Microsoft Defender for EndpointFormerly Microsoft Defender ATP
Overview
What is Microsoft Defender for Endpoint?
Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation…
A reliable End to end security package.
Perfect Endpoint Security, Exposure Detection and Management Tool.
Microsoft Defender for Endpoint Review
Quick to rollout and get going, but takes some tweaking to optimize.
Microsoft Defender Review
The one stop security shop for the endpoints
Decent Protection for your endpoints
Microsoft Defender for Endpoint, a must for every Windows based IT setup
"Microsoft Defender for Endpoint One of the best tool to manage threat, Vulnerability and Compliance of the endpoints."
Secure workstations with MDE
Defender for Endpoint - First class EDR and more.
A Comprehensive Look at Microsoft Defender for Endpoint. Defending with Style
Defend, Detect, Excel with Microsoft Defender for Endpoint
Microsoft Defender for Endpoint
How Microsoft Defender for Endpoint Differs From Its Competitors
Components
- Vulnerability Management
- Baseline Assessments
- Device Discovery
- Endpoint Security Policies
- Automated Remediation
- Dynamic Device Tagging
- Endpoint DLP
- Web Content Filtering
- Live Response
- Unified integration with Defender for Cloud
- Always remediate PUA
- Device Deception (Preview)
- Download quarantined files
- Evaluatio…
Protection Scope
Components
Protection Scope
Components
Protection Scope
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
Components
Components
Protection Scope
Components
Components
Protection Scope
Components
Components
Protection Scope
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Malware Detection (53)8.585%
- Infection Remediation (52)8.282%
- Anti-Exploit Technology (51)8.080%
- Centralized Management (52)7.979%
Reviewer Pros & Cons
Pricing
Academic
$2.50
Standalone
$5.20
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Product Demos
Microsoft Defender for Endpoint Overview
Features
Endpoint Security
Endpoint security software protects enterprise connected devices from malware and cyber attacks.
- 8Anti-Exploit Technology(51) Ratings
In-memory and application layer attack blocking (e.g. ransomeware)
- 8.5Endpoint Detection and Response (EDR)(51) Ratings
Continuous monitoring and response to advanced internet threats by endpoint agents.
- 7.9Centralized Management(52) Ratings
Centralized management supporting multi-factor authentication, customized views, and role-based access control.
- 7.8Hybrid Deployment Support(10) Ratings
Administrators should be able to choose endpoint security on-premise, cloud, or hybrid.
- 8.2Infection Remediation(52) Ratings
Capability to quarantine infected endpoint and terminate malicious processes.
- 8.3Vulnerability Management(50) Ratings
Vulnerability prioritization for fixes.
- 8.5Malware Detection(53) Ratings
Detection and blocking of zero-day file and fileless malware.
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Microsoft Defender for Endpoint?
Rapidly
stops threats: Protects against sophisticated threats such as
ransomware and nation-state attacks.
Scales security: Puts time back in the hands of defenders to prioritize risks and elevate the organization's security posture.
Evolves the organization's defenses: Goes beyond endpoint silos and mature the organization's security based on a foundation for extended detection and response (XDR) and Zero Trust.
Microsoft Defender for Endpoint Features
Endpoint Security Features
- Supported: Anti-Exploit Technology
- Supported: Endpoint Detection and Response (EDR)
- Supported: Centralized Management
- Supported: Infection Remediation
- Supported: Vulnerability Management
- Supported: Malware Detection
Microsoft Defender for Endpoint Screenshots
Microsoft Defender for Endpoint Video
Microsoft Defender for Endpoint Competitors
Microsoft Defender for Endpoint Technical Details
Deployment Types | On-premise |
---|---|
Operating Systems | Windows |
Mobile Application | No |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(174)Attribute Ratings
Reviews
(1-19 of 19)The one stop security shop for the endpoints
- Vulnerability Management is without a doubt one of the most efficient features of Microsoft Defender for Endpoint. It provides enough details about the vulnerability, its impact and the remediation as well.
- The latest addition of 'Endpoint Security Policies' has been a very well thought and insightful feature that relieves the security analysts from the hassle of switching to Intune just for reviewing the endpoint security policies.
- 'Automated Remediation' is a boon to many organizations across the industry that helps in responding to ongoing attacks at machine speed. Microsoft Defender for Endpoint does it quite well in terms of accuracy and quickness.
- Dynamic device tagging feature has been an underrated feature from Microsoft Defender for Endpoint. It is such a reliable and efficient feature that saves a lot of time whether you are dealing with vulnerabilities or incidents.
- While 'Vulnerability Management' is one of my favorite features, I do feel that it has been the same for quite some time and now it should have some integration capabilities to do actions like inform the affected users, or take small actions like updating the OS, sending prompts to devices etc.
- I think most people will agree with me when I say that 'Baseline Assessments' feature should now have more standards added to its inventory. CIS and STIG are the only ones available in this feature without any updates for a long time now.
- Device Discovery while a good feature is appearing to somewhat unstable in nature. It does not provide admins with enough details and any actions to take on the discovered devices.
Microsoft Defender for Endpoint will be a great choice when you are a big organization (more than 500 endpoints) and are dealing with customer data from a critical industry.
Although if you lie in the SMB segment, taking standalone Microsoft Defender for Endpoint plans will make you confused about which features to go for and which ones to let go off. Hence, explore other options here.
Microsoft defended for endpoint user experience review.
- The threat detection is very good in Defender, during log4j exploitation we got a great deal of support from the Defender, and proactive coverage was received.
- During a recent security incident in our organization, the defender support team was quick to hop in and release the emergency patches and malware signature updates via hotfix, which has helped us deal with the security incident proactively.
- The ease of deployment on the endpoint and scanning feature, which consume minimal resources, and the offline and online coverages of threats are great advantages of Defender.
- Sometimes interacting with the support becomes difficult and more technical side, people who can understand customer concerns better will be of great help.
- Offline coverage can be even better.
- So far, I have had the best experience with defenders, and there is not much to complain about defenders.
Microsoft Defender helps us keep our software environment reliable and operationally secure.
- Incoming E-mails are tested for viruses
- Zip files that are extracted are checked for viruses
- Downloaded executables are also checked for viruses
- Better reporting of found dangerous code
- More insight into the resources used by a system scan
- It is good that regular updates are made available
This was well suited.
The executable generated by a c compiler that was not Microsoft's was considered dangerous code.
This was not suitable.
Defender is the default choice for a Microsoft shop
- End Point Protection in real time
- Security Dashboard for CISOs
- End point detection and Response
- Don't have any points to add here
If your customers are spread across multiple geographies, then Defender can help you setup Compliance policies based on each reason which reduces the efforts from DPO significantly.
Apart from these, I feel it is a feature rich and stable EDR product.
Easy and Reliable to Use
- Auditing of All Endpoints and Events
- Real-Time Protection
- Configuration and Deployment of the Product
- It evolves as threats do, but keeping up with threats is always a concern.
Good basic security.
- Does not bog down the system.
- Easy product to maintain.
- Clean interface.
- Could use some more options in the main GUI.
- Would like options for advanced scanning and protection.
- A advanced help or FAQ section.
Malware Stops Here
- catch malware
- web and network protection
- like the ability to set rules
- not easy to create allowances for certain groups of users
- It tends to lock a feature out sometimes that it may deem dangerous and it's hard to work around that
Best protection from Microsoft.
- Offline protection.
- Actively scan files and process them in the background.
- Protection history.
- Scheduled scans.
- Performance optimizations.
- Incorporate behavior analysis.
- Improve user interface and usability.
One stop shop for endpoint protection
- Blocking USB and External Media
- Vulnerability Reporting
- Proactive Alerting
- Lots of upfront configuration necessary
- Tons of configuration options
- Hard to deploy to Macs
Ease to install and manage
- Easy to deploy
- extra protection for remote devices
Microsoft Defender for Endpoint Review
- Doing well is being able to detect issues. It does that!
- I'm not sure, because we recently had a cyber attack that affected a lot of our endpoints, and we've been trying to recover for the last year and a half on that, and I'm not sure that it's something the Defender for Endpoint would've been able to assist with. So I don't really have an answer for that, honestly.
Microsoft Defender for Endpoint Review
- It does really good scanning and alerting when some of our employees and clients have not updated it quite yet. We reset that shield to glow bright red so that they update that and scan, at least do a quick scan every once in a while. I mean, sometimes I wish it was once a week, but once every three weeks or so, I think we're okay with it.
- If I could set it to automatically update every time the computer has woken up from sleep, I would, because a lot of the times when our Microsoft services turn off, we find that they're not actually turning off and stopping all processes and it seems to only update when we completely turn off our system. I want this automatic update. The automatic update should be more frequent essentially.
Defend a lot more than Endpoints.
- Threat intelligence.
- Data Protection.
- Protection against Security Threats.
- More training and simulation for an end user.
- More advanced threat-hunting UI overhaul. A lot of the features are nested in multiple menus and side panes.
- Executive Reports and Summaries of Windows Timeline.
Microsoft Defender for Endpoint review
We have enabled it in our Intune. We have configured a profile for on-boarding Windows devices and have enabled all the benefits of Defender. Similarly we have on-boarded android and iOS devices. We have configured a compliance policy for them. We have created app protection policy. We have configured conditional access to block accesses of the devices that exceed your threat level. Also configured the Antivirus and Anti-malware policies. By implementing all these we have made our environment almost secured of external threats and vulnerabilities. This has also helped us to improve our compliance score.
- It examines and acts quickly to all the vulnerabilities or threats from the external attacks.
- It detects and blocks all the unsafe application which can cause problems to the system.
- Its Antivirus feature protects the system from all the harmful viruses.
- It works wonderfully well for Windows devices but when it comes to MAC devices it is not that supportive as it is for Windows. There is definitely some scope of improvement there.
- It has limited support for third party tools.
- Sometimes the user experience can be not that good as their system performance is impacted when the scan is active.
If your organisation has maximum number of MAC devices then honestly I would not recommend this solution for you.
Holistic approach to Cybersecurity
- Compatible with macOS, iOS, Android, Windows Server, Windows 10 and Linux
- It runs natively on Windows it is not a bolted on solution. Once you have the correct license it is easy enough to light up the application to protect the endpoint
- Integrated with Microsoft Intune
- It is designed to detect and remediate adversary tactics from the MITRE knowledge base.
- Microsoft analyzes billions of signals daily to detect attacks against O365 tenants these same signals are fed into ML to further fine-tune MDE. How many other solutions out there will have access to this vast amount of data to analyze to train their ML?
- Automated detection and remediation of threats with a graphical timeline view of how the treat got into the device and was stopped
- It has its own vulnerability scanner to feed data into the dashboard so you can see daily which endpoints need to be patch first based on its value
- It comes with an advanced hunting tool using the kusto query language to search your tenant for threats
- It can keep 180 days of log data
- From one bundled license I can protect Exchange online email, Sharepoint, Microsoft Teams, One Drive, Azure identities, AD, endpoints
- Web filtering on the macOS it not available yet
- They recently made it easier to on-board macOS endpoints using Microsoft Intune by deploying it as an app. It used to take a lot of more configuration profiles to set up. For older macOS Sierra using the older extensions it will still require the multiple steps to on-board to MDE
- They need to integrate Microsoft Cloud app into the new dashboard of MDE
- Reduce the memory overhead of the mdatp agent running on Linux
Microsoft Defender ATP offers a great alternative to traditional, and even cloud-based AV.
- Visibility: It's great to be able to see what KBs are missing, etc.
- Lightweight AV protection built on the already included Windows Defender Application
- Deployment: We've had some issues deploying, especially outside of the Windows environment.
- Offboarding: There is currently no way to delete a computer. They disappear over time. We even renamed a computer, and it kept both the old and new name in there. Eventually, the older machines do go away, but there is no manual way to do this at the moment.
Where it may not be great is in mixed-OS environments. It requires a bit of determination to get ATP installed on OSX or Linux. While these platforms do get fewer viruses in general, it's good to have the layer of visibility and security for web and browser based threats.
Microsoft Defender Review
- One of the undeniable strengths of Windows Defender is that it is free. It already comes packaged with Windows. You don't have to install separately or pay extra for the excellent kind of protection it provides.
- Unlike all the other anti-virus software out there, the service is very light on the system and one doesn't even get to know when a background check is going on in the background. I never had to open the application to run scans. It automatically keeps running in the background and informs if anything fishy is going on in the background.
- When it comes to the latest threats and malware, it is not the most updated antivirus software in the market. It can always benefit from quick virus definition updates.
- It is not a complex antivirus solution when it comes to its feature sets. People who are finicky about each and every feature will be a little disappointed with the lack of options/settings available to configure the antivirus.
Great AV solution that's low on system resources!
- It does not take up a lot of system resources, unlike other 3rd part AV providers.
- Integrated into the MS product line without having to touch it too much, unlike 3rd part AV providers.
- Easy to set-up and manage endpoints.
- It does not break Windows OS like 3rd party AV providers whenever a patch or roll updated is deployed.
- Detection rates are less than some of the competitors out there.
- Too many false positives with 3rd part applications.
- For smaller deployments can get expensive compared to competitors.
A really good all-in-one antivirus/malware/threat product
It address the business problem of helping to protect every computer that connects to the network, or that connects to the domain. All policies/settings get pushed down to the clients that are installed on the individual machines. There doesn't need to be user interaction to get this done
- It is great at proactively monitoring threats across the network. It works seamlessly with the client to monitor individual user computers, and it has a good real-time scanning engine.
- On the client side, Windows Defender doesn't require a whole lot of system resources to run, nor will it create unnessary slowdowns of a computer, even while scanning for threats
- We've noticed one issue with the SmartScreen filter settings on the client and trying to install programs. If the Administrator sets the setting to Block on the server side, then this might interfere with some programs trying to get installed on the client side. Microsoft should look into this issue, and maybe offer more sub-settings for the Block option
- Noticed that Windows Defender will occassionally do a system scan on a client during business hours, even though on the server side, scans are set for the middle of the night. This does not occur on all endpoints, or at all times, but tends to be random
It might be less of ideal solution if a company/organization were looking for something more robust, or had a lot more features/configuration settings. It also might be less ideal for a company/organization that was looking for a product that didn't have a high detection rate of false positives