Standard and additional protection services

The available standard and additional services depend on the selected licensing mode.

Additional services can be enabled on top of the services that are included in the selected license. Additional services provide unique functionality that does not overlap with the features included in the standard license. Clients can protect their workloads with one or several additional services. Additional services are available for both service-based licenses (Per workload and Per gigabyte), and for the solution-based licenses.

  • You can enable only one licensing mode, solution-based or service-based, for a customer tenant.
  • You can enable all licensing modes and all offering items for a partner or folder tenant.

Standard services in solution-based licenses

The following table contains information about the functionality that is available per workload type.

Workload Security and RMM Backup and DR1 Ultimate protection1

Endpoint

(Workstation, Server, Virtual machine, Web hosting server)
  • Active protection
  • Antimalware protection
  • Endpoint Detection and Response (EDR)
  • Extended Detection and Response (XDR)
  • Remote Management and Monitoring (RMM)
 N/A N/A
Server Security and RMM for servers is enabled through the Endpoint offering item.
  • Backup
  • Disaster Recovery

  • Backup

  • Advanced Backup

  • Disaster Recovery

  • Active protection
  • Antimalware protection
  • Endpoint Detection and Response (EDR)
  • Extended Detection and Response (XDR)
  • Remote Management and Monitoring (RMM)
  • Data Loss Prevention

 
Virtual machine Included in the Endpoint offering item.
  • Backup
  • Disaster Recovery to Acronis or partner-hosted environment
  • Disaster Recovery to Azure

  • Backup

  • Advanced Backup

  • Disaster Recovery

  • Active protection
  • Antimalware protection
  • Endpoint Detection and Response (EDR)
  • Extended Detection and Response (XDR)
  • Remote Management and Monitoring (RMM)
  • Data Loss Prevention
Workstation Included in the Endpoint offering item.
  • Backup
  • Disaster Recovery to Azure
  • Backup
  • Disaster Recovery to Azure
  • Advanced Backup
  • Active protection
  • Antimalware protection
  • Endpoint Detection and Response (EDR)
  • Extended Detection and Response (XDR)
  • Remote Management and Monitoring (RMM)
  • Data Loss Prevention
Mobile device N/A
  • Backup
 N/A
Website N/A
  • Backup
 N/A
Microsoft 365

  • Email security

  • Security posture management

  • Backup

  • Email archiving

  • Backup

  • Advanced Backup

  • Email archiving

  • Email security
  • Collaboration security
  • Security Posture Management
Google Workspace

  • Email security
  • Backup
  • Backup
  • Advanced backup
  • Email security

1 Each offering item in this solution includes a certain amount of free storage. Check the licensing guide in the Partner Portal.

You cannot combine multiple offering items on the same workload. For example, you cannot have both Security and RMM and Backup and DR on the same workstation. You must use Ultimate protection instead. If features from both solutions are included in a protection plan, the license on the protected workloads will be switched automatically to Ultimate protection.

With solution-based licenses, you can enable the following additional services:

  • Managed Detection and Response

    Compatible with endpoints in Security and RMM, and servers, virtual machines, and workstations in Ultimate protection.

  • Security Awareness Training
  • Hosted Cloud Storage (for overages)
  • Geo-replication
  • Disaster Recovery Infrastructure

The Notarization and eSignature service can be enabled with the File Sync & Share service. It is available in two billing modes - Per user and Per gigabyte.

Standard features and additional services in service-based licenses

The features in both service-based licensing modes of the Protection service are identical.

The following table summarizes the functionality that is available with the Standard Protection offering item and the additional services.

Additional services can be used only when the service that they extend is enabled. Users cannot use additional services when the standard service feature is disabled. For example, users cannot use the features of the Advanced Backup service if the Protection feature is disabled.

Standard features and additional services in the Protection service

When you enable the Standard Protection service under Protection, you enable a number of features that are included and available by default. In addition, you can enable additional services.

The following table contains a high level overview of Cyber Protect service features and additional services. For a complete list of offerings, see the Licensing Guide in the Partner Portal.

Standard and additional services in the Protection service
Feature group Standard Protection

Additional services
Detection and Response
  • #CyberFit score
  • Vulnerability assessment
  • Antivirus and Antimalware protection: Cloud signature-based file detection (no real-time protection, only scheduled scanning)*

  • Antivirus and Antimalware protection: Pre-execution AI-based file analyzer, behavior-based Cyber Engine

  • Microsoft Defender management

*To detect zero day attacks, Cyber Protect uses heuristic scanning rules and algorithms to look for malicious commands.

Detection and Response service includes XDR, Endpoint Detection and Response (EDR), and Managed Detection and Response (MDR):

  • Integrate with third party solutions, including Advanced Email Security, Microsoft 365 collaboration applications, and Microsoft Entra ID
  • Manage incidents in a centralized Incident page
  • Visualize the scope and impact of incidents
  • Recommendations and remediation steps
  • Check for publicly disclosed attacks on your workloads by using Threat feeds
  • Store security events for 180 days
  • Managed Detection and Response (MDR)
  • Anti-ransomware protection: Active protection
  • Antivirus and antimalware protection with local signature-based detection (with real-time protection)
  • Exploit prevention
  • URL filtering
  • Endpoint firewall management
  • Forensic backup, scan backups for malware, safe recovery, corporate allowlist
  • Smart protection plans (integration with CPOC alerts)
  • Centralized backup scanning for malware
  • Remote wipe
  • Microsoft Defender Antivirus
  • Microsoft Security Essentials
  • Backup scanning for malware of Microsoft 365 mailboxes

For information on how to enable the XDR service, see Enabling XDR.
Data Loss Prevention
  • Device control

Data Loss Prevention (DLP) service:

  • Content-aware prevention of data loss from workloads via peripheral devices and network communication
  • Pre-built automatic detection of personally identifiable information (PII), protected health information (PHI), and Payment Card Industry Data Security Standard (PCI DSS) data, as well as documents in the “Marked as Confidential” category
  • Automatic data loss prevention policy creation with optional end user assistance
  • Adaptive data loss prevention enforcement with automatic learning-based policy adjustment
  • Cloud-based centralized audit logging, alerting, and end user notifications
RMM

For endpoints:

  • Group management
  • Centralized management of protection plans
  • Hardware inventory
  • Remote control
  • Remote actions
  • Concurrent connections per technician
  • Remote connection protocol: RDP
  • Four monitors
  • Threshold-based monitoring
  • Show last logged-in user
  • Vulnerability assessment for Windows and macOS

For Microsoft 365 seats:

  • Auditing of Microsoft 365 security posture with best practice baselines, user management, and user onboarding

The RMM service includes the following features:

For endpoints:

  • Patch management
  • Disk health
  • Software inventory
  • Vulnerability assessment of third-party products for Windows operating systems
  • Fail-safe patching
  • Cyber Scripting
  • Remote assistance
  • File transfer and sharing
  • Selecting a session to connect
  • Observing workloads in multi-view
  • Connection modes: control, view-only, and curtain
  • Connection via the Quick Assist application
  • Remote connection protocols: NEAR and Apple Screen Sharing
  • Session recording for NEAR connections
  • Screenshot transmission
  • Session history report
  • 24 monitors
  • Threshold-based monitoring
  • Anomaly-based monitoring
  • Remote software deployment by using DeployPilot
  • Vulnerability assessment for third-party Windows applications
  • Geolocation tracking
  • Helpdesk chat

For Microsoft 365 seats:

  • Automatic and manual remediation of baseline deviations, and user offboarding
Email security

None

Real-time protection for Microsoft 365 and Gmail mailboxes:

  • Antimalware Antispam
  • URL scan in emails
  • DMARC analysis
  • Anti-phishing
  • Impersonation protection
  • Attachments scan
  • Content disarm and reconstruction
  • Graph of trust

See the configuration guide.
Security Awareness Training  
  • Security awareness training
  • Compliance training
  • Phishing simulation
  • Policy acknowledgment management
Disaster Recovery

You can use the Demo Disaster Recovery features to try Disaster Recovery scenarios for your workloads.

Note the Disaster Recovery features that are available, and their limitations:

  • Test failover in an isolated network environment. Limited to 32 compute points per month, and up to 5 test failover operations at the same time.
  • Recovery server configurations: 1 CPU and 2 GB RAM, 1 CPU and 4 GB RAM, and 2 CPU and 8 GB RAM.
  • Number of recovery points available for failover: only the last recovery point that is available right after a backup.
  • Available connectivity modes: Cloud-only and Point-to-site.
  • Availability of the VPN gateway: The VPN gateway will be temporarily suspended if it is inactive for 4 hours after the last test failover completed, and will be deployed again when you start a test failover.
  • Number of cloud networks: 1.
  • Internet access
  • Operations with runbooks: create and edit.

You can enable the Disaster Recovery service and protect your workloads using the complete Disaster Recovery functionality:

  • Production failover
  • Test failover in an isolated network environment.
  • Number of recovery points available for failover: all recovery points that are available after the creation of the recovery server.
  • Primary servers
  • Recovery/Primary server configurations: No limitations
  • Available connectivity modes: Cloud-only, Point-to-site, Site-to-site Open VPN, and Multi-site IPsec VPN.
  • Availability of the VPN gateway: always available.
  • Number of cloud networks: 23.
  • Public IP addresses
  • Internet access
  • Operations with runbooks: create, edit, and execute.

If an additional service is enabled, its features appear in the protection plan and are marked with the additional service icon . When users enable the feature in a protection plan, they will be warned that additional billing applies.

If an additional service is not enabled, but upsell is turned on, the additional service features appear in the protection plan, but are inaccessible for use. A message will prompt users to contact their administrator to enable the required additional service.

If an additional service is not enabled and upsell is turned off, customers will not see the additional features in their protection plans.

Pay-as-you-go and additional services in the Protection service

Pay-as-you-go and additional services in the Protection service
Feature group Pay-as-you-go features

Additional services
Backup
  • File backup
  • Image backup
  • Applications backup
  • Network shares backup
  • Backup to cloud storage
  • Backup to local storage
Fees for cloud storage usage are applicable.

Advanced Backup service:

  • One-click recovery
  • Continuous data protection
  • Backup support for Microsoft SQL Server clusters and Microsoft Exchange clusters – Always On Availability Groups (AAG) and Database Availability Groups (DAG)
  • Backup support for MariaDB, MySQL, Oracle DB, and SAP HANA
  • Data protection map and compliance reporting
  • Off-host data processing
  • Backup frequency for Microsoft 365 and Google Workspace workloads
  • Remote operations with bootable media
  • Direct backup to Microsoft Azure, Amazon S3, and Wasabi public cloud storage
File Sync & Share
  • Store encrypted file-based content
  • Synchronize files across designated devices
  • Share folders and files with designated people and systems

Notarization and eSignature service:

  • Notarization and eSignature
  • Document templates*

*Backup of sync and share files
Physical Data Shipping Physical Data Shipping functionality

N/A

You cannot enable additional protection services without enabling the standard protection feature that they extend. If you disable a feature, its additional services are disabled automatically and the protection plans that use them will be automatically revoked. For example, if you disable the Protection feature, its services will be disabled automatically and all plans that use them will be revoked.

Users cannot use additional services without standard protection, but can use only Standard Protection together with additional services on specific workloads.

For information about billing and licensing, see the Licensing Guide in the Partner Portal.