Complete endpoint security
Discover and secure Windows, macOS, Linux, Android, iOS, and network devices against sophisticated threats.
Rapidly stop threats
Scale your security
Evolve your defenses
Industry recognition
-
Forrester
Microsoft Defender for Endpoint is named a leader in The Forrester Wave™: Endpoint Detection and Response Providers, Q2 2022.6
-
Forrester
Microsoft Defender is named a Leader in The Forrester New Wave™: Extended Detection and Response (XDR) Providers, Q4 2021.2,4
-
-
Forrester
Microsoft Defender for Endpoint is named a Leader in The Forrester Wave™: Endpoint Security Software as a Service, Q2 2021.4,5
-
-
Industry antivirus tests
Our antimalware capabilities consistently achieve high scores in independent tests.
Industry recognition
-
Forrester
Microsoft Defender for Endpoint is named a leader in The Forrester Wave™: Endpoint Detection and Response Providers, Q2 2022.6
-
Forrester
Microsoft Defender is named a Leader in The Forrester New Wave™: Extended Detection and Response (XDR) Providers, Q4 2021.2,4
-
Gartner
Gartner® names Microsoft a Leader in the 2021 Magic Quadrant™ for Endpoint Protection Platforms.1,3
-
Forrester
Microsoft Defender for Endpoint is named a Leader in The Forrester Wave™: Endpoint Security Software as a Service, Q2 2021.4,5
-
MITRE
Microsoft leads in real-world detection in MITRE ATT&CK evaluation.
-
Industry antivirus tests
Our antimalware capabilities consistently achieve high scores in independent tests.
Microsoft Defender for Endpoint is easy to deploy, configure, and manage with a unified security management experience. It offers endpoint security for clients, servers, mobile devices, and network devices. This diagram shows Microsoft Defender for Endpoint capabilities, including risk-based vulnerability management and assessment, attack surface reduction, behavioral-based and cloud-powered next-generation protection, endpoint detection and response (EDR), automatic investigation and remediation, and managed hunting services. These capabilities are underscored with rich APIs that enable access and integration with our endpoint security platform.
Capabilities
Discover vulnerabilities and misconfigurations in real time
Bring security and IT together with threat and vulnerability management to quickly discover, prioritize, and remediate vulnerabilities and misconfigurations.
Get expert-level threat monitoring and analysis
Empower your security operations centers with Microsoft Threat Experts. Get deep knowledge, advanced threat monitoring, analysis, and support to identify critical threats in your unique environment.
Quickly go from alert to remediation at scale with automation
Automatically investigate alerts and remediate complex threats in minutes. Apply best practices and intelligent decision-making algorithms to identify active threats and determine what action to take.
Block sophisticated threats and malware
Defend against never-before-seen, polymorphic and metamorphic malware and fileless and file-based threats with next-generation protection.
Detect and respond to advanced attacks with behavioral monitoring
Spot attacks and zero-day exploits using advanced behavioral analytics and machine learning.
Eliminate risks and reduce your attack surface
Use attack surface reduction to minimize the areas where your organization could be vulnerable to threats.
Compare flexible purchase options
Explore the comprehensive security capabilities in Microsoft Defender for Endpoint P2, coming soon with Microsoft 365 E5, and Microsoft Defender for Endpoint P1, included with Microsoft 365 E3.
Microsoft Defender for Endpoint P1
Microsoft Defender for Endpoint P1
Microsoft Defender for Endpoint P1 offers a foundational set of capabilities, including industry leading antimalware, attack surface, and device-based conditional access.
Microsoft Defender for Endpoint P2
Microsoft Defender for Endpoint P2
Microsoft Defender for Endpoint P2 offers the complete set of capabilities, including everything in P1 plus endpoint detection and response, automated investigation and incident response, and threat and vulnerability management.
| Feature name | Microsoft Defender for Endpoint P1 |
Microsoft Defender for Endpoint P2 |
|---|---|---|
| Product feature | ||
|
Unified security tools and centralized management |
Feature is included |
Feature is included |
|
Next-generation antimalware |
Feature is included |
Feature is included |
|
Attack surface reduction rules |
Feature is included |
Feature is included |
|
Device control (such as USB) |
Feature is included |
Feature is included |
|
Endpoint firewall |
Feature is included |
Feature is included |
|
Network protection |
Feature is included |
Feature is included |
|
Web control / category-based URL blocking |
Feature is included |
Feature is included |
|
Device-based conditional access |
Feature is included |
Feature is included |
|
Controlled folder access |
Feature is included |
Feature is included |
|
APIs, SIEM connector, custom TI |
Feature is included |
Feature is included |
|
Application control |
Feature is included |
Feature is included |
|
Endpoint detection and response |
Feature is not included |
Feature is included |
|
Automated investigation and remediation |
Feature is not included |
Feature is included |
|
Threat and vulnerability management |
Feature is not included |
Feature is included |
|
Threat intelligence (Threat Analytics) |
Feature is not included |
Feature is included |
|
Sandbox (deep analysis) |
Feature is not included |
Feature is included |
|
Microsoft Threat Experts7 |
Feature is not included |
Feature is included |
-
Microsoft Defender for Endpoint P1
Microsoft Defender for Endpoint P1 offers a foundational set of capabilities, including industry leading antimalware, attack surface, and device-based conditional access.
-
Unified security tools and centralized management
Feature is included
-
Next-generation antimalware
Feature is included
-
Attack surface reduction rules
Feature is included
-
Device control (such as USB)
Feature is included
-
Endpoint firewall
Feature is included
-
Network protection
Feature is included
-
Web control / category-based URL blocking
Feature is included
-
Device-based conditional access
Feature is included
-
Controlled folder access
Feature is included
-
APIs, SIEM connector, custom TI
Feature is included
-
Application control
Feature is included
-
Endpoint detection and response
Feature is not included
-
Automated investigation and remediation
Feature is not included
-
Threat and vulnerability management
Feature is not included
-
Threat intelligence (Threat Analytics)
Feature is not included
-
Sandbox (deep analysis)
Feature is not included
-
Microsoft Threat Experts7
Feature is not included
-
-
Microsoft Defender for Endpoint P2
Microsoft Defender for Endpoint P2 offers the complete set of capabilities, including everything in P1 plus endpoint detection and response, automated investigation and incident response, and threat and vulnerability management.
-
Unified security tools and centralized management
Feature is included
-
Next-generation antimalware
Feature is included
-
Attack surface reduction rules
Feature is included
-
Device control (such as USB)
Feature is included
-
Endpoint firewall
Feature is included
-
Network protection
Feature is included
-
Web control / category-based URL blocking
Feature is included
-
Device-based conditional access
Feature is included
-
Controlled folder access
Feature is included
-
APIs, SIEM connector, custom TI
Feature is included
-
Application control
Feature is included
-
Endpoint detection and response
Feature is included
-
Automated investigation and remediation
Feature is included
-
Threat and vulnerability management
Feature is included
-
Threat intelligence (Threat Analytics)
Feature is included
-
Sandbox (deep analysis)
Feature is included
-
Microsoft Threat Experts7
Feature is included
-
See what our customers are saying
Learn about our partners
-
ArcSight
Pull Microsoft Defender for Endpoint detections into the ArcSight Security Information Event Management (SIEM) solution.
-
Demisto
Enable your security team to orchestrate and automate endpoint security monitoring by integrating Demisto with Microsoft Defender for Endpoint.
-
SafeBreach
Gain visibility into the types of attacks Microsoft Defender for Endpoint is blocking using insight from correlations with SafeBreach attack simulations.
-
Morphisec
Integrate forensics data to help prioritize alerts, determine machine at-risk score, and visualize the full attack timeline.
-
ThreatConnect
Alert or block based on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender for Endpoint indicators.
-
Palo Alto Networks
Enrich your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender for Endpoint using MineMeld.
-
Dell Technologies Advanced Threat Protection
Identify malicious behavior and anomalies with the round-the-clock capabilities of this professional monitoring service.
-
CSIS Managed Detection and Response
Gain actionable insights into what, when, and how security incidents have taken place with continuous monitoring and security alert analysis.
-
InSpark
Help protect, detect, and respond to threats with the uninterrupted, managed service capabilities of InSpark's Cloud Security Center.
-
Red Canary
Deploy managed detection and response in minutes with Red Canary, a security operations partner for modern teams.
-
Cyren
Seamlessly integrate advanced web content filtering into Microsoft Defender Security Center.
-
Learn about our partners
-
ArcSight
Pull Microsoft Defender for Endpoint detections into the ArcSight Security Information Event Management (SIEM) solution.
-
Demisto
Enable your security team to orchestrate and automate endpoint security monitoring by integrating Demisto with Microsoft Defender for Endpoint.
-
SafeBreach
Gain visibility into the types of attacks Microsoft Defender for Endpoint is blocking using insight from correlations with SafeBreach attack simulations.
-
Morphisec
Integrate forensics data to help prioritize alerts, determine machine at-risk score, and visualize the full attack timeline.
-
ThreatConnect
Alert or block based on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender for Endpoint indicators.
-
Palo Alto Networks
Enrich your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender for Endpoint using MineMeld.
-
Dell Technologies Advanced Threat Protection
Identify malicious behavior and anomalies with the round-the-clock capabilities of this professional monitoring service.
-
CSIS Managed Detection and Response
Gain actionable insights into what, when, and how security incidents have taken place with continuous monitoring and security alert analysis.
-
InSpark
Help protect, detect, and respond to threats with the uninterrupted, managed service capabilities of InSpark's Cloud Security Center.
-
Red Canary
Deploy managed detection and response in minutes with Red Canary, a security operations partner for modern teams.
-
Cyren
Seamlessly integrate advanced web content filtering into Microsoft Defender Security Center.
-
CriticalStart
Reduce your alerts by 99 percent with the Zero Trust Analytics Platform.
![[noalt]](https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWO2as?ver=1216&q=90&m=6&h=540&w=1900&b=%23FFFFFFFF&l=f&o=t&aim=true "ONE RF_IMG Module TOP")
![[noalt]](https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWOcNm?ver=65b3&q=90&m=6&h=540&w=1900&b=%23FFFFFFFF&l=f&o=t&aim=true "ONE RF_IMG Module BTM")
1. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER and Magic Quadrant are registered trademarks and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
2. The Forrester New Wave™: Extended Detection and Response (XDR) Providers, Q4 2021, Allie Mellen, October 2021.
3. Gartner Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook | Dionisio Zumerle | Prateek Bhajanka | Lawrence Pingree | Paul Webber, 05 May 2021.
4. Forrester and Forrester Wave are trademarks of Forrester Research, Inc.
5. The Forrester Wave™: Endpoint Security Software as a Service, Q2 2021, Chris Sherman with Merritt Maxim, Allie Mellen, Shannon Fish, Peggy Dostie, May 2021.
6. The Forrester Wave™: Endpoint Detection and Response Providers, Q2 2022, Allie Mellen, April 2022.
7. Includes Targeted Attack Notifications (TAN) and Experts on Demand (EOD). Customers must apply for TAN and EOD is available for purchase as an add-on.