Microsoft Defender XDR vs Rapid7 InsightIDR comparison

Microsoft and Rapid7 are both solutions in the Endpoint Detection and Response (EDR) category. Microsoft is ranked #7 with an average rating of 8.4, while Rapid7 is ranked #22 with an average rating of 7.8. Microsoft holds a 2.6% mindshare in EDR, compared to Rapid7’s 1.2% mindshare. Additionally, 98% of Microsoft users are willing to recommend the solution, compared to 96% of Rapid7 users who would recommend it.

Microsoft Defender XDR

Read 106 Microsoft Defender XDR reviews

10,352 Views
5,487 Comparison Views

98% willing to recommend

Rapid7 InsightIDR

Read 32 Rapid7 InsightIDR reviews

6,636 Views
1,924 Comparison Views

96% willing to recommend

Microsoft Defender XDR

Rapid7 InsightIDR

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 9, 2024

Rapid7 InsightIDR and Microsoft Defender XDR are leading security solutions. Users prefer Rapid7 InsightIDR for pricing and support, while Microsoft Defender XDR excels in features.

Features: Users praise Rapid7 InsightIDR for its robust incident detection and response capabilities, user-friendly setup, and automated workflows. Microsoft Defender XDR is highly rated for its comprehensive threat intelligence, integration with other Microsoft products, and advanced analytics.

Room for Improvement: Rapid7 InsightIDR needs better scalability, enhanced reporting, and faster query performance. Microsoft Defender XDR could improve interoperability with non-Microsoft environments, more intuitive alert management, and better integration with third-party tools.

Ease of Deployment and Customer Service: Rapid7 InsightIDR is praised for straightforward deployment and responsive customer support, with quick setup times and helpful resources. Microsoft Defender XDR has mixed reviews on customer service, with some users experiencing slower response times but is also straightforward to deploy.

Pricing and ROI: Users find Rapid7 InsightIDR's pricing competitive with a higher perceived ROI due to effective threat detection and ease of use. Microsoft Defender XDR is seen as more costly but justified by its extensive features and integrations.

To learn more, read our detailed Microsoft Defender XDR vs. Rapid7 InsightIDR Report (Updated: December 2025).

Buyer's Guide

Microsoft Defender XDR vs. Rapid7 InsightIDR

December 2025

Download the complete report

Helped 879,899 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Microsoft Defender XDR

Ranking in Endpoint Detection and Response (EDR)

7th

Ranking in Extended Detection and Response (XDR)

4th

Average Rating

8.4

Reviews Sentiment

7.1

Number of Reviews

106

Ranking in other categories

Microsoft Security Suite (5th)

Rapid7 InsightIDR

Ranking in Endpoint Detection and Response (EDR)

22nd

Ranking in Extended Detection and Response (XDR)

16th

Average Rating

8.4

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (15th), User Entity Behavior Analytics (UEBA) (7th), Threat Deception Platforms (4th)

Mindshare comparison

As of January 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Microsoft Defender XDR is 2.6%, down from 3.2% compared to the previous year. The mindshare of Rapid7 InsightIDR is 1.2%, up from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Endpoint Detection and Response (EDR) Market Share Distribution
Product	Market Share (%)
Microsoft Defender XDR	2.6%
Rapid7 InsightIDR	1.2%
Other	96.2%

Endpoint Detection and Response (EDR)

Featured Reviews

Kunle Oluwadiya

House security operator at Cypress Creek Renewables

Advanced threat hunting saves significant time in tracking and responding to incidents

Microsoft Defender XDR could be improved with a lower price. My main suggestion would essentially be what Copilot is providing, which is a single pane of glass, so I don't have to go to different windows. That's just a workflow consideration for me. It would be great to have all the information centralized into one particular data app. If I need to open up extra ones, I can, however, I would appreciate a future where everything I need is right there on one single pane of glass. Beyond that, there's really nothing else I see that I would want Microsoft to improve.

Read full review

SohailHyder

Head of Cyber Security at Super Secure

Has supported compliance needs for mid-sized organizations but lacks customization and advanced integration

If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm. If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled. Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The stability has been great."

"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."

"Microsoft 365 Defender's most valuable feature is the ability to control the shadow IP."

"The ability to isolate and address viruses is the most valuable feature of Microsoft Defender XDR."

"The threat intelligence is excellent."

"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."

"The feature of Microsoft Defender XDR that I preferred the most traditionally was its focus on endpoint protection, but now identity is right up there with endpoint security. Identity is important because different compromises start at the identity level. This allows us to understand what actions are being taken, who is doing them, and whether it is actually them."

"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."

More Microsoft Defender XDR pros

"Simple configuration and automatically syncs to the cloud platform."

"InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."

"Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network."

"We were able to identify criminals attempting to login from China and put a stop on their IP locations."

"Very intuitive and easy to set up."

"Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling."

"Integration with threat modeling from the Metasploit and InsightIDR repositories."

"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."

More Rapid7 InsightIDR pros

Cons

"Improving scalability, especially for very large tenants, could be beneficial for Microsoft Defender XDR."

"There is no comprehensive visibility, making it less user-friendly."

"We struggle sometimes with tier one support agents who give canned responses."

"A simple dashboard without having to use MS Sentinel would be a welcome improvement."

"Defender's AI for identifying suspicious activity could be improved. Also, I do a lot of home updates. Maybe there is a way to set it up faster. For example, let's say that I want to automatically update seven computers, servers, etc. I wouldn't do it to a user, but maybe the server. I don't mind if the server restarts automatically."

"The initial time spent setting up and configuring Defender XDR is a bit longer than the other solutions. If everything were on one portal, the platforms for managing policies or alerts would be simpler. We must automate and manage policies on Intune rather than the same portal."

"Sometimes, digging into the information and knowing where to go can be difficult. It would be better if much of that information were immediately visible, especially when looking at endpoints or users."

"The patching capability should be there. Patching is something that you cannot do even though you see the vulnerabilities present in your environment. For patching, you have to depend on another solution."

More Microsoft Defender XDR cons

"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."

"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."

"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."

"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."

"The dashboard is an area that could be simplified."

"I feel it would greatly benefit from more supported log sources."

"There is a future in AI with Rapid7, however, it is not fully operated. There are certain limitations with Rapid7 that I am working on."

"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."

More Rapid7 InsightIDR cons

Pricing and Cost Advice

"Microsoft Defender XDR is included in our license."

"Microsoft Defender XDR is priced high."

"Its licensing and pricing are handled by someone else. My role is limited to incidents or issues with the portal, but you get what you pay for. It is worth the cost."

"Defender plan 1 is tenant-wise, and Defender plan 2 is per-user, which makes it more expensive. To have certain features, you would need to purchase the E5 license. For all of the capabilities that the tool provides, the price, though it can be high, is fair."

"Microsoft Defender XDR's licensing is complicated."

"365 Defender is billed per account. I don't know the exact price, but my supervisor told me that Microsoft Defender is cheaper than the alternatives. It's bundled, so you get all the features in one place."

"I believe the pricing is fair and acceptable. I consider it to be reasonable and satisfactory."

"There are no issues with pricing, but sometimes, the clarity in licensing is a concern."

More Microsoft Defender XDR pricing and cost advice

"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."

"The pricing of the solution depends on the user. But there is a yearly licensing cost."

"Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."

"It is more reasonably priced than other vendors."

"I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability."

"The pricing is good, and it is not very expensive."

"It is a reasonably priced solution."

"The solution has a mid-range price point in the market"

More Rapid7 InsightIDR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.

See recommendations

879,899 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

14%

Financial Services Firm

Manufacturing Company

Comms Service Provider

Computer Software Company

12%

Financial Services Firm

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	47
Midsize Enterprise	25
Large Enterprise	38

By reviewers
Company Size	Count
Small Business	20
Midsize Enterprise	5
Large Enterprise	6

Questions from the Community

What do you like most about Microsoft 365 Defender?

Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise.

See all answers

What is your experience regarding pricing and costs for Microsoft 365 Defender?

My experience with pricing, setup, costs, and licensing of Microsoft Defender XDR is tied to our E5 subscription, which is very straightforward for us. We also purchase the uplift for our mobile us...

See all answers

What needs improvement with Microsoft 365 Defender?

I am not aware of a mobile app that would be available for my team. With a single analyst, if she is ever away, it would be beneficial to have easier access. While she can use the web portal, the e...

See all answers

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...

See all answers

What do you like most about Rapid7 InsightIDR?

During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an applicati...

See all answers

What is your experience regarding pricing and costs for Rapid7 InsightIDR?

The product pricing is very cheap.

See all answers

Comparisons

CrowdStrike Falcon vs Microsoft Defender XDR

Compared 12% of the time

Wazuh vs Microsoft Defender XDR

Compared 8% of the time

Microsoft Defender for Cloud vs Microsoft Defender XDR

Compared 7% of the time

Microsoft Defender for Endpoint vs Microsoft Defender XDR

Compared 4% of the time

Microsoft Sentinel vs Microsoft Defender XDR

Compared 4% of the time

More Microsoft Defender XDR Competitors

Rapid7 InsightVM vs Rapid7 InsightIDR

Compared 7% of the time

Microsoft Sentinel vs Rapid7 InsightIDR

Compared 6% of the time

Splunk Enterprise Security vs Rapid7 InsightIDR

Compared 5% of the time

CrowdStrike Falcon vs Rapid7 InsightIDR

Compared 4% of the time

Darktrace vs Rapid7 InsightIDR

Compared 4% of the time

More Rapid7 InsightIDR Competitors

Product Reports

Buyer's Guide

Microsoft Defender XDR

December 2025

Download Microsoft Defender XDR product report

Buyer's Guide

Rapid7 InsightIDR

December 2025

Download Rapid7 InsightIDR product report

Also Known As

Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender

InsightIDR

Overview

Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment.

It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks.

Users have found it effective in detecting and preventing various types of attacks, such as phishing attempts, malware infections, and data breaches.

Watch the Microsoft demo video here: Microsoft Defender XDR demo video.

Microsoft

Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

Rapid7

Sample Customers

Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.

Liberty Wines, Pioneer Telephone, Visier

Buyer's Guide

Microsoft Defender XDR vs. Rapid7 InsightIDR

December 2025

Free Report: Microsoft Defender XDR vs. Rapid7 InsightIDR

Find out what your peers are saying about Microsoft Defender XDR vs. Rapid7 InsightIDR and other solutions. Updated: December 2025.

DOWNLOAD NOW

879,899 professionals have used our research since 2012.

See our Microsoft Defender XDR vs. Rapid7 InsightIDR report.

See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.

We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.