Microsoft Defender for Endpoint Reviews & Insights

Score8.8 out of 10

286 Reviews and Ratings

Free Trial

#1 most frequent

Professional, Scientific, and Technical Services

25.4%

572 installations of 2,248

“First thing I use in this product for no more than the employee devices, right?”
— Cybersecurity Senior Engineer, Maureen Data Systems (MDS) (201-500 employees)

#2 most frequent

Manufacturing

9.9%

222 installations of 2,248

#3 most frequent

Information

7.3%

164 installations of 2,248

“Saved several thousand dollars a year in 3rd party antivirus costs.”
— IT Engineer, Carolina West Wireless (51-200 employees)

Overview

Synthesised from 23 reviews

Microsoft Defender for Endpoint is a comprehensive endpoint protection and security solution, primarily utilized by organizations to safeguard against a wide array of threats including malware, ransomware, and phishing attacks. Reviewers frequently commend its robust advanced threat detection and response mechanisms, with 61% highlighting its speed, accuracy, and automated remediation capabilities. A significant 43% of users report substantial cost savings by consolidating security tools and leveraging its native integration within the Microsoft ecosystem, which 52% cited as a key purchase factor. This integration also simplifies deployment and management, contributing to improved operational efficiencies and a stronger security posture for 26% of reviewers. The platform is widely deployed across Windows environments, securing anywhere from 100 to 20,000 devices, and extends its protection to macOS (39% of reviewers) and Linux servers (35% of reviewers), though adoption for mobile devices like Android and iOS is more mixed. Key functionalities leveraged include Antivirus/Malware Protection (35%), Endpoint Detection and Response (30%), and Automated Investigation and Remediation (17%), addressing business problems such as threat detection, vulnerability management, and enhanced visibility into endpoint activity. However, the product presents areas for improvement, particularly concerning its management interface, which 30% of reviewers found challenging due to navigation issues and frequent changes. Operational challenges arise from a high volume of false positives and alerts, noted by 22%, alongside limitations in reporting and analytics, cited by 17%. Furthermore, 17% of users experienced difficulties with initial installation and integration, especially with legacy systems, and another 17% reported performance and resource usage issues during scans. Despite these challenges, its ability to enhance overall security posture, reduce the need for separate subscriptions, and streamline security operations contributes to a positive return on investment for many organizations.

Pros

Advanced threat detection and automated response (61% of reviewers)
Seamless integration with Microsoft ecosystem (52% of reviewers cited as purchase factor)
Significant cost savings by consolidating security tools (43% of reviewers)
Comprehensive protection across Windows, macOS, and Linux servers
Ease of deployment and management (22% of reviewers)

Cons

Complex or unintuitive management interface (30% of reviewers)
High volume of false positives and alerts (22% of reviewers)
Limitations in reporting and analytics capabilities (17% of reviewers)
Challenges with installation and integration, particularly with legacy systems (17% of reviewers)
Performance and resource usage during scans (17% of reviewers)

Why it matters:

Microsoft Defender for Endpoint serves as the primary endpoint protection and EDR solution for organizations, deployed across workstations, laptops, and servers. Reviewers universally rely on it to protect against a wide array of threats, including viruses, malware, ransomware, and phishing, often as a replacement for legacy antivirus products. This comprehensive coverage helps secure user devices and critical systems.

“We use Microsoft Defender for Endpoint all over our organization as our baseline of defense against viruses and threats on our end user devices.”

Why it matters:

Reviewers overwhelmingly indicate that Microsoft Defender for Endpoint is extensively used to protect Windows-based systems, encompassing a wide array of workstations and servers. This includes current versions like Windows 10 and 11, as well as various Windows Server editions, deployed across both local infrastructure and cloud platforms such as Azure, highlighting its broad compatibility and foundational role in these environments.

“We are protecting over 400 endpoints to include Windows laptops, servers, and Azure Virtual Devices.”

Why it matters:

Reviewers consistently praise Microsoft Defender for Endpoint's strong capabilities in identifying and neutralizing threats, with 61% highlighting its effectiveness. They specifically note its fast, accurate detection of various malicious activities, including traditional viruses, suspicious activities, and sophisticated attacks like password sprays. The product's automated investigation and response features, often leveraging machine learning, are also highly valued for their ability to protect endpoints and minimize application downtime.

“Definitely on the threat action and response. We didn't have a stress-response option before, but the dependent brand point provided it instantly. Also, it's doing UVA and machine learning, which we didn't have before. So it's definitely providing more sophisticated threat-detection capabilities than we had before.”

What other products like Microsoft Defender for Endpoint have you used or evaluated?

From 23 reviews

Summary

Reviewers have experience with a range of endpoint security solutions beyond Microsoft Defender for Endpoint, indicating a diverse landscape of evaluated and utilized products. Among these, CrowdStrike Falcon was the most frequently mentioned alternative, cited by 13% of reviewers. Other solutions, including Cisco Secure Endpoint, Sophos Managed Detection and Response, and BlackBerry Protect (CylancePROTECT), were each mentioned by 9% of the reviewers. The feedback primarily identifies these products as alternatives that have been used or evaluated, reflecting a broad exploration of the endpoint protection market. The provided data focuses on the identification of these products rather than detailed comparative insights or specific reasons for their selection or evaluation.

Top Quotes

CrowdStrike Falcon

“CrowdStrike Falcon”

Cisco Secure Endpoint

“Cisco Secure Endpoint”

Sophos Managed Detection and Response

“Sophos Managed Detection and Response”

What components / features of Microsoft Defender for Endpoint are you or your organization using? How are you using these?

From 23 reviews

Summary

Reviewers primarily leverage Microsoft Defender for Endpoint for its core security functionalities, with a strong emphasis on proactive threat prevention and rapid response capabilities. The most frequently cited feature is its Antivirus/Malware Protection, highlighted by 35% of reviewers for its foundational role in safeguarding systems. Closely following, Endpoint Detection and Response (EDR) is utilized by 30% of organizations as a primary solution for real-time threat monitoring and incident response. Users also value the platform's ability to automate security operations, with Automated Investigation and Remediation being a key component for 17% of respondents, streamlining the process from alert detection to resolution. While many appreciate its comprehensive security posture, some organizations integrate its Vulnerability Management/Assessment features (22% of reviewers) alongside other tools, indicating a mixed approach to this specific capability. Additionally, Attack Surface Reduction rules are employed by 13% of reviewers to enhance endpoint protection.

Top Quotes

Antivirus/Malware Protection

“Still, we are not limited to simple onboarding, single-pane-of-glass management, vulnerability assessment, next-generation antivirus, and automated investigation and remediation.”

Endpoint Detection and Response (EDR)

“We are using features like Endpoint detection and response, Threat management, endpoint antivirus, automated investigation, and remediation.”

Vulnerability Management/Assessment

“It does a good job reporting patching needs, risk, and recommendations.”

Which factors were most important in your decision to purchase Microsoft Defender for Endpoint?

From 23 reviews

Summary

Reviewers frequently identified several key factors influencing their decision to purchase Microsoft Defender for Endpoint. The most prominent driver was the product's strong "Integration with Other Systems," cited by 52% of reviewers, suggesting a preference for solutions that seamlessly fit within existing IT environments. This was closely followed by the appeal of "Cloud Solutions" and "Scalability," each mentioned by 43% of the review sample, indicating a strong emphasis on modern, flexible, and growth-oriented security infrastructure. Furthermore, "Ease of Use" was a significant consideration for 39% of reviewers, pointing to a desire for straightforward deployment and management. A smaller segment of 22% of reviewers also noted various "Other" factors, which presented a mixed sentiment, encompassing a range of specific needs or evaluations that were less uniformly positive or frequent. These findings collectively suggest that buyers prioritize solutions that offer robust integration, cloud-native capabilities, the ability to scale, and operational simplicity.

Top Quotes

Integration with Other Systems

“Integration with Other Systems”

Cloud Solutions

“Cloud Solutions”

Scalability

“Scalability”

What positive or negative impact (i.e. Return on Investment or ROI) has Microsoft Defender for Endpoint had on your overall business objectives?

From 23 reviews

Summary

Microsoft Defender for Endpoint is widely reported to have a positive impact on business objectives, primarily through significant cost reductions and enhanced operational efficiencies. Reviewers frequently highlight substantial cost savings, with 43% indicating the product eliminated the need for separate antivirus or EDR subscriptions, leading to thousands of dollars saved annually. The native integration and functionality within the Microsoft ecosystem, cited by 26% of reviewers, is another key driver of value, simplifying deployment and management by leveraging existing infrastructure. This integration also contributes to an improved security posture, with 26% of reviewers noting its effectiveness in preventing harm from phishing and quickly quarantining malicious files. Furthermore, the solution is seen as reducing the need for expert manpower and saving time, a benefit mentioned by 22% of reviewers, by consolidating security insights into a single pane of glass. The ease of management and user-friendly interface, also cited by 22%, further streamlines security operations. While the majority of feedback is positive, a small number of reviewers, 9%, noted challenges with initial configuration and implementation, and another 9% expressed mixed sentiments regarding its value proposition versus perceived cost, particularly when compared to lower-priced alternatives.

Top Quotes

Cost Savings

“Saves cost of additional buying any other EDR product.”

Integration and Native Functionality

“No additional 3rd party software needed.”

Improved Security Posture

“Microsoft Defender for Endpoint has alerted our team when users clicked on phishing links in emails and we were able to prevent any harm”

Besides Microsoft Defender for Endpoint, what other software do you regularly use? How likely would you be to recommend it to a friend or colleague?

From 23 reviews

Summary

Reviewers frequently utilize a diverse range of software solutions to complement Microsoft Defender for Endpoint, indicating a common practice of integrating various tools to meet their operational and security needs. Several key platforms emerged as regularly used, each cited by 9% of reviewers. These include Microsoft Intune, which is leveraged for unified endpoint management, and Sage 300 for financial and business operations. Additionally, Microsoft 365 is widely adopted for productivity and collaboration, often in its Business Premium offering. For network security, Palo Alto Networks solutions, such as Advanced Threat Prevention and Next-Generation Firewalls, are consistently employed. Fortinet products, including FortiGate and FortiClient, also play a significant role in securing network perimeters and endpoints. This pattern suggests that organizations often build comprehensive technology stacks by combining specialized tools from different vendors to create a robust and integrated environment.

Top Quotes

Microsoft Intune

“Microsoft Intune”

Sage 300

“Sage 300”

Microsoft 365

“Microsoft 365”

Describe how you use Microsoft Defender for Endpoint in your organization. What are the business problems the product addresses and what is the scope of your use case?

From 23 reviews

Summary

Microsoft Defender for Endpoint is primarily utilized by organizations as a comprehensive solution for endpoint protection and security, with all 23 reviewers highlighting its role in safeguarding systems against various threats. Reviewers frequently deploy it across their entire organization, often replacing previous antivirus products to protect against malware, ransomware, and phishing attacks. A significant number of users, 57%, value its capabilities in threat detection and alerts, noting its effectiveness in identifying suspicious activity and providing timely notifications for remediation. Furthermore, 26% of reviewers emphasize the product's integration benefits and cost savings, particularly when bundled with Microsoft 365 licensing. The platform also addresses vulnerability management, cited by 17% of reviewers, by identifying and helping to remediate system weaknesses. Its ability to provide enhanced visibility and monitoring into endpoint activity is also noted by 17% of the review sample, contributing to a holistic security posture.

Top Quotes

Endpoint Protection and Security

“We use Microsoft Defender for Endpoint all over our organization as our baseline of defense against viruses and threats on our end user devices.”

Threat Detection and Alerts

“It also provides significantly more detailed security insights into our devices.”

Integration and Cost Savings

“Being included as part of the Microsoft 365 package saved us the entirety of the cost of the previous provider.”

How many endpoints is Microsoft Defender for Endpoint protecting? Which platforms are you securing? (Windows, Windows server, macOS, Linux server, Android, iOS, etc.)

From 23 reviews

Summary

Microsoft Defender for Endpoint is primarily utilized for securing Windows-based environments, with all reviewers indicating its deployment on Windows workstations and servers. This includes a mix of Windows 10 and 11 clients, as well as various Windows Server versions, both on-premise and in cloud environments like Microsoft Azure. The scale of protection varies significantly among organizations, with reported endpoint counts ranging from approximately 100 to as many as 20,000 devices. Beyond Windows, the solution also extends its protective capabilities to other operating systems. A substantial portion of reviewers, 39%, reported using Microsoft Defender for Endpoint on macOS devices, often within environments that also include Windows. Similarly, 35% of reviewers leverage the platform for Linux servers, integrating it into their multi-OS infrastructure. Mobile device protection for Android and iOS shows a mixed adoption pattern, cited by 22% of reviewers, with some actively deploying it through mobile device management while others explicitly state they are not using it for phones.

Top Quotes

Windows Endpoint Protection

“We are protecting over 400 endpoints to include Windows laptops, servers, and Azure Virtual Devices.”

Endpoint Count

“It's on about 2000 devices. That's our faculty staff devices.”

macOS Endpoint Protection

“I'm in my lab five at the moment and it does Macs that it does with Microsoft.”

Please provide some detailed examples of areas where Microsoft Defender for Endpoint has room for improvement.

From 23 reviews

Summary

Microsoft Defender for Endpoint presents several opportunities for enhancement, primarily concerning its user interface, alert management, and reporting capabilities. A significant portion of reviewers, 30%, expressed mixed sentiments regarding the management interface, citing issues with navigation, frequent changes, and a lack of intuitiveness, despite some finding it easy to use. False positives and alerts emerged as a notable concern, with 22% of reviewers indicating that the high volume of inaccurate alerts creates operational challenges. Additionally, 17% of reviewers pointed to limitations in reporting and analytics, noting difficulties in extracting informative insights and a desire for more robust out-of-the-box reporting features. Installation and integration, particularly with legacy systems or other Microsoft products like Intune, also posed challenges for 17% of users. Finally, performance and resource usage during scans were identified as an area for improvement by 17% of the review base, with some reporting high CPU usage and prolonged scanning times. These areas collectively highlight aspects where the product could be refined to enhance user experience and operational efficiency.

Top Quotes

Management Interface

“Management Interface needs work”

False Positives/Alerts

“little issues is clarifying the alerts and finding the right path of tackling.”

Reporting and Analytics

“Incident reporting.”

Reviews

145 Reviews

Microsoft Defender for Endpoint Review

Rating: 9 out of 10

May 4, 2026

Use Cases and Deployment Scope

We use it to monitor alerts and incidents, respond to them, gather data, and threat hunt.

Pros

Particularly well. It gives a clear picture when alerts come in. We’re able to dig deep into the process or file that’s generating the alert, so that’s very helpful.

Cons

Room for improvement: better whitelisting capabilities. That’s the number one thing I would love to have.

Likelihood to Recommend

It’s great for the Windows world, less so for Mac and Apple devices.

Verified User

Engineer in Information Technology (1001-5000 employees)

Vetted Review

3 years of experience

Microsoft Defender for Endpoint

Rating: 9 out of 10

May 4, 2026

Use Cases and Deployment Scope

What I can divulge now is that we went from a 60,000 to a 100,000 employee environment, and as part of the acquisition of the new company, we were very worried about insider threats and what disgruntled employees could do. Therefore, it was something that we had to really up the ante in terms of its deployment to oversee internal and the enterprise security posture of the firm.

Pros

I think from a scalability perspective, it’s incredible. It fits very well with our Azure stack, and we’re constantly adopting more and more different Microsoft products. But I think the key thing is ease of use. Its scalability, and it’s just that, enterprise-wise and in terms of control, we can actually centralize it as well.

Cons

I think we’re quite satisfied with it at the moment in terms of its deployment. I can’t think of any enhancements. We’ll run an assessment soon, but no, nothing at the moment.

Likelihood to Recommend

I can definitely tell you where it’s more suited, because we haven’t come across any less appropriate scenarios. But definitely in regard to how we centrally manage our user space and our endpoints, it’s been beneficial from an API perspective and is really transferable, with strong collaboration with our Azure stack. It works very well.

Verified User

Executive in Information Technology (10,001+ employees)

Vetted Review

3 years of experience

Microsoft Defender for Endpoint

Rating: 9 out of 10

Incentivized

May 4, 2026

Use Cases and Deployment Scope

Scope of use case is the title, link file, RNK, and file. Malware

Pros

I get a good rest. Static file Detections of malware are updated quite often and are also quite effective. And overall has more.

Cons

So far, it has not been detecting the link. File. Malware for changes that we are facing where you buy separately from simple anti, let the link file malware problem.

Likelihood to Recommend

It really works in a Windows environment. So if you have Mac, we have five different solutions, so Windows, that's probably the most appropriate technology you have because the CB consumption is very low.

Cathy Spence

Cecil at Argus Insight (51-200 employees)

Vetted Review

4 years of experience

Microsoft Defender for Endpoint

Rating: 8 out of 10

Incentivized

May 1, 2026

Use Cases and Deployment Scope

We basically have it on every machine and every server. The business problem it addresses is scanning our network for detectable threats, outdated software, software exploits, and vulnerabilities, and then telling us we need to get them remediated.

Pros

I do like the alert system, how it's picking up on things and alerting us about it, and then giving us the recommendations on remediating that particular issue.

Cons

The only thing is sometimes, because Microsoft has so many platforms, it gets a little confusing, like am I in the security platform? Am I in Purview? Where am I at right now? Because there's so many sites that are kind of doing a lot of the same thing, and so that does get a little confusing from time to time, but outside of that, it's a pretty good product.

Likelihood to Recommend

It's basically good for any company when you have any amount of machines that need to be protected. It's just a good endpoint detection method that makes it well-suited for a lot of scenarios. If you're in business, it's probably something you need.

Verified User

Technician in Information Technology (201-500 employees)

Vetted Review

2 years of experience

Offers Solid Protection Against Attacks at the Endpoints.

Rating: 9 out of 10

April 29, 2026

Use Cases and Deployment Scope

We use the Microsoft Defender for Endpoint to protect data at the endpoints. Helps to keep employees laptop, desktops, phones and other devices secure and protect against cyber threats. Offers a strong encryption scheme that helps to protect data organizational data from getting in wrong hands in-case of lost of a device.

Pros

Protects devices from cyber attacks ( Malware and Spyware)
Responding to threats in real-time.
Automates cyber threat protection and response.
Seamless integration with Microsoft ecosystem.
Offers reliable security monitoring.

Cons

Learning curve for advanced features.
False positive in occasional instances.

Likelihood to Recommend

Microsoft Defender for Endpoint offers protection on all endpoints and meets the requirement. With the tool you are sure of organization data and security at the endpoints.

Patrick Lendi

IT Manager in Information Technology at Kaba Delivery (51-200 employees)

Vetted Review

7 years of experience

Microsoft Defender for Endpoint Review

Rating: 9 out of 10

Incentivized

April 8, 2026

Use Cases and Deployment Scope

We use Microsoft Defender for Endpoint as our EDR solution. We used to have a traditional AV. So the transition from the AV to the EDR was a tremendous improvement from our soft team. So we are definitely happy with it. And the scope of the use cases, the entire endpoint, plus the older software system as well.

Pros

Definitely on the threat action and response. We didn't have a stress-response option before, but the dependent brand point provided it instantly. Also, it's doing UVA and machine learning, which we didn't have before. So it's definitely providing more sophisticated threat-detection capabilities than we had before.

Cons

It's a typical Microsoft being Microsoft. The update of those products is just like a constant. And sometimes we run into issues we never expected, and then it turns out it was a detection engine update or the agent version of the data actually causing the issue.

Likelihood to Recommend

I think Microsoft Defender for Endpoint is well-suited, especially if you are an e5shop. And then, if you have other Microsoft ecosystems in your organization, for example, we do have Microsoft Defender for Office 365. We also have the Defender for the DIP and the point DIP, Microsoft Purview, and Microsoft Entra ID. When you have all these Microsoft ecosystems in your organization, the collaboration and the data enlistment, the capability, each other is tremendous. So I highly recommend. If you own the first type of the Microsoft ecosystem, definitely a perk to use the Microsoft Defender for Endpoint and the financial EDR system.

Verified User

Employee in Information Technology (5001-10,000 employees)

Vetted Review

6 years of experience

Microsoft Defender for Endpoint Review

Rating: 10 out of 10

Incentivized

April 7, 2026

Use Cases and Deployment Scope

The problem it's solving for is obviously protecting us from ransomware, malware, and any viruses on our systems. Also, any data loss prevention controls what we put into the policy so users aren't accidentally deleting a lot of data or sending the data where they're not supposed to go. It also protects the endpoint from various types of risks and threats. The scope is in production. It's on everybody's machines. And we just want to make sure that we're minimizing as many risks on our endpoints. So we make sure that the computers are up to date, it's protected.

Pros

It really protects our endpoints. We've used other antivirus programs in the past, and they haven't had that full confidence in those products compared to what Microsoft Defender for Endpoint does for us.
Another pro is that it's easy to manage the management console through Intune to see Microsoft Defender for Endpoint up in the cloud and see the state of our devices.
Another pro is we haven't had an incident since we installed it.

Cons

That's a tough one because I don't have many cons on the product. Maybe the con is really around reporting. It's harder to get to the reporting and the analytics side. We have to do some of the custom reporting on our own, either through Power BI and whatnot. So the out-of-the-box reporting could be improved upon.

Likelihood to Recommend

In my industry, the corporate world, it's really well suited for it because we can manage them in one central location. We know the status of all of our endpoints. Where we've tried to really utilize it is on the assets, the properties we manage. There's the Windows machines inside those environments, the operational technology networks that we don't want to tie to our corporate environment. So there have been challenges where we are trying to manage those individual assets that may have three to five machines in it, and then the next property may have the same. And so it's just a little bit of a challenge to manage those smaller use cases for our properties.

Verified User

Director in Information Technology (201-500 employees)

Vetted Review

5 years of experience

Microsoft Defender for Endpoint Review

Rating: 9 out of 10

Incentivized

April 3, 2026

Use Cases and Deployment Scope

So we have some policies built up in the different portals. One example would be, let's say, there's a large number of failed authentications coming from a user account. We get an alert, go to the website, investigate it, and resolve the issues.

Pros

One example would be if there are two or three incidents from a single endpoint or a user, it combines all these events into one incident, which we can investigate. That's pretty good.

Cons

I'm not sure if they already have it. Maybe integrating Copilot with it so it can check all the events and just give us a summary would be great.

Likelihood to Recommend

Any events happening from an endpoint, not the user, are pretty good. And less appropriate could be if there's too much traffic coming, then it can be a bit hard to just dive down to one user or one particular scenario.

Verified User

Administrator in Information Technology (10,001+ employees)

Vetted Review

1 year of experience

Microsoft Defender for Endpoint Review

Rating: 9 out of 10

Incentivized

April 2, 2026

Use Cases and Deployment Scope

We use Microsoft Defender for Endpoint to secure endpoints and protect our user base.

Pros

The reporting and the alerts that we get from it are very useful to us as security professionals.

Cons

That's a good question. Honestly, I'm not sure I can think of a con off the top of my head. We're happy with the products.

Likelihood to Recommend

Where Microsoft Defender for Endpoint is well suited, if you're all in a Microsoft ecosystem, then it's very good. If you have other products outside of Microsoft, then the integration isn't always as straightforward.

Verified User

Supervisor in Information Technology (1001-5000 employees)

Vetted Review

1 year of experience

Microsoft Defender for Endpoint should just be enabled by default

Rating: 9 out of 10

Incentivized

December 31, 2025

Use Cases and Deployment Scope

[...] is a manufacturing company headquartered in Montreal. We have offices across Canada and the United States. Microsoft Defender for Endpoint is deployed across our entire organization. Having a cloud based solution with a single pane of glass to manage all our assets is of the highest importance to us. Being able to receive immediate alerts when suspicious activity occurs has been extremely helpful in keeping our risks at a minimum. Microsoft Defender for Endpoint management is also smart enough to not send several alerts when an attack could be hitting multiple targets within a certain time frame or it's the same attack multiple times.

Pros

Consolidate alerts so you are not overwhelmed
Integrates with Microsoft products
Already licensed if you're using Office Premium or higher enterprise licenses

Cons

Management Interface needs work
Digging through analysis is not always informative
Constant clicking around to find all the relevant information

Likelihood to Recommend

Microsoft Defender for Endpoint is easy to deployed across the entire organization. Having a cloud based solution with a single pane of glass to manage all assets is a real no-brainer. Being able to receive immediate alerts when suspicious activity occurs is extremely helpful in keeping risks at a minimum. Microsoft Defender for Endpoint management is also smart enough to not send several alerts when an attack could be hitting multiple targets within a certain time frame or when it's the same attack multiple times. However, be prepared to click through multiple pages all over the site to figure out what happened when an attack occurs.

John Lee

IT Director in Information Technology at Fleurco Products Inc. (51-200 employees)

Vetted Review

5 years of experience