Microsoft Defender for EndpointFormerly Microsoft Defender ATP
Overview
What is Microsoft Defender for Endpoint?
Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation…
Microsoft Defender for Endpoint Review
Microsoft Defender for Endpoint Review
Microsoft Defender for Endpoint Review
Microsoft Defender for Endpoint as a EDR tool
Defender for Endpoint Review
Microsoft Defender for Endpoint Review
Microsoft Defender for Endpoint Review
A reliable End to end security package.
Perfect Endpoint Security, Exposure Detection and Management Tool.
Microsoft Defender for Endpoint Review
Quick to rollout and get going, but takes some tweaking to optimize.
Microsoft Defender Review
The one stop security shop for the endpoints
Decent Protection for your endpoints
How Microsoft Defender for Endpoint Differs From Its Competitors
Protection Scope
Components
Protection Scope
Windows - approx. 10,000
Windows server - approx. 1,200
macOS - 70
Linux server - 400
Components
Protection Scope
Components
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
- Attack Surface Reduction helps us proactively block commonly used attack methods by malware (scripts).
- We use Microsoft Defender for Endpoint as a layered approach with other security tools.
Protection Scope
Components
- Vulnerability Management
- Baseline Assessments
- Device Discovery
- Endpoint Security Policies
- Automated Remediation
- Dynamic Device Tagging
- Endpoint DLP
- Web Content Filtering
- Live Response
- Unified integration with Defender for Cloud
- Always remediate PUA
- Device Deception (Preview)
- Download quarantined files
- Evaluatio…
Protection Scope
Components
Protection Scope
Components
1. Centralised deployment of antivirus agent
2. Centralised monitoring of security alerts
3. Vulnerability management
4. Antivirus and anti malware
5. Integration with Microsoft Intune
6. Device …
Components
Endpoint Detection and Response (EDR) : Organizations can investigate security incidents, collect pertinent data, and implement the necessary remediation activities to eliminate and contain threats by using …
Protection Scope
We are protecting over 30 Windows devices for our company, as well as more than 50 Windows and macOS devices for one of our customers. We also use Microsoft Intune to manage over …
Components
2. Advanced Threat Protection
3. Attack Surface Reduction
Protection Scope
Components
Protection Scope
Components
Threat & Vulnerability Management
Intune Integration
Microsoft Defender Antivirus
Microsoft Defender SmartScreen
Attack Surface Reduction
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
- Attack Surface Reduction (ASR).
- Next-generation Protection.
- Microsoft Secure Score for Devices.
- Automated Investigation and Remediation (AIR).
Protection Scope
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Malware Detection (53)8.585%
- Infection Remediation (52)8.282%
- Anti-Exploit Technology (51)8.080%
- Centralized Management (52)7.979%
Reviewer Pros & Cons
Pricing
Academic
$2.50
Standalone
$5.20
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Product Demos
Microsoft Defender for Endpoint Overview
Features
Endpoint Security
Endpoint security software protects enterprise connected devices from malware and cyber attacks.
- 8Anti-Exploit Technology(51) Ratings
In-memory and application layer attack blocking (e.g. ransomeware)
- 8.5Endpoint Detection and Response (EDR)(51) Ratings
Continuous monitoring and response to advanced internet threats by endpoint agents.
- 7.9Centralized Management(52) Ratings
Centralized management supporting multi-factor authentication, customized views, and role-based access control.
- 7.8Hybrid Deployment Support(10) Ratings
Administrators should be able to choose endpoint security on-premise, cloud, or hybrid.
- 8.2Infection Remediation(52) Ratings
Capability to quarantine infected endpoint and terminate malicious processes.
- 8.3Vulnerability Management(50) Ratings
Vulnerability prioritization for fixes.
- 8.5Malware Detection(53) Ratings
Detection and blocking of zero-day file and fileless malware.
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Microsoft Defender for Endpoint?
Rapidly
stops threats: Protects against sophisticated threats such as
ransomware and nation-state attacks.
Scales security: Puts time back in the hands of defenders to prioritize risks and elevate the organization's security posture.
Evolves the organization's defenses: Goes beyond endpoint silos and mature the organization's security based on a foundation for extended detection and response (XDR) and Zero Trust.
Microsoft Defender for Endpoint Features
Endpoint Security Features
- Supported: Anti-Exploit Technology
- Supported: Endpoint Detection and Response (EDR)
- Supported: Centralized Management
- Supported: Infection Remediation
- Supported: Vulnerability Management
- Supported: Malware Detection
Microsoft Defender for Endpoint Screenshots
Microsoft Defender for Endpoint Video
Microsoft Defender for Endpoint Competitors
Microsoft Defender for Endpoint Technical Details
Deployment Types | On-premise |
---|---|
Operating Systems | Windows |
Mobile Application | No |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(185)Attribute Ratings
Reviews
(1-25 of 80)Microsoft Defender for Endpoint Review
- It helps detect anomalies. It helps detect sensitive files that are being sent outside of the company. It pretty much provides this intel.
- Would probably be documentations. If documentation can be simplified, that would've been nice.
Microsoft Defender for Endpoint Review
- It is very good in detecting what has happened on the endpoint. So tracking all the actions, what the user clicked, if there was a malicious program that touched the mailbox, anything like that is excellent.
- While it's a very good product for auditing, it has a very hard time to distinguish what is malicious and is an attack, what is not. Very rarely we get indication of a real malicious attack. We got lots of hours for off the shelf malware that it cleans up automatically. So basically we never get to look at it, which is a positive thing, but threats are detected by the third party endpoint, so it will not be enough by itself.
Microsoft Defender for Endpoint Review
- What I like about this product is that they are always giving you some updates and they are always trying to add some new features. Also, they are working with copilot ai. They are always trying to do new things to add to the product.
- I would let that you guys could upgrade or wrap some more features on the live response feature because I think we could do some things differently, but easier for us to manage some incidents faster.
Microsoft Defender for Endpoint Review
- It's very simple to install.
- It's very responsive.
- It doesn't create any excessive traffic on the device.
- It doesn't interfere with the end user experience.
- Possibly integration with the DLP module
Microsoft Defender for Endpoint as a EDR tool
- Defender for Endpoint is updated automatically on a regular basis.
- It catches a most malicous files which means it's detection works very well malware, viruses and ransomware.
- Defender for Endpoint integration well with other Microsoft products. For example, it integrates well with Microsoft Sentinel SIEM solution.
- Defender for Endpoint data is very useful for threat intelligence and threat hunting.
- Defender for Endpoint does not support some older operating systems versions. Most organizations have legacy applications running on legacy OSs therefore some of these should be supported.
- Onboarding assets is a little different depending on the operating systems that is being used. This takes away for a consistent onboarding process.
- From a management standpoint, some aspects of management is handle in local SCCM while others are on the Microsoft cloud.
Defender for Endpoint Review
- The best thing is the centralized reporting. So we've used other products, but this has the best one. We can easily develop a punch list and items to tackle sort things out and prioritize.
- Faster updates would be nice after we make some of the changes, it takes a while, 2, 3, 4 days to see if they've actually taken the other thing that's in deficit is still need some improvement, get a few false positives.
Microsoft Defender for Endpoint Review
- Once there's a breach, it helps allow us to reset passwords asap, easily.
- I think it's working pretty low right now, so no.
Microsoft Defender for Endpoint Review
- When an end user opens a file or accesses a file I should say that has malicious content, it will quarantine the file. It will also let us know if an end user themselves has an issue now. So the whole Defender Suite has different parts. So some of these may be going over into Defender for identity and stuff. I'm not clear on which is which, but it's the whole ecosystem. I'll get an email letting me know that there's an issue and then we follow up. The email generally has a link in it to the actual event in the defender for endpoint or whatever console. And then we can start looking at the case, make sure the endpoint is quarantined. So it can't do anything. The only thing we can do is talk to it to do forensics or whatever so it's not totally isolated where we have to get somebody on the ground to go to the thing. We can still work on it remotely, but the end user can't do anything that would continue to cause lateral movement of the compromise or anything like that.
- As much as I've talked about loving this product, there are issues it seems like almost daily when we get into it. Something has changed or moved or the name of the overall system has changed. Microsoft needs to just stick and stay. I understand with development and their merging products and stuff, but it's really frustrating when things change daily, especially when we're doing an e-discovery investigation or DLP. It's almost an emergency situation and when you have to relearn how to do something in the system, it's very frustrating.
A reliable End to end security package.
- Protections from ransomware
- AI based modern threat definitions.
- End to end device security
- Online documents and data security.
- Privacy of clients surety
- End to end device security
- It has a very intuitive and user-friendly UI that enables my team and I to navigate through it and respond to any threat efficiently.
- It's extensive dashboard gives a complete view of all our endpoint soo we can spot any potential threat and exposure across the networks.
- Robust detection and response capabilities that detect abnormal behavior, potential threats, and attacks as they happen and remediate and block any threat.
- Insights enable us to get to the root cause of incidents and alerts for deep investigation.
- It also provide a powerful 365 protection against any threat.
- It is pretty limited when it comes to devices that are not Microsoft-based. Adding a device is quite a task.
- False positives.
- Sophisticated automated investigation and response features.
- Exclusions during scanning are hard to spot.
- I always have to submit request for whitelisting apps.
Microsoft Defender for Endpoint Review
- Detects attacks as they happen.
- Detects potential attacks.
- Detects abnormal user behavior.
- Does not allow for remediation from the management console.
- The ticket system doesn't alert the person assigned to the ticket.
- You have to submit requests for whitelisting applications.
- Scanning exclusions are tricky to find.
- Adding devices, especially Apple devices, is very cumbersome.
Quick to rollout and get going, but takes some tweaking to optimize.
- Provides excellent integration with 365 security suite
- It tracks all activities on endpoints and helps our security team effectively investigate alerts
- It uses signature and behavior based techniques to detect / block threats
- It offers limited support for non-Microsoft devices
- It can be sometimes difficult to setup for optimization
- It can sometimes be the root issue for resource issues on the endpoints
It is also very good and easy to setup for home users. Plus, it is free for home users using Microsoft operating systems.
Microsoft Defender Review
- Endpoint protection
- Basis level DLP
- Firewall security for endpoint.
- EDR - provides basic EDR capabilities
- Doesn't come as an individual product
- Threat Intelligence is not upto the market standards.
The one stop security shop for the endpoints
- Vulnerability Management is without a doubt one of the most efficient features of Microsoft Defender for Endpoint. It provides enough details about the vulnerability, its impact and the remediation as well.
- The latest addition of 'Endpoint Security Policies' has been a very well thought and insightful feature that relieves the security analysts from the hassle of switching to Intune just for reviewing the endpoint security policies.
- 'Automated Remediation' is a boon to many organizations across the industry that helps in responding to ongoing attacks at machine speed. Microsoft Defender for Endpoint does it quite well in terms of accuracy and quickness.
- Dynamic device tagging feature has been an underrated feature from Microsoft Defender for Endpoint. It is such a reliable and efficient feature that saves a lot of time whether you are dealing with vulnerabilities or incidents.
- While 'Vulnerability Management' is one of my favorite features, I do feel that it has been the same for quite some time and now it should have some integration capabilities to do actions like inform the affected users, or take small actions like updating the OS, sending prompts to devices etc.
- I think most people will agree with me when I say that 'Baseline Assessments' feature should now have more standards added to its inventory. CIS and STIG are the only ones available in this feature without any updates for a long time now.
- Device Discovery while a good feature is appearing to somewhat unstable in nature. It does not provide admins with enough details and any actions to take on the discovered devices.
Microsoft Defender for Endpoint will be a great choice when you are a big organization (more than 500 endpoints) and are dealing with customer data from a critical industry.
Although if you lie in the SMB segment, taking standalone Microsoft Defender for Endpoint plans will make you confused about which features to go for and which ones to let go off. Hence, explore other options here.
Decent Protection for your endpoints
This is being used for our end point devices' protection that includes antivirus and malware protection. it is implemented to all of our M365 subscribers ( around 200 of them ) and till date are satisfied with the protection given to our machines
- Antivirus protection
- Malware protection
- Quarantine and alerts
- Offering with other suites in M365 family
- There are cases where it is not able to detect malware but other antivirus is detecting it
- Better dashboard
For MS Windows environment, the protection and collaboration with Windows firewall is expected and can be and additional compliment to each other
- Protection from malware and viruses
- Centralised Management
- Advanced Threat Analytics
- Better user interface
- Easy installation
- Lower price
- Companies having Microsoft Windows based setup
- Having in house and remote devices which should be protected
- Compliance requirements to centrally manage devices
- Centrally monitor devices
- Centrally receive security alerts for issues and attacks on devices
"Microsoft Defender for Endpoint One of the best tool to manage threat, Vulnerability and Compliance of the endpoints."
- It provides a unified security experience when combined with other Microsoft products such as Microsoft Defender for 365 and Azure Defender.
- It has an excellent dashboard and centralized view that make it easy to see and control everything from one location.
- It's an EDR tool designed to help you understand incidents and alerts better.
- Real-time detection of attacks and prompt endpoint device responses. It effortlessly interacts with additional Microsoft security products.
- I must admit that I haven't discovered anything major regarding this product.
- It has limited integration options with third party security products.
- Sometime Automated Response is slow.
Secure workstations with MDE
- It blocks the unsafe applications from accessing.
- It provides User-friendly interface for seamless endpoint security.
- It gets the updates new pattern updates automatically and stays upto date.
- It has limited integration options with third party products.
- Expand Baseline Assessment beyond STIG and CIS benchmarks for broader security coverage and compliance flexibility.
- Nothing else.
Defender for Endpoint - First class EDR and more.
- One of the strong points is that AI is tightly integrated into the platform, which leads to excellent detection.
- Vulnerability management is very useful for assessing tracking, and mitigating threats across all protected devices.
- KQL integration is very good.
- Licensing between Defender for Endpoint and Servers is complicated.
- Deployment has improved but is not really streamlined. There is no single installer available and no single way of deploying settings.
- The Defender portal is rich in information but can be complicated to use.
- Defender for Endpoint uses cutting-edge threat detection technologies, such as behavioral analysis and machine learning, to recognize and neutralize both known and undiscovered threats. Even the most complex and elusive malware and exploits can be found by it.
- By providing threat analytics, it enables proactive threat prevention and mitigation by assisting organizations in understanding their security posture and trends over time.
- It offers immediate insight into threat activity and endpoint security. Security teams can react quickly to threats since they can see what's happening across all of the devices in their organization.
- For enterprises using the platform for the first time, the initial setup and configuration can be challenging. The experience might be enhanced by streamlining the onboarding procedure and offering more user-friendly setting wizards.
- It might be difficult to afford, especially for smaller firms. The solution might be more widely available if it had a more open and flexible price structure, particularly for smaller enterprises.
- Organizations could better address the escalating problems with cloud security with the help of enhanced functionality for monitoring and managing cloud apps and services.
It's well-suited for organizations with a mix of on-premises and cloud resources.
Azure AD integration allows for seamless identity management in hybrid environments. While it supports hybrid environments, organizations with extremely complex on-premises setups may find it challenging to integrate.
Defend, Detect, Excel with Microsoft Defender for Endpoint
- Automated incident response
- Scalability
- Rapid threat mitigation
- Threat analytics keeping us aware of our security posture.
- Transparency in alert logic and visibility
- Clarity in licensing. There are many options and pricing tiers that aren't very clear at the start of deployment.
- Limited baseline assessment
Microsoft Defender for Endpoint
- Quick response to all threats across all devices protected.
- Help pick up vulnerabilities in systems which previously have gone unidentified.
- Centrally Managed with a single pane of glass view is super handy and useful.
- The only thing I think that can be improved on is the reporting.
Microsoft defended for endpoint user experience review.
- The threat detection is very good in Defender, during log4j exploitation we got a great deal of support from the Defender, and proactive coverage was received.
- During a recent security incident in our organization, the defender support team was quick to hop in and release the emergency patches and malware signature updates via hotfix, which has helped us deal with the security incident proactively.
- The ease of deployment on the endpoint and scanning feature, which consume minimal resources, and the offline and online coverages of threats are great advantages of Defender.
- Sometimes interacting with the support becomes difficult and more technical side, people who can understand customer concerns better will be of great help.
- Offline coverage can be even better.
- So far, I have had the best experience with defenders, and there is not much to complain about defenders.
Endpoint Defense You Can Count On
- Provides quick response to stopping threats identified on company owned devices.
- It has helped us discover multiple misconfigurations and exposed vulnerabilities we didn't know we had.
- Being able to utilize MS Defender for Endpoint on all of our devices from Windows to Mobile (iOS and Android) has really help secure our business.
- Initial configuration can be daunting and there's a lot of details to pour over to make it work properly.
- Reporting has been a challenge to get setup the way we want it to work.
Microsoft Defender helps us keep our software environment reliable and operationally secure.
- Incoming E-mails are tested for viruses
- Zip files that are extracted are checked for viruses
- Downloaded executables are also checked for viruses
- Better reporting of found dangerous code
- More insight into the resources used by a system scan
- It is good that regular updates are made available
This was well suited.
The executable generated by a c compiler that was not Microsoft's was considered dangerous code.
This was not suitable.