloud SecurityIdentity ProtectionMicrosoft

Plans

Defender for Endpoint Plan 1 subscription

Core endpoint security — next-gen AV, attack surface reduction, application control, web/network protection, manual response.

Per user per month (user-month · month) $3.00 per user per month USD

Next-gen antimalware
Attack surface reduction
Centralized management

Defender for Endpoint Plan 2 subscription

Adds EDR, threat & vulnerability management, automated investigation, Microsoft Threat Experts, sandbox, and advanced hunting.

Per user per month (user-month · month) $5.20 per user per month USD

EDR with behavioral detection
Threat & vulnerability management
Automated investigation & response
Microsoft Threat Experts

Defender for Business (SMB) subscription

SMB-targeted endpoint protection (≤300 users). Standalone or included with M365 Business Premium.

Per user per month (user-month · month) $3.00 per user per month USD

SMB-grade endpoint security
Up to 300 users
Bundled in M365 Business Premium

Defender for Office 365 Plan 1 subscription

Email security — Safe Attachments, Safe Links, anti-phishing.

Per user per month (user-month · month) $2.00 per user per month USD

Safe Attachments
Safe Links
Anti-phishing

Defender for Office 365 Plan 2 subscription

Adds Threat Explorer, Threat Trackers, Attack Simulator, and automated investigation/response for email.

Per user per month (user-month · month) $5.00 per user per month USD

Threat Explorer & hunting
Attack Simulator
Automated investigation & response

Defender for Identity subscription

On-premises Active Directory threat detection.

Per user per month (user-month · month) $5.50 per user per month USD

AD threat detection
Lateral movement path analytics

Defender for Cloud Apps (CASB) subscription

Cloud Access Security Broker; SaaS app discovery and governance.

Per user per month (user-month · month) $3.50 per user per month USD

SaaS app discovery
Conditional access app control
Information protection

Defender for Cloud — Foundational CSPM (Free) freemium

Free baseline cloud security posture management for Azure subscriptions. Includes secure-score, recommendations, and asset inventory.

Free CSPM (subscription · month) 0.00 USD

Secure score
Asset inventory
Compliance dashboard (limited)

Defender for Cloud — Defender CSPM (Plan 2) usage-based

Premium CSPM with attack-path analysis, agentless vulnerability scanning, data-aware security posture, governance, regulatory compliance.

Per billable resource per month (resource-month · month) $5 per billable resource per month (e.g., VM, DB, container registry) USD

Attack path analysis
Agentless scanning
Cloud security graph

Defender for Servers Plan 1 usage-based

Server endpoint protection on Azure / AWS / GCP / on-prem (via Arc).

Per server per hour (server-hour · usage) $0.0103 per server per hour (~$5/server/month) USD

Microsoft Defender for Endpoint included
License flexibility (server-by-server)

Defender for Servers Plan 2 usage-based

Adds vulnerability assessment (Qualys/Defender VM), file integrity monitoring, just-in-time VM access, adaptive application controls, network hardening.

Per server per hour (server-hour · usage) $0.0205 per server per hour (~$15/server/month) USD

Vulnerability assessment
File integrity monitoring
Just-in-time VM access
Adaptive app controls

Defender for Storage usage-based

Threat detection on Azure Storage (malware scanning, anomalous access).

Per storage account per month (account-month · month) $10 per storage account per month + $0.15 per 1K transactions; $0.15 per GB malware-scanned (first 5K transactions/month free) USD

Malware scanning on upload
Anomaly detection

Defender for Databases usage-based

SQL / Cosmos DB / Open-source DBs threat protection.

Defender for Azure SQL — per server per hour (server-hour · usage) $0.02 per vCore per hour (Azure SQL DB / MI / VMs) USD

Defender for Cosmos DB (100-RU-hour · usage) $0.0095 per 100 RU/s per hour USD

SQL injection detection
Anomaly detection

Defender for Containers usage-based

Kubernetes / container security across AKS, EKS, GKE, on-prem.

Per vCore per hour (vcore-hour · usage) $0.0095 per vCore per hour (~$7/vCore/month) USD

Image vulnerability scanning
Runtime threat detection
Kubernetes hardening

Microsoft Defender XDR (formerly Microsoft 365 Defender) subscription

Unified XDR portal — included at no extra cost when you license any of the underlying Defender E5 components.

Bundled with constituent SKUs (user-month · month) included with E5 / E5 Security or constituent Defender SKUs USD

Cross-domain correlation
Unified incidents
Advanced hunting

M365 E5 Security Bundle subscription

Microsoft 365 E5 Security add-on bundles Defender for Endpoint P2, Defender for Identity, Defender for Office 365 P2, and Defender for Cloud Apps.

Per user per month (user-month · month) $12.00 per user per month USD

Defender for Endpoint P2
Defender for Identity
Defender for Office 365 P2
Defender for Cloud Apps

Enterprise Agreement / Volume Licensing enterprise

Negotiated rates via EA / MCA / CSP. Often bundled with M365 E5 ELA.

Negotiated rate (contract · month) custom USD

Volume discount
M365 E5 ELA bundling
Dedicated technical account management

Microsoft Defender Plans Pricing

Plans

Sources