We performed a comparison between Microsoft Defender for Cloud Apps and Microsoft Defender for Endpoint based on real PeerSpot user reviews.
Find out in this report how the two Advanced Threat Protection (ATP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the alerting system."
"The most valuable feature is the ease of management. It's important."
"The solution does not affect a user's workflow."
"The product’s most valuable feature is SQL database."
"The most valuable feature is its policy implementation."
"The product helps us with privileged identity management to control who has access to what and for how long."
"Shadow IT discovery is the feature I like the most."
"The ability to prevent users from using certain applications is one of the most valuable features. It doesn't require any configuration for implementation from the client perspective. It just works right away and gives you the information you need."
"The most valuable feature is ransomware protection, which can detect malicious activity from IPs or a malicious payload in DLLs, or other things that can corrupt the system."
"The antivirus features are very useful."
"Because it has been integrated with the OS, we get the entire software inventories, and we even get access to the registries. Those are the primary features."
"The solution is highly scalable."
"It's a very complete application. I have all the controls in one site. I can track emails, attacks, and threats, and I can research information. I really like this configuration because I have all the information in place."
"We have liked the fact that it comes with Microsoft Windows 10 and it is constantly updated with all new virus definitions. It is also updated with new security features on a regular basis."
"Microsoft Defender for Endpoint is different from other security tools because we can configure it to use multiple types of scanning or archiving."
"It performs well. The stability is seamless."
"The response time could be better. It will be helpful if the alerts are even more proactive and we can see more data. Currently, the data is a little bit weak. It is not complete. I can't just see it and completely know which user or which device it is. It takes some effort and time on my part to investigate and isolate a user. It would be great if it is more user-friendly or easy for people to understand."
"I would prefer to have filtering options incorporated within the policies, enabling the solution to perform tasks beyond mere blocking or allowing."
"There could be more granular roles that are out of the box included in the product."
"They need to improve the attack surface reduction (ASR) rules. In the latest version, you can implement ASR rules, which are quite useful, but you have to enable those because if they're not enabled, they flag false positives. In the Defender portal, it logs a block for WMI processes and PowerShell. Apparently, it's because ASR rules are not configured. So, you generally have to enable them to exclude, for example, WMI queries or PowerShell because they have a habit of blocking your security scanners. It's a bit weird that they have to be enabled to be configured, and it's not the other way around."
"We sometimes get errors when we create policies, which is somewhat annoying because some policies stop working due to misconfigurations. We find this challenging because it limits our options for troubleshooting an issue."
"It takes some time to scan and apply the policies when there is some sensitive information. After it applies the policies, it works, but there is a delay. This is something for which we are working with Microsoft."
"This service would be better if it had a separate license, only for this service, that could be used to track usage."
"Defender for Cloud Apps could come with more configured policies out of the box. Also, integration could be easier. Integration is moderately difficult because Microsoft hasn't developed a solution that unifies device onboarding and management. You have to use Intune to manage devices and Defender for Endpoint to enforce policies. They need to fix their integration, but I believe they will straighten it out by the end of the year."
"The solution has minimal customization options, especially compared to Mandiant, so we want to see more scope for customization. A single portal for customization would also be a welcome addition."
"Microsoft Defender for Endpoint could improve by providing more user-friendly dashboards. They may be complicated for some."
"With the XDR dashboard, when you're doing an investigation and you're drilling down to obtain further details it tends to open many different tabs that take you away from your main tabs. You can end up having 10 tabs open for one investigation. This is another area for improvement because you can end up getting lost in the multiple tabs. Therefore, the central console can be improved so that it does not take you to several different pages for each investigation."
"Other vendors provide a lot of customization when it comes to integration, which every big organization requires. No big organization depends on one particular tool. Defender lacks that at this point."
"In the next release, I would like to see better management reporting."
"Its detection is not as quick. There should also be more frequent updates."
"The time it takes to restore the application could be improved. It has a lot of dependencies. It's not like the Microsoft security that comes with the OS. Updating through the command prompt, most of the time, it takes some time to download some of these dependencies."
"It could be easier when it comes to managing exceptions."
More Microsoft Defender for Cloud Apps Pricing and Cost Advice →
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Cloud Apps is ranked 11th in Advanced Threat Protection (ATP) with 30 reviews while Microsoft Defender for Endpoint is ranked 2nd in Advanced Threat Protection (ATP) with 182 reviews. Microsoft Defender for Cloud Apps is rated 8.4, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Microsoft Defender for Cloud Apps writes "Integrates well and helps us in protecting sensitive information, but takes time to scan and apply the policies and cannot detect everything we need". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". Microsoft Defender for Cloud Apps is most compared with Zscaler Internet Access, Cisco Umbrella, Netskope , Prisma Access by Palo Alto Networks and Qualys VMDR, whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, CrowdStrike Falcon, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks. See our Microsoft Defender for Cloud Apps vs. Microsoft Defender for Endpoint report.
See our list of best Advanced Threat Protection (ATP) vendors and best Microsoft Security Suite vendors.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
