We performed a comparison between Microsoft Defender for Endpoint and Microsoft Defender for Cloud based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Microsoft Defender for Endpoint comes out ahead of Microsoft Defender for Cloud. While both products have comprehensive features, Microsoft Defender for Cloud’s dashboards may not integrate easily with other enterprise dashboards.
"The technical support is very good."
"With respect to improving our security posture, it helps us to understand where we are in terms of compliance. We can easily know when we are below the standard because of the scores it calculates."
"Defender lets you orchestrate the roll-out from a single pane. Using the Azure portal, you can roll it out over all the servers covered by the entire subscription."
"We saw improvement from a regulatory compliance perspective due to having a single dashboard."
"The most valuable features of this solution are the vulnerability assessments and the glossary of compliance."
"Defender for Cloud is a plug-and-play solution that provides continuous posture management once enabled."
"One of the features that I like about the solution is it is both a hybrid cloud and also multi-cloud. We never know what company we're going to buy, and therefore we are ready to go. If they have GCP or AWS, we have support for that as well. It offers a single-panel blast across multiple clouds."
"DSPM is the most valuable feature."
"The best feature is the fact that for certain mobiles you can control your corporate profiles versus your personal profiles. That is amazingly important. Apple just supported the separation of corporate and personal profiles, whereas Android has been doing that for quite some time... Because Android supports that, if an Android phone is lost or stolen, I can wipe out all the corporate-related information from that phone and not touch the personal side. I can separate the apps and I can separate the ability to cut and paste between apps."
"The most valuable feature of Microsoft Defender for Endpoint is that it is embedded into the Windows system. Additionally, the performance is good and simple to maintain."
"The most valuable feature is that it comes with the package, so there is no additional installation of third-party software. It's also easy to use."
"We have just started to implement it. It is useful for protection from malware and ransomware."
"I like the process visibility. This ability to visualize how something was executed is valuable, and the fact that Defender ATP is also linked to the threat intelligence that they have is also valuable. So, even if you have something that doesn't have a conventional signature, the fact that you get this strange execution means that you can detect things that are normally not visible."
"Defender for Endpoint is a robust solution that works well out-of-the-box."
"It is a very advanced system based on AI. It has a very large database of places or sites on the internet where you should not go. It is continuously online."
"The most valuable feature is that we can use the solution right out of the box without too much configuration."
"After getting a recommendation, it takes time for the solution to refresh properly to show that the problem has been eliminated."
"I would suggest building a single product that addresses endpoint server protection, attack surface, and everything else in one solution. That is the main disadvantage with the product. If we are incorporating some features, we end up in a situation where this solution is for the server, and that one is for the client, or this is for identity, and that is for our application. They're not bundling it. Commercially, we can charge for different licenses, but on the implementation side, it's tough to help our end-customer understand which product they're getting."
"The product was a bit complex to set up earlier, however, it is a bit streamlined now."
"It needs to be simplified and made more user-friendly for a non-technical person."
"I would like to see better automation when it comes to pushing out security features to the recommendations, and better documentation on the step-by-step procedures for enabling certain features."
"There is no perfect product in the world and there are always features that can be added."
"Consistency is the area where the most improvement is needed. For example, there are some areas where the UI is not uniform across the board."
"Azure is a complex solution. You have so many moving parts."
"Features like device inventory continue to lack essential workstation drill-downs showing the entire device information with the least effort."
"The solution could always be more secure."
"They should bring back the feature of a dedicated proxy device for communication to the cloud. As of now, all the agents are required to send the logs directly to the cloud. There should be a solution where you can put a proxy and all the logs are consolidated, like a forwarder."
"Where we stand right now, compared to other products that are there in the market, they still have to work on their threat intelligence and the overall maturity of detecting the malware."
"Something that is unique to Microsoft is its licensing model. When you go out and you buy McAfee or Symantec, you know what you're getting out of the box, but with Microsoft, often, when you're looking to achieve a certain set of capabilities, those capabilities are spread across different products. You might try to do something you could do with CrowdStrike, but then find out that you also need to purchase Microsoft Defender for Identity or Microsoft Defender for Azure. You realize that when they talk about what they can offer within the Microsoft platform, it's really the suite of investments. So, sometimes, you may find yourself buying Defender for Endpoint thinking that it matches CrowdStrike, but then you find that Microsoft really needs to sell you something else. One plus one will equal three, but when you have a very concise platform, such as CrowdStrike, you know what you're going to get."
"The management console is something that can be improved."
"I wish they would extend the use of the Security Central portal, even for the free option of Defender. Because, as companies grow, it is labor intensive to manage the AV and detection part of it. For companies already subscribed to Office 365, I think this would be a good enhancement."
"I want Microsoft Defender to have the ability to deal with some issues automatically, so I don't need to address that issue manually."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Cloud is ranked 2nd in Microsoft Security Suite with 46 reviews while Microsoft Defender for Endpoint is ranked 5th in Microsoft Security Suite with 182 reviews. Microsoft Defender for Cloud is rated 8.0, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". Microsoft Defender for Cloud is most compared with AWS GuardDuty, Prisma Cloud by Palo Alto Networks, Microsoft Defender XDR, Wiz and Microsoft Sentinel, whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, CrowdStrike Falcon and Kaspersky Endpoint Security for Business. See our Microsoft Defender for Cloud vs. Microsoft Defender for Endpoint report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.