Microsoft Defender for Endpoint Overview

Microsoft Defender for Endpoint is the #2 ranked solution in our list of top Anti-Malware Tools. It is most often compared to Symantec End-User Endpoint Security: Microsoft Defender for Endpoint vs Symantec End-User Endpoint Security

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint is a complete endpoint security solution that delivers preventative protection, post-breach detection, automated investigation, and response. With Defender for Endpoint, you have: 

Agentless, cloud powered - No additional deployment or infrastructure. No delays or update compatibility issues. Always up to date. 

Unparalleled optics - Built on the industry’s deepest insight into Windows threats and shared signals across devices, identities, and information. 

Automated security - Take your security to a new level by going from alert to remediation in minutes—at scale. 

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security and Compliance Community.

Microsoft Defender for Endpoint is also known as Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, MS Defender for Endpoint, MS Defender for Endpoint, Microsoft Defender Antivirus.

Microsoft Defender for Endpoint Buyer's Guide

Download the Microsoft Defender for Endpoint Buyer's Guide including reviews and more. Updated: July 2021

Microsoft Defender for Endpoint Customers

Petrofrac, Metro CSG, Christus Health

Microsoft Defender for Endpoint Video

Pricing Advice

What users are saying about Microsoft Defender for Endpoint pricing:
  • "Licenses depend upon what you are looking for and what kind of security do you want to implement. There are costs in addition to the standard licensing fees. When we used to buy Symantec, we used to spend on 100 licenses. We used to spend approximately $2,700 for those many licenses, and they came in packs. To add one more license, I had to buy a pack with a minimum of 10 licenses. I had to spend on nine extra licenses because I can't get a single license, whereas when we go for Microsoft, we can get as many licenses as we want. If I have 100 users today, and tomorrow, I have 90 users, I can release my 10 licenses next month. With any other software vendor, you buy licenses for one year, and you have to stick with that. If today you have 100 licenses, and tomorrow, you have 50, you have already paid for one year's license. You can't go back and tell them that I don't require these 50 licenses because I have lost my 50 users, but with Microsoft Defender, licensing is on a monthly basis. It gives you both options. You can go yearly and save on it, or you can go monthly. You will, again, save on it. It is very fair everywhere."
  • "As we operate in the educational sector, we are eligible for an educational discount."
  • "You don't need to worry about the renewal and purchase of antivirus products. It is bundled with Windows 10, so you don't need to worry about separately purchasing any antiviruses."
  • "We have an enterprise agreement so from my perspective, this is a product that ships with Windows and it is not priced standalone."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
BS
Systems Manager at SAI Systems
Real User
Reduces admin overhead and allows us to define and roll out policies from a central console

What is our primary use case?

It comes inbuilt with Windows Server and Windows 10, so we are using its latest version. It is deployed centrally on all the platforms, whether it is a virtual environment, a BYOD device, or an office device. It is deployed everywhere. All of our users are on Office 365. By default, every user is getting Office 365, and we are also incorporating this into data leak prevention. We have also enabled Azure Active Directory, so policies are deployed directly from our active directory.

Pros and Cons

  • "The best part is that it is built into Windows, whether it is a server base or a desktop base, which gives more control over the operating system. Because Defender, the operating system, and the Office solution are by Microsoft, everything is working like hand-in-glove. Its administrative overhead is less because a desktop user has already got some experience of how to handle a Microsoft Defender notification or administer it."
  • "Its user interface (UI) can be improved. Currently, in the console, you have to dig down for certain things. They've got many different layers to get to things instead of having it all on the surface. You have to go three folds lower to get to specific functionality or click a particular option. It would be good if we can manage the console through menus and instead of three clicks, we can do things in one click. They need to change the UI and work on it in terms of a better user experience."

What other advice do I have?

My advice is, "Try it, and you will love it." If you go for any other product, you will have to manage everything separately, which becomes an overhead. You will have a separate console, separate licensing, and a separate vendor. You will also get a piece of software that is going to have a layer in between the operating system and your applications, whereas Defender incorporates itself onto the layer where the operating system is sitting. So, you don't tax your resources to manage a product that is already incorporated into all systems. Everybody knows how to use Windows and Defender, so the…
FB
Head of IT at a manufacturing company with 51-200 employees
Real User
Provides users protection without impacting their experience

What is our primary use case?

It is the end defense against anything coming into our computers and through other channels, e.g., we have some other measures. A lot of our users use Microsoft Remote Desktop Services, so all our servers are locked down. The solution handles what nothing else finds along the way. It is a standard endpoint for computers, servers, and tablets.

Pros and Cons

  • "Microsoft Defender is always running. It is doing its job, so it is fine. I don't have any issues with the way it was implemented or how we are running it. We have been upgrading IT throughout the years, but there have been no issues."
  • "From an audit point of view, our auditors would like to have more reports on how things are used, if things go wrong, and how they went wrong. For example, if something got a warning, "Why?" So, we would like more versatility for tracing and reporting. That would improve the product, as long as the user interface doesn't get bogged down."

What other advice do I have?

Go for it. It is a standard solution. If you use Windows, you might as well go for Defender. With this solution, you have your normal dependencies within Microsoft. This means that you don't have to talk to another company; you talk directly to Microsoft. Some people might go for something else, and that is fine too. However, depending on how big your company is, if you are a small or medium business, you may want to have as many eggs in one basket to have fewer points of contacts. It is a good endpoint. All the administration is handed over to our outsource partner. So far, it has been good…
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
521,637 professionals have used our research since 2012.
Joerg Aulenbach
IT Administrator at DM-Drogerie Markt
Real User
Top 20
A seamless solution for Windows with good reporting and performance

What is our primary use case?

We are one of the major drug stores in Germany. We are located in 13 European countries such as Austria, Bulgaria, Czech Republic, and Poland. I'm working here as an IT Administrator, and I'm focusing on software deployment and antivirus solutions. Our use case is that we got to have antivirus. Cyber insurance forces us to have an antivirus solution that meets the requirements the insurance has. In terms of deployment, we're using Defender without ATP in the old world. For domain-joined clients and on the Intune-managed clients, we use Defender in combination with ATP. The on-prem clients are… more »

Pros and Cons

  • "The whole bundle of the product, which is similar to other Microsoft products, is valuable. Ten years ago, you had third-party stuff for different things. You had one solution for email archiving and another third-party one for something else. Nowadays, Microsoft Office covers all the stuff that was formerly covered by third-party solutions. It is the same with antivirus. The functionality is just basic. You have the scanning, and then you also have a kind of cloud-based protection and reporting about your environment. With Microsoft Security Center, you have a complete overview of your environment. You know the software inventory, and you have security recommendations. You can not only see that the antivirus is up to date; you can also see where are the vulnerabilities in your system. Microsoft Security Center tells you where you have old, deprecated software and what kind of CVEs are addressed. It's really cool stuff."
  • "We encountered some misbehavior between Microsoft Office Suite and Defender. We had issues of old macros being blocked and some stuff going around the usage of Win32 APIs. There is some improvement between the Office products and Defender, and there is a bunch of stuff that you can configure in your antivirus solutions, but you have several baselines, such as security baselines for Edge, security baselines for Defender, and security baselines for MDM. You have configuration profiles as well. So, there a lot of parts where we can configure our antivirus solution, and we're getting conflicting configurations. This is the major part with which we're struggling in this solution. We are having calls and calls with Microsoft for getting rid of all configuration conflicts that we have. That's really the part that needs to be improved."

What other advice do I have?

In terms of the end-user experience, end-users don't like to be bothered with the virus scan. A virus scan is always annoying for the end-user. An end-user cannot actually configure the antivirus and only gets a notification if something is wrong or some malware is found. That's it. There is not really an end-user experience. The performance of the client is fine with Defender. We are not encountering many performance issues or any serious issues with Defender. When we turned over to Defender, some of the applications that were functioning absolutely flawlessly with McAfee started to have…
MD
Azure Engineer at a tech services company with 51-200 employees
Real User
Integrates well with Microsoft technologies, but needs direct integration for USB control

What is our primary use case?

Our clients use it for antivirus and anti-malware purposes.

Pros and Cons

  • "It depends on the licensing. Most of the customers have got at least a 365 E3 license, and they can use most of the features of Windows 10 Defender. So, anyone who has got an enterprise license can start using those features. Some of the customers have got E5 licenses, and they can use all advanced features. Customers with E5 licenses use the advanced site protection (ATP) features and web content filtering without going via a proxy, which gives the benefit of replacing the proxy. They can get the benefit of MCAS and integration with Intune and the endpoint manager. It is a kind of single platform for all 365 technologies. It helps customers in managing everything through a unified portal."
  • "I would like Microsoft to have some kind of direct integration for USB controls. They have GPO and other controls to control the access of the USB drives on devices, but if there is something that can be directly implemented into the portal, it would be good. There should be a way to control via a cloud portal or something like that in a dynamic way. USB control for data exfiltration would be a good feature to implement. Currently, there are ways to do it, but it involves too many different things. You have to implement it via GPOs and other stuff, and then you move or copy those big files via Defender ATP. If there is a simple way of implementing those features, it would be great."

What other advice do I have?

I would definitely recommend others to go with Defender ATP if they have got the licenses because it can give them a wide range of security controls. It is integrated with Office portals and Microsoft monitoring systems, so they get the sensors from different places. We haven't come across any security threats yet. From the point of view of its theory, implementation, and architecture, Defender ATP and other ATP integrations would definitely help customers in controlling their organization and implementing the best security rules and policies. It hasn't affected the user experience much for…
Nirav Kumar
Cyber Security Specialist at a healthcare company with 10,001+ employees
Real User
Top 20
Automated Investigation and Response reduces workload of our SOC analysts, but lacks integration customization

What is our primary use case?

We use it for endpoint detection and response. The agent is installed on the endpoint, on the laptop or desktop, but it's a SaaS solution.

Pros and Cons

  • "One of the features which differentiates it from other EDR providers is the Automated Investigation and Response, which reduces the workload of SOC analysts or engineers. They don't have to manually investigate each and every alert on the endpoint, since it does so automatically. And you can automate the investigation part."
  • "Other vendors provide a lot of customization when it comes to integration, which every big organization requires. No big organization depends on one particular tool. Defender lacks that at this point."

What other advice do I have?

Defender for Endpoint is marketed as an endpoint detection and response tool, but for others who are looking at onboarding it, they should take it as a holistic tool that provides AV, EDR, and vulnerability management all in one. However, it does not provide very good integration with third parties.
RA
Assistant Manager IT at a educational organization with 1,001-5,000 employees
Real User
Good performance, reliable, and offers effective ransomware protection

What is our primary use case?

We use Microsoft Defender Antivirus to scan for malicious payloads that may come in files, emails, a USB drive, or another type of external drive. It helps us to identify any malicious load that could compromise the security of any of our systems. We are in a decentralized environment. We have multiple offices but they are not connected physically. The offices are directly managed from the internet. We have a mixed environment with Linux and Windows machines. We operate in the educational sector.

Pros and Cons

  • "The most valuable feature is ransomware protection, which can detect malicious activity from IPs or a malicious payload in DLLs, or other things that can corrupt the system."
  • "The file scanning has room for improvement. Many people use macros within their files, so there should be a mechanism that helps us to scan them for malicious payloads."

What other advice do I have?

Since we started using this product, we have not had any breaches. When we were using the products by McAfee and Symantec, there were issues with viruses and malicious payloads. Now, it is better because we haven't had any major issues with the systems. My advice for anybody who is implementing this product is to let the IT staff manage it, and not allow end-users to configure it or modify their own settings. I would rate this solution an eight out of ten.
Devanand PR
IT Support Executive at a healthcare company with 51-200 employees
Real User
Top 5Leaderboard
No need to purchase an additional solution because it comes bundled with Windows 10

What is our primary use case?

It is an antivirus. It is like any other antivirus, except it comes with Windows and you don't need to install anything extra.

Pros and Cons

  • "It is already integrated with Windows 10, so you don't need to worry about that."
  • "It is using a large space in your memory all the time. While an antivirus will use some of your memory, if they could reduce the load of the antivirus to some extent that would be good."

What other advice do I have?

If your computers or users are limited and you are not worried about using your computers for a lot of other browsing purposes or a lot of communication from the public, then you can depend on Microsoft Defender as your only solution. However, when your company is a lot more public facing, then you get a lot of mail from the public and must interact with the public. Also, if you must connect your computer to other computers not in your company, then I would suggest going for either a top-of-the line antivirus solution or third-party solutions. Totally depending on Microsoft Defender is not…
Oriyomi Fowler
Head, Information Security & Network Operations at a consumer goods company with 10,001+ employees
Real User
Top 20
Nice interface and good reporting, but the alerts need to be more timely

What is our primary use case?

We combine Microsoft Defender with Advanced Threat Protection to manage, isolate, and scan our laptops and workstations for security threats. We have a dashboard that is embedded into Office 365 and it allows us to remotely scan for viruses and malware, so we don’t have to have the laptop present.

Pros and Cons

  • "This is not an inventory solution, but it helps you take count of how many workstations you have, as well as what software is installed on each of them."
  • "Alerts need to be sent immediately because as it is now, you see some of them without delay and others arrive perhaps 30 minutes later, and it leaves important gaps in terms of information gathering."

What other advice do I have?

My advice for anybody who is implementing this product is to first analyze their critical assets to have an understanding of what they are. Then, decide if they want a scalable solution. New threats are coming in every month and the way this is going, Microsoft is learning lessons from networks that have been compromised. With this information, they give updates and patches to everybody. In support of this product, you have to consider the patching, consider the visibility that it gives, and then consider the critical assets it is protecting. I would rate this solution a seven out of ten.
See 47 more Microsoft Defender for Endpoint Reviews
Buyer's Guide
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.