Microsoft Defender · Pricing Plans

Microsoft Defender Plans Pricing

Microsoft Defender is a portfolio of security products with two distinct pricing models. Endpoint / XDR / Identity products (Defender for Endpoint Plan 1/2, Defender for Identity, Defender for Office 365, Defender for Cloud Apps, Defender XDR) are licensed per-user-per-month, often bundled into Microsoft 365 E5 / E5 Security / E5 Mobility + Security. Defender for Cloud (CSPM/CWP) is consumption-priced per resource per hour with Plan 1 (CSPM) free tier and Plan 2 (Defender Plans) per-resource hourly meters. Defender for Business (SMB SKU) is $3/user/month or bundled with M365 Business Premium.

Microsoft Defender Plans Pricing is the machine-readable pricing-plan profile for Microsoft Defender on the APIs.io network, conforming to the API Commons Plans specification.

It defines 17 plans, covering subscription, freemium, usage-based, and enterprise tiers, with named plans including Defender for Endpoint Plan 1, Defender for Endpoint Plan 2, Defender for Business (SMB), Defender for Office 365 Plan 1, Defender for Office 365 Plan 2, and 12 more.

Tagged areas include Security, Endpoint Protection, XDR, Cloud Security, and Identity Protection.

17 Plans API Commons Plans
View Source
SecurityEndpoint ProtectionXDRCloud SecurityIdentity ProtectionMicrosoft

Plans

Defender for Endpoint Plan 1 subscription

Core endpoint security — next-gen AV, attack surface reduction, application control, web/network protection, manual response.

Per user per month (user-month · month) $3.00 per user per month USD
Defender for Endpoint Plan 2 subscription

Adds EDR, threat & vulnerability management, automated investigation, Microsoft Threat Experts, sandbox, and advanced hunting.

Per user per month (user-month · month) $5.20 per user per month USD
Defender for Business (SMB) subscription

SMB-targeted endpoint protection (≤300 users). Standalone or included with M365 Business Premium.

Per user per month (user-month · month) $3.00 per user per month USD
Defender for Office 365 Plan 1 subscription

Email security — Safe Attachments, Safe Links, anti-phishing.

Per user per month (user-month · month) $2.00 per user per month USD
Defender for Office 365 Plan 2 subscription

Adds Threat Explorer, Threat Trackers, Attack Simulator, and automated investigation/response for email.

Per user per month (user-month · month) $5.00 per user per month USD
Defender for Identity subscription

On-premises Active Directory threat detection.

Per user per month (user-month · month) $5.50 per user per month USD
Defender for Cloud Apps (CASB) subscription

Cloud Access Security Broker; SaaS app discovery and governance.

Per user per month (user-month · month) $3.50 per user per month USD
Defender for Cloud — Foundational CSPM (Free) freemium

Free baseline cloud security posture management for Azure subscriptions. Includes secure-score, recommendations, and asset inventory.

Free CSPM (subscription · month) 0.00 USD
Defender for Cloud — Defender CSPM (Plan 2) usage-based

Premium CSPM with attack-path analysis, agentless vulnerability scanning, data-aware security posture, governance, regulatory compliance.

Per billable resource per month (resource-month · month) $5 per billable resource per month (e.g., VM, DB, container registry) USD
Defender for Servers Plan 1 usage-based

Server endpoint protection on Azure / AWS / GCP / on-prem (via Arc).

Per server per hour (server-hour · usage) $0.0103 per server per hour (~$5/server/month) USD
Defender for Servers Plan 2 usage-based

Adds vulnerability assessment (Qualys/Defender VM), file integrity monitoring, just-in-time VM access, adaptive application controls, network hardening.

Per server per hour (server-hour · usage) $0.0205 per server per hour (~$15/server/month) USD
Defender for Storage usage-based

Threat detection on Azure Storage (malware scanning, anomalous access).

Per storage account per month (account-month · month) $10 per storage account per month + $0.15 per 1K transactions; $0.15 per GB malware-scanned (first 5K transactions/month free) USD
Defender for Databases usage-based

SQL / Cosmos DB / Open-source DBs threat protection.

Defender for Azure SQL — per server per hour (server-hour · usage) $0.02 per vCore per hour (Azure SQL DB / MI / VMs) USD
Defender for Cosmos DB (100-RU-hour · usage) $0.0095 per 100 RU/s per hour USD
Defender for Containers usage-based

Kubernetes / container security across AKS, EKS, GKE, on-prem.

Per vCore per hour (vcore-hour · usage) $0.0095 per vCore per hour (~$7/vCore/month) USD
Microsoft Defender XDR (formerly Microsoft 365 Defender) subscription

Unified XDR portal — included at no extra cost when you license any of the underlying Defender E5 components.

Bundled with constituent SKUs (user-month · month) included with E5 / E5 Security or constituent Defender SKUs USD
M365 E5 Security Bundle subscription

Microsoft 365 E5 Security add-on bundles Defender for Endpoint P2, Defender for Identity, Defender for Office 365 P2, and Defender for Cloud Apps.

Per user per month (user-month · month) $12.00 per user per month USD
Enterprise Agreement / Volume Licensing enterprise

Negotiated rates via EA / MCA / CSP. Often bundled with M365 E5 ELA.

Negotiated rate (contract · month) custom USD

Sources