TrustRadius: an HG Insights company

Microsoft Defender for Endpoint

Score8.8 out of 10

281 Reviews and Ratings

Free Trial

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.

Categories & Use Cases

Media

blocked activities
Detects & responds
discovers vulnerability
Eliminates blind spots
Risk management

1 / 5

Key Features

Learn about the best (and worst!) features Microsoft Defender for Endpoint has to offer, as determined by TrustRadius' reviewers.
Based on 281 ratings of Microsoft Defender for Endpoint's features
View all features

Top Performing Features

  • Malware Detection

    Detection and blocking of zero-day file and fileless malware.

    Category average: 9.1

  • Endpoint Detection and Response (EDR)

    Continuous monitoring and response to advanced internet threats by endpoint agents.

    Category average: 9.1

  • Infection Remediation

    Capability to quarantine infected endpoint and terminate malicious processes.

    Category average: 8.6

Areas for Improvement

  • Centralized Management

    Centralized management supporting multi-factor authentication, customized views, and role-based access control.

    Category average: 8.7

  • Vulnerability Management

    Vulnerability prioritization for fixes.

    Category average: 8.6

  • Hybrid Deployment Support

    Administrators should be able to choose endpoint security on-premise, cloud, or hybrid.

    Category average: 8.1

Reviews

What users are saying about Microsoft Defender for Endpoint.
View all reviews

Offers Solid Protection Against Attacks at the Endpoints.

Patrick Lendi
IT Manager in Information Technology at Kaba Delivery (51-200 employees employees)

Use Cases and Deployment Scope

We use the Microsoft Defender for Endpoint to protect data at the endpoints. Helps to keep employees laptop, desktops, phones and other devices secure and protect against cyber threats. Offers a strong encryption scheme that helps to protect data organizational data from getting in wrong hands in-case of lost of a device.

Pros

  • Protects devices from cyber attacks ( Malware and Spyware)
  • Responding to threats in real-time.
  • Automates cyber threat protection and response.
  • Seamless integration with Microsoft ecosystem.
  • Offers reliable security monitoring.

Cons

  • Learning curve for advanced features.
  • False positive in occasional instances.

Return on Investment

  • Enhances security at the endpoints.
  • Helps to boast productivity by elimination of interruptions.
  • Enhances compliance and disaster recovery.

Usability

Other Software Used

Barracuda Backup, Microsoft 365

Microsoft Defender for Endpoint should just be enabled by default

Incentivized
John Lee
IT Director in Information Technology at Fleurco Products Inc. (51-200 employees employees)

Use Cases and Deployment Scope

[...] is a manufacturing company headquartered in Montreal. We have offices across Canada and the United States. Microsoft Defender for Endpoint is deployed across our entire organization. Having a cloud based solution with a single pane of glass to manage all our assets is of the highest importance to us. Being able to receive immediate alerts when suspicious activity occurs has been extremely helpful in keeping our risks at a minimum. Microsoft Defender for Endpoint management is also smart enough to not send several alerts when an attack could be hitting multiple targets within a certain time frame or it's the same attack multiple times.

Pros

  • Consolidate alerts so you are not overwhelmed
  • Integrates with Microsoft products
  • Already licensed if you're using Office Premium or higher enterprise licenses

Cons

  • Management Interface needs work
  • Digging through analysis is not always informative
  • Constant clicking around to find all the relevant information

Return on Investment

  • Microsoft Defender for Endpoint has alerted our team when users clicked on phishing links in emails and we were able to prevent any harm
  • When a website frequently visited was compromised, Microsoft Defender for Endpoint quickly quarantined the file that was auto-downloaded.
  • The alerts for the website download were all consolidated to one incident making it easier to manage.

Usability

Return on Investment

We have Microsoft Defender for Endpoint installed across our entire organization with offices in Canada and the United States. All our workstations are Microsoft Windows based. Our servers are all Microsoft Windows Server and we have a few on-premise servers at our headquarters as well as several hosted on Microsoft Azure.

Alternatives Considered

BlackBerry Protect (CylancePROTECT) and BlackBerry Optics (CylanceOPTICS)

Other Software Used

Sage 300, WatchGuard AuthPoint

My Insights on Microsoft Defender.

Incentivized
Piero Biglione
IT Technician in Information Technology at Arkios (51-200 employees employees)

Use Cases and Deployment Scope

We use the Microsoft Defender for Endpoint protection and threat response. It helps protect our organization's servers and cloud from any attacks, thus keeping our data secure. The tool helps to ensure that our endpoints are secure from any threat through threat detection and elimination automation.

Pros

  • Proactive threat detection and protection.
  • Offers comprehensive endpoint security.
  • Offers advanced threat protection.

Cons

  • Sometimes it gives false positives.

Return on Investment

  • Improved security posture.
  • Saves time.

Usability

Microsoft Defender for Endpoint Review

Incentivized
Verified User
Employee in Information Technology (5001-10,000 employees employees)

Use Cases and Deployment Scope

We use Microsoft Defender for Endpoint as our EDR solution. We used to have a traditional AV. So the transition from the AV to the EDR was a tremendous improvement from our soft team. So we are definitely happy with it. And the scope of the use cases, the entire endpoint, plus the older software system as well.

Pros

  • Definitely on the threat action and response. We didn't have a stress-response option before, but the dependent brand point provided it instantly. Also, it's doing UVA and machine learning, which we didn't have before. So it's definitely providing more sophisticated threat-detection capabilities than we had before.

Cons

  • It's a typical Microsoft being Microsoft. The update of those products is just like a constant. And sometimes we run into issues we never expected, and then it turns out it was a detection engine update or the agent version of the data actually causing the issue.

Return on Investment

  • Another positive impact is that Microsoft Defender for Endpoint is built into the Windows OS. So naturally, it is much easier to load it out and manage it, rather than acquiring it through party ER, deploying it, and managing it separately. So that's definitely on the positive side that we observe there's a byproduct of changing Microsoft Defender for Endpoint.

Usability

Microsoft Defender for Endpoint Review

Incentivized
Verified User
Director in Information Technology (201-500 employees employees)

Use Cases and Deployment Scope

The problem it's solving for is obviously protecting us from ransomware, malware, and any viruses on our systems. Also, any data loss prevention controls what we put into the policy so users aren't accidentally deleting a lot of data or sending the data where they're not supposed to go. It also protects the endpoint from various types of risks and threats. The scope is in production. It's on everybody's machines. And we just want to make sure that we're minimizing as many risks on our endpoints. So we make sure that the computers are up to date, it's protected.

Pros

  • It really protects our endpoints. We've used other antivirus programs in the past, and they haven't had that full confidence in those products compared to what Microsoft Defender for Endpoint does for us.
  • Another pro is that it's easy to manage the management console through Intune to see Microsoft Defender for Endpoint up in the cloud and see the state of our devices.
  • Another pro is we haven't had an incident since we installed it.

Cons

  • That's a tough one because I don't have many cons on the product. Maybe the con is really around reporting. It's harder to get to the reporting and the analytics side. We have to do some of the custom reporting on our own, either through Power BI and whatnot. So the out-of-the-box reporting could be improved upon.

Return on Investment

  • For me, the positive was the return on investment: it's, again, part of the technology stack. It comes with the E5 license. So it's not a separate contract I have to do, separate licensing that I have to monitor. It's all built within what we do with our regular users and what other Microsoft tooling they use.

Usability

Other Software Used

ChatGPT, Microsoft Security Copilot

Related Products

Products similar to Microsoft Defender for Endpoint that may also meet your needs.
All comparisons
Symantec Endpoint Security
CompareLearn more
Sophos Intercept X
CompareLearn more
CrowdStrike Falcon
CompareLearn more