Microsoft Defender for EndpointFormerly Microsoft Defender ATP
Overview
What is Microsoft Defender for Endpoint?
Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation…
Microsoft Defender for Endpoint Review
Microsoft Defender for Endpoint Review
Defender Review
Microsoft Defender for Endpoint Review.
Microsoft Defender for Endpoint Review
Microsoft Defender for Endpoint Review
Microsoft Defender for Endpoint Review
Microsoft Defender for Endpoint Review
Microsoft Defender for Endpoint as a EDR tool
Defender for Endpoint Review
Microsoft Defender for Endpoint Review
Microsoft Defender for Endpoint Review
A reliable End to end security package.
Perfect Endpoint Security, Exposure Detection and Management Tool.
How Microsoft Defender for Endpoint Differs From Its Competitors
Components
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Malware Detection (53)8.585%
- Infection Remediation (52)8.282%
- Anti-Exploit Technology (51)8.080%
- Centralized Management (52)7.979%
Reviewer Pros & Cons
Pricing
Academic
$2.50
Standalone
$5.20
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Product Demos
Microsoft Defender for Endpoint Overview
Features
Endpoint Security
Endpoint security software protects enterprise connected devices from malware and cyber attacks.
- 8Anti-Exploit Technology(51) Ratings
In-memory and application layer attack blocking (e.g. ransomeware)
- 8.5Endpoint Detection and Response (EDR)(51) Ratings
Continuous monitoring and response to advanced internet threats by endpoint agents.
- 7.9Centralized Management(52) Ratings
Centralized management supporting multi-factor authentication, customized views, and role-based access control.
- 7.8Hybrid Deployment Support(10) Ratings
Administrators should be able to choose endpoint security on-premise, cloud, or hybrid.
- 8.2Infection Remediation(52) Ratings
Capability to quarantine infected endpoint and terminate malicious processes.
- 8.3Vulnerability Management(50) Ratings
Vulnerability prioritization for fixes.
- 8.5Malware Detection(53) Ratings
Detection and blocking of zero-day file and fileless malware.
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Microsoft Defender for Endpoint?
Rapidly
stops threats: Protects against sophisticated threats such as
ransomware and nation-state attacks.
Scales security: Puts time back in the hands of defenders to prioritize risks and elevate the organization's security posture.
Evolves the organization's defenses: Goes beyond endpoint silos and mature the organization's security based on a foundation for extended detection and response (XDR) and Zero Trust.
Microsoft Defender for Endpoint Features
Endpoint Security Features
- Supported: Anti-Exploit Technology
- Supported: Endpoint Detection and Response (EDR)
- Supported: Centralized Management
- Supported: Infection Remediation
- Supported: Vulnerability Management
- Supported: Malware Detection
Microsoft Defender for Endpoint Screenshots
Microsoft Defender for Endpoint Video
Microsoft Defender for Endpoint Competitors
Microsoft Defender for Endpoint Technical Details
Deployment Types | On-premise |
---|---|
Operating Systems | Windows |
Mobile Application | No |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(187)Attribute Ratings
Reviews
(1-17 of 17)- The ability to provide decision support (or content about alerts) is powerful and allows us to become experts in analytics rather than in a specific technology
- Microsoft Defender provides security for unmanaged devices on corporate networks
- Microsoft Defender for Endpoint is a service in the Microsoft Defender Security Center. By adding and deploying client provisioning profiles, configuration administrators can monitor deployment status and obtain endpoint agent health status using Microsoft Defender.
- Windows Defender isn't perfect. It may miss some threats, especially new and sophisticated threats. So it’s important to supplement it with other security measures.
- Even though Windows Defender does a good job, it can't protect you from everything. Therefore, it is important to be aware of the risks and take steps to protect your computer, such as using complex passwords and being careful about clicking on anything, especially email attachments and some tech support scam calls.
Microsoft Defender for Endpoint Review
- From an overall endpoint protection perspective, I would say it certainly helps protect through the integration across the entire OS and software browser or what have you. Just that deep integration protects against threats, potentially internal with accidental file sharing, external files, browsers, malicious links, URLs, just the ability to have that smart screen capability built in, again throughout the entire OS really just helps protect the entire machine.
- From an improvement perspective. The only thing that comes to mind is when there's a health notification on a particular action in the security center where there's maybe an action to take, whether a piece is misconfigured and it maybe click to activate set capability.
- So from a negative, the only thing that really comes to mind is within the device security portal within the machine itself. Occasionally you'll get alerts such as Core Isolation, maybe after a security update or whatever, just the Windows update comes through. Maybe something might be disabled temporarily. And trying to re-enable that feature through a single click. And then a reboot doesn't always seem to stick the first time, but that's honestly the only thing that stands out.
Microsoft Defender for Endpoint Review
- It helps detect anomalies. It helps detect sensitive files that are being sent outside of the company. It pretty much provides this intel.
- Would probably be documentations. If documentation can be simplified, that would've been nice.
Microsoft Defender for Endpoint Review
- When an end user opens a file or accesses a file I should say that has malicious content, it will quarantine the file. It will also let us know if an end user themselves has an issue now. So the whole Defender Suite has different parts. So some of these may be going over into Defender for identity and stuff. I'm not clear on which is which, but it's the whole ecosystem. I'll get an email letting me know that there's an issue and then we follow up. The email generally has a link in it to the actual event in the defender for endpoint or whatever console. And then we can start looking at the case, make sure the endpoint is quarantined. So it can't do anything. The only thing we can do is talk to it to do forensics or whatever so it's not totally isolated where we have to get somebody on the ground to go to the thing. We can still work on it remotely, but the end user can't do anything that would continue to cause lateral movement of the compromise or anything like that.
- As much as I've talked about loving this product, there are issues it seems like almost daily when we get into it. Something has changed or moved or the name of the overall system has changed. Microsoft needs to just stick and stay. I understand with development and their merging products and stuff, but it's really frustrating when things change daily, especially when we're doing an e-discovery investigation or DLP. It's almost an emergency situation and when you have to relearn how to do something in the system, it's very frustrating.
Microsoft Defender for Endpoint
- Quick response to all threats across all devices protected.
- Help pick up vulnerabilities in systems which previously have gone unidentified.
- Centrally Managed with a single pane of glass view is super handy and useful.
- The only thing I think that can be improved on is the reporting.
Microsoft Defender helps us keep our software environment reliable and operationally secure.
- Incoming E-mails are tested for viruses
- Zip files that are extracted are checked for viruses
- Downloaded executables are also checked for viruses
- Better reporting of found dangerous code
- More insight into the resources used by a system scan
- It is good that regular updates are made available
This was well suited.
The executable generated by a c compiler that was not Microsoft's was considered dangerous code.
This was not suitable.
Defender is the default choice for a Microsoft shop
- End Point Protection in real time
- Security Dashboard for CISOs
- End point detection and Response
- Don't have any points to add here
If your customers are spread across multiple geographies, then Defender can help you setup Compliance policies based on each reason which reduces the efforts from DPO significantly.
Apart from these, I feel it is a feature rich and stable EDR product.
Easy and Reliable to Use
- Auditing of All Endpoints and Events
- Real-Time Protection
- Configuration and Deployment of the Product
- It evolves as threats do, but keeping up with threats is always a concern.
Nice Product.
- Helps in Endpoint Management through centralized console.
- Good detection Coverage.
- Reports
- Whitelisting options.
Microsoft Defender for Endpoint Review
- I really enjoy the level that we get with our licensing for the timeline on devices, being able to see what happened when it happened down to the millisecond to know exactly what happened when someone clicked something, did something bad, installed something bad, or whichever. And the alert monitoring is really useful for sending emails whenever there's anything that's remotely detected, even if it's a false positive.
- I'm having a hard time thinking of anything because we get all of the endpoint tools available to us with our licensing level and we use them as much as we need to. There are some that we're still kind of figuring out that we should be using more of. So I can't think of anything right now.
Microsoft Defender for Endpoint Review
- It's easy to manage. You don't have to touch it, it just does what it needs to do.
- Performance. There's a lot of situations where you turn the computer on and the first thing it does is a scan. And that scan takes so long and all the time. Sometimes all I want to do is just read an email.
Microsoft Defender for Endpoint Review
- We've had very great success with Defender for Endpoint stopping malware. So any new threat or any new emerging threats, it has quickly detected them and stopped them in their tracks. And if it's not able to stop them, it has alerted us so we can go in and manually take intervention. It has done well against particular malware payloads being stopped from being downloaded on the machine as well. I might be crossing a boundary with a different Microsoft product here, but detection of malicious links received through emails and colleagues trying to access websites that they shouldn't be accessing. So it's been particularly good at that stuff.
- Off the top of my head, I can't think of anything that I can scrutinize. Actually, there was one event that we had to contact Microsoft on to help fix a malicious JavaScript file. So we've had some malicious JavaScript files come into our environment and be undetected by Microsoft Defender for Endpoint. That was one of those instances where we had to take manual intervention and we were not alerted by Microsoft Defender for Endpoint and we did engage Microsoft Support and add a signature definition for it, which helped for that particular instance. However, we've had another JavaScript instance since then that was not detected. So I would say better detection at malicious JavaScript files would be room for improvement.
Microsoft Defender for Endpoint is an integrated all around Security tool for Windows Devices
- OS Integration for detection
- Detection Reporting
- Detection Remediation
- Classification of incidents could be better
- Data is locked behind the expensive sentinel program
- System will fail remediating issues, but not change alert
Defend a lot more than Endpoints.
- Threat intelligence.
- Data Protection.
- Protection against Security Threats.
- More training and simulation for an end user.
- More advanced threat-hunting UI overhaul. A lot of the features are nested in multiple menus and side panes.
- Executive Reports and Summaries of Windows Timeline.
Microsoft Defender holds up to the sales pitch and more
- Great dashboard for the techs on the end of support
- Provides good notifications for the user
- Does a great job quarantining questionable emails that may have suspicious links.
- Stop changing the product name - creates confusion at times
Holistic approach to Cybersecurity
- Compatible with macOS, iOS, Android, Windows Server, Windows 10 and Linux
- It runs natively on Windows it is not a bolted on solution. Once you have the correct license it is easy enough to light up the application to protect the endpoint
- Integrated with Microsoft Intune
- It is designed to detect and remediate adversary tactics from the MITRE knowledge base.
- Microsoft analyzes billions of signals daily to detect attacks against O365 tenants these same signals are fed into ML to further fine-tune MDE. How many other solutions out there will have access to this vast amount of data to analyze to train their ML?
- Automated detection and remediation of threats with a graphical timeline view of how the treat got into the device and was stopped
- It has its own vulnerability scanner to feed data into the dashboard so you can see daily which endpoints need to be patch first based on its value
- It comes with an advanced hunting tool using the kusto query language to search your tenant for threats
- It can keep 180 days of log data
- From one bundled license I can protect Exchange online email, Sharepoint, Microsoft Teams, One Drive, Azure identities, AD, endpoints
- Web filtering on the macOS it not available yet
- They recently made it easier to on-board macOS endpoints using Microsoft Intune by deploying it as an app. It used to take a lot of more configuration profiles to set up. For older macOS Sierra using the older extensions it will still require the multiple steps to on-board to MDE
- They need to integrate Microsoft Cloud app into the new dashboard of MDE
- Reduce the memory overhead of the mdatp agent running on Linux
Microsoft Defender ATP offers a great alternative to traditional, and even cloud-based AV.
- Visibility: It's great to be able to see what KBs are missing, etc.
- Lightweight AV protection built on the already included Windows Defender Application
- Deployment: We've had some issues deploying, especially outside of the Windows environment.
- Offboarding: There is currently no way to delete a computer. They disappear over time. We even renamed a computer, and it kept both the old and new name in there. Eventually, the older machines do go away, but there is no manual way to do this at the moment.
Where it may not be great is in mixed-OS environments. It requires a bit of determination to get ATP installed on OSX or Linux. While these platforms do get fewer viruses in general, it's good to have the layer of visibility and security for web and browser based threats.