We just raised a $30M Series A: Read our story

Microsoft Defender for Endpoint OverviewUNIXBusinessApplication

Microsoft Defender for Endpoint is the #2 ranked solution in our list of top Anti-Malware Tools. It is most often compared to CrowdStrike Falcon: Microsoft Defender for Endpoint vs CrowdStrike Falcon

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint is a complete endpoint security solution that delivers preventative protection, post-breach detection, automated investigation, and response. With Defender for Endpoint, you have: 

Agentless, cloud powered - No additional deployment or infrastructure. No delays or update compatibility issues. Always up to date. 

Unparalleled optics - Built on the industry’s deepest insight into Windows threats and shared signals across devices, identities, and information. 

Automated security - Take your security to a new level by going from alert to remediation in minutes—at scale. 

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security and Compliance Community.

Microsoft Defender for Endpoint is also known as Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus.

Microsoft Defender for Endpoint Buyer's Guide

Download the Microsoft Defender for Endpoint Buyer's Guide including reviews and more. Updated: October 2021

Microsoft Defender for Endpoint Customers

Petrofrac, Metro CSG, Christus Health

Microsoft Defender for Endpoint Video

Archived Microsoft Defender for Endpoint Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
HK
MIS Director at a real estate/law firm with 5,001-10,000 employees
Real User
A good out-of-the-box solution to protect from data loss but scanning sometimes freezes the memory

What is our primary use case?

We primarily use the solution to save our data from getting lost in the case of network attacks or viruses.

What is most valuable?

The most valuable feature is that we can use the solution right out of the box without too much configuration.

What needs improvement?

There's scanning going on that occasionally topples the memory, causing everything to freeze. This should be fixed. In future releases, it would be helpful if they included something that can control any handset viruses.

For how long have I used the solution?

I've been using the solution for more than two years.

What other advice do I have?

We are using the on-premises deployment solution. I would rate the solution seven out of ten.

What is our primary use case?

We primarily use the solution to save our data from getting lost in the case of network attacks or viruses.

What is most valuable?

The most valuable feature is that we can use the solution right out of the box without too much configuration.

What needs improvement?

There's scanning going on that occasionally topples the memory, causing everything to freeze. This should be fixed.

In future releases, it would be helpful if they included something that can control any handset viruses.

For how long have I used the solution?

I've been using the solution for more than two years.

What other advice do I have?

We are using the on-premises deployment solution.

I would rate the solution seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
JN
Deputy Director at BG Service
Real User
Intuitive, easy to use, and good for people who don't have much experience in security

Pros and Cons

  • "The most valuable features are that it's easy to use and the updates are very simple."
  • "I would like to be able to set up any kind of protection I want in the firewall, any IP address or any number."

What is our primary use case?

Our primary use case of this solution is to defend from viruses. 

What is most valuable?

The most valuable features are that it's easy to use and the updates are very simple.

What needs improvement?

I would like to be able to set up any kind of protection I want in the firewall, any IP address or any number. 

I would like to be able to customize my protection on the dashboard. 

What do I think about the stability of the solution?

It's a good product but it is limited in some cases. I had a bad experience because a few weeks ago I was in Seoul in Korea and with my Dropbox, my children did some things on my computer at home and I got ransomware to Defender and it corrupted my whole Dropbox. The stability can use improvement. 

What do I think about the scalability of the solution?

It's easy to document new people. With the dashboard, I can set up rules to protect myself from any IP address coming from an external network.

We use this solution daily. We don't have plans to increase the usage. 

We have around ten to twelve users. They are only users, not admins. We only require one admin. A guy sometimes comes to set up a desktop and do the configuration.

How are customer service and technical support?

We have never needed to contact their technical support. 

What's my experience with pricing, setup cost, and licensing?

The cost is per-user. We pay more for an Enterprise license.

What other advice do I have?

I would say this is a good product. It's very intuitive, easy to use, and very good for people who don't have much experience in security.

This a very good product because every time there is an update it corrects any issues. It can help an enterprise go up.

I would rate it a nine out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,029 professionals have used our research since 2012.
Gabriel Petcu
Program Manager at a tech services company with 51-200 employees
Real User
An excellent well-integrated solution that's stable and scalable

Pros and Cons

  • "Defender is integrated into the operating system. It's integrated with everything. You don't have to spend time analyzing what you have to do to be sure that the integration is okay between the security tool and all the other apps. This, from my point of view, is the main advantage."
  • "The solution needs to improve its ransomware. It's not so good. It could also use some general performance optimization for the computers the solution operates on, to ensure it does not slow down the devices."

What is our primary use case?

I primarily use it for myself and my businesses as a protection solution.

What is most valuable?

The most valuable feature is the protection given via the antivirus.

What needs improvement?

The solution needs to improve its ransomware. It's not so good. It could also use some general performance optimization for the computers the solution operates on, to ensure it does not slow down the devices.

For how long have I used the solution?

I've been using the solution for five years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is easily scalable. I'm always trying to increase the usage to maximize the capabilities of the product offering. As soon as new capabilities appear I will expand usage to include them. In terms of physical expansion to other devices, I already have the solution on all of my devices.

How are customer service and technical support?

I've never needed to contact technical support.

Which solution did I use previously and why did I switch?

I did previously use a different solution, but it was more convenient to work with Defender. I wanted to use the same provider. I'm using the Microsoft operating system and Microsoft applications. It seemed to be a logical step. 

Defender is integrated into the operating system. It's integrated with everything. You don't have to spend time analyzing what you have to do to be sure that the integration is okay between the security tool and all the other apps. This, from my point of view, is the main advantage.

How was the initial setup?

Initially, a few years ago, the setup was not so easy. Now, with Windows 10, it's automatic. It's already within the system, so now we don't have to worry. Initially, before Windows 10, we had to install it. It was not so complicated, but a bit more complicated than now where you don't have to do anything at all. Originally, the deployment took about 10-15 minutes. You only need one person for deployment and maintenance. With the 2000 version, maintenance is almost nonexistent. You just follow up and approve the updates. It's a fraction of the time.

What about the implementation team?

I implemented the solution myself.

What's my experience with pricing, setup cost, and licensing?

You have a standard licensing fee. As far as I know, there are no other costs above and beyond this.

What other advice do I have?

We are using the public cloud deployment model of the solution.

I would recommend the solution. I would rate it ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Abdou Soudaki
IT Help Desk at Elsewedy Electric Algerie
Real User
Useful real-time protection features and excellent updates

Pros and Cons

  • "I like the real-time protection features. Windows Defender will detect if there's a threat like a Trojan or something like that but Kaspersky lets it run normally."
  • "The system can always be simplified and have a better integration check. More detailed reports would be good. When it does the integrated check, it just shows if the system is okay but I want to know what happened."

What is most valuable?

I find the layer protection and real-time protection very useful because when I launch a program, I always have a notification and an alarm. Sometimes I am on a program on Windows Defender and sometimes on Kaspersky and it shows up on whatever I am using. I like the real-time protection features. Windows Defender will detect if there's a threat like a Trojan or something like that but Kaspersky lets it run normally.

What needs improvement?

This solution is not perfect. Sometimes it detects something and it's not a threat. The good news is that you can restore something and analyze it better and you can restore the file and copy it or disable the defender and run it again.

The system can always be simplified and have a better integration check. More detailed reports would be good. When it does the integrated check, it just shows if the system is okay but I want to know what happened.

For how long have I used the solution?

I've been using the solution for three to four years.

What do I think about the stability of the solution?

The solution is stable but sometimes when you do a security update when it starts, you see the hinge process in Task Manager. It also sometimes corrupts the PC. You need to either start it or recalibrate. If the installation happened without it starting, like patching without starting, it's better.

With Windows Defender, it will want to do these updates so that when you install an update it has to be done with a Windows update and then you can start. If you can manage it easily in a natural phase like updating security, ejecting and installing, it's better. Like checking a box.

What do I think about the scalability of the solution?

I'm not sure about scalability. I think if you have an enterprise license and more features in an enterprise package it will be good. We have about 200 users.

How are customer service and technical support?

I haven't personally used technical support.

How was the initial setup?

The initial setup was easy. It's easy to install and maintain.

What other advice do I have?

The majority of the updates are really good. 

I would rate this solution eight out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
MW
Information Security Analyst at a financial services firm with 501-1,000 employees
Real User
A security implementation that supplies proactive issue resolution with cloud analytics and APT

Pros and Cons

  • "This is a very go, proactive solution to threat protection using advanced analysis."
  • "Updates are not coming out of preview quickly enough and it is holding back on the development of the product."

What is our primary use case?

Our primary use for the solution is threat detection and response.

How has it helped my organization?

It's basically for security implementation, response planning capabilities and other security functions. Obviously, auditing, HR, requirements, legals, auditing, banking, and financial services all require a lot of the data that are generated and reported out of the platform.

What is most valuable?

The features that are most valuable for us are cloud analytics from the APT (Advanced Threat Protection) engine or quarantine, deletion, and removal. Basically, they work by web engine. Simply, it is proactive in resolving potential issues.

What needs improvement?

There are certain features that do have room for improvement. I think with the analytics engine they're looking at it from the desktop and the server perspective. I think the desktop engine should also include the script analytics — what executed, what's the power shelf or UI commands, or some form of Splunk regex. I know we don't have that functionality with a run-time analytics platform, but it's a JS (JavaScript) based one. So it would be good if they had a regex to JS converter.

The biggest problem is they need to take things out of preview. I know that they're developing on the platform service with the analytics engine, but so many services still rate it as a preview after 12 to 18 months, which is stopping adoption with businesses knowing that that solution could be filled and redirected at any time. So that delay is limiting technology to be able to be updated because they don't have to release all production support.

For how long have I used the solution?

I've been using it for about eight-and-a-half years, if you add the early adoption projects.

What do I think about the scalability of the solution?

In the last 12 months, we've moved up to the Gartner Magic Quadrant report as a leading form of threat analysis. Obviously, the more clients that migrate to Cloud Services the more analytics platforms are picking it up. There are auto-resolutions and it's getting more cross-correlations between tendency. So we're getting a lot more APT (Applied Predictive Technologies) and IOC (Indicators of Compromise) data through which you can get a better response, better response times, automatic remediation tasks, reduce the amount of the alerts and false positives — that sort of thing. It's all really useful. It's scaling out on its own.

How are customer service and technical support?

We get direct support. They're literally across the road from us. We've got multiple Microsoft engineers assigned to our contract as well, so we deal directly with their engineering teams.

How was the initial setup?

The setup was simple and straightforward.

Here we SCOM (System Center Operations Manager) SCCM (System Center Configuration Manager) deployment for pushing out the agent's, done the deployment for the AIP (Azure Information Protection) scanners and load that unified data locally.

What about the implementation team?

We consulted with Microsoft, but we're a full IT workhouse so we have qualified engineers that were coming off a three-year capability program to deliver all of those services.

As far as the amount of staff we use to support the solution, we have a lot of managed providers and different international SOC (Security Operations Center) teams and different agencies that manage a lot of the services. I would say that globally we would have probably about close to a hundred engineers working on the solutions full-time with cloud app development and Kubernetis and things like that.

Which other solutions did I evaluate?

We compared extensively between multiple services, everything from Azure, cloud service providers, identity providers, platform SaaS providers — we did all that before we sort of consolidated on certain technologies in different areas.

We're utilizing a lot of the services. There will be some future state planning goals, but we're taking a risk-averse assessment on the product. We're more controlled about how things like our customer member data protections, cryptography and those types of things are working. So we're doing still doing a little bit of assessment. I know it's got the ASD clearance rating and certain services, but that's based off the tenancy agreements.

What other advice do I have?

I'd say the product rates about an eight out of ten as it currently stands.

You have to implement the product — there's no choice. You can't use the exchange online protection or the advanced analytics or obscure identity IP protection without the APT being installed on the endpoint. Otherwise you're not getting into threat intelligence or the actions. You're not going to get the full response plan or activities that occurred. You cannot deploy without APT being installed on the desktops and have a full, defined solution for unified labeling. That has to be deployed and tested for unstructured data for at least six months with the AIP (Azure Information Protection) scan that's deployed with APT.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SG
‎Microsoft Enterprise administrator at a comms service provider with 1,001-5,000 employees
Real User
Has prevented all viruses since we implemented it

Pros and Cons

  • "It's really stable. I've used a lot of stuff, a lot of products, like ESET and Kaspersky. None of them are comparable with this one. This one is much better."
  • "The end-user also cannot do some advanced actions on it. It's a little bit complicated for our end-user, so it needs to be simplified."

What is most valuable?

The solution is really fast. I have never experienced any viruses since I've been using it.

What needs improvement?

I think the console can be better.

The end-user also cannot do some advanced actions on it. It's a little bit complicated for our end-user, so it needs to be simplified.

I think the solution is complicated. This one is one of the concerns that I like to talk about because some end-users do not know how to navigate through the console and how to work with them. I think this is not such a big deal, but I know that there will be other things that may be important to us like, how we can centrally manage users and reports are really important for us. For example, in Kaspersky, we had a problem where we couldn't detect the attacks that we had in some of our zones in our data center. I think if Microsoft Windows Defender can report these things, it's going to be great.

For how long have I used the solution?

I've been using the solution for six years.

What do I think about the stability of the solution?

It's really stable. I've used a lot of products, like ESET and Kaspersky. None of them are comparable with this one. This one is much better.

What do I think about the scalability of the solution?

To scale the solution, I think you need more licenses but I'm not sure. We have 100 to 1,000 users. We just use it for some end users, not for all the users. The users are mainly end-users and a few admins. We plan to increase users annually.

Which solution did I use previously and why did I switch?

We used other solutions, like ESET and Kaspersky. We had to change at first due to user complaints, especially about Kaspersky, because it used a lot of the resources. So we switched to ESET but after some time we just switched to Windows Defender

How was the initial setup?

The initial setup was really easy, a no brainer.

What about the implementation team?

I installed the solution on my own.

What other advice do I have?

I would recommend the solution because I can confidently tell everyone that this product is working very well and it's stable. You are always sure that they are able to deal with a virus or something else that may interrupt your work.

I would rate this solution nine out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
RR
Associate System Engineer - Security Services at a tech services company with 1,001-5,000 employees
Real User
Product has a decent detection rate, but there are some challenges related to reporting

Pros and Cons

  • "Within its class I think, it has a high and decent detection rate."
  • "There's a lot of manual effort involved to configure what we need."

What is our primary use case?

We use this as our antivirus solution.

What is most valuable?

Within its class I think, it has a high and decent detection rate.

What needs improvement?

There were a few detections that are not picked up, and then Microsoft picks up on that and they update it. That's just a normal thing you go through based on every antivirus solution. You're always going to have viruses and signatures that are coming out.

So, I wouldn't say it's the perfect solution because if you're looking at next-generation behavioral based things, for example, if you're going to use ATP, that's when you can get more methods out of it. With Defender, if you pay more you can get the ATP component, which is sold separately by Microsoft.

We do have some challenges in the reporting aspect of it. 

There's a lot of manual effort involved to configure what we need.

There are also a few issues with policies.

For how long have I used the solution?

I've been using this solution for six months.

What other advice do I have?

Defender by itself is not a solution. Defender is basically a functionality.

We have some issues with reporting, but I think it's just the way we've integrated right now, again not using ATP. So, we just use STC MS management. Then it's limited in terms of reporting.

From an operator's perspective, I think there are some policy detection issues where you've got a detection for a signature but how it translates into the FCCM dashboard where it doesn't really categorize that particular model. It picks something up as bad but it's just unknown.

So, I think that's a known issue with this particular thing. Because it doesn't know what it is classified as it doesn't really do anything. For it to do something, the policy has to recognize the category of that number. It could be a trojan horse or whatever it is, but it doesn't really do that. It could be what they call an autonomous detection where the system categorizes it as not recognized and hence it blocks it, but it's not going to let you delete it instantly. Usually, you can say if it's detected you want to block it, that's the first step. The second step is to be able to delete the file or quarantine the file. But it doesn't recognize that, so it doesn't know what it needs to do. Instead, it just blocks it. It only blocks it because it doesn't recognize it as being Malware.

I would rate this product a six out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ibikunle Imam
CEO at floating-dot tech ltd
Real User
Free software to prevent malware and viruses that is bundled with the operating system

Pros and Cons

  • "It's free. There is no additional cost. It's part of Windows."
  • "Microsoft Windows Defender doesn't have a game mode."

What is our primary use case?

Our primary use case for Windows Defender is to prevent malware and viruses. Security is the main purpose that it is used for by our organization.

How has it helped my organization?

We are no longer buying a separate antivirus with Windows 10 Server Enterprise. We are no longer buying antivirus solutions where there is no compatibility with Windows 10.

What is most valuable?

The malware features are most valuable for us because if you have an application that attacks, it is defended. It gives you a prompt and doesn't allow you to launch that app. 

If there's an application that has suspicious malware you downloaded from the internet, it gives you a prompt to prevent the application from launching.

Microsoft Windows Defender moves it to the recycle bin automatically.

What needs improvement?

Microsoft Windows Defender doesn't have a game mode. Other antivirus software (like BitDefender) have something known as a game mode. 

If you want to play a game, just enable the game mode to allow certain traffic without needing to configure it. Windows Defender doesn't have that.

There's no Windows Server edition for Windows Defender as part of the distribution.

For how long have I used the solution?

Personally it has been about a year and a half, but in the office are we using it seven months.

What do I think about the stability of the solution?

In my experience, Microsoft Windows Defender has never caused any issues in operation. It is very stable. It doesn't affect the system.

What do I think about the scalability of the solution?

Since it's a Microsoft product, scalability is top-notch. This shouldn't be an issue.

How are customer service and technical support?

I have never had a problem with technical support. I didn't use it. I have never had any performance issues with it.

Which solution did I use previously and why did I switch?

We used Bitdefender, McAfee, and Norton antivirus software previously. Those are the main experiences that we have. We used all of those at various times.

How was the initial setup?

Microsoft Windows Defender installs automatically. There's no setup procedure. When you install Windows Suite or Enterprise on your machine, it installs quickly. 

There's nothing that might disturb it being activated. It installs with the operating system.

What's my experience with pricing, setup cost, and licensing?

It's free because it comes with Windows. It's a free solution. We're not paying any license.

That's why it's better than Bitdefender, McAfee, or Norton. It's free.

What other advice do I have?

For Windows Defender, there's no server edition for it. It's free. There is no additional cost. It's part of Windows, i.e. if you have issues with compatibility using other products. 

If you paid for Windows, it already comes with Windows Pro and Windows Enterprise automatically. It's better to go with it than pay the additional expense of deploying other solutions.

On a scale from 1 to 10, I would rate this product a nine. It doesn't have all the features that it needs to be perfect.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
MN
IT Security Analyst at Ingenium Group
Real User
Has good detection rates, is low on system resources, doesn't interfere or hamper workflows, and it's easy to use

Pros and Cons

  • "Ensures that I'm working with a product that gets updated regularly without me having to remember to do it. Since it's a Microsoft product, I'm confident that it requires a low use of system resources. The benefit of that being that my computer isn't constantly being drained."
  • "It would be nice to have a paid upgrade that would provide additional screening of the day-to-day activities."

What is our primary use case?

Our primary use case centers around blocking viruses on my personal laptop.

How has it helped my organization?

I'm working as a private contractor. In this regard, you can say this tool ensures I'm working with a product that gets updated regularly without me having to remember to do it. Since it's a Microsoft product, I'm confident that it requires a low use of system resources. The benefit of that being that my computer isn't constantly being drained.

What is most valuable?

One of the most valuable features of this product is the ability to "set it and forget it." I don't go in and make any changes to the settings. Another value add is the size of the user base, which is fairly large because it's a free MS product. I would imagine that it would be quite competitive since a blacklisting solution such as this is only as good as the threat intelligence it receives. I'm pretty sure that if the tool discovers something foreign and malicious it will upload that information back to Microsoft. The value of the tool is inherent within the size of the user base, which is fairly large because it's a free product by a trusted company.

What needs improvement?

I'm sure the premium product has extra features, like listing questionable websites. Defender is just an antivirus product. It would be nice to have a paid upgrade that would provide additional screening of the day-to-day activities.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?


I haven't had any noticeable issues with it. It's quite stable.

How was the initial setup?

It's very easy to set up. With admin rights, it really is very straightforward. All you need to do is install the tool and then download the definitions. 

Deployment was just basically downloading from Microsoft. It was very straightforward.

Which other solutions did I evaluate?

I'm currently evaluating the performance of Defender against third-party antivirus software products to see if I should continue with third-party products or just use Windows Defender.

What other advice do I have?

My additional advice would be to create a test user group, deploy the software to those test users and then monitor those users as part of a log management operations center and run comparisons over several months. Comparing those users, against other users perhaps using a third-party product, like Symantec, would allow for calculation of performance and progress metrics. Based on that, a decision can be made as to whether to deploy the software across the organization or not.

I'd give this tool a rating of 8 out of 10. It's got good detection rates, low on system resources, doesn't interfere or hamper workflows, and it's easy to use.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user1083
Manager of Operations at a aerospace/defense firm with 1,001-5,000 employees
Vendor
Defender antivirus provides internet security at a lower price.

Valuable Features:

Defender is an antivirus program available at a lower price than other products, like Symantec, McAfee, etc. Recently, Defender has now been integrated with Kaspersky Labs. There are two variants available for this product, Home basic edition and Pro. It has features that all other antivirus programs have like anti-spam, URL syntax checking, Firewall, Anti-spyware, etc. Defender has one surprise feature though called Secret Surf, which leaves no trail of your browsing history. There is feature, like free update of Anti-spyware database, that most other common Anti-virus programs don't provide.

Room for Improvement:

The most problematic part of this program is the difficult customer service. Upgrading the software may cause a little bit of trouble. Your computer may lock down soon after your first reboot. There have also been some problems with the connectivity and with the internet, soon after the installation of the program. Trouble-shooting by Customer Support Engineer may take some time to figure out the problem and fix it. You may find your computer slowing down after installing the program.

Other Advice:

Defender Pro or Home Basic antivirus provides some sort of security against the latest internet threats, but going for the reputed Anti-virus software like Symantec Endpoint, Quick Heal, etc. would be a wiser choice. The price of this program may be a bit lower, but safety of you and your computer is of greater importance.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.