Microsoft Defender for Endpoint
Microsoft Digital Defense Report
The epicenter for comprehensive endpoint security
Rapidly stop attacks, scale security resources, and evolve defenses across operating systems and network devices.
Scale your security
Evolve your defenses
Capabilities
Gain a holistic view into your environment, mitigate advanced threats, and respond to alerts from a single, unified platform.
- Eliminate the blind spots in your environment
- Discover vulnerabilities and misconfigurations in real time
- Quickly go from alert to remediation at scale with automation
- Block sophisticated threats and malware
- Detect and respond to advanced attacks with deep threat monitoring and analysis
- Eliminate risks and reduce your attack surface
- Secure your mobile devices
- Simplify endpoint security management
Eliminate the blind spots in your environment
Discover unmanaged and unauthorized endpoints and network devices, and secure these assets using integrated workflows.
Discover vulnerabilities and misconfigurations in real time
Bring security and IT together with threat and vulnerability management to quickly discover, prioritize, and remediate vulnerabilities and misconfigurations.
Learn more
Quickly go from alert to remediation at scale with automation
Automatically investigate alerts and remediate complex threats in minutes. Apply best practices and intelligent decision-making algorithms to identify active threats and determine what action to take.
Watch the video
Block sophisticated threats and malware
Defend against never-before-seen, polymorphic and metamorphic malware, and fileless and file-based threats with next-generation protection.
Learn about next-gen protection
Detect and respond to advanced attacks with deep threat monitoring and analysis
Empower your security operations center with deep knowledge, advanced threat monitoring, and analysis. Spot attacks and zero-day exploits using advanced behavioral analytics and machine learning.
Learn how to investigate incidents
Eliminate risks and reduce your attack surface
Use attack surface reduction to minimize the areas where your organization could be vulnerable to threats.
Learn about attack surface reduction
Secure your mobile devices
Get mobile threat defense capabilities for Android and iOS with Microsoft Defender for Endpoint.
Simplify endpoint security management
View endpoint configuration, deployment, and management with Microsoft Endpoint Manager.
Eliminate the blind spots in your environment
Discover unmanaged and unauthorized endpoints and network devices, and secure these assets using integrated workflows.
Discover vulnerabilities and misconfigurations in real time
Bring security and IT together with threat and vulnerability management to quickly discover, prioritize, and remediate vulnerabilities and misconfigurations.
Learn more
Quickly go from alert to remediation at scale with automation
Automatically investigate alerts and remediate complex threats in minutes. Apply best practices and intelligent decision-making algorithms to identify active threats and determine what action to take.
Watch the video
Block sophisticated threats and malware
Defend against never-before-seen, polymorphic and metamorphic malware, and fileless and file-based threats with next-generation protection.
Learn about next-gen protection
Detect and respond to advanced attacks with deep threat monitoring and analysis
Empower your security operations center with deep knowledge, advanced threat monitoring, and analysis. Spot attacks and zero-day exploits using advanced behavioral analytics and machine learning.
Learn how to investigate incidents
Eliminate risks and reduce your attack surface
Use attack surface reduction to minimize the areas where your organization could be vulnerable to threats.
Learn about attack surface reduction
Secure your mobile devices
Get mobile threat defense capabilities for Android and iOS with Microsoft Defender for Endpoint.
Simplify endpoint security management
View endpoint configuration, deployment, and management with Microsoft Endpoint Manager.
Microsoft Defender for Endpoint empowers your enterprise to rapidly stop attacks, scale your security resources, and evolve your defenses by delivering best-in-class endpoint security across Windows, macOS, Linux, Android, iOS, and network devices. Feel confident in your security approach knowing Microsoft Defender for Endpoint provides the tools and insight necessary to gain a holistic view into your environment, mitigate advanced threats, and immediately respond to alerts all from a single unified platform.
Industry recognition
Forrester
Microsoft Defender for Endpoint is named a leader in The Forrester Wave™: Endpoint Detection and Response Providers, Q2 2022. 1,2
Forrester
Microsoft Defender is named a Leader in The Forrester New Wave™: Extended Detection and Response (XDR) Providers, Q4 2021.1,3
Gartner
Gartner® names Microsoft a Leader in the 2021 Magic Quadrant™ for Endpoint Protection Platforms.4,5
Compare flexible purchase options
Endpoint protection focused on prevention
Microsoft Defender for Endpoint P1
Microsoft Defender for Endpoint P1 offers a foundational set of capabilities, including industry-leading antimalware, attack surface reduction, and device-based conditional access.
- Unified security tools and centralized management
- Next-generation antimalware
- Attack surface reduction rules
- Device control (such as USB)
- Endpoint firewall
- Network protection
- Web control / category-based URL blocking
- Device-based conditional access
- Controlled folder access
- APIs, SIEM connector, custom threat intelligence
- Application control
Endpoint protection with advanced detection and response
Microsoft Defender for Endpoint P2
Microsoft Defender for Endpoint P2 offers the complete set of capabilities, including everything in P1, plus endpoint detection and response, automated investigation and incident response, and threat and vulnerability management.
Includes everything in Endpoint P1, plus:
- Endpoint detection and response
- Automated investigation and remediation
- Threat and vulnerability management
- Threat intelligence (threat analytics)
- Sandbox (deep analysis)
- Microsoft Threat Experts6
Related Microsoft Defender products
Microsoft 365 Defender
Get integrated threat protection across devices, identities, apps, email, data and cloud workloads.
Microsoft Defender Vulnerability Management
Reduce risk with continuous vulnerability assessment, risk-based prioritization, and remediation.
Microsoft Defender for Business
Enterprise-grade endpoint protection for small and medium businesses, that's cost effective and easy to use.
Microsoft Defender for individuals
Get online security protection for individuals and families with one easy-to-use app.7
Additional resources
Blog
Become a Microsoft Defender for Endpoint expert
Get training for security operations and security admins, whether you’re a beginner or have experience.
Partnerships
Find a partner
The Microsoft Intelligent Security Association (MISA) is an ecosystem of independent software vendors and managed security service providers.
News
Stay up to date
Get product news, configuration guidance, product tutorials, and tips.
Documentation
Dive deeper into the product
Get technical details on capabilities, minimum requirements, and deployment guidance.
- Forrester and Forrester Wave are trademarks of Forrester Research, Inc.
- The Forrester Wave™: Endpoint Detection and Response Providers, Q2 2022, Allie Mellen, April 2022.
- The Forrester New Wave™: Extended Detection and Response (XDR) Providers, Q4 2021, Allie Mellen, October 2021.
- Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designations. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER and Magic Quadrant are registered trademarks and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. - Gartner Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, Dionisio Zumerle, Prateek Bhajanka, Lawrence Pingree, Paul Webber, 05 May 2021.
- Includes Targeted Attack Notifications (TAN) and Experts on Demand (EOD). Customers must apply for TAN and EOD is available for purchase as an add-on.
- App is available on Windows, macOS, Android™, and iOS in select Microsoft 365 Family or Personal billing regions.