Microsoft Defender for Endpoint

Discover and secure endpoint devices across your multiplatform enterprise.

Device screen showing the Microsoft Defender Security Center security operations dashboard

The epicenter for comprehensive endpoint security

Rapidly stop attacks, scale security resources, and evolve defenses across operating systems and network devices.

Rapidly stop threats

Gain the upper hand against sophisticated threats such as ransomware and nation-state attacks.

Scale your security

Put time back in the hands of defenders to prioritize risks and elevate your security posture.

Evolve your defenses

Advance beyond endpoint silos and mature your security based on a foundation for extended detection and response (XDR) and Zero Trust. 

Be more efficient

Save up to 60 percent by using Microsoft Security rather than multiple point solutions.1

Defender for Endpoint capabilities

Gain a holistic view into your environment, mitigate advanced threats, and respond to alerts from a single, unified platform.

Device inventory list in Microsoft 365 Defender.

Eliminate the blind spots in your environment

Discover unmanaged and unauthorized endpoints and network devices, and secure these assets using integrated workflows.

Device screen displaying Microsoft Defender for Endpoint threat and vulnerability management dashboard

Discover vulnerabilities and misconfigurations in real time

Bring security and IT together with threat and vulnerability management to quickly discover, prioritize, and remediate vulnerabilities and misconfigurations.


Learn more

Device screen displaying Microsoft Defender for Endpoint investigation graph

Quickly go from alert to remediation at scale with automation

Automatically investigate alerts and remediate complex threats in minutes. Apply best practices and intelligent decision-making algorithms to identify active threats and determine what action to take.

Watch the video

Device screen displaying Windows Security protection history showing details about a blocked threat.

Block sophisticated threats and malware

Defend against never-before-seen polymorphic and metamorphic malware, and fileless and file-based threats with next-generation protection.

Learn about next-gen protection

Device screen displaying Microsoft Defender Security Center showing alert details about a pass-the-ticket attack.

Detect and respond to advanced attacks with deep threat monitoring and analysis

Empower your security operations center with deep knowledge, advanced threat monitoring, and analysis. Spot attacks and zero-day exploits using advanced behavioral analytics and machine learning.

Learn how to investigate incidents

Device screen displaying Microsoft 365 security attack surface reduction rule detections

Eliminate risks and reduce your attack surface

Use attack surface reduction to minimize the areas where your organization could be vulnerable to threats.

Learn about attack surface reduction

Device screen displaying Microsoft Defender service status.

Secure your mobile devices

Get mobile threat defense capabilities for Android and iOS with Microsoft Defender for Endpoint.

Device screen displaying Microsoft defender configuration management.

Simplify endpoint security management

View endpoint configuration, deployment, and management.

Device inventory list in Microsoft 365 Defender.

Eliminate the blind spots in your environment

Discover unmanaged and unauthorized endpoints and network devices, and secure these assets using integrated workflows.

Device screen displaying Microsoft Defender for Endpoint threat and vulnerability management dashboard

Discover vulnerabilities and misconfigurations in real time

Bring security and IT together with threat and vulnerability management to quickly discover, prioritize, and remediate vulnerabilities and misconfigurations.


Learn more

Device screen displaying Microsoft Defender for Endpoint investigation graph

Quickly go from alert to remediation at scale with automation

Automatically investigate alerts and remediate complex threats in minutes. Apply best practices and intelligent decision-making algorithms to identify active threats and determine what action to take.

Watch the video

Device screen displaying Windows Security protection history showing details about a blocked threat.

Block sophisticated threats and malware

Defend against never-before-seen polymorphic and metamorphic malware, and fileless and file-based threats with next-generation protection.

Learn about next-gen protection

Device screen displaying Microsoft Defender Security Center showing alert details about a pass-the-ticket attack.

Detect and respond to advanced attacks with deep threat monitoring and analysis

Empower your security operations center with deep knowledge, advanced threat monitoring, and analysis. Spot attacks and zero-day exploits using advanced behavioral analytics and machine learning.

Learn how to investigate incidents

Device screen displaying Microsoft 365 security attack surface reduction rule detections

Eliminate risks and reduce your attack surface

Use attack surface reduction to minimize the areas where your organization could be vulnerable to threats.

Learn about attack surface reduction

Device screen displaying Microsoft Defender service status.

Secure your mobile devices

Get mobile threat defense capabilities for Android and iOS with Microsoft Defender for Endpoint.

Device screen displaying Microsoft defender configuration management.

Simplify endpoint security management

View endpoint configuration, deployment, and management.

Microsoft Defender for Endpoint empowers your enterprise to rapidly stop attacks, scale your security resources, and evolve your defenses by delivering best-in-class endpoint security across Windows, macOS, Linux, Android, iOS, and network devices. Feel confident in your security approach knowing Microsoft Defender for Endpoint provides the tools and insight necessary to gain a holistic view into your environment, mitigate advanced threats, and immediately respond to alerts all from a single unified platform.

Integrated threat protection with SIEM and XDR

Microsoft empowers your organization’s defenders by putting the right tools and intelligence in the hands of the right people. Combine security information and event management (SIEM) and extended detection and response (XDR) to increase efficiency and effectiveness while securing your digital estate.

 

Learn more about threat protection

Microsoft 365 Defender

 

Prevent and detect attacks across your Microsoft 365 workloads with built-in XDR capabilities.

Microsoft 365 Defender dashboard highlighting information such as active incidents and active threats

Microsoft 365 Defender

 

Prevent and detect attacks across your Microsoft 365 workloads with built-in XDR capabilities.

Industry recognition

Microsoft Security is a recognized industry leader.

See what our customers are saying

Compare flexible purchase options

Explore the comprehensive security capabilities in Microsoft Defender for Endpoint P1, included with Microsoft 365 E3, and Microsoft Defender for Endpoint P2, included with Microsoft 365 E5.

Endpoint protection focused on prevention

Microsoft Defender for Endpoint P1

Microsoft Defender for Endpoint P1 offers a foundational set of capabilities, including industry-leading antimalware, attack surface reduction, and device-based conditional access.

  • Unified security tools and centralized management
  • Next-generation antimalware
  • Attack surface reduction rules
  • Device control (such as USB)
  • Endpoint firewall
  • Network protection
  • Web control / category-based URL blocking
  • Device-based conditional access
  • Controlled folder access
  • APIs, SIEM connector, custom threat intelligence
  • Application control

Endpoint protection with advanced detection and response

Microsoft Defender for Endpoint P2

Microsoft Defender for Endpoint P2 offers all the capabilities in P1, plus endpoint detection and response, automated investigation and incident response, and threat and vulnerability management.

Includes everything in Endpoint P1, plus:

  • Endpoint detection and response
  • Automated investigation and remediation
  • Threat and vulnerability management
  • Threat intelligence (threat analytics)
  • Sandbox (deep analysis)
  • Microsoft Threat Experts6

Related Microsoft Defender products

Defend against cyberthreats with best-in-class security from Microsoft.

Additional resources

Protect everything

Make your future more secure. Explore your security options today.

2. Gartner is a registered trademark and service mark and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, Chris Silva, 31 December 2022.
3. Forrester and Forrester Wave are trademarks of Forrester Research, Inc.
4. The Forrester Wave™: Endpoint Detection and Response Providers, Q2 2022, Allie Mellen, April 2022.
5. The Forrester New Wave™: Extended Detection and Response (XDR) Providers, Q4 2021, Allie Mellen, October 2021.
6. Includes Targeted Attack Notifications (TAN) and Experts on Demand (EOD). Customers must apply for TAN and EOD is available for purchase as an add-on.
7. App is available on Windows, macOS, Android™, and iOS in select Microsoft 365 Family or Personal billing regions.