Microsoft Defender for Endpoint Reviews

Name: Microsoft Defender for Endpoint
Brand: Microsoft
Rating: 4.1 (210 reviews)

Vendor: Microsoft

4.1 out of 5

210 reviews
95% willing to recommend

Leave a review

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks.

Get the Microsoft Defender for Endpoint Buyer's Guide and find out what your peers are saying about Microsoft Defender for Endpoint, CrowdStrike Falcon, Microsoft Intune and more!

Microsoft Defender for Endpoint is the #1 ranked solution in top Anti-Malware Tools, #2 ranked solution in endpoint security software, #2 ranked solution in EDR tools, #3 ranked solution in top Advanced Threat Protection (ATP) solutions, and #3 ranked solution in top Microsoft Security Suite solutions. PeerSpot users give Microsoft Defender for Endpoint an average rating of 8.2 out of 10. Microsoft Defender for Endpoint is most commonly compared to CrowdStrike Falcon: Microsoft Defender for Endpoint vs CrowdStrike Falcon. Microsoft Defender for Endpoint is popular among the large enterprise segment, accounting for 50% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 12% of all views.

Buyer's Guide

Microsoft Defender for Endpoint

December 2025

Get the report

Helped 879,259 peers since 2012

Featured Microsoft Defender for Endpoint reviews

Robert Arbuckle

Security Analyst III at a healthcare company with 10,001+ employees

I find the entire Microsoft Defender for Endpoint valuable because it finds not just definition-based threats but also behaviors. The ability to isolate machines automatically is crucial. During a recent data breach, it saw the accounts doing bad things. It was not just Microsoft Defender for Endpoint, it was all the Defender pieces working together, and it automatically isolated the accounts. They do not call it isolate in Identity; they call it something else. But it automatically basically turned those IDs off so they could not do anything and tried to help us prevent the data breach from being worse than it was. When we first brought Microsoft Defender for Endpoint in, within about a month, we got an alert that one of our servers was breached, and it was a pretty good use case for the XDR. Traditional antivirus never would have seen it, but the EDR picked it up pretty quickly. The logs go into our SIEM without needing to put an agent on all the computers to collect the logs anymore because they are already being collected by Microsoft Defender for Endpoint agent and shipped up to our SIEM. So we can go through there and grab most of the logs we need. That has cut down on some of our SIEM spend because it is already there. We do not have to send all those logs into Splunk anymore. Now we send everything central. The integrated product in general, all the pieces of it are put together. It is all Microsoft products, and it is pretty easy. The experience of managing unified endpoint settings across both security and IT teams with Microsoft Defender for Endpoint is pretty simple. Microsoft Defender for Endpoint portal is pretty simple to set most of that up. A lot of that is handled by other teams in our department. I do not do a lot with the actual configuration of endpoints. I deal mostly with the SIEM and response to alerts and responses instead of actual configuration. Microsoft Defender for Endpoint has helped reduce mean time to remediation. Being able to isolate the device, once we isolate it, it is kind of remediated for the most part, and then it is just cleanup. That is a feature we did not have with Symantec, so it is a really nice piece to have.

Read full review

Jason Twaddle

Solutions Architect at Marco

The main thing I like about Microsoft Defender for Endpoint is that you can integrate it with or deploy it with Intune, so it's really easy to deploy without needing to bring in any third-party solution. From there, we can integrate it into our management platform, so I think ease of deployment is probably our biggest advantage because once we have the data, we can use other tools to help analyze it, and we do use Microsoft as well. We leverage Intune to help deploy Microsoft Defender for Endpoint, so having that single platform makes our job easier compared to the past, where we had to have line of sight to it, needing VPN, or any of that, because now the device just needs internet. I don't get that far into the automatic attack disruption feature in Microsoft Defender for Endpoint, but from what the team tells me, they appreciate it. As far as I know, we are using the security exposure management feature of Microsoft Defender for Endpoint to optimize our security configurations. Microsoft Defender for Endpoint has helped free up our SOC team to work on other projects or tasks. We saved about 20 percent of their time with Microsoft Defender for Endpoint. The mean time to remediate has been lowered with Microsoft Defender for Endpoint. I have no idea how much it has been lowered, but I can say it's approximately 25 percent.

Read full review

UsmanFarooqi

Assistant Director, Hybrid Infrastructure & Operations at a insurance company with 501-1,000 employees

We find the features of Microsoft Defender for Endpoint valuable because we use it in a Windows shop, so it fits in nicely rather than buying another solution. The advantages of using Microsoft Defender for Endpoint are that it fits into the entire ecosystem. We use Intune for MDM and all of that, so we can manage everything from the server side. We have had some challenges with the Linux side, but otherwise we have been fine. From using Microsoft Defender for Endpoint, the benefits we have seen are the ease of use and the management because the team is already accustomed to it. We are in the entire Microsoft ecosystem using M365 and all of that, so it fits in nicely with all of the products. Our team manages unified endpoint settings across both security and IT teams with Microsoft Defender for Endpoint, and it has been quite good. The way it links into Sentinel is helpful because we do a lot of KQL queries and Sentinel is used by both the security team and the infrastructure side. Through that, we can collaborate and see what is going on. On top of that, we have a managed XDR solution from another provider on the same console, providing a single pane of glass. Microsoft Defender for Endpoint has helped free up our SOC team to work on other projects or tasks. However, we were pretty new to it and were concerned that we might misconfigure something or not be able to take advantage of it, so we hired a third party for the MXDR. Within the next two to three years, we plan to bring it all in-house, at which point we can definitely save a lot of time. Right now we are already paying somebody to do it.

Read full review

Microsoft Defender for Endpoint mindshare

Product category:

As of December 2025, the mindshare of Microsoft Defender for Endpoint in the Endpoint Protection Platform (EPP) category stands at 8.7%, down from 11.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Endpoint Protection Platform (EPP) Market Share Distribution
Product	Market Share (%)
Microsoft Defender for Endpoint	8.7%
CrowdStrike Falcon	7.4%
HP Wolf Security	6.2%
Other	77.7%

Endpoint Protection Platform (EPP)

PeerResearch reports based on Microsoft Defender for Endpoint reviews

Type	Title	Date
Category	Endpoint Protection Platform (EPP)	Dec 29, 2025	Download
Product	Reviews, tips, and advice from real users	Dec 29, 2025	Download
Comparison	Microsoft Defender for Endpoint vs CrowdStrike Falcon	Dec 29, 2025	Download
Comparison	Microsoft Defender for Endpoint vs SentinelOne Singularity Complete	Dec 29, 2025	Download
Comparison	Microsoft Defender for Endpoint vs Check Point Harmony Endpoint	Dec 29, 2025	Download

Valuable Features

Microsoft Defender for Endpoint's most valuable features include robust malware detection, auto-remediation, ransomware protection, and threat intelligence. Its deep integration with Windows and Microsoft services like Azure and Office 365 provides strong protection with minimal impact on performance. The centralized management, automation of responses, and extensive threat visibility make it a comprehensive EDR solution. Users value its ease of use, quick updates, and the ability to prioritize and manage threats efficiently.

"Microsoft Defender for Endpoint has helped free up my SOC team to work on other projects and tasks, and the automated reporting and dashboarding has saved them a lot of time, amounting to several man-hours."
"Microsoft Defender for Endpoint has been leading the field in EDR, and there are so many benefits to how that is managed versus the traditional products; that's huge."
"The main thing I like about Microsoft Defender for Endpoint is that you can integrate it with or deploy it with Intune, so it's really easy to deploy without needing to bring in any third-party solution."

Room for Improvement

Microsoft Defender for Endpoint users report concerns with slow customer service and performance issues, including computer slowdowns and internet connectivity problems after installation. Users find the interface complex and desire better reporting, customization, and pricing. They want improved ransomware protection, deeper integrations with third-party tools, and better behavior-based analytics. Some users struggle with licensing complexity and require enhanced engagement from support. More security features and consistent updates are needed to address evolving cybersecurity threats.

"More hooks and more reporting would be beneficial. More proactive reporting would be ideal."
"What I think can be improved on Microsoft Defender for Endpoint is that the whitelisting abilities are pitiful, and the understanding of how you go about doing that by the support techs that you speak with is really bad, so that I think is an area where Microsoft Defender for Endpoint needs improvement; the understanding and support of that and what actually works is pretty buggy."
"When you get the right person that knows what you are asking the first time, it is excellent. However, when you get someone who may be new or just switched into that role, it can be less effective."

ROI

Many users report a positive return on investment from Microsoft Defender for Endpoint due to its integration and elimination of third-party costs. Savings come from reduced expenses on antivirus, centralized management, and increased efficiency. Although some have not yet realized full financial benefits, the comprehensive security features and threat protection offer substantial cost advantages over potential ransomware or malware impacts, and users appreciate the time-saving aspects, which enhance overall operations.

Pricing

Microsoft Defender for Endpoint pricing varies significantly depending on licensing and organizational needs. Many users find it affordable since it's bundled with Windows, while others highlight costs associated with advanced features like centralized management using E5 or Office 365 plans. Monthly or yearly licensing options offer flexibility, and enterprise agreements can reduce costs. Despite perceptions of high costs for standalone purchases, integrating Defender as part of Microsoft packages generally enhances cost-effectiveness.

"It's all pretty easy. For some clients, it's an easier sell because it's just an add-on to their existing Microsoft licensing and Office 365 licensing."
"It isn't cheap, but it's reasonable and fair."
"Given our extensive Microsoft licensing, transitioning to Defender for Endpoint did not affect licensing costs."

Popular Use Cases

Organizations primarily utilize Microsoft Defender for Endpoint to protect against viruses, malware, and ransomware. It serves as an antivirus solution, aids in threat detection, endpoint protection, and ensures data security. Users appreciate its integration with Windows systems for seamless cybersecurity management. It is also employed for endpoint detection and response (EDR), safeguarding against phishing attacks, and monitoring potential vulnerabilities.

Service and Support

The customer service and support for Microsoft Defender for Endpoint receive mixed feedback. Many users find the technical support responsive and knowledgeable, with ratings often between seven and ten. However, some users experience delays and inconsistent support quality, particularly with lower-tier levels. Level of satisfaction frequently depends on the support package purchased, with premium packages offering faster and better service. Users appreciate the availability of resources and documentation, which help in resolving issues independently.

Deployment

Microsoft Defender for Endpoint's initial setup is generally straightforward and simple, often pre-installed with Windows. Many users find the installation process quick, with minimal configuration required. For some, setup integration with existing infrastructures can be complex, especially in larger networks or when additional third-party tools are involved. Users appreciate that once deployed, maintenance is minimal. Initial configuration varies in complexity depending on network size, existing solutions, and specific organizational needs.

Scalability

Microsoft Defender for Endpoint is recognized for its scalability, with many organizations noting its ability to accommodate a diverse range of users and devices. Cloud-based infrastructure supports effortless expansion and integration with other services, enabling seamless growth from small to enterprise levels. Users appreciate its adaptability across various environments and its capacity for increasing user endpoints. While some have concerns, most agree it's efficient in managing large-scale deployments and evolves to meet dynamic needs effectively.

Stability

Microsoft Defender for Endpoint is widely regarded as stable, performing well without affecting system resources. Many users find it reliable and comparable to other security solutions, with few experiencing issues like CPU overload or memory consumption, particularly in low-resource environments. Rare minor problems, such as visual glitches or syncing issues, are reported but typically resolved. Stability often aligns with correct configuration and up-to-date Windows systems, though frequent updates occasionally introduce temporary bugs.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Microsoft Defender for Endpoint Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	74
Midsize Enterprise	37
Large Enterprise	81

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	1800
Midsize Enterprise	1004
Large Enterprise	2807

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

12%

Manufacturing Company

Financial Services Firm

Government

Comms Service Provider

Educational Organization

Retailer

University

Healthcare Company

Construction Company

Energy/Utilities Company

Insurance Company

Real Estate/Law Firm

Outsourcing Company

Non Profit

Media Company

Legal Firm

Hospitality Company

Performing Arts

Wholesaler/Distributor

Transportation Company

Aerospace/Defense Firm

Recreational Facilities/Services Company

Pharma/Biotech Company

Consumer Goods Company

Logistics Company

Marketing Services Firm

Compare Microsoft Defender for Endpoint with alternative products

Learn more about Microsoft Defender for Endpoint

With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to quickly investigate and respond to security incidents. It provides detailed insights into the attack timeline, enabling security teams to understand the scope and impact of an incident.

Microsoft Defender for Endpoint also offers proactive threat hunting, allowing organizations to proactively search for and identify potential threats within their network. It integrates seamlessly with other Microsoft security solutions, such as Microsoft Defender XDR, to provide a unified and holistic security approach. With its centralized management console, organizations can easily deploy, configure, and monitor the security solution across their entire network.

Microsoft Defender for Endpoint is a robust and scalable security solution that helps organizations protect their endpoints and data from evolving cyber threats.

Microsoft Defender for Endpoint was previously known as Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus.

Product Demo

Microsoft Defender for Endpoint customers

Petrofrac, Metro CSG, Christus Health

Product Categories

Endpoint Protection Platform (EPP)

Advanced Threat Protection (ATP)

Anti-Malware Tools

Endpoint Detection and Response (EDR)

Microsoft Security Suite

Popular Comparisons

CrowdStrike Falcon vs Microsoft Defender for Endpoint

Microsoft Intune vs Microsoft Defender for Endpoint

Microsoft Entra ID vs Microsoft Defender for Endpoint

Microsoft Defender for Office 365 vs Microsoft Defender for Endpoint

Fortinet FortiEDR vs Microsoft Defender for Endpoint

Microsoft Defender for Cloud vs Microsoft Defender for Endpoint

Microsoft Sentinel vs Microsoft Defender for Endpoint

SentinelOne Singularity Complete vs Microsoft Defender for Endpoint

IBM Security QRadar vs Microsoft Defender for Endpoint

HP Wolf Security vs Microsoft Defender for Endpoint

Microsoft Purview Data Governance vs Microsoft Defender for Endpoint

Cortex XDR by Palo Alto Networks vs Microsoft Defender for Endpoint

Microsoft Defender XDR vs Microsoft Defender for Endpoint

Elastic Security vs Microsoft Defender for Endpoint

Tanium vs Microsoft Defender for Endpoint

See all alternatives

Microsoft Defender for Endpoint Reviews Summary
Author info	Rating	Review Summary
Security Analyst III at a healthcare company with 10,001+ employees	4.0	We switched to Microsoft Defender for Endpoint due to licensing convenience and dissatisfaction with Symantec. It’s effective and integrates well, though support can be inconsistent and false positives frustrating. Overall, it’s a solid, cost-effective solution for our needs.
Solutions Architect at Marco	4.0	I've found Microsoft Defender for Endpoint easy to deploy with Intune, effective in reducing SOC workload and remediation time, cost-efficient, and stable; overall, it's streamlined our security operations and I’d rate it a solid 9 out of 10.
Assistant Director, Hybrid Infrastructure & Operations at a insurance company with 501-1,000 employees	4.0	We've used Microsoft Defender for Endpoint for years; it integrates well with our Microsoft ecosystem, though it's weak on Linux support and pricey. While overall effective, we’re exploring alternatives for better value and cloud-focused capabilities.
Consultant at ACT4SERVICES	4.5	I use Microsoft Defender for Endpoint for threat hunting in Azure environments, employing KQL for analysis. While it offers robust real-time protection against zero-day and malware attacks, new users could benefit from more video guidance on its features.
Cybersecurity Operation Manager at Arsenalia	4.0	I've used Microsoft Defender for Endpoint for two years; its strong integration with Microsoft 365 simplifies monitoring and incident response. Setup was easy via Intune, automation helps reduce MTTR, and the solution offers great value within our existing ecosystem.
Principal Consultant - Cloud Security at a outsourcing company with 201-500 employees	4.0	I've found Microsoft Defender for Endpoint effective for attack surface reduction and automation, offering solid integration and unification benefits, though some features still need work; overall, it's stable, time-saving, and provides good ROI when fully leveraged.
Director, Network & Cloud Infrastructure at a legal firm with 501-1,000 employees	4.5	I've used Microsoft Defender for Endpoint for four years; it's stable, integrates well, and provides great visibility, though whitelisting needs work. It helps reduce remediation time and risks across our Windows devices, offering solid value as part of our E5 license.
Server & , Cis 2 Cloud Infrastructure Specialist at a financial services firm with 1,001-5,000 employees	4.0	I've used Microsoft Defender for Endpoint for five years and found it stable, scalable, and easy to deploy, saving significant man-hours through automation. It provides strong endpoint protection from day one across all devices.

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	7.4%	97%	136 interviews Add to research
Microsoft Intune	4.1	N/A	94%	305 interviews Add to research

Microsoft Defender for Endpoint Reviews

What is Microsoft Defender for Endpoint?

Featured Microsoft Defender for Endpoint reviews

Microsoft Defender for Endpoint mindshare

PeerResearch reports based on Microsoft Defender for Endpoint reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Microsoft Defender for Endpoint with alternative products

Learn more about Microsoft Defender for Endpoint

Product Demo

Microsoft Defender for Endpoint customers

Related questions

Product Categories

Popular Comparisons