Microsoft Corporation

Microsoft Defender for Endpoint

Composite Score

8.5 /10

CX Score

8.8 /10

142 Reviews Write a Review

Claim Software

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. Defender for Endpoint customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.

Company Details

Need Assistance?

We're here to help you with understanding our reports and the data inside to help you make decisions.

Get Assistance

Microsoft Defender for Endpoint Ratings

Real user data aggregated to summarize the product performance and customer experience.
Download the entire Product Scorecard to access more information on Microsoft Defender for Endpoint.

Product scores listed below represent current data. This may be different from data contained in reports and awards, which express data as of their publication date.

86 Likeliness to Recommend

96 Plan to Renew

82 Satisfaction of Cost Relative to Value

1
Since last award

{y}

{name}

Emotional Footprint Overview

Product scores listed below represent current data. This may be different from data contained in reports and awards, which express data as of their publication date.

+87 Net Emotional Footprint

The emotional sentiment held by end users of the software based on their experience with the vendor. Responses are captured on an eight-point scale.

How much do users love Microsoft Defender for Endpoint?

6% Negative

4% Neutral

90% Positive

Pros

Respectful
Fair
Includes Product Enhancements
Helps Innovate

Feature Ratings

Average 78

Endpoint Detection and Response

Dynamic Malware Detection

Centralized Management Portal

System Hardening

Application Containment Mechanisms

Port and Device Control

Host NGFW Functionality

Ransomware Recovery and Removal

Automated Remediation

Kernel Monitoring

Cross Platform Integration

Vendor Capability Ratings

Average 79

Quality of Features

Ease of Implementation

Ease of Data Integration

Usability and Intuitiveness

Ease of IT Administration

Availability and Quality of Training

Business Value Created

Product Strategy and Rate of Improvement

Breadth of Features

Ease of Customization

Vendor Support

Also Featured in...

Endpoint Detection & Response

Score 8.6

View Microsoft Defender for Endpoint in this category (opens in a new tab)

Microsoft Defender for Endpoint Reviews

Arjan S.

Role: Information Technology
Industry: Technology
Involvement: IT Development, Integration, and Administration

Validated Review

Verified Reviewer

Submitted Mar 2024

Multiplatform Premium EDR Solution

Likeliness to Recommend

8 /10

What differentiates Microsoft Defender for Endpoint from other similar products?

The integration with the Microsoft XDR platform is great and becomes better over time. Seamless integration with Sentinel and easy of quering with the KQL langiuage

What is your favorite aspect of this product?

KQL language

What do you dislike most about this product?

deploying EDR on server platform

What recommendations would you give to someone considering this product?

start with a small poc, check for performance and detection quality ... built it out in rings from there

Pros

Continually Improving Product
Inspires Innovation
Includes Product Enhancements
Security Protects

Cons

Vendor Friendly Policies
Less Generous

SMARANIKA H.

Role: Information Technology
Industry: Technology
Involvement: Initial Implementation

Validated Review

Verified Reviewer

Submitted Feb 2024

Strong and comprehensive solution

Likeliness to Recommend

9 /10

What differentiates Microsoft Defender for Endpoint from other similar products?

Wide range of threat protection: Combines antivirus, anti-malware, endpoint detection and response (EDR), and vulnerability management capabilities to protect against various threats. Cloud-based delivery: Eliminates the need for on-premise infrastructure, simplifying deployment and management. Integration with Microsoft 365: Seamless integration with existing Microsoft 365 security tools for centralized management and enhanced threat detection. Machine learning: Leverages advanced machine learning and behavioral analysis to identify and block emerging threats.

What do you dislike most about this product?

Limited platform support: Primarily focuses on Windows devices, with limited native support for macOS and Linux. Potential for false positives: Advanced detection methods might occasionally generate false positives, requiring manual investigation. Customization limitations: While offering some configuration options, advanced users might desire more in-depth customization capabilities. Reporting complexity: Some users report challenges in generating detailed and customized reports. Vendor lock-in: Switching from Microsoft Defender to a different solution might be challenging due to its integration with other Microsoft 365 tools.

What recommendations would you give to someone considering this product?

Microsoft Defender for Endpoint is a strong and comprehensive solution for organizations primarily using Windows devices and invested in the Microsoft 365 ecosystem. Its cloud-based delivery, integration with other Microsoft security tools, and advanced threat detection capabilities make it a compelling option. However, consider the potential limitations for non-Windows platforms, false positives, and customization options before making a decision.

Pros

Helps Innovate
Continually Improving Product
Reliable
Enables Productivity

Engin Y.

Role: Information Technology
Industry: Banking
Involvement: IT Development, Integration, and Administration

Validated Review

Verified Reviewer

Submitted Jan 2024

You still need a different endpoint product.

Likeliness to Recommend

7 /10

What differentiates Microsoft Defender for Endpoint from other similar products?

Cost effective and easy to apply.

What is your favorite aspect of this product?

Cost effective and easy to apply.

What do you dislike most about this product?

It is quite unsuccessful compared to other products. It needs to improve a lot.

What recommendations would you give to someone considering this product?

We use it as a second product. We install it on non-critical systems that are not connected to critical systems.

Pros

Includes Product Enhancements
Enables Productivity
Friendly Negotiation
Respectful

Cons

Commodity Features
Slower Product Innovation
Under Delivered

Microsoft Defender for Endpoint

What is Microsoft Defender for Endpoint?

Company Details

Need Assistance?

Awards & Recognition

2025 Emotional Footprint Champion

2024 Data Quadrant Gold Medalist

Microsoft Defender for Endpoint Ratings

86 Likeliness to Recommend

96 Plan to Renew

82 Satisfaction of Cost Relative to Value

1 Since last award

Emotional Footprint Overview

+87 Net Emotional Footprint

How much do users love Microsoft Defender for Endpoint?

Pros

Feature Ratings Average rating of all product features, some of which may not be shown below

Endpoint Detection and Response Active threat detection that remediates against known and unknown malware and malicious activities, leveraging machine learning techniques.

Dynamic Malware Detection Heuristics are applied to files to identify similarities with known malware and block it.

Centralized Management Portal Includes multiple client management, push install capability, comprehensive policies for different groups, and active directory integration and synchronization.

System Hardening Automated vulnerability patching and vulnerability assessment.

Application Containment Mechanisms Includes cloud based protection, sandboxing, and local containerization.

Port and Device Control Includes USB encryption and endpoint data loss prevention.

Host NGFW Functionality Includes policy-based default-deny/whitelisting and application verification and trust (VPN/virtualization).

Ransomware Recovery and Removal Recover files removed and/or encrypted by ransomware.

Automated Remediation Automate remediation of alerts due to exceeding defined thresholds e.g. trigger scripts to address low disk space alerts.

Kernel Monitoring Monitoring of processes, memory, and system files at the OS level.

Cross Platform Integration Open API and net sec appliance integration with NGFW, SIEM, IPS/IDS, Automated Network Quarantining, DLP, Data Discovery, and Threat Intelligence.

Vendor Capability Ratings Average rating of all vendor capabilities, some of which may not be shown below

Quality of Features Feature quality is just as important as quantity. Use this data to determine if this product will do what you're purchasing it to do, easily, intuitively, reliably, and effectively.

Ease of Implementation Successfully implementing new software is necessary to realize its full value and promote end user adoption. This data indicates whether or not the product is easy to implement.

Ease of Data Integration Use this data to determine whether the product will cause headaches or make data integration easy.

Usability and Intuitiveness End user learning curves cost the organization money. Pay attention to your end users' technical ability to determine how important UX is in your purchase.

Ease of IT Administration This data indicates whether IT personnel will be able to resolve issues and perform configurations efficiently and effectively.

Availability and Quality of Training Effective and readily available training enables users to get the most out of the software you've chosen. Use this section to make sure your vendor's training programs and materials measure up.

Business Value Created Software needs to create value for employees, customers, partners, and, ultimately, shareholders. This data expresses user satisfaction - or lack thereof - with the product's business value.

Product Strategy and Rate of Improvement Vendors who don't stay on top of emerging needs and trends won't enable you to meet your business goals. Use this data to separate innovators from imposters.

Breadth of Features Users prefer feature rich software that enables them to perform diverse series of tasks. This data expresses user satisfaction with the product's breadth of features.

Ease of Customization Don't get bogged down in a difficult customization; use this data to make sure you can easily achieve the functionality you need for your particular situation.

Vendor Support The importance of vendor support will vary for each organization depending on internal capabilities, but there will always be issues that only the vendor can resolve.

Also Featured in...

Endpoint Detection & Response

Microsoft Defender for Endpoint Reviews

Arjan S.

Multiplatform Premium EDR Solution

Likeliness to Recommend

Pros

Cons

SMARANIKA H.

Strong and comprehensive solution

Likeliness to Recommend

Pros

Engin Y.

You still need a different endpoint product.

Likeliness to Recommend

Pros

Cons

Most Popular Microsoft Defender for Endpoint Comparisons

ThreatDown EDR

Sophos Endpoint

Acronis Cyber Protect Cloud

ESET Endpoint Security

Crowdstrike Falcon Platform

Webroot Business Endpoint Protection

1
Since last award

Feature Ratings

Endpoint Detection and Response

Dynamic Malware Detection

Centralized Management Portal

System Hardening

Application Containment Mechanisms

Port and Device Control

Host NGFW Functionality

Ransomware Recovery and Removal

Automated Remediation

Kernel Monitoring

Cross Platform Integration

Vendor Capability Ratings

Quality of Features

Ease of Implementation

Ease of Data Integration

Usability and Intuitiveness

Ease of IT Administration

Availability and Quality of Training

Business Value Created

Product Strategy and Rate of Improvement

Breadth of Features

Ease of Customization

Vendor Support