Merge pull request #3044 from MicrosoftDocs/main

denisebmsft · web-flow · commit 79680746bee4 · 2025-03-06T06:13:39.000-08:00
pushing updates live
diff --git a/defender-business/mdb-faq.yml b/defender-business/mdb-faq.yml
@@ -55,7 +55,7 @@ sections:
         answer: |
           If you're planning to onboard an instance of Windows Server or Linux Server, you'll need an additional license, such as [Microsoft Defender for Business servers](get-defender-business.md#how-to-get-microsoft-defender-for-business-servers). This license is available as an add-on to Microsoft 365 Business Premium and the standalone version of Defender for Business. The Microsoft Defender for Business servers license is priced at $3 per server instance. You can either purchase a license for each onboarded server, or choose to offboard servers from Defender for Business.
 
-          If you have more than 60 servers, you'll need to get another license, such as [Microsoft Defender for Servers Plan 1 or Plan 2](/azure/defender-for-cloud/plan-defender-for-servers). 
+          If you have more than 60 servers, you'll need to get another license, such as Microsoft Defender for Endpoint Server or Microsoft Defender for Servers Plan 1 or Plan 2. For more information, see [Onboard servers to Microsoft Defender for Endpoint](/defender-endpoint/onboard-server). 
 
       - question: What is the difference between Microsoft Defender for Business servers and Microsoft Defender for Servers Plan 1 and Plan 2?
         answer: |
@@ -95,9 +95,13 @@ sections:
 
       - question: How do I run custom reports with Defender for Business?
         answer: |
-          Defender for Business uses the Defender for Endpoint APIs. You can use the APIs and a Power BI connector to set up custom reporting. As an example scenario, you could schedule a PowerShell script to generate executive summaries formatted in HTML, and send those summaries via email. 
+          Defender for Business uses the Defender for Endpoint APIs for all the capabilities that are available in Defender for Business. You can use the APIs with a reporting tool. As an example scenario, you can use a Power BI connector and schedule a PowerShell script to generate executive summaries formatted in HTML, and send those summaries via email. 
           
-          For more information, see [API reference information](/defender-endpoint/api/exposed-apis-create-app-partners). Also see [Microsoft Defender for Business and Microsoft partner resources](mdb-partners.md).
+          For more information, see the following resources:
+          
+          - [Overview of management and APIs](/defender-endpoint/api/management-apis)
+          - [API reference information](/defender-endpoint/api/exposed-apis-create-app-partners)
+          - [Microsoft Defender for Business and Microsoft partner resources](mdb-partners.md)
 
       - question: I'm a Microsoft partner. Will I be able to manage multiple tenants from one control panel, or will I have to sign in to each tenant individually?
         answer: |
@@ -128,19 +132,41 @@ sections:
 
       - question: What are the differences between Defender for Business and Defender for Endpoint Plans 1 and 2?
         answer: |
-          Both Defender for Business and Defender for Endpoint provide strong threat protection capabilities for your company's devices (computers, phones, and tablets, which are also referred to as endpoints). The following table summarizes some key differences between these plans.
+          [Defender for Business](mdb-overview.md) is designed for small and medium-sized businesses who have up to 300 users. Capabilities in Defender for Business include next-generation protection, attack surface reduction, endpoint detection & response (EDR), and automated investigation and remediation. Defender for Business also features [simplified configuration](mdb-setup-configuration.md) and [device onboarding options](mdb-onboard-devices.md) that streamline the overall setup and configuration process.
 
-          | Subscription | Description |
-          |--|--|
-          | Defender for Business | [Defender for Business](mdb-overview.md) is designed for small and medium-sized businesses who have up to 300 users. Capabilities in Defender for Business include next-generation protection, attack surface reduction, endpoint detection & response (EDR), and automated investigation and remediation. <br/><br/>Defender for Business also features [simplified configuration](mdb-setup-configuration.md) and [device onboarding options](mdb-onboard-devices.md) that streamline the overall setup and configuration process. | 
-          | Defender for Endpoint | [Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint) is an enterprise endpoint security platform designed to help organizations prevent, detect, investigate, and respond to advanced threats. <br/><br/>Defender for Endpoint Plan 1 includes next-generation protection and attack surface reduction capabilities. <br/><br/>Defender for Endpoint Plan 2 extends Plan 1 capabilities with threat and vulnerability management, EDR, automated investigation & remediation, threat hunting, and six months of data retention. |
+          [Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint) is an enterprise endpoint security platform designed to help organizations prevent, detect, investigate, and respond to advanced threats. 
           
+          - Defender for Endpoint Plan 1 includes next-generation protection and attack surface reduction capabilities. 
+          - Defender for Endpoint Plan 2 extends Plan 1 capabilities with core vulnerability management capabilities, EDR, automated investigation & remediation, threat hunting, and six months of data retention. 
+          
+          The following table summarizes some differences between Defender for Business and Defender for Endpoint:
+
+          | Capabilities | Defender for Business | Defender for Endpoint Plan 1 | Defender for Endpoint Plan 2 |
+          |---|---|---|---|
+          | Centralized management | ✔ | ✔ | ✔ |
+          | Simplified firewall and antivirus configuration for Windows | ✔ | | |
+          | Vulnerability management (core capabilities) | ✔ | | ✔ |
+          | Attack surface reduction | ✔ | ✔ | ✔ |
+          | Next-generation protection | ✔ | ✔ | ✔ |
+          | Endpoint detection & response (EDR) | ✔ <br/>(optimized) | | ✔ |
+          | Automatic attack disruption | ✔ | | ✔ |
+          | Automated investigation & remediation | ✔ | | ✔ |
+          | Monthly security summary reporting | ✔ | | ✔ |
+          | 30 days advanced hunting and six months of data retention in the device timeline | | | ✔ |
+          | Threat analytics | ✔<br/>(optimized) | | ✔ |
+          | Cross-platform support <br/>(Mac, iOS, Android)| ✔ | ✔ | ✔ |
+          | Windows Server and Linux Server <br/>(requires server licenses) | ✔  | ✔ | ✔ |
+          | Microsoft Threat Experts | | | ✔ |
+          | Microsoft 365 Lighthouse <br/>(optimized; for CSPs only) | ✔ | | |
+          | Microsoft Defender multi-tenant management | ✔ | ✔ | ✔ |
+          | APIs | ✔  | ✔ | ✔ |
+
       - question: Can I have a mix of Microsoft endpoint security subscriptions?
         answer: |
-          In general, mixed-licensing scenarios aren't supported in Defender for Business or Microsoft 365 Business Premium. 
-          
-          If you're using the standalone version of Defender for Business, and you add Defender for Endpoint Plan 2 to your tenant, your experience defaults to the Defender for Business experience. However, if you have enough Defender for Endpoint Plan 2 for all users in your tenant, you can contact support and change your experience to the Defender for Endpoint Plan 2 experience. In this case, you're no longer using your Defender for Business licenses, and the simplified configuration experience in Defender for Business changes to advanced settings in Defender for Endpoint. 
-          
+          Microsoft Defender for Business does not support mixed licensing, so a tenant with Defender for Business (which is included in Microsoft 365 Business Premium) along with Defender for Endpoint Plan 2 (which is included in Microsoft 365 E5 Security) defaults to the Defender for Business experience. 
+
+          For example, if you have 80 users licensed for Defender for Business (as part of a Microsoft 365 Business Premium subscription), and you add Microsoft 365 E5 Security for 30 of those users, the experience for all users defaults to Defender for Business. If you want to change that to the Defender for Endpoint Plan 2 experience, you should license all users for Defender for Endpoint Plan 2 (either through the standalone version of Defender for Endpoint Plan 2 or Microsoft 365 E5 Security), and then contact Microsoft Support to request the switch for your tenant.
+                    
           For more information, see [Manage your subscription settings](mdb-manage-subscription.md).
 
           For more information about licenses and product terms, see [Licensing and product terms for Microsoft 365 subscriptions](https://www.microsoft.com/licensing/terms/productoffering/Microsoft365/MCA).
diff --git a/defender-business/mdb-manage-subscription.md b/defender-business/mdb-manage-subscription.md
@@ -7,7 +7,7 @@ ms.author: chrisda
 manager: deniseb
 audience: ITPro
 ms.topic: overview
-ms.date: 12/30/2024
+ms.date: 03/05/2025
 ms.service: defender-business
 ms.localizationpriority: medium
 ms.reviewer: shlomiakirav, efratka
@@ -20,34 +20,11 @@ ms.collection:
 
 # Change your endpoint security subscription
 
-[Microsoft Defender for Business](mdb-overview.md) and [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint) are endpoint security subscriptions that your organization can use to protect devices, such as computers, tablets, and phones. As your organization grows, you might be thinking about changing from Defender for Business to Defender for Endpoint. This article describes how to apply *either* Defender for Business *or* Defender for Endpoint Plan 2 features and capabilities across all your organization's devices. 
+[Microsoft Defender for Business](mdb-overview.md) and [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint) are endpoint security subscriptions that your organization can use to protect devices, such as computers, tablets, and phones. 
 
-## Before you begin
+As your organization grows, you might be thinking about changing from Defender for Business to Defender for Endpoint. For example, if you have Defender for Business as part of a [Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-overview) subscription, and you add Microsoft 365 E5 Security to your subscription, you now have Defender for Endpoint Plan 2 capabilities while retaining the Defender for Business experience. 
 
-- You should have active trial or paid licenses for both Defender for Business and Defender for Endpoint Plan 2.
-
-- If you're using Defender for Business only, you can continue using it. In this case, no changes are needed. But if you're considering switching to Defender for Endpoint Plan 2, follow the guidance in this article.
-
-## View and manage your endpoint security subscription settings
-
-1. As an admin, go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in.
-
-2. Go to **Settings** > **Endpoints** > **Licenses**. Your usage report opens and displays information about your organization's Defender for Business and Defender for Endpoint licenses.
-
-3. To change your subscription, under **Subscriptions applied to your devices**, select **Change subscription settings**.
-
-   > [!NOTE]
-   > If you don't see **Change subscription settings**, at least one of the following conditions is true:
-   > - You have Defender for Business or Defender for Endpoint (but not both)
-   > - You don't have enough Defender for Endpoint Plan 2 licenses for all users in your organization
-   > - The ability to change your subscription settings hasn't rolled out to your organization yet
-
-4. On the **Subscription settings** flyout, choose whether to use only Defender for Business or Defender for Endpoint Plan 2 across your organization's devices. Keep the following important points in mind before you save your changes:
-
-   - Make sure you have enough licenses for the subscription you're using for all users in your organization.
-   - If you select **Only Microsoft Defender for Endpoint Plan 2**, the simplified configuration experience for Defender for Business is replaced with advanced settings that you can configure in Defender for Endpoint. If this change is applied, you can't undo it.
-   - It can take up to six hours for your changes to be applied.
-   - Make sure to review your security policies and settings. To get help with Defender for Endpoint policies and settings, see [Configure Defender for Endpoint capabilities](/defender-endpoint/onboard-configure). To get help with Defender for Business policies and settings, see [Review and edit your security policies and settings in Defender for Business](mdb-configure-security-settings.md).
+This article describes how to view your current license state and, if needed, change your experience from Defender for Business to Defender for Endpoint.
 
 ## Review license usage
 
@@ -61,6 +38,14 @@ To reduce management overhead, there's no requirement for device-to-user mapping
 
 3. Review your available and assigned licenses. The calculation is based on detected users who have accessed devices that are onboarded to Defender for Business (or Defender for Endpoint).
 
+## Change your experience to Defender for Endpoint
+
+If you have the Defender for Business experience, and you want to change that to the Defender for Endpoint experience, [contact support](/microsoft-365/admin/get-help-support). You should have enough active trial or paid licenses to make the switch.
+
+After you switch to Defender for Endpoint, make sure to review your security policies and settings. To get help with Defender for Endpoint policies and settings, see [Configure Defender for Endpoint capabilities](/defender-endpoint/onboard-configure). 
+
+To get help with Defender for Business policies and settings, see [Review and edit your security policies and settings in Defender for Business](mdb-configure-security-settings.md).
+
 ## See also
 
 - [Licensing and product terms for Microsoft 365 subscriptions](https://www.microsoft.com/licensing/terms/productoffering/Microsoft365/MCA).
diff --git a/defender-business/mdb-partners.md b/defender-business/mdb-partners.md
@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 07/19/2023
+ms.date: 03/05/2025
 ms.reviewer: nehabha
 f1.keywords: NOCSH
 ms.collection:
@@ -20,19 +20,11 @@ ms.collection:
 
 # Resources for Microsoft partners working with small and medium-sized businesses
 
-> [!TIP]
-> **Read all about exciting, new capabilities releasing in July 2023 in the [Tech Community blog: New SMB security innovations from Microsoft Inspire 2023](https://aka.ms/SMBSecurityJulyBlog)**.
-
 Small and medium-sized businesses recognize that security is important, but they often don't have the capacity or expertise to have a dedicated security operations team. These customers often need help with setup and configuration, managing security for their devices and network, and addressing alerts or detected threats. Microsoft partners can help!
 
 If you're a Microsoft partner, and you're working with customers who have or need [Microsoft Defender for Business](mdb-overview.md), [Microsoft 365 Business Premium](/Microsoft-365/business-premium/m365bp-overview), [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint), or [Microsoft 365 E3](/Microsoft-365/enterprise/microsoft-365-overview), this article is for you!
 
-- [Download our security guide and checklist](#download-our-security-guide-and-checklist-new) (NEW!)
-- [Learn how you can integrate Microsoft endpoint security with your RMM tools and PSA software](#integrate-microsoft-endpoint-security-with-your-rmm-tools-and-psa-software).
-- [See how you can use Microsoft 365 Lighthouse to secure and manage your customers' devices and data](#use-microsoft-365-lighthouse-to-secure-and-manage-your-customers-devices-and-data).
-- [Learn more about Defender for Business and Microsoft 365 Business Premium](#learn-more-about-defender-for-business-and-microsoft-365-business-premium).
-
-## Download our security guide and checklist (NEW!)
+## Download our security guide and checklist
 
 The [practical guide to security using Microsoft 365 Business (Basic, Standard, and Premium)](https://aka.ms/smbsecurityguide) guide is intended to start discussion around your customers' security and compliance options with Microsoft 365 for business. One of the first and most important things that IT leaders and business leaders can do is talk through the possibilities. This guide can help facilitate those discussions. You can also download a [summary checklist](https://aka.ms/smbsecuritychecklist) to use as a companion to the guide.
 
diff --git a/defender-business/mdb-streaming-api.md b/defender-business/mdb-streaming-api.md
@@ -4,7 +4,7 @@ description:  The Defender for Endpoint streaming API is available for Defender
 author: chrisda
 ms.author: chrisda
 manager: deniseb
-ms.date: 06/07/2024
+ms.date: 03/05/2025
 ms.topic: how-to
 ms.service:  microsoft-365-security
 ms.localizationpriority: medium
@@ -126,3 +126,4 @@ Each blob contains multiple rows. Each row contains the event name, the time Def
 ## See also
 
 - [Raw Data Streaming API](/defender-endpoint/api/raw-data-export) in Defender for Endpoint
+- [Overview of management and APIs](/defender-endpoint/api/management-apis)
diff --git a/defender-endpoint/defender-endpoint-subscription-settings.md b/defender-endpoint/defender-endpoint-subscription-settings.md
@@ -7,7 +7,7 @@ ms.author: deniseb
 manager: deniseb 
 audience: ITPro
 ms.topic: overview
-ms.date: 06/25/2024
+ms.date: 03/05/2025
 ms.service: defender-endpoint
 ms.subservice: onboard
 ms.localizationpriority: medium
@@ -36,7 +36,7 @@ In Defender for Endpoint, a mixed-licensing scenario is a situation in which an
 You can also use a newly added license usage report to track status.
 
 > [!NOTE]
-> If you're using Microsoft Defender for Business and you want to switch to Defender for Endpoint Plan 2, see [Change your endpoint security subscription](/defender-business/mdb-manage-subscription).
+> If you're using Microsoft Defender for Business and you want to switch to Defender for Endpoint Plan 2, contact support. For more information, see [Change your endpoint security subscription](/defender-business/mdb-manage-subscription).
 
 ## [**Use mixed mode**](#tab/mixed)
 
