Try our new research platform with insights from 80,000+ expert users

Cortex XDR vs Microsoft Defender comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 12, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.7
Cortex XDR secures data, reduces malware, lowers costs, and replaces systems, enhancing user satisfaction and operational efficiency.
Sentiment score
7.2
Microsoft Defender for Endpoint offers cost savings, enhanced protection, and efficient threat management, with anticipated future benefits.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
The return on investment is primarily in time savings and better observability of what's happening.
 

Customer Service

Sentiment score
6.6
Cortex XDR support is praised for responsiveness but criticized for delayed responses and knowledge gaps in certain regions.
Sentiment score
6.5
Support for Microsoft Defender for Endpoint varies, with premium tiers offering quicker responses, while basic support can be slow.
Every vendor has similar support; it depends on how the case is handled and raised.
Their support is efficient and responsive whenever I raise a ticket through my portal.
The level-one support seems disconnected from subject matter experts.
I rate Microsoft support 10 out of 10.
Due to our size, we don't have access to direct technical support, but the knowledge base, Microsoft Learn, and the articles available are really good.
 

Scalability Issues

Sentiment score
7.6
Cortex XDR offers scalable, efficient data handling across Linux, Mac, and Windows, praised for simplifying large enterprise management.
Sentiment score
7.7
Microsoft Defender for Endpoint is a scalable solution integrating smoothly with Microsoft, ideal for diverse organizational needs and configurations.
We managed to scale it out in a short amount of time, with two months of planning and three months of implementation on 10,000 computers.
Microsoft Defender for Endpoint is scalable enough to handle various devices across environments, whether they are laptops, Android devices, or operating in hybrid environments.
It's pretty easy to scale with Microsoft, as they make it easy if you look into the documentation.
 

Stability Issues

Sentiment score
8.1
Cortex XDR is praised for its stability and reliability, with minor issues noted but generally offering seamless protection.
Sentiment score
7.9
Microsoft Defender for Endpoint is stable and reliable, with integration ease, despite occasional lags and minor update bugs.
Cortex XDR is stable, offering high quality and reliable performance.
I haven't seen any outages with Microsoft.
I rate Defender 10 out of 10 for stability.
Defender for Endpoint is extremely stable.
 

Room For Improvement

Cortex XDR struggles with integration, high memory, false positives, limited features, complex setup, and lacks enhanced support and customization.
Microsoft Defender for Endpoint needs frequent updates, improved integration, user-friendly interface, enhanced analytics, and better support documentation.
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
Cortex XDR could improve its sales support team, including better commission structures and referral programs.
Repeated interactions are necessary due to Level One's lack of tools and knowledge, hindering efficient problem-solving and negatively impacting our experience with Microsoft support.
We use Microsoft partners to help govern the platform, and as part of an alliance, we want to gather data from each tenant and combine them for a complete view.
Providing more detailed information on how Microsoft Defender for Endpoint detects vulnerabilities.
 

Setup Cost

Enterprise buyers view Cortex XDR as expensive yet flexible, offering scalable licensing with varying costs based on features and users.
Microsoft Defender for Endpoint is cost-effective with bundled licenses, but advanced features may incur additional fees.
Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing.
Compared to competitors such as CrowdStrike and Sophos, the pricing of Cortex XDR by Palo Alto Networks is similar to CrowdStrike but more expensive than Sophos.
Given our extensive Microsoft licensing, transitioning to Defender for Endpoint did not affect licensing costs.
It costs $15 per VM for the P2 plan, which is seen as affordable for customers.
The pricing, setup, and licensing were very easy and simple.
 

Valuable Features

Cortex XDR excels in cybersecurity with advanced detection, ease of use, and integration, offering scalable, efficient threat management.
Microsoft Defender for Endpoint offers seamless integration, real-time threat detection, and efficient management, enhancing security with minimal system impact.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
Defender for Endpoint's coverage across different platforms in our environment is pretty good. We have devices running Linux, Mac OS, Windows, iOS, and Android. It covers all of them.
Microsoft Defender for Endpoint provides a unified management interface allowing customers to manage their on-premises and hybrid infrastructures from a single pane.
Web filtering is the most valuable feature of Microsoft Defender for Endpoint because it effectively maintains security for website access.
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Ranking in Endpoint Protection Platform (EPP)
4th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
90
Ranking in other categories
Extended Detection and Response (XDR) (7th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (4th)
Microsoft Defender for Endp...
Ranking in Endpoint Protection Platform (EPP)
1st
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
192
Ranking in other categories
Advanced Threat Protection (ATP) (2nd), Anti-Malware Tools (1st), Endpoint Detection and Response (EDR) (3rd), Microsoft Security Suite (5th)
 

Mindshare comparison

As of April 2025, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.9%, down from 5.1% compared to the previous year. The mindshare of Microsoft Defender for Endpoint is 10.9%, down from 14.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP)
 

Featured Reviews

Mohammad Qaw - PeerSpot reviewer
Perfect correlation and XDR capabilities for network traffic plus endpoint security
The solution should force customers to integrate with network traffic to see the full benefits of XDR. If you are not integrating it or feeding in your network traffic, then you are just buying a normal antivirus which doesn't make any sense. You are paying double the price to use the antivirus feature or to say you have XDR, but in reality you are not using it. The solution should include an on-premises option because some customers want only on-premises. It would be hard, but good to do if possible. Open XDR would be beneficial in the future. Right now, the solution is Closed XDR so cannot communicate with the few new vendors in the Open XDR market.
AnuragSrivastava - PeerSpot reviewer
Provides detailed visibility into threats but the ability to add exceptions needs improvement
One major item for improvement is the ability to add exceptions. We can add some exceptions, but not at the level we need to. The second major area for improvement involves enhanced capabilities for different operating systems or platforms. That is, even though we have coverage for different operating systems or platforms such as Linux, we don't get all of the controls and enhanced capabilities that are available with Windows devices. Reporting could also be improved because, at present, we get limited results at times. For example, in an environment with more than 100,000 devices, you may just get 10,000 results when you run a report.
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Answers from the Community

Ammar Jibarah - PeerSpot reviewer
Dec 7, 2022
Dec 7, 2022
I have not used Microsoft Defender and only used Cortex XDR by Palo Alto Networks. My experience with Cortex is not good as you need to whitelist each and every exe file of each adn every computer. My recommendation for you is to go for Cynet360 MDR which is far better than Cortex in terms of auto detection and remediation. You will get genuine alert.
2 out of 4 answers
Zubair Ahmad - PeerSpot reviewer
Sep 7, 2022
I have not used Microsoft Defender and only used Cortex XDR by Palo Alto Networks. My experience with Cortex is not good as you need to whitelist each and every exe file of each adn every computer. My recommendation for you is to go for Cynet360 MDR which is far better than Cortex in terms of auto detection and remediation. You will get genuine alert.
JH
Sep 7, 2022
I would go for the one with the best independent threat intelligence, a platform that allows you to change, add, move IT and Security infrastructure without impacting your security platform.  I would also place a close attention to storage costs, service levels and the number of resources providing human intelligence on top of machine intelligence for investigation and incident response, all in one platform.  But I am biased ;-)
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
9%
Government
8%
Manufacturing Company
7%
Educational Organization
27%
Computer Software Company
11%
Government
7%
Financial Services Firm
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
What do you like most about Microsoft Defender for Endpoint?
The most valuable aspect lies in its automation capabilities, particularly within security automation.
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Petrofrac, Metro CSG, Christus Health
Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint and other solutions. Updated: February 2025.
842,767 professionals have used our research since 2012.