No more typing reviews! Try our Samantha, our new voice AI agent.

Microsoft Defender for Endpoint vs Microsoft Entra Workload ID comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender for Endp...
Ranking in Microsoft Security Suite
3rd
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
212
Ranking in other categories
Endpoint Protection Platform (EPP) (1st), Advanced Threat Protection (ATP) (5th), Anti-Malware Tools (1st), Endpoint Detection and Response (EDR) (3rd)
Microsoft Entra Workload ID
Ranking in Microsoft Security Suite
30th
Average Rating
8.0
Reviews Sentiment
4.6
Number of Reviews
3
Ranking in other categories
Identity and Access Management as a Service (IDaaS) (IAMaaS) (21st)
 

Mindshare comparison

As of July 2026, in the Microsoft Security Suite category, the mindshare of Microsoft Defender for Endpoint is 7.0%, down from 8.7% compared to the previous year. The mindshare of Microsoft Entra Workload ID is 0.8%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Microsoft Security Suite Mindshare Distribution
ProductMindshare (%)
Microsoft Defender for Endpoint7.0%
Microsoft Entra Workload ID0.8%
Other92.2%
Microsoft Security Suite
 

Featured Reviews

Robert Arbuckle - PeerSpot reviewer
Security Analyst III at a healthcare company with 10,001+ employees
Automatically isolates threats and integrates with logging to reduce response time
Overall, I would evaluate the Microsoft support level that I receive at probably about a seven, but that depends on the day. It has been spotty. We have had issues where the urgency level of the Microsoft support is not as high as ours, especially during a data breach or potential data breach situation. We have had issues with some of the offshore support being lackluster. One specific thing that comes to mind is we were on a support call with our CISO on the call, and the Microsoft agent, who did not actually work for Microsoft, is one of the vendors that Microsoft uses for support, said, "Just to set expectations, my lunch break is in an hour and I am going to go away then." For us, it was already ten o'clock at night and we had been working on this for a couple of hours, trying to get a security engineer on with us. For him to tell us that he was going to go away and have lunch, it was, "Okay, but go find somebody else if you need to." It was just the lackluster approach, and it seemed like he did not really care. We seem to get a lot of this when we get non-Microsoft support. I can identify areas for improvement with Microsoft Defender for Endpoint, as it is kind of a convoluted mess to try to take care of false positives. Especially when they have been identified as false positives but they keep going off over and over again. It is great for my pocketbook because it generates a lot of on-call action, but I would really prefer more sleep at two o'clock in the morning than dealing with false positives. I would say that the unified portal for managing Microsoft Defender for Endpoint is suitable for both teams as they are all in there. It would be great if they would stop moving things around and renaming things, which makes sense. The new XDR portal is pretty nice. Being able to have it central again inside of the regular Security Center without having to open up two windows is helpful. Overall, I think it is pretty good. There is always going to be something that could be improved, such as alerting and the ability to modify alerts would be a little bit helpful to have. Being able to add more data into the alerts and turn off alerts that are not as useful would be beneficial. It is hard to say what the quantitative impact the security exposure management feature has had on our company's security, because a lot of it is kind of subjective. I think we are sitting at around a fifty percent score still, and a lot of it is just kind of unusual circumstances that we cannot really implement without breaking the organization.
reviewer2772159 - PeerSpot reviewer
Postdoctoral Researcher at a financial services firm with 10,001+ employees
Have experienced ongoing challenges integrating with existing workflows despite strong foundational capabilities
I don't know how I would assess the impact of AI-powered threat detection for us. It has helped with security operations in general; I'm being very cagey here, Damian. You can understand why. Where I work, there is a directory services team. There is a security team. The security team may have several different departments in there. I think they are behind the times. That's about as far as what I would say. We may have the modern firewalls and detections and all the rest of it, but I think from a modern way of working, which the identity is a user which is any device, any place, anywhere, from anything, okay, securely, they're not quite up with that concept, in my opinion. The review rating is 8.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's pretty easy to scale."
"For the most of it, it seems like Defender is well truly up there with the other best players in the market."
"Easy to understand and easy to set up endpoint security solution. It's a multifeatured product with web content filtering and automated investigation features. It also has a fantastic vulnerability management dashboard."
"Microsoft Defender for Endpoint is a comprehensive and scalable solution for protecting on-premises and hybrid infrastructure."
"The whole bundle of the product, which is similar to other Microsoft products, is valuable. Ten years ago, you had third-party stuff for different things. You had one solution for email archiving and another third-party one for something else. Nowadays, Microsoft Office covers all the stuff that was formerly covered by third-party solutions. It is the same with antivirus. The functionality is just basic. You have the scanning, and then you also have a kind of cloud-based protection and reporting about your environment. With Microsoft Security Center, you have a complete overview of your environment. You know the software inventory, and you have security recommendations. You can not only see that the antivirus is up to date; you can also see where are the vulnerabilities in your system. Microsoft Security Center tells you where you have old, deprecated software and what kind of CVEs are addressed. It's really cool stuff."
"Microsoft Defender for Endpoint has helped free up my SOC team to work on other projects and tasks, and the automated reporting and dashboarding has saved them a lot of time, amounting to several man-hours."
"Defender for Endpoint saves me a lot of time because I have all the alerts and information in one application."
"One of the valuable features of the solution is the small updates that keep my machine relatively clean from any infections."
"We have various options available with Microsoft Entra, such as B2B cross-tenant guest member accesses, and we can invite users and perform activities from that area, while we are also dealing with Azure IaaS, infrastructure as a service, which has different IAM platforms existing with resources or subscriptions."
"The product enables organizations to synchronize users to Microsoft 365 products."
"I would evaluate the customer service or technical support with Microsoft for Entra products as well; we are a strategic partner, so we're one of 500 companies that can talk to them directly."
 

Cons

"Updates are not coming out of preview quickly enough and it is holding back on the development of the product."
"There is some functionality that is not quite there yet."
"I don't recommend it to anybody as a standalone solution."
"The central console needs improvement."
"From an audit point of view, our auditors would like to have more reports on how things are used, if things go wrong, and how they went wrong. For example, if something got a warning, "Why?" So, we would like more versatility for tracing and reporting. That would improve the product, as long as the user interface doesn't get bogged down."
"The user interface could use some improvement."
"The UI for Microsoft Defender for Endpoint needs to be better. Integration with client dashboards is also lacking in this product, e.g. client dashboards shouldn't just be viewable from the cloud, because when the client's computer is offline, you won't be able to see the client dashboard."
"If the solution could be integrated more with Defender for Cloud, to be more unified, that would help. It is good now, but even more integration could be done with Defender for Cloud. We see two different portals. If Defender for Endpoint could be ported to the CSPM, Defender for Cloud, that would make things even easier for us."
"Integration with other products must be made easier."
"In my opinion, Microsoft Entra Workload ID can be improved in several ways."
"Integration with existing IAM solutions has not helped our identity management processes; it's all of the things that are in front of Directory and Entra, such as SalePoint and other toolsets, give us one of the worst identity experiences I think I've ever come across, which is why I'm trying to change it."
 

Pricing and Cost Advice

"It is built into Windows 10. If our clients are using Microsoft Defender, the cost goes away for them."
"We have seen ROI. Most of the other competing alternatives will cost up to around $30 per user device. We average 400 devices. Therefore, the amount that we save each year is 400 times $30."
"The cost is high, compared to other products in the market, if you look at it as a separate product. If you look at the cost where it is part of a bundle, the cost is okay."
"The solutions price could be cheaper."
"It's all pretty easy. For some clients, it's an easier sell because it's just an add-on to their existing Microsoft licensing and Office 365 licensing."
"We have the E5 security license, and the solution comes with that."
"For me, the pricing is very good, but for management it's very expensive. Other solutions are less expensive. But when I present all the information and all the reports they say, "Well, it's expensive, but the cost-benefit is very good.""
"You need a license to use this solution."
Information not available
report
Use our free recommendation engine to learn which Microsoft Security Suite solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
10%
Financial Services Firm
10%
Computer Software Company
9%
Comms Service Provider
8%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business82
Midsize Enterprise45
Large Enterprise96
No data available
 

Questions from the Community

How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
What needs improvement with Microsoft Entra Workload ID?
In my opinion, Microsoft Entra Workload ID can be improved in several ways.Particularly about Microsoft Entra Workload ID, I think they still could improve categorization, which still has some room...
What advice do you have for others considering Microsoft Entra Workload ID?
I'm a consultant and not using the products myself, but rather in a capacity more as a consultant or reseller.I am not familiar with remote access products by ManageEngine. I do not use ManageEngin...
What is your primary use case for Microsoft Entra Workload ID?
I'm working on that area while still looking for a new solution or already using ManageEngine Password Manager or Microsoft Entra ID.I've been dealing both with ManageEngine and Microsoft. I am mos...
 

Also Known As

Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Petrofrac, Metro CSG, Christus Health
Information Not Available
Find out what your peers are saying about Microsoft Defender for Endpoint vs. Microsoft Entra Workload ID and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.