Decrypting Microsoft Defender for Endpoint Licensing with Ken Westin
Defender Fridays - Decrypting Microsoft Defender for Endpoint Licensing with Ken Westin
Join us for this week's Defender Fridays as we explore the complex world of Microsoft Defender for Endpoint licensing with Ken Westin, Senior Solutions Engineer at LimaCharlie.
At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
In this episode, Ken Westin breaks down the often-confusing landscape of Microsoft Defender licensing models, helping security professionals and MSSPs understand what they're actually getting at each tier and how to maximize value from these tools.
Key Topics:
Understanding Defender's Evolution - From Windows Security to the various enterprise plans, exploring what "Defender" actually means across Microsoft's product lineup
Licensing Tiers Explained - Breaking down the differences between Plan 1, Plan 2, E3, E5, and standalone licensing options, including what you actually get at each level
Hidden Costs and Data Challenges - Uncovering the real costs of data retention, search capabilities, and ingesting telemetry into Microsoft Sentinel
Telemetry and Visibility Gaps - Why the built-in Defender capabilities may not provide the full picture and how to access critical data sources like Sysmon and Windows Event Logs
MSSP Considerations - Practical guidance for managed service providers navigating licensing, customer deployment models, and cost management strategies
Connect with Ken:
LinkedIn: https://www.linkedin.com/in/kwestin/
Email: ken@limacharlie.com
Register for Live Sessions
Join us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.
Register here: https://limacharlie.io/defender-fridays
Subscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website!
Sponsored by LimaCharlie
This episode is brought to you by LimaCharlie, the world's first SecOps Cloud Platform (SCP). Build and customize your security stack like "lego blocks" with our flexible, API-first solution.
Why LimaCharlie?
- Eliminate vendor sprawl and tool complexity
- Deploy and scale effortlessly on native multi-tenant architecture
- Reduce costs with intelligent data routing and free 1-year retention
- Build custom solutions with 100+ security capabilities on-demand
- Improve response times with automation and real-time capabilities
Try the SecOps Cloud Platform free: https://limacharlie.io
Learn more: https://docs.limacharlie.io
Follow LimaCharlie
Sign up for free: https://limacharlie.io
LinkedIn: https://www.linkedin.com/company/limacharlieio/
X: https://x.com/limacharlieio
Community Discourse: https://community.limacharlie.com/
Host: Maxime Lamothe-Brassard - Founder at LimaCharlie
LinkedIn: https://www.linkedin.com/in/maximelb/
Episode Highlights
Understanding the Defender Ecosystem - Ken clarifies that "Defender" isn't one product but rather a family of tools with different capabilities at each licensing tier.
The Free vs. Paid Dilemma - While Windows Security (Microsoft Defender Antivirus) comes free with Windows, accessing and utilizing the full telemetry requires additional licensing and tools like Sentinel, which can quickly become expensive.
Data Retention Reality - With Defender, you get 180 days of retention but can only search the last 30 days without sending data to Sentinel at $5 per gigabyte.
MSSP Pricing Models - Standalone endpoint pricing starts at $3/month, but the E3/E5 per-user licensing model can be challenging for service providers managing multiple clients.
Maximizing Free Telemetry - Discussion of how to leverage the free telemetry from Defender by integrating with tools like Sysmon, Windows Event Logs, and third-party platforms for better visibility and control.
The macOS and Linux Story - Microsoft Defender for Endpoint is available for Mac and Linux, but with significantly less telemetry compared to Windows environments.
#defenders #cybersecurity #threatdetection #secops #infosec #cyberdefense #microsoftdefender #mde #mssp #threatintel #siem #sysmon #windowssecurity #endpointsecurity #SOC