Try our new research platform with insights from 80,000+ expert users

Microsoft Defender for Endpoint vs Open EDR comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender for Endp...
Ranking in Endpoint Detection and Response (EDR)
3rd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
197
Ranking in other categories
Endpoint Protection Platform (EPP) (1st), Advanced Threat Protection (ATP) (4th), Anti-Malware Tools (1st), Microsoft Security Suite (4th)
Open EDR
Ranking in Endpoint Detection and Response (EDR)
35th
Average Rating
8.0
Number of Reviews
1
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of Microsoft Defender for Endpoint is 10.5%, down from 13.4% compared to the previous year. The mindshare of Open EDR is 1.0%, up from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR)
 

Featured Reviews

Sudhen Swami - PeerSpot reviewer
Easy to update with good protection and a useful cloud portal
We've mainly used it for endpoints. However, we've also used it for DLP as well. We're also in the process of implementing it for cloud and identity as well. However, it's very good for endpoints, and that's our main focus. The malware protection is good. The visibility it provides is very useful. We can combine visibility with wider security features and alerts around malware, misconfiguration, or any other kinds of threats. The cloud portal is quite good. From there, we are able to see alerts and have colleagues review issues and monitor to see if any patterns arise. It's serving us quite well overall. It allows us to look at other items, like application and browser control. It helps us prioritize threats. We have a process in place now where we can review issues and remediate them effectively. We have been able to integrate a variety of Microsoft security products together. We use Azure AD, for example, and we've begun to implement DLP, among other items. We're looking at labeling and tagging and will expand into that soon. Defender has more stringent system requirements than, for example, Check Point. So when we implemented the Check Point Endpoint agent, that solution didn't mind what version of Windows you were using. When we moved to Defender, Defender had certain system prerequisites that had to be met. So we had to make sure that we're on a minimum version of Windows when we're utilizing Office, and Office has to be a particular version as well. It has more stringent system requirements that have to be met before you can implement it. It works natively together with other Microsoft solutions. Once you get more and more of those different components across the environment, then you start to get better visibility. So, rather than having lots of different solutions, you have fewer solutions and a single vendor solution. That way, you start getting into a position where you get better visibility and integration as well. The standardization is good. It's important. It's helping me with monitoring and learning. Updates and upgrades are quite smooth and seamless. Defender helps us automate routine tasks. Quite a lot of Microsoft is straightforward for us now. Previously, we didn't have enough resources and were unable to look at the alerts. Having this in place makes things a lot more straightforward for us. We have both the technology and the people in place now, alongside the process. We do see the benefits in that, and that's why we're continuing our adoption across the estate in terms of client and server as well. It's helping us avoid looking at multiple dashboards and centralized monitoring. We're not fully there yet. We're getting there. While we haven't witnessed time saving yet, once it's fully deployed, it will. By then, we'll have standardized processes across a single solution. We have saved money, however, as we continue to reduce non-Mircosft systems. Since we won't be using various competing technologies, we can save on licensing costs. We've likely so far saved 15%. While it's hard to estimate exactly how much, the solution has helped us decrease time to detection and time to respond.
Timothy Muriithi - PeerSpot reviewer
I also like the ability to remotely manage update packages on your systems, and the fact that there is an open source version
Setting OpenEDR was challenging at first, but I got it done by following their documentation and online videos. You need to install the client and configure it to work with their online open platform. Next, you have to configure it on the device if it's a phone. You input a cloud link to the EDR, so you can monitor it from the cloud. There isn't any maintenance aside from updating the client. It's mostly on the cloud.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Defender for Endpoint has significantly improved our security posture."
"You have endpoint security to keep your devices safe. That's the feature that we're interested in."
"Easy to understand and easy to set up endpoint security solution. It's a multifeatured product with web content filtering and automated investigation features. It also has a fantastic vulnerability management dashboard."
"One of the main features is the solution is very light on resources and we do not have any problems with it."
"I like that Defender is integrated and doesn't have a third-party payload trying to advertise subscription renewal."
"Microsoft Defender for Endpoint is extremely stable."
"Microsoft Defender for Endpoint has helped reduce our mean time to remediation significantly."
"The most valuable feature is that it comes with the package, so there is no additional installation of third-party software. It's also easy to use."
"Comodo includes a firewall and antivirus in one solution. I also like the ability to remotely manage update packages on your systems. Comodo can even find a lost device and secure it remotely."
 

Cons

"They're in the process of pulling more things together. They can continue with the integrations and provide a better way of seeing the impact of security changes, especially on the endpoint side. Before we actually flip the switch, we should be able to see the impact of security changes on the business or business applications. It would prevent breaking any business applications."
"I am not sure if I will be using this product in the future because of the price."
"If you have multi-cloud like Google and AWS, the native solutions are better for those particular cases."
"In India at least, it seems to be a bit more expensive than other options."
"Cortex... has good investigation capabilities, out-of-the-box, in case there is an event that you'd like to investigate. It's quite convenient. Microsoft has those capabilities as well, but you need a bit more training on the product to get the basic information that you can get out-of-the-box with Cortex."
"There are some areas in the proactive threats that are just overwhelming the SOC, so we've had to turn those off until we can figure out how to filter out the false positives."
"Some integration components for Mac should be added. We use both Windows 10 desktops and Mac desktops, but presently, the Mac component is still lagging a bit behind."
"The central console needs improvement. Both McAfee and Symantec antivirus have dashboards. These integrate with a server and work on my antivirus or some other product. However, with Microsoft Defender, you use Microsoft Group Policy Object. Defender does not provide a central console. Therefore, if you implement Defender, then maybe use another tool for the central view."
"Comodo includes a firewall and antivirus in one solution. I also like the ability to remotely manage update packages on your systems. Comodo can even find a lost device and secure it remotely."
 

Pricing and Cost Advice

"It's all pretty easy. For some clients, it's an easier sell because it's just an add-on to their existing Microsoft licensing and Office 365 licensing."
"We mostly use Microsoft products. We use Office 365, and we use Azure. We're also a Microsoft partner. So, the licensing was much cheaper for us, and at the same time, a lot of the features that we were looking for were included in Defender."
"Even if you are not registered as a not-for-profit, the offering that they have is definitely worth consideration. This is in the sense that the E5 stack just gives you so many benefits. You get your entire productivity suite through Microsoft 365 apps. You get all your security and identity protection. You get the Defender for Endpoint and Defender for Identity. You get the cloud access security broker as well. You get Azure Active Directory Premium P2, which gives you so many good things that you can configure and deploy. You don't have to configure them on day one, but you have access to so many different tools that will protect your data, security, endpoints, and identities that you could build out a security strategy 18 months long, and slowly work your way through it, based on what you have available to you through your license."
"There is no license needed, the solution comes with Microsoft Windows."
"The nice thing about Defender and Sentinel is that the cost is based on the data logs that you ingest from the Defender endpoints and data connectors. I don't have to buy a 25- or 50- or 1,000-user or enterprise license. I can buy one license at a time."
"Microsoft Defender for Endpoint is included with a Microsoft E5 license."
"For me, the pricing is very good, but for management it's very expensive. Other solutions are less expensive. But when I present all the information and all the reports they say, "Well, it's expensive, but the cost-benefit is very good.""
"Its price at the moment is very good because you get a lot of value for your money, especially with the subscriptions. If you have the E1, E3, or E5 enterprise subscription, you pay per month per user, and you get almost an infinite number of solutions. If you compare the price to the number of solutions that you get, it is a very good deal."
Information not available
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
861,390 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
13%
Educational Organization
11%
Government
8%
Financial Services Firm
8%
Computer Software Company
21%
Government
9%
Comms Service Provider
8%
Retailer
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
Ask a question
Earn 20 points
 

Also Known As

Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Petrofrac, Metro CSG, Christus Health
Information Not Available
Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Detection and Response (EDR). Updated: January 2025.
861,390 professionals have used our research since 2012.