Microsoft Defender for EndpointFormerly Microsoft Defender ATP
Overview
What is Microsoft Defender for Endpoint?
Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation…
A reliable End to end security package.
Perfect Endpoint Security, Exposure Detection and Management Tool.
Microsoft Defender for Endpoint Review
Quick to rollout and get going, but takes some tweaking to optimize.
Microsoft Defender Review
The one stop security shop for the endpoints
Decent Protection for your endpoints
Microsoft Defender for Endpoint, a must for every Windows based IT setup
"Microsoft Defender for Endpoint One of the best tool to manage threat, Vulnerability and Compliance of the endpoints."
Secure workstations with MDE
Defender for Endpoint - First class EDR and more.
A Comprehensive Look at Microsoft Defender for Endpoint. Defending with Style
Defend, Detect, Excel with Microsoft Defender for Endpoint
Microsoft Defender for Endpoint
How Microsoft Defender for Endpoint Differs From Its Competitors
Components
Protection Scope
Components
Protection Scope
Protection Scope
Components
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Malware Detection (53)8.585%
- Infection Remediation (52)8.282%
- Anti-Exploit Technology (51)8.080%
- Centralized Management (52)7.979%
Reviewer Pros & Cons
Pricing
Academic
$2.50
Standalone
$5.20
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Product Demos
Microsoft Defender for Endpoint Overview
Features
Endpoint Security
Endpoint security software protects enterprise connected devices from malware and cyber attacks.
- 8Anti-Exploit Technology(51) Ratings
In-memory and application layer attack blocking (e.g. ransomeware)
- 8.5Endpoint Detection and Response (EDR)(51) Ratings
Continuous monitoring and response to advanced internet threats by endpoint agents.
- 7.9Centralized Management(52) Ratings
Centralized management supporting multi-factor authentication, customized views, and role-based access control.
- 7.8Hybrid Deployment Support(10) Ratings
Administrators should be able to choose endpoint security on-premise, cloud, or hybrid.
- 8.2Infection Remediation(52) Ratings
Capability to quarantine infected endpoint and terminate malicious processes.
- 8.3Vulnerability Management(50) Ratings
Vulnerability prioritization for fixes.
- 8.5Malware Detection(53) Ratings
Detection and blocking of zero-day file and fileless malware.
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Microsoft Defender for Endpoint?
Rapidly
stops threats: Protects against sophisticated threats such as
ransomware and nation-state attacks.
Scales security: Puts time back in the hands of defenders to prioritize risks and elevate the organization's security posture.
Evolves the organization's defenses: Goes beyond endpoint silos and mature the organization's security based on a foundation for extended detection and response (XDR) and Zero Trust.
Microsoft Defender for Endpoint Features
Endpoint Security Features
- Supported: Anti-Exploit Technology
- Supported: Endpoint Detection and Response (EDR)
- Supported: Centralized Management
- Supported: Infection Remediation
- Supported: Vulnerability Management
- Supported: Malware Detection
Microsoft Defender for Endpoint Screenshots
Microsoft Defender for Endpoint Video
Microsoft Defender for Endpoint Competitors
Microsoft Defender for Endpoint Technical Details
Deployment Types | On-premise |
---|---|
Operating Systems | Windows |
Mobile Application | No |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(174)Attribute Ratings
Reviews
(1-14 of 14)Microsoft Defender for Endpoint
- Quick response to all threats across all devices protected.
- Help pick up vulnerabilities in systems which previously have gone unidentified.
- Centrally Managed with a single pane of glass view is super handy and useful.
- The only thing I think that can be improved on is the reporting.
Microsoft Defender helps us keep our software environment reliable and operationally secure.
- Incoming E-mails are tested for viruses
- Zip files that are extracted are checked for viruses
- Downloaded executables are also checked for viruses
- Better reporting of found dangerous code
- More insight into the resources used by a system scan
- It is good that regular updates are made available
This was well suited.
The executable generated by a c compiler that was not Microsoft's was considered dangerous code.
This was not suitable.
Defender is the default choice for a Microsoft shop
- End Point Protection in real time
- Security Dashboard for CISOs
- End point detection and Response
- Don't have any points to add here
If your customers are spread across multiple geographies, then Defender can help you setup Compliance policies based on each reason which reduces the efforts from DPO significantly.
Apart from these, I feel it is a feature rich and stable EDR product.
Endpoint protection products that are easy to use and configure
- The ability to provide decision support (or content about alerts) is powerful and allows us to become experts in analytics rather than in a specific technology
- Microsoft Defender provides security for unmanaged devices on corporate networks
- Microsoft Defender for Endpoint is a service in the Microsoft Defender Security Center. By adding and deploying client provisioning profiles, configuration administrators can monitor deployment status and obtain endpoint agent health status using Microsoft Defender.
- Windows Defender isn't perfect. It may miss some threats, especially new and sophisticated threats. So it’s important to supplement it with other security measures.
- Even though Windows Defender does a good job, it can't protect you from everything. Therefore, it is important to be aware of the risks and take steps to protect your computer, such as using complex passwords and being careful about clicking on anything, especially email attachments and some tech support scam calls.
Easy and Reliable to Use
- Auditing of All Endpoints and Events
- Real-Time Protection
- Configuration and Deployment of the Product
- It evolves as threats do, but keeping up with threats is always a concern.
Nice Product.
- Helps in Endpoint Management through centralized console.
- Good detection Coverage.
- Reports
- Whitelisting options.
Microsoft Defender for Endpoint Review
- I really enjoy the level that we get with our licensing for the timeline on devices, being able to see what happened when it happened down to the millisecond to know exactly what happened when someone clicked something, did something bad, installed something bad, or whichever. And the alert monitoring is really useful for sending emails whenever there's anything that's remotely detected, even if it's a false positive.
- I'm having a hard time thinking of anything because we get all of the endpoint tools available to us with our licensing level and we use them as much as we need to. There are some that we're still kind of figuring out that we should be using more of. So I can't think of anything right now.
Microsoft Defender for Endpoint Review
- It's easy to manage. You don't have to touch it, it just does what it needs to do.
- Performance. There's a lot of situations where you turn the computer on and the first thing it does is a scan. And that scan takes so long and all the time. Sometimes all I want to do is just read an email.
Microsoft Defender for Endpoint Review
- We've had very great success with Defender for Endpoint stopping malware. So any new threat or any new emerging threats, it has quickly detected them and stopped them in their tracks. And if it's not able to stop them, it has alerted us so we can go in and manually take intervention. It has done well against particular malware payloads being stopped from being downloaded on the machine as well. I might be crossing a boundary with a different Microsoft product here, but detection of malicious links received through emails and colleagues trying to access websites that they shouldn't be accessing. So it's been particularly good at that stuff.
- Off the top of my head, I can't think of anything that I can scrutinize. Actually, there was one event that we had to contact Microsoft on to help fix a malicious JavaScript file. So we've had some malicious JavaScript files come into our environment and be undetected by Microsoft Defender for Endpoint. That was one of those instances where we had to take manual intervention and we were not alerted by Microsoft Defender for Endpoint and we did engage Microsoft Support and add a signature definition for it, which helped for that particular instance. However, we've had another JavaScript instance since then that was not detected. So I would say better detection at malicious JavaScript files would be room for improvement.
Microsoft Defender for Endpoint is an integrated all around Security tool for Windows Devices
- OS Integration for detection
- Detection Reporting
- Detection Remediation
- Classification of incidents could be better
- Data is locked behind the expensive sentinel program
- System will fail remediating issues, but not change alert
Defend a lot more than Endpoints.
- Threat intelligence.
- Data Protection.
- Protection against Security Threats.
- More training and simulation for an end user.
- More advanced threat-hunting UI overhaul. A lot of the features are nested in multiple menus and side panes.
- Executive Reports and Summaries of Windows Timeline.
Microsoft Defender holds up to the sales pitch and more
- Great dashboard for the techs on the end of support
- Provides good notifications for the user
- Does a great job quarantining questionable emails that may have suspicious links.
- Stop changing the product name - creates confusion at times
Holistic approach to Cybersecurity
- Compatible with macOS, iOS, Android, Windows Server, Windows 10 and Linux
- It runs natively on Windows it is not a bolted on solution. Once you have the correct license it is easy enough to light up the application to protect the endpoint
- Integrated with Microsoft Intune
- It is designed to detect and remediate adversary tactics from the MITRE knowledge base.
- Microsoft analyzes billions of signals daily to detect attacks against O365 tenants these same signals are fed into ML to further fine-tune MDE. How many other solutions out there will have access to this vast amount of data to analyze to train their ML?
- Automated detection and remediation of threats with a graphical timeline view of how the treat got into the device and was stopped
- It has its own vulnerability scanner to feed data into the dashboard so you can see daily which endpoints need to be patch first based on its value
- It comes with an advanced hunting tool using the kusto query language to search your tenant for threats
- It can keep 180 days of log data
- From one bundled license I can protect Exchange online email, Sharepoint, Microsoft Teams, One Drive, Azure identities, AD, endpoints
- Web filtering on the macOS it not available yet
- They recently made it easier to on-board macOS endpoints using Microsoft Intune by deploying it as an app. It used to take a lot of more configuration profiles to set up. For older macOS Sierra using the older extensions it will still require the multiple steps to on-board to MDE
- They need to integrate Microsoft Cloud app into the new dashboard of MDE
- Reduce the memory overhead of the mdatp agent running on Linux
Microsoft Defender ATP offers a great alternative to traditional, and even cloud-based AV.
- Visibility: It's great to be able to see what KBs are missing, etc.
- Lightweight AV protection built on the already included Windows Defender Application
- Deployment: We've had some issues deploying, especially outside of the Windows environment.
- Offboarding: There is currently no way to delete a computer. They disappear over time. We even renamed a computer, and it kept both the old and new name in there. Eventually, the older machines do go away, but there is no manual way to do this at the moment.
Where it may not be great is in mixed-OS environments. It requires a bit of determination to get ATP installed on OSX or Linux. While these platforms do get fewer viruses in general, it's good to have the layer of visibility and security for web and browser based threats.