How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?


Which would you choose?

ITCS user
22 Answers

author avatar
Real User

The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature but on the platform, you can drill down the events to find the starter of a blocked event. 

It does have basic features to whitelist programs and paths, does show you information about what kind of threat was blocked, gives you information about user logged, machine details (SO, version, serial, Mac Address, Local and WAN IP,...) and grants you with the time, the file that executed the event, allows you to group devices and define exclusion, detection, response policies based on them. 

It does allow you to create specific profiles for each type of user like helpdesk analysts, managers, etc (with different access, etc).

The solution is pretty good, actually and I'm pretty happy with it. I don't have experience with Microsoft Defender for Endpoint but will do in a couple of months to update this. =]

author avatar

Depends on your budget and on the conditions of a Microsoft license. If you have an M365 license (like E3 or E5), Microsoft is cheaper.

In terms of functionality, CrowdStrike is better.

Find out what your peers are saying about CrowdStrike Falcon vs. Microsoft Defender for Endpoint and other solutions. Updated: September 2021.
533,638 professionals have used our research since 2012.