Microsoft Defender

for Business: benefits

and objection handling

Microsoft Defender for Business

provides enterprise-grade device
security powered by AI that is easy to
use and cost-effective for small and
medium-sized businesses (SMBs). It
includes sophisticated ransomware
protection through technologies such
as endpoint detection and response
(EDR) with AI-powered automatic
attack disruption, vulnerability
management (VM), and automated
investigation and remediation (AIR)
along with cross-platform support
so that SMB customers and partners
can easily standardize on one solution
across devices and platforms.

Defender for Business is

available as part of Microsoft 365
Business Premium and as a
stand-alone solution.
The need for enhanced security among
SMBs beyond traditional antivirus
SMBs have reason to be concerned about cybersecurity. In a 2022 survey with Microsoft, nearly one in four SMBs stated that they had
experienced a security breach in the past year.¹ In fact, there has been a more than 300% increase² in ransomware attacks, of which more
than half were directed at small businesses.²

70% <50%

1 in 4
More than 70% of SMBs With nearly one in four SMBs Fewer than half of the SMBs
think that cyberthreats are stating that they had had a security surveyed have a dedicated IT
becoming an increasing risk breach in the past year, they have security expert in house
reason to be concerned

To protect against the increasing volume and sophistication of cyberattacks such as ransomware, SMBs need elevated security. Many SMBs rely
solely on traditional antivirus solutions. Such solutions typically provide only a single layer of protection, matching signatures to protect against
known threats. For this reason, organizations such as the National Institute of Standards and Technology (NIST) have recommended cybersecurity
frameworks with security controls for multi-layered protection that go beyond signature matching and protection. For example, the NIST
Framework spans five stages—identify, protect, detect, respond, and recover—to protect and remediate against known and unknown threats.
Many cyber insurance providers also require comprehensive security solutions that span these five phases.

1
Microsoft Small and Medium Business quantitative survey research: security in the new environment. April 2022.
2
Alejandro Mayorkas, US Department of Homeland Security Cybersecurity and Infrastructure Security Agency, in an interview May 2021. Microsoft Defender for Business: benefits and objection handling | 2
Microsoft Defender for Business: a winning advantage
with comprehensive and affordable device security
Enterprise-grade and cost- Easy to use, with Cross-platform protection
effective device security out-of-the-box protection across devices and platforms
Defender for Business, priced at $3 per user per month, is an Microsoft designed Defender for Defender for Business delivers
AI-powered device security product with more features than many Business with the needs of SMBs in endpoint security across a range
competitors—at a lower price. It includes key enterprise-grade mind. Because IT admins for SMB of devices and platforms that Partner Kite Technology Group
capabilities, such as EDR with AI-powered automatic attack customers and partners often juggle SMBs use—Windows, macOS, recommends Defender for Business to
disruption, VM, attack surface reduction (ASR), and mobile many roles at once, Microsoft created iOS, Android, and Linux. Mobile
protection out of the box, unlike many competitors. To gain EDR,
its customer: “With Microsoft Defender
a solution that was easy to set up and protection is included in the license,
VM, ASR, and mobile support from many competitors, SMBs could detect and remediate threats unlike many competitors, which for Business, we’re able to bring
would need to purchase either their more expensive automatically so that SMBs can focus require an add-on. Microsoft enterprise-grade security protection
enterprise-centric offering or add-ons. on the business. Defender for Business released a mobile threat defense to our small and midsize business
comes with built-in policies so that capability that eliminates the need
In contrast, EDR, TVM, ASR, and mobile protection are core parts
IT admins can get it up and running for additional Microsoft Intune
customers. We can now meet their
of Defender for Business out of the box. When SMBs adopt quickly. The solution also includes licenses for onboarding. current security requirements and
and deploy Defender for Business, they get a full-featured
solution at a lower price that fulfils most cybersecurity
simplified, wizard-based onboarding prepare them for whatever
for Windows devices. Additional comes tomorrow.
framework and cyber insurance requirements.
simplification for macOS, Android,
and iOS is on the roadmap.
Endpoint detection Vulnerability “Automated investigation and
and response (EDR) management (VM) Monthly security summary reports are remediation is a huge part of the
generated in a simple format to share
When incorporated into a Effectively identifying, assessing,
with stakeholders and show you threats
product [because] it’s just happening
cybersecurity solution, EDR and remediating endpoint
provides an additional layer weaknesses are pivotal in detected and prevented so you know in the background. Microsoft Defender
of advanced, actionable, managing devices and reducing Defender is working around the clock to for Business makes our security
near– real-time, behavior-based organizational risk. TVM helps help protect you.
and AI-powered detection so SMBs reduce their exposure by
so simple.”
that SMBs can identify discovering vulnerabilities such With automated investigation and
persistent threats, disrupt them as unpatched software and remediation (AIR), Defender for
— Adam Atwell, Cloud Solutions Architect,
by containing compromised misconfigurations in real time. Business does the work that a
Kite Technology Group, and Microsoft MVP
users and devices, and then Both the NIST Framework and dedicated security operations team
remove them from their the Australian government’s typically handles, continuously
environment. Essential Eight require TVM. detecting and automatically
It is a requirement in many remediating most threats.
cybersecurity frameworks
around the world, including
the NIST Framework (where it
corresponds to the “Detect”
and “Respond” functions).

4
Price is subject to change based on subscription term, currency, and region. Microsoft Defender for Business: benefits and objection handling | 3
Defender for Business offers Microsoft Defender for Business in action:
multi-layered defenses for how to explain our capabilities to an SMB customer
devices, mapping to the
key functions of the NIST
Framework—important Detect and
Identify Protect Recover
for a successful and holistic Respond
cybersecurity program.
Partners can explain this Vulnerability management Attack surface reduction Endpoint Automatic investigation
to business decision-makers Damage to the building creates A security professional is called.
detection and response and remediation
by using the analogy of a risk. A building inspector: The professional recommends: With Microsoft Defender for Business Microsoft Defender for Business
Addresses the damage Locking all the windows in place, when an attack takes place: automatically investigates alerts and
protecting a building. Inspects the rest of the structure Ensuring that only authorized The building is now protected helps remediate complex threats by:

Recommends repairs users have keys by an alarm system and cameras Mimicking the ideal steps
A thief breaks a window analysts would take
Microsoft Defender for Protect against risk by reducing the
and enters the building Tackling file- or memory-based attacks
Business provides: surface area of an attack through
The actions are recorded, Scaling security operations with
Discovery of vulnerabilities System hardening
and the threat is detected 24/7 automated responses
and misconfiguration without disruption
An alarm sounds
Customization that fits
the customer’s business Microsoft Defender for Business
Ability to visualize the impact continuously scans endpoints, uses
and turn on protection various data analytics techniques, ML, and
AI-models to detect suspicious system
Next-generation protection behavior, provides contextual information,
blocks malicious activity, and provides
Block and tackle sophisticated remediation suggestions to restore
threats and malware: affected systems. It also detects,
Employ behavior-based, investigates, and automatically disrupts
real-time protection advanced persistent attacks:
Block file-based and The police are notified immediately
fileless malware (behavior-based, real-time protection)
For more information, Stop malicious activity The thief is contained until police arrive
from trusted and (automatic attack disruption)
see the video at untrusted applications The police arrive on the scene (manual
https://aka.ms/MDB-Video response actions for a device or file)
The police apprehend the thief (live
response to gain access to devices)

Microsoft Defender for Business: benefits and objection handling | 4

 Here are common objections that are raised against
Blocking responses/
Defender for Business and how partners should tackle them:
objection handling
Objection
Microsoft’s security posture depends
Defender for Business has limited Defender for Business does on Microsoft (“eggs in one basket”),
operating system coverage. not have mobile protection. which creates significant downstream
impacts of privilege escalation.

Response

This is false. Defender for Business supports: Defender for Business relies on Microsoft
Defender for Business includes
Entra ID (formerly known as Azure AD) as
Windows. Support for Windows 7, Windows protection for iOS and Android
its identity system, which is a hyperscale
Server 2008 R2, and Windows 8 (antivirus mobile devices. Microsoft 365 Business
cloud. Defender for Business does rely on
and EDR but not as many of the newer Premium customers can use Intune to
Entra ID, but vendors often use Entra ID
Windows 10 capabilities because of onboard mobile devices to Defender for
for single sign-on, so any “privileged
limitations in the kernel). For Windows Business. For stand-alone customers,
escalation” risk would be equivalent. On
Server 2012 R2 and later as well as Microsoft released its mobile threat
the flip side, not using something like
Windows 10, Microsoft has much defense capability, which eliminates the
Entra ID as an identity provider and
broader support need for additional Intune licenses
keeping authentication “in house” means
for onboarding.
MacOS. Microsoft supports currently that SMBs don’t benefit from the vast
supported versions of macOS security controls available to build a
holistic, zero-trust access approach
Linux. Microsoft supports Linux versions into the application or platform.
from at least the past 5 years
Mobile. Android and iOS. Microsoft
supports the latest version and two previous
versions. At time of writing, this is iOS 14
and Android 8
In addition, Microsoft has great programs,
such as App Assure, that help organizations
modernize their apps at no cost.

Microsoft Defender for Business: benefits and objection handling | 5

MORE Blocking responses/objection handling

Objection
How does Defender for Business I heard that Microsoft Defender for
Defender for Business requires extensive I’m unclear on the impact of
and the Defender Antivirus engine it Business is the same as the Microsoft
tuning and doesn’t deliver meaningful Defender for Business on
uses compare with other antivirus Defender Antivirus that comes with
results in MITRE ATT&CK evaluations. operating system performance.
and EDR coverage and quality? Windows. Is there anything additional?

Response

Defender for Business offers industry-leading The Defender for Business core antivirus Microsoft is a recognized leader in Defender Antivirus and Defender
protection. For example, Microsoft Defender engine is built into Windows: There are no security: In fact, Microsoft was just named for Business are different solutions.
Antivirus is now ranked a top antivirus agents to deploy, so it runs seamlessly, a leader for Modern Endpoint Security Defender Antivirus provides
product by tests such as AV-TEST, optimizing performance. for Enterprise and Small and next- generation protection built
AV- Comparatives, and SE Labs. Additionally, Midsize Businesses. into Windows devices and helps
in the 2022 MITRE Engenuity ATT&CK protect against viruses, malware, and
Evaluations, Microsoft 365 Defender was A solid antivirus solution is vital for any potentially unwanted applications.
found to have complete visibility into and SMB, and third-party benchmark testing Defender for Business includes
analytics for all stages of the attack chain: organizations attest to the quality of our Defender Antivirus, extending it
antivirus solution. Microsoft Defender by adding many E5 enterprise
100% protection coverage blocking all Antivirus is now ranked a top antivirus capabilities, such as TVM, ASR, EDR,
attack stages, starting in the early stages product by tests such as AV-TEST, and AIR. Defender for Business also
AV- Comparatives, and SE Labs. works across a range of devices and
Protection for Linux across all attack stages
servers, including Windows, macOS,
Unique and durable detections from deep Defender for Business has a more iOS, Android, and Linux.
Windows-native sensors comprehensive security feature set than
leading competitors’ SMB offerings. It
includes differentiated capabilities such
as EDR with AI-powered automatic
attack disruption and VM.

Microsoft Defender for Business: benefits and objection handling | 6

MORE Blocking responses/objection handling

Objection
Some endpoint security vendors integrate
Defender for Business has limited remediation with other security vendors to provide
Defender for Business
playbooks available for Windows 10 and later only. features such as email security. Does
does not have multitenant
In addition, restores are from OneDrive only. Microsoft have an end-to-end security
support for partners.
offering for SMBs?

Response

Microsoft’s AIR feature is available today for Microsoft offers SMBs a range of security This is incorrect. MSP
Windows Server 2012 R2 and later (using unified products at an affordable price and with Partners can use Microsoft
client) and Windows 10 and later. It is planned flexible licensing plans: 365 Lighthouse, Microsoft’s
for Linux and macOS. Remediation playbooks Defender for Business is the endpoint multitenant solution,
are extensive. Furthermore, manual response security offering for SMBs to view alerts and incidents for
actions are available for a range of operating Defender for Business. Microsoft
systems, including Linux, when using the Live Microsoft 365 Business Premium is the 365 Lighthouse integrates with
Response feature. comprehensive solution for SMBs, bringing both Microsoft 365 Business
together best-in-class Office apps and Premium and Defender for
Remediation actions can also be triggered Microsoft Teams with comprehensive
by analysts using custom indicators, whereby Business stand-alone. Datto has
security, identification, and remote access also built an integration with
they can create an indicator for a file or other solutions. It includes Defender for Business
entity, and then, as part of the indicator, fire Defender for Business, with more
for enterprise-grade endpoint protection, integrations with RMM/PSA tools
an action performed. Microsoft Defender for Office 365 for coming soon.
Also note that many top competitors’ protection against phishing and other
rollback is limited to Windows devices. cyberthreats, Intune for mobile device
management, Azure AD Premium Plan 1 for
identity protection and secure remote access,
Azure Information Protection and data loss
protection to help protect sensitive data,
Microsoft Exchange Online Archiving, and
much more. Microsoft 365 Business Premium
gives SMBs an easy-to-use, comprehensive,
and cost-effective package, eliminating the
need for managing multiple point solutions
and saving time and money

Microsoft Defender for Business: benefits and objection handling | 7

MORE Blocking responses/objection handling

Objection I want to resell security

services, but Defender for
I don’t understand the security value that I want to build my own Security Business doesn’t integrate
Defender for Business is bringing me, what Operations Center (SOC), but I’m unable with Managed Detection and
value am I getting for my money? to stream data from Defender for Business. Response (MDR) services.

Response

Monthly Security Summary Reporting helps you For partners looking to build their own SOC, For Partners who want to
better understand the status of your security streaming APIs support the streaming of resell security services to
and identify areas for improvement across device file, registry, network, logon events customers but don’t have
devices. Simple reporting allows you to: and more to Azure Event Hub, Azure the resources to invest in an
Storage, and Microsoft Sentinel to support in-house SOC, Defender for
Share key security insights as needed advanced hunting and attack detection. If Business integrates with
with key stakeholders you are using the Streaming API for the first leading Managed Detection
See the threats that were prevented time, you can find step-by-step instructions and Response providers that
by Defender for Business in the Microsoft 365 Streaming API Guide on MSPs can resell. Blackpoint
configuring the Microsoft 365 Streaming API Cyber now offers a
Review recommendations on areas
to stream events to your Azure Event Hubs managed Defender for
to improve your secure score
or to your Azure Storage Account. Business EDR service and
24x7 cloud response for
Microsoft 365 environments,
including Microsoft 365
Business Premium, that
covers, Exchange, Azure AD
environments.
ConnectWise’s MDR
integration with Defender
for Business is also available.

Microsoft Defender for Business: benefits and objection handling | 8

For more information, please see Microsoft Defender for Business.
For more information about other security solutions and products, visit Microsoft Security.