What Defender for Endpoint P2 does
MDE P2 builds upon Plan 1 by adding significant capabilities. These include Advanced Hunting, allowing security teams to proactively search for threats using KQL. Threat & Vulnerability Management identifies and prioritises vulnerabilities across endpoints. Automated Investigation and Response (AIR) automates threat investigation and remediation tasks. Threat Experts provides access to Microsoft’s security expertise. Live Response enables remote incident response activities on endpoints.
Defender for Endpoint P2 in Australian tenants today
In the AU mid-market, MDE P2 is frequently included within Microsoft 365 E5 subscriptions. It’s also available as a standalone licence for organisations with specific endpoint security needs. The real value of MDE P2 is unlocked when a security team possesses the skills to effectively utilise KQL for threat hunting, enabling proactive identification of advanced threats. Organisations should consider the ongoing operational costs and skill requirements before deploying, ensuring alignment with obligations under APRA CPS 234 and supporting the ACSC Essential Eight’s detection and response controls.