Microsoft Defender for Endpoint provides visibility into our workstations at SOC.
IT Development Manager at S-ryhmä / S Group
Provides visibility into SOC workstations and stops threats from spreading to machines
Pros and Cons
- "We can react to threats faster and stop them from spreading from one machine to another. It protects from suspicious email attachment downloads. It will lock down the SOC and the workstations."
- "Microsoft Defender for Endpoint's licensing is confusing. It has conflicting information on the website. We also faced integration issues with other systems. It makes laptops slower than traditional antivirus systems."
What is our primary use case?
How has it helped my organization?
We can react to threats faster and stop them from spreading from one machine to another. It protects from suspicious email attachment downloads. It will lock down the SOC and the workstations.
What is most valuable?
It is an EDR product that offers much more information into what's happening at our workstations.
What needs improvement?
Microsoft Defender for Endpoint's licensing is confusing. It has conflicting information on the website. We also faced integration issues with other systems. It makes laptops slower than traditional antivirus systems.
Buyer's Guide
Microsoft Defender for Endpoint
July 2025

Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
862,514 professionals have used our research since 2012.
For how long have I used the solution?
I have been working with the product for a year.
What do I think about the stability of the solution?
Microsoft Defender for Endpoint is stable.
What do I think about the scalability of the solution?
The tool's scalability is good, but we must consider the cost.
What was our ROI?
We get good ROI with the product's use.
What other advice do I have?
The product's threat intelligence prepares us for potential threats and helps us take proactive steps. Its vulnerability management feature is important to us.
Microsoft Defender for Endpoint has improved our security posture by giving visibility to our endpoints and vulnerabilities.
The tool helps us save months per year. It also helps us save money in manhours.
Microsoft Defender for Endpoint has reduced our time to respond and time to detect by a large margin.
We chose the product because we already use Microsoft products, and it better integrates with them.
I rate it an eight out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Service Success Manager at a computer software company with 5,001-10,000 employees
Integration with Security Center and the Microsoft compliance score helps us improve security maturity
Pros and Cons
- "The integration of Defender, Security Center, and the Microsoft compliance score, is the feature we use most to share the results with our clients and to create a roadmap together."
- "I would like to see integrations with other products, such as Spunk and other CM solutions. That would create possibilities for me, and for a SOC, to consolidate all events in an older console, not one provided by Microsoft but provided by a third party, and use it to create more insights."
What is our primary use case?
Our use case is for financial groups and we use it to control malware, as well as for antivirus. Our focus is on using it as an endpoint solution, but we cover the older servers too.
How has it helped my organization?
Of course, we integrate Defender with Microsoft Defender Security Center and the Microsoft compliance score. We use these tools to check the maturity and to guide our clients in using the solution better. The result is that we see growth in security maturity.
When we need to create a new server, we follow certain steps. One step is activating the extension from within the server and using that to check and monitor, in a centralized console, the health of the server. Defender also provides additional information about vulnerabilities and opportunities to increase the overall security.
For example, it will tell us if a library being used has any vulnerabilities. This information is very important for us and for our clients. They use this information to go back to their developers and request fixes. Or it may identify a problem with something in a client's application, where they need another version to mitigate it. And again, when they apply the new version, we can check it using Defender to see if the vulnerability has been resolved.
What is most valuable?
The anti-malware feature is mandatory for us.
Also, we use policies to mitigate vulnerabilities, but the final compliance score from Microsoft shows us what level the client is at and what level is needed to achieve better results and increase security policy maturity. The integration of Defender, Security Center, and the Microsoft compliance score, is the feature we use most to share the results with our clients and to create a roadmap together.
What needs improvement?
I would like to see integrations with other products, such as Spunk and other CM solutions. That would create possibilities for me, and for a SOC, to consolidate all events in an older console, not one provided by Microsoft but provided by a third party, and use it to create more insights. Examples of such insights might be the need to create a new policy or the need to mitigate an attack happening now. This type of ability would create a new business case, one that doesn't only use Microsoft solutions.
For how long have I used the solution?
I've been using Microsoft Defender for Endpoint for two years.
What do I think about the scalability of the solution?
The scalability is amazing. Using Azure, the sky is the limit. You just need to understand the business case.
In some cases our clients have small environments, but in other cases they have big environments. Large clients may have 1,000 agents running. But as a consulting company, we work with many types of businesses and many environments of different sizes.
As I mentioned, if the client requests an integration with some third-party tool, we may need to use another tool or develop something to make this possible. But in most cases, you don't need to do so. You just activate it and check if your policy will apply or has already been applied to the server.
How are customer service and support?
We have no problems with Microsoft's technical support. My team resolves level-one and level-two problems, but when we need to check something directly with Microsoft, when it's a level-three issue, we open a ticket and talk with the engineers.
How would you rate customer service and support?
Positive
How was the initial setup?
It's so easy. All activity is in the cloud, for deploying the agents and policies. It's not complex.
You just click, one-two-three, and it's working. In some cases, the deployment takes minutes. If the client needs a particular window or has a critical application running on their machine, it takes more time because of that machine's situation. But in general, it just takes a few minutes.
The harder part, following this, is you need time, like with other tools, to check the events. The tool will provide some insights, but you need to understand them, and after that, share them with the client or with those responsible for taking action.
Which other solutions did I evaluate?
In addition to Azure, we have partnerships with AWS and Google. We focus on security and use Kaspersky as well. It's all according to the business case. We take the time to understand the business case and then build a draft solution, check it with the client, and after that, we choose the best tool, given the budget available from the client. We create one, two, or three options and the client selects what is best for them.
The main difference between Defender and Kaspersky is the scalability and the installation and deployment process which, with Defender, is so easy.
What other advice do I have?
My advice regarding Defender is the same for any other security solution: Check what you need, what types of logs and whether you will consolidate these logs in another tool. What type of knowledge will you bring from those tools to create and apply new policies and anticipate security problems?
Always check your needs with the business case. Aligning them will help determine what you need to buy. Check inside Defender to see what you need to activate. Every new feature you activate inside the cloud is billed and you need to understand if you really need each feature.
Defender has some effect on the endpoint itself but it does not change the user's work processes. It is a single tool on the endpoint to monitor the activities that happen there, but it does not affect the end-user.
But you need to understand the limitations. There are some limitations with Defender when it comes to non-Microsoft solutions. But that's not unique to Defender. It's the same with every tool. You need to understand its limitations.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Buyer's Guide
Microsoft Defender for Endpoint
July 2025

Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
862,514 professionals have used our research since 2012.
Director at Calidad Systems Limited
Straightforward setup and good anti-malware but needs better online protection
Pros and Cons
- "It is a straightforward setup."
- "They can improve it on the online protection front since people nowadays are moving online and working from home."
What is our primary use case?
Normally, we use the solution for our workstations.
What is most valuable?
The solution is quite stable.
You get online privacy. It also protects the machines from malware and trojans.
It's a scalable product.
It is a straightforward setup.
What needs improvement?
There is always room for improvement. They can improve it on the online protection front since people nowadays are moving online and working from home. That would be a good thing to focus on.
For how long have I used the solution?
I've been using the solution for one year. It hasn't been that long just yet.
What do I think about the stability of the solution?
The product is very stable and quite reliable. There are no bugs or glitches. It doesn't crash or freeze. The performance has been good.
What do I think about the scalability of the solution?
The product can scale well.
Around 15 people are using it in our organization.
We may increase it in the future.
How are customer service and support?
I can't recall ever contacting support.
Which solution did I use previously and why did I switch?
I'm also familiar with Kaspersky. We were previously using ESET.
How was the initial setup?
The initial setup is quite simple and quite straightforward. It's not overly complex or difficult.
The deployment is fast. It only takes a minute or so.
You only need one person - an engineer - to manage the product once it is up and running.
What about the implementation team?
We handled the initial setup on our own. We did not need any consultant or integrator help.
What's my experience with pricing, setup cost, and licensing?
We pay annually for a license.
What other advice do I have?
I'd rate the solution seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Security Technical Specialist at a retailer with 10,001+ employees
Very user-friendly, offering safety, security and providing a phenomenal amount of good information
Pros and Cons
- "User-friendly, offering safety and security."
What is our primary use case?
It's an antivirus product, so its main use is to protect us.
What is most valuable?
This is a really good product, it's user-friendly and offers us safety and security.
What needs improvement?
The technical support could be improved.
For how long have I used the solution?
I've been using this solution for three years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
In terms of scalability, we went from 10 pilot machines to 35,000 devices.
How are customer service and support?
The technical support isn't too bad but their responsiveness needs to be improved. I'd say it's their biggest issue.
How was the initial setup?
The initial setup is very easy, probably one of the easiest onboarding processes I've done. Implementation was done in-house and takes a few minutes per device; click it and go. I deal with anything related to antivirus patching and encryption and we have four cyber analysts that look after whatever comes out of ATP or Defender for Endpoint.
What other advice do I have?
My advice would be to plan carefully and make sure you take notice of what's coming out because it pushes out a lot of very useful information. It's a matter of having sufficient staff because the amount of information it gives you is phenomenal. If a company doesn't have sufficient resources then any other antivirus might work, but this thing produces so much useful information that if you're implementing this solution it's worthwhile having the staff to deal with it.
I rate this product 10 out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Senior Manager at Ernst & Young
Reliable with good features but needs improvements on some of the technical aspects
Pros and Cons
- "The solution can scale as needed."
- "In India at least, it seems to be a bit more expensive than other options."
What is most valuable?
The stability has been good so far.
If I compare its features to the other solutions in the market, it has some good features. It's comparable to others.
The solution can scale as needed.
What needs improvement?
In India at least, it seems to be a bit more expensive than other options.
For how long have I used the solution?
I've just recently been introduced to the product. I haven't used it for very long.
What do I think about the stability of the solution?
The stability has been fine. There are no bugs or glitches and it doesn't crash or freeze.
What do I think about the scalability of the solution?
The scalability has been great. If you need to expand, you can.
How are customer service and support?
I have never needed to contact technical support. I can't speak to how helpful or responsive they are.
What's my experience with pricing, setup cost, and licensing?
The pricing is a bit high for the Indian market.
What other advice do I have?
We are a partner and we consult clients on security solutions. It's one of the solutions we take to our clients.
For companies that are Microsoft shops, I would recommend the product. It saves a lot of integration requirements as compared to other solutions. It's a good product that does what it says it will do.
I would rate the product a seven out of ten. There are improvement opportunities in terms of the overall tech and commercial aspects of the product. It needs to be more competitive and technical.
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Assistant Chief Manager at a financial services firm with 5,001-10,000 employees
Advanced threat protection fulfills a large number of security strategy requirements for our organization
Pros and Cons
- "We found that because the endpoint devices are based on Microsoft Windows devices and Windows Defender is integrated with the foundation and the core layer, it makes it more integrated and more agile in terms of responding to any security threats or changes or development"
- "In terms of the architecture of the management infrastructure, we found that other technologies are more simple. Microsoft Defender could be simpler too."
What is our primary use case?
We are using Microsoft Defender for Endpoint with advanced threat production. Microsoft's enterprise mobility and security suite fulfills a large number of security strategy requirements for our organization. We are going to use this solution for identity production and for endpoint security.
It's a hybrid setup. The advanced threat protection only comes from the cloud intelligence engine. That's something of a new experience for us, but the rest of the components will be on-prem. We are using Microsoft's cloud.
The whole suite of security enhancement doesn't just include Microsoft Defender. It also covers many of the features that come with the Windows Enterprise version. With this option, we are actually upgrading to the Enterprise version as well and unlocking those security features which are not available in Windows Professional. Microsoft Defender is a whole suite, which is simply not comparable with a usual anti-virus, anti-malware product.
What needs improvement?
In terms of the architecture of the management infrastructure, we found that other technologies are more simple. Microsoft Defender could be simpler too. Plus, Microsoft's philosophy is that they leverage the technology they have already built in Windows or any other services within Windows. So, it is good from that standpoint, but it also becomes a bit cumbersome when it comes to the dependency. Having dependency on many things can be a weakness sometimes because you add up more points of failure to the services. Whereas the other vendors are doing the limited thing, and that's why they're not comparable in prices, but their solutions basically aren't dependent on Microsoft's other services or anything else. They're more dependent on their agent. With Microsoft, it is not just the agent. It is the operating systems that aren't working well. The technology won't give you the desired output.
So, that's something that Microsoft may need to improve: making services more independent wherever possible. That's something of their philosophy. When they build something on their OS layer, they add on technologies, and then there's something for the ISV. That's their strategy, but we keep arguing with them that they have to compare the dependence as other vendors are doing.
From the Microsoft end, the design working depends on the health of other services and other components of the operating system. Whereas if you compare it with the Symantec technology, just the agent health has to be there. That's the case with McAfee as well. They build up their products on developed agents only.
For how long have I used the solution?
We did the POC around 18 months ago, and then we consolidated our findings. As per the organization procedure, we proposed to the committee and then got the recommendation to move on with the pilot and decide the future roadmap.
Microsoft Defender is just one part of the advanced risk protection and advanced malware protection functionality that comes with the Microsoft product. It came with a lot of security, advisories, reviews, and consultancy during the last couple of years. There was a stack of 15-20 requirements that we had to fulfill, like mobile device management and identity protection. We found that Windows Defender meets most of our requirements.
How are customer service and support?
We have had good experience with tech support so far.
We have a direct support agreement with Microsoft. One of the major reasons for moving from the current endpoint security is the support. The quality is not up to the mark. That's something incomparable with the kind of support Microsoft provides.
I would give Microsoft's support a 5 out of 5.
Which solution did I use previously and why did I switch?
In terms of the technical aspect, I'm the lead of the area, which actually takes care of endpoint management, and we have been using Symantec products for that purpose. We have evaluated Microsoft Defender and Microsoft security products, and we are going to switch over to that product. We found that because the endpoint devices are based on Microsoft Windows devices and Windows Defender is integrated with the foundation and the core layer, it makes it more integrated and more agile in terms of responding to any security threats or changes or development, whereas compared to the other vendors who develop anything on top of that platform, they're always lagging behind.
Symantec support is very pathetic. They are very methodical. They're very slow. We seldom find them providing solutions to any incident or issue in a reasonable time. It can take from days to weeks. In the case of Microsoft, their resolution time is reasonably faster than Symantec. Even in the case of VMware and Redhead, Microsoft stands on top of all those vendors.
How was the initial setup?
I wouldn't say the setup is easier than other solutions but it's not bad. It's almost equivalent to what we have been using currently, but the strength comes in what it does and how it secures that part. The setup is similar to the other competitors. For Symantec, we use their endpoint manager deployment and then a deployment across the sites and branches.
What about the implementation team?
We are doing deployment with Microsoft's tech support. But for the implementations and rollout of technologies, we have seldom used Microsoft. We have our own technical team who are trained and who keep on updating on their skills, and we continue to inject new resources to the team as well. When a new technology comes in, then we do a combo, whereby the in-house team actually learns with the local authorized partner.
What's my experience with pricing, setup cost, and licensing?
Microsoft Defender is not comparable to a single endpoint security product, like Trend Micro, Symantec, or McAfee. Because of that, the price is higher than others because it is doing more than what the others are doing.
What other advice do I have?
I would rate this solution 7 out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Reliable with a good online community and an easy initial setup
Pros and Cons
- "It does not make Windows slow, as compared to all of the third part antiviruses."
- "We would like more customization."
What is our primary use case?
The solution is primarily used for antivirus and malware protection.
How has it helped my organization?
It definitely improves the organization in terms of security and productivity. We integrate the Defender with the Microsoft Cloud platform as well. It provides us with sandboxing and other functionalities in real time, where we can have the protection we need.
It's integrated with advanced threat analysis so we can see how the threat is coming into our network, what it is doing, and more. We can see everything step by step if a threat comes, including how this threat impacted the organization, et cetera.
What is most valuable?
The first thing which I noticed is that it is completely compatible with Windows. It does not make Windows slow, as compared to all of the third part antiviruses.
The stability has been good.
Technical support is helpful and they have a very robust online community as well.
The product can scale very well.
What needs improvement?
We would like more customization, actually. They're not too customizable. We'd like the flexibility to be able to set some applications on a white list. We need more options.
For how long have I used the solution?
I've used the solution for approximately five years.
What do I think about the stability of the solution?
The solution is stable and responsive.
What do I think about the scalability of the solution?
We have the solution deployed to around 350 users across four different locations.
It can scale to the thousands and thousands. I have seen customers here, some have approximately 12,000 devices and they're running that one program and it's going far without any issues.
How are customer service and support?
Technical support is good. They know things about the solution. The best part is that if anything happens, the Microsoft community is so big that any problem comes up, you can also just Google it and you will get the solution.
Which solution did I use previously and why did I switch?
We used McAfee and another solution as well and they both are great and amazing, however, they make PCs slow and every time something happens you have to call the vendor and they will help you support. The difference is, with Defender, it doesn't slow things done and you never have to call Microsoft.
How was the initial setup?
The initial setup is very straightforward. IT is actually my default. We actually helped our end-users with system centers, integrated Defender updates, Defender itself, patching, and Defender configuration using the consent and configuration manager. It's simple. It's not complex to set it up or manage.
It's a bulk operation to set it up, therefore, even if you have 100 PCs, it will only take you about an hour and you will be up and running with everyone. You only need one to two percent of your staff to handle the deployment and maintenance tasks.
What about the implementation team?
We used an integrator during the initial setup. They were quite helpful. Our experience with them was good.
What was our ROI?
We have seen an ROI.
What's my experience with pricing, setup cost, and licensing?
The solution is free for end-users.
What other advice do I have?
While we have the solution set up on our private cloud, you can also use a hybrid setup if that's better for your organization.
I would advise new users to connect it with an endpoint manager and connect it with the cloud and then let the real magic happen.
I'd rate the solution an eight out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Security Engineering, Team Lead at Fidelity Bank Plc
Stable solution that protects networks against viruses and malware; good for endpoint management
Pros and Cons
- "Stable endpoint manager, antivirus, and antimalware, with fast technical support and a straightforward setup."
- "More integration with different platforms is an area for improvement for this product, and should be included in its next release."
What is our primary use case?
We use Microsoft Defender for Endpoint as an antivirus and antimalware solution. We also use it for endpoint management.
What needs improvement?
What I'd like included in the next release of Microsoft Defender for Endpoint is more integration with different platforms.
For how long have I used the solution?
We've been using Microsoft Defender for Endpoint for four years.
What do I think about the stability of the solution?
Microsoft Defender for Endpoint is stable, except for occasional internet connection issues, but it's stable.
How are customer service and support?
We contact the technical support team for this solution whenever we have an issue, and once you open a ticket, they respond as quickly as possible, though it would still depend on the severity level that you define.
How was the initial setup?
The initial setup for Microsoft Defender for Endpoint was straightforward. It wasn't complicated.
What's my experience with pricing, setup cost, and licensing?
We pay for our Microsoft Defender for Endpoint subscription yearly.
What other advice do I have?
We've been working with various Microsoft solutions, e.g. Microsoft Defender for Endpoint, Microsoft Azure, etc.
Microsoft Defender for Endpoint has been awesome, so far.
I wasn't around during the setup of the solution, so I have no idea on how long setting it up took.
We have 6,000 end users of Microsoft Defender for Endpoint within the company, and it's being used on workstations, servers, and mobile devices.
I'm rating Microsoft Defender for Endpoint nine out of ten. I found it to be a good product. It's a fine product.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Updated: July 2025
Product Categories
Endpoint Protection Platform (EPP) Advanced Threat Protection (ATP) Anti-Malware Tools Endpoint Detection and Response (EDR) Microsoft Security SuitePopular Comparisons
CrowdStrike Falcon
Microsoft Intune
Fortinet FortiEDR
Microsoft Defender for Office 365
Microsoft Sentinel
Microsoft Entra ID
Microsoft Defender for Cloud
SentinelOne Singularity Complete
Microsoft Defender XDR
Microsoft Purview Data Governance
Cortex XDR by Palo Alto Networks
Fortinet FortiClient
HP Wolf Security
Elastic Security
Trellix Endpoint Security Platform
Buyer's Guide
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Compare Microsoft Windows Defender and Symantec Endpoint Protection. How Do I Choose?
- Which product would you choose: Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks?
- What do you think of the integration of Azure AD Services, Defender for Endpoint, and Intune as comprehensive security solutions?
- CrowdStrike Falcon vs Microsoft Defender ATP: Comparison of features and performance
- How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
- Running Carbon Black Defense Along with Windows Defender
- How is Cortex XDR compared with Microsoft Defender?
- Which offers better endpoint security - Symantec or Microsoft Defender?
- How does Microsoft Defender for Endpoint compare with Carbon Black CB Defense?
- How would you compare between Microsoft Defender for Endpoint and Tanium EDR?