Microsoft Defender for Business review: Feature-filled enterprise security for small businesses

Microsoft's Defender for Business (MDB) is its Defender for Endpoint system, rebranded for businesses with fewer users. How does it stack up?

Microsoft has been selling variations of its Defender product for almost 20 years, but it has evolved considerably since its first release. The product began in 2005 as Microsoft AntiSpyware, a rebranded version of GIANT Company Software, which Microsoft had acquired the previous year.

Microsoft made its relabelled version freely available for Windows XP and up and quickly relabelled it as Windows Defender, which was released for general availability in 2006 with a rewritten core engine. It eventually became a full antivirus product, rather than just an anti-spyware offering, and took over from Microsoft Security Essentials.

As Microsoft is wont to do, it continued rebranding over the years. In 2017, it renamed the product to Windows Defender Antivirus, and then ditched the Windows Defender brand altogether a year later, replacing it with Microsoft Defender to reflect its new-found support for other systems.

Now there are different versions of Microsoft Defender targeting different needs. Microsoft Defender for Endpoint targets businesses with Microsoft 365 E3 and E5 licenses, restricting it to customers with over 300 seats. There is also a version for customers with under 300 users, bundled into a Microsoft 365 Business Premium license.

Individual users also have choices; If the free Microsoft Defender Antivirus product included in Microsoft's operating system is not enough, they can buy Microsoft Defender for Individuals as a consumer product, bunched with Microsoft 365 Personal or Family licenses.

This left a key group out in the cold: smaller organizations with multiple endpoints to administer which were unwilling to pony up for a premium productivity software license. These companies might have a single admin responsible for everything, from provisioning machines to securing them, so any product that they use had better be simple enough to suit people limited on time. In 2022, Microsoft expanded support for that group by launching a version of Microsoft Defender as a standalone product for businesses with multiple users. Microsoft Defender for Business (MDB) was born.

Microsoft Defender for Business: Setup

MDB is simply Microsoft Defender for Endpoint (MDE) with a new label, as is evident by the MDE branding still in the documentation. There was an MDE lab to help admins evaluate the product, but Microsoft shuttered it in January 2024. Instead, you'll have to jump straight into MDB with a free trial. After signing up, you can deploy according to which architecture model you have, ranging from cloud-native through to on-premises deployment or even evaluation without management tools in a small demilitarised zone (DMZ). You can deploy the Defender agents to several client types: Windows servers; Windows, MacOS, or Linux clients; or iOS/iPad OS and Android mobile devices. This extension of support for different platforms has been a big move for Microsoft, which wants to provide security information about your devices no matter whose software they're running.

Depending on your client, you can choose deployment via group policy or simply by running a local script, among others. You can also onboard devices already enrolled with Microsoft's Intune mobile endpoint manager, which was our chosen route.

Enrolling devices in Intune works seamlessly by running Microsoft's Company Portal app on the client, but our experience subsequently enrolling devices with Defender was patchy. While Intune supported our Windows Home installation, MDB did not (it will support Pro and Enterprise versions, though). That could be limiting for small businesses that might want to allow staff to access business resources from their home devices.

We were also able to register an iPhone and control it via Intune, but after setting up connectors between Intune and MDB we couldn't make the iPhone appear as a managed device in Defender. Doubtless, the fault was on our side, but we noticed similar complaints on Reddit, with one person noting that the success of iOS enrolment in MDB was "a coin flip". After diligently following the documentation and spending hours troubleshooting, we couldn't help but wonder how a harried admin wearing multiple hats in a small business IT department might fare.

We were eventually able to register a Mac with both Intune and MDB, although we were forced to download not just one installer file for the Mac but several policy files from Intune to get it MDB-ready.

Microsoft Defender for Business: Features

Assuming you can get past the setup niggles, there's a wealth of information available via the MDB interface, which features a dashboard-style setup displaying top-level information at a glance.

You can move these cards around and add others, configuring an admin dashboard that makes sense for you. If you want to drill down, you can access the sidebar to see detailed information on various aspects of your security environment. Incidents and alerts flag up worrisome occurrences on your fleet of devices that might need further investigation. Another, Exposure management, offers a top-down view of your fleet's weakest points, with the ability to explore your attack surface visually, and summarise your overall performance in areas ranging from ransomware protection best practices to the number of vulnerable endpoints that have been involved in incidents.

This section also lets you further investigate your security score, which is an overall metric that Microsoft gives you based on a range of factors. As you can see, our fake company has a long way to go, although we did get more points after updating the security profiles on our Mac.

You can also drill down into specific devices, getting recommendations for actions to better secure them. If that version of Mozilla running on your PC is looking a little long in the tooth, MDB will let you know about it:

Another section, Actions and submissions, lets you review suspicious emails, files, and URLs submitted by users. Having these in one place gives admins a useful foundation for investigating what could be an attack campaign targeting their organization.

MDB also has a threat intelligence feed that gives you insights into ongoing threats out in the wild, along with a learning hub that offers training in various administrative tasks.

Microsoft Defender for Business: Is it worth it? 

There is lots to use here, if you have better luck onboarding your devices than we did. It's also worth noting that although MDB does a lot more than simply detect viruses, Microsoft's core client antivirus engine has also earned respect in the market. Defender Antivirus client that communicates with MDB garnered a Best Advanced Protection accolade from the AV Test Institute in 2022, notably for its excellence in warding off more sophisticated ransomware attacks. However, it lost its crown in the 2023 awards.

MDB is a feature-filled tool for security admins and provides a single view of your organization's endpoint security across the board, but we found setup a little more painful than many other Microsoft enterprise tools that we've tried. You might find yourself working a little harder to deploy it across some non-Windows platforms, but if you're mostly a Microsoft shop, it might be for you. Its availability as a component in a Microsoft 365 Business Premium license is a good way to build more security visibility across a user base that will already be using Microsoft products and services extensively across their systems.