Skip to main content
Microsoft Security

Microsoft Defender for Endpoint

Discover and secure endpoint devices across your multiplatform enterprise.

The epicenter for comprehensive endpoint security

Rapidly stop attacks, scale security resources, and evolve defenses across operating systems and network devices.

Rapidly stop threats

Gain the upper hand against sophisticated threats such as ransomware and nation-state attacks.

Scale your security

Put time back in the hands of defenders to prioritize risks and elevate your security posture.

Evolve your defenses

Advance beyond endpoint silos and mature your security based on a foundation for extended detection and response (XDR) and Zero Trust. 

Defender for Endpoint capabilities

Gain a holistic view into your environment, mitigate advanced threats, and respond to alerts from a single, unified platform.

Device inventory list in Microsoft 365 Defender.

Eliminate the blind spots in your environment

Discover unmanaged and unauthorized endpoints and network devices, and secure these assets using integrated workflows.

Device screen displaying Microsoft Defender for Endpoint threat and vulnerability management dashboard

Discover vulnerabilities and misconfigurations in real time

Bring security and IT together with threat and vulnerability management to quickly discover, prioritize, and remediate vulnerabilities and misconfigurations.

Device screen displaying Microsoft Defender for Endpoint investigation graph

Quickly go from alert to remediation at scale with automation

Automatically investigate alerts and remediate complex threats in minutes. Apply best practices and intelligent decision-making algorithms to identify active threats and determine what action to take.

Device screen displaying Windows Security protection history showing details about a blocked threat.

Block sophisticated threats and malware

Defend against never-before-seen polymorphic and metamorphic malware, and fileless and file-based threats with next-generation protection.

Device screen displaying Microsoft Defender Security Center showing alert details about a pass-the-ticket attack.

Detect and respond to advanced attacks with deep threat monitoring and analysis

Empower your security operations center with deep knowledge, advanced threat monitoring, and analysis. Spot attacks and zero-day exploits using advanced behavioral analytics and machine learning.

Device screen displaying Microsoft 365 security attack surface reduction rule detections

Eliminate risks and reduce your attack surface

Use attack surface reduction to minimize the areas where your organization could be vulnerable to threats.

Device screen displaying Microsoft Defender service status.

Secure your mobile devices

Get mobile threat defense capabilities for Android and iOS with Microsoft Defender for Endpoint.7

Device screen displaying Microsoft defender configuration management.

Simplify endpoint security management

View endpoint configuration, deployment, and management.

Back to tabs

Integrated threat protection with SIEM and XDR

Empower your defenders to effectively secure your digital estate by combining extended detection and response (XDR) and security information and event management (SIEM).

Microsoft 365 Defender dashboard highlighting information such as active incidents and active threats

Microsoft 365 Defender

Get unified security and visibility across endpoints, identities, emails, and cloud apps with an industry-leading XDR solution.

Back to tabs

Industry recognition

Microsoft Security is a recognized industry leader.

Gartner logo.


Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms.1

Forrester logo.


Microsoft Defender for Endpoint is named a leader in The Forrester Wave™: Endpoint Detection and Response Providers, Q2 2022. 2,3

Forrester logo.


Microsoft Defender is named a Leader in The Forrester New Wave™: Extended Detection and Response (XDR) Providers, Q4 2021.2,4



Microsoft leads in real-world detection in MITRE ATT&CK evaluation.

See what our customers are saying

Compare flexible purchase options

Explore the comprehensive security capabilities in Microsoft Defender for Endpoint P1, included with Microsoft 365 E3, and Microsoft Defender for Endpoint P2, included with Microsoft 365 E5.

Endpoint protection focused on prevention

Microsoft Defender for Endpoint P1

Microsoft Defender for Endpoint P1 offers a foundational set of capabilities, including industry-leading antimalware, attack surface reduction, and device-based conditional access.

  • Unified security tools and centralized management

  • Next-generation antimalware

  • Attack surface reduction rules

  • Device control (such as USB)

  • Endpoint firewall
  • Network protection

  • Web control / category-based URL blocking

  • Device-based conditional access

  • Controlled folder access
  • APIs, SIEM connector, custom threat intelligence

  • Application control

Endpoint protection with advanced detection and response

Microsoft Defender for Endpoint P2

Microsoft Defender for Endpoint P2 offers all the capabilities in P1, plus endpoint detection and response, automated investigation and incident response, and threat and vulnerability management.

  •  Includes everything in Endpoint P1, plus:

  • Endpoint detection and response

  • Automated investigation and remediation

  • Threat and vulnerability management

  • Threat intelligence (threat analytics)

  • Sandbox (deep analysis)

  • Microsoft Threat Experts5

Related Microsoft Defender products

Defend against cyberthreats with best-in-class security from Microsoft.

A person using a touchscreen monitor.

Microsoft 365 Defender

Get integrated threat protection across devices, identities, apps, email, data, and cloud workloads.

Two people working together at a desk with a desktop monitor.

Microsoft Defender Vulnerability Management

Reduce risk with continuous vulnerability assessment, risk-based prioritization, and remediation.

A coffee shop employee.

Microsoft Defender for Business

Discover enterprise-grade endpoint protection for small and medium businesses that's cost effective and easy to use.

Mobile and desktop displays of Microsoft Defender.

Microsoft Defender for individuals

Get online security protection for individuals and families with one easy-to-use app.6

Additional resources


Become a Microsoft Defender for Endpoint expert

Get training for security operations and security admins, whether you’re a beginner or have experience.


Watch episode one of The Defender’s Watch

Learn how to strengthen your security with evidence-based insights from experts defending against modern threats.


Stay up to date

Get product news, configuration guidance, product tutorials, and tips.


Dive deeper into the product

Get technical details on capabilities, minimum requirements, and deployment guidance.

Protect everything

Make your future more secure. Explore your security options today.

  • [1] Gartner is a registered trademark and service mark and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

    Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

    Gartner Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, Chris Silva, 31 December 2022.
  • [2] Forrester and Forrester Wave are trademarks of Forrester Research, Inc.
  • [3] The Forrester Wave™: Endpoint Detection and Response Providers, Q2 2022, Allie Mellen, April 2022.
  • [4] The Forrester New Wave™: Extended Detection and Response (XDR) Providers, Q4 2021, Allie Mellen, October 2021.
  • [5] Includes Targeted Attack Notifications (TAN) and Experts on Demand (EOD). Customers must apply for TAN and EOD is available for purchase as an add-on.
  • [6] App is available on Windows, macOS, Android™, and iOS in select Microsoft 365 Family or Personal billing regions.
  • [7] Availability of mobile apps varies by country/region.

Follow Microsoft