TrustRadius: an HG Insights company

Microsoft Defender for Endpoint

Score8.8 out of 10

278 Reviews and Ratings

Free Trial

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.

Categories & Use Cases

Media

blocked activities
Detects & responds
discovers vulnerability
Eliminates blind spots
Risk management

1 / 5

Key Features

Learn about the best (and worst!) features Microsoft Defender for Endpoint has to offer, as determined by TrustRadius' reviewers.
Based on 278 ratings of Microsoft Defender for Endpoint's features
View all features

Top Performing Features

  • Malware Detection

    Detection and blocking of zero-day file and fileless malware.

    Category average: 9.1

  • Endpoint Detection and Response (EDR)

    Continuous monitoring and response to advanced internet threats by endpoint agents.

    Category average: 9.1

  • Infection Remediation

    Capability to quarantine infected endpoint and terminate malicious processes.

    Category average: 8.6

Areas for Improvement

  • Centralized Management

    Centralized management supporting multi-factor authentication, customized views, and role-based access control.

    Category average: 8.7

  • Vulnerability Management

    Vulnerability prioritization for fixes.

    Category average: 8.6

  • Hybrid Deployment Support

    Administrators should be able to choose endpoint security on-premise, cloud, or hybrid.

    Category average: 8.1

Reviews

What users are saying about Microsoft Defender for Endpoint.
View all reviews

Microsoft Defender for Endpoint should just be enabled by default

Incentivized
John Lee
IT Director in Information Technology at Fleurco Products Inc. (51-200 employees employees)

Use Cases and Deployment Scope

[...] is a manufacturing company headquartered in Montreal. We have offices across Canada and the United States. Microsoft Defender for Endpoint is deployed across our entire organization. Having a cloud based solution with a single pane of glass to manage all our assets is of the highest importance to us. Being able to receive immediate alerts when suspicious activity occurs has been extremely helpful in keeping our risks at a minimum. Microsoft Defender for Endpoint management is also smart enough to not send several alerts when an attack could be hitting multiple targets within a certain time frame or it's the same attack multiple times.

Pros

  • Consolidate alerts so you are not overwhelmed
  • Integrates with Microsoft products
  • Already licensed if you're using Office Premium or higher enterprise licenses

Cons

  • Management Interface needs work
  • Digging through analysis is not always informative
  • Constant clicking around to find all the relevant information

Return on Investment

  • Microsoft Defender for Endpoint has alerted our team when users clicked on phishing links in emails and we were able to prevent any harm
  • When a website frequently visited was compromised, Microsoft Defender for Endpoint quickly quarantined the file that was auto-downloaded.
  • The alerts for the website download were all consolidated to one incident making it easier to manage.

Usability

Return on Investment

We have Microsoft Defender for Endpoint installed across our entire organization with offices in Canada and the United States. All our workstations are Microsoft Windows based. Our servers are all Microsoft Windows Server and we have a few on-premise servers at our headquarters as well as several hosted on Microsoft Azure.

Alternatives Considered

BlackBerry Protect (CylancePROTECT) and BlackBerry Optics (CylanceOPTICS)

Other Software Used

Sage 300, WatchGuard AuthPoint

My Insights on Microsoft Defender.

Incentivized
Piero Biglione
IT Technician in Information Technology at Arkios (51-200 employees employees)

Use Cases and Deployment Scope

We use the Microsoft Defender for Endpoint protection and threat response. It helps protect our organization's servers and cloud from any attacks, thus keeping our data secure. The tool helps to ensure that our endpoints are secure from any threat through threat detection and elimination automation.

Pros

  • Proactive threat detection and protection.
  • Offers comprehensive endpoint security.
  • Offers advanced threat protection.

Cons

  • Sometimes it gives false positives.

Return on Investment

  • Improved security posture.
  • Saves time.

Usability

Microsoft Defender for Endpoint Review

Incentivized
Verified User
Employee in Information Technology (5001-10,000 employees employees)

Use Cases and Deployment Scope

We use Microsoft Defender for Endpoint as our EDR solution. We used to have a traditional AV. So the transition from the AV to the EDR was a tremendous improvement from our soft team. So we are definitely happy with it. And the scope of the use cases, the entire endpoint, plus the older software system as well.

Pros

  • Definitely on the threat action and response. We didn't have a stress-response option before, but the dependent brand point provided it instantly. Also, it's doing UVA and machine learning, which we didn't have before. So it's definitely providing more sophisticated threat-detection capabilities than we had before.

Cons

  • It's a typical Microsoft being Microsoft. The update of those products is just like a constant. And sometimes we run into issues we never expected, and then it turns out it was a detection engine update or the agent version of the data actually causing the issue.

Return on Investment

  • Another positive impact is that Microsoft Defender for Endpoint is built into the Windows OS. So naturally, it is much easier to load it out and manage it, rather than acquiring it through party ER, deploying it, and managing it separately. So that's definitely on the positive side that we observe there's a byproduct of changing Microsoft Defender for Endpoint.

Usability

Microsoft Defender for Endpoint Review

Incentivized
Verified User
Director in Information Technology (201-500 employees employees)

Use Cases and Deployment Scope

The problem it's solving for is obviously protecting us from ransomware, malware, and any viruses on our systems. Also, any data loss prevention controls what we put into the policy so users aren't accidentally deleting a lot of data or sending the data where they're not supposed to go. It also protects the endpoint from various types of risks and threats. The scope is in production. It's on everybody's machines. And we just want to make sure that we're minimizing as many risks on our endpoints. So we make sure that the computers are up to date, it's protected.

Pros

  • It really protects our endpoints. We've used other antivirus programs in the past, and they haven't had that full confidence in those products compared to what Microsoft Defender for Endpoint does for us.
  • Another pro is that it's easy to manage the management console through Intune to see Microsoft Defender for Endpoint up in the cloud and see the state of our devices.
  • Another pro is we haven't had an incident since we installed it.

Cons

  • That's a tough one because I don't have many cons on the product. Maybe the con is really around reporting. It's harder to get to the reporting and the analytics side. We have to do some of the custom reporting on our own, either through Power BI and whatnot. So the out-of-the-box reporting could be improved upon.

Return on Investment

  • For me, the positive was the return on investment: it's, again, part of the technology stack. It comes with the E5 license. So it's not a separate contract I have to do, separate licensing that I have to monitor. It's all built within what we do with our regular users and what other Microsoft tooling they use.

Usability

Other Software Used

ChatGPT, Microsoft Security Copilot

Defend your Endpoints with Ease

Incentivized
Verified User
Manager in Information Technology (51-200 employees employees)

Use Cases and Deployment Scope

We implemented Microsoft Defender for Endpoints as a replacement for two other antivirus products. MS Defender provides a great interface to track down individual user issues, email threats, and provides each user a great tool to conduct scans on removable media. The additional benefit of MS Defender is that we are no longer flipping between different products for audits and security.

Pros

  • Doesn't take up a lot of system resources on endpoints
  • Provides the user an easy way to scan media
  • Provides security information about the endpoints

Cons

  • It would be good to continue to minimize the amount of resources needed during a scan
  • Provide more integration with Outlook to scan attachments with a notification that everything is good
  • Provide a Click to Fix option when listing issues or high-risk problems on systems

Return on Investment

  • Decreased operating costs allowing us to use only one AV solution
  • Reduced time looking for issues during a troubleshooting call
  • Provides auditing tools for compliance

Usability

Return on Investment

We are protecting over 400 endpoints to include Windows laptops, servers, and Azure Virtual Devices. We are pushing the mobile device management as users begin adding Intune onto their personal devices allowing us to push Defender and further isolate company data from personal data on multiple device platforms to include Android and iOS.

Alternatives Considered

Microsoft Sentinel and Cisco Secure Endpoint

Other Software Used

Microsoft Sentinel, NinjaOne, WinZip

Related Products

Products similar to Microsoft Defender for Endpoint that may also meet your needs.
All comparisons
Symantec Endpoint Security
CompareLearn more
Sophos Intercept X
CompareLearn more
CrowdStrike Falcon
CompareLearn more