Microsoft Defender for EndpointFormerly Microsoft Defender ATP
Overview
What is Microsoft Defender for Endpoint?
Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation…
The power of Endpoint security.
Comprehensive Security with Microsoft Defender for Endpoint: Enhancing Protection of networks
Microsoft Defender for Endpoint as a EDR tool
Microsoft Defender for Endpoint review
Microsoft Defender for Endpoint, a must for every Windows based IT setup
Microsoft Defender for Endpoint is an integrated all around Security tool for Windows Devices
Microsoft Defender for Endpoint Review
Ease to install and manage
Good enough, if you've already paid for a license anyway.
One stop shop for endpoint protection
Endpoint protection products that are easy to use and configure
Microsoft Defender for Endpoint Review
Microsoft Defender for Endpoint Review
Defender Review
How Microsoft Defender for Endpoint Differs From Its Competitors
Components
Protection Scope
Components
Components
Protection Scope
Components
Protection Scope
Windows - approx. 10,000
Windows server - approx. 1,200
macOS - 70
Linux server - 400
Components
Threat Intelligence for vulnerability management.
Incidents and Alerts for security monitoring and responding to it.
Email and Collaboration for tracking of messages.
Attack Simulation Training for security awareness training and tests.
Compliance Manager for managing …
Protection Scope
1. Mobiles
2. Laptops.
3. Desktop computers.
4. Tablets.
5. Virtual machines.
6. Embedded devices.
7. Servers.
8. Printers.
9. Scanners.
There are also other IOT (Internet OF Things) …
Components
1. Centralised deployment of antivirus agent
2. Centralised monitoring of security alerts
3. Vulnerability management
4. Antivirus and anti malware
5. Integration with Microsoft Intune
6. Device …
Components
Protection Scope
Components
Components
Protection Scope
Components
Protection Scope
Components
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Protection Scope
Components
Protection Scope
Components
Components
Protection Scope
Components
Protection Scope
Components
Protection Scope
Components
- Attack Surface Reduction helps us proactively block commonly used attack methods by malware (scripts).
- We use Microsoft Defender for Endpoint as a layered approach with other security tools.
Protection Scope
Components
- Vulnerability Management
- Baseline Assessments
- Device Discovery
- Endpoint Security Policies
- Automated Remediation
- Dynamic Device Tagging
- Endpoint DLP
- Web Content Filtering
- Live Response
- Unified integration with Defender for Cloud
- Always remediate PUA
- Device Deception (Preview)
- Download quarantined files
- Evaluatio…
Protection Scope
Components
Protection Scope
Components
Endpoint Detection and Response (EDR) : Organizations can investigate security incidents, collect pertinent data, and implement the necessary remediation activities to eliminate and contain threats by using …
Protection Scope
We are protecting over 30 Windows devices for our company, as well as more than 50 Windows and macOS devices for one of our customers. We also use Microsoft Intune to manage over …
Components
2. Advanced Threat Protection
3. Attack Surface Reduction
Protection Scope
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Malware Detection (54)8.585%
- Endpoint Detection and Response (EDR) (54)8.585%
- Infection Remediation (53)8.282%
- Centralized Management (54)7.979%
Reviewer Pros & Cons
Pricing
Academic
$2.50
Standalone
$5.20
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Product Demos
Microsoft Defender for Endpoint Overview
Features
Endpoint Security
Endpoint security software protects enterprise connected devices from malware and cyber attacks.
- 8Anti-Exploit Technology(52) Ratings
In-memory and application layer attack blocking (e.g. ransomeware)
- 8.5Endpoint Detection and Response (EDR)(54) Ratings
Continuous monitoring and response to advanced internet threats by endpoint agents.
- 7.9Centralized Management(54) Ratings
Centralized management supporting multi-factor authentication, customized views, and role-based access control.
- 7.8Hybrid Deployment Support(10) Ratings
Administrators should be able to choose endpoint security on-premise, cloud, or hybrid.
- 8.2Infection Remediation(53) Ratings
Capability to quarantine infected endpoint and terminate malicious processes.
- 8.3Vulnerability Management(51) Ratings
Vulnerability prioritization for fixes.
- 8.5Malware Detection(54) Ratings
Detection and blocking of zero-day file and fileless malware.
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Microsoft Defender for Endpoint?
Rapidly
stops threats: Protects against sophisticated threats such as
ransomware and nation-state attacks.
Scales security: Puts time back in the hands of defenders to prioritize risks and elevate the organization's security posture.
Evolves the organization's defenses: Goes beyond endpoint silos and mature the organization's security based on a foundation for extended detection and response (XDR) and Zero Trust.
Microsoft Defender for Endpoint Features
Endpoint Security Features
- Supported: Anti-Exploit Technology
- Supported: Endpoint Detection and Response (EDR)
- Supported: Centralized Management
- Supported: Infection Remediation
- Supported: Vulnerability Management
- Supported: Malware Detection
Microsoft Defender for Endpoint Screenshots
Microsoft Defender for Endpoint Video
Microsoft Defender for Endpoint Competitors
Microsoft Defender for Endpoint Technical Details
Deployment Types | On-premise |
---|---|
Operating Systems | Windows |
Mobile Application | No |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(193)Attribute Ratings
Reviews
(1-25 of 85)Microsoft Defender for Endpoint-Best EDR Solution
- Microsoft Defender for Endpoint helps customers to more tightly integrate into the OS
- ATP integrate with their cloud based sandbox for malware analysis
- Microsoft Defender for Endpoint Antivirus provide ML based scanning
- Mac & Linux EDR visibility is weak spot for Microsoft Defender for Endpoint
- ATP does not have malware search functionality
- ATP includes dashboards for specific threats but not actor attributions
Microsoft Defender for Endpoint gives visibility on enable devices on endpoints but lacks visibility of unmanaged devices in the network. Customers can configure device controls via Intune but it is limited to windows 10 only.
The power of Endpoint security.
- Next Generation Protection.
- Microsoft Threat Experts.
- Centralized Management.
- Network firewall.
- Improve user experience for managing and securing mobile endpoints.
- Expand threat intelligence capabilities to cover more regions and industries.
- Provide more comprehensive and accessible training materials for users at all levels.
Comprehensive Security with Microsoft Defender for Endpoint: Enhancing Protection of networks
- Real time protection for organizations of all sizes
- Advanced and updated database of known threats
- Monitoring endpoints across the organization ensuring device safety
- Integration with non-Microsoft tools can be quite challenging
- UI can be overwhelming for new users
- More comprehensive and easier to understand documentation would be great for this product
Microsoft Defender for Endpoint as a EDR tool
- Defender for Endpoint is updated automatically on a regular basis.
- It catches a most malicous files which means it's detection works very well malware, viruses and ransomware.
- Defender for Endpoint integration well with other Microsoft products. For example, it integrates well with Microsoft Sentinel SIEM solution.
- Defender for Endpoint data is very useful for threat intelligence and threat hunting.
- Defender for Endpoint does not support some older operating systems versions. Most organizations have legacy applications running on legacy OSs therefore some of these should be supported.
- Onboarding assets is a little different depending on the operating systems that is being used. This takes away for a consistent onboarding process.
- From a management standpoint, some aspects of management is handle in local SCCM while others are on the Microsoft cloud.
Microsoft Defender for Endpoint review
- It examines and acts quickly to all the vulnerabilities or threats from the external attacks.
- It detects and blocks all the unsafe application which can cause problems to the system.
- Its Antivirus feature protects the system from all the harmful viruses.
- It works wonderfully well for Windows devices but when it comes to MAC devices it is not that supportive as it is for Windows. There is definitely some scope of improvement there.
- It has limited support for third party tools.
- Sometimes the user experience can be not that good as their system performance is impacted when the scan is active.
- Protection from malware and viruses
- Centralised Management
- Advanced Threat Analytics
- Better user interface
- Easy installation
- Lower price
- Companies having Microsoft Windows based setup
- Having in house and remote devices which should be protected
- Compliance requirements to centrally manage devices
- Centrally monitor devices
- Centrally receive security alerts for issues and attacks on devices
Microsoft Defender for Endpoint is an integrated all around Security tool for Windows Devices
- OS Integration for detection
- Detection Reporting
- Detection Remediation
- Classification of incidents could be better
- Data is locked behind the expensive sentinel program
- System will fail remediating issues, but not change alert
Microsoft Defender for Endpoint Review
- It's very simple to install.
- It's very responsive.
- It doesn't create any excessive traffic on the device.
- It doesn't interfere with the end user experience.
- Possibly integration with the DLP module
Ease to install and manage
- Easy to deploy
- extra protection for remote devices
- Meets compliance requirements.
- In my experience, 0 Day detection and remediation.
- In my opinion, configuration is convoluted. In my experience, it pretends to be more complicated and advanced than it is.
One stop shop for endpoint protection
- Blocking USB and External Media
- Vulnerability Reporting
- Proactive Alerting
- Lots of upfront configuration necessary
- Tons of configuration options
- Hard to deploy to Macs
- The ability to provide decision support (or content about alerts) is powerful and allows us to become experts in analytics rather than in a specific technology
- Microsoft Defender provides security for unmanaged devices on corporate networks
- Microsoft Defender for Endpoint is a service in the Microsoft Defender Security Center. By adding and deploying client provisioning profiles, configuration administrators can monitor deployment status and obtain endpoint agent health status using Microsoft Defender.
- Windows Defender isn't perfect. It may miss some threats, especially new and sophisticated threats. So it’s important to supplement it with other security measures.
- Even though Windows Defender does a good job, it can't protect you from everything. Therefore, it is important to be aware of the risks and take steps to protect your computer, such as using complex passwords and being careful about clicking on anything, especially email attachments and some tech support scam calls.
Microsoft Defender for Endpoint Review
- We have visibility of what's going on and that's pretty much it, but before we don't have any visibility and it was just open for everybody. Now we could see what's going on, we could track what's going on. We could optimize the system on the recommendation that it has.
- I wish there was a way to filter whatever. You could see so much things that you could see within a particular example. You scan a pc, there's hundreds of results that comes out and you want to zone it out to whatever's relevant to your incident.
Microsoft Defender for Endpoint Review
- From an overall endpoint protection perspective, I would say it certainly helps protect through the integration across the entire OS and software browser or what have you. Just that deep integration protects against threats, potentially internal with accidental file sharing, external files, browsers, malicious links, URLs, just the ability to have that smart screen capability built in, again throughout the entire OS really just helps protect the entire machine.
- From an improvement perspective. The only thing that comes to mind is when there's a health notification on a particular action in the security center where there's maybe an action to take, whether a piece is misconfigured and it maybe click to activate set capability.
- So from a negative, the only thing that really comes to mind is within the device security portal within the machine itself. Occasionally you'll get alerts such as Core Isolation, maybe after a security update or whatever, just the Windows update comes through. Maybe something might be disabled temporarily. And trying to re-enable that feature through a single click. And then a reboot doesn't always seem to stick the first time, but that's honestly the only thing that stands out.
Defender Review
- Workspace with other Microsoft products because we have office SharePoint, use some specialized Azure Open AI tools and stuff.
- Just sometimes with the updates or a reboot is necessary when it doesn't say it or a couple of reboots or a process is hanging.
Microsoft Defender for Endpoint Review.
- It integrates perfectly with Azure Sentinel. I mean, that's great. We can have a single pane of class with other platforms, like Defender for Cloud, Defender for endpoints, and Defender for servers, which is awesome as well. The ease of deployment is because Microsoft made sure around a year ago that every single workstation with Microsoft Windows came with Defender for Endpoints embedded.
- So the fact that Defender for Endpoint still works with signatures is actually, I don't know, a little difficult for us because, I mean, since Microsoft trusts those signatures, you can easily inject code. And we've done it many times. To show that you can inject code through vulnerabilities like CV 2013, 99, and 33 but still keep the signature. So because of the trust of those signatures, the malware just kind of slides into the environment without Defender knowing. That's the first part. The second part is that the behavioral analysis is not precisely its Prime. It's not Defender's best capability for endpoints. So, Defender does not identify all behaviors considered by other EDRs in the market.
Microsoft Defender for Endpoint Review
- It helps detect anomalies. It helps detect sensitive files that are being sent outside of the company. It pretty much provides this intel.
- Would probably be documentations. If documentation can be simplified, that would've been nice.
Microsoft Defender for Endpoint Review
- It is very good in detecting what has happened on the endpoint. So tracking all the actions, what the user clicked, if there was a malicious program that touched the mailbox, anything like that is excellent.
- While it's a very good product for auditing, it has a very hard time to distinguish what is malicious and is an attack, what is not. Very rarely we get indication of a real malicious attack. We got lots of hours for off the shelf malware that it cleans up automatically. So basically we never get to look at it, which is a positive thing, but threats are detected by the third party endpoint, so it will not be enough by itself.
Microsoft Defender for Endpoint Review
- What I like about this product is that they are always giving you some updates and they are always trying to add some new features. Also, they are working with copilot ai. They are always trying to do new things to add to the product.
- I would let that you guys could upgrade or wrap some more features on the live response feature because I think we could do some things differently, but easier for us to manage some incidents faster.
Defender for Endpoint Review
- The best thing is the centralized reporting. So we've used other products, but this has the best one. We can easily develop a punch list and items to tackle sort things out and prioritize.
- Faster updates would be nice after we make some of the changes, it takes a while, 2, 3, 4 days to see if they've actually taken the other thing that's in deficit is still need some improvement, get a few false positives.
Microsoft Defender for Endpoint Review
- Once there's a breach, it helps allow us to reset passwords asap, easily.
- I think it's working pretty low right now, so no.
Microsoft Defender for Endpoint Review
- When an end user opens a file or accesses a file I should say that has malicious content, it will quarantine the file. It will also let us know if an end user themselves has an issue now. So the whole Defender Suite has different parts. So some of these may be going over into Defender for identity and stuff. I'm not clear on which is which, but it's the whole ecosystem. I'll get an email letting me know that there's an issue and then we follow up. The email generally has a link in it to the actual event in the defender for endpoint or whatever console. And then we can start looking at the case, make sure the endpoint is quarantined. So it can't do anything. The only thing we can do is talk to it to do forensics or whatever so it's not totally isolated where we have to get somebody on the ground to go to the thing. We can still work on it remotely, but the end user can't do anything that would continue to cause lateral movement of the compromise or anything like that.
- As much as I've talked about loving this product, there are issues it seems like almost daily when we get into it. Something has changed or moved or the name of the overall system has changed. Microsoft needs to just stick and stay. I understand with development and their merging products and stuff, but it's really frustrating when things change daily, especially when we're doing an e-discovery investigation or DLP. It's almost an emergency situation and when you have to relearn how to do something in the system, it's very frustrating.
- It has a very intuitive and user-friendly UI that enables my team and I to navigate through it and respond to any threat efficiently.
- It's extensive dashboard gives a complete view of all our endpoint soo we can spot any potential threat and exposure across the networks.
- Robust detection and response capabilities that detect abnormal behavior, potential threats, and attacks as they happen and remediate and block any threat.
- Insights enable us to get to the root cause of incidents and alerts for deep investigation.
- It also provide a powerful 365 protection against any threat.
- It is pretty limited when it comes to devices that are not Microsoft-based. Adding a device is quite a task.
- False positives.
- Sophisticated automated investigation and response features.
- Exclusions during scanning are hard to spot.
- I always have to submit request for whitelisting apps.
Microsoft Defender for Endpoint Review
- Detects attacks as they happen.
- Detects potential attacks.
- Detects abnormal user behavior.
- Does not allow for remediation from the management console.
- The ticket system doesn't alert the person assigned to the ticket.
- You have to submit requests for whitelisting applications.
- Scanning exclusions are tricky to find.
- Adding devices, especially Apple devices, is very cumbersome.
Quick to rollout and get going, but takes some tweaking to optimize.
- Provides excellent integration with 365 security suite
- It tracks all activities on endpoints and helps our security team effectively investigate alerts
- It uses signature and behavior based techniques to detect / block threats
- It offers limited support for non-Microsoft devices
- It can be sometimes difficult to setup for optimization
- It can sometimes be the root issue for resource issues on the endpoints
It is also very good and easy to setup for home users. Plus, it is free for home users using Microsoft operating systems.