We performed a comparison between Microsoft 365 Defender and Microsoft Defender for Endpoint based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Microsoft Defender for Endpoint comes out ahead of Microsoft 365 Defender. While both products provide real-time visibility of emerging threats and have convenient interfaces, Microsoft 365 Defender’s lack of compatibility with third-party products, as well as uneven support leave room for improvement.
"The product detects and blocks threats and is more proactive than firewalls."
"Forensics is a valuable feature of Fortinet FortiEDR."
"It is stable and scalable."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"The most valuable feature is the analysis, because of the beta structure."
"The stability is very good."
"The setup is pretty simple."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"One of the features which differentiates it from other EDR providers is the Automated Investigation and Response, which reduces the workload of SOC analysts or engineers. They don't have to manually investigate each and every alert on the endpoint, since it does so automatically. And you can automate the investigation part."
"We have very good visibility on our endpoints. The level of information it throws back is helpful."
"Its threat intelligence feature is beneficial. This solution smoothly integrates with SIEM."
"DFE organizational security posture has been a positive experience. We're a Microsoft house. It works. Once it's deployed and once it's configured, it works and our clients tend to be happy with it. I haven't really experienced anyone who has been so unsatisfied with the platform that they wanted to go a couple of different directions, that has never happened to me."
"The intelligence mechanisms are good."
"Microsoft Defender for Endpoint has been secure and there is zero maintenance required because it updates with Microsoft Windows."
"Defender is integrated into the operating system. It's integrated with everything. You don't have to spend time analyzing what you have to do to be sure that the integration is okay between the security tool and all the other apps. This, from my point of view, is the main advantage."
"The most valuable feature is its ability to effectively detect threats. It has the EDR feature, endpoint detection and response, and that is very good."
"The most valuable aspect is undoubtedly the exploration capability"
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit."
"The support needs improvement."
"We find the solution to be a bit expensive."
"The solution is not stable."
"The solution should address emerging threats like SQL injection."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"I haven't seen the use of AI in the solution."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"The system can always be simplified and have a better integration check. More detailed reports would be good. When it does the integrated check, it just shows if the system is okay but I want to know what happened."
"Microsoft Defender in the basic form is not very useful for managing the security environment. The free version is not capable of covering the needs of centralized management, EDR, and behavioral analysis. If you don't have the commercial version, you can't have centralized management and set up the policies and other things. Each client is a standalone installation, which is not useful for security in an enterprise model."
"It needs to improve the cybersecurity for lateral movements. For example, when a hacker tries to enter a machine, they try to get the password by doing a lateral movement."
"The anti-ransomware features need to be improved upon."
"Threat intelligence has the potential for improvement, particularly by integrating more sources."
"There are alternative solutions that offer a greater range of dashboard insights when compared to Microsoft Defender for Endpoint."
"The onboarding and deployment could be more user-friendly, and there is room to grow in some of the reports. I don't want them to be oversimplified or overly complex, but there is room for improvement in the reporting it can do. It's relatively minor."
"We would like more customization."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"It would be helpful if the solution could scan faster when it comes to scanning attachments to emails."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"The price should be adjustable by region."
"Just like in any solution, the price can always be cheaper."
"Stability could be improved by avoiding frequent changes to the interface."
"The tool gives inconsistent answers and crashes a lot."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 1st in Endpoint Detection and Response (EDR) with 182 reviews while Microsoft Defender XDR is ranked 7th in Endpoint Detection and Response (EDR) with 80 reviews. Microsoft Defender for Endpoint is rated 8.0, while Microsoft Defender XDR is rated 8.4. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, Cortex XDR by Palo Alto Networks, Trellix Endpoint Security and Fortinet FortiClient, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Cortex XDR by Palo Alto Networks. See our Microsoft Defender XDR vs. Microsoft Defender for Endpoint report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Microsoft Security Suite vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
