Skip to main content
Microsoft Defender for Endpoint

Microsoft Defender for Endpoint
Formerly Microsoft Defender ATP


What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation…

Read more
Recent Reviews

Secure workstations with MDE

8 out of 10
November 03, 2023
Microsoft Defender for Endpoint offers exceptional threat insight and protection. Its KQL powered Advanced Hunting provides deep analysis. …
Continue reading
Read all reviews


Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 7 features
  • Malware Detection (53)
  • Infection Remediation (52)
  • Anti-Exploit Technology (51)
  • Centralized Management (52)

Reviewer Pros & Cons

View all pros & cons
Return to navigation


View all pricing



On Premise
per user/per month



On Premise
per user/per month

Entry-level set up fee?

  • No setup fee


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Product Demos

Microsoft Defender for Endpoint Overview

Return to navigation


Endpoint Security

Endpoint security software protects enterprise connected devices from malware and cyber attacks.

Avg 8.5
Return to navigation

Product Details

What is Microsoft Defender for Endpoint?

Presented as an epicenter for comprehensive endpoint security, Microsoft Defender for Endpoint helps users rapidly stop attacks, scale security resources, and evolve defenses across operating systems and network devices.

Rapidly stops threats: Protects against sophisticated threats such as ransomware and nation-state attacks.

Scales security: Puts time back in the hands of defenders to prioritize risks and elevate the organization's security posture.

Evolves the organization's defenses: Goes beyond endpoint silos and mature the organization's security based on a foundation for extended detection and response (XDR) and Zero Trust.

Microsoft Defender for Endpoint Features

Endpoint Security Features

  • Supported: Anti-Exploit Technology
  • Supported: Endpoint Detection and Response (EDR)
  • Supported: Centralized Management
  • Supported: Infection Remediation
  • Supported: Vulnerability Management
  • Supported: Malware Detection

Microsoft Defender for Endpoint Screenshots

Screenshot of blocked activitiesScreenshot of Detects & respondsScreenshot of discovers vulnerabilityScreenshot of Eliminates blind spotsScreenshot of Risk management

Microsoft Defender for Endpoint Video

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint Competitors

Microsoft Defender for Endpoint Technical Details

Deployment TypesOn-premise
Operating SystemsWindows
Mobile ApplicationNo

Frequently Asked Questions

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.

CrowdStrike Falcon, Symantec Endpoint Security, and Sophos Intercept X are common alternatives for Microsoft Defender for Endpoint.

Reviewers rate Endpoint Detection and Response (EDR) and Malware Detection highest, with a score of 8.5.

The most common users of Microsoft Defender for Endpoint are from Enterprises (1,001+ employees).
Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings


Attribute Ratings


(1-25 of 73)
Companies can't remove reviews or game the system. Here's why
Score 8 out of 10
Vetted Review
Verified User
Microsoft Defender is a magnificent to in security purpose of our applications. This tool has been useful in ensuring real time monitoring of threat in our organization ensuring anytime protection. We are able to scan and respond to threat attacks using this tool.
  • It has a fantastic threat detection which ensure every threat activity is noted and response taken immediately.
  • MS Defender SI best in analytic and report of threats
  • There is no bad comment about this tool is perfect for the time I have used it.
This tool is suitable in security field and can be used in every department and all users to protect their system from attacks. Through improved security attacks having MS Defender will safeguard each and every company infrastructure.
Abdul Ayub | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Microsoft Defender for Endpoint is a Ai security guard which primarily secures the Organization from ransom ware and fast developing online treats. It is one of the most modern type security service which deals with AI level security treats from end to end devices. It also integrates its services with other Microsoft data management services.
  • Protections from ransomware
  • AI based modern threat definitions.
  • End to end device security
  • Online documents and data security.
  • Privacy of clients surety
  • End to end device security
It deals with all the paths from one user to end user through secure platform and encrypted data packets for confidence of company and clients. It also works with the documents, chats and even in meetings correspondence.
Conrad Nyamache | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Microsoft Defender for Endpoint is a comprehensive endpoint security solution. We use it for protection against exposure because it is our antivirus platform. As our post breach and vulnerability detector it provides us with a hawk eye view of our endpoints of our networks. It's integration with AI makes it even a more enhanced tool for detecting threats in advance. It then recommends and takes rectification actions to prevent the happening of the probable attacks. It is a quite simplistic tool that provides visuals and insights to represent the attacks and loopholes from where they came from. This detailed information helps further investigate incidents and alerts before they occur, preventing any extreme damage on our network endpoints.
  • It has a very intuitive and user-friendly UI that enables my team and I to navigate through it and respond to any threat efficiently.
  • It's extensive dashboard gives a complete view of all our endpoint soo we can spot any potential threat and exposure across the networks.
  • Robust detection and response capabilities that detect abnormal behavior, potential threats, and attacks as they happen and remediate and block any threat.
  • Insights enable us to get to the root cause of incidents and alerts for deep investigation.
  • It also provide a powerful 365 protection against any threat.
  • It is pretty limited when it comes to devices that are not Microsoft-based. Adding a device is quite a task.
  • False positives.
  • Sophisticated automated investigation and response features.
  • Exclusions during scanning are hard to spot.
  • I always have to submit request for whitelisting apps.
Usually we had lots two platforms tasked with scanning exposures, anti-malware and provision for information and threat management. But with Microsoft Defender for Endpoint we have an all inclusive platform that even integrate with other Microsoft security apps such as Microsoft Defender for Cloud for enhanced threat insights and visibility.
Score 7 out of 10
Vetted Review
Verified User
We use Microsoft Defender for Endpoint as our antivirus/antimalware platform, as well, as our Endpoint Detection and Response and vulnerability scanning platforms. It provides a lot of visibility to the endpoints on our network and recommendations for how to remediate issues and vulnerabilities that are detected. It also provides visual representations of attacks, with detailed information about where the attack originated from.
  • Detects attacks as they happen.
  • Detects potential attacks.
  • Detects abnormal user behavior.
  • Does not allow for remediation from the management console.
  • The ticket system doesn't alert the person assigned to the ticket.
  • You have to submit requests for whitelisting applications.
  • Scanning exclusions are tricky to find.
  • Adding devices, especially Apple devices, is very cumbersome.
Microsoft Defender for Endpoint is a great platform for visibility into your network, allowing you to see what your devices see. It is a great platform for Endpoint Detection and Response. It falls short at being a traditional antivirus/antimalware platform, as it is difficult to do any whitelisting and exclusions on your own.
Score 8 out of 10
Vetted Review
Verified User
We use Microsoft Defender on all Endpoints within the organization. 10,000+
  • Provides excellent integration with 365 security suite
  • It tracks all activities on endpoints and helps our security team effectively investigate alerts
  • It uses signature and behavior based techniques to detect / block threats
  • It offers limited support for non-Microsoft devices
  • It can be sometimes difficult to setup for optimization
  • It can sometimes be the root issue for resource issues on the endpoints
Defender is easy to implement a base level across an organization, but can be difficult to completely tune and manage. It is well-worth the effort and makes a great overall solution.

It is also very good and easy to setup for home users. Plus, it is free for home users using Microsoft operating systems.
November 27, 2023

Microsoft Defender Review

Score 8 out of 10
Vetted Review
Microsoft Defender is the best solution for end-point protection it also comes with EDR and any organization looking for consolidated solution then Microsoft provides the integrated security.
  • Endpoint protection
  • Basis level DLP
  • Firewall security for endpoint.
  • EDR - provides basic EDR capabilities
  • Doesn't come as an individual product
  • Threat Intelligence is not upto the market standards.
Small and Mid Size organizations and organizations who are pro Microsoft users.
Yash Mudaliar | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Microsoft Defender for Endpoint is being used an EDR and vulnerability management tool for our organization as well as for our clients. The use cases for this tool is primarily includes automating responses to incidents, performing weekly vulnerability assessments and managing endpoint security policies across the organization. We also employ it to set up evaluation labs for specific scenarios occasionally.
  • Vulnerability Management is without a doubt one of the most efficient features of Microsoft Defender for Endpoint. It provides enough details about the vulnerability, its impact and the remediation as well.
  • The latest addition of 'Endpoint Security Policies' has been a very well thought and insightful feature that relieves the security analysts from the hassle of switching to Intune just for reviewing the endpoint security policies.
  • 'Automated Remediation' is a boon to many organizations across the industry that helps in responding to ongoing attacks at machine speed. Microsoft Defender for Endpoint does it quite well in terms of accuracy and quickness.
  • Dynamic device tagging feature has been an underrated feature from Microsoft Defender for Endpoint. It is such a reliable and efficient feature that saves a lot of time whether you are dealing with vulnerabilities or incidents.
  • While 'Vulnerability Management' is one of my favorite features, I do feel that it has been the same for quite some time and now it should have some integration capabilities to do actions like inform the affected users, or take small actions like updating the OS, sending prompts to devices etc.
  • I think most people will agree with me when I say that 'Baseline Assessments' feature should now have more standards added to its inventory. CIS and STIG are the only ones available in this feature without any updates for a long time now.
  • Device Discovery while a good feature is appearing to somewhat unstable in nature. It does not provide admins with enough details and any actions to take on the discovered devices.
Microsoft Defender for Endpoint will be super useful to you if you have a Microsoft security ecosystem in your organization because of the flawless and hassle-free integration capabilities.
Microsoft Defender for Endpoint will be a great choice when you are a big organization (more than 500 endpoints) and are dealing with customer data from a critical industry.
Although if you lie in the SMB segment, taking standalone Microsoft Defender for Endpoint plans will make you confused about which features to go for and which ones to let go off. Hence, explore other options here.
Score 7 out of 10
Vetted Review
Verified User
We are using this protection as part of the M365 subscription to some of our users, I must admit the all in one package with the collaboration tools is something unique that you cannot find in other subscription based, it is doing what it supposed to do, if not better, which is protecting our end points and bring the additional safe feelings to both IT and our users,

This is being used for our end point devices' protection that includes antivirus and malware protection. it is implemented to all of our M365 subscribers ( around 200 of them ) and till date are satisfied with the protection given to our machines
  • Antivirus protection
  • Malware protection
  • Quarantine and alerts
  • Offering with other suites in M365 family
  • There are cases where it is not able to detect malware but other antivirus is detecting it
  • Better dashboard
It is good as it comes with the M365 suites, which in a way can be a great bargain point as you pay several products with one pricing and we all know that Antivirus is not cheap. It can improve the security definition to detect better threats out there, as the internet is sometimes a scary place and the dashboard can be improved for administrator function.
For MS Windows environment, the protection and collaboration with Windows firewall is expected and can be and additional compliment to each other
Score 8 out of 10
Vetted Review
Verified User
I used it to protect our computers from malware and viruses. Another requirement was centralised management of remote and on-premise computers. Using the centralised console, I was able to remotely install MDE and also verify if the virus definitions have been updated or not. Zero day protections was also a requirement which seems to be fulfilled by Microsoft Defender for Endpoint.
  • Protection from malware and viruses
  • Centralised Management
  • Advanced Threat Analytics
  • Better user interface
  • Easy installation
  • Lower price
Based on my experience Microsoft Defender for Endpoint is well suited for the following scenarios:
  • Companies having Microsoft Windows based setup
  • Having in house and remote devices which should be protected
  • Compliance requirements to centrally manage devices
  • Centrally monitor devices
  • Centrally receive security alerts for issues and attacks on devices
Score 8 out of 10
Vetted Review
Verified User
Organization faces a difficulty with security. It supports my organization against contemporary cybersecurity risks and challenges. It aids in overcoming the difficulty of responding to incidents and detecting threats. It integrates seamlessly with Microsoft's infrastructure overall and with workloads. We can better understand threats and prepare for upcoming cyberattacks with the use of proactive threat intelligence and analytics. Our tech support can respond to threats and security issues more quickly thanks to its integration with siem and incident management solutions.
  • It provides a unified security experience when combined with other Microsoft products such as Microsoft Defender for 365 and Azure Defender.
  • It has an excellent dashboard and centralized view that make it easy to see and control everything from one location.
  • It's an EDR tool designed to help you understand incidents and alerts better.
  • Real-time detection of attacks and prompt endpoint device responses. It effortlessly interacts with additional Microsoft security products.
  • I must admit that I haven't discovered anything major regarding this product.
  • It has limited integration options with third party security products.
  • Sometime Automated Response is slow.
Its suitability depends on an organization's specific needs and requirements. For enterprise environments with a large number of endpoints, including PCs, laptops, and servers, Microsoft Defender for Endpoint is a good fit. Its scalability and centralized management make it an excellent option for businesses with intricate infrastructures. We have deploy for organization with 800 users.
Score 8 out of 10
Vetted Review
Verified User
Microsoft Defender for Endpoint offers exceptional threat insight and protection. Its KQL powered Advanced Hunting provides deep analysis. The MITRE Attack Framework integration effectively blocks advanced attacks. Vulnerability Management identifies and addresses weaknesses. The user-friendly interface and seamless integration make it a top choice for robust cybersecurity defense. Highly recommended for comprehensive EDR.
  • It blocks the unsafe applications from accessing.
  • It provides User-friendly interface for seamless endpoint security.
  • It gets the updates new pattern updates automatically and stays upto date.
  • It has limited integration options with third party products.
  • Expand Baseline Assessment beyond STIG and CIS benchmarks for broader security coverage and compliance flexibility.
  • Nothing else.
Microsoft Defender for Endpoint is well suited in any organisation that require a secured workstations. It provides a secured environment with all the features like Attack Surface reduction, URL blocking, Files scanning for Malware. Compared to other products, MDE is cheaper and easy to manage. Being used as a antivirus solution on some devices allow us to lower our Antivirus cost.
Score 8 out of 10
Vetted Review
Verified User
Microsoft Defender for Endpoint is an excellent EDR solution that integrates very well with the XDR products in Sentinel. It is used as an AV and EDR solution for all endpoint devices based on different operating systems. All servers are protected as well by using the Defender for Cloud licensing. The product is part of a multi-layered security solution based on all the Microsoft Defender products and Sentinel. All incidents are handled in the Defender portal.
  • One of the strong points is that AI is tightly integrated into the platform, which leads to excellent detection.
  • Vulnerability management is very useful for assessing tracking, and mitigating threats across all protected devices.
  • KQL integration is very good.
  • Licensing between Defender for Endpoint and Servers is complicated.
  • Deployment has improved but is not really streamlined. There is no single installer available and no single way of deploying settings.
  • The Defender portal is rich in information but can be complicated to use.
Defender for Endpoint is an excellent choice for companies that work with a Microsoft-based platform. The endpoint does not need to be specific Windows-based, but it is very helpful when Entra is used in combination with other Defender products. That way, you can aim for a multi-layered approach based on zero trust. Sentinel is not essential but a great addition to the platform for incident management and offering longer retention. Small companies should look at ways to outsource the investigation of incidents to specialized companies; the learning curve for proper analysis is pretty steep.
Score 9 out of 10
Vetted Review
Verified User
Protecting the endpoints of our company, which include computers, laptops, and servers, is the main purpose of using Microsoft Defender for Endpoint in our organization. Our organization typically use MDE for Threat Detection. It keeps an eye out for indications of malicious or suspicious conduct on endpoints. It notifies the security team when it detects any threats.
  • Defender for Endpoint uses cutting-edge threat detection technologies, such as behavioral analysis and machine learning, to recognize and neutralize both known and undiscovered threats. Even the most complex and elusive malware and exploits can be found by it.
  • By providing threat analytics, it enables proactive threat prevention and mitigation by assisting organizations in understanding their security posture and trends over time.
  • It offers immediate insight into threat activity and endpoint security. Security teams can react quickly to threats since they can see what's happening across all of the devices in their organization.
  • For enterprises using the platform for the first time, the initial setup and configuration can be challenging. The experience might be enhanced by streamlining the onboarding procedure and offering more user-friendly setting wizards.
  • It might be difficult to afford, especially for smaller firms. The solution might be more widely available if it had a more open and flexible price structure, particularly for smaller enterprises.
  • Organizations could better address the escalating problems with cloud security with the help of enhanced functionality for monitoring and managing cloud apps and services.
It's ideal for protecting a variety of endpoints, including Windows-based PCs, servers, and mobile devices.
It's well-suited for organizations with a mix of on-premises and cloud resources.
Azure AD integration allows for seamless identity management in hybrid environments. While it supports hybrid environments, organizations with extremely complex on-premises setups may find it challenging to integrate.
Score 8 out of 10
Vetted Review
Verified User
Defender for Endpoint isn't just a static tool; it evolves alongside the rapidly changing threat landscape. Its integration with other Microsoft products, like Azure Defender and Microsoft Defender for 365, creates a unified security experience. Plus, the utilization of AI and ML for advanced threat detection, combined with the power of Kusto Query Language (KQL), has significantly enhanced our investigative capabilities.
  • Automated incident response
  • Scalability
  • Rapid threat mitigation
  • Threat analytics keeping us aware of our security posture.
  • Transparency in alert logic and visibility
  • Clarity in licensing. There are many options and pricing tiers that aren't very clear at the start of deployment.
  • Limited baseline assessment
Microsoft Defender for Endpoint is a cornerstone of our cybersecurity strategy, ensuring that we are prepared for the evolving challenges in the construction industry. It's a dynamic solution that provides both advanced threat detection and the tools necessary to swiftly respond to incidents. Though Robust, Enhancing it to provide clear visibility into the underlying query for default rules would be great.
Martin Venter | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Since we have adopted Microsoft Defender for Endpoint, managing Cyber Security got way less complex, way more simplified, and easy to manage. Not only this, but we also have peace of mind knowing that it works and does what it says it can do. Not only for us but also for our client base we look after.
  • Quick response to all threats across all devices protected.
  • Help pick up vulnerabilities in systems which previously have gone unidentified.
  • Centrally Managed with a single pane of glass view is super handy and useful.
  • The only thing I think that can be improved on is the reporting.
In the "modern workspace" where there is more and more BYOD, protecting company networks and data is definitely challenging. Microsoft Defender for Endpoint bridged this gap very well and allows you to protect all devices within your company network, be it a laptop, PC, or mobile phone.
Score 9 out of 10
Vetted Review
Verified User
The defender is deployed on all the end-user devices and servers except for a few legacy servers, and it is very easy to deploy and has good offline and online detection ratings. The agent is very easy to handle, and updates are easy to push with minimal effort and has a wide range of detections for Windows, Linux, and Mac OS. It gives very fast and optimal scanning results with minimal CPU utilization.
  • The threat detection is very good in Defender, during log4j exploitation we got a great deal of support from the Defender, and proactive coverage was received.
  • During a recent security incident in our organization, the defender support team was quick to hop in and release the emergency patches and malware signature updates via hotfix, which has helped us deal with the security incident proactively.
  • The ease of deployment on the endpoint and scanning feature, which consume minimal resources, and the offline and online coverages of threats are great advantages of Defender.
  • Sometimes interacting with the support becomes difficult and more technical side, people who can understand customer concerns better will be of great help.
  • Offline coverage can be even better.
  • So far, I have had the best experience with defenders, and there is not much to complain about defenders.
If you are looking for a scalable solution with decent organization size and even if it is relatively small it works very well. If you are looking for a solution that has great offline and online coverage that allows stimulated attacks and good for testing it is highly recommended. If you often run scans and looking for something that should not hinder the performance of your endpoint you should definitely go for it.
Score 9 out of 10
Vetted Review
Verified User
As a system administrator it was important for me to utilize all available resources I have to protect the organization and its data. When we updated our licensing for our MS 365 implementation we opted to use Microsoft Defender for Endpoints to additional protection for our devices with proactive, instead of reactive, strategies made possible with MS Defender for Endpoint.
  • Provides quick response to stopping threats identified on company owned devices.
  • It has helped us discover multiple misconfigurations and exposed vulnerabilities we didn't know we had.
  • Being able to utilize MS Defender for Endpoint on all of our devices from Windows to Mobile (iOS and Android) has really help secure our business.
  • Initial configuration can be daunting and there's a lot of details to pour over to make it work properly.
  • Reporting has been a challenge to get setup the way we want it to work.
Microsoft Defender for Endpoint has help our team identify and correct device configuration issues and provide additional layers of security to our organization that were otherwise not covered by our other security platforms at the operating system level. We've been able to successfully identify and remediate vulnerabilities in our organization and create new policies based on recommendations thanks to Microsoft Defender for Endpoint.
Score 8 out of 10
Vetted Review
Verified User
We use Microsoft Defender Endpoint to check incoming E-mail and PDF, ZIP and xlsx files for viruses. Incoming E-mail without or with attachments or downloaded files can contains viruses, malware or other dangerous components.We receive daily many E-mail, some with attachments, and our customers upload many files to our servers. This should not cause any security problems
  • Incoming E-mails are tested for viruses
  • Zip files that are extracted are checked for viruses
  • Downloaded executables are also checked for viruses
  • Better reporting of found dangerous code
  • More insight into the resources used by a system scan
  • It is good that regular updates are made available
Microsoft defender prevented an downloaded executable with suspicious code from being installed.
This was well suited.
The executable generated by a c compiler that was not Microsoft's was considered dangerous code.
This was not suitable.
Score 5 out of 10
Vetted Review
Verified User
We use it for endpoint protection on Microsoft VMs. It addresses the problem to provide centralized management, visibility of all the endpoints. Also helps to protect against zero-day vulnerabilities. It provides Threat Protection, Endpoint Detection and Response (EDR), Advanced Analytics, Security Configuration Management, Integration with Microsoft 365 Security, Automated Response and Threat Intelligence.
  • Threat Protection.
  • Endpoint Detection and Response (EDR),
  • Advanced Analytics.
  • Linux VMs.
  • MAC OS VMs.
  • iOS Platform.
Well-Suited Scenarios: Enterprise Endpoint Protection: Microsoft Defender for Endpoint is well-suited for large organizations with numerous endpoints, such as desktops, laptops, and servers, as it provides centralized management and monitoring of security across the entire network. Microsoft Ecosystem Integration: Organizations heavily invested in the Microsoft ecosystem, using products like Microsoft 365 and Azure, will benefit from the seamless integration offered by Defender for Endpoint, allowing for more efficient threat detection and response.Scenarios Where it Might be Less Appropriate: Non-Windows Environments: While Microsoft Defender for Endpoint has expanded its cross-platform support, it may be less appropriate for organizations predominantly using non-Windows operating systems, as its core features are optimized for Windows endpoints.Small Businesses: Smaller businesses with limited IT resources might find the deployment and management of Defender for Endpoint to be more complex and resource-intensive than they require. In such cases, simpler endpoint security solutions may be more appropriate.
Bhuwan Chandra | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Microsoft Defender for Endpoint gives us unique opportunity to more tightly integrate into the OS . Cloud Based Light-weight agent, powered by behavioral sensors. We were looking Intelligence Security Graph to integrate detection with other Microsoft products, to track back the response the attack. Microsoft threat hunting service is integrate with Microsoft Defender for Endpoint product. Microsoft also provide a separate per user service where customers can directly interact with threat hunting experts.
  • Microsoft Defender for Endpoint helps customers to more tightly integrate into the OS
  • ATP integrate with their cloud based sandbox for malware analysis
  • Microsoft Defender for Endpoint Antivirus provide ML based scanning
  • Mac & Linux EDR visibility is weak spot for Microsoft Defender for Endpoint
  • ATP does not have malware search functionality
  • ATP includes dashboards for specific threats but not actor attributions
Microsoft Defender for Endpoint provide Threats & Vulnerability management analyzes risk for applications versions & configurations . Lives response provides strong remediation and also uses their Intelligent Security graph for ATP data. Threats Service mostly uses Hunter Trained AI .
Microsoft Defender for Endpoint gives visibility on enable devices on endpoints but lacks visibility of unmanaged devices in the network. Customers can configure device controls via Intune but it is limited to windows 10 only.
Score 9 out of 10
Vetted Review
Verified User
In the past we used another endpoint protection, we use also Office 365. With Defender for Endpoint, we have now a unique tool and subscription for every laptop and person, the system seems secure and reliable, lightweight, and of course fully compatible with our environment of Windows PCs. It works very fine.
  • Protect very well.
  • Is lightweight.
  • One subscription for all service.
  • Integration with firewall.
  • Logging, there are low log.
  • Interface design could be better.
One of the major advantage is having an unique account and subscription for single user\pc. I don't need to configure more service on various service. It's fully iuntegrated with active directory, Microsoft account, one drive, office: it's a plus! It seems safe; no problem on any of the PCs that I manage.
Score 9 out of 10
Vetted Review
Verified User
Microsoft Defender for Endpoint was deployed (and it is still running) to support a project including online training platforms via mobile devices. Microsoft Defender for Endpoint was selected to manage the security of all devices conected to this online learning ecossystem. Security became a big priority, when it was decided that this channel would be used to provide confidential information about new products.
  • Notifications (alerts)
  • Register and control of a big amount of devices
  • Complete antimalware
  • Problems to run integrations with other tools
  • Security policies setup is hard
  • Technical documentation
I think is an appropriate tool for any scenario, but there may be costs issues for big projects, including many users/devices, dependind on the type of project. The solution is very good technically. It is quiet simple to deploy if your security policy can be supported by Microsoft Defender for Endpoint default rules. When it is necessary to customize rules it becomes more difficult.
Score 10 out of 10
Vetted Review
Verified User
Defender for Endpoint is used as the mainline endpoint security product for a number of our MSP clients. Implementing a product that was integrated with the core O365 product suite used by so many of our clients was a no brainer. It also served as a key trigger to get clients to upgrade to Business Premium licensing, unlocked a range of other security benefits.
  • Front line next gen AV
  • Integrated well into other MS security products
  • It's simple to use and configure
  • Better support for servers
in a client that uses a Microsoft stack it is a no brainer to use the integrated toolset that Defender offers. However if a client uses a large range of Operating Systems including MacOS and Linux, then an alternate product that offers better support for those platforms might be considered.
Score 8 out of 10
Vetted Review
Verified User
We are using this as our endpoint AV. We migrated from Trellix to Defender very recently. This was not a pressing point for us except our org was moving from G-Suite and Microsoft a very good deal for the Collaboration and Security Infrastructure. We have only used the product for EDR and for ATP. The overall performance of our endpoints are good till now. There were slowness reported in the older versions of Defender but with M365, we did not notice any significant slowness of system performance. One major plus is the security dashboard which gives you a very good view of the reports for CISOs.
  • End Point Protection in real time
  • Security Dashboard for CISOs
  • End point detection and Response
  • Don't have any points to add here
if you have significant no. Microsoft products in your ecosystem then Defender works extremely well. We onboarded defender as part of M365, which includes MDO and MDE both.
If your customers are spread across multiple geographies, then Defender can help you setup Compliance policies based on each reason which reduces the efforts from DPO significantly.
Apart from these, I feel it is a feature rich and stable EDR product.
Score 6 out of 10
Vetted Review
Defender for Endpoint provides a platform that allows our analysts to quickly and accurately answer important questions during investigations.Most importantly, by simulating these capabilities in the API, we can more efficiently provide high-quality detection and response based on the Defender for Endpoint platform. Microsoft Defender ATP mainly has built-in Threat & Vulnerability Management (TVM), which is a risk-based approach to discover, prioritize and repair vulnerabilities and incorrect configurations of each endpoint to prevent current and future threats and vulnerabilities! TVM can effectively identify, assess and repair endpoint defects, and at the same time score the enterprise's vulnerability level. Therefore, it is very important for IT personnel to implement computer security and health plans and reduce risks to the company's organization.
  • The ability to provide decision support (or content about alerts) is powerful and allows us to become experts in analytics rather than in a specific technology
  • Microsoft Defender provides security for unmanaged devices on corporate networks
  • Microsoft Defender for Endpoint is a service in the Microsoft Defender Security Center. By adding and deploying client provisioning profiles, configuration administrators can monitor deployment status and obtain endpoint agent health status using Microsoft Defender.
  • Windows Defender isn't perfect. It may miss some threats, especially new and sophisticated threats. So it’s important to supplement it with other security measures.
  • Even though Windows Defender does a good job, it can't protect you from everything. Therefore, it is important to be aware of the risks and take steps to protect your computer, such as using complex passwords and being careful about clicking on anything, especially email attachments and some tech support scam calls.
Return to navigation