Skip to main content
TrustRadius
Microsoft Defender for Endpoint

Microsoft Defender for Endpoint
Formerly Microsoft Defender ATP

Overview

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation…

Read more
Recent Reviews

Secure workstations with MDE

8 out of 10
November 03, 2023
Microsoft Defender for Endpoint offers exceptional threat insight and protection. Its KQL powered Advanced Hunting provides deep analysis. …
Continue reading
Read all reviews

How Microsoft Defender for Endpoint Differs From Its Competitors

Components

We utilize everything relates endpoint and network issues. The AI integration is actually my favorite component because it comes in handy in vulnerability scanning through scanning our networks and alert us Incase of any exposure. Remediation and blocking of advanced threats are also a plus.
Continue reading

Protection Scope

We have currently installed Microsoft Defender for Endpoint on 1573 endpoint devices on our main network. This includes Windows and Apple desktops, laptops, and servers. We also do scan our routers and switches and have rolled out installation on some of our mobile devices. The goal is to secure …
Continue reading

Components

We are using everything related to the endpoint and to network devices. We have installed Microsoft Defender for Endpoint on our desktops and laptops. We have also implemented the network vulnerability scanning functionality that scans our network appliances and alerts us of any vulnerabilities.
Continue reading

Protection Scope

We currently have the Microsoft Defender for Endpoint agent installed on about 1600 endpoint devices on our network. These include Windows and Apple laptops and desktops. We are also scanning Cisco routers and switches. We are looking for a way to roll out the installation on mobile devices, in …
Continue reading

Components

- We use Endpoint detection and response for proactive detection and remediation.
- Attack Surface Reduction helps us proactively block commonly used attack methods by malware (scripts).
- We use Microsoft Defender for Endpoint as a layered approach with other security tools.
Continue reading

Components

  • Vulnerability Management
  • Baseline Assessments
  • Device Discovery
  • Endpoint Security Policies
  • Automated Remediation
  • Dynamic Device Tagging
  • Endpoint DLP
  • Web Content Filtering
  • Live Response
  • Unified integration with Defender for Cloud
  • Always remediate PUA
  • Device Deception (Preview)
  • Download quarantined files
  • Evaluatio…
Continue reading

Protection Scope

We currently have more than 200 active devices across the organization. We are a 'Windows' only organization when it comes to internal end user deployments. When it comes to server count, we have a small environment of less than 20 servers containing both Windows and Linux servers deployed in …
Continue reading

Components

Antivirus and Malware protection are features we are using by have them installed in endpoint devices that associated with our users that are in M365 group, once the user is eligible for M365, we will install the application and remove the other antivirus (if any), which then will bring us to the …
Continue reading

Components

We are using the following components / features of Microsoft Defender for Endpoint in our organization:
1. Centralised deployment of antivirus agent
2. Centralised monitoring of security alerts
3. Vulnerability management
4. Antivirus and anti malware
5. Integration with Microsoft Intune
6. Device …
Continue reading

Components

Admin portal : Enables endpoint monitoring, security incident identification, and response.
Endpoint Detection and Response (EDR) : Organizations can investigate security incidents, collect pertinent data, and implement the necessary remediation activities to eliminate and contain threats by using …
Continue reading

Protection Scope

Microsoft Defender for Endpoint offers comprehensive protection for Windows endpoints and Windows Server environments.
We are protecting over 30 Windows devices for our company, as well as more than 50 Windows and macOS devices for one of our customers. We also use Microsoft Intune to manage over …
Continue reading

Components

1. Endpoint Detection and Response
2. Advanced Threat Protection
3. Attack Surface Reduction
Continue reading

Protection Scope

More than 1000 devices are configured with Microsoft Defender for Endpoint. We are using this in Windows 10, 11 and Windows Servers
Continue reading

Components

EDR, Auto investigation & remediation Threat & Vulnerability Management Attack Service Reduction rules Secure Score for Devices Network Discovery. Basically, all features for clients are managed with Intune as MDM; Servers are managed with Azure Policy and GPO. Linux machines have custom scripting …
Continue reading

Components

Endpoint Protection
Threat & Vulnerability Management
Intune Integration
Microsoft Defender Antivirus
Microsoft Defender SmartScreen
Attack Surface Reduction
Continue reading

Components

Advanced threat detection, automated incidence response, integration, endpoint detection and response, and threat intelligence. All the features come together in investigation and response to threats enhancing the general security of our small organization.
Continue reading

Components

We are using the following features of Microsoft defender Unified security tools and centralized management.Next-generation antimalware. Attack surface reduction rules.Device control (such as USB)Endpoint firewall.Network protection.Web control/category-based URL blocking.Device-based conditional …
Continue reading

Protection Scope

We have around 4000 endpoints, including workstations and servers that vary from Windows workstations, windows servers, Linux servers, Android devices, and iOS devices. Etc.
Continue reading

Components

Vulnerability management to identify issues and review recommendations. Configuration management and monitoring. Endpoint detection and response to identify potential threats and shut them down before the prove to be an issue. Incident reporting and root cause remediation research when issues are …
Continue reading

Components

Threat Protection: Microsoft Defender for Endpoint provides real-time protection against a wide range of threats, including malware, viruses, ransomware, and phishing attacks. It uses advanced threat detection algorithms and machine learning to identify and block malicious activities.Endpoint …
Continue reading

Protection Scope

5,000 Endpoints we're currently managing through Microsoft Defender for Endpoint protection. We only use it for Microsoft Servers as it doesn't support macOS, Linux servers, Android, iOS, etc).
Continue reading

Components

Microsoft Defender for Endpoint-Microsoft's EPP and EDR offering primarily built into Windows 10 but has been ported to other operating systems such as Mac & Linux , For Mac they use Bitdefender as OEM & Linux for AV engine. We also use Threat experts for Microsoft's threat hunting services, which …
Continue reading

Components

For our organization, we found the device inventory, which helps us to find discover, track, and manage our devices. Along with the log management is very useful; we can investigate what's happened. The management console is well done, useful, and helps in managing our environment. That's a great …
Continue reading

Components

The main components we are using are:
  • Attack Surface Reduction (ASR).
  • Next-generation Protection.
  • Microsoft Secure Score for Devices.
  • Automated Investigation and Remediation (AIR).
Continue reading

Components

We are utilising a mix of P1 and P2 versions of Defender for Endpoint. The P2 version includes Endpoint Detection and Response as an extension, as well as automatic investigation adn remediation, making it a full competitor to other XDR tools on the market.
Continue reading

Components

Device Response Function: Perform AV ScanFile response functions: collect files, analyze in depth, block files, stop and quarantine programs
Continue reading

Components

Currently we have deployed all features available to us, but mostly we use, at least on a day to day basis, the endpoint protection in the form of antivirus / antimalware protection. The anti-exploit feature is used and it is has been very eye opening to get reports of potential threats that have …
Continue reading

Protection Scope

Our environment consists of mostly Windows systems. We have both workstations and servers in the form of virtual machines and a virtual desktop infrastructure. We have roughly two thousand systems and of those, about five hundred of them are a part of our virtual desktop infrastructure for end …
Continue reading

Components

For the secured remote access of the multiple production machines through browser, the Microsoft Defender is utilized at the office machines (endpoints). With the advanced vulnerability management and auto threat detection, it can detect weather the access is secured and authorized or not. It …
Continue reading

Protection Scope

Depending upon the project size and number of production machines it depends. Currently depending upon the bots (3-5), production machines are managed with concurrency. All the machines work on the Widows platform and these machines are accessed by the 3-4 agents.
It manages the endpoint weaknesses …
Continue reading

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 7 features
  • Malware Detection (53)
    8.5
    85%
  • Infection Remediation (52)
    8.2
    82%
  • Anti-Exploit Technology (51)
    8.0
    80%
  • Centralized Management (52)
    7.9
    79%

Reviewer Pros & Cons

View all pros & cons
CL
chris lex
Security Specialist
valiantech.ltd (Information Technology Services, 51-200 employees)
Abdul Ayub | TrustRadius Reviewer
Abdul Ayub
Executive Engineer Transmission
Sui Northen Gas Pipelines Ltd (Oil & Energy, 10,001+ employees)
Return to navigation

Pricing

View all pricing

Academic

$2.50

On Premise
per user/per month

Standalone

$5.20

On Premise
per user/per month

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Product Demos

Microsoft Defender for Endpoint Overview

YouTube
Return to navigation

Features

Endpoint Security

Endpoint security software protects enterprise connected devices from malware and cyber attacks.

8.2
Avg 8.5
Return to navigation

Product Details

What is Microsoft Defender for Endpoint?

Presented as an epicenter for comprehensive endpoint security, Microsoft Defender for Endpoint helps users rapidly stop attacks, scale security resources, and evolve defenses across operating systems and network devices.

Rapidly stops threats: Protects against sophisticated threats such as ransomware and nation-state attacks.

Scales security: Puts time back in the hands of defenders to prioritize risks and elevate the organization's security posture.

Evolves the organization's defenses: Goes beyond endpoint silos and mature the organization's security based on a foundation for extended detection and response (XDR) and Zero Trust.

Microsoft Defender for Endpoint Features

Endpoint Security Features

  • Supported: Anti-Exploit Technology
  • Supported: Endpoint Detection and Response (EDR)
  • Supported: Centralized Management
  • Supported: Infection Remediation
  • Supported: Vulnerability Management
  • Supported: Malware Detection

Microsoft Defender for Endpoint Screenshots

Screenshot of blocked activitiesScreenshot of Detects & respondsScreenshot of discovers vulnerabilityScreenshot of Eliminates blind spotsScreenshot of Risk management

Microsoft Defender for Endpoint Video

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint Competitors

Microsoft Defender for Endpoint Technical Details

Deployment TypesOn-premise
Operating SystemsWindows
Mobile ApplicationNo

Frequently Asked Questions

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.

CrowdStrike Falcon, Symantec Endpoint Security, and Sophos Intercept X are common alternatives for Microsoft Defender for Endpoint.

Reviewers rate Endpoint Detection and Response (EDR) and Malware Detection highest, with a score of 8.5.

The most common users of Microsoft Defender for Endpoint are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(175)

Attribute Ratings

Reviews

(1-3 of 3)
Companies can't remove reviews or game the system. Here's why
April 27, 2022

Microsoft Defender for Endpoint Review

AM
Ali Marandi
Senior Manager-Cyber Security
Brookfield Renewable (Environmental Services, 1001-5000 employees)
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
My company utilizes Defender for Endpoint across all end point devices, including Windows and Linux servers. For me, Defender's capabilities are above any other AV tool I previously used. Some of the main benefits for us are:
  • Cloud Console
  • Cloud based updates
  • Live protection
Additionally, we use the EDR capability extensively. It has made life easer for our SOC team.
Pros and Cons
  • AV/Malware protection
  • Vulnerability Management
  • End Point Detection and Response (EDR)
  • Onboarding devices
  • Device configuration can be challenging
  • In order to use this product to its full capabilities, Intune will be required
Likelihood to Recommend
Live Protection works well, it almost renders scheduled scans pointless.
Vulnerability management is a nice feature. It allows for vulnerabilities to be factored in for an overall exposure score.
Secure Score .
We utilize EDR as well. It makes easier for our Incident Response team to built a timeline. We're using Defender more when it comes to IR.
Most Important Features
  • EDR
  • Vulnerability Management
  • AV/Malware protection
Microsoft Defender for Endpoint Feature Ratings
Endpoint Security (7)
90%
9.0
Anti-Exploit Technology
90%
9.0
Endpoint Detection and Response (EDR)
90%
9.0
Centralized Management
90%
9.0
Hybrid Deployment Support
90%
9.0
Infection Remediation
90%
9.0
Vulnerability Management
90%
9.0
Malware Detection
90%
9.0
Return on Investment
  • Savings over previous vendor
  • ease of administration
  • increased SOC SLA
Alternatives Considered
Defender works better for my org. This may depend on your ecosystem, however for me, Defender is a clear winner. I like Defender's ability to utilize multiple sensors and data points to detect possible breaches. I like the built-in EDR functionality. I do not need to purchase a separate EDR software anymore. I really like the vulnerability management. it has enabled our SOC team to view multiple security-related sensors from a single portal.
Other Software Used
Tenable.io, Microsoft Sentinel (formerly Azure Sentinel), Microsoft Defender for Identity (formerly Azure ATP)
November 03, 2021

Microsoft Defender holds up to the sales pitch and more

Verified User
Director in Information Technology
Non-profit Organization Management Company, 1001-5000 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
We use it organization-wide. Defender has addressed malware, phishing, and viruses (trojans). This has significantly decreased our issues and potential exposure.
Pros and Cons
  • Great dashboard for the techs on the end of support
  • Provides good notifications for the user
  • Does a great job quarantining questionable emails that may have suspicious links.
  • Stop changing the product name - creates confusion at times
Likelihood to Recommend
[Microsoft Defender is a] great product for standard office users. It does not become a resource hog, yet does the job well.
Most Important Features
  • Able to identify potential issues with files and attachments
  • Provides details on the back end so tech staff can determine if it is a real threat, especially if someone decides to share the suspicious file
  • Notifications are very clear
Microsoft Defender for Endpoint Feature Ratings
Endpoint Security (7)
82.85714285714286%
8.3
Anti-Exploit Technology
90%
9.0
Endpoint Detection and Response (EDR)
100%
10.0
Centralized Management
100%
10.0
Hybrid Deployment Support
N/A
N/A
Infection Remediation
90%
9.0
Vulnerability Management
100%
10.0
Malware Detection
100%
10.0
Return on Investment
  • The product has remediated risks
  • Raised confidence within upper management after dealing with a breach prior to moving to Defender
  • The amount of false positives are very low so it becomes credible
Alternatives Considered
Very reliable with accuracy
Does not become a resource hog
Other Software Used
Microsoft Endpoint Manager (Microsoft Intune + SCCM), Microsoft 365 (formerly Office 365), Adobe Acrobat Reader DC
October 20, 2021

Holistic approach to Cybersecurity

Joe Aldeguer | TrustRadius Reviewer
Joe Aldeguer
IT Director
Society of American Florists (Non-profit Organization Management, 11-50 employees)
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
MDE is Microsoft's latest cybersecurity tool which takes a holistic approach to protect my organization from known and zero-day threats. I love the fact that I don't need to stitch together a diverse solution to increase my organization's security posture. I only have to use one login to manage my dashboard. MDE is compatible with all endpoints in my organization. I have macOS, iOS, Windows server, Windows 10, and Ubuntu Linux on-boarded. It is an EDR, XDR that is mapped against the MITRE ATT&CK framework.
Pros and Cons
  • Compatible with macOS, iOS, Android, Windows Server, Windows 10 and Linux
  • It runs natively on Windows it is not a bolted on solution. Once you have the correct license it is easy enough to light up the application to protect the endpoint
  • Integrated with Microsoft Intune
  • It is designed to detect and remediate adversary tactics from the MITRE knowledge base.
  • Microsoft analyzes billions of signals daily to detect attacks against O365 tenants these same signals are fed into ML to further fine-tune MDE. How many other solutions out there will have access to this vast amount of data to analyze to train their ML?
  • Automated detection and remediation of threats with a graphical timeline view of how the treat got into the device and was stopped
  • It has its own vulnerability scanner to feed data into the dashboard so you can see daily which endpoints need to be patch first based on its value
  • It comes with an advanced hunting tool using the kusto query language to search your tenant for threats
  • It can keep 180 days of log data
  • From one bundled license I can protect Exchange online email, Sharepoint, Microsoft Teams, One Drive, Azure identities, AD, endpoints
  • Web filtering on the macOS it not available yet
  • They recently made it easier to on-board macOS endpoints using Microsoft Intune by deploying it as an app. It used to take a lot of more configuration profiles to set up. For older macOS Sierra using the older extensions it will still require the multiple steps to on-board to MDE
  • They need to integrate Microsoft Cloud app into the new dashboard of MDE
  • Reduce the memory overhead of the mdatp agent running on Linux
Likelihood to Recommend
Small or large organizations will benefit from using MDE. They need to provide a way to buy MDE as a standalone add-on product not only make it a bundled feature in Microsoft 365 E5. I wish it had the ability to deploy updates to 3rd party apps when the vulnerability scanner discovers a vulnerability. Currently, I have to use a 3rd party tool to address this gap.
Most Important Features
  • Holistic cybersecurity tool
  • Compatibility with all of my OS
  • It is like having my own SOC for my small organization
Microsoft Defender for Endpoint Feature Ratings
Endpoint Security (7)
100%
10.0
Anti-Exploit Technology
100%
10.0
Endpoint Detection and Response (EDR)
100%
10.0
Centralized Management
100%
10.0
Hybrid Deployment Support
100%
10.0
Infection Remediation
100%
10.0
Vulnerability Management
100%
10.0
Malware Detection
100%
10.0
Return on Investment
  • You will have to move up to Microsoft 365 E5
  • You can get rid of other 3rd party security tools and just use the Microsoft ecosystem
Alternatives Considered
MDE is a complete solution from one vendor.
Products Replaced
Yes
I was using Avast Business edition to protect my macOS endpoints. I decided to go with Microsoft Defender for Endpoint to get deeper protection. I don't like the idea of having to log in to different portals to manage my endpoint protection.
Key Differentiators
  • Product Features
  • Product Reputation
The cross-platform solution providing protection to all of the operating systems we used at work.
Support Rating
9
The first time I tried to onboard my macOS endpoints to MDE I struggled for quite a bit. I had to reach out to Microsoft's MDE support team. The tech was very helpful in walking me through the steps during a screen share session.
Premium Support
No. Tech support through phone or email comes with Microsoft 365 E5 license.
Bug Resolution
No
Return to navigation