We performed a comparison between Microsoft 365 Defender and Microsoft Defender for Endpoint based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Microsoft Defender for Endpoint comes out ahead of Microsoft 365 Defender. While both products provide real-time visibility of emerging threats and have convenient interfaces, Microsoft 365 Defender’s lack of compatibility with third-party products, as well as uneven support leave room for improvement.
"The product's initial setup phase is very easy."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"It is stable and scalable."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"The most valuable feature is the analysis, because of the beta structure."
"Microsoft Defender for Endpoint comes pre-installed in Microsoft Windows."
"Coming from an organization where the EDR wasn't strong, it has always been a case of basically searching through the information you already have and looking for something. It was basically trying to find the needle in a haystack. What the Defender platform does is that it reduces the size of the haystack, and it'll say that the needle is over here. Minutes matter, and it certainly zeros you in on the events that are concerning. It also simplifies the effort of trying to get some kind of correlation of behaviors or actions you see in the environment and confirming if something is benign or a threat."
"The best thing I like about it is its interaction with the other Defender products. It provides the ability to push telemetry up. It gives me endpoint visibility and allows me to take automated actions."
"Microsoft Defender for Endpoint has been secure and there is zero maintenance required because it updates with Microsoft Windows."
"There are a couple of features, such as isolating the devices or connecting the device and connecting live response."
"It comes included with the Windows license."
"It is a very advanced system based on AI. It has a very large database of places or sites on the internet where you should not go. It is continuously online."
"The antivirus features are very useful."
"The product is very easy to use."
"The solution is well integrated with applications. It is easy to maintain and administer."
"I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The most valuable feature is the network security."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"Making the portal mobile friendly would be helpful when I am out of office."
"The only minor concern is occasional interference with desired programs."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"Cannot be used on mobile devices with a secure connection."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"I would like to see integrations with other products, such as Spunk and other CM solutions. That would create possibilities for me, and for a SOC, to consolidate all events in an older console, not one provided by Microsoft but provided by a third party, and use it to create more insights."
"Threat intelligence has the potential for improvement, particularly by integrating more sources."
"It could be easier when it comes to managing exceptions."
"I would like to see improvement from a management perspective. We have had to depend on Intune for certain tasks."
"Cortex... has good investigation capabilities, out-of-the-box, in case there is an event that you'd like to investigate. It's quite convenient. Microsoft has those capabilities as well, but you need a bit more training on the product to get the basic information that you can get out-of-the-box with Cortex."
"The GUI is very complex and could be more user friendly."
"Features like device inventory continue to lack essential workstation drill-downs showing the entire device information with the least effort."
"Microsoft Defender for Endpoint does not offer default templates for alerts, requiring us to configure everything ourselves to avoid numerous false positives."
"Just like in any solution, the price can always be cheaper."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"The support could be more knowledgable to improve their offering."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 1st in Endpoint Detection and Response (EDR) with 182 reviews while Microsoft Defender XDR is ranked 7th in Endpoint Detection and Response (EDR) with 80 reviews. Microsoft Defender for Endpoint is rated 8.0, while Microsoft Defender XDR is rated 8.4. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, Cortex XDR by Palo Alto Networks, Trellix Endpoint Security and Fortinet FortiClient, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Cortex XDR by Palo Alto Networks. See our Microsoft Defender XDR vs. Microsoft Defender for Endpoint report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Microsoft Security Suite vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.