Microsoft Defender for Endpoint
Discover and secure endpoint devices across your multiplatform enterprise.
Attend the new security track at Microsoft Ignite
Try new capabilities with hands-on demos, learn how to extend AI-powered protection across clouds and platforms, and explore proven security strategies November 15-16, 2023.
The epicenter for comprehensive endpoint security
Rapidly stop cyberattacks, scale security resources, and evolve defenses across operating systems and network devices.
Rapidly stop cyberthreats
Gain the upper hand against sophisticated cyberthreats such as ransomware and nation-state cyberattacks.
Scale your security
Put time back in the hands of security teams to prioritize risks and elevate your security posture.
Evolve your defenses
Advance beyond endpoint silos and mature your security based on a foundation for extended detection and response (XDR) and Zero Trust.
Defender for Endpoint capabilities
Gain a holistic view into your environment, mitigate advanced cyberthreats, and respond to alerts from a single, unified platform.
Eliminate the blind spots in your environment
Discover unmanaged and unauthorized endpoints and network devices and secure these assets using integrated workflows.
Discover vulnerabilities and misconfigurations in real time
Bring security and IT together with cyberthreat and vulnerability management to quickly discover, prioritize, and remediate vulnerabilities and misconfigurations.
Quickly go from alert to remediation at scale with automation
Automatically investigate alerts and remediate complex cyberthreats in minutes. Apply best practices and intelligent decision-making algorithms to identify active cyberthreats and determine what action to take.
Block sophisticated cyberthreats and malware
Protect against never-before-seen polymorphic and metamorphic malware, and fileless and file-based cyberthreats with next-generation protection.
Detect and respond to advanced cyberattacks with deep cyberthreat monitoring and analysis
Empower your security operations center with deep knowledge, advanced cyberthreat monitoring, and analysis. Spot cyberattacks and zero-day exploits using advanced behavioral analytics and machine learning.
Eliminate risks and reduce your cyberattack surface
Use cyberattack surface reduction to minimize the areas where your organization could be vulnerable to cyberthreats.
Secure your mobile devices
Get mobile cyberthreat protection for Android and iOS with Microsoft Defender for Endpoint.
Simplify endpoint security management
View endpoint configuration, deployment, and management.
Give security teams an edge with Microsoft Security Copilot
Powerful new capabilities, new integrations, and industry-leading generative AI—now available in early access.
Integrated cyberthreat protection with SIEM and XDR
Empower your security team to effectively secure your digital estate by combining extended detection and response (XDR) and security information and event management (SIEM).
Microsoft 365 Defender
Get unified security and visibility across endpoints, identities, emails, and cloud apps with an industry-leading XDR solution.
Microsoft Sentinel
Aggregate security data and correlate alerts from virtually any source with cloud-native SIEM from Microsoft.
Microsoft Defender for Cloud
Protect your multicloud and hybrid cloud workloads with built-in XDR capabilities.
Industry recognition
Microsoft Security is a recognized industry leader.
Gartner
Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms.1
See what our customers are saying
Compare flexible purchase options
Explore the comprehensive security capabilities in Microsoft Defender for Endpoint P1, included with Microsoft 365 E3, and Microsoft Defender for Endpoint P2, included with Microsoft 365 E5.
Microsoft Defender for Endpoint P1
Microsoft Defender for Endpoint P1 offers a foundational set of capabilities, including industry-leading antimalware, cyberattack surface reduction, and device-based conditional access.
-
Unified security tools and centralized management
-
Next-generation antimalware
-
Cyberattack surface reduction rules
-
Device control (such as USB)
-
Endpoint firewall
-
Network protection
-
Web control / category-based URL blocking
-
Device-based conditional access
-
Controlled folder access
-
APIs, SIEM connector, custom cyberthreat intelligence
-
Application control
Microsoft Defender for Endpoint P2
Microsoft Defender for Endpoint P2 offers all the capabilities in P1, plus endpoint detection and response, automated investigation and incident response, and cyberthreat and vulnerability management.
-
Includes everything in Endpoint P1, plus:
-
Endpoint detection and response
-
Automated investigation and remediation
-
Cyberthreat and vulnerability management
-
Cyberthreat intelligence (Cyberthreat analytics)
-
Sandbox (deep analysis)
-
Endpoint attack notifications5
Related Microsoft Defender products
Protect against cyberthreats with best-in-class security from Microsoft.
Microsoft 365 Defender
Get integrated threat protection across devices, identities, apps, email, data, and cloud workloads.
Microsoft Defender Vulnerability Management
Reduce risk with continuous vulnerability assessment, risk-based prioritization, and remediation.
Microsoft Defender for Business
Discover enterprise-grade endpoint protection for small and medium businesses that's cost effective and easy to use.
Microsoft Defender for individuals
Get online security protection for individuals and families with one easy-to-use app.6
Additional resources
Become a Microsoft Defender for Endpoint expert
Get training for security operations and security admins, whether you’re a beginner or have experience.
Watch episode one of The Defender’s Watch
Learn how to strengthen your security with evidence-based insights from experts protecting against modern cyberthreats.
Stay up to date
Get product news, configuration guidance, product tutorials, and tips.
Dive deeper into the product
Get technical details on capabilities, minimum requirements, and deployment guidance.
Protect everything
Make your future more secure. Explore your security options today.
Frequently asked questions
-
Defender for Endpoint is a comprehensive, cloud-native endpoint security solution that delivers visibility and AI-powered threat protection to help stop cyberattacks across Windows, macOS, Linux, Android, iOS, and IoT devices. Built on the industry’s broadest cyberthreat and human intelligence insights, it can seamlessly evolve your security with XDR-level alert correlation to automatically disrupt sophisticated cyberthreats such as ransomware. Defender for Endpoint provides visibility into devices in your environment, offers vulnerability management to help you better understand your cyberattack surface, and delivers endpoint protection, endpoint detection and response (EDR), mobile cyberthreat protection, and managed hunting in a single platform. With Defender for Endpoint, customers can discover and secure endpoint devices across a multiplatform enterprise.
-
As a comprehensive endpoint protection solution, Defender for Endpoint includes Microsoft Defender Antivirus—next-generation protection that reinforces the security perimeter of your network. It detects and blocks known and evolving cyberthreats in real time across Linux, macOS, Windows, and Android devices. Microsoft Defender Antivirus includes:
- Real-time antivirus protection with always-on scanning that uses file and process-behavior monitoring and other heuristics. It also detects and blocks apps that are deemed unsafe but might not be detected as malware.
- Cloud-delivered protection with near-instant detection and blocking of new and emerging cyberthreats.
Microsoft Defender Antivirus provides full coverage for all MITRE ATT&CK tactics and techniques. It was awarded Best Advanced Protection 2022 by AV-TEST and achieved the highest rating in all major industry antivirus tests across enterprise and consumer evaluations, including AV Comparatives, SE Labs, and MRG Effitas.
Get an overview of next-generation protection
Learn more about Microsoft Defender Antivirus
Learn how to enable and configure Microsoft Defender Antivirus features
Learn more about cloud protection and Microsoft Defender Antivirus
-
Defender for Endpoint provides cross-platform coverage across Windows, iOS, and Linux. New features or capabilities are typically provided on operating systems that haven't yet reached the end of their support lifecycle. In line with industry best practices, Microsoft recommends the installation of the latest available security patches for any operating system.
Explore supported Defender for Endpoint capabilities by platform
-
No. Security analysts manage Defender for Endpoint from the Microsoft 365 Defender portal—a single console for comprehensive endpoint protection, including vulnerability management, threat protection, and detection and response capabilities.
For customers wanting to operate their security and IT teams in tandem, Defender for Endpoint provides a consistent, single source of truth—mirrored in Intune—for managing endpoint security settings across Windows, macOS, and Linux.
Customers who want to extend endpoint protection to multiple domains can avoid the extra integration steps often required by other endpoint protection vendors.
-
Microsoft Defender for Endpoint is a cloud-native endpoint security platform that provides visibility, threat protection, and EDR capabilities to stop cyberattacks across Windows, macOS, Linux, Android, iOS, and IoT devices.
Microsoft Defender for Office 365 is a collaborative security solution that helps secure your email and Microsoft Teams environments with advanced protection against phishing, business email compromise, ransomware, and other cyberthreats.
-
[1]
Gartner is a registered trademark and service mark and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, Chris Silva, 31 December 2022. - [2] Forrester, Forrester New Wave, and Forrester Wave are trademarks of Forrester Research, Inc.
- [3] The Forrester Wave™: Endpoint Detection And Response Providers, Q2 2022, Allie Mellen with Stephanie Balaouras, Joseph Blankenship, Sarah Morana, Peggy Dostie, April 2022.
- [4] The Forrester New Wave™: Extended Detection And Response (XDR) Providers, Q4 2021, Allie Mellen with Joseph Blankenship, Alexis Tatro, Peggy Dostie, October 2021.
- [5] Endpoint attack notifications are available to Microsoft Defender for Endpoint P2 customers as a free, opt-in feature.
- [6] App is available on Windows, macOS, Android™, and iOS in select Microsoft 365 Family or Personal billing regions.



Follow Microsoft