We performed a comparison between Microsoft 365 Defender and Microsoft Defender for Endpoint based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Microsoft Defender for Endpoint comes out ahead of Microsoft 365 Defender. While both products provide real-time visibility of emerging threats and have convenient interfaces, Microsoft 365 Defender’s lack of compatibility with third-party products, as well as uneven support leave room for improvement.
"I get alerts when scripts are detected in the environment."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"The stability is very good."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"The price is low and quite competitive with others."
"Forensics is a valuable feature of Fortinet FortiEDR."
"The product's initial setup phase is very easy."
"We have FortiEDR installed on all our systems. This protects them from any threats."
"It captures data through machine learning, which is built-in on the back-end. It also provides built-in analytics and a threat intelligence feature. It is a one-stop solution that doesn't require an antivirus because it comes prebuilt into Windows 10."
"The solution provides protections and reports about strange behavior and automatically blocks some of it. I love the way that statuses are represented."
"The visibility into threats that the solution provides is pretty awesome... This is something that makes me think, "Wow, okay. If I had my own organization, I would probably get this too." It stops the threat before an employee gets phished or something gets downloaded to their computer."
"It can reach our applications and PC activities in the cloud."
"The EDR feature is most valuable."
"The best part is that it is built into Windows, whether it is a server base or a desktop base, which gives more control over the operating system. Because Defender, the operating system, and the Office solution are by Microsoft, everything is working like hand-in-glove. Its administrative overhead is less because a desktop user has already got some experience of how to handle a Microsoft Defender notification or administer it."
"The comprehensiveness of Microsoft threat-protection products is great... Today, Microsoft Sentinel by itself is a leading Gartner SIEM tool. It has advantages over competitors because of the ability to integrate with Microsoft solutions and automate continuous monitoring of Microsoft AD and Office 365 data."
"The most valuable feature is its ability to effectively detect threats. It has the EDR feature, endpoint detection and response, and that is very good."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"Microsoft Defender XDR is scalable."
"Intelligence aspects need improvement"
"Detections could be improved."
"The solution should address emerging threats like SQL injection."
"FortiEDR can be improved by providing more detailed reporting."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"The only minor concern is occasional interference with desired programs."
"We'd like to see more one-to-one product presentations for the distribution channels."
"At times, the other antivirus products are now doing AI, in terms of understanding the behavior of the system and determining when there's an anomaly. This is something that Defender can improve on."
"The GUI is very complex and could be more user friendly."
"There are some areas in the proactive threats that are just overwhelming the SOC, so we've had to turn those off until we can figure out how to filter out the false positives."
"The solution could be more friendly for end-users, with different type of scans or scheduled scans for it."
"Its interface can be improved a little bit. We would like to have some sort of centralization. It should have something like a central server that is managing all the other clients. There are solutions from Kaspersky or ESET NOD32 that are really doing this kind of thing currently. We would like to see something similar from Microsoft."
"Microsoft Windows Defender doesn't have a game mode."
"This solution is not secure, which is why I have moved to Linux."
"It is using a large space in your memory all the time. While an antivirus will use some of your memory, if they could reduce the load of the antivirus to some extent that would be good."
"The solution does not offer a unified response and standard data."
"Intrusion detection and prevention would be great to have with 365 Defender."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 1st in Endpoint Detection and Response (EDR) with 182 reviews while Microsoft Defender XDR is ranked 7th in Endpoint Detection and Response (EDR) with 80 reviews. Microsoft Defender for Endpoint is rated 8.0, while Microsoft Defender XDR is rated 8.4. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, Cortex XDR by Palo Alto Networks, Trellix Endpoint Security and Fortinet FortiClient, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Cortex XDR by Palo Alto Networks. See our Microsoft Defender XDR vs. Microsoft Defender for Endpoint report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Microsoft Security Suite vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.