What Defender for Endpoint Plan 1 does
MDE P1 offers core endpoint security features, including next-generation antivirus, attack surface reduction rules, device-based access control, and centralised management via the Microsoft 365 Security Center. It provides real-time protection against malware and other threats, alongside tools to minimise the attack surface. However, it lacks advanced capabilities found in Plan 2, such as advanced threat hunting, Threat & Vulnerability Management, Automated Investigation and Response (AIR), and access to Microsoft Threat Experts.
Defender for Endpoint Plan 1 in Australian tenants today
Many AU mid-market organisations have access to MDE P1 as part of a Microsoft 365 E3 subscription, a relatively recent inclusion. Plan 2 is bundled with Microsoft 365 E5. The decision to upgrade from P1 to P2 should be driven by the organisation’s ability to effectively utilise the advanced hunting capabilities; simply having the licence doesn’t guarantee benefit. Consideration should be given to the ACSC Essential Eight, particularly control E4 (Endpoint Protection), and how MDE P1 contributes to achieving this. APRA CPS 234 emphasises the need for robust cybersecurity controls, and advanced threat hunting can be a valuable component of a mature program.