There is no doubt that Microsoft has a lot of licensing and subscription plans for their various M365 products, and it can cause quite a bit of confusion for the end user.  In this article, we attempt to resolve some of these issues by focusing on the Defender Vulnerability Management package.

What Is Defender Vulnerability Management?

Before we get started into the details of the licensing, it is first important to review what the actual package is.  It is technically defined as follows:

“Defender Vulnerability Management delivers asset visibility, intelligent assessments, and built-in remediation tools for Windows, macOS, Linux, Android, iOS, and network devices.”

(SOURCE:  1).

In other words, this is an all-encompassing package that takes all of the following in order to give you and your IT Security team a holistic view of all the Cyber vulnerabilities that your business could be facing:

  • Threat Intelligence;
  • The statistical odds of a security breach actually happening;
  • Constant assessments of all of the Endpoints that your business has, whether it is On Prem, Virtual or Remote, and even a combination of all of them of them.
  • Constant evaluations of all the Digital Assets that reside in your IT and Network Infrastructure.

From all of this analysis, your most critical and pressing vulnerabilities are quickly identified, and remediations are also provided.  A high-level overview is illustrated below:

(SOURCE:  1).

The Licensing

At the present time, Defender Vulnerability Management is an additional license package that works with the defender for endpoint products P1, P2 or defender for business.

comes in two different licensing schemes, which are as follows:

  • 90 day trial to added defender for vulnerabilities to use with Defender for endpoint P2

This is considered to be add on to whatever Vulnerability Management tools the subscriber is using in their current M365 plan.  This first starts with a 90-day free trial.  More details about this can be seen at the link below:

  • The Microsoft Defender for Endpoint P1 or Microsoft 365 E3:

If you have the Microsoft 365 E3, or Defender for endpoint P1, you can deploy the entire package, right from the very beginning.  Once it has been deployed into your environment, it will start to monitor for all kinds and types of Vulnerabilities that may be lurking about.  Also, remediations will be offered as well so that they can be corrected as quickly as possible.  This package also comes with a 90-day free trial.  More details about this can be seen at the link below:

The Pricing

The pricing breakdown can be seen in the following matrix:

Plan Price Details

The Microsoft Defender for Endpoint Plan 2


$2.00 per user per month

“Customers can add on premium vulnerability management capabilities for comprehensive endpoint protection.”
The Microsoft Defender for Endpoint P1 or Microsoft 365 E3



$3.00 per user per month

“Complement other EDR solutions with comprehensive vulnerability management.”

(SOURCE:  2).

Other Pointers

As you start to explore Defender Vulnerability Management, here some important points to keep in mind:

  • Once the package has been downloaded, the features are turned on automatically. There is no need for any other deployment.
  • Once the 90-day free trial ends for either plan, you will then enter into what is known as a “Grace Period”. This will last for only 30 days.  During this time frame, you will then need to upgrade to a paid subscription.  If you don’t do this, the trial version is suspended, and after 180 days, you will lose all access to the package.  At this point, you will not even be able to access your Defender Vulnerability Management Portal.
  • There is a maximum of 15,000 Vulnerability Messages that you will be able to receive. Once this level has been reached, you will no longer receive any more warnings and their corresponding remediations.  At this point, you will need to delete old Vulnerability Messages.  For more details on how to do this, visit the link below:

  • Defender Vulnerability Management can probe for all kinds of Vulnerabilities, across any Digital Asset. It is not restricted to a certain type, classification, or category.
  • To examine the full list of capabilities of this package, click on the link below:

  • You can block Vulnerable Applications, but you must have these specs on your device:

*Windows version 1809

*Antimalware client version of 4.18.1901.x or higher

*An Engine Version of 1.1.16200.x or higher


If you have any further questions, or need help in downloading Defender Vulnerability Management, contact us today.