Calculate the endpoint usage with the Monthly License Usage report
This section explains how to calculate the endpoint usage with the Monthly License Usage report, in GravityZone Cloud.
As a Bitdefender managed service provider (MSP), you are able to offer Bitdefender cloud security add-ons and services in a flexible manner, best suited to your clients with monthly license. Consequently, you can charge them depending on how they use these products.
GravityZone helps you keep a clean tracking of the consumed resources with the Monthly License Usage report, which you have to generate at the beginning of each month for the previous month. For details about generating a Monthly License Usage report in Control Center or via API, refer to Create a Monthly License Usage report in GravityZone.
About the Monthly License Usage report
The Monthly License Usage report aims to provide all the details you need to measure and charge the usage of GravityZone services accordingly. It also includes information to simplify the process of billing.
Calculation of the monthly usage relies on the product type and the protection add-ons and services that companies have used during the previous month.
Companies can use the following product types:
Endpoint Security - the fully-featured security solution, with all modules available for deployment on endpoints.
BitdefenderEDR - a lightweight Endpoint Detection and Response (EDR) solution for Windows-based systems that can run alongside any third-party protection platform.
When creating the report, you are provided with the following options that help you focus on the data you are interested in:
Product type - generate the report for either companies with Endpoint Security or with BitdefenderEDR.
Only endpoint details - the report focus on information related to the endpoints and ignores the companies' hierarchy.
Only direct companies - the report does not include the entire hierarchy, but only child companies at the first level under the target company.
As displayed in Control Center, the Monthly License Usage report consists mainly of two areas:
The chart, which depicts the usage of some GravityZone add-ons and services during the month.
The table, which lists details about companies, license and usage. The table is customizable by clicking the Show/Hide Columns button in the top-right corner.
Clicking the numbers of each element of the column provides you with more details regarding endpoints and the usage of GravityZone add-ons and services.
The table includes the following details:
Path – location of the target company in the network tree.
Company name
Company type
License key
License Type
Product Type
Month
Licensed endpoints – number of endpoints licensed during the month (physical servers or workstations, virtual servers or workstations and container hosts).
Endpoint usage – number of machines with core protection.
Patch Management usage – number of endpoints that have installed this add-on during the month.
SVE: VS – number of virtual servers with Central Scan.
SVE: VDI – number of uptime hours for virtual desktops with Central Scan.
Container Protection Usage - indicates number of container host endpoints with the module installed.
ATS usage – number of endpoints that have used at least one of the Advanced Threat Security add-ons (HyperDetect or Sandbox Analyzer).
EDR usage – number of endpoints with the EDR sensor.
MDR Foundations - number of endpoints with an installed EDR module, which have enabled this service during the month.
Reserved seats – total number of license seats available for a company. The previous name of this column was Total.
Subscription end date - date of expiration for monthly usage (optional).
Subscription auto-renewal - indicates if this option is active.
Minimum usage - number of endpoints with minimum usage.
Note
If a GravityZone add-on or service has not been enabled for a company, it is specified as such.
Available output formats
From the GravityZoneControl Center, you can export the report in PDF and CSV formats, or you can send it through email.
Usage for companies with Endpoint Security
To calculate the monthly usage for GravityZone modules, add-ons, and services you need the CSV file.
The monthly usage is counted based on the enabled modules, add-ons, and services during the month. The modules are part of the GravityZone core protection, while add-ons and services are optional and billed separately.
The CSV file lists all the standard and optional security layers, along with other relevant data on companies and endpoints.
Usage for endpoints with core protection
The GravityZone core protection includes the following modules and roles:
Antimalware (not listed in the report as it is installed by default on endpoints)
Advanced Threat Control
Advanced Anti-Exploit
Firewall
Content Control
Device Control
Network Attack Defense
Power User
Relay
The usage for endpoints with standard protection is based on the Antimalware module.
The other modules do not generate additional usage in terms of billing, but they are listed in the CSV file for you to have a complete view over what is installed on the endpoints.
The usage is calculated based on the number of endpoints with core protection installed during the month and is available in the Endpoint Usage column.
If a company has used the Security for Virtualized Environments add-on (Central Scan protection), you have to subtract virtual servers (VS) and virtual desktops (VDI) from this number.
API
Use the getMonthlyUsage
method to obtain the value for endpointMonthlyUsage
. For details, refer to Bitdefender GravityZone API Guide for Partners, chapter Licensing > getMonthlyUsage.
Usage for endpoints with add-ons
The GravityZone add-ons include:
The usage for Full Disk Encryption is calculated by the number of endpoints that have installed this add-on during the month.
In the CSV file of the Monthly License Usage report, filter the corresponding column by "Full Disk Encryption = Yes" to get the usage of this add-on.
The usage of Patch Management is calculated by the number of endpoints that have used this add-on during the month.
In the CSV file of the Monthly License Usage report, filter the corresponding column by “Patch Management = Yes” to get the usage of this add-on.
The usage for Advanced Threat Security is calculated by the number of endpoints that have installed at least one of HyperDetect or Sandbox Analyzer add-ons during the month.
In the CSV file, filter the Advanced Threat Security by “ATS=Yes”.
If you want granular information, filter the HyperDetect and Sandbox Analyzer columns by "HyperDetect = Yes", then "Sandbox Analyzer = Yes". You have to combine the results to get the usage of these modules.
The usage for Endpoint Detection and Response (EDR) is calculated by the number of endpoints that have installed the EDR sensor during the month.
In the CSV file of the Monthly License Usage report, filter the corresponding column by “Endpoint Detection and Response = Yes” to get the usage of this module.
Usage is calculated separately for each XDR category type (Identity Providers, Productivity, Network, and Cloud Workloads), based on three factors:
Having the XDR sensor category enabled.
The total number of endpoints licensed during the month.
Having at least one sensor deployed. If no sensors belonging to the category have been deployed at any point during the month, the usage is set to 0.
Note
Disabling all sensor types or reducing the total number of licensed endpoints will reflect in the following month's usage.
In the .CSV file of the Monthly License Usage report, the XDR Identity Providers
, XDR Productivity
, XDR Network
, and XDR Cloud Workloads
indicate which sensor types are enabled. You can get the usage of each sensor type by checking the values under the XDR Identity Providers Usage
, XDR Productivity Usage
, XDR Network Usage
, and XDR Cloud Workloads Usage
columns.
The usage of Integrity Monitoring is calculated by the number of endpoints that have installed this add-on during the month.
Note
The monthly usage starts when the add-on is installed and licensed, not when it's enabled in the policy.
If you upgrade your data retention add-on, you are going to be charged from the moment the data retention add-on was upgraded. However, if you downgrade your data retention add-on, you are going to be charged with the new data retention plan at the start of the following month.In addition, the endpoints that were offline before the last data retention change are going to be charged for the highest data retention add-on that was active during the month they were online.
The usage for this add-on is calculated by:
Number of virtual servers with Security for Virtualized Environments
Note
Linux virtual machines are considered virtual servers.
Number of hours of using virtual workstations (VDI) with Security for Virtualized Environments
To obtain these data, you are provided with the following columns in the CSV file of the Monthly License Usage report:
Endpoint OS type: server or workstation.
Endpoint type: physical or virtual.
Uptime: how much time the endpoint has been protected by GravityZone. The uptime is counted in seconds and it is rounded up when converted in hours. For example, if the uptime for an endpoint with Central Scan is 3,600 seconds it means the endpoint will be charged for one hour. If the uptime is 3,650 seconds, the endpoint will be charged for two hours.
Important
The sleep and hibernation modes are not counted for uptime.
Security for Virtualized Environments: Yes means the endpoint used Central Scan engine at least once during the month. No means the company has been using Local Scan or Hybrid Scan engines.
In the CSV file, filter the columns as follows:
For virtual servers (VS) with Security for Virtualized Environments by selecting "Security for Virtualized Environments = Yes" and "Endpoint type= Virtual" and "OS type = Server"
For virtual workstations (VDI) with Security for Virtualized Environments by selecting "Security for Virtualized Environments = Yes" and "Endpoint type= Virtual" and "OS type = Workstation", then sum up the uptime and divide it by 3600 to get the hourly usage. The result is rounded up.
Note
In case of using virtual servers (VS) or virtual workstations (VDI), you need to subtract them from the total number of machines to avoid double billing.
The usage of Security for Exchange is calculated with the dedicated [Exchange] Monthly License Usage report. This report provides you with details such as: company name, license keys, month, and the number of protected mailboxes belonging to each managed company.
In the Monthly License Usage report, you can view the number of endpoints with Security for Exchange, but only for your information.
The usage for Email Security is calculated based on the active primary mailboxes (excluding aliases and distribution lists) that have sent or received at least one email during the month.
Mailbox are subject to billing if:
The primary flag is set to
true
.The
objectClass
in Active Directory must be eitheruser
orNULL
.
Shared mailboxes, distribution Lists (DLs), and other similar resources are not counted towards product usage if:
objectClass
is set to eithergroup
ormsExchDynamicDistributionList
for on-premise environments.objectClass
is set tosharedMailbox
for cloud environments.
Note
If you are using Azure Active Directory you must grant the correct permissions to allow synchronization of shared mailboxes, otherwise they will be indistinguishable from standard users and subject to billing.
The GravityZone Security for Email Monthly License Usage report provides you with details such as: company name, license keys, month, and the number of protected mailboxes belonging to each company.
Container Protection
The usage for Container Protection is calculated based on the following criteria:
The number endpoints with Container Protection deployed.
If deployed on a virtual server, the instance will be deducted from the VS usage number.
If not deployed on a virtual server, the instance will be deducted from the endpoint usage number.
To obtain these data, you are provided with the following columns in the CSV file of the Monthly License Usage report:
Container Protection: if the add-on is activated
Container Protection Usage: number of endpoints with module installed
Endpoint OS type: server or workstation.
Endpoint type: physical or virtual.
Usage for endpoints with services
The GravityZone services include:
The Managed Detection and Response (MDR) for MSPs service is called Foundations.
The usage for MDR Foundations is calculated by the number of endpoints with an installed EDR module, which have enabled this service during the month.
In the CSV file of the Monthly License Usage report, filter the corresponding columns by "MDR Foundations= Yes" to get the usage of this service.
Example of a monthly usage report
In a Monthly License Usage report, you have the following data presented in the CSV file:

Click here to download the CSV file.
The data indicates the following companies:
Partner 1 – Partner company with monthly license
Customer A – Customer company under Partner 1, with monthly subscription
Customer B – Customer company under Partner 1, with monthly subscription
Customer C – Customer company under Partner 1, with monthly subscription
Partner 1 has 16 licensed endpoints from a total of 100 reserved seats. The licensed endpoints are counted from the Customer A, Customer B and Customer C companies, which inherit reserved seats from Partner 1.
The usage for these companies is calculated by filtering relevant columns for each GravityZone service, in the endpoint details area.
Monthly usage for the companies under Partner 1:
Customer A
Endpoints with standard protection: 3
Endpoints with Full Disk Encryption: 2
Endpoints with Patch Management: 1
Endpoints with Advanced Threat Security: 9 (7 with both HyperDetect and Sandbox Analyzer, plus 2 with HyperDetect only)
Endpoints with Endpoint Detection and Response: 2
Endpoints with Security for Virtualized Environments:
Virtual servers: 1
Usage of virtual workstations (VDI): 30 hours (107,280 seconds from three virtual workstations)
Endpoints with Container Protection: 1
However, the usage must be calculated with the [Exchange] Monthly License Usage report.
Customer B
Endpoints with standard protection: 1
Endpoints with Full Disk Encryption: 3
Endpoints with Patch Management: 1
Endpoints with Advanced Threat Security: 4 (1 with both HyperDetect and Sandbox Analyzer, plus 3 with HyperDetect only)
Endpoints with Endpoint Detection and Response: 2
Endpoints with Security for Virtualized Environments:
Virtual servers: 0
Usage of virtual workstations (VDI): 2 hours (3,900 seconds from one virtual workstation)
Endpoints with Container Protection: 1
Endpoints with Security for Exchange: 0.
Customer C
Endpoints with standard protection: 1
Endpoints with Full Disk Encryption: 1
Endpoints with Patch Management: 0
Endpoints with Advanced Threat Security: 0
Endpoints with Endpoint Detection and Response: 2
Endpoints with Security for Virtualized Environments:
Virtual servers: 0
Usage of virtual workstations (VDI): 0
Endpoints with Container Protection: 0
Endpoints with Security for Exchange: 0
Usage for companies with Bitdefender EDR
The usage is counted based on the number of endpoints that have used Bitdefender EDR during the month.
To get the usage, generate again the Monthly License Usage report with Bitdefender EDR as product type.
In the CSV file, the number of the endpoints is available in the Endpoint Usage column.
Example of a monthly usage report
In a Monthly License Usage report generated for Bitdefender EDR, you have the following data presented in the CSV file:

Click the image to view it larger. Click here to download the above CSV file.
The data indicates the following companies:
Partner 1 – Partner company with monthly license and Endpoint Security as product type. Additionally, Partner 1 assigned Bitdefender EDR to its child companies.
Customer A – Customer company under Partner 1, with monthly subscription and Endpoint Security as product type.
Customer B – Customer company under Partner 1, with monthly subscription and Endpoint Security as product type.
Customer C – Customer company under Partner 1, with monthly subscription and Endpoint Security as product type.
Customer D - Customer company under Partner 1, with monthly subscription and Bitdefender EDR as product type.
The usage for Customer A, Customer B, and Customer C is zero, because all these companies use Endpoint Security.
The usage for Customer D, which uses Bitdefender EDR, is 3, as indicated in the Endpoint Usage column.
Because only Customer D has Bitdefender EDR usage in this report, the parent company Partner 1 indicates the same usage.
The CSV file also includes the endpoints list with the following usage per module: Advanced Threat Control, Content Control, Network Attack Defense, and Endpoint Detection and Response. All this modules are part of Bitdefender EDR as product type, so they do no generate additional usage.
Minimum usage
In GravityZone Control Center, the Monthly License Usage report displays minimum usage in the column with the corresponding name.
In the CSV file, the minimum usage is available in the Minimum usage column.
For details about Bitdefender offering for MSP, refer to Frequently Asked Questions (FAQ) about Bitdefender Cloud Security for MSP.