It's used to improve the security score for the whole system, even if it is the cloud or on-premises version.
Reliable with useful security and helpful technical support.
Pros and Cons
- "Technical support has been great."
- "We'd like the stability to be better."
What is our primary use case?
What is most valuable?
The security is very useful.
Its stability is okay.
The solution can scale.
Technical support has been great.
There's no setup process; a user simply needs to enable it to get started.
What needs improvement?
We'd like the stability to be better.
For how long have I used the solution?
I've been using the solution for about two years.
Buyer's Guide
Microsoft Defender for Endpoint
June 2025

Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
859,957 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is stable. There are no bugs or glitches and it doesn't crash or freeze. It's reliable and the performance is good.
What do I think about the scalability of the solution?
The product can scale if a company needs it to.
There's a big number of users on the solution in our company. It's likely more than 400 users.
How are customer service and support?
We've dealt with support in the past and found them to be very helpful. We're quite satisfied with the level of service.
Which solution did I use previously and why did I switch?
I'm also familiar with Trend Micro, which is similar. However, Defender is specific to Microsoft.
The company does use more than one solution as well.
How was the initial setup?
There's not really an installation process. A user simply needs to enable it. That's all.
What's my experience with pricing, setup cost, and licensing?
We pay a yearly licensing fee.
What other advice do I have?
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Group CISO, VP of Group Security, Risk & Compliance at a computer software company with 1,001-5,000 employees
Performs well, easy to maintain, and good support
Pros and Cons
- "The most valuable feature of Microsoft Defender for Endpoint is that it is embedded into the Windows system. Additionally, the performance is good and simple to maintain."
- "Microsoft Defender for Endpoint is secure but when it comes to security all solutions could improve security."
What is our primary use case?
Microsoft Defender for Endpoint can be used for system protection. For example, anti-virus, malware, and EDR.
What is most valuable?
The most valuable feature of Microsoft Defender for Endpoint is that it is embedded into the Windows system. Additionally, the performance is good and simple to maintain.
What needs improvement?
Microsoft Defender for Endpoint is secure but when it comes to security all solutions could improve security.
For how long have I used the solution?
I have been using Microsoft Defender for Endpoint for a couple of years.
What do I think about the stability of the solution?
Microsoft Defender for Endpoint has been stable in our usage.
What do I think about the scalability of the solution?
We have more than 5,000 users using this solution.
How are customer service and support?
We are quite satisfied with the support.
Which solution did I use previously and why did I switch?
We use many solutions in our company, such as Panda, Trend Micro, McAfee, Microsoft, and FireEye.
How was the initial setup?
There is no installation required.
What about the implementation team?
We have a five-person technical team that supports this solution.
What's my experience with pricing, setup cost, and licensing?
The solutions price could be cheaper.
What other advice do I have?
I recommend this solution to others.
I rate Microsoft Defender for Endpoint an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Microsoft Defender for Endpoint
June 2025

Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
859,957 professionals have used our research since 2012.
Its files and folder protection ensures no changes can made to endpoint folders and files without the user being aware
Pros and Cons
- "It is quite stable. We have not had any cases, i.e., viruses, that would require a reboot, etc. We have never had a situation where we needed to reinstall the tools as a result of the Defender application or a feature being corrupt."
- "The folders and files protection are its most valuable features. These have been valuable because of the increase in ransomware attacks. With these two features, I can ensure that no changes have been made to our system or endpoint folders and files without the user being aware."
- "I wish they would extend the use of the Security Central portal, even for the free option of Defender. Because, as companies grow, it is labor intensive to manage the AV and detection part of it. For companies already subscribed to Office 365, I think this would be a good enhancement."
What is our primary use case?
We are using it as the antivirus as well as the malware protection.
How has it helped my organization?
We have not had any attacks, in terms of viruses, worms, or ransomware, in the last three years.
The impact of the solution has been minimal. Employees can work with any interruptions.
What is most valuable?
The folders and files protection are its most valuable features. These have been valuable because of the increase in ransomware attacks. With these two features, I can ensure that no changes have been made to our system or endpoint folders and files without the user being aware.
What needs improvement?
I wish they would extend the use of the Security Central portal, even for the free option of Defender. Because, as companies grow, it is labor intensive to manage the AV and detection part of it. For companies already subscribed to Office 365, I think this would be a good enhancement.
For how long have I used the solution?
I have been using it for three years.
What do I think about the stability of the solution?
It is quite stable. We have not had any cases, i.e., viruses, that would require a reboot, etc. We have never had a situation where we needed to reinstall the tools as a result of the Defender application or a feature being corrupt.
Four IT support technicians are responsible for administrating Microsoft Defender in our organization. They make sure that upgrades and updates are done in a good timeframe.
What do I think about the scalability of the solution?
Its scalability is good enough. As long as you deploy the OS, you will keep on deploying Microsoft Defender automatically. This is a good option.
We have about 375 endpoints.
How are customer service and technical support?
I have never used their support.
Which solution did I use previously and why did I switch?
Before Microsoft Defender, we were using Bitdefender. Before Bitdefender, we were using McAfee Symantec.
We switched to Microsoft Defender because there was a change of ownership for the company in 2017.
We went for Microsoft Defender once we were informed that it would be part of our Office 365 package. So, we combined the licensing for the OS with Office 365. Yeah. We thought it was a good bargain.
How was the initial setup?
The initial setup was straightforward.
The deployment takes a maximum of half an hour.
What was our ROI?
We have seen ROI. Most of the other competing alternatives will cost up to around $30 per user device. We average 400 devices. Therefore, the amount that we save each year is 400 times $30.
What's my experience with pricing, setup cost, and licensing?
We have been using the free version.
What other advice do I have?
Microsoft Defender is good enough as long as you ensure the environment is well-patched and secure, then even the free option will be sufficient to take care of the entire ground.
We are not looking to increase usage at the moment because of the underlying economic situation.
I would rate this solution as nine out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Centralized device management, advanced threat detection, and it's cost-effective
Pros and Cons
- "We apply the DLP policies across a range of endpoints and it is very accurate when reporting vulnerabilities, including those in email attachments."
- "It would be helpful if they included XDR features, on top of the EDR functionality."
What is our primary use case?
We are using this product as part of our EDR solution, and we use it in conjunction with CrowdStrike. We are a solution provider and this is one of the products that we deploy for our clients.
How has it helped my organization?
This product has features that improve our security posture including good vulnerability detection, maintaining endpoint devices, and unified management. The management feature allows us to manage all of our devices from a single location.
The advanced techniques used by Microsoft Defender are improving our user experience. Our users used to complain that they didn't need certain features, but this was because the legacy antivirus and other EDR solutions were hampering their usage. Nowadays, vulnerability detection is very effective and they are comfortable with the security, as well as the administration, giving them a better overall experience.
What is most valuable?
The most valuable feature is threat detection. We have been notified of viruses and threats of problems such as ransomware attacks.
The Cloud App Security features are useful.
We apply the DLP policies across a range of endpoints and it is very accurate when reporting vulnerabilities, including those in email attachments.
Microsoft Defender integrates well with Office 365.
Especially these days, with the COVID situation, this product helps us to better reach our users and solve problems. For example, we no longer need to ask them to bring in their laptop to check for and address issues. We can apply policy, automatically define rules, and remedy problems using the central management features.
What needs improvement?
It would be helpful if they included XDR features, on top of the EDR functionality. It would improve the capabilities, as XDR solutions are doing better.
For how long have I used the solution?
I have been working with Microsoft Defender for Endpoint for almost a year, with the E5 licenses.
What do I think about the stability of the solution?
Stability-wise, it is responsive and I don't see any drawbacks. They have additional features that make it a little more robust.
What do I think about the scalability of the solution?
Scalability-wise, considering the integration that they have, it's good. For example, it can be integrated with Azure Sentinel. We have two or three people who work with managing and deploying this product.
We deploy across Qatar and currently have about 68,000 endpoints protected with Defender. Our usage will increase based on the number of clients we have that buy the product. Ultimately, it depends on the licensing model.
Which solution did I use previously and why did I switch?
Prior to working with Microsoft Defender, we used CrowdStrike and SentinelOne. We switched because these other products are standalone, and require that we install and maintain them manually. Microsoft Defender is unified and comes as part of Microsoft 365, which makes it easier to set up and manage.
The advantage that these other products have is the XDR features.
How was the initial setup?
The initial setup is straightforward. We deploy this product using Microsoft Intune, which is very helpful. It took us one month to deploy approximately 5,000 users. We had a specific plan that we followed for the implementation.
What about the implementation team?
I completed the deployment.
What's my experience with pricing, setup cost, and licensing?
This product offers cost-effective threat protection, which integrates with Office 365 and has unified endpoint management features.
We currently use the enterprise-level, E5 licensing scheme. It is a complete bundle that includes the Microsoft 365 products, the Zero Trust solution, and Microsoft Defender.
The E5 license is the one that I recommend because it comes with Cloud App Security, which is a good thing to have on top of Microsoft Defender. It means that you can monitor any threats, sign-in attempts, and other resources whether on the cloud or on-premises.
What other advice do I have?
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Deliver Practice Director at DynTek
A stable and scalable enterprise endpoint security platform that's easy to set up and deploy
Pros and Cons
- "I like that it's easy to deploy because it already comes with Windows 10. Overall, it has all the features that we need. Easy to deploy, comes with updates, and comes with Windows updates. You don't have to really manage or update the signature."
- "Integration with third-party vendors could be better. It would be better if it integrates with other protection solutions or other products outside of Microsoft. Nowadays, anti-virus protection doesn't really have to be planned as overall protection for your environment in terms of security. There are really different avenues that bad actors can take to wreak havoc on your machine."
What is our primary use case?
We use it to protect computers or endpoints from any malicious software, malware, and other viruses. You have to use this one as part of your overall protection plan.
How has it helped my organization?
The deployment of Microsoft Defender for Endpoint is a no-brainer when it comes to Windows. When you provision a new laptop for your environment, it comes with it. We use Intune to be seen on the cloud for centralized management. There's actually a console where you can go in and manage it properly, and we use Intune to deliver the onboarding.
What is most valuable?
I like that it's easy to deploy because it already comes with Windows 10. Overall, it has all the features that we need. Easy to deploy, comes with updates, and comes with Windows updates. You don't have to really manage or update the signature.
What needs improvement?
Integration with third-party vendors could be better. It would be better if it integrates with other protection solutions or other products outside of Microsoft. Nowadays, anti-virus protection doesn't really have to be planned as overall protection for your environment in terms of security. There are really different avenues that bad actors can take to wreak havoc on your machine.
We don't just use anti-virus. That's really like a traditional way of doing it. We have different kinds of protections. We have our advanced threat protection for email, and we have advanced threats analytics for domain controllers for servers. We use all those.
For how long have I used the solution?
I have been using Microsoft Defender for Endpoint for three or four years.
What do I think about the stability of the solution?
It's very reliable and very dependable. I don't see any issues with it. In fact, it's the best product I have used because it's integrated with Windows 10. It doesn't eat up resources while running like other products. It's a really well-thought product.
What do I think about the scalability of the solution?
It can scale as much as you want. It installs a very low footprint on your laptop, but the management is cloud-based.
How are customer service and technical support?
Technical support is average. We call technical support very rarely for this particular product, but it's actually hit or miss with Microsoft. Sometimes you get a good person on the other line. Sometimes you get someone that's slow in providing support.
Which solution did I use previously and why did I switch?
I've used many products in the past, and I liked this one because I can't really find that many issues with it. I used McAfee, Symantec, CrowdStrike, and different anti-malware and anti-virus programs, but this seems to be good.
We switched because we're Microsoft partners, and we're actually kind of biased about it. We also implement other products because some of our clients use them. It's very hard to convince them to go with another product. Sometimes because of the existing subscriptions, they are unable to make the switch.
How was the initial setup?
The initial setup is straightforward.
What about the implementation team?
We are a Microsoft partner and consultants. We implement these solutions.
What's my experience with pricing, setup cost, and licensing?
Microsoft Defender for Endpoint comes with Windows 10, and it's free. But for you to be able to manage it in the cloud and use the console, you need to have either an Office 365 E5 subscription or a Microsoft M365 subscription. You need to buy an extra license.
What other advice do I have?
If you're looking for anti-virus software, use the one that comes with Windows 10, and save your money.
On a scale from one to ten, I would give Microsoft Defender for Endpoint a ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Manager IT Server Operations at a energy/utilities company with 10,001+ employees
Helps to secure workstations, laptops, and servers
Pros and Cons
- "Microsoft Defender for Endpoint is free and part of the licensing stack of other Microsoft products."
- "The product should reduce updates since it is hard to keep up."
What is our primary use case?
We use Microsoft Defender for Endpoint to secure our workstations, laptops, and servers. It helps us to do virus scanning and malware protection.
What is most valuable?
Microsoft Defender for Endpoint is free and part of the licensing stack of other Microsoft products.
What needs improvement?
The product should reduce updates since it is hard to keep up.
For how long have I used the solution?
I have been using the product for three to four years.
How was the initial setup?
The tool's deployment was simple. It took about a month to complete since we have over 5000 servers across various platforms.
What other advice do I have?
Microsoft Defender for Endpoint helps us save time since we don't have to keep a separate semantic console.
We can see the threats as soon as they come in. Our security team gets notifications.
I rate it an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Cyber Security Senior Analyst at a security firm with 51-200 employees
Has EPP and EDR capabilities, helps with compliance, and provides visibility at one place
Pros and Cons
- "We had certain compliance and usage issues. For example, our company wanted to go with CIS, but we didn't have a proper way of measuring whether the endpoints have the right standards in place or whether they were compliant with CIS. Microsoft Defender was like a one-stop for most things because it gave us the vulnerability and patching scores so that our vulnerability management teams can focus on covering up the vulnerabilities and the patching team can check the vulnerable versions and deploy the right versions."
- "I'm not too sure of its current capabilities, but I'm pretty sure they are doing a good job on Windows and Mac. However, I'm not sure whether they covered Linux. If I remember correctly, Microsoft Defender didn't have anything proper on Linux back then, but if they have improved it from that aspect, it would already be ticking all the boxes."
What is our primary use case?
We used it as an EPP and EDR solution.
How has it helped my organization?
Microsoft Defender made the work quite easy because we didn't have to rely on multiple tools, and we could look at one thing. It had a specific endpoint-level reporting standard as well where you can see the vulnerable threats and the outdated versions. It was very convenient.
We had certain compliance and usage issues. For example, our company wanted to go with CIS, but we didn't have a proper way of measuring whether the endpoints have the right standards in place or whether they were compliant with CIS. Microsoft Defender was like a one-stop for most things because it gave us the vulnerability and patching scores so that our vulnerability management teams can focus on covering up the vulnerabilities and the patching team can check the vulnerable versions and deploy the right versions. It had multiple advantages for us in terms of patching, vulnerability management, adhering to security standards, and EDR and AV capabilities.
Microsoft Defender was pretty interesting in terms of visibility. When we compare the solution that we had before with Microsoft Defender, there is almost a night and day difference. Microsoft Defender is pretty advanced with the threats. We used to run, simulate, and see whether we were prone to the latest vulnerabilities. It was a pretty good solution in our experience.
It definitely saved us a lot of time. I don't have the metrics, but because it was a one-stop place, we didn't have to navigate through all the controls and go from one place to another to look for different reports for each section. We had one tool that could do everything in one place. It would have definitely saved us nearly one-fifth or 20% of the time. It would have also saved money because you rely on one single tool for multiple things. When you go with the premium suite, you get other tools as well. There is definitely a cost-saving aspect.
What is most valuable?
It came in a suite. There were multiple other products that were included with it as well in the premium suite. Another factor was that you don't have to invest in two products, and you can get both components, the EPP and the EDR, in one. You can also do simple vulnerability management, CIS hardening, and things like that from Microsoft Defender. Those were the main reasons for considering it back then.
What needs improvement?
I haven't used the product in nearly eight months. I use it on my device, but I haven't used it at an administrative level. Previously, with Microsoft Defender, we used to have certain problems with the Mac machines, but later on, they came up with various ways so that we could use the MDM solution to do the job. They provided pretty good support. Their engineers came and tried to figure out the solution.
I'm not too sure of its current capabilities, but I'm pretty sure they are doing a good job on Windows and Mac. However, I'm not sure whether they covered Linux. If I remember correctly, Microsoft Defender didn't have anything proper on Linux back then, but if they have improved it from that aspect, it would already be ticking all the boxes.
For how long have I used the solution?
I have used Microsoft Defender for eight months to one year in my previous organization.
What do I think about the stability of the solution?
In comparison to the other solutions that I've had experience with, Microsoft Defender was very good.
What do I think about the scalability of the solution?
It was definitely scalable. In my previous organization, we enrolled more than 20,000 endpoints.
How are customer service and support?
It was pretty good. At that time, Microsoft Defender was very new. When they released it for Mac, that's when we got hold of them. There was a time when their support engineers learned certain things from me about it, and I also did learn something from them. It was a win-win situation for both of us.
I would rate their support a seven out of them. The level of support depends on the complexity of the issue. If an issue is small, anyone can solve it, and it wouldn't take much time, but when you run into a complex problem, you need proper people coming in quickly and giving you some support after looking into the issue. Ideally, if they are very well-trained at all levels, that would be good.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We had other products for antivirus and EDR. We removed those two products and replaced them with Microsoft Defender. They both were pretty good solutions in the market back then. One of them is a pretty good solution even now.
We found Microsoft Defender pretty good when we did the PoC as compared to the rest of the tools. Some of the solutions were only antivirus, and some of them were only EDR, whereas this particular tool had a lot of features built into it. So, one agent could do many things. Another reason for going for this solution was that the company I used to work with was a bit biased toward Microsoft. They were a Microsoft customer, and they were comfortable with Microsoft.
The reliability of support was one of the reasons why we chose Microsoft. When it comes to tools, there are always requirements related to budget, level of support, and other things. When you go for a PoC and look at the demo, you might think a product is stable, but when you run into a problem, the support could be weak. In such instances, what's the use of the product if you don't have good support or if they take at least two to three days to solve a small issue?
How was the initial setup?
I handled the Mac machine part of it. Initially, setting up policies and getting all the configuration profiles in place was a bit of a challenge because they didn't have proper documentation at first. During the PoC, there were not many documents or support articles, but when we were in the deployment phase, they had everything, even specific to particular MDMs, which made it very smooth. We ran into a couple of small problems, but that's pretty common in every deployment. Other than that, it was pretty smooth.
From Microsoft's side, there is a pretty good deployment strategy in place, but different companies have different objectives and different ways of working. There are situations where certain users and groups might need something specific but other users or groups don't. There could be multiple groups of users with different expectations. So, it is pretty straightforward, but like with any security tool, there could be internal user-level challenges. However, for a company that does not have a very complex environment, it should be a piece of cake. It should be pretty easy.
In terms of our implementation strategy, we first targeted the least impacted devices because we didn't want high-end or critical users complaining about having issues. So, we selected the low-priority users and implemented it for them, and then we tested it out. After that, we implemented it for users with higher priorities. We gradually moved based on the severity.
In terms of maintenance, agent updates are required, which we scheduled automatically. It didn't seem to need much attention. If the product is in a non-complex environment, it won't have many issues, but in a complex environment, there will be some because of VLAN restrictions, network connectivity limitations, etc. We also had issues where agents were not communicating, but it was not because of an issue with the tool. It was mainly because of the complexity of the environment in terms of networking and architecture.
What other advice do I have?
Microsoft Defender decreased our time to detect and time to respond. However, we didn't completely rely on one solution. We had other means as well. We used to have another EDR solution as well, and we used to run both together.
I would definitely agree with a security colleague who says that it’s better to go with a best-of-breed strategy rather than a single vendor’s security suite. For example, if you are a one-vendor customer, the day the vendor gets hit with zero-day or any huge attack, none of your tools or software would work. Your data and other things are also at risk. So, having multiple vendors is good because you'll be covered by different products.
Microsoft Defender's threat intelligence helps to prepare for potential threats before they hit and take practice steps, but there was another team that was using the threat intelligence and reporting capabilities to see whether the organization was ready. In my previous organization, we had overall IT support, which was then divided into nearly 20 different teams. We had one team specifically to do one specific job.
For prioritization of threats, if I'm not wrong, Microsoft Defender gives you a severity value. I haven't been in the admin part for long, but it gives you a severity value. Based on that, you can prioritize your threats.
I would rate Microsoft Defender an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Cloud Productivity and Security Engineer at a tech vendor with 11-50 employees
It shows you the dangers that matter the most to your own organization and which threats you should address first to achieve the most significant improvement in your security posture
Pros and Cons
- "Defender provides useful alerts and groups them. It sends an alert to your portal if it detects any malicious activity, and you can group multiple alerts to form an incident."
- "I had some cases a while back and told an agent my issue. When I called the next day, I had to explain everything again to a different person, so I found it annoying to repeat myself all over."
What is our primary use case?
We use a package of Microsoft security products, including Defender for Endpoint, 365 Defender, Sentinel, and Defender for Identity. You can integrate them with a few clicks. They work together natively, and Sentinel provides advanced monitoring, so you know everything happening in your environment.
It's essential to have one space where you can manage all these solutions together because security can be complicated. It makes it that much more complex to have to navigate to a different portal for identity, email, etc. It's crucial to have a single place to manage all your security operations, so you don't have to move around.
We started with endpoint protection, where you install an agent on your client with a sensor already built in. Once you have that agent installed, the endpoint can report to the Microsoft security portal. You'll be able to see the device onboarded on the portal using some scripts, and you can monitor most of the vulnerabilities. You can also detect, respond and remedy security vulnerabilities from the portal.
We added email protection by setting policies that will analyze our email. It analyzes our links and attachments to see if there's malware attached. We move ahead to use Defender for Office 365. We also moved forward with Defender for Cloud, and the solution for our workloads, like VM, our network security group, etc. There is another one called Defender for Identity that lets us manage our on-premises and cloud identity from a single portal.
How has it helped my organization?
Many of our users are on older operating systems and browsers with vulnerabilities that harm the environment. An attacker can take advantage of those old browsers to access the infrastructure. Defender for Endpoint lets us identify those browsers with vulnerabilities and resolve the issues. We can also find processes that we didn't initiate and stop them right away.
Defender helps us prioritize threats from the security portal. It shows us the dangers that matter the most to our own organization and which threats we should address first to achieve the most significant improvement in our security posture.
We can manage Defender for Endpoint and Defender for 365 from the same integrated security portal, and it's user-friendly. Microsoft is much more user-friendly than Sophos.
Microsoft covers every aspect of security and the global challenges we face. The biggest threat today is identity and access management. If someone has access to your identity, they can access much of your technology. They have solid solutions for identity, email, and cloud. I don't think there's anything Microsoft left out. Microsoft has your security environment protected.
Sentinel enables you to ingest data from your entire ecosystem from on-premise to the cloud. It has single sign-on technology, so you can use your account from your on-prem to sign on to the cloud and vice versa. A user doesn't have to remember a lot of passwords.
Sentinel's data ingestion is essential. Security tasks can be tedious. It's great to have technology that lets you integrate all your data from different sources. You can also incorporate data from other clouds, not just Azure. You can have data from Azure and on-premise.
So far, Sentinel is one of the most comprehensive SIEMs I've seen. They have even added this XDR. Sentinel doesn't just do SIEM and SOAR. It also covers XDR. The automation is there, so you don't have to do much work. The automation helps you look at the activities behind all this data and correlate them to see the relationships. It gives you information at a glance to see if there is a relationship between these various data sources.
Defender saves us time. A task takes typically three days and could be accomplished in one day using Microsoft technology. With an on-premise network, you need to switch between portals on all your network devices, but you can achieve that from one portal. You can set policies that will block traffic to your infrastructure, so it saves time. The advanced threat protection using AI has also reduced our detection time.
We've also saved money. We previously managed the technologies on-premise, so we had to maintain the solutions ourselves. We spend less using Microsoft cloud technology because we don't need to pay for those extra features. We only need to pay for operational expenses.
We don't have to go to the affected devices when we see a security vulnerability from the portal. We can respond to those issues and resolve them using an endpoint management solution, like Intune. When we resolve a security issue, it takes a week to see the score, but we see the results immediately.
What is most valuable?
I like the security score that you can see from the portal. You can see the list of the vulnerabilities, and the security score tells you how well your organization is managing those vulnerabilities. It's a strong feature that helps improve your security operations.
Another helpful feature is the recommendations. The portal will guide you on how you can resolve those issues from your own endpoint. This feature is great if you don't have that kind of experience. It will help you understand the technology better and improve your security posture.
Defender provides useful alerts and groups them. It sends an alert to your portal if it detects any malicious activity, and you can group multiple alerts to form an incident.
What needs improvement?
I would like to see Sentinel better integrated with the rest of the security technology within one portal.
For how long have I used the solution?
I've been using Defender for more than a year.
How are customer service and support?
I rate Microsoft support seven out of ten. I had some cases a while back and told an agent my issue. When I called the next day, I had to explain everything again to a different person, so I found it annoying to repeat myself all over.
It would be helpful if they had some coordination between their support, so we don't have to repeat ourselves. They should be able to transfer your details from one agent to another.
Which solution did I use previously and why did I switch?
We previously used Sophos.
What's my experience with pricing, setup cost, and licensing?
Defender doesn't cost that much. When you use Microsoft technology, you can start with the free version and see how much the technology helps your organization solve security problems before you use the subscription. They also do this pay-as-you-go model, so you only pay when you use it.
What other advice do I have?
I rate Defender for Endpoint nine out of ten. It's great. I don't have anything negative to say about those technologies. They are serving their purpose.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner

Buyer's Guide
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2025
Product Categories
Endpoint Protection Platform (EPP) Advanced Threat Protection (ATP) Anti-Malware Tools Endpoint Detection and Response (EDR) Microsoft Security SuitePopular Comparisons
CrowdStrike Falcon
Microsoft Intune
Fortinet FortiEDR
Microsoft Defender for Office 365
Microsoft Sentinel
Microsoft Entra ID
Microsoft Defender for Cloud
SentinelOne Singularity Complete
Microsoft Defender XDR
Microsoft Purview Data Governance
Cortex XDR by Palo Alto Networks
Fortinet FortiClient
HP Wolf Security
Elastic Security
Buyer's Guide
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Compare Microsoft Windows Defender and Symantec Endpoint Protection. How Do I Choose?
- Which product would you choose: Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks?
- What do you think of the integration of Azure AD Services, Defender for Endpoint, and Intune as comprehensive security solutions?
- CrowdStrike Falcon vs Microsoft Defender ATP: Comparison of features and performance
- How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
- Running Carbon Black Defense Along with Windows Defender
- How is Cortex XDR compared with Microsoft Defender?
- Which offers better endpoint security - Symantec or Microsoft Defender?
- How does Microsoft Defender for Endpoint compare with Carbon Black CB Defense?
- How would you compare between Microsoft Defender for Endpoint and Tanium EDR?