Try our new research platform with insights from 80,000+ expert users
Microsoft Defender for Endpoint Logo

Microsoft Defender for Endpoint pros and cons

Vendor: Microsoft
4.1 out of 5
Badge Ranked 1
3,944 followers
Start review

Pros & Cons summary

Microsoft Defender for Endpoint provides automatic updates and integrates with the operating system, offering strong malware protection through AI and machine learning. While it includes comprehensive vulnerability management and seamlessly integrates with Microsoft products, it faces challenges like insufficient third-party integration, slow update rollouts, and limited ransomware safeguards. Improved documentation and integration with managed service providers are needed to enhance its capabilities and streamline multi-tenant data management.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Microsoft Defender for Endpoint provides robust real-time protection against malware and ransomware, automatically detecting, quarantining, and resolving threats.
Its seamless integration with Microsoft products ensures minimal system resource usage and effortless updates, enhancing overall performance.
The unified platform offers centralized management, simplifying security tasks by bringing all critical information together without needing extra installations.
It includes advanced automation capabilities that reduce the workload of security teams by automatically handling threat detection and response.
Microsoft Defender for Endpoint benefits from a built-in threat intelligence feature, offering comprehensive insights into vulnerabilities and security incidents.

CONS

Microsoft Defender for Endpoint lacks effective integration with third-party tools and solutions.
The setup and deployment processes for Microsoft Defender for Endpoint are complex and challenging for users.
Microsoft Defender for Endpoint's pricing is a concern and could be more competitive.
Microsoft Defender for Endpoint needs faster updates and improved patch management.
Reporting and analytics features in Microsoft Defender for Endpoint have room for improvement.
 

Microsoft Defender for Endpoint Pros review quotes

reviewer1501215 - PeerSpot reviewer
Aug 7, 2021
The best feature is the fact that for certain mobiles you can control your corporate profiles versus your personal profiles. That is amazingly important. Apple just supported the separation of corporate and personal profiles, whereas Android has been doing that for quite some time... Because Android supports that, if an Android phone is lost or stolen, I can wipe out all the corporate-related information from that phone and not touch the personal side. I can separate the apps and I can separate the ability to cut and paste between apps.
Read full review
MA
Aug 2, 2022
This solution definitely increases our security posture. When you are reviewing your existing fleet or endpoints and based on the configuration that you put out of your Defender for Endpoint, you then receive a security score from Microsoft. Depending on what rules you have configured, what policies you have deployed, and what attack surface reduction rules that you have set up and deployed, it is almost gamifying information security in the sense that you are always trying to achieve a higher score. The more hardening you perform on your endpoints, the better score you receive. This generally tends to give you a better peace of mind, but also makes you secure at the same time.
Read full review
BS
Jun 1, 2021
The best part is that it is built into Windows, whether it is a server base or a desktop base, which gives more control over the operating system. Because Defender, the operating system, and the Office solution are by Microsoft, everything is working like hand-in-glove. Its administrative overhead is less because a desktop user has already got some experience of how to handle a Microsoft Defender notification or administer it.
Read full review
Buyer's Guide
Microsoft Defender for Endpoint
April 2025
Free Report: Microsoft Defender for Endpoint Reviews and More
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
DOWNLOAD NOW
849,686 professionals have used our research since 2012.
JH
Sep 21, 2022
In my opinion, the most valuable aspects are the reporting analytics and integration with Sentinel. Defender does an excellent job of correlating the different entities that comprise threat analysis, analytics data, and log analytics. It helps to piece together investigations into any exploit or malicious activity within a specific tenant. AI and analytics tools are probably the most valuable components.
Read full review
SimonThornton - PeerSpot reviewer
Jul 17, 2022
I like the process visibility. This ability to visualize how something was executed is valuable, and the fact that Defender ATP is also linked to the threat intelligence that they have is also valuable. So, even if you have something that doesn't have a conventional signature, the fact that you get this strange execution means that you can detect things that are normally not visible.
Read full review
reviewer2098923 - PeerSpot reviewer
Feb 11, 2023
For threat-hunting, I'll put some threats in a test scenario. I've downloaded known viruses that are out in the public for testing. They're not really a virus but they've got a signature. Defender for Endpoint will automatically find those, quarantine them for me, and alert me to what it did. It gives me "automated eyes."
Read full review
Kevin Mabry - PeerSpot reviewer
Aug 3, 2021
I like the fact that it has the ransomware solution in there. I'm glad that the ransomware solution is built into it. That's probably the biggest thing that I see in Microsoft Defender.
Read full review
SM
Feb 18, 2025
We can run the virus scan across our entire environment.
Read full review
reviewer1984494 - PeerSpot reviewer
Oct 9, 2022
The threat hunting service is very useful for a security professional.
Read full review
Daniel_Ndiba - PeerSpot reviewer
Oct 9, 2022
It's very easy to scale because it comes built-in with Windows 10, and you just need to enable it. This can be done on scale using group policies or through Endpoint Manager on cloud or Intune.
Read full review
Show 10 more reviews (out of 192)
 

Microsoft Defender for Endpoint Cons review quotes

reviewer1501215 - PeerSpot reviewer
Aug 7, 2021
It's not easy to create special allowances for certain groups of users. It can be a little heavy-handed in some areas where Microsoft has decided to lock a feature out, meaning they make it hard to make an exception... One company we work with needed to use about 20 different thumb drives for about 20 users. To make that exception for them was very difficult. In fact, you can't really make an exception. But what you can do is allow them to use it and, while it will still alert, you can actually suppress those alerts.
Read full review
MA
Aug 2, 2022
On the Mac OS platform, there is no parity between Windows and Mac OS. The solution is very feature-rich and very well-integrated into Windows, and I guess baked into Windows 10 and Windows 11. Whereas, on the Mac OS platform, there is still some work there to give it a more feature-reach platform.
Read full review
BS
Jun 1, 2021
Its user interface (UI) can be improved. Currently, in the console, you have to dig down for certain things. They've got many different layers to get to things instead of having it all on the surface. You have to go three folds lower to get to specific functionality or click a particular option. It would be good if we can manage the console through menus and instead of three clicks, we can do things in one click. They need to change the UI and work on it in terms of a better user experience.
Read full review
Buyer's Guide
Microsoft Defender for Endpoint
April 2025
Free Report: Microsoft Defender for Endpoint Reviews and More
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
DOWNLOAD NOW
849,686 professionals have used our research since 2012.
JH
Sep 21, 2022
Localization is always a challenge, especially with new products you typically want. Solutions are designed to be deployed where the most licenses are being consumed, such as in the United States. They focus on US products, devices, and networks. Specialized deployments for other countries would allow for a smoother experience in transition.
Read full review
SimonThornton - PeerSpot reviewer
Jul 17, 2022
A challenge is that it is not a multi-tenant solution. Microsoft's tenant is a licensed tenant. I'm an MSSP. So, I have multiple customers. In Microsoft's world, that means that I can't just buy an E5 license and give that out to all my customers. That won't work because all of the customer data resides within a single tenant in Microsoft's world. Other products—such as SentinelOne, Palo Alto Cortex, CrowdStrike, et cetera—are multi-tenant. So, I can have it at the top of the pyramid for my analyst to look into it and see all the customers, but each customer's data is separate. If the customer wants to look at what we see, they would only see their data, whereas in the Microsoft world, if I've got multiple customers connected to the same Microsoft tenant, they would see everybody else's data, which is a privacy problem in Europe. It is not possible to share the data, and it is a breach of privacy.
Read full review
reviewer2098923 - PeerSpot reviewer
Feb 11, 2023
In active mode, it's great that it gives you so much information, but it does record every keystroke so you have a lot of logs... that amount of data logging started to add up in the cost.
Read full review
Kevin Mabry - PeerSpot reviewer
Aug 3, 2021
It is not very scalable from the eyes of an MSP because there is no dashboard that you can use to see all of your devices that have Windows Defender unless you have your own dashboard or an RMM tool to actually look at it. So, you might not get to know that a particular computer of a client is doing something, and it might have got a virus. That person might know that, but unless you set it up to actually send you the information, you won't get to know that. That's one of the things that is hard with Microsoft Defender. It is not made for the MSP world where you have one pane of glass to see all of your clients with Microsoft Defender on it unless your RMM tool already has that built-in and it can see the telemetry from Microsoft Defender.
Read full review
SM
Feb 18, 2025
Some of the integrations that Defender should include involve the use of the web app.
Read full review
reviewer1984494 - PeerSpot reviewer
Oct 9, 2022
My main issue with the tool is that there are too many menus. This causes a steep learning curve for those without training or unfamiliar with Defender for Endpoint. From an end-user perspective, the solution is there on the machine and does its job; it works seamlessly. However, as a security professional dealing with it behind the scenes, the learning curve can be steep, but not too steep. Still, it has taken some of my analysts up to a month to get familiar with the product.
Read full review
Daniel_Ndiba - PeerSpot reviewer
Oct 9, 2022
With the XDR dashboard, when you're doing an investigation and you're drilling down to obtain further details it tends to open many different tabs that take you away from your main tabs. You can end up having 10 tabs open for one investigation. This is another area for improvement because you can end up getting lost in the multiple tabs. Therefore, the central console can be improved so that it does not take you to several different pages for each investigation.
Read full review
Show 10 more reviews (out of 192)

Product Categories

Product Categories
Endpoint Protection Platform (EPP)
Advanced Threat Protection (ATP)
Anti-Malware Tools
Endpoint Detection and Response (EDR)
Microsoft Security Suite

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Microsoft Defender for Endpoint Logo
CrowdStrike Falcon vs Microsoft Defender for Endpoint
SentinelOne Singularity Complete vs Microsoft Defender for Endpoint Logo
SentinelOne Singularity Complete vs Microsoft Defender for Endpoint
Cortex XDR by Palo Alto Networks vs Microsoft Defender for Endpoint Logo
Cortex XDR by Palo Alto Networks vs Microsoft Defender for Endpoint
Fortinet FortiClient vs Microsoft Defender for Endpoint Logo
Fortinet FortiClient vs Microsoft Defender for Endpoint
Cisco Secure Endpoint vs Microsoft Defender for Endpoint Logo
Cisco Secure Endpoint vs Microsoft Defender for Endpoint
Symantec Endpoint Security vs Microsoft Defender for Endpoint Logo
Symantec Endpoint Security vs Microsoft Defender for Endpoint
HP Wolf Security vs Microsoft Defender for Endpoint Logo
HP Wolf Security vs Microsoft Defender for Endpoint
Tanium vs Microsoft Defender for Endpoint Logo
Tanium vs Microsoft Defender for Endpoint
Trend Vision One Endpoint Security vs Microsoft Defender for Endpoint Logo
Trend Vision One Endpoint Security vs Microsoft Defender for Endpoint
Kaspersky Endpoint Security for Business vs Microsoft Defender for Endpoint Logo
Kaspersky Endpoint Security for Business vs Microsoft Defender for Endpoint
Trellix Endpoint Security vs Microsoft Defender for Endpoint Logo
Trellix Endpoint Security vs Microsoft Defender for Endpoint
Intercept X Endpoint vs Microsoft Defender for Endpoint Logo
Intercept X Endpoint vs Microsoft Defender for Endpoint
ESET Endpoint Protection Platform vs Microsoft Defender for Endpoint Logo
ESET Endpoint Protection Platform vs Microsoft Defender for Endpoint
BigFix vs Microsoft Defender for Endpoint Logo
BigFix vs Microsoft Defender for Endpoint
Check Point Harmony Endpoint vs Microsoft Defender for Endpoint Logo
Check Point Harmony Endpoint vs Microsoft Defender for Endpoint
See all alternatives

Product Categories

Product Categories
Endpoint Protection Platform (EPP)
Advanced Threat Protection (ATP)
Anti-Malware Tools
Endpoint Detection and Response (EDR)
Microsoft Security Suite

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Microsoft Defender for Endpoint Logo
CrowdStrike Falcon vs Microsoft Defender for Endpoint
SentinelOne Singularity Complete vs Microsoft Defender for Endpoint Logo
SentinelOne Singularity Complete vs Microsoft Defender for Endpoint
Cortex XDR by Palo Alto Networks vs Microsoft Defender for Endpoint Logo
Cortex XDR by Palo Alto Networks vs Microsoft Defender for Endpoint
Fortinet FortiClient vs Microsoft Defender for Endpoint Logo
Fortinet FortiClient vs Microsoft Defender for Endpoint
Cisco Secure Endpoint vs Microsoft Defender for Endpoint Logo
Cisco Secure Endpoint vs Microsoft Defender for Endpoint
Symantec Endpoint Security vs Microsoft Defender for Endpoint Logo
Symantec Endpoint Security vs Microsoft Defender for Endpoint
HP Wolf Security vs Microsoft Defender for Endpoint Logo
HP Wolf Security vs Microsoft Defender for Endpoint
Tanium vs Microsoft Defender for Endpoint Logo
Tanium vs Microsoft Defender for Endpoint
Trend Vision One Endpoint Security vs Microsoft Defender for Endpoint Logo
Trend Vision One Endpoint Security vs Microsoft Defender for Endpoint
Kaspersky Endpoint Security for Business vs Microsoft Defender for Endpoint Logo
Kaspersky Endpoint Security for Business vs Microsoft Defender for Endpoint
Trellix Endpoint Security vs Microsoft Defender for Endpoint Logo
Trellix Endpoint Security vs Microsoft Defender for Endpoint
Intercept X Endpoint vs Microsoft Defender for Endpoint Logo
Intercept X Endpoint vs Microsoft Defender for Endpoint
ESET Endpoint Protection Platform vs Microsoft Defender for Endpoint Logo
ESET Endpoint Protection Platform vs Microsoft Defender for Endpoint
BigFix vs Microsoft Defender for Endpoint Logo
BigFix vs Microsoft Defender for Endpoint
Check Point Harmony Endpoint vs Microsoft Defender for Endpoint Logo
Check Point Harmony Endpoint vs Microsoft Defender for Endpoint
See all alternatives
Related questions
  • 7
Compare Microsoft Windows Defender and Symantec Endpoint Protection. How Do I Choose?
  • 91
Which product would you choose: Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks?
  • 121
What do you think of the integration of Azure AD Services, Defender for Endpoint, and Intune as comprehensive security solutions?
  • 28
CrowdStrike Falcon vs Microsoft Defender ATP: Comparison of features and performance
  • 105
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
  • 185
Running Carbon Black Defense Along with Windows Defender
  • 212
How is Cortex XDR compared with Microsoft Defender?
  • 37
Which offers better endpoint security - Symantec or Microsoft Defender?
  • 41
How does Microsoft Defender for Endpoint compare with Carbon Black CB Defense?
  • 33
How would you compare between Microsoft Defender for Endpoint and Tanium EDR?