We performed a comparison between Microsoft Defender for Endpoint and Microsoft Defender for Cloud based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Microsoft Defender for Endpoint comes out ahead of Microsoft Defender for Cloud. While both products have comprehensive features, Microsoft Defender for Cloud’s dashboards may not integrate easily with other enterprise dashboards.
"The security policy is the most valuable feature for us. We can go into the environment settings and attach any globally recognized framework like ISO or any benchmark."
"Most importantly, it's an integrated solution. We not only have Defender for Cloud, but we also have Defender for Endpoint, Defender for Office 365, and Defender for Identity. It's an integrated, holistic solution."
"It is very intuitive when it comes to policy administration, alerts and notifications, and ease of setting up roles at different hierarchies. It has also been good in terms of the network technology maps. It provides a good overview, but it also depends on the complexity of your network."
"We can create alerts that trigger if there is any malicious activity happening in the workflow and these alerts can be retrieved using the query language."
"The most valuable features are ransomware protection and access controls. The solution has helped us secure some folders on our systems from unauthorized modifications."
"Defender is a robust platform for dealing with many kinds of threats. We're protected from various threats, like viruses. Attacks can be easily minimized with this solution defending our infrastructure."
"Defender lets you orchestrate the roll-out from a single pane. Using the Azure portal, you can roll it out over all the servers covered by the entire subscription."
"The vulnerability reporting is helpful. When we initially deployed Defender, it reported many more threats than we currently see. It gave us insight into areas we had not previously considered, so we knew where we needed to act."
"The most valuable features are the Windows Firewall and the regular virus definition updates. These features are very helpful and have helped to improve our security."
"The main features of this solution are that it handles everything by itself and is well integrated."
"It's an enterprise solution that provides a centralized console and it supports all the platforms that we use, including Windows, Linux, Mac, iOS, and Android."
"You have endpoint security to keep your devices safe. That's the feature that we're interested in."
"It's pretty easy to scale."
"I like the real-time protection features. Windows Defender will detect if there's a threat like a Trojan or something like that but Kaspersky lets it run normally."
"I've started to test it from the security point of view. There are plenty of features that are interesting, but at this time, the XDR functionality is most valuable. It is endpoint security on steroids."
"It shows us the risky sign-ins, and if a user's password has been compromised."
"From a compliance standpoint, they can include some more metrics and some specific compliances such as GDPR."
"Defender is occasionally unreliable. It isn't 100% efficient in terms of antivirus detection, but it isn't an issue most of the time. It's also somewhat difficult to train new security analysts to use Defender."
"The most significant areas for improvement are in the security of our identity and endpoints and the posture of the cloud environment. Better protection for our cloud users and cloud apps is always welcome."
"The product was a bit complex to set up earlier, however, it is a bit streamlined now."
"There is no perfect product in the world and there are always features that can be added."
"The remediation process could be improved."
"Azure Security Center takes a long time to update, compared to the on-premises version of Microsoft Defender."
"For Kubernetes, I was using Azure Kubernetes Service (AKS). To see that whatever is getting deployed into AKS goes through the correct checks and balances in terms of affinities and other similar aspects and follows all the policies, we had to use a product called Stackrox. At a granular level, the built-in policies were good for Kubernetes, but to protect our containers from a coding point of view, we had to use a few other products. For example, from a programming point of view, we were using Checkmarx for static code analysis. For CIS compliance, there are no CIS benchmarks for AKS. So, we had to use other plugins to see that the CIS benchmarks are compliant. There are CIS benchmarks for Kubernetes on AWS and GCP, but there are no CIS benchmarks for AKS. So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product. We ended up with two different dashboards. We had Azure Security Center, and we had Stackrox that had its own dashboard. The operations team and the security team had to look at two dashboards, and they couldn't get an integrated piece. That's a drawback of Azure Security Center. Azure Security Center should provide APIs so that we can integrate its dashboard within other enterprise dashboards, such as the PowerBI dashboard. We couldn't get through these aspects, and we ended up giving Reader security permission to too many people, which was okay to some extent, but when we had to administer the users for the Stackrox portal and Azure Security Center, it became painful."
"With regards to the interface, a challenge I found was that there was not enough documentation on how to tune it. I had to read multiple sources on the internet to learn how to configure the tool appropriately."
"I would like to have additional features such as DNS lookup, which would help for detecting malicious sites."
"The reporting in Microsoft Defender for Endpoint should improve. The solution has limited features."
"There's scanning going on that occasionally topples the memory, causing everything to freeze. This should be fixed."
"A concern is ransomware, whether people can penetrate and encrypt my data or steal my credit card/banking information."
"Features like device inventory continue to lack essential workstation drill-downs showing the entire device information with the least effort."
"If there were more template queries in the library, that would make it much easier. They could have basic things, like, "Where's the IP for this user?" or, "What file was downloaded from this user?" If there were more of those basic queries that would help."
"Something that is unique to Microsoft is its licensing model. When you go out and you buy McAfee or Symantec, you know what you're getting out of the box, but with Microsoft, often, when you're looking to achieve a certain set of capabilities, those capabilities are spread across different products. You might try to do something you could do with CrowdStrike, but then find out that you also need to purchase Microsoft Defender for Identity or Microsoft Defender for Azure. You realize that when they talk about what they can offer within the Microsoft platform, it's really the suite of investments. So, sometimes, you may find yourself buying Defender for Endpoint thinking that it matches CrowdStrike, but then you find that Microsoft really needs to sell you something else. One plus one will equal three, but when you have a very concise platform, such as CrowdStrike, you know what you're going to get."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Cloud is ranked 2nd in Microsoft Security Suite with 46 reviews while Microsoft Defender for Endpoint is ranked 5th in Microsoft Security Suite with 182 reviews. Microsoft Defender for Cloud is rated 8.0, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". Microsoft Defender for Cloud is most compared with AWS GuardDuty, Prisma Cloud by Palo Alto Networks, Microsoft Defender XDR, Wiz and Microsoft Sentinel, whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, CrowdStrike Falcon and Kaspersky Endpoint Security for Business. See our Microsoft Defender for Cloud vs. Microsoft Defender for Endpoint report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.