We just raised a $30M Series A: Read our story

Microsoft Defender for Endpoint Valuable Features

Principal Consultant at a tech services company with 201-500 employees

More than anything, what I find most valuable is the holistic integration with all Defender products and MCAS. You can not deploy this in a vacuum. It's like most Microsoft technology. If you want to do a Zero Trust model and framework, you have to deploy things in a holistic solution.

Among the new features I like is that you can ingest your Defender events directly into your SIEM/SOAR product, particularly Azure Sentinel, although not a lot of people are using that and you don't have to be using it. You can ingest them into any SIEM/SOAR product directly.

There are features that have helped improve a company's security posture, now that remote work has come into play. Microsoft had to come up with a solution because identity is the new security plan. The largest attack surface is going to be your endpoints, so you have to be able to control your endpoints. There is malware that can collect IDs and it doesn't have to be from privileged accounts, it could be from any account. Once they get in, then they can start looking around to see if there are any security holes, move laterally, and get a hold of a privileged account. And if they get a hold of a privileged then they can just turn off all your security controls and get to your data and you've got a ransomware attack. With Defender for Endpoint, it's the combination. Every one of the features in it is equally important, but the most important thing is integrating it with the other Defender products, to create a holistic solution.

The best feature is the fact that for certain mobiles you can control your corporate profiles versus your personal profiles. That is amazingly important. Apple just supported the separation of corporate and personal profiles, whereas Android has been doing that for quite some time. You are better off as an organization, when it comes to BYOD—because Apple just now started supporting separation of corporate and personal profiles—to start with the version that supports that feature. If you go below that level, you don't get that feature, and it makes it very difficult to separate corporate and personal profiles. Because Android supports that, if an Android phone is lost or stolen, I can wipe out all the corporate-related information from that phone and not touch the personal side. I can separate the apps and I can separate the ability to cut and paste between apps. I can cut the ability from sharing files between apps between the personal and corporate profiles. From a data loss prevention standpoint, I can completely segment corporate apps and data from personal apps and data.

Another feature is that it is now supported across multiple platforms, where it was regulated at one time for just Microsoft-supported operating systems. That development is very important.

View full review »
Systems Manager at SAI Systems

The best part is that it is built into Windows, whether it is a server base or a desktop base, which gives more control over the operating system. Because Defender, the operating system, and the Office solution are by Microsoft, everything is working like hand-in-glove. Its administrative overhead is less because a desktop user has already got some experience of how to handle a Microsoft Defender notification or administer it. While working on Windows 10, every now and then, users might have seen it popping up, and they know how to do certain things. So, it is not too taxing from an administration point of view where we have to tell users what to do. 

Centralizing policies and rolling everything out is done only from one console. We are able to provide restrictions based on what we want to filter, such as certain apps should not run and certain things should run. Because we are also into website development and code development, sometimes, users need to run certain software or their own build application, which is not possible to specify with an antivirus solution. With Defender, we can centrally deploy a policy where certain parts are excluded, and they can run their code in those particular parts. This is a very nice feature where we don't have to micromanage developers' PCs or exceptions.

Data leak prevention is something that our company requires, and it is incorporated in this solution. Because we are using Microsoft OneDrive, and it is easy to take the backup to OneDrive via Microsoft Defender.

It has helped in improving our security posture.

View full review »
CEO at Sentree Systems, Corp.

I like the fact that it has the ransomware solution in there. I'm glad that the ransomware solution is built into it. That's probably the biggest thing that I see in Microsoft Defender.

It is useful when a client does not want to spend extra on getting a new endpoint solution or does not want to get something else installed on their devices.

View full review »
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
553,954 professionals have used our research since 2012.
Head of IT at a manufacturing company with 51-200 employees

When you have something fail and you have three or four different vendors where the fail might be located, everyone just says, "Well, it's awful." Then, you have to go and find out where the fault is. That is really annoying and can cost the business money. For that reason, if I can have one single point of contact when I have a problem to help me out, and say, "Let's find the solution." That is much better instead of having me contact multiple companies to track errors down.

View full review »
Sr SOC Analyst at a security firm with 201-500 employees

When you go to do a deep-dive or investigation as a SOC analyst or any security analyst, it gives three structures or processes, as well as the execution that it performs. I am able to perform a very deep-level investigation with MDATP - more than I can with any other tool.

It did increase our security posture. While we had an antivirus before, it would only detect or prevent certain types of attacks. However, based on that capability, you cannot respond to the threat directly. For example, if there was ransomware on a system, the antivirus will be able to identify, detect, and mitigate it. However, at the same time, even if the antivirus detects that and tries to prevent it, you need to contain that machine, or you need to isolate that machine from the network. You don't want that machine to be talking to anybody in the network. Antivirus solutions can’t exactly do that.

With respect to prevention, it has an auto-remediation feature, which is a good feature that I love with respect to prevention. It does auto-remediation as well as manual remediation, which is pretty good.

With respect to response, we were able to contain, block, and respond to threats faster with MDATP. When we analyze the incidents or the threats it gives us a very good view of everything.

With this product, before containing or responding, we get the information and can see what exactly is happening and when that malicious file was installed. After that, we have an event timeline. The visibility is not that much when you only have an antivirus. Now, we see the full picture. When we adopted this tool, we got the detect, prevent, and response functionalities. Overall, our security posture looks much better and our attack surfaces are limited. Endpoints are also most vulnerable today and we can efficiently protect them now. Since we have reduced the attack surface our security posture has improved dramatically. On top of that, we have the capability to respond and to go deeper on a forensic level.

The product doesn’t affect our end-users. I do not see any major issues. There are exceptions where approvals may be necessary. However, the user acceptance is good. This is something that organizations pre-plan and there is nothing the user really has to worry about or act on.

View full review »
IT Administrator at DM-Drogerie Markt

The whole bundle of the product, which is similar to other Microsoft products, is valuable. Ten years ago, you had third-party stuff for different things. You had one solution for email archiving and another third-party one for something else. Nowadays, Microsoft Office covers all the stuff that was formerly covered by third-party solutions. It is the same with antivirus. The functionality is just basic. You have the scanning, and then you also have a kind of cloud-based protection and reporting about your environment. With Microsoft Security Center, you have a complete overview of your environment. You know the software inventory, and you have security recommendations. You can not only see that the antivirus is up to date; you can also see where are the vulnerabilities in your system. Microsoft Security Center tells you where you have old, deprecated software and what kind of CVEs are addressed. It's really cool stuff.

View full review »
Azure Engineer at a tech services company with 51-200 employees

It depends on the licensing. Most of the customers have got at least a 365 E3 license, and they can use most of the features of Windows 10 Defender. So, anyone who has got an enterprise license can start using those features. Some of the customers have got E5 licenses, and they can use all advanced features. Customers with E5 licenses use the advanced site protection (ATP) features and web content filtering without going via a proxy, which gives the benefit of replacing the proxy. They can get the benefit of MCAS and integration with Intune and the endpoint manager. It is a kind of single platform for all 365 technologies. It helps customers in managing everything through a unified portal.

Normally, we implement the attack surface reduction (ASR) rules and exploit protections. We also use Microsoft Defender Application Guard and ad blocker. Instead of using the application control list, we use the ad blocker at most of the places.

View full review »
Cyber Security Specialist at a healthcare company with 10,001+ employees

One of the features which differentiates it from other EDR providers is the Automated Investigation and Response, which reduces the workload of SOC analysts or engineers. They don't have to manually investigate each and every alert on the endpoint, since it does so automatically. And you can automate the investigation part.

In addition, there are several features that have helped to improve our security posture at the prevention level, such as the attack surface reduction controls and the exploit prevention control. The attack surface reduction comes with the solution, out-of-the-box. There is Application Control as well, which is kind of difficult to implement, but once you are through the pain of designing and implementing it, it is one of the very good features to have. These tools are some of the things that are missing from other vendors' products, as I have worked with McAfee, Symantec and Carbon Black.

View full review »
Security Consultant at a tech services company with 51-200 employees

It's Microsoft native. Microsoft is the corporate default, so it makes sense to use security platforms that are baked into the Microsoft platform. That's probably the most valuable aspect of it.

It has specific features that improve our customer's security posture. It makes the monitoring a lot easier and minimizes on-prem administration. A lot of the administrative stuff is all folded into Azure. It makes things easier.

The platform just makes things easier compared to on-prem or hybrid solutions because if you start working in an on-prem solution, most of the time it's going to be a battlefield. 

DFE affects the end-user experience when it's deployed. The more freedom a user has on the device, the more they're used to doing things their own way. By locking things down, by having device configurations, you disrupt the workflow. You need a lot of user education where you have to explain why you're doing these things. I'm a part of security. It's twofold, in that users have to get used to the new configurations. And the reason why we might take a little bit longer with pilot phases is that we have to identify how it'll affect the users and how the differences of different business units will be affected. Developers need a more open environment than other solutions.

View full review »
Assistant Manager IT at a educational organization with 1,001-5,000 employees

The most valuable feature is ransomware protection, which can detect malicious activity from IPs or a malicious payload in DLLs, or other things that can corrupt the system.

The performance is good. Usually, end-users complain that whenever background or real-time scanning is done, the effects are felt as there is a slowdown in the system. This is not the case with Microsoft Defender.

View full review »
IT Support Executive at a healthcare company with 51-200 employees

It is already integrated with Windows 10, so you don't need to worry about that. 

It is a basic firewall with some additional anti-exploit measures and parental controls already built in.

View full review »
Security Architect at a comms service provider with 5,001-10,000 employees

It's not really visible for the user - which is a benefit. 

We know it's pretty good in terms of detecting threats against our platform and attacks. We have seen that.

There's privileged escalation or lateral movements for attacks.

The solution is stable.

The scalability is good.

View full review »
Head, Information Security & Network Operations at a consumer goods company with 10,001+ employees

The GUI is very nice.

The reporting capabilities are fantastic.

In the future, I would like to have the ability to patch using this product. Specifically, in an enterprise environment, it would be very good if you could patch the workstations remotely.

View full review »
Navision Consultant and user support at NCPD

Automatic scanning and cleaning of viruses is the best and most valuable feature helping this tool to thrive. If any viruses are found, they are cleaned automatically.

Another feature is the ability to filter sites and block harmful ones, which makes it to enter sites with full protection. This ensures no harmful Trojans can be sent into our systems through those sites and are always blocked when detected.

Another great feature is the ability to warn the system user, making it easier to know when a virus has been found on our system.

It is easy to use and has a lot functionality to make systems safeguarded in the right manner.

View full review »
Technology Consultant at a computer software company with 51-200 employees

The most valuable feature is the fact that, if you have the M365 E5, it's included and everything is in the bundle. 

It's a very solid security system and the advanced hunting and everything really lets you dive deep into things.

View full review »
Technical Team Lead at Alepo

This solution takes care of most of the infections that are found in the system, and it comes included with Windows. These are the two main advantages of using it.

The most valuable features are the Windows Firewall and the regular virus definition updates. These features are very helpful and have helped to improve our security.

View full review »
Technical Support Engineer at a tech services company with 51-200 employees

The solution's main antivirus capabilities are okay. So far, they have kept us safe.

There is cloud protection as well, however, we don't utilize that very much.

View full review »
Modern Workspace Solution (Technical Specialist - Managing Consultant) at GFI India

The most valuable feature is threat detection. We have been notified of viruses and threats of problems such as ransomware attacks.

The Cloud App Security features are useful.

We apply the DLP policies across a range of endpoints and it is very accurate when reporting vulnerabilities, including those in email attachments.

Microsoft Defender integrates well with Office 365.

Especially these days, with the COVID situation, this product helps us to better reach our users and solve problems. For example, we no longer need to ask them to bring in their laptop to check for and address issues. We can apply policy, automatically define rules, and remedy problems using the central management features. 

View full review »
Delivery Practice Director at a computer software company with 201-500 employees

I like that it's easy to deploy because it already comes with Windows 10. Overall, it has all the features that we need. Easy to deploy, comes with updates, and comes with Windows updates. You don't have to really manage or update the signature.

View full review »
Cloud Consultant at Brio Technologies Private Limited

The product is very good when it comes to vulnerability assessment. It's a Microsoft flagship product and it integrates with Office 365. If my customers are using Office 365 or Azure or a Windows server, it helps to use Defender. Other products like Symantec or McAfee don't have that kind of integration with Microsoft products. In terms of identifying the attacks, it's far superior to Symantec. 

View full review »
Delivery Practice Director at a computer software company with 201-500 employees

The patch management is very easy, as it can be done automatically or added to a schedule. This will update all of the virus signatures.

We have a hook from our on-premises application to the cloud services for advanced threat protection, so the management is in the cloud. Centralized management allows us to schedule malware scans.

When you hook it up to the cloud's advanced threat protection, it gives you more than protection from ransomware. It covers different types of malware and allows you to see what malicious software is being executed on the machine.

The product allows you to manage your machine through it, similarly to the way SCCM does.

View full review »
Head Of Information Technology at a financial services firm with 1,001-5,000 employees

The antivirus and their Office Defender are pretty good, although we are still processing that. It seems to be really great at protecting office documents.

The solution integrates very well with Windows applications and Microsoft endpoint products.

The product doesn't take up too many resources. You don't have to install it in different areas. It's very easy to implement and use.

View full review »
Application Manager at Huntington Bancshares Incorporated

The most valuable aspects of the solution include:

  • Advanced hunting. The product offers flexibility, visibility, and automation capability using a user-friendly query language (KQL).
  • Reporting. Clear and concisely plotted graphics show real-time data representation - which is valuable to upper management.
  • Scalability/API. We are able to productively integrate with existing on-prem, hybrid, or cloud applications. 
  • Great OOB features. The solution comes with SIEM-ingestion-ready features for extensive visibility, automation, and integration, including advanced hunting, threats and vulnerability management, embedded simulation for end-to-end testing, ransomware prevention (Controlled Folder Access), and Attack Surface Reduction (ASR) rules.
View full review »
CRM & IT Head at a computer software company with 201-500 employees

Its a complete free version which came as in-built with windows and has no impact on our system performance. We don't need an extra software to be installed for security concerns and virus a such. It is very easy to use comparing to other available software's in the market.

View full review »
Senior Manager at RP Sanjiv Goenka Group

Along with security, there are certain IT policies in terms of accessibility of different sites, which are there in the organization. With everything put together, there haven't been any instances where I have seen any kind of issues such as malware or other malicious event getting through on my laptop. From that perspective, everything is fine. 

The patch updates and version updates are very good. Those happen on an automated basis whenever I'm connecting to the organization network, either through LAN or through the VPN. I never have to worry about anything being out-of-date.

The solution scales well.

I have found the stability to be good.

View full review »
EMEA IT Infrastructure Manager at a consumer goods company with 5,001-10,000 employees
  • Defender has very little impact on the end-user.
  • The agent works quite well with a minimal impact on the client and server.
  • It's very easy to deploy it.
View full review »
Chief Executive Officer at Apollo Asset Management Company

The folders and files protection are its most valuable features. These have been valuable because of the increase in ransomware attacks. With these two features, I can ensure that no changes have been made to our system or endpoint folders and files without the user being aware.

View full review »
Product Manager at a comms service provider with 501-1,000 employees

This is a cloud-based product so it is always updated by the end-user.

View full review »
IT Manager at a financial services firm with 1,001-5,000 employees

The malware detection feature is very good.

View full review »
Team Lead at a tech services company with 1-10 employees

The solution was highly ranked in the Gartner Report.

It's absolutely free to use.

The anti-malware features are great.

It doesn't use up a lot of resources on my laptop, so it's not slowing anything down.

The product is very easy to use.

View full review »
Project Director at a tech services company with 1,001-5,000 employees

I am using it for very simple purposes. It is perfect and quite effective. I have been using it for a while, and I have never had any virus infection, data leak, or other security breaches.

It works fine for standalone purposes. If you log on to OneDrive, it has ransomware protection.

View full review »
Manager of Information Systems at a engineering company with 51-200 employees

We like that it has a free version available.

View full review »
Consultor Senior at a consultancy with 51-200 employees

I haven't experienced any problems.

View full review »
Managing Director at FORESEC

We have just started to implement it. It is useful for protection from malware and ransomware. We are not exactly sure about zero-day, but we are trying to see if it will be effective for everyday antivirus purposes.

View full review »
Owner at a tech services company with 1-10 employees

The primary advantage is that you don't need to install it. It's included in the Windows 10 delivery.

It's part of the Microsoft 365 suite, so it's integrated. We also use it for collaboration with other components within the suite. These two things are the most important for us at the moment.

View full review »
Specialist Consultant in Microsoft Security at a tech services company with 501-1,000 employees

Auto-remediation: When the product sees malware, it resolves the issue immediately. This protects the machine.

I like the tamper protection. For example, if I buy a notebook with Windows 10 and put Microsoft Defender on it, then I can activate the tamper protection. This keeps people from entering the machine, encrypting it, and changing passwords.

Microsoft Defender is fully integrated with Azure Sentinel. In addition, GPO can be connected with Microsoft Defender and Azure AD.

View full review »
Solution Architect at KIAN company

It is very simple to use and easy to scan systems.

This product is flexible, and it is very easy to get updates from the Microsoft website.

We are using the firewall features.

View full review »
Senior IT Manager at a pharma/biotech company with 501-1,000 employees

What I like most is the protection against phishing emails and anti-spam.

View full review »
Director at Darknext

The features I have found most valuable are the ransomware and malware protection. The solution detects malware live and whenever it detects suspicious activity, it quarantines it. 

We set our protection to the tightest possible settings, which prevents non-approved applications from making any changes to our computers'.

View full review »
Head Of Information Technology at a financial services firm with 1,001-5,000 employees

It integrates very well with all Windows workstations or other Microsoft Endpoint products. It also works quite well. So far, I have not had any issue that hasn't been sorted out. 

It doesn't use too many resources, so you don't have to install different things.

View full review »
Engineer at a educational organization with 5,001-10,000 employees

It is easy to use because it is already pre-installed in Windows 10. We don't have to do anything to configure it. You can also configure the firewall by using a group policy so that it can be easily adopted in an environment.

View full review »
VMware and Windows Server Team Lead with 1,001-5,000 employees

Its simplicity is the most valuable. It also has very good integration. We like it.

View full review »
IT Engineer at a real estate/law firm with 201-500 employees

Microsoft Defender for Endpoint is beneficial because we are using Microsoft Windows and all the core solutions are made by Microsoft, such as the authentic platform, operating system, and antivirus protection. It is a heterogeneous environment. We had to use third-party solutions before and update everything separately. For example, the policy for antivirus. With Microsoft Defender for Endpoint, when Microsoft Windows receives updates it will update with it. This is one main advantage of this solution.

View full review »
Manager Cyber Defense Operations Centre at a tech services company with 201-500 employees

I really have not really worked with it that much to be able to customize my approach with it or anything like that. It pretty straightforward to install and use.  

View full review »
Technical Director at Systex Software

Microsoft Defender can block some viruses or malware. So, it can protect my files. It can save files on Office 365 OneDrive. I use encryption for some files, then I can recover them from OneDrive.

View full review »
Professional Prospect List Building Service Provider, Email Sourcer, Virtual Assistant at Freelance

The most valuable feature is that it helps protect me against any type of virus that might attack my system.

The performance is good.

View full review »
Manager-Information System & Product Management at a tech services company with 1-10 employees

We have liked the fact that it comes with Microsoft Windows 10 and it is constantly updated with all new virus definitions. It is also updated with new security features on a regular basis. We don't use any other third party products.

View full review »
Cyber Security Specialist at a healthcare company with 10,001+ employees

The EDR feature is most valuable.

View full review »
Assistant Manager – IT Infrastructure at a manufacturing company with 201-500 employees

It shows us the risky sign-ins, and if a user's password has been compromised.

View full review »
Director, IT at a financial services firm with 201-500 employees

The most valuable features are that it is flexible, and it is integrated with Microsoft products. That gives us peace of mind.

I like the security center, as well as the full picture of our security profile and insights.

View full review »
Chief Executive Officer at a tech services company with 1,001-5,000 employees

It's one of the best antiviruses on the market.

View full review »
Subject Matter Expert at a comms service provider with 10,001+ employees

The most important and the most relevant features of Defender for Endpoint are the malware and ransomware protection.

View full review »
Systems Administrator at a transportation company with 201-500 employees

The antivirus features are very useful.

View full review »
Information Technology Administrator at a tech services company with 51-200 employees

It is easy to use and the only thing you need to do is make sure that you have internet, and keep your organization schema up to date. There is not much to do in terms of configuration.

The protection that it provides is quite good.

View full review »
Cyber Security BA/BSA at a financial services firm with 10,001+ employees

The initial setup is very straightforward.

The stability is very good.

Technical support is good.

The solution is in good condition and offers good functionality.

View full review »
Network Administrator at a tech services company with 51-200 employees

I like that this product comes included with Windows.

This software is easy to use.

View full review »
Security Specialist at a energy/utilities company with 1,001-5,000 employees

One of the valuable features of the solution is the small updates that keep my machine relatively clean from any infections. Additionally, it has good integration with other Microsoft products.  

View full review »
Systeem beheerder at a healthcare company with 1,001-5,000 employees

For me, It's just a standard malware and antivirus solution — nothing more, nothing less. 

View full review »
Technical Manager at a comms service provider with 11-50 employees

One of the main features is the solution is very light on resources and we do not have any problems with it.

View full review »
CEO South East Asia at a engineering company with 10,001+ employees

It can reach our applications and PC activities in the cloud.

View full review »
Head of Information Security with 51-200 employees

It is stable and easy to use. Everything is okay, and there are no performance issues.

View full review »
Head - IT Operations & Enterprise Systems Support at a financial services firm with 1,001-5,000 employees

What I like best is that it is part of the operating system, as opposed to a third-party application.

The fact that it's from Microsoft, you don't have many false positives, unlike products from other vendors might have.

Updates occur frequently throughout the day.

View full review »
Sales Director at CLoud3 Solutions Pte Ltd

Microsoft Defender for Endpoint has been secure and there is zero maintenance required because it updates with Microsoft Windows.

View full review »
QA Test Lead at a insurance company with 501-1,000 employees

For the end user it's good to know that everything is safe and well protected. 

View full review »
Senior System Administrator at Debre Markos University

The solution has an easy-to-use interface, is always updated, and is user-friendly.

View full review »
Co-Founder at a tech services company with 1-10 employees

It is stable and very easy to use.

View full review »
Technical Project Manager at a computer software company with 10,001+ employees

The main features of this solution are that it handles everything by itself and is well integrated.

View full review »
MIS Specialist at a agriculture with 201-500 employees

Defender's endpoint protection is good.

View full review »
IT Manager at a pharma/biotech company with 201-500 employees

The biggest benefit to Windows Defender is that it is built-in to the operating system by Microsoft.

View full review »
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
553,954 professionals have used our research since 2012.