Microsoft Defender for Endpoint Reviews & Insights

Score8.7 out of 10

222 Reviews and Ratings

Professional, Scientific, and Technical Services

“I think the positive is the investment, right? So even if you have your license because you're using a licensing environment and just to have it there, my speech is always regarding using what you have and if you have a good tool that has been categorizing as one of the best tools, so why don't use it, right?”

Overview

Synthesised from 19 reviews | Last Published April 23, 2026

This assessment synthesizes 19 recent reviews of Microsoft Defender for Endpoint across seven dimensions, focusing on user experience, deployment scenarios, and perceived value. A primary use case, cited by 11 reviewers, is endpoint protection, with 6 reviewers specifically mentioning its threat detection capabilities. Reviewers generally view Microsoft Defender for Endpoint as a positive investment, with over half (11 of 19) explicitly mentioning positive ROI, often due to increased security, compliance, and leveraging existing Microsoft licensing. The product excels in threat detection and protection, highlighted by 11 reviewers, and benefits from ease of use and integration, noted by 6 reviewers. However, some users (3 of 19) find the user interface cumbersome and difficult to navigate, while a similar number struggle with integrating the product with older systems. Alert management also needs improvement, with 2 reviewers citing issues with false positives and limited alert information. The product is deployed across a range of environments, from 100 to 5,000 endpoints, securing Windows, Linux, macOS, and mobile platforms.

Pros

Effective threat detection and protection capabilities, cited by 11 of 19 reviewers.
Ease of use and integration, streamlining threat management and response (6 reviewers).
Positive ROI due to increased security, compliance, and leveraging existing Microsoft licensing (11 of 19 reviewers).
Scalability to accommodate varying organizational sizes (5 reviewers).
Broad platform support, securing Windows, Linux, macOS, Android, and iOS (7 reviewers).

Cons

Cumbersome and difficult-to-navigate user interface (3 of 19 reviewers).
Integration challenges with older systems and other security tools (3 of 19 reviewers).
High number of false alerts and limited information provided in alerts and incidents (2 of 19 reviewers).

What components / features of Microsoft Defender for Endpoint are you or your organization using? How are you using these?

From 19 reviews | Last Published April 23, 2026

Summary

This report synthesizes 19 recent reviews to understand how users are leveraging Microsoft Defender for Endpoint. A significant portion of reviewers, 5 of 19, mention using the platform for Endpoint Detection and Response (EDR). These reviewers highlight the daily use of the tool for scanning, detecting malware, and responding to potential threats. Two reviewers specifically call out the detection and incident response capabilities, including the ability to map false positives and streamline incident handling. The reviewers appreciate the immediate alerts and protection against threats, as well as the platform's support for multiple platforms, which facilitates rapid response to system incidents.

Top Quotes

Endpoint Detection and Response

“We're using it for the EDR primarily and we're utilizing it daily as users for scanning and for endpoint detection.”

Detection and Incident Response

“The detection, the detection feature, incident response automatically. The incident response feature and the connection with the Sentinel One.”

Which factors were most important in your decision to purchase Microsoft Defender for Endpoint?

From 19 reviews | Last Published April 23, 2026

Summary

This report synthesizes 19 recent reviews to identify the factors influencing purchase decisions for Microsoft Defender for Endpoint. Scalability was a frequently cited factor, mentioned by 5 reviewers. Beyond scalability, reviewers also valued cloud solutions, integration capabilities, and ease of use, with each of these factors being cited by 3 reviewers. These factors suggest that buyers are looking for endpoint protection solutions that can grow with their organization, integrate smoothly into their existing infrastructure, and offer a user-friendly experience.

Top Quotes

Ease of Use

“Ease of Use”

Integration with Other Systems

“Integration with Other Systems”

Scalability

“Scalability”

What positive or negative impact (i.e. Return on Investment or ROI) has Microsoft Defender for Endpoint had on your overall business objectives?

From 19 reviews | Last Published April 23, 2026

Summary

This report analyzes 19 recent reviews to understand the return on investment (ROI) of Microsoft Defender for Endpoint. The reviews suggest that Microsoft Defender for Endpoint is generally seen as a positive investment. Over half of the reviewers (11 of 19) specifically mentioned positive ROI or investment aspects. These reviewers frequently cite the increased security and compliance, and the avoidance of additional costs by using a tool that may already be available through their Microsoft licensing agreement. Six reviewers highlighted the benefits of integration and included features, such as the centralized management platform and custom detection capabilities, contributing to the perceived value. However, 2 reviewers mentioned challenges related to IT implementation, noting the difficulty in measuring the direct impact on business objectives and the need for proper cloud infrastructure.

Top Quotes

Positive ROI/Investment

“I think the positive is the investment, right? So even if you have your license because you're using a licensing environment and just to have it there, my speech is always regarding using what you have and if you have a good tool that has been categorizing as one of the best tools, so why don't use it, right?”

Integration/Features

“I think the positive thing is use it working because it's integrated, it's native for the consoles and other products and I think that will be the best impact that I will be provided to customer.”

Implementation Challenges

“What was a negative one is I really need to fix the IT implementation of our cloud because without the good implementation it's difficult to put this solution to workflow.”

Describe how you use Microsoft Defender for Endpoint in your organization. What are the business problems the product addresses and what is the scope of your use case?

From 19 reviews | Last Published April 23, 2026

Summary

This report synthesizes 19 recent reviews to address how users are deploying Microsoft Defender for Endpoint, the business problems it addresses, and the scope of its use. A primary use case, cited by 11 reviewers, is for endpoint protection. Six reviewers specifically mentioned using the product for threat detection, highlighting its ability to identify vulnerabilities and malicious activity.

Related topics

Endpoint protection Threat detection

Top Quotes

Endpoint protection

“We're using it for endpoint protection.”

Threat detection

“First thing I use in this product for no more than the employee devices, right? One of the key features that the for Endpoint is giving us is the vulnerabilities for those devices and also no more what are the vulnerabilities score that we have in the company.”

How many endpoints is Microsoft Defender for Endpoint protecting? Which platforms are you securing? (Windows, Windows server, macOS, Linux server, Android, iOS, etc.)

From 19 reviews | Last Published April 23, 2026

Summary

This report synthesizes 19 recent reviews to address the scope of Microsoft Defender for Endpoint deployments, focusing on the number of endpoints protected and the variety of platforms secured. Reviewers report a range of deployment sizes, from small environments of around 100 endpoints to larger deployments of approximately 5,000 endpoints (7 reviews). The reviews also indicate broad platform support, with 7 reviewers mentioning the ability to secure Windows, Linux, macOS, and mobile operating systems like Android and iOS. The distribution of endpoint counts appears varied, reflecting different organizational sizes and needs.

Top Quotes

Supported Platforms

“We use all platforms.”

Number of Endpoints Protected

“In my company, yes. Currently we have 200, but I have been working with companies that they have more than 3000 devices working with Different For.”

Please provide some detailed examples of areas where Microsoft Defender for Endpoint has room for improvement.

From 19 reviews | Last Published April 23, 2026

Summary

This report synthesizes 19 recent reviews to identify areas where Microsoft Defender for Endpoint could be improved. Several reviewers highlighted usability and integration challenges. Specifically, 3 of 19 reviewers mentioned issues with the user interface, describing it as cumbersome and difficult to navigate. A similar number of reviewers (3 of 19) cited difficulties integrating the product with older systems and other security tools, hindering comprehensive environment visibility. Additionally, 2 of 19 reviewers expressed concerns about the high number of false alerts and the limited information provided in alerts and incidents, suggesting a need for better alert accuracy and clarity. These issues indicate opportunities to enhance user experience, streamline integration processes, and refine alert management within Microsoft Defender for Endpoint.

Top Quotes

Usability and UI issues

“Some UI needs to be repositioned because some customers feel the UI is a bit cumbersome and hard to navigate.”

Integration and Compatibility

“Little bit difficult to integrate in old systems.”

Alerts and False Positives

“Limited information is provided in alerts and incidents.”

Please provide some detailed examples of things that Microsoft Defender for Endpoint does particularly well.

From 19 reviews | Last Published April 23, 2026

Summary

This report synthesizes 19 recent reviews to identify areas where Microsoft Defender for Endpoint performs well. Reviewers most frequently highlight its threat detection and protection capabilities; 11 of 19 reviewers mention this aspect. Several reviewers also appreciate the product's ease of use and integration, with 6 reviewers noting these benefits. These two factors appear related, as the ease of integration streamlines threat management and response.

Top Quotes

Threat detection and protection

“I think the detection part is one of the things that the Defender for Endpoint does very well, it's very faster.”

Ease of use and integration

“Implementation and configuration is easy.”

Reviews

134 Reviews

Microsoft Defender for Endpoint Review

Rating: 10 out of 10

Incentivized

May 6, 2025

Use Cases and Deployment Scope

We're using it for endpoint security and we use it for everybody.

Pros

It's very user friendly, integrated with our desktop very well.

Cons

No cons

Likelihood to Recommend

It's well suited for endpoint protection and integrated with the Azure Cloud, but we like to have other cloud also included.

Verified User

C-Level Executive in Information Technology (51-200 employees)

Vetted Review

Reseller

1 year of experience

Microsoft Defender for Endpoint Review

Rating: 8 out of 10

Incentivized

May 6, 2025

Use Cases and Deployment Scope

It's endpoint protection tool looks after us from virus protection and malware, etcetera. And that's pretty much it really.

Pros

It doesn't slow down your machine when it's working. That's sort of the main thing that it does really well.

Cons

I'd like to see it extract threat intel from more than one source.

Likelihood to Recommend

Likely to email where you might be downloading a product and then you're getting some sort of scan happen or you don't want to get any malware onto your laptop. I don't know where it's less appropriate. I think it's appropriate everywhere. You got to have some sort of protection.

Verified User

Manager in Sales (10,001+ employees)

Vetted Review

2 years of experience

Defender for Endpoint Review

Rating: 8 out of 10

Incentivized

May 6, 2025

Use Cases and Deployment Scope

Our use to protect our end users device to avoid attack, avoiding ware, avoid virals and other kind of malwares. So help us to reduce the risk, the cyber risk, bringing by our end users.

Pros

The products can protect and avoid attackers to gain access to the machines, virus that compromise end user's assets. And the products also give us some alerts and reports that we make sure that our environment is safe.

Cons

I think the integration with other products that give us visibility for all the environment is one of them. For instance, how can I connect the hazards, the property with a cyber risk management tool to help us to manage the other risks, the cyber risks in a globally view.

Likelihood to Recommend

It's well suited for all the machines that's running Windows and the Mac, the Apple OS, the Mac OS, and it's not run very well in Linux environment.

Verified User

Manager in Information Technology (10,001+ employees)

Vetted Review

2 years of experience

Defender for Endpoint Review

Rating: 8 out of 10

Incentivized

May 6, 2025

Use Cases and Deployment Scope

We use this product for an endpoint security just to protect the endpoints and the servers.

Pros

Protects users, behaviors, protects for threats on points.

Cons

Just in terms of management, that needs to be improved because it's all over. The configuration is separate from Intune which is in some different portal, so just have it in a single place.

Likelihood to Recommend

Always because it integrates with the Microsoft ecosystem. It's really good. I would say just the management side, there's multiple parts to manage it to the solution.

Verified User

Administrative Assistant in Information Technology (201-500 employees)

Vetted Review

3 years of experience

Microsoft Defender for Endpoint Review

Rating: 7 out of 10

Incentivized

May 6, 2025

Use Cases and Deployment Scope

We use Defender as default EDP

Pros

Basic protection
Integration
Easy use

Cons

Functionality
Features
Management

Likelihood to Recommend

Basic protection

Verified User

C-Level Executive in Information Technology (201-500 employees)

Vetted Review

10 years of experience

Microsoft Defender for Endpoint Review

Rating: 10 out of 10

Incentivized

May 6, 2025

Use Cases and Deployment Scope

Usually we are deploying Defender for Endpoint as an endpoint XDR tool. We're replacing an existing tool, so that is going to be a deployment in passive mode first, which is easy. Then we uninstall the legacy tool and we move this one to active mode and it takes over as your XDR. The reasons we're doing that is cost. Sometimes it is just better protection.

Pros

I would say it detects threats very well on the endpoints. Quarantine threats communicates with other instances of the endpoint agent across your organization, so you can more quickly quarantine threats that are perhaps spreading through your agents.

Cons

I would say moving it from passive to active mode. In some cases, depending on the tool that's there can be challenging because sometimes the legacy tool does not want to go into a passive mode, so you have to uninstall it and that can cause issues depending on the size of the organization and whether their apps are there.

Likelihood to Recommend

I would say organizations that are primarily Windows based, definitely very appropriate where they're moving from a legacy antivirus solution or older XDR tool to a more modern one, definitely well suited. Where it's more challenging is where you've got a mixed environment of let's say a lot of Mac users, a lot of Linux users, and although those platforms are supported by Defender for Endpoint, it's harder to deploy. Depending on the quantity of Mac in a client environment for example, sometimes it's a lot more challenging to deploy than if you have like 10,000 Windows PCs and 100 Mac, that's easy, but if you have 5,000 Macs, it's a lot harder.

Verified User

Director in Information Technology (10,001+ employees)

Vetted Review

5 years of experience

Microsoft Defender for Endpoint Review

Rating: 8 out of 10

Incentivized

May 6, 2025

Use Cases and Deployment Scope

We use it for endpoint detection, investigations, business problems, or just to have visibility into the endpoint.

Pros

I'd say the alerts are good for custom detections. We have lots of custom detections that we've created and based on purple team activities, that's probably the best thing that I've seen it being used for.

Cons

I think the level one tickets or anything low could maybe through some kind of AI agent, which I'm interested in if Microsoft is going to do that in the future, just to take some of that workload off our plate.

Likelihood to Recommend

I guess just for detections.

Verified User

Employee in Information Technology (1001-5000 employees)

Vetted Review

3 years of experience

Microsoft Defender for Endpoint Review

Rating: 10 out of 10

Incentivized

May 6, 2025

Use Cases and Deployment Scope

We're using it for endpoint protection. We have 120 endpoints companies, so we install it for protection and to protect our data and to track some suspicious activity from our employees.

Pros

Ukraine has a lot of cyber attacks right now, so it's good to have some protection and we're using it every day to monitor. Actually it blocks pretty well, some suspicious activities.

Cons

It's hard to answer because I'm not a direct user of these products.

Likelihood to Recommend

It works in our company and it's protecting somehow.

Andrii Sydoruk

CEO in Corporate at SmartTek Solutions (51-200 employees)

Vetted Review

3 years of experience

Mind blowing solution for extra protection.

Rating: 10 out of 10

Incentivized

May 6, 2025

Use Cases and Deployment Scope

Microsoft Defender for Endpoint ensures the security against endpoints across all the systems by protecting from the ransomware and malware attacks. It has AI capable detect and block the threats quickly. It implement network protection and folder access across the organisation. It automatically trigger the alert to the IT teams. It supports remote systems as well.

Pros

Minimize the application downtime.
Unified management by integrating with Microsoft sentinel.
Automated investigation and response.

Cons

Little bit difficult to integrate in old systems.
Sometimes face latency.
Licensing and cost needs to be reduced.

Likelihood to Recommend

Unified security across the premises. It has cloud native protection with zero trust policies. It supports all security compliance. Beast for Microsoft ecosystem

Shreya Batra

Technical Lead in Information Technology at EY (501-1000 employees)

Vetted Review

4 years of experience

View profile

Best software to protect multiple platforms

Rating: 9 out of 10

Incentivized

May 6, 2025

Use Cases and Deployment Scope

It is providing a way to secure our device across multiple platforms like windows Linux and iot devices it scan all the files and protect against the harmful and suspicious virus it automatically monitor and analyse the files and protect our system it acts as a antivirus to the system which increases the platform efficiency.

Pros

Protect devices from the virues
Support multi platform
Monitor and analyse end point activity

Cons

Well suited for antivirus
Easy to use
Provide fast response against the threads

Likelihood to Recommend

It is a well and advance tool for protecting our device from the virues and also helps to investigate the threads which helps us to fixing the problem as soon as possible without getting crash also it provides immediate response and alerts to the user if anything found in the system along with that they support multiple platforms which is very good part of this software

Verified User

Project Manager in Information Technology (201-500 employees)

Vetted Review

2 years of experience

Loading Reviews List....