CrowdStrike Falcon vs Microsoft 365 Defender comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Apr 23, 2023

We performed a comparison between Microsoft 365 Defender and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Microsoft 365 Defender’s setup is described as challenging at points, with users noting the need for more flexibility during the process. CrowdStrike Falcon’s deployment is described as very straightforward.
  • Features: Microsoft 365 Defender features an advanced threat hunting tab, allows for real-time threat management, and has an informative compliance dashboard. However, its limited integration abilities with third-party applications and vulnerability management need improvement. CrowdStrike Falcon has always-running real-time threat response capabilities, a self-explanatory UI, and endpoint monitoring. Its offline scanning ability, as well as the correlation of data in the search algorithms, need to be improved.
  • Pricing: The pricing of both solutions is described as reasonable and worthwhile, with users of CrowdStrike Falcon noting that its modular licensing can potentially be a bit expensive for smaller enterprises.
  • Service and Support: While the support teams of both solutions are generally highly rated, some users noted that the services can occasionally be subpar, depending on the agent their ticket is assigned to.
  • ROI: Users of both solutions see an ROI due to decreased detection time and reduced man-hours in incident resolving.

Comparison results: Based on the parameters we compared, CrowdStrike Falcon comes out ahead of Microsoft 365 Defender. While both offer threat-hunting and response features, 365 Defender’s inflexible third-party integration, as well as its lack of support at times leave room for improvement.

To learn more, read our detailed CrowdStrike Falcon vs. Microsoft 365 Defender Report (Updated: September 2023).
734,963 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"This is stable and scalable.""Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture.""Forensics is a valuable feature of Fortinet FortiEDR.""The product detects and blocks threats and is more proactive than firewalls.""Fortinet has helped free up around 20 percent of our staff's time to help us out.""It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward.""The solution was relatively easy to deploy.""The price is low and quite competitive with others."

More Fortinet FortiEDR Pros →

"Scalability hasn't been an issue for us.""Cyberattack detection is very good. We use it for detecting different vulnerabilities, such as ransomware, virus, and malware. It is a good product today when compared to Symantec that we used previously.""The most valuable feature of CrowdStrike Falcon is its accuracy.""All the features are beneficial.""I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution.""CrowdStrike Falcon's most valuable feature is the fact that it's not getting in the way of our workforce and their workflow.""Overall, what I found most valuable in CrowdStrike Falcon is its good mechanism. It also has a good reporting feature. CrowdStrike Falcon is an invaluable tool because, through it, you can take quick action, for example, when an OS is missing specific patches.""The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence."

More CrowdStrike Falcon Pros →

"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it.""Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability.""It gives a lot of flexibility in terms of configuration and customization as per the business requirements.""We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button.""Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis.""Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment.""We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks.""The EDR features are valuable. By getting the EDR features, we have more control over the device. We have information about events in real-time and more protection against zero-day threats and zero-day vulnerabilities. We can monitor every event or action that a device is going through. We can get an idea if it is something malicious or if we have to take any actions."

More Microsoft 365 Defender Pros →

Cons
"The solution is not stable.""The solution should address emerging threats like SQL injection.""We find the solution to be a bit expensive.""FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things.""I haven't seen the use of AI in the solution.""The support needs improvement.""Cannot be used on mobile devices with a secure connection.""The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."

More Fortinet FortiEDR Cons →

"The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool.""In the future release of CrowdStrike Falcon, they should add a sandbox feature.""The product could be more accurate in terms of performance.""Dashboard creation is one of the areas for improvement in CrowdStrike Falcon. Sometimes, management asks for a custom dashboard, so my team has to collect data from CrowdStrike Falcon, integrate that in Splunk, then create the dashboard in Splunk. The Splunk dashboard is more elaborate, so the CrowdStrike Falcon dashboard needs improvement. Another area for improvement in the tool is the malware detection report, as it needs to be more detailed and include some graphics so that if you want to present that data in a nutshell, it's easier to do. For example, the report should consist of some graphical representation that shows a month's worth of data. In terms of an additional feature I'd like CrowdStrike Falcon to have, it's the device posture assessment feature that detects the device posture within the network. Whichever device connects to the corporate network, my company should be able to analyze the device posture. Then there should be communication with the network, which means that as soon as a device connects, CrowdStrike Falcon can assess the device posture, detect its corporate asset, and decide whether it should be allowed on the network.""The technical support could improve because I am in India and the support I receive is from the UK or Australia. It is difficult to manage the time difference. The service could be faster. However, when we do have the support they are knowledgeable.""CrowdStrike Falcon could improve if it became an XDR. When we look only to an end-point, we lost the context of the environment. I know it's another line of design of the product. However, if CrowdStrike becomes an XDR, it could be very good.""I have experience with a product called SentinelOne, which has a feature that allows for the customization of query languages. I would like to see such a feature for CloudStrike.""CrowdStrike needs to quit making up stuff about its features and functionality to bash its competition."

More CrowdStrike Falcon Cons →

"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things.""The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports.""The support could be more knowledgable to improve their offering.""Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR.""The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete.""This solution could be improved if it included features such as those offered by Malwarebytes.""A simple dashboard without having to use MS Sentinel would be a welcome improvement.""The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."

More Microsoft 365 Defender Cons →

Pricing and Cost Advice
  • "The price is comprable to other endpoint security solutions."
  • "The pricing is typical for enterprises and fairly priced."
  • "I'm not familiar with pricing, but it looks a bit costly compared to other vendors I think."
  • "The pricing is good."
  • "I would rate the solution's pricing an eight out of ten."
  • "The hardware costs about €100,000 and about €20,000 annually for access."
  • "Fortinet FortiEDR has a yearly subscription."
  • "It's not cheap, but it's not expensive either."
  • More Fortinet FortiEDR Pricing and Cost Advice →

  • "The price of CrowdStrike Falcon could be better. It is very expensive, we pay approximately $900 per month for the licenses. There are not any additional fees."
  • "The cost of CrowdStrike Falcon could be reduced. It is quite expensive if you compare it to other solutions, such as Blue Coat, Symantec, McAfee, or Kaspersky."
  • "There is an annual license required to use this solution."
  • "We are on an annual subscription for the solution. There are not any additional costs."
  • "Annual licensing."
  • "The price of CrowdStrike Falcon is reasonable."
  • "The licensing model is straightforward. We choose the features we want and we then can download the package we want."
  • "There is no license required to use this solution."
  • More CrowdStrike Falcon Pricing and Cost Advice →

  • "Microsoft is not competitive with the pricing of the solution. The competitors are able to offer lower discounts. The price of the solution is higher."
  • "We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue."
  • "The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change."
  • "Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible."
  • "They have moved from a licensing model to pay-per-use... The question is: What happens if, for any reason, there's not enough budget to accept this model? That could be a great problem."
  • "Its licensing and pricing are handled by someone else. My role is limited to incidents or issues with the portal, but you get what you pay for. It is worth the cost."
  • "The solution is affordable, and we haven't been hit with any hidden costs. The subscription model is straightforward, and it's easy to understand how much additional features cost. If we need to cancel a license or feature, we do that well in advance to avoid being charged for it, but overall, the pricing and licensing are simple and easy."
  • "I would like to have more security features in the lower licenses because not every customer is able to buy E5 licenses. The bundling isn't always easy for our customers to understand. Compared to other tools, it's a good price."
  • More Microsoft 365 Defender Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
    734,963 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:I suggest Fortinet’s FortiEDR over FortiClient for several reasons. For starters, FortiEDR guarantees solid protection… more »
    Top Answer:Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close… more »
    Top Answer:The price is on the higher side. It's in the upper quadrant. The hardware costs about €100,000 and about €20,000… more »
    Top Answer:Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions… more »
    Top Answer:Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing… more »
    Top Answer:The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push… more »
    Top Answer:The comprehensiveness of Microsoft's threat detection is good.
    Top Answer:The cost of Microsoft products depends on several factors, including contract negotiations, the number of licenses… more »
    Top Answer:The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging… more »
    Comparisons
    Also Known As
    enSilo, FortiEDR
    CrowdStrike Falcon, CrowdStrike Falcon XDR
    Microsoft Threat Protection, MS 365 Defender
    Learn More
    Overview

    Fortinet FortiEDR is a real-time endpoint protection, detection, and automated response solution. Its primary purpose is to detect advanced threats to stop breaches and ransomware damage. It is designed to do so in real time, even on an already compromised device, allowing you to respond and remediate incidents automatically so your data can remain protected.

    Fortinet FortiEDR Features

    Fortinet FortiEDR has many valuable key features, including:

    • Easily customizable
    • Real-time proactive risk mitigation & IoT security
    • Pre-infection protection
    • Post-infection protection
    • Track applications and ratings
    • Reduce the attack surface with risk-based proactive policies
    • Achieve analysis of entire log history
    • Optional managed detection and response (MDR) service

    Fortinet FortiEDR Benefits

    Some of the key benefits of using Fortinet FortiEDR include:

    • Protection: Fortinet FortiEDR provides proactive, real-time, automated endpoint protection with the orchestrated incident response across platforms. It stops the breach with real-time postinfection blocking to protect data from exfiltration and ransomware encryption.

    • Single unified console: Fortinet FortiEDR has a single unified console with an intuitive interface, which makes management easier. The solution automates mundane endpoint security tasks so your employees don’t need to do it.

    • Cost savings: With Fortinet FortiEDR you can eliminate post-breach operational expenses and breach damage costs.

    • Flexibility: Fortinet FortiEDR can be deployed on premises or on a secure cloud instance. With Fortinet FortiEDR, endpoints are protected both on- and off-line.

    • Scalability: Because Fortinet can be deployed quickly and has a small footprint, it is easy to scale up to protect hundreds of thousand endpoints.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by Fortinet FortiEDR users.

    An Owner at a security firm says, "The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers. The customer has literally about 800 cash registers. That was the use case for Fortinet FortiEDR - to get that down into a tiny space. The only way to do that was to use this product because it had that ability to unbundle services that were a surplus.”

    Chandan M., Chief Technical Officer at Provision Technologies LLP, mentions, “The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration.” He also adds, “The security is also very good and the firewall response is good.”

    Harpreet S., Information Technology Support Specialist at Chemtrade Logistics, explains, "It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."

    DeAndre V., Senior Network Administrator at a financial services firm, states, “The dashboard is easy to follow and use. The deployment and uninstalling were easy. I like the detailed information about the path of a file that might be suspicious. Being able to check that out was easy to follow. Exceptions are easy to create and the interface is easy to follow with a nice appearance.

    CrowdStrike is the leader in cloud-delivered next-generation endpoint protection. CrowdStrike has revolutionized endpoint protection by being the first and only company to unify next-generation antivirus (AV), endpoint detection and response (EDR), and a 24/7 managed hunting service — all delivered via a single lightweight agent. 

    Many of the world’s largest organizations already put their trust in CrowdStrike, including three of the 10 largest global companies by revenue, five of the 10 largest financial institutions, three of the top 10 health care providers, and three of the top 10 energy companies.

    Request a free trial here: https://go.crowdstrike.com/try-falcon-prevent

    Microsoft 365 Defender, part of Microsoft’s XDR solution, leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, building a complete picture of each attack in a single dashboard. With this breadth and depth of clarity defenders can now focus on critical threats and hunt for sophisticated breaches, trusting that the powerful automation in Microsoft 365 Defender detects and stops attacks anywhere in the kill chain and returns the organization to a secure state.

    - Reduce signal noise by viewing prioritized incidents in a single dashboard. 

    - Use the automated investigation capabilities to spend less time on detection and response.

    - Take care of routine and complex remediation with Microsoft 365 Defender by auto-healing affected assets.

    - Hunt across all your data, leveraging your organizational knowledge with custom queries. 

    - Develop custom detection and response tools for long-term protection and improved security posture.

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Offer
    Learn more about Fortinet FortiEDR
    Get Fast and Easy Protection Against All Threats

    Protect your organization from all threats - not just malware - even when computers and servers aren’t connected to the internet. Start your free trial and deploy CrowdStrike Falcon within minutes to start receiving full threat protection.

    Learn more about Microsoft 365 Defender
    Sample Customers
    Financial, Healthcare, Legal, Technology, Enterprise, Manufacturing ... 
    Information Not Available
    Information Not Available
    Top Industries
    REVIEWERS
    Financial Services Firm24%
    Comms Service Provider12%
    University6%
    Educational Organization6%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Government8%
    Manufacturing Company7%
    Financial Services Firm7%
    REVIEWERS
    Computer Software Company20%
    Financial Services Firm18%
    Comms Service Provider8%
    Insurance Company6%
    VISITORS READING REVIEWS
    Computer Software Company14%
    Financial Services Firm10%
    Manufacturing Company8%
    Government8%
    REVIEWERS
    Manufacturing Company25%
    Computer Software Company19%
    Comms Service Provider13%
    Financial Services Firm13%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm11%
    Government9%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business37%
    Midsize Enterprise22%
    Large Enterprise41%
    VISITORS READING REVIEWS
    Small Business31%
    Midsize Enterprise19%
    Large Enterprise50%
    REVIEWERS
    Small Business33%
    Midsize Enterprise23%
    Large Enterprise43%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise18%
    Large Enterprise57%
    REVIEWERS
    Small Business44%
    Midsize Enterprise16%
    Large Enterprise40%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    Buyer's Guide
    CrowdStrike Falcon vs. Microsoft 365 Defender
    September 2023
    Find out what your peers are saying about CrowdStrike Falcon vs. Microsoft 365 Defender and other solutions. Updated: September 2023.
    734,963 professionals have used our research since 2012.

    CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 50 reviews while Microsoft 365 Defender is ranked 4th in Extended Detection and Response (XDR) with 37 reviews. CrowdStrike Falcon is rated 8.6, while Microsoft 365 Defender is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Robust threat hunting and great ability to do on-keyboard remote response and quarantining of devices". On the other hand, the top reviewer of Microsoft 365 Defender writes "Includes four services and four products, which can help organizations a lot". CrowdStrike Falcon is most compared with Microsoft Defender for Endpoint, Darktrace, Trend Micro Deep Security, SentinelOne Singularity Complete and Kaspersky Endpoint Security for Business, whereas Microsoft 365 Defender is most compared with Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Microsoft Sentinel, Trend Micro XDR and Cortex XDR by Palo Alto Networks. See our CrowdStrike Falcon vs. Microsoft 365 Defender report.

    See our list of best Extended Detection and Response (XDR) vendors and best EDR (Endpoint Detection and Response) vendors.

    We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.