Microsoft Defender for Endpoint Reviews

Name: Microsoft Defender for Endpoint
Brand: Microsoft
Rating: 4.1 (197 reviews)

4.1 out of 5

197 reviews
94% willing to recommend

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks.

Get the Microsoft Defender for Endpoint Buyer's Guide and find out what your peers are saying about Microsoft Defender for Endpoint, CrowdStrike Falcon, Microsoft Intune and more!

Microsoft Defender for Endpoint is the #1 ranked solution in endpoint security software, #1 ranked solution in top Anti-Malware Tools, #3 ranked solution in EDR tools, #4 ranked solution in top Advanced Threat Protection (ATP) solutions, and #5 ranked solution in top Microsoft Security Suite solutions. PeerSpot users give Microsoft Defender for Endpoint an average rating of 8.2 out of 10. Microsoft Defender for Endpoint is most commonly compared to CrowdStrike Falcon: Microsoft Defender for Endpoint vs CrowdStrike Falcon. Microsoft Defender for Endpoint is popular among the large enterprise segment, accounting for 51% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 14% of all views.

Buyer's Guide

Microsoft Defender for Endpoint

August 2025

Get the report

Helped 865,384 peers since 2012

Featured Microsoft Defender for Endpoint reviews

John Rallo

IT Security Engineer at a financial services firm with 1,001-5,000 employees

Attack surface reduction and limiting attack surface vectors are valuable features. It's helpful to isolate specific devices and get super granular with the features they offer. The visibility into the attack surface is good. It gets highly granular. I don't work on that side, but the people who do tell me they get more visibility.

Read full review

reviewer2595933

Team manager of it department at a financial services firm with 501-1,000 employees

It was quite important to have extra security on our mobile platform because of geopolitical situations, as we are located close to some countries that represent a concern. Defender for Endpoint allows us automatic resolutions if a unit is compromised or if a user clicks a malicious link. Importantly, the experience of an automatic attack disruption is quite positive for the end users. They don't feel supervised, which is essential for mobile phones since they are more private than work computers. The auto-deployed anti-deception techniques are excellent because we have a large fleet on the Norwegian scale. We deployed it for 10,000 clients and about 5,000 servers in three months. Defender for Endpoint's coverage across different platforms in our environment is pretty good. We have devices running Linux, Mac OS, Windows, iOS, and Android. It covers all of them.

Read full review

Olufemi Ajala

Consultant at ACT4SERVICES

There are numerous tools available, but for organizations already using Microsoft, such as Office 365, Microsoft Defender for Endpoint focuses on securing environments and monitoring activities. Every environment faces different threats, whether from insider threats or countries attempting to steal data or assets. Microsoft Defender for Endpoint detects anomalies and provides best practices for resolving or mitigating specific risks. One of the best features of Microsoft Defender for Endpoint is its database for identifying zero-day attacks or malware attacks. The service runs continuously, even when users are offline. This enables me to receive notifications about irregularities, conduct investigations, and resolve issues, ultimately creating policies or procedures to prevent similar incidents. The solution offers real-time updates on ongoing attacks affecting assets or companies. It provides automatic detection of ransomware, spyware, or phishing attacks, which is crucial for preventing ransomware infiltration. It protects the cloud environment using AI and machine learning, enhancing speed. The built-in cost feature is important as expenses increase with additional features.

Read full review

Microsoft Defender for Endpoint mindshare

Product category:

As of August 2025, the mindshare of Microsoft Defender for Endpoint in the Endpoint Protection Platform (EPP) category stands at 10.2%, down from 13.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Endpoint Protection Platform (EPP)

PeerResearch reports based on Microsoft Defender for Endpoint reviews

Type	Title	Date
Category	Endpoint Protection Platform (EPP)	Aug 20, 2025	Download
Product	Reviews, tips, and advice from real users	Aug 20, 2025	Download
Comparison	Microsoft Defender for Endpoint vs CrowdStrike Falcon	Aug 20, 2025	Download
Comparison	Microsoft Defender for Endpoint vs SentinelOne Singularity Complete	Aug 20, 2025	Download
Comparison	Microsoft Defender for Endpoint vs Check Point Harmony Endpoint	Aug 20, 2025	Download

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	10.5%	96%	132 interviews Add to research
Microsoft Intune	4.1	N/A	94%	296 interviews Add to research

Valuable Features

Microsoft Defender for Endpoint's most valuable features include malware, ransomware protection, automatic updates, centralized management, integration with Windows, ease of use, threat intelligence, vulnerability management, and advanced hunting capabilities. It offers real-time threat detection, automated investigation, seamless integration with Microsoft products, and prioritization of threats across enterprises, boosting security posture and efficiency. Its user-friendly interface, continuous protection, and scalability make it ideal for varied environments.

"Microsoft Defender for Endpoint has significantly impacted our security posture."
"The feature I find most valuable in Microsoft Defender for Endpoint is that it blocks the process and keeps the endpoint from getting infected with malware."
"Microsoft Defender for Endpoint has changed significantly for the better."

Room for Improvement

Microsoft Defender for Endpoint's integration with third-party platforms, user interface, and reporting could improve. Its AI and threat detection capabilities need enhancement, and better support for non-Windows systems is needed. Licensing complexities and dashboard navigation pose challenges. Performance issues arise with older systems. More comprehensive threat intelligence and streamlined customization options are suggested. Scalability and resource usage could be optimized. Better support and training resources are needed to aid user understanding and deployment efficiency.

"I don't think it's scalable at this moment. It is doing what it's supposed to do, but Microsoft Defender for Endpoint isn't there yet."
"The log searches for Microsoft Defender for Endpoint are pretty difficult to navigate. It needs a better UI or more intuitive search and filter mechanisms to make it easy to get through and filter through all the data logs."
"The log searches for Microsoft Defender for Endpoint are pretty difficult to navigate. It needs a better UI or more intuitive search and filter mechanisms to make it easy to get through and filter through all the data logs."

ROI

Users report varying experiences with Microsoft's Defender for Endpoint, with some achieving financial benefits through consolidated security management and threat prevention. Several users have realized savings by reducing reliance on third-party solutions and lowering operational costs. Some indicate benefits in streamlining processes and improving security posture with features included in existing Microsoft licenses. Initial setup effort is acknowledged, but returns in threat management and operational efficiency are notable across user feedback, even if difficult to precisely quantify.

Pricing

Microsoft Defender for Endpoint offers flexible pricing, with options to purchase licenses individually or as part of bundles like Microsoft E5. For small enterprises, purchasing single licenses is advantageous. Costs vary by plan, but E5 includes comprehensive security features and is considered valuable. Pricing is competitive compared to standalone security solutions, though perceived expensive as a separate purchase. Enterprise agreements often make Defender cost-effective, especially when integrated with existing Microsoft services, offering significant savings and increased security capabilities.

"It's all pretty easy. For some clients, it's an easier sell because it's just an add-on to their existing Microsoft licensing and Office 365 licensing."
"It isn't cheap, but it's reasonable and fair."
"Given our extensive Microsoft licensing, transitioning to Defender for Endpoint did not affect licensing costs."

Popular Use Cases

Users primarily deploy Microsoft Defender for Endpoint to mitigate viruses, malware, and ransomware on personal or organizational devices. It serves as an antivirus and threat detection tool, providing endpoint protection across various operating systems. Integrated into the Windows ecosystem, it offers advanced threat protection and real-time monitoring, supporting multiple security functions like endpoint detection and response and cloud integration for broader data and network security management.

Service and Support

Many users find Microsoft Defender for Endpoint support competent and responsive. Those with premium contracts report better experiences due to faster responses. Some face delays or inconsistent support quality, particularly with basic levels. Users appreciate the vast online resources available, often resolving issues without direct support. While support can sometimes be slow and less effective at first contact, escalation usually leads to resolution. Overall, users rate it positively, highlighting knowledgeable staff and improved service.

Deployment

Many users found Microsoft Defender for Endpoint's setup straightforward and quick once proper procedures were in place. While some deployments encountered challenges, especially in complex environments, most installations were smooth, often completed within hours to a few days. The pre-installed nature with Windows simplified the process significantly. Some implementations required more time due to integration with other tools or networking complexities, yet users appreciated the intuitive setup, especially with familiarity and technical expertise.

Scalability

Microsoft Defender for Endpoint is often highlighted for its scalability. Many users have successfully deployed it across organizations of various sizes, citing it as easily expandable and integrated with cloud capabilities. Some users mention that scaling depends largely on proper licensing and integration, with room for improvement in managing multiple devices. Reports of large userbase deployments suggest that Microsoft Defender's cloud-based design significantly supports scalability in diverse environments.

Stability

Many users find Microsoft Defender for Endpoint stable, reliable, and efficient, though some mention issues during updates or with configuration. Reports highlight minimal resource usage and positive comparisons with other antivirus options. Some users face rare performance issues, often linked to specific configurations or system requirements, but these are not widespread. Overall, most users are satisfied with its stability and intend to continue using it, praising its seamless integration with Windows.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Microsoft Defender for Endpoint Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

14%

Manufacturing Company

Financial Services Firm

Government

Comms Service Provider

Educational Organization

University

Retailer

Healthcare Company

Construction Company

Energy/Utilities Company

Real Estate/Law Firm

Insurance Company

Non Profit

Legal Firm

Media Company

Hospitality Company

Wholesaler/Distributor

Performing Arts

Outsourcing Company

Transportation Company

Recreational Facilities/Services Company

Aerospace/Defense Firm

Consumer Goods Company

Pharma/Biotech Company

Compare Microsoft Defender for Endpoint with alternative products

Learn more about Microsoft Defender for Endpoint

With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to quickly investigate and respond to security incidents. It provides detailed insights into the attack timeline, enabling security teams to understand the scope and impact of an incident.

Microsoft Defender for Endpoint also offers proactive threat hunting, allowing organizations to proactively search for and identify potential threats within their network. It integrates seamlessly with other Microsoft security solutions, such as Microsoft Defender XDR, to provide a unified and holistic security approach. With its centralized management console, organizations can easily deploy, configure, and monitor the security solution across their entire network.

Microsoft Defender for Endpoint is a robust and scalable security solution that helps organizations protect their endpoints and data from evolving cyber threats.

Microsoft Defender for Endpoint was previously known as Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus.