Microsoft Defender for Endpoint

Microsoft Defender for Endpoint
Formerly Microsoft Defender ATP

Score 8.8 out of 10
Microsoft Defender for Endpoint

Overview

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation...
Read more

Recent Reviews

Read all reviews

Popular Features

View all 7 features
  • Centralized Management (6)
    9.6
    96%
  • Endpoint Detection and Response (EDR) (6)
    9.6
    96%
  • Anti-Exploit Technology (6)
    9.3
    93%
  • Infection Remediation (6)
    9.3
    93%

Reviewer Pros & Cons

View all pros & cons
AM
Ali Marandi
Senior Manager-Cyber Security
Brookfield Renewable (Environmental Services, 1001-5000 employees)

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Microsoft Defender for Endpoint, and make your voice heard!

Record a review
Return to navigation

Pricing

View all pricing

Academic

$2.50

On Premise
per user/per month

Standalone

$5.20

On Premise
per user/per month

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services
Return to navigation

Product Demos

Microsoft Defender for Endpoint
02:21
Return to navigation

Features

Endpoint Security

Endpoint security software protects enterprise connected devices from malware and cyber attacks.

9.5Avg 8.7
Return to navigation

Product Details

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.

Microsoft Defender for Endpoint Video

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint Technical Details

Deployment TypesOn-premise
Operating SystemsWindows
Mobile ApplicationNo

Frequently Asked Questions

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.

Reviewers rate Endpoint Detection and Response (EDR) and Centralized Management and Vulnerability Management highest, with a score of 9.6.

The most common users of Microsoft Defender for Endpoint are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

 (68)

Attribute Ratings

Reviews

(1-5 of 5)
Popular Filters
Companies can't remove reviews or game the system. Here's why
October 20, 2021

Holistic approach to Cybersecurity

Joe Aldeguer | TrustRadius Reviewer
Joe Aldeguer
IT Director
Society of American Florists (Non-profit Organization Management, 11-50 employees)
Score 10 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
MDE is Microsoft's latest cybersecurity tool which takes a holistic approach to protect my organization from known and zero-day threats. I love the fact that I don't need to stitch together a diverse solution to increase my organization's security posture. I only have to use one login to manage my dashboard. MDE is compatible with all endpoints in my organization. I have macOS, iOS, Windows server, Windows 10, and Ubuntu Linux on-boarded. It is an EDR, XDR that is mapped against the MITRE ATT&CK framework.
Pros and Cons
  • Compatible with macOS, iOS, Android, Windows Server, Windows 10 and Linux
  • It runs natively on Windows it is not a bolted on solution. Once you have the correct license it is easy enough to light up the application to protect the endpoint
  • Integrated with Microsoft Intune
  • It is designed to detect and remediate adversary tactics from the MITRE knowledge base.
  • Microsoft analyzes billions of signals daily to detect attacks against O365 tenants these same signals are fed into ML to further fine-tune MDE. How many other solutions out there will have access to this vast amount of data to analyze to train their ML?
  • Automated detection and remediation of threats with a graphical timeline view of how the treat got into the device and was stopped
  • It has its own vulnerability scanner to feed data into the dashboard so you can see daily which endpoints need to be patch first based on its value
  • It comes with an advanced hunting tool using the kusto query language to search your tenant for threats
  • It can keep 180 days of log data
  • From one bundled license I can protect Exchange online email, Sharepoint, Microsoft Teams, One Drive, Azure identities, AD, endpoints
  • Web filtering on the macOS it not available yet
  • They recently made it easier to on-board macOS endpoints using Microsoft Intune by deploying it as an app. It used to take a lot of more configuration profiles to set up. For older macOS Sierra using the older extensions it will still require the multiple steps to on-board to MDE
  • They need to integrate Microsoft Cloud app into the new dashboard of MDE
  • Reduce the memory overhead of the mdatp agent running on Linux
Likelihood to Recommend
Small or large organizations will benefit from using MDE. They need to provide a way to buy MDE as a standalone add-on product not only make it a bundled feature in Microsoft 365 E5. I wish it had the ability to deploy updates to 3rd party apps when the vulnerability scanner discovers a vulnerability. Currently, I have to use a 3rd party tool to address this gap.
Most Important Features
  • Holistic cybersecurity tool
  • Compatibility with all of my OS
  • It is like having my own SOC for my small organization
Microsoft Defender for Endpoint Feature Ratings
Endpoint Security (7)
100%
10.0
Anti-Exploit Technology
100%
10.0
Endpoint Detection and Response (EDR)
100%
10.0
Centralized Management
100%
10.0
Hybrid Deployment Support
100%
10.0
Infection Remediation
100%
10.0
Vulnerability Management
100%
10.0
Malware Detection
100%
10.0
Return on Investment
  • You will have to move up to Microsoft 365 E5
  • You can get rid of other 3rd party security tools and just use the Microsoft ecosystem
Alternatives Considered
MDE is a complete solution from one vendor.
Products Replaced
Yes
I was using Avast Business edition to protect my macOS endpoints. I decided to go with Microsoft Defender for Endpoint to get deeper protection. I don't like the idea of having to log in to different portals to manage my endpoint protection.
Key Differentiators
  • Product Features
  • Product Reputation
The cross-platform solution providing protection to all of the operating systems we used at work.
Support Rating
9
The first time I tried to onboard my macOS endpoints to MDE I struggled for quite a bit. I had to reach out to Microsoft's MDE support team. The tech was very helpful in walking me through the steps during a screen share session.
Premium Support
No. Tech support through phone or email comes with Microsoft 365 E5 license.
Bug Resolution
No
January 18, 2020

Microsoft Defender ATP offers a great alternative to traditional, and even cloud-based AV.

Verified User
Technician in Information Technology
Education Management Company, 51-200 employees
Score 10 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
We use Microsoft Defender ATP to get visibility into systems, as well as provide antivirus protection for our Microsoft 365 resources. We currently have it set up for just our IT department and a select few users as we consider transitioning our entire organization away from our current, more traditional Antivirus to something like ATP.
Pros and Cons
  • Visibility: It's great to be able to see what KBs are missing, etc.
  • Lightweight AV protection built on the already included Windows Defender Application
  • Deployment: We've had some issues deploying, especially outside of the Windows environment.
  • Offboarding: There is currently no way to delete a computer. They disappear over time. We even renamed a computer, and it kept both the old and new name in there. Eventually, the older machines do go away, but there is no manual way to do this at the moment.
Likelihood to Recommend
Microsoft Defender Advanced Threat Protection is the perfect solution for a company that is completely invested in a Microsoft environment. We have Windows 10 machines joining our Azure Active Directory. We use Exchange Online for emails, and it feels like Defender ATP gives you visibility into each and every corner of our environment. It's super lightweight and fairly easy to deploy (though we had some isolated difficulties), and end users seem to not notice it, which is, in my opinion, a very positive thing.

Where it may not be great is in mixed-OS environments. It requires a bit of determination to get ATP installed on OSX or Linux. While these platforms do get fewer viruses in general, it's good to have the layer of visibility and security for web and browser based threats.
Microsoft Defender for Endpoint Feature Ratings
Endpoint Security (7)
80%
8.0
Anti-Exploit Technology
90%
9.0
Endpoint Detection and Response (EDR)
90%
9.0
Centralized Management
100%
10.0
Hybrid Deployment Support
30%
3.0
Infection Remediation
80%
8.0
Vulnerability Management
80%
8.0
Malware Detection
90%
9.0
Return on Investment
  • It's less expensive than our previous AV, which was a bit more traditional and included a support suite of apps.
  • It's prevented viruses, which in turn increased production.
Alternatives Considered
Panda Adaptive Defense, in combination with Panda Systems Management, was a pretty big and powerful suite of AV software. However, the AV is pretty traditional, all things considered. ATP will always have a slight advantage due to its ability to seamlessly integrate with the Windows OS.

We also used to use Kaseya to get visibility on stuff like patches, etc. To be honest, most of the data we can get from ATP is sufficient, and another product like that, or Panda Systems Management, seems so close to redundant, bar one or two small features.
Support Rating
9
Every time I've had a question or a problem, I was able to get it addressed quickly. Microsoft has a huge database for ATP support, and it has contained 90% of what I have looked for. It was a lifesaver during initial setup.
Other Software Used
January 14, 2020

Microsoft Defender Review

TP
Tanish Pruthi
Marketing Associate
Mercer-Mettl (Information Technology and Services, 501-1000 employees)
Score 7 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Microsoft Defender is being used across our organization by all the departments. The major reason why we are using the software is, of course, data protection. In this day and age, when data has become such a valuable asset, one needs to keep their data safe from hackers or rival companies.
Pros and Cons
  • One of the undeniable strengths of Windows Defender is that it is free. It already comes packaged with Windows. You don't have to install separately or pay extra for the excellent kind of protection it provides.
  • Unlike all the other anti-virus software out there, the service is very light on the system and one doesn't even get to know when a background check is going on in the background. I never had to open the application to run scans. It automatically keeps running in the background and informs if anything fishy is going on in the background.
  • When it comes to the latest threats and malware, it is not the most updated antivirus software in the market. It can always benefit from quick virus definition updates.
  • It is not a complex antivirus solution when it comes to its feature sets. People who are finicky about each and every feature will be a little disappointed with the lack of options/settings available to configure the antivirus.
Likelihood to Recommend
In my opinion, It is well suited for small start-ups and entrepreneurs who have just started doing business. But when the amount of client data that you hold increases, you should not completely rely on Windows Defender. Another paid antivirus will definitely be recommended. But, I think they have really stepped up their game recently in terms of updating the software and virus definitions.
Microsoft Defender for Endpoint Feature Ratings
Endpoint Security (7)
81.42857142857142%
8.1
Anti-Exploit Technology
70%
7.0
Endpoint Detection and Response (EDR)
80%
8.0
Centralized Management
70%
7.0
Hybrid Deployment Support
90%
9.0
Infection Remediation
80%
8.0
Vulnerability Management
90%
9.0
Malware Detection
90%
9.0
Return on Investment
  • There is definitely a piece of mind provided when you know that your system will not get compromised because of malware and viruses.
  • The fact that I don't have to spend money in the first place means that I can spend money on other more important things that do require it.
Support Rating
7
I gave it a 7 out of 10 as I feel that there is still a lot of room for improvement. I remember how back in the day the software was looked down upon because of it being an unreliable and inefficient antivirus. But, Microsoft has really put in the hard work and made it worthy for it to be comparable to all the other security services out there.
October 30, 2019

Great AV solution that's low on system resources!

Verified User
C-Level Executive in Information Technology
Media Production Company, 51-200 employees
Score 8 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
We use MS Defender ATP on all of our systems. It uses low resources compared to other AV providers and full integration into Windows OS. You don't experience the breakage that happens when you have a 3rd part AV providers when there are feature roll-up updates and hotfixes issued by Microsoft. Also is MS ATP is competitive compared to 3rd part AV providers.
Pros and Cons
  • It does not take up a lot of system resources, unlike other 3rd part AV providers.
  • Integrated into the MS product line without having to touch it too much, unlike 3rd part AV providers.
  • Easy to set-up and manage endpoints.
  • It does not break Windows OS like 3rd party AV providers whenever a patch or roll updated is deployed.
  • Detection rates are less than some of the competitors out there.
  • Too many false positives with 3rd part applications.
  • For smaller deployments can get expensive compared to competitors.
Likelihood to Recommend
MS ATP is great for any organization that wants to protect itself from AV, malware, spyware, and ransomware threats. I can't imagine any organization doing without an AV protection provider. Small deployment can get expensive compared to the competition.
Microsoft Defender for Endpoint Feature Ratings
Endpoint Security (7)
84.28571428571429%
8.4
Anti-Exploit Technology
80%
8.0
Endpoint Detection and Response (EDR)
80%
8.0
Centralized Management
100%
10.0
Hybrid Deployment Support
90%
9.0
Infection Remediation
80%
8.0
Vulnerability Management
90%
9.0
Malware Detection
70%
7.0
Return on Investment
  • The ROI on MS ATP has paid for itself as soon as it was deployed and caught and prevented virus and malware threats which saved our IT staff time and money.
  • Since MS ATP is low on system resources it enables us to stretch out hardware an additional year.
  • If you require stability in your business operations MS ATP is a must.
Alternatives Considered
MS ATP is lower on system resources and enables us to stretch out our endpoint hardware for an additional year. Also, MS ATP being an MS product fits in very nicely into MS remote management software and MS operating system. We have had little to no issues when hotfixes and roll updates are deployed, unlike 3rd party AV providers that we had experience with in the past.
Support Rating
8
MS ATP has great integration into the MS Product line but some 3rd party application throws false-positive results. For smaller deployments, MS ATP can be expensive compared to 3rd party providers. But overall the performance and detection have been great with MS ATP.
Other Software Used
October 01, 2019

A really good all-in-one antivirus/malware/threat product

Verified User
Supervisor in Information Technology
Education Management Company, 1001-5000 employees
Score 8 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
This is the main threat protection software being used all across the University. It is used to monitor threats/viruses/malware, etc. that occur on users machines. It is pre-configured on all computers that connect to the network. This ensures that users don't really need to worry about installing threat protection software on their individual computers, or worry about configuring settings.

It address the business problem of helping to protect every computer that connects to the network, or that connects to the domain. All policies/settings get pushed down to the clients that are installed on the individual machines. There doesn't need to be user interaction to get this done
Pros and Cons
  • It is great at proactively monitoring threats across the network. It works seamlessly with the client to monitor individual user computers, and it has a good real-time scanning engine.
  • On the client side, Windows Defender doesn't require a whole lot of system resources to run, nor will it create unnessary slowdowns of a computer, even while scanning for threats
  • We've noticed one issue with the SmartScreen filter settings on the client and trying to install programs. If the Administrator sets the setting to Block on the server side, then this might interfere with some programs trying to get installed on the client side. Microsoft should look into this issue, and maybe offer more sub-settings for the Block option
  • Noticed that Windows Defender will occassionally do a system scan on a client during business hours, even though on the server side, scans are set for the middle of the night. This does not occur on all endpoints, or at all times, but tends to be random
Likelihood to Recommend
It would be well suited in an environment where most all your endpoints are Windows-based computers, as Windows Defender is already built into the operating system, so there is no client to have to worry about installing. It also will make the management of endpoints easier on the server side, if most all machines are Windows-based.

It might be less of ideal solution if a company/organization were looking for something more robust, or had a lot more features/configuration settings. It also might be less ideal for a company/organization that was looking for a product that didn't have a high detection rate of false positives
Microsoft Defender for Endpoint Feature Ratings
Endpoint Security
N/A
N/A
Return on Investment
  • A positive impact has been to increase productivity for IT staff, as it saves them time from having to install/configure clients on every endpoint.
  • Another positive impact has been on the user/client side, as it helps the user to increase their productivity with working on their computer, as the Windows Defender client uses little resources to run on the system, and has a tendecy to not slowdown systems
Alternatives Considered
As compared to some of the other products we have used in our organization over the years, Windows Defender has been a lot better at not using a lot of system resources when running on the clients. A lot of other commercial threat protection products on the market today, tend to use more system resources while running on a client, and can even slowdown users computers to the point that it would be hard for them to utilize for other things, especially while system scans are running.

Antivirus/malware detection rates have improved a lot over the years with Windows Defender. It used to be they fell behind in detection rates, but not so anymore. The big thing that must be approved upon is the detection of false positives, which other products may have an edge over them in this regard
Support Rating
8
Overall support is really good for this product. Since it's a Microsoft product, you will get good support from a number of different resources, including knowledgebase articles on the web, support from Microsoft technicians, and documentation (which tends to very thorough). Also, there is a vast user support community for this product, so user support forums would also be another valuable channel to get help if needed. I don't envision too many people will have issues/problems with the product, as it tends to run good overall.
Other Software Used
Microsoft Office 365, Qualys Cloud Platform (formerly Qualysguard), Skype for Business (formerly Lync), Microsoft Teams, Microsoft System Center Configuration Manager, OneDrive, Oracle VM VirtualBox, RescueAssist, Windows Server, Microsoft Project, WordPress, Freshdesk, BMC Track-It!
Return to navigation