TrustRadius: an HG Insights company

Microsoft Defender for Endpoint

Score8.7 out of 10

222 Reviews and Ratings

Free Trial

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.

Categories & Use Cases

Media

Screenshot of blocked activities
Screenshot of Detects & responds
Screenshot of discovers vulnerability
Screenshot of Eliminates blind spots
Screenshot of Risk management

1 / 5

Screenshot of blocked activities

Key Features

Learn about the best (and worst!) features Microsoft Defender for Endpoint has to offer, as determined by TrustRadius' reviewers.
Based on 222 ratings of Microsoft Defender for Endpoint's features
View all features

Top Performing Features

  • Infection Remediation

    Capability to quarantine infected endpoint and terminate malicious processes.

    Category average: 8.8

  • Endpoint Detection and Response (EDR)

    Continuous monitoring and response to advanced internet threats by endpoint agents.

    Category average: 9.1

  • Centralized Management

    Centralized management supporting multi-factor authentication, customized views, and role-based access control.

    Category average: 8.5

Areas for Improvement

  • Anti-Exploit Technology

    In-memory and application layer attack blocking (e.g. ransomeware)

    Category average: 8.6

  • Vulnerability Management

    Vulnerability prioritization for fixes.

    Category average: 8.3

  • Hybrid Deployment Support

    Administrators should be able to choose endpoint security on-premise, cloud, or hybrid.

    Category average: 8.3

Most Frequent Users

Top 3 industries using Microsoft Defender for Endpoint.
Based on HG Insights installation data
Powered by
View all Reviews
#1 most frequent

Professional, Scientific, and Technical Services

24.8%

760 installations of 3,060

Gives good ROI.

Verified Review
#2 most frequent

Finance and Insurance

12.1%

371 installations of 3,060

#3 most frequent

Manufacturing

11.9%

365 installations of 3,060

Reviews

What users are saying about Microsoft Defender for Endpoint.
View all reviews

Defender is a more than viable antivirus protection solution.

Incentivized
Michael Miller
IT Engineer in Information Technology at Carolina West Wireless (51-200 employees employees)

Use Cases and Deployment Scope

We used Defender to replace Sophos. Being included as part of the Microsoft 365 package saved us the entirety of the cost of the previous provider. It also provides significantly more detailed security insights into our devices. Dashboard scores are used to help proactively respond to threats. The software also includes threat assessment to see all of the vectors an attacker would use.

Pros

  • Dashboard for threats.
  • Ease of installation.
  • Rapid response to threats.

Cons

  • PC reporting often lags behind, so scores remain unchanged longer than desired.
  • The portal interface changes regularly, moving objects and menus.
  • It needs a more defined client interface to resemble a traditional third-party antivirus.

Return on Investment

  • Was able to alert us to a malicious event overnight, tracking the incident end-to-end.
  • Gives management clear insight into the security footprint of the company.
  • Saved several thousand dollars a year in 3rd party antivirus costs.

Return on Investment

We are currently deployed to around 200 total PCs and servers. Our PCs are mostly Windows 11 with a few Windows 10 PCs that are in the process of being replaced. Our servers are entirely Windows-based, with most using Server 2019. We are not currently using Defender on mobile devices.

Alternatives Considered

Sophos Managed Detection and Response

Other Software Used

Microsoft Intune, Microsoft Exchange Online Archiving, VMware vSphere

Microsoft Defender for Endpoint Review

Incentivized
Danny NagdevView profile
Founder in Corporate at LetsReflect (1-10 employees employees)

Use Cases and Deployment Scope

We use Microsoft Defender for Endpoint as an antivirus to protect our systems from different types of malware. It helps us uncover attacks which are happening on our machines. Also, it is useful in getting timely alerts for such attacks.

Pros

  • Detect attacks
  • Prevent infection from malware
  • Provide alerts

Cons

  • Easy to use management interface

Return on Investment

  • It has reduced the expert manpower requirement to less than 50% for detection
  • For initial configuration, it took lots of time.

Return on Investment

Mostly Windows clients (around 100 computers)

Alternatives Considered

Sophos Intercept X

Other Software Used

Sophos Intercept X

Microsoft Defender for Endpoint a great option for budget savvy firms

Incentivized
Matt CoxView profile
Computer Systems Enginner II in Information Technology at Superior Court of San Francisco (501-1000 employees employees)

Use Cases and Deployment Scope

We have Microsoft Defender for Endpoint deployed on our workstations, laptops, and other devices.

Pros

  • Detects bad links
  • spotting Malware in attachment

Cons

  • Updates need to be more frequent
  • access to logs on events

Return on Investment

  • The basic product is free and comes within Windows
  • They are constantly improving the product

Return on Investment

Windows 10, 11 mostly

Alternatives Considered

Malwarebytes and McAfee DLP Endpoint

Other Software Used

Palo Alto Networks Advanced Threat Prevention, Fortinet FortiGate

A strong endpoint solutions for microsoft ecosystem.

Incentivized
Verified User
Consultant in Information Technology (10,001+ employees employees)

Use Cases and Deployment Scope

In our organization, we use Microsoft Defender for Endpoint to protect against malware, phishing, and other advanced threats. It provides real-time threat detections and automated remediations. This application assists us in improving endpoint compliance and centralized control.

Pros

  • Endpoint detection and response.
  • Real time threat detection.
  • Centralized dashboard.
  • Role-based access.

Cons

  • High CPU usage, the application should be lighter.
  • Improvement needs in UI.
  • Rules customization in limited.
  • Mobile support is not as good as a desktop application.

Return on Investment

  • Strong Microsoft ecosystem.
  • Integrating multiple security tools.
  • Threat detections and remediations.
  • Licensing is expensive.

Usability

Return on Investment

In our organization, we primarily focus on the Microsoft ecosystem. We manage approximately 20,000 endpoints, such as laptops and virtual servers. Although we have Mac & Linux, it's very limited, as the majority of our infrastructure is based on Windows.

Alternatives Considered

Trellix Endpoint Security ENS and Cisco Secure Endpoint

Other Software Used

Sentinel, FortiClient

A simple no-nonsense EDR solution.

Incentivized
Verified User
Director in Information Technology (51-200 employees employees)

Use Cases and Deployment Scope

We use Microsoft Defender for Endpoint to help secure our endpoints and monitor our computer systems for potential threats. With the myriad vulnerabilities and malicious actors casting wide nets to threaten any computer indiscriminately, it is paramount to have a system in place to monitor and respond to these attacks actively. Microsoft Defender for Endpoint provides us the tools to monitor and react to incoming threats actively.

Pros

  • Fast detection of incoming threats.
  • Automatic response and disabling.
  • Alerting system.

Cons

  • Incident reporting.
  • Vulnerability assessments.
  • Automating deployment.

Return on Investment

  • Return on Investment.
  • Sense of security.
  • Being able to sleep at night.

Return on Investment

We have 97 devices that are onboarded to Microsoft Defender for Endpoint. This includes both Windows workstations as well as Windows Servers, hosted both locally and in Microsoft Azure. On top of that, Microsoft Defender for Endpoint monitors the network and has eyes on a total of 200 devices across our networks.

Alternatives Considered

BlackBerry Protect (CylancePROTECT)

Other Software Used

Microsoft 365 Business Premium, Sage 300

Related Products

Products similar to Microsoft Defender for Endpoint that may also meet your needs.
All comparisons
Symantec Endpoint Security
CompareLearn more
Sophos Intercept X
CompareLearn more
CrowdStrike Falcon
CompareLearn more