Try our new research platform with insights from 80,000+ expert users

Microsoft Defender for Endpoint vs Open EDR comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender for Endp...
Ranking in Endpoint Detection and Response (EDR)
3rd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
197
Ranking in other categories
Endpoint Protection Platform (EPP) (1st), Advanced Threat Protection (ATP) (4th), Anti-Malware Tools (1st), Microsoft Security Suite (4th)
Open EDR
Ranking in Endpoint Detection and Response (EDR)
35th
Average Rating
8.0
Number of Reviews
1
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of Microsoft Defender for Endpoint is 10.5%, down from 13.4% compared to the previous year. The mindshare of Open EDR is 1.0%, up from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR)
 

Featured Reviews

Sudhen Swami - PeerSpot reviewer
Easy to update with good protection and a useful cloud portal
We've mainly used it for endpoints. However, we've also used it for DLP as well. We're also in the process of implementing it for cloud and identity as well. However, it's very good for endpoints, and that's our main focus. The malware protection is good. The visibility it provides is very useful. We can combine visibility with wider security features and alerts around malware, misconfiguration, or any other kinds of threats. The cloud portal is quite good. From there, we are able to see alerts and have colleagues review issues and monitor to see if any patterns arise. It's serving us quite well overall. It allows us to look at other items, like application and browser control. It helps us prioritize threats. We have a process in place now where we can review issues and remediate them effectively. We have been able to integrate a variety of Microsoft security products together. We use Azure AD, for example, and we've begun to implement DLP, among other items. We're looking at labeling and tagging and will expand into that soon. Defender has more stringent system requirements than, for example, Check Point. So when we implemented the Check Point Endpoint agent, that solution didn't mind what version of Windows you were using. When we moved to Defender, Defender had certain system prerequisites that had to be met. So we had to make sure that we're on a minimum version of Windows when we're utilizing Office, and Office has to be a particular version as well. It has more stringent system requirements that have to be met before you can implement it. It works natively together with other Microsoft solutions. Once you get more and more of those different components across the environment, then you start to get better visibility. So, rather than having lots of different solutions, you have fewer solutions and a single vendor solution. That way, you start getting into a position where you get better visibility and integration as well. The standardization is good. It's important. It's helping me with monitoring and learning. Updates and upgrades are quite smooth and seamless. Defender helps us automate routine tasks. Quite a lot of Microsoft is straightforward for us now. Previously, we didn't have enough resources and were unable to look at the alerts. Having this in place makes things a lot more straightforward for us. We have both the technology and the people in place now, alongside the process. We do see the benefits in that, and that's why we're continuing our adoption across the estate in terms of client and server as well. It's helping us avoid looking at multiple dashboards and centralized monitoring. We're not fully there yet. We're getting there. While we haven't witnessed time saving yet, once it's fully deployed, it will. By then, we'll have standardized processes across a single solution. We have saved money, however, as we continue to reduce non-Mircosft systems. Since we won't be using various competing technologies, we can save on licensing costs. We've likely so far saved 15%. While it's hard to estimate exactly how much, the solution has helped us decrease time to detection and time to respond.
Timothy Muriithi - PeerSpot reviewer
I also like the ability to remotely manage update packages on your systems, and the fact that there is an open source version
Setting OpenEDR was challenging at first, but I got it done by following their documentation and online videos. You need to install the client and configure it to work with their online open platform. Next, you have to configure it on the device if it's a phone. You input a cloud link to the EDR, so you can monitor it from the cloud. There isn't any maintenance aside from updating the client. It's mostly on the cloud.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I enjoy using the live response feature, which allows me to remotely access different endpoints and investigate malicious files, such as malware that people may have downloaded, and other related issues."
"The endpoint detection of threats is valuable. The initial detection of things like ransomware and viruses and being able to shut down machines immediately and stop a threat is valuable. We can stop a threat at a source versus allow it to propagate it across the network."
"It depends on the licensing. Most of the customers have got at least a 365 E3 license, and they can use most of the features of Windows 10 Defender. So, anyone who has got an enterprise license can start using those features. Some of the customers have got E5 licenses, and they can use all advanced features. Customers with E5 licenses use the advanced site protection (ATP) features and web content filtering without going via a proxy, which gives the benefit of replacing the proxy. They can get the benefit of MCAS and integration with Intune and the endpoint manager. It is a kind of single platform for all 365 technologies. It helps customers in managing everything through a unified portal."
"We have very good visibility on our endpoints. The level of information it throws back is helpful."
"Microsoft's technical support is fantastic."
"Microsoft Defender for Endpoint's WCS function, a content filtering solution, has proven to be the most useful, stable, and reliable option for our current needs."
"The most valuable feature of Microsoft Defender for Endpoint is its ability to bring together all the data, providing more information than just antivirus hits."
"Provides good security features and you can view it in the central console."
"Comodo includes a firewall and antivirus in one solution. I also like the ability to remotely manage update packages on your systems. Comodo can even find a lost device and secure it remotely."
 

Cons

"Right now, there's a portal for Azure, portals for Microsoft Office, and portals for endpoints. It would be good to have only one portal and integrate everything."
"I would like to see online updates for patches for this solution. I would also like to see online information about what is trending in the market in terms of spams, viruses, or trojans. It takes some time to understand how this solution works. A few things are unclear at the beginning, such as whether it actually restricts the virus or spam at the initial stage, or when there is a security update, how will we come to know and how will it get synchronized. It would be really helpful if there is some kind of knowledge base in the form of video, audio, or document that can explain in a user-friendly way the setup, features, risks, and process to mitigate the risks. Currently, I have installed endpoint security for every individual system. I could not install it like other endpoint solutions where we have a server and a client. It would be really helpful if Microsoft Windows Defender has a server-client based model so that I can save some bandwidth when it downloads or uploads features. It will be helpful if we have a LAN-based or WAN-based controlling system."
"The pricing could be a bit better."
"It can get a bit laggy sometimes. Other than that, we don't have any issues. They constantly tweak it and fix it up based on users' feedback. It has improved a lot over the past four years. Defender for Endpoint never really used to be a good endpoint security solution, but over the past couple of years, Microsoft has invested heavily in it. So, it has come a long way in all aspects of endpoint security. If they want to make it better, they should just continue investing in the current path of what they've been doing over the past couple of years."
"We encountered some misbehavior between Microsoft Office Suite and Defender. We had issues of old macros being blocked and some stuff going around the usage of Win32 APIs. There is some improvement between the Office products and Defender, and there is a bunch of stuff that you can configure in your antivirus solutions, but you have several baselines, such as security baselines for Edge, security baselines for Defender, and security baselines for MDM. You have configuration profiles as well. So, there a lot of parts where we can configure our antivirus solution, and we're getting conflicting configurations. This is the major part with which we're struggling in this solution. We are having calls and calls with Microsoft for getting rid of all configuration conflicts that we have. That's really the part that needs to be improved."
"I personally haven't experienced any pain points, but some of my coworkers feel that it isn't secure enough."
"Microsoft Windows Defender doesn't have a game mode."
"Localization is always a challenge, especially with new products you typically want. Solutions are designed to be deployed where the most licenses are being consumed, such as in the United States. They focus on US products, devices, and networks. Specialized deployments for other countries would allow for a smoother experience in transition."
"Comodo includes a firewall and antivirus in one solution. I also like the ability to remotely manage update packages on your systems. Comodo can even find a lost device and secure it remotely."
 

Pricing and Cost Advice

"Licenses depend upon what you are looking for and what kind of security do you want to implement. There are costs in addition to the standard licensing fees. When we used to buy Symantec, we used to spend on 100 licenses. We used to spend approximately $2,700 for those many licenses, and they came in packs. To add one more license, I had to buy a pack with a minimum of 10 licenses. I had to spend on nine extra licenses because I can't get a single license, whereas when we go for Microsoft, we can get as many licenses as we want. If I have 100 users today, and tomorrow, I have 90 users, I can release my 10 licenses next month. With any other software vendor, you buy licenses for one year, and you have to stick with that. If today you have 100 licenses, and tomorrow, you have 50, you have already paid for one year's license. You can't go back and tell them that I don't require these 50 licenses because I have lost my 50 users, but with Microsoft Defender, licensing is on a monthly basis. It gives you both options. You can go yearly and save on it, or you can go monthly. You will, again, save on it. It is very fair everywhere."
"The product is free of charge and comes integrated into Windows."
"The solution comes as a part of Windows 10 and it is covered under its license."
"The price is fair for the features Microsoft delivers. If you want tailor-made features, you have to mix different licenses. It isn't straightforward."
"The licensing costs for Microsoft Defender for Endpoint are reasonable."
"The cost is competitive and reasonable because most of the expense is log analytics, storage, and data consumption and ingestion. These things can be throttled and controlled, so they are highly flexible. Defender has a lot of advantages over competing products."
"The price is higher than others because it is doing more than what the others are doing."
"There is an annual license required."
Information not available
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
861,170 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
13%
Educational Organization
11%
Financial Services Firm
8%
Government
8%
Computer Software Company
21%
Government
9%
Comms Service Provider
8%
Retailer
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
Ask a question
Earn 20 points
 

Also Known As

Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Petrofrac, Metro CSG, Christus Health
Information Not Available
Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Detection and Response (EDR). Updated: January 2025.
861,170 professionals have used our research since 2012.