Try our new research platform with insights from 80,000+ expert users

Microsoft Defender XDR vs Symantec Endpoint Detection and Response comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender XDR
Ranking in Endpoint Detection and Response (EDR)
5th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
101
Ranking in other categories
Extended Detection and Response (XDR) (3rd), Microsoft Security Suite (3rd)
Symantec Endpoint Detection...
Ranking in Endpoint Detection and Response (EDR)
28th
Average Rating
7.6
Reviews Sentiment
7.2
Number of Reviews
30
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of Microsoft Defender XDR is 2.9%, down from 4.3% compared to the previous year. The mindshare of Symantec Endpoint Detection and Response is 0.5%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR)
 

Featured Reviews

Gabor Nyerd - PeerSpot reviewer
Includes four services and four products, which can help organizations a lot
We found that sometimes integrations work, but testing them can take some time. Sometimes, configurations take much longer than expected. We have a configuration in place that needs to be synchronized with another server. However, the servers are four hours apart, so this can cause delays. In general, I believe that the time it takes to configure and test a service should be shorter. Sometimes, it can take a couple of hours to test a single configuration setting. Other times, it is only ten or fifteen minutes, which is normal. However, sometimes, even immediate actions can be triggered by configuration changes, and some settings can take up to eight hours to complete. I believe that this time can be improved. Microsoft is making a lot of improvements to its services in a short period of time. This is a good thing, as it means that the services are constantly being updated and improved. However, it can be challenging for customers to keep up with the changes. For example, a customer may read about an update, understand it, and share it with their colleagues and boss. However, it may take days or weeks to test the update and get the necessary approvals. This can be especially challenging for large customers with many users or machines. In some cases, Microsoft may change a service before the customer has had a chance to implement the previous update. This can be frustrating for customers, as it means that they have to constantly learn new things and adjust their workflows. On the one hand, it is important for Microsoft to keep updating and improving its services. This helps to ensure that the services are meeting the customers' needs and that they are staying ahead of the competition. Microsoft should also be mindful of the challenges that these changes can create for customers. One way to address this challenge is to provide customers with more time to implement changes. Microsoft could also provide more information about upcoming changes so that customers can plan ahead. Ultimately, Microsoft needs to strike a balance between keeping its services up-to-date and providing customers with a smooth transition to new features.
YusufAhmed - PeerSpot reviewer
Easy to use and competitively priced
Honestly, the product needs to continue the way it is, and I feel that everything will be fine. I haven't had any reasons to complain about the product. The product doesn’t offer MDM functionality under its current licensing model. In the future, I want the product to offer MDM. It can allow me to manage my mobile device more efficiently and effectively. Currently, there is a need for a separate license to be added to Symantec Endpoint Detection and Response to be able to use the MDM part. If both are bundled up under the same license, the administration part can be made easier.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Its most significant advantage lies in its affordability."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"Microsoft Defender XDR has significantly improved our operational security."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"On the Windows side, Microsoft Defender XDR is definitely integrated into the operating system. Once we have it on the security dashboard, we can see a real-time storyline."
"The summarization of emails is a valuable feature."
"IPS and the user interface are good features."
"The most valuable feature of Symantec Endpoint Detection and Response is its ability to conduct large scans on the endpoints without affecting the network."
"The solution does all that we expect it to do."
"The solution is stable."
"The most valuable feature is that the same agent can act as the endpoint detection and response agent."
"In Symantec, we have found that the most important feature is Application and Device Control."
"The solution does its job with no issues."
"The setup is quite easy."
 

Cons

"Intrusion detection and prevention would be great to have with 365 Defender."
"The licensing process needs improvement and clarification, as it is currently difficult to understand which features are licensed to which users."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"The management and automation of the cloud apps have room for improvement."
"The customer support aspect can be better because it's the biggest complaint I hear about Microsoft."
"Microsoft could improve on threat hunting and build more on threat detection and handling."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"The solution needs to provide better integration."
"The interface is very complicated."
"It should be easier to deploy Symantec's client for end-users."
"They do need to minimize the number of agents installed on a server."
"The GUI could be better."
"Technical support is not as good as we expect, and resolving problems should be more timely."
"A significant deterioration in customer support."
"Its UI could be more user-friendly."
 

Pricing and Cost Advice

"The license cost for a year is approximately forty-four thousand, and this annual saving is a significant factor in our decision to switch."
"The bundling of software makes it easier to manage our setup, but Microsoft purposefully obfuscates this through marketing ploys to hide costs."
"Microsoft is not competitive with the pricing of the solution. The competitors are able to offer lower discounts. The price of the solution is higher."
"The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."
"Defender XDR is included in the E5 license, but it's a bit too expensive."
"Microsoft purposely makes its license combinations complex and includes combinations like Microsoft 365 E3 and Microsoft 365 E5, Office 365 E3, Office 365 E5, and Office 365 E1, so you get confused. Microsoft tries to sell you a bundle of a lot of things together."
"Sometimes 365 Defender is expensive, but it can be moderate, depending on the organization's size and the license type. We're satisfied with the cost because it gives us a product that protects our entire environment with DLP. To compromise some cost, of course, we are to complete the most secure environment."
"365 Defender can get expensive because you pay per gigabyte of data ingested. On the other hand, much of the data available in the other Microsoft security solutions are made available relatively cheaply—sometimes at cost or for free. Integrating only a limited set of third-party solutions with Sentinel would be cost-effective. It's much more affordable if companies only have Microsoft stuff."
"Of late, because of the Broadcom purchase, its price has been increasing."
"The product is cheap."
"The price is reasonable."
"It is an expensive solution."
"We pay around $100,000 for 5000 licenses every year."
"The price is okay, but it really depends on the customer's requirements."
"The price is really high and it should be lower."
"We have a yearly subscription, and the pricing is fair."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
861,524 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
8%
Manufacturing Company
8%
Government
7%
Computer Software Company
12%
Financial Services Firm
12%
Manufacturing Company
8%
University
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Microsoft 365 Defender?
Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise.
What is your experience regarding pricing and costs for Microsoft 365 Defender?
The pricing for Microsoft Sentinel operates on a pay-as-you-go model based on data ingestion. I recall that Defender XDR pricing is based on the number of endpoints.
What needs improvement with Microsoft 365 Defender?
For Microsoft Defender XDR ( /categories/extended-detection-and-response-xdr ), there is currently no ability to reset passwords for on-premises accounts, which is a key challenge. Incident managem...
What is your experience regarding pricing and costs for Symantec Endpoint Detection and Response?
I am not aware of the pricing details, as that falls under the management's responsibility.
What needs improvement with Symantec Endpoint Detection and Response?
There are several areas where Symantec Endpoint Detection and Response can improve, including shell features, web control, asset management, and device control. Specifically, the application contro...
 

Also Known As

Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
No data available
 

Overview

 

Sample Customers

Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
Information Not Available
Find out what your peers are saying about Microsoft Defender XDR vs. Symantec Endpoint Detection and Response and other solutions. Updated: June 2025.
861,524 professionals have used our research since 2012.