Skip to main content
TrustRadius
Microsoft Defender for Endpoint

Microsoft Defender for Endpoint
Formerly Microsoft Defender ATP

Overview

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation…

Read more
Recent Reviews

Secure workstations with MDE

8 out of 10
November 03, 2023
Microsoft Defender for Endpoint offers exceptional threat insight and protection. Its KQL powered Advanced Hunting provides deep analysis. …
Continue reading
Read all reviews

How Microsoft Defender for Endpoint Differs From Its Competitors

Components

We utilize everything relates endpoint and network issues. The AI integration is actually my favorite component because it comes in handy in vulnerability scanning through scanning our networks and alert us Incase of any exposure. Remediation and blocking of advanced threats are also a plus.
Continue reading

Protection Scope

We have currently installed Microsoft Defender for Endpoint on 1573 endpoint devices on our main network. This includes Windows and Apple desktops, laptops, and servers. We also do scan our routers and switches and have rolled out installation on some of our mobile devices. The goal is to secure …
Continue reading

Components

We are using everything related to the endpoint and to network devices. We have installed Microsoft Defender for Endpoint on our desktops and laptops. We have also implemented the network vulnerability scanning functionality that scans our network appliances and alerts us of any vulnerabilities.
Continue reading

Protection Scope

We currently have the Microsoft Defender for Endpoint agent installed on about 1600 endpoint devices on our network. These include Windows and Apple laptops and desktops. We are also scanning Cisco routers and switches. We are looking for a way to roll out the installation on mobile devices, in …
Continue reading

Components

- We use Endpoint detection and response for proactive detection and remediation.
- Attack Surface Reduction helps us proactively block commonly used attack methods by malware (scripts).
- We use Microsoft Defender for Endpoint as a layered approach with other security tools.
Continue reading

Components

  • Vulnerability Management
  • Baseline Assessments
  • Device Discovery
  • Endpoint Security Policies
  • Automated Remediation
  • Dynamic Device Tagging
  • Endpoint DLP
  • Web Content Filtering
  • Live Response
  • Unified integration with Defender for Cloud
  • Always remediate PUA
  • Device Deception (Preview)
  • Download quarantined files
  • Evaluatio…
Continue reading

Protection Scope

We currently have more than 200 active devices across the organization. We are a 'Windows' only organization when it comes to internal end user deployments. When it comes to server count, we have a small environment of less than 20 servers containing both Windows and Linux servers deployed in …
Continue reading

Components

Antivirus and Malware protection are features we are using by have them installed in endpoint devices that associated with our users that are in M365 group, once the user is eligible for M365, we will install the application and remove the other antivirus (if any), which then will bring us to the …
Continue reading

Components

We are using the following components / features of Microsoft Defender for Endpoint in our organization:
1. Centralised deployment of antivirus agent
2. Centralised monitoring of security alerts
3. Vulnerability management
4. Antivirus and anti malware
5. Integration with Microsoft Intune
6. Device …
Continue reading

Components

Admin portal : Enables endpoint monitoring, security incident identification, and response.
Endpoint Detection and Response (EDR) : Organizations can investigate security incidents, collect pertinent data, and implement the necessary remediation activities to eliminate and contain threats by using …
Continue reading

Protection Scope

Microsoft Defender for Endpoint offers comprehensive protection for Windows endpoints and Windows Server environments.
We are protecting over 30 Windows devices for our company, as well as more than 50 Windows and macOS devices for one of our customers. We also use Microsoft Intune to manage over …
Continue reading

Components

1. Endpoint Detection and Response
2. Advanced Threat Protection
3. Attack Surface Reduction
Continue reading

Protection Scope

More than 1000 devices are configured with Microsoft Defender for Endpoint. We are using this in Windows 10, 11 and Windows Servers
Continue reading

Components

EDR, Auto investigation & remediation Threat & Vulnerability Management Attack Service Reduction rules Secure Score for Devices Network Discovery. Basically, all features for clients are managed with Intune as MDM; Servers are managed with Azure Policy and GPO. Linux machines have custom scripting …
Continue reading

Components

Endpoint Protection
Threat & Vulnerability Management
Intune Integration
Microsoft Defender Antivirus
Microsoft Defender SmartScreen
Attack Surface Reduction
Continue reading

Components

Advanced threat detection, automated incidence response, integration, endpoint detection and response, and threat intelligence. All the features come together in investigation and response to threats enhancing the general security of our small organization.
Continue reading

Components

We are using the following features of Microsoft defender Unified security tools and centralized management.Next-generation antimalware. Attack surface reduction rules.Device control (such as USB)Endpoint firewall.Network protection.Web control/category-based URL blocking.Device-based conditional …
Continue reading

Protection Scope

We have around 4000 endpoints, including workstations and servers that vary from Windows workstations, windows servers, Linux servers, Android devices, and iOS devices. Etc.
Continue reading

Components

Vulnerability management to identify issues and review recommendations. Configuration management and monitoring. Endpoint detection and response to identify potential threats and shut them down before the prove to be an issue. Incident reporting and root cause remediation research when issues are …
Continue reading

Components

Threat Protection: Microsoft Defender for Endpoint provides real-time protection against a wide range of threats, including malware, viruses, ransomware, and phishing attacks. It uses advanced threat detection algorithms and machine learning to identify and block malicious activities.Endpoint …
Continue reading

Protection Scope

5,000 Endpoints we're currently managing through Microsoft Defender for Endpoint protection. We only use it for Microsoft Servers as it doesn't support macOS, Linux servers, Android, iOS, etc).
Continue reading

Components

Microsoft Defender for Endpoint-Microsoft's EPP and EDR offering primarily built into Windows 10 but has been ported to other operating systems such as Mac & Linux , For Mac they use Bitdefender as OEM & Linux for AV engine. We also use Threat experts for Microsoft's threat hunting services, which …
Continue reading

Components

For our organization, we found the device inventory, which helps us to find discover, track, and manage our devices. Along with the log management is very useful; we can investigate what's happened. The management console is well done, useful, and helps in managing our environment. That's a great …
Continue reading

Components

The main components we are using are:
  • Attack Surface Reduction (ASR).
  • Next-generation Protection.
  • Microsoft Secure Score for Devices.
  • Automated Investigation and Remediation (AIR).
Continue reading

Components

We are utilising a mix of P1 and P2 versions of Defender for Endpoint. The P2 version includes Endpoint Detection and Response as an extension, as well as automatic investigation adn remediation, making it a full competitor to other XDR tools on the market.
Continue reading

Components

Device Response Function: Perform AV ScanFile response functions: collect files, analyze in depth, block files, stop and quarantine programs
Continue reading

Components

Currently we have deployed all features available to us, but mostly we use, at least on a day to day basis, the endpoint protection in the form of antivirus / antimalware protection. The anti-exploit feature is used and it is has been very eye opening to get reports of potential threats that have …
Continue reading

Protection Scope

Our environment consists of mostly Windows systems. We have both workstations and servers in the form of virtual machines and a virtual desktop infrastructure. We have roughly two thousand systems and of those, about five hundred of them are a part of our virtual desktop infrastructure for end …
Continue reading

Components

For the secured remote access of the multiple production machines through browser, the Microsoft Defender is utilized at the office machines (endpoints). With the advanced vulnerability management and auto threat detection, it can detect weather the access is secured and authorized or not. It …
Continue reading

Protection Scope

Depending upon the project size and number of production machines it depends. Currently depending upon the bots (3-5), production machines are managed with concurrency. All the machines work on the Widows platform and these machines are accessed by the 3-4 agents.
It manages the endpoint weaknesses …
Continue reading

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 7 features
  • Malware Detection (51)
    8.5
    85%
  • Endpoint Detection and Response (EDR) (50)
    8.5
    85%
  • Infection Remediation (50)
    8.2
    82%
  • Centralized Management (50)
    7.9
    79%

Reviewer Pros & Cons

View all pros & cons
Abdul Ayub | TrustRadius Reviewer
Abdul Ayub
Executive Engineer Transmission
Sui Northen Gas Pipelines Ltd (Oil & Energy, 10,001+ employees)
Conrad Nyamache | TrustRadius Reviewer
Conrad Nyamache
Computer Technician Specialist
Utility (Program Development, 51-200 employees)
Return to navigation

Pricing

View all pricing

Academic

$2.50

On Premise
per user/per month

Standalone

$5.20

On Premise
per user/per month

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Product Demos

Microsoft Defender for Endpoint Overview

YouTube
Return to navigation

Features

Endpoint Security

Endpoint security software protects enterprise connected devices from malware and cyber attacks.

8.2
Avg 8.5
Return to navigation

Product Details

What is Microsoft Defender for Endpoint?

Presented as an epicenter for comprehensive endpoint security, Microsoft Defender for Endpoint helps users rapidly stop attacks, scale security resources, and evolve defenses across operating systems and network devices.

Rapidly stops threats: Protects against sophisticated threats such as ransomware and nation-state attacks.

Scales security: Puts time back in the hands of defenders to prioritize risks and elevate the organization's security posture.

Evolves the organization's defenses: Goes beyond endpoint silos and mature the organization's security based on a foundation for extended detection and response (XDR) and Zero Trust.

Microsoft Defender for Endpoint Features

Endpoint Security Features

  • Supported: Anti-Exploit Technology
  • Supported: Endpoint Detection and Response (EDR)
  • Supported: Centralized Management
  • Supported: Infection Remediation
  • Supported: Vulnerability Management
  • Supported: Malware Detection

Microsoft Defender for Endpoint Screenshots

Screenshot of blocked activitiesScreenshot of Detects & respondsScreenshot of discovers vulnerabilityScreenshot of Eliminates blind spotsScreenshot of Risk management

Microsoft Defender for Endpoint Video

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint Competitors

Microsoft Defender for Endpoint Technical Details

Deployment TypesOn-premise
Operating SystemsWindows
Mobile ApplicationNo

Frequently Asked Questions

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.

CrowdStrike Falcon, Symantec Endpoint Security, and Sophos Intercept X are common alternatives for Microsoft Defender for Endpoint.

Reviewers rate Endpoint Detection and Response (EDR) and Malware Detection highest, with a score of 8.5.

The most common users of Microsoft Defender for Endpoint are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(174)

Attribute Ratings

Reviews

(1-25 of 72)
Companies can't remove reviews or game the system. Here's why
March 21, 2024

Perfect Endpoint Security, Exposure Detection and Management Tool.

Conrad Nyamache | TrustRadius Reviewer
Conrad Nyamache
Computer Technician Specialist
Utility (Program Development, 51-200 employees)
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • It has a very intuitive and user-friendly UI that enables my team and I to navigate through it and respond to any threat efficiently.
  • It's extensive dashboard gives a complete view of all our endpoint soo we can spot any potential threat and exposure across the networks.
  • Robust detection and response capabilities that detect abnormal behavior, potential threats, and attacks as they happen and remediate and block any threat.
  • Insights enable us to get to the root cause of incidents and alerts for deep investigation.
  • It also provide a powerful 365 protection against any threat.
  • It is pretty limited when it comes to devices that are not Microsoft-based. Adding a device is quite a task.
  • False positives.
  • Sophisticated automated investigation and response features.
  • Exclusions during scanning are hard to spot.
  • I always have to submit request for whitelisting apps.
February 07, 2024

Microsoft Defender for Endpoint Review

KL
Kevin Lee
Network Security Analyst
A.T. Still University (Higher Education, 1001-5000 employees)
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Detects attacks as they happen.
  • Detects potential attacks.
  • Detects abnormal user behavior.
  • Does not allow for remediation from the management console.
  • The ticket system doesn't alert the person assigned to the ticket.
  • You have to submit requests for whitelisting applications.
  • Scanning exclusions are tricky to find.
  • Adding devices, especially Apple devices, is very cumbersome.
November 28, 2023

Quick to rollout and get going, but takes some tweaking to optimize.

Verified User
Manager in Information Technology
Health, Wellness and Fitness Company, 10,001+ employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Provides excellent integration with 365 security suite
  • It tracks all activities on endpoints and helps our security team effectively investigate alerts
  • It uses signature and behavior based techniques to detect / block threats
  • It offers limited support for non-Microsoft devices
  • It can be sometimes difficult to setup for optimization
  • It can sometimes be the root issue for resource issues on the endpoints
November 21, 2023

The one stop security shop for the endpoints

Yash Mudaliar | TrustRadius Reviewer
Yash Mudaliar
Associate Lead Security Admin
Atidan (Information Technology & Services, 201-500 employees)
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Vulnerability Management is without a doubt one of the most efficient features of Microsoft Defender for Endpoint. It provides enough details about the vulnerability, its impact and the remediation as well.
  • The latest addition of 'Endpoint Security Policies' has been a very well thought and insightful feature that relieves the security analysts from the hassle of switching to Intune just for reviewing the endpoint security policies.
  • 'Automated Remediation' is a boon to many organizations across the industry that helps in responding to ongoing attacks at machine speed. Microsoft Defender for Endpoint does it quite well in terms of accuracy and quickness.
  • Dynamic device tagging feature has been an underrated feature from Microsoft Defender for Endpoint. It is such a reliable and efficient feature that saves a lot of time whether you are dealing with vulnerabilities or incidents.
  • While 'Vulnerability Management' is one of my favorite features, I do feel that it has been the same for quite some time and now it should have some integration capabilities to do actions like inform the affected users, or take small actions like updating the OS, sending prompts to devices etc.
  • I think most people will agree with me when I say that 'Baseline Assessments' feature should now have more standards added to its inventory. CIS and STIG are the only ones available in this feature without any updates for a long time now.
  • Device Discovery while a good feature is appearing to somewhat unstable in nature. It does not provide admins with enough details and any actions to take on the discovered devices.
November 21, 2023

Decent Protection for your endpoints

Verified User
General Manager in Information Technology
Automotive Company, 1001-5000 employees
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Antivirus protection
  • Malware protection
  • Quarantine and alerts
  • Offering with other suites in M365 family
  • There are cases where it is not able to detect malware but other antivirus is detecting it
  • Better dashboard
November 03, 2023

"Microsoft Defender for Endpoint One of the best tool to manage threat, Vulnerability and Compliance of the endpoints."

Verified User
Consultant in Engineering
Information Technology & Services Company, 11-50 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • It provides a unified security experience when combined with other Microsoft products such as Microsoft Defender for 365 and Azure Defender.
  • It has an excellent dashboard and centralized view that make it easy to see and control everything from one location.
  • It's an EDR tool designed to help you understand incidents and alerts better.
  • Real-time detection of attacks and prompt endpoint device responses. It effortlessly interacts with additional Microsoft security products.
  • I must admit that I haven't discovered anything major regarding this product.
  • It has limited integration options with third party security products.
  • Sometime Automated Response is slow.
November 03, 2023

Secure workstations with MDE

Verified User
Administrator in Information Technology
Dairy Company, 501-1000 employees
Score 8 out of 10
Vetted Review
Verified User
Pros and Cons
  • It blocks the unsafe applications from accessing.
  • It provides User-friendly interface for seamless endpoint security.
  • It gets the updates new pattern updates automatically and stays upto date.
  • It has limited integration options with third party products.
  • Expand Baseline Assessment beyond STIG and CIS benchmarks for broader security coverage and compliance flexibility.
  • Nothing else.
October 26, 2023

Defender for Endpoint - First class EDR and more.

Verified User
Consultant in Information Technology
Information Technology & Services Company, 51-200 employees
Score 8 out of 10
Vetted Review
Verified User
Pros and Cons
  • One of the strong points is that AI is tightly integrated into the platform, which leads to excellent detection.
  • Vulnerability management is very useful for assessing tracking, and mitigating threats across all protected devices.
  • KQL integration is very good.
  • Licensing between Defender for Endpoint and Servers is complicated.
  • Deployment has improved but is not really streamlined. There is no single installer available and no single way of deploying settings.
  • The Defender portal is rich in information but can be complicated to use.
October 18, 2023

A Comprehensive Look at Microsoft Defender for Endpoint. Defending with Style

Verified User
Consultant in Information Technology
Information Technology & Services Company, 11-50 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Defender for Endpoint uses cutting-edge threat detection technologies, such as behavioral analysis and machine learning, to recognize and neutralize both known and undiscovered threats. Even the most complex and elusive malware and exploits can be found by it.
  • By providing threat analytics, it enables proactive threat prevention and mitigation by assisting organizations in understanding their security posture and trends over time.
  • It offers immediate insight into threat activity and endpoint security. Security teams can react quickly to threats since they can see what's happening across all of the devices in their organization.
  • For enterprises using the platform for the first time, the initial setup and configuration can be challenging. The experience might be enhanced by streamlining the onboarding procedure and offering more user-friendly setting wizards.
  • It might be difficult to afford, especially for smaller firms. The solution might be more widely available if it had a more open and flexible price structure, particularly for smaller enterprises.
  • Organizations could better address the escalating problems with cloud security with the help of enhanced functionality for monitoring and managing cloud apps and services.
October 18, 2023

Defend, Detect, Excel with Microsoft Defender for Endpoint

EB
Eli Blanks
Project manager
Moda Construction (Construction, 11-50 employees)
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Automated incident response
  • Scalability
  • Rapid threat mitigation
  • Threat analytics keeping us aware of our security posture.
  • Transparency in alert logic and visibility
  • Clarity in licensing. There are many options and pricing tiers that aren't very clear at the start of deployment.
  • Limited baseline assessment
October 02, 2023

Microsoft Defender for Endpoint

Martin Venter | TrustRadius Reviewer
Martin Venter
Senior Engineer
Network Configurations (Information Technology & Services, 51-200 employees)
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Quick response to all threats across all devices protected.
  • Help pick up vulnerabilities in systems which previously have gone unidentified.
  • Centrally Managed with a single pane of glass view is super handy and useful.
  • The only thing I think that can be improved on is the reporting.
September 29, 2023

Microsoft defended for endpoint user experience review.

Verified User
Engineer in Information Technology
Information Technology & Services Company, 10,001+ employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • The threat detection is very good in Defender, during log4j exploitation we got a great deal of support from the Defender, and proactive coverage was received.
  • During a recent security incident in our organization, the defender support team was quick to hop in and release the emergency patches and malware signature updates via hotfix, which has helped us deal with the security incident proactively.
  • The ease of deployment on the endpoint and scanning feature, which consume minimal resources, and the offline and online coverages of threats are great advantages of Defender.
  • Sometimes interacting with the support becomes difficult and more technical side, people who can understand customer concerns better will be of great help.
  • Offline coverage can be even better.
  • So far, I have had the best experience with defenders, and there is not much to complain about defenders.
September 26, 2023

Endpoint Defense You Can Count On

VG
Vernon Gibson
NetSuite Administrator
Powertex Group (Marketing & Advertising, 51-200 employees)
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Provides quick response to stopping threats identified on company owned devices.
  • It has helped us discover multiple misconfigurations and exposed vulnerabilities we didn't know we had.
  • Being able to utilize MS Defender for Endpoint on all of our devices from Windows to Mobile (iOS and Android) has really help secure our business.
  • Initial configuration can be daunting and there's a lot of details to pour over to make it work properly.
  • Reporting has been a challenge to get setup the way we want it to work.
September 25, 2023

Microsoft Defender helps us keep our software environment reliable and operationally secure.

Verified User
Engineer in Information Technology
Graphic Design Company, 11-50 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Incoming E-mails are tested for viruses
  • Zip files that are extracted are checked for viruses
  • Downloaded executables are also checked for viruses
  • Better reporting of found dangerous code
  • More insight into the resources used by a system scan
  • It is good that regular updates are made available
September 25, 2023

Microsoft Defender for Endpoint-Best EDR Solution

Bhuwan Chandra | TrustRadius Reviewer
Bhuwan Chandra
Business Development Manager
ConnectUp IT Solutions (Computer & Network Security, 11-50 employees)
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Microsoft Defender for Endpoint helps customers to more tightly integrate into the OS
  • ATP integrate with their cloud based sandbox for malware analysis
  • Microsoft Defender for Endpoint Antivirus provide ML based scanning
  • Mac & Linux EDR visibility is weak spot for Microsoft Defender for Endpoint
  • ATP does not have malware search functionality
  • ATP includes dashboards for specific threats but not actor attributions
September 22, 2023

Endpoint protection products that are easy to use and configure

Verified User
Manager in Information Technology
Computer Networking Company, 11-50 employees
Score 6 out of 10
Vetted Review
ResellerIncentivized
Pros and Cons
  • The ability to provide decision support (or content about alerts) is powerful and allows us to become experts in analytics rather than in a specific technology
  • Microsoft Defender provides security for unmanaged devices on corporate networks
  • Microsoft Defender for Endpoint is a service in the Microsoft Defender Security Center. By adding and deploying client provisioning profiles, configuration administrators can monitor deployment status and obtain endpoint agent health status using Microsoft Defender.
  • Windows Defender isn't perfect. It may miss some threats, especially new and sophisticated threats. So it’s important to supplement it with other security measures.
  • Even though Windows Defender does a good job, it can't protect you from everything. Therefore, it is important to be aware of the risks and take steps to protect your computer, such as using complex passwords and being careful about clicking on anything, especially email attachments and some tech support scam calls.
September 21, 2023

Easy and Reliable to Use

Verified User
Administrator in Information Technology
Higher Education Company, 201-500 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Auditing of All Endpoints and Events
  • Real-Time Protection
  • Configuration and Deployment of the Product
  • It evolves as threats do, but keeping up with threats is always a concern.
Return to navigation