Try our new research platform with insights from 80,000+ expert users

Microsoft Defender XDR vs Symantec XDR comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender XDR
Ranking in Extended Detection and Response (XDR)
3rd
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
101
Ranking in other categories
Endpoint Detection and Response (EDR) (5th), Microsoft Security Suite (3rd)
Symantec XDR
Ranking in Extended Detection and Response (XDR)
43rd
Average Rating
8.0
Number of Reviews
1
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Extended Detection and Response (XDR) category, the mindshare of Microsoft Defender XDR is 6.2%, down from 8.2% compared to the previous year. The mindshare of Symantec XDR is 0.1%, down from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

Gabor Nyerd - PeerSpot reviewer
Includes four services and four products, which can help organizations a lot
We found that sometimes integrations work, but testing them can take some time. Sometimes, configurations take much longer than expected. We have a configuration in place that needs to be synchronized with another server. However, the servers are four hours apart, so this can cause delays. In general, I believe that the time it takes to configure and test a service should be shorter. Sometimes, it can take a couple of hours to test a single configuration setting. Other times, it is only ten or fifteen minutes, which is normal. However, sometimes, even immediate actions can be triggered by configuration changes, and some settings can take up to eight hours to complete. I believe that this time can be improved. Microsoft is making a lot of improvements to its services in a short period of time. This is a good thing, as it means that the services are constantly being updated and improved. However, it can be challenging for customers to keep up with the changes. For example, a customer may read about an update, understand it, and share it with their colleagues and boss. However, it may take days or weeks to test the update and get the necessary approvals. This can be especially challenging for large customers with many users or machines. In some cases, Microsoft may change a service before the customer has had a chance to implement the previous update. This can be frustrating for customers, as it means that they have to constantly learn new things and adjust their workflows. On the one hand, it is important for Microsoft to keep updating and improving its services. This helps to ensure that the services are meeting the customers' needs and that they are staying ahead of the competition. Microsoft should also be mindful of the challenges that these changes can create for customers. One way to address this challenge is to provide customers with more time to implement changes. Microsoft could also provide more information about upcoming changes so that customers can plan ahead. Ultimately, Microsoft needs to strike a balance between keeping its services up-to-date and providing customers with a smooth transition to new features.
BR
A scalable and stable solution with straightforward deployment
We can generate maps from the environment. For example, suppose there is a virus that has a zero-day attack and is publicly unknown. We can block that and keep it away from the network so it is not further replicated. It also has custom white and black lists. We can add a good reputation on both lists and use the sonar technology for Symantec and the online network for advanced reports.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"From an attack chain perspective, Defender XDR handles phishing and spam emails easily, while Defender for Endpoint manages endpoints effectively. We've drastically improved our user experience."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"Its most significant advantage lies in its affordability."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"You can advise the solution and protect your environment."
 

Cons

"At times, there may be delays in the execution of certain actions and their effects."
"Defender's AI for identifying suspicious activity could be improved. Also, I do a lot of home updates. Maybe there is a way to set it up faster. For example, let's say that I want to automatically update seven computers, servers, etc. I wouldn't do it to a user, but maybe the server. I don't mind if the server restarts automatically."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"Improving scalability, especially for very large tenants, could be beneficial for Microsoft Defender XDR."
"Sometimes, digging into the information and knowing where to go can be difficult. It would be better if much of that information were immediately visible, especially when looking at endpoints or users."
"Some of our older hardware experienced a slight bump in CPU and memory usage. Although I don't have empirical data to back that up, I would suggest possibly more streamlining in the software."
"There is no comprehensive visibility, making it less user-friendly."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"The solution should have better reporting."
 

Pricing and Cost Advice

"The licensing fee for Microsoft 365 Defender is fair."
"With the little idea I have about the costs, I can say that XDR tools tend to be a bit expensive. If you are using Microsoft Defender XDR, then you need to go for a subscription-based pricing model."
"On average, we pay around 55 euros per user for the services and features we receive."
"Microsoft Defender XDR is already included in our Office 365 licensing. It is better because we're saving money by using it."
"Microsoft Defender XDR is priced high."
"365 Defender is billed per account. I don't know the exact price, but my supervisor told me that Microsoft Defender is cheaper than the alternatives. It's bundled, so you get all the features in one place."
"Its licensing and pricing are handled by someone else. My role is limited to incidents or issues with the portal, but you get what you pay for. It is worth the cost."
"Microsoft Defender falls within a mid-tier price range compared to other security solutions."
Information not available
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
863,651 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
9%
Manufacturing Company
8%
Government
7%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Microsoft 365 Defender?
Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise.
What is your experience regarding pricing and costs for Microsoft 365 Defender?
The pricing for Microsoft Sentinel operates on a pay-as-you-go model based on data ingestion. I recall that Defender XDR pricing is based on the number of endpoints.
What needs improvement with Microsoft 365 Defender?
For Microsoft Defender XDR ( /categories/extended-detection-and-response-xdr ), there is currently no ability to reset passwords for on-premises accounts, which is a key challenge. Incident managem...
Ask a question
Earn 20 points
 

Also Known As

Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
No data available
 

Overview

 

Sample Customers

Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
Information Not Available
Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Extended Detection and Response (XDR). Updated: July 2025.
863,651 professionals have used our research since 2012.