Defender is basically a protective seal that is used to protect your Windows applications. Whenever you enable it your system is safe. You feel safe and your data and your security are verified by Defender and protected by the Defender seal.
Head-IT/SAP at Barista Coffee Company Ltd.
Easy to enable and activate but could be more secure
Pros and Cons
- "Defender is a part of Windows; you just need to enable it. There is no need to install anything."
- "The solution could always be more secure."
What is our primary use case?
What is most valuable?
Defender is a part of Windows; you just need to enable it. There is no need to install anything.
It's quite good for security. We are using Windows 11 and Windows 10. In Windows 11, Defender is very, very strong. They built in good features, good seals. Earlier, ransomware protection was not there. However, now, new ransomware protection is also available in Defender.
The solution is stable.
What needs improvement?
The solution could always be more secure.
What do I think about the stability of the solution?
The solution is very stable. There are no bugs or glitches. It doesn't crash or freeze.
Buyer's Guide
Microsoft Defender for Endpoint
March 2025

Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
What do I think about the scalability of the solution?
The scalability is totally based on your OS operating system as it's a part of the OS. You can't define it in a different way. If your Windows platform is working fine and is of a certain size, then you can say that it's quite good and it will cover that.
We have 200 to 300 people using the solution. Some of our employees use Windows and have Defender. Others use Mac devices.
How are customer service and support?
We've used technical support in the past and don't have anything negative to say about their services.
How was the initial setup?
There isn't really an installation process. It's already a part of Windows and just needs to be activated. You can install Windows in home or business devices and have Defender at your fingertips immediately.
While you don't need a technical team to install it per se, every organization has an IT team that likely would be able to install Windows and everything else. We have a 40-plus IT team. Everybody has a defined role.
What about the implementation team?
We handled the implementation in-house using our IT team.
What's my experience with pricing, setup cost, and licensing?
The solution is included with Microsoft Office 365 subscriptions.
What other advice do I have?
New users who are leveraging Microsoft can decide if they want to use Defender. It's already there - you can either activate it or not, depending on your preference. It's nice that you have a choice. Many companies find Defender is enough for them, however, if you want more security, you may be able to add other firewalls or security features to your existing infrastructure.
I'd rate the solution at a seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Security Consultant at a tech services company with 51-200 employees
Makes monitoring a lot easier and minimizes on-prem administration
Pros and Cons
- "DFE organizational security posture has been a positive experience. We're a Microsoft house. It works. Once it's deployed and once it's configured, it works and our clients tend to be happy with it. I haven't really experienced anyone who has been so unsatisfied with the platform that they wanted to go a couple of different directions, that has never happened to me."
- "Monitoring can always be better, onboarding can be a little bit faster, log collection could be easier, they could streamline the dashboard. They could maybe split it up into different workspaces and have the ability to segment groups a little bit more."
What is our primary use case?
The area that I focus on the most is Endpoint Protection. We use Intune to build custom devices and configurations, to push out group policies, and do quite a bit with Azure Log Analytics.
I'm writing a script from a multi-home deployment of the MMA Agent. The use case varies a lot, depending on the clients' needs. Our clients tend to be pretty big companies. The smallest client I have is about 600 people. Our biggest client is about 50,000.
How has it helped my organization?
DFE organizational security posture has been a positive experience. We're a Microsoft house. It works. Once it's deployed and once it's configured, it works and our clients tend to be happy with it. I haven't really experienced anyone who has been so unsatisfied with the platform that they wanted to go a couple of different directions, that has never happened to me.
What is most valuable?
It's Microsoft native. Microsoft is the corporate default, so it makes sense to use security platforms that are baked into the Microsoft platform. That's probably the most valuable aspect of it.
It has specific features that improve our customer's security posture. It makes the monitoring a lot easier and minimizes on-prem administration. A lot of the administrative stuff is all folded into Azure. It makes things easier.
The platform just makes things easier compared to on-prem or hybrid solutions because if you start working in an on-prem solution, most of the time it's going to be a battlefield.
DFE affects the end-user experience when it's deployed. The more freedom a user has on the device, the more they're used to doing things their own way. By locking things down, by having device configurations, you disrupt the workflow. You need a lot of user education where you have to explain why you're doing these things. I'm a part of security. It's twofold, in that users have to get used to the new configurations. And the reason why we might take a little bit longer with pilot phases is that we have to identify how it'll affect the users and how the differences of different business units will be affected. Developers need a more open environment than other solutions.
What needs improvement?
Everything can always be improved. Improvements would depend on the client.
Monitoring can always be better, onboarding can be a little bit faster, log collection could be easier, they could streamline the dashboard. They could maybe split it up into different workspaces and have the ability to segment groups a little bit more.
For how long have I used the solution?
I have been using Microsoft Defender for Endpoint on and off for about three or four years.
It's only the last two and a half years that it's been a big part of my job.
What do I think about the stability of the solution?
Microsoft has some creative accounting when they promise an SLA of 99.99%. But it is generally good. There's always going to be a problem with the cloud. If it works 99% of the time, that's great.
The frustrating thing is, you're not sure if there's a problem with your configuration or if the service itself is down because Microsoft tends to only report that the service is down much later than when you started experiencing things. So sometimes I have to jump onto a private forum or a Slack channel and ask other consultants if they experienced something similar. But when it works, it works. There's never going to be a cloud solution that has 100% uptime.
What do I think about the scalability of the solution?
Scalability is fine. I mainly work with implementation, so I haven't really had to mess around with the scalability. I'm responsible for setting up security policies, and then if they want to do scalability, that's another team. I sit in security.
How are customer service and technical support?
I haven't worked with support. I generally don't use Microsoft Support.
We were Microsoft partners last year. We're gold partners where we won security partners of the year, so we have an account manager. If it really hits the fan, then I would just talk to him.
Which solution did I use previously and why did I switch?
I've been an IaaS specialist since I began my career. I've done Apple MDM solutions and I've done Google Workspace, but when it comes to actual IaaS, I can't really compare. Because we're a Microsoft house, we generally don't use third parties or competitors.
How was the initial setup?
The complexity of the setup depends on the environment. If it's Greenfield, it's super easy. I've been doing this for two to three years now. Most of the time it's easy. The larger companies have more complex networks and systems. The smaller the company, the easier it is to deploy.
The beginning of the project, like scoping, implementation, the entire process, or just the actual deployment depends on the size of the company. For smaller companies, we'll push some policies out. We'll do a week or two of a pilot phase where we identify different stakeholders and different business units. We collect feedback from them, keep an eye out on the audit logs and if that goes well, then we go into phase two, which takes another week or two where we slowly push out, if it's an accounting department with 60 people, then we'll do batches of 20. We'll have a pilot group of five and then we'll push it out to 20 people at a time.
What's my experience with pricing, setup cost, and licensing?
The project managers worry about the licenses. I get my scope, I know the limitations I have to work with, and then I just make a solution based on that. I'm a very technical consultant and I don't really care about licenses, that doesn't really have anything to do with me.
What other advice do I have?
My advice would be to start small, don't start a project thinking that it's the best solution, and bowl it out straight away. Take your time. Don't think that you'll be able to incorporate the platform within a month, although that would depend on the size of your business. Take your time, there's no rush, be patient. Because there will always be some problems.
I would rate it an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Microsoft Defender for Endpoint
March 2025

Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
Good with vulnerability assessment and integrates well with Office 365 and Azure
Pros and Cons
- "Provides good vulnerability assessment."
- "The GUI is very complex and could be more user friendly."
What is our primary use case?
This is an endpoint security product. It helps detect and prevent attacks and is very good when it comes to vulnerability assessment. It automatically detects attacks. It provides support for all the end devices, whether it is a Mac OS, Windows, mobiles, Android and iOS, it has support for all. I mostly deal with smaller and medium sized companies, I don't deal much with enterprises. I'm a customer of Microsoft and I work as a solution architect.
What is most valuable?
The product is very good when it comes to vulnerability assessment. It's a Microsoft flagship product and it integrates with Office 365. If my customers are using Office 365 or Azure or a Windows server, it helps to use Defender. Other products like Symantec or McAfee don't have that kind of integration with Microsoft products. In terms of identifying the attacks, it's far superior to Symantec.
What needs improvement?
The GUI is very complex, particularly for normal users who work on it. It could be more user friendly. For future improvements, I'd be looking at internet security which we don't have as Microsoft does not distinguish whether a site is malicious or not. Kaspersky is very good at that but not Microsoft. It would be a big advantage for them if they were to include it.
For how long have I used the solution?
I've been using this solution for seven months.
What do I think about the stability of the solution?
It's a stable product. Microsoft only recently entered this market and nobody believed that Microsoft antivirus would be good. They are now trying to prove everyone wrong in that sense by having a good security product.
What do I think about the scalability of the solution?
Scaling in or out is very easy. Scalability is really about licensing so you just have to request a registration license.
How are customer service and technical support?
Ninety-nine percent of the time, I'm able to solve the problem. I do not have access to Microsoft support so if I go to their open support page and try to login a request, it takes up to 24 hours for the support agent to get back to me. It's pretty average. If you have the premium support or if you're a support partner of Microsoft, they respond back in one or two hours, something like that.
Which solution did I use previously and why did I switch?
I tested the difference between Symantec and Defender by taking a malware from the internet and downloading it. Symantec allowed me to do it, even though it shouldn't have, but Defender, gave me notification and wouldn't allow me to do it. That said, Symantec is a very stable product that's been on the market for a long time. They have more expertise in endpoint protection than Microsoft. Symantec is not a cost-effective product for most customers. It's integrated with third party companies and is good in protecting endpoint. Because my customer base is companies that use Office 365 and Microsoft Azure so Microsoft integration with these products is very good.
How was the initial setup?
The initial setup is very simple, you just have to attach it to the user's email address. Once the user logs in, it automatically downloads and starts working. I do the implementation. In terms of maintenance, sometimes my engagement with the client is one time but sometimes, I do maintenance as well. This is a subscription-based, cloud-based product. They have to call me every year to renew.
What other advice do I have?
I would suggest that if you're already using Microsoft products, then I think it makes sense to go with Microsoft Defender over any other product.
I would rate this solution an eight out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Senior Analyst at a security firm with 51-200 employees
Has EPP and EDR capabilities, helps with compliance, and provides visibility at one place
Pros and Cons
- "We had certain compliance and usage issues. For example, our company wanted to go with CIS, but we didn't have a proper way of measuring whether the endpoints have the right standards in place or whether they were compliant with CIS. Microsoft Defender was like a one-stop for most things because it gave us the vulnerability and patching scores so that our vulnerability management teams can focus on covering up the vulnerabilities and the patching team can check the vulnerable versions and deploy the right versions."
- "I'm not too sure of its current capabilities, but I'm pretty sure they are doing a good job on Windows and Mac. However, I'm not sure whether they covered Linux. If I remember correctly, Microsoft Defender didn't have anything proper on Linux back then, but if they have improved it from that aspect, it would already be ticking all the boxes."
What is our primary use case?
We used it as an EPP and EDR solution.
How has it helped my organization?
Microsoft Defender made the work quite easy because we didn't have to rely on multiple tools, and we could look at one thing. It had a specific endpoint-level reporting standard as well where you can see the vulnerable threats and the outdated versions. It was very convenient.
We had certain compliance and usage issues. For example, our company wanted to go with CIS, but we didn't have a proper way of measuring whether the endpoints have the right standards in place or whether they were compliant with CIS. Microsoft Defender was like a one-stop for most things because it gave us the vulnerability and patching scores so that our vulnerability management teams can focus on covering up the vulnerabilities and the patching team can check the vulnerable versions and deploy the right versions. It had multiple advantages for us in terms of patching, vulnerability management, adhering to security standards, and EDR and AV capabilities.
Microsoft Defender was pretty interesting in terms of visibility. When we compare the solution that we had before with Microsoft Defender, there is almost a night and day difference. Microsoft Defender is pretty advanced with the threats. We used to run, simulate, and see whether we were prone to the latest vulnerabilities. It was a pretty good solution in our experience.
It definitely saved us a lot of time. I don't have the metrics, but because it was a one-stop place, we didn't have to navigate through all the controls and go from one place to another to look for different reports for each section. We had one tool that could do everything in one place. It would have definitely saved us nearly one-fifth or 20% of the time. It would have also saved money because you rely on one single tool for multiple things. When you go with the premium suite, you get other tools as well. There is definitely a cost-saving aspect.
What is most valuable?
It came in a suite. There were multiple other products that were included with it as well in the premium suite. Another factor was that you don't have to invest in two products, and you can get both components, the EPP and the EDR, in one. You can also do simple vulnerability management, CIS hardening, and things like that from Microsoft Defender. Those were the main reasons for considering it back then.
What needs improvement?
I haven't used the product in nearly eight months. I use it on my device, but I haven't used it at an administrative level. Previously, with Microsoft Defender, we used to have certain problems with the Mac machines, but later on, they came up with various ways so that we could use the MDM solution to do the job. They provided pretty good support. Their engineers came and tried to figure out the solution.
I'm not too sure of its current capabilities, but I'm pretty sure they are doing a good job on Windows and Mac. However, I'm not sure whether they covered Linux. If I remember correctly, Microsoft Defender didn't have anything proper on Linux back then, but if they have improved it from that aspect, it would already be ticking all the boxes.
For how long have I used the solution?
I have used Microsoft Defender for eight months to one year in my previous organization.
What do I think about the stability of the solution?
In comparison to the other solutions that I've had experience with, Microsoft Defender was very good.
What do I think about the scalability of the solution?
It was definitely scalable. In my previous organization, we enrolled more than 20,000 endpoints.
How are customer service and support?
It was pretty good. At that time, Microsoft Defender was very new. When they released it for Mac, that's when we got hold of them. There was a time when their support engineers learned certain things from me about it, and I also did learn something from them. It was a win-win situation for both of us.
I would rate their support a seven out of them. The level of support depends on the complexity of the issue. If an issue is small, anyone can solve it, and it wouldn't take much time, but when you run into a complex problem, you need proper people coming in quickly and giving you some support after looking into the issue. Ideally, if they are very well-trained at all levels, that would be good.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We had other products for antivirus and EDR. We removed those two products and replaced them with Microsoft Defender. They both were pretty good solutions in the market back then. One of them is a pretty good solution even now.
We found Microsoft Defender pretty good when we did the PoC as compared to the rest of the tools. Some of the solutions were only antivirus, and some of them were only EDR, whereas this particular tool had a lot of features built into it. So, one agent could do many things. Another reason for going for this solution was that the company I used to work with was a bit biased toward Microsoft. They were a Microsoft customer, and they were comfortable with Microsoft.
The reliability of support was one of the reasons why we chose Microsoft. When it comes to tools, there are always requirements related to budget, level of support, and other things. When you go for a PoC and look at the demo, you might think a product is stable, but when you run into a problem, the support could be weak. In such instances, what's the use of the product if you don't have good support or if they take at least two to three days to solve a small issue?
How was the initial setup?
I handled the Mac machine part of it. Initially, setting up policies and getting all the configuration profiles in place was a bit of a challenge because they didn't have proper documentation at first. During the PoC, there were not many documents or support articles, but when we were in the deployment phase, they had everything, even specific to particular MDMs, which made it very smooth. We ran into a couple of small problems, but that's pretty common in every deployment. Other than that, it was pretty smooth.
From Microsoft's side, there is a pretty good deployment strategy in place, but different companies have different objectives and different ways of working. There are situations where certain users and groups might need something specific but other users or groups don't. There could be multiple groups of users with different expectations. So, it is pretty straightforward, but like with any security tool, there could be internal user-level challenges. However, for a company that does not have a very complex environment, it should be a piece of cake. It should be pretty easy.
In terms of our implementation strategy, we first targeted the least impacted devices because we didn't want high-end or critical users complaining about having issues. So, we selected the low-priority users and implemented it for them, and then we tested it out. After that, we implemented it for users with higher priorities. We gradually moved based on the severity.
In terms of maintenance, agent updates are required, which we scheduled automatically. It didn't seem to need much attention. If the product is in a non-complex environment, it won't have many issues, but in a complex environment, there will be some because of VLAN restrictions, network connectivity limitations, etc. We also had issues where agents were not communicating, but it was not because of an issue with the tool. It was mainly because of the complexity of the environment in terms of networking and architecture.
What other advice do I have?
Microsoft Defender decreased our time to detect and time to respond. However, we didn't completely rely on one solution. We had other means as well. We used to have another EDR solution as well, and we used to run both together.
I would definitely agree with a security colleague who says that it’s better to go with a best-of-breed strategy rather than a single vendor’s security suite. For example, if you are a one-vendor customer, the day the vendor gets hit with zero-day or any huge attack, none of your tools or software would work. Your data and other things are also at risk. So, having multiple vendors is good because you'll be covered by different products.
Microsoft Defender's threat intelligence helps to prepare for potential threats before they hit and take practice steps, but there was another team that was using the threat intelligence and reporting capabilities to see whether the organization was ready. In my previous organization, we had overall IT support, which was then divided into nearly 20 different teams. We had one team specifically to do one specific job.
For prioritization of threats, if I'm not wrong, Microsoft Defender gives you a severity value. I haven't been in the admin part for long, but it gives you a severity value. Based on that, you can prioritize your threats.
I would rate Microsoft Defender an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Managing Director at a financial services firm with 10,001+ employees
Reliable, well-priced, and it is easy to install
Pros and Cons
- "We use Microsoft Defender for the antivirus."
- "The interface could be improved."
What is our primary use case?
There are endpoints that are not in our organization's network but are connected directly to the web. We use Microsoft Defender for the antivirus.
We are not dealing with this solution daily, just when there is an issue from time to time.
What needs improvement?
The interface could be improved.
For how long have I used the solution?
I have been using Microsoft Defender for Endpoint for a couple of years.
What do I think about the stability of the solution?
It's a stable solution.
What do I think about the scalability of the solution?
We are only running it on a few workstations. The scalability is okay.
It's run on 10 out of 3,000 workstations and we plan to continue using it.
We have no more than 10 users in our organization.
Which solution did I use previously and why did I switch?
We are also using Symantec.
We have a few endpoints where we use Microsoft Defender because we cannot use the Symantec Sets.
How was the initial setup?
The initial setup was straightforward. It was easy to install and t only took a couple of minutes.
There is no team for maintenance. If there is an issue, the security team helps to resolve it.
What about the implementation team?
We completed the deployment and implementation ourselves.
What's my experience with pricing, setup cost, and licensing?
We don't have an issue with the price.
We have a bundle where the price includes all Microsoft products.
This is an area that I am not dealing with. I don't have all of the information.
What other advice do I have?
It's pretty good.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Manager at a comms service provider with 501-1,000 employees
Good management over endpoints but the technical support needs to be improved
Pros and Cons
- "The scanning is slow when it is working with incoming emails."
What is our primary use case?
We are a system integrator and I specialize in practically everything that is security-related. This is a product that we sell as part of Office 365, and rarely as a standalone solution.
Usually, if we have a customer with Office 365 and they need this type of solution then we increase the subscription to a point where it is included.
From the user's point of view, this is classic anti-virus software. From a management point of view, this product gives better control over endpoint devices because some processes can be stopped remotely. If you have a person that is watching over the system then they have a higher level of control over endpoints.
What is most valuable?
This is a cloud-based product so it is always updated by the end-user.
What needs improvement?
They have to improve the email scanning where email is coming from somewhere other than our private network. The scanning is slow when it is working with incoming emails. Often, I can see the email but the scanning process is not finished and I cannot open the attachment. In general, the scanning has to be faster.
What do I think about the stability of the solution?
This solution looks stable. Provided that Windows 10 is updated, everything is okay.
How are customer service and technical support?
I have not been in contact with technical support in regards to this product. However, technical support for Microsoft products is always of bad quality. In my experience, if you cannot find the solution yourself then you will have a huge problem because it is not an easy task to have them understand and support you.
You can lose a lot of time explaining the problem before you receive something that works.
My advice to is look for a good support library and try to find the solution yourself. This means that you don't need to contact support.
Which solution did I use previously and why did I switch?
We have worked with many different security solutions. For example, we are selling a Security Operations Center as a service. We implement EDR, Privileged Access Management, Identity Management, anti-fraud solutions, web application firewalls, database security, and more. We are working with practically everything in cybersecurity.
We are working with between 10 and 15 different vendors. Sometimes, this is too many, but it is useful to have information about each product, its quality, and how it compares to others. Two products that we are working with now are Cisco AMP and Carbon Black.
What's my experience with pricing, setup cost, and licensing?
There is a free version of Windows Defender, although the paid version has EDR functionality. We sell this product as part of Office 365 and it is not expensive.
What other advice do I have?
I have never touched this product. I'm just selling it, and I don't recommend it to anybody as a standalone solution.
I would rate this solution a five out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Engineer at a tech services company with 5,001-10,000 employees
Analyzes behaviors and provides great visibility
Pros and Cons
- "It has Kusto Query Language (KQL), so we can use our own queries to find anything."
- "We need better support to learn about the product. Documentation is available, but we need some kind of training program so that we can get a better understanding of the product."
What is our primary use case?
We are using it only for EDR, but we have a plan to extend it to Microsoft email as well as to the cloud.
How has it helped my organization?
Within one month of using Microsoft Defender for Endpoint, we could achieve great insights.
Microsoft Defender for Endpoint is a perfect solution. We have used several EDR products, and Microsoft Defender is the best one that I have worked with. It provides great visibility. It is very transparent. We can get so many details about a particular endpoint. It is a great product. I would rate it a five out of five in terms of visibility.
It helps us to identify process-based threats in our environment, not only the signature-based ones. We are able to identify some of the threats that were not detected previously.
We get severity levels from the solution itself. Based on them, we have developed our action plan to act upon any category of incident. It helps to achieve a better SLA to attend to incidents.
I am quite interested in the vulnerability dashboard. It provides vulnerability data according to the CVE database, which helps us to prioritize vulnerabilities in our environment and address them.
Microsoft Defender for Endpoint works with Windows and Linux, so we could cover them all. It is suitable for servers as well, not only for endpoints, so we could implement it on most devices in the organization. It has probably saved us 20% of the time.
What is most valuable?
It has Kusto Query Language (KQL), so we can use our own queries to find anything.
We can get real-time updates. It is not just signature-based. It provides results based on behavior and successors. It analyzes the behavior and the process. With that, we can achieve greater results that other products do not offer.
What needs improvement?
We need better support to learn about the product. Documentation is available, but we need some kind of training program so that we can get a better understanding of the product.
For how long have I used the solution?
We switched to Microsoft Defender for Endpoint about one month ago.
What do I think about the stability of the solution?
I would rate it an eight out of ten in terms of stability.
What do I think about the scalability of the solution?
It is highly scalable. We have around 5,000 users. I would rate it a ten out of ten in terms of scalability.
Which solution did I use previously and why did I switch?
Previously, we were using a separate EDR product in our environment. We were using Sophos. Our organization moved into Microsoft 365, so we switched to Microsoft Defender for Endpoint.
We heard that it is one of the best products in the industry. We thought that we would get better results with Microsoft Defender for Endpoint. That is why we moved to Microsoft Defender for Endpoint, and we were able to achieve better results with it.
How was the initial setup?
It is a cloud deployment. It took us a few months to make the switch.
It does not require any maintenance from our end.
What other advice do I have?
Overall, I would rate Microsoft Defender for Endpoint a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager IT Server Operations at a energy/utilities company with 10,001+ employees
Helps to secure workstations, laptops, and servers
Pros and Cons
- "Microsoft Defender for Endpoint is free and part of the licensing stack of other Microsoft products."
- "The product should reduce updates since it is hard to keep up."
What is our primary use case?
We use Microsoft Defender for Endpoint to secure our workstations, laptops, and servers. It helps us to do virus scanning and malware protection.
What is most valuable?
Microsoft Defender for Endpoint is free and part of the licensing stack of other Microsoft products.
What needs improvement?
The product should reduce updates since it is hard to keep up.
For how long have I used the solution?
I have been using the product for three to four years.
How was the initial setup?
The tool's deployment was simple. It took about a month to complete since we have over 5000 servers across various platforms.
What other advice do I have?
Microsoft Defender for Endpoint helps us save time since we don't have to keep a separate semantic console.
We can see the threats as soon as they come in. Our security team gets notifications.
I rate it an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Endpoint Protection Platform (EPP) Advanced Threat Protection (ATP) Anti-Malware Tools Endpoint Detection and Response (EDR) Microsoft Security SuitePopular Comparisons
CrowdStrike Falcon
SentinelOne Singularity Complete
Cisco Secure Endpoint
Cortex XDR by Palo Alto Networks
Fortinet FortiClient
Symantec Endpoint Security
HP Wolf Security
Trellix Endpoint Security
Trend Vision One Endpoint Security
Kaspersky Endpoint Security for Business
Intercept X Endpoint
ESET Endpoint Protection Platform
Check Point Harmony Endpoint
Buyer's Guide
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Compare Microsoft Windows Defender and Symantec Endpoint Protection. How Do I Choose?
- Which product would you choose: Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks?
- What do you think of the integration of Azure AD Services, Defender for Endpoint, and Intune as comprehensive security solutions?
- CrowdStrike Falcon vs Microsoft Defender ATP: Comparison of features and performance
- How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
- Running Carbon Black Defense Along with Windows Defender
- How is Cortex XDR compared with Microsoft Defender?
- Which offers better endpoint security - Symantec or Microsoft Defender?
- How does Microsoft Defender for Endpoint compare with Carbon Black CB Defense?
- How would you compare between Microsoft Defender for Endpoint and Tanium EDR?