No more typing reviews! Try our Samantha, our new voice AI agent.

DeepArmor vs Microsoft Defender for Endpoint comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Protection Platform (EPP)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
DeepArmor
Ranking in Endpoint Protection Platform (EPP)
61st
Average Rating
2.0
Number of Reviews
1
Ranking in other categories
No ranking in other categories
Microsoft Defender for Endp...
Ranking in Endpoint Protection Platform (EPP)
1st
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
212
Ranking in other categories
Advanced Threat Protection (ATP) (5th), Anti-Malware Tools (1st), Endpoint Detection and Response (EDR) (3rd), Microsoft Security Suite (3rd)
 

Mindshare comparison

As of July 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.8%, up from 3.7% compared to the previous year. The mindshare of DeepArmor is 0.3%, up from 0.1% compared to the previous year. The mindshare of Microsoft Defender for Endpoint is 6.8%, down from 10.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP) Mindshare Distribution
ProductMindshare (%)
Microsoft Defender for Endpoint6.8%
Cortex XDR by Palo Alto Networks3.8%
DeepArmor0.3%
Other89.1%
Endpoint Protection Platform (EPP)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Muhammad Fahad - PeerSpot reviewer
Manager Tech. & Support (Information Technology) at Texitech
Security needs improvement and email scanning features are not included
The email scanning feature is not available in DeepArmor. We cannot use this for email scanning. There are many options that are not available in DeepArmor. We cannot use separate applications for different internet applications or for different internet scanning. This is why we cannot use it. I would like to see additional features such as email scanning, which should be included, or malware detections, and other cybersecurity features should be included. It could also be more secure.
Robert Arbuckle - PeerSpot reviewer
Security Analyst III at a healthcare company with 10,001+ employees
Automatically isolates threats and integrates with logging to reduce response time
Overall, I would evaluate the Microsoft support level that I receive at probably about a seven, but that depends on the day. It has been spotty. We have had issues where the urgency level of the Microsoft support is not as high as ours, especially during a data breach or potential data breach situation. We have had issues with some of the offshore support being lackluster. One specific thing that comes to mind is we were on a support call with our CISO on the call, and the Microsoft agent, who did not actually work for Microsoft, is one of the vendors that Microsoft uses for support, said, "Just to set expectations, my lunch break is in an hour and I am going to go away then." For us, it was already ten o'clock at night and we had been working on this for a couple of hours, trying to get a security engineer on with us. For him to tell us that he was going to go away and have lunch, it was, "Okay, but go find somebody else if you need to." It was just the lackluster approach, and it seemed like he did not really care. We seem to get a lot of this when we get non-Microsoft support. I can identify areas for improvement with Microsoft Defender for Endpoint, as it is kind of a convoluted mess to try to take care of false positives. Especially when they have been identified as false positives but they keep going off over and over again. It is great for my pocketbook because it generates a lot of on-call action, but I would really prefer more sleep at two o'clock in the morning than dealing with false positives. I would say that the unified portal for managing Microsoft Defender for Endpoint is suitable for both teams as they are all in there. It would be great if they would stop moving things around and renaming things, which makes sense. The new XDR portal is pretty nice. Being able to have it central again inside of the regular Security Center without having to open up two windows is helpful. Overall, I think it is pretty good. There is always going to be something that could be improved, such as alerting and the ability to modify alerts would be a little bit helpful to have. Being able to add more data into the alerts and turn off alerts that are not as useful would be beneficial. It is hard to say what the quantitative impact the security exposure management feature has had on our company's security, because a lot of it is kind of subjective. I think we are sitting at around a fifty percent score still, and a lot of it is just kind of unusual circumstances that we cannot really implement without breaking the organization.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's very stable. I've never experienced downtime for the ASM console or ASM core."
"The product's most valuable features are massive user and feature intelligence exploit detection."
"It'll not slow down your system when compared to others."
"My advice for anybody who is considering Cortex XDR is that it is a complete solution, and has very good features."
"We think that this product will help us grow, as it meets our needs currently and we can grow with it over time."
"There are a lot of lead solutions in this space, however, Palo Alto is number one."
"Once you become familiar with it, Cortex XDR by Palo Alto Networks is a more powerful tool and I would say that I prefer it over MDE because it is a stronger tool for me."
"I've found the solution to be highly scalable for enterprises."
"It is easy to install."
"It's really stable. I've used a lot of stuff, a lot of products, like ESET and Kaspersky. None of them are comparable with this one. This one is much better."
"The antivirus features are very useful."
"What I like best is that it is part of the operating system, as opposed to a third-party application."
"Since we started using this product, we have not had any breaches."
"I like Defender's reporting and logging features. The email alerts are also helpful. It's hard sometimes to sift through the email, especially if you're an IT firm managing hundreds if not thousands of endpoints, but we find email reporting useful. For example, last Tuesday, we learned of new vulnerabilities that were discovered as a result of the previous patches. The endpoints without those patches triggered alerts in Defender."
"The solution's main antivirus capabilities are okay, and so far they have kept us safe."
"It is easy to use because it is already pre-installed in Windows 10."
"The main thing I like about Microsoft Defender for Endpoint is that you can integrate it with or deploy it with Intune, so it's really easy to deploy without needing to bring in any third-party solution."
 

Cons

"We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky."
"The connection to the internet has not performed as expected."
"It's very time-consuming to log support issues and the people that answer the tickets aren't very knowledgeable."
"Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere."
"Cortex XDR by Palo Alto Networks could improve by adding a sandbox feature to better compete with their competitors which have it."
"Based on our experience so far, its implementation is quite complex."
"I think sometimes Cortex XDR agent automatically stops event capturing from the device, and then even the dashboard does not get any notifications from the agent."
"It'll help if customization was easier."
"The email scanning feature is not available in DeepArmor. We cannot use this for email scanning."
"Sometimes, there are difficulties in downloading a file considered as malicious."
"The application control feature requires improvement."
"I would like to see fewer pop messages and alerts. It's disturbing when you have that many alerts."
"There is room to improve the security of the solution."
"Windows Firewall is integrated with Windows Defender. Over the last few days, I have had a problem with defining a wildcard on Windows Firewall. For example, I wanted to pull out the connection of my program and install a software package with a lot of executable files. I wanted to prevent it from accessing the internet. I could not select executables by using a wildcard. I had to select a single executable with its full name."
"We are having calls and calls with Microsoft for getting rid of all configuration conflicts that we have."
"The solution could always be more secure."
"The system can always be simplified and have a better integration check."
 

Pricing and Cost Advice

"The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase."
"Cortex XDR’s pricing is very reasonable."
"Licensing for Palo Alto Networks Cortex XDR can be costly, especially when it comes to a hundred users. A license is required for each user, and the subscription must be renewed on a yearly basis."
"It has a yearly renewal."
"Cortex XDR's pricing is ok."
"It is "expensive" and flexible."
"Cortex XDR by Palo Alto Networks is an expensive solution."
"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
"There are licensing fees."
"The cost is high, compared to other products in the market, if you look at it as a separate product. If you look at the cost where it is part of a bundle, the cost is okay."
"Defender doesn't cost that much. When you use Microsoft technology, you can start with the free version and see how much the technology helps your organization solve security problems before you use the subscription. They also do this pay-as-you-go model, so you only pay when you use it."
"If you don't purchase the advanced threat protection then there is no additional charge."
"Even if you are not registered as a not-for-profit, the offering that they have is definitely worth consideration. This is in the sense that the E5 stack just gives you so many benefits. You get your entire productivity suite through Microsoft 365 apps. You get all your security and identity protection. You get the Defender for Endpoint and Defender for Identity. You get the cloud access security broker as well. You get Azure Active Directory Premium P2, which gives you so many good things that you can configure and deploy. You don't have to configure them on day one, but you have access to so many different tools that will protect your data, security, endpoints, and identities that you could build out a security strategy 18 months long, and slowly work your way through it, based on what you have available to you through your license."
"Microsoft Defender for Endpoint is an expensive solution."
"The license for Microsoft Defender for Endpoint is included in the license for the Microsoft Windows operating system."
"You need a license to use this solution."
"It came with Windows."
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
904,836 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
No data available
Manufacturing Company
10%
Financial Services Firm
9%
Computer Software Company
9%
Comms Service Provider
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
No data available
By reviewers
Company SizeCount
Small Business82
Midsize Enterprise45
Large Enterprise96
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
Ask a question
Earn 20 points
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior sol...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never pu...
What is your experience regarding pricing and costs for Microsoft Defender for Endpoint?
We have been discussing pricing, setup cost, and licensing, and we are currently on an E3. We are discussing going to...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
AV-Comparatives
Petrofrac, Metro CSG, Christus Health
Find out what your peers are saying about Microsoft, CrowdStrike, SentinelOne and others in Endpoint Protection Platform (EPP). Updated: June 2026.
904,836 professionals have used our research since 2012.