close
The Wayback Machine - https://web.archive.org/web/20231105093508/https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-endpoint
Skip to main content
Microsoft Security

Microsoft Defender for Endpoint

Discover and secure endpoint devices across your multiplatform enterprise.

BERJAYA

Attend the new security track at Microsoft Ignite

Try new capabilities with hands-on demos, learn how to extend AI-powered protection across clouds and platforms, and explore proven security strategies November 15-16, 2023.

BERJAYA

The epicenter for comprehensive endpoint security

Rapidly stop cyberattacks, scale security resources, and evolve defenses across operating systems and network devices.

BERJAYA

Rapidly stop cyberthreats

Gain the upper hand against sophisticated cyberthreats such as ransomware and nation-state cyberattacks.

BERJAYA

Scale your security

Put time back in the hands of security teams to prioritize risks and elevate your security posture.

BERJAYA

Evolve your defenses

Advance beyond endpoint silos and mature your security based on a foundation for extended detection and response (XDR) and Zero Trust. 

Defender for Endpoint capabilities

Gain a holistic view into your environment, mitigate advanced cyberthreats, and respond to alerts from a single, unified platform.

Device inventory list in Microsoft 365 Defender.

Eliminate the blind spots in your environment

Discover unmanaged and unauthorized endpoints and network devices and secure these assets using integrated workflows.

Device screen displaying Microsoft Defender for Endpoint cyberthreat and vulnerability management dashboard

Discover vulnerabilities and misconfigurations in real time

Bring security and IT together with cyberthreat and vulnerability management to quickly discover, prioritize, and remediate vulnerabilities and misconfigurations.

Device screen displaying Microsoft Defender for Endpoint investigation graph

Quickly go from alert to remediation at scale with automation

Automatically investigate alerts and remediate complex cyberthreats in minutes. Apply best practices and intelligent decision-making algorithms to identify active cyberthreats and determine what action to take.

Device screen displaying Windows Security protection history showing details about a blocked cyberthreat.

Block sophisticated cyberthreats and malware

Protect against never-before-seen polymorphic and metamorphic malware, and fileless and file-based cyberthreats with next-generation protection.

Device screen displaying Microsoft Defender Security Center showing alert details about a pass-the-ticket cyberattack.

Detect and respond to advanced cyberattacks with deep cyberthreat monitoring and analysis

Empower your security operations center with deep knowledge, advanced cyberthreat monitoring, and analysis. Spot cyberattacks and zero-day exploits using advanced behavioral analytics and machine learning.

Device screen displaying Microsoft 365 security cyberattack surface reduction rule detections

Eliminate risks and reduce your cyberattack surface

Use cyberattack surface reduction to minimize the areas where your organization could be vulnerable to cyberthreats.

Device screen displaying Microsoft Defender service status.

Secure your mobile devices

Get mobile cyberthreat protection for Android and iOS with Microsoft Defender for Endpoint.

Device screen displaying Microsoft defender configuration management.

Simplify endpoint security management

View endpoint configuration, deployment, and management.

Back to tabs

Give security teams an edge with Microsoft Security Copilot

Powerful new capabilities, new integrations, and industry-leading generative AI—now available in early access.

BERJAYA

Integrated cyberthreat protection with SIEM and XDR

Empower your security team to effectively secure your digital estate by combining extended detection and response (XDR) and security information and event management (SIEM).

Microsoft 365 Defender dashboard highlighting information such as active incidents and active cyberthreats

Microsoft 365 Defender

Get unified security and visibility across endpoints, identities, emails, and cloud apps with an industry-leading XDR solution.

Back to tabs

Industry recognition

Microsoft Security is a recognized industry leader.

Gartner logo.

Gartner

Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms.1

Forrester logo.

Forrester

Microsoft Defender for Endpoint is named a leader in The Forrester Wave™: Endpoint Detection And Response Providers, Q2 2022.23

Forrester logo.

Forrester

Microsoft Defender is named a Leader in The Forrester New Wave™: Extended Detection And Response (XDR) Providers, Q4 2021.24

MITRE ATT&CK logo

MITRE

Microsoft leads in real-world detection in MITRE ATT&CK evaluation.

See what our customers are saying

Compare flexible purchase options

Explore the comprehensive security capabilities in Microsoft Defender for Endpoint P1, included with Microsoft 365 E3, and Microsoft Defender for Endpoint P2, included with Microsoft 365 E5.

Endpoint protection focused on prevention

Microsoft Defender for Endpoint P1

Microsoft Defender for Endpoint P1 offers a foundational set of capabilities, including industry-leading antimalware, cyberattack surface reduction, and device-based conditional access.

  • Unified security tools and centralized management

  • Next-generation antimalware

  • Cyberattack surface reduction rules

  • Device control (such as USB)

  • Endpoint firewall
  • Network protection

  • Web control / category-based URL blocking

  • Device-based conditional access

  • Controlled folder access
  • APIs, SIEM connector, custom cyberthreat intelligence

  • Application control

Endpoint protection with advanced detection and response

Microsoft Defender for Endpoint P2

Microsoft Defender for Endpoint P2 offers all the capabilities in P1, plus endpoint detection and response, automated investigation and incident response, and cyberthreat and vulnerability management.

  •  Includes everything in Endpoint P1, plus:

  • Endpoint detection and response

  • Automated investigation and remediation

  • Cyberthreat and vulnerability management

  • Cyberthreat intelligence (Cyberthreat analytics)

  • Sandbox (deep analysis)

  • Endpoint attack notifications5

Related Microsoft Defender products

Protect against cyberthreats with best-in-class security from Microsoft.

A person using a touchscreen monitor.

Microsoft 365 Defender

Get integrated threat protection across devices, identities, apps, email, data, and cloud workloads.

Two people working together at a desk with a desktop monitor.

Microsoft Defender Vulnerability Management

Reduce risk with continuous vulnerability assessment, risk-based prioritization, and remediation.

A coffee shop employee.

Microsoft Defender for Business

Discover enterprise-grade endpoint protection for small and medium businesses that's cost effective and easy to use.

Mobile and desktop displays of Microsoft Defender.

Microsoft Defender for individuals

Get online security protection for individuals and families with one easy-to-use app.6

Additional resources

Blog

Become a Microsoft Defender for Endpoint expert

Get training for security operations and security admins, whether you’re a beginner or have experience.

Webcast

Watch episode one of The Defender’s Watch

Learn how to strengthen your security with evidence-based insights from experts protecting against modern cyberthreats.

News

Stay up to date

Get product news, configuration guidance, product tutorials, and tips.

Documentation

Dive deeper into the product

Get technical details on capabilities, minimum requirements, and deployment guidance.

Protect everything

Make your future more secure. Explore your security options today.

BERJAYA

Frequently asked questions

  • Defender for Endpoint is a comprehensive, cloud-native endpoint security solution that delivers visibility and AI-powered threat protection to help stop cyberattacks across Windows, macOS, Linux, Android, iOS, and IoT devices. Built on the industry’s broadest cyberthreat and human intelligence insights, it can seamlessly evolve your security with XDR-level alert correlation to automatically disrupt sophisticated cyberthreats such as ransomware. Defender for Endpoint provides visibility into devices in your environment, offers vulnerability management to help you better understand your cyberattack surface, and delivers endpoint protection, endpoint detection and response (EDR), mobile cyberthreat protection, and managed hunting in a single platform. With Defender for Endpoint, customers can discover and secure endpoint devices across a multiplatform enterprise.

    Explore Defender for Endpoint documentation

  • As a comprehensive endpoint protection solution, Defender for Endpoint includes Microsoft Defender Antivirus—next-generation protection that reinforces the security perimeter of your network. It detects and blocks known and evolving cyberthreats in real time across Linux, macOS, Windows, and Android devices. Microsoft Defender Antivirus includes:

    • Real-time antivirus protection with always-on scanning that uses file and process-behavior monitoring and other heuristics. It also detects and blocks apps that are deemed unsafe but might not be detected as malware. 
    • Cloud-delivered protection with near-instant detection and blocking of new and emerging cyberthreats.
       

    Microsoft Defender Antivirus provides full coverage for all MITRE ATT&CK tactics and techniques. It was awarded Best Advanced Protection 2022 by AV-TEST and achieved the highest rating in all major industry antivirus tests across enterprise and consumer evaluations, including AV Comparatives, SE Labs, and MRG Effitas.

     Get an overview of next-generation protection

     Learn more about Microsoft Defender Antivirus

    Learn how to enable and configure Microsoft Defender Antivirus features

    Learn more about cloud protection and Microsoft Defender Antivirus

    Explore the AV-TEST results

  • Defender for Endpoint provides cross-platform coverage across Windows, iOS, and Linux. New features or capabilities are typically provided on operating systems that haven't yet reached the end of their support lifecycle. In line with industry best practices, Microsoft recommends the installation of the latest available security patches for any operating system. 

    Explore supported Defender for Endpoint capabilities by platform

  • No. Security analysts manage Defender for Endpoint from the Microsoft 365 Defender portal—a single console for comprehensive endpoint protection, including vulnerability management, threat protection, and detection and response capabilities.  

    For customers wanting to operate their security and IT teams in tandem, Defender for Endpoint provides a consistent, single source of truth—mirrored in Intune—for managing endpoint security settings across Windows, macOS, and Linux.   

    Customers who want to extend endpoint protection to multiple domains can avoid the extra integration steps often required by other endpoint protection vendors.

    Learn more about managing endpoint security policies

    Learn how to manage security settings for Windows, macOS, and Linux natively in Defender for Endpoint

    Learn more about XDR solutions from Microsoft

  • Microsoft Defender for Endpoint is a cloud-native endpoint security platform that provides visibility, threat protection, and EDR capabilities to stop cyberattacks across Windows, macOS, Linux, Android, iOS, and IoT devices.  

    Microsoft Defender for Office 365 is a collaborative security solution that helps secure your email and Microsoft Teams environments with advanced protection against phishing, business email compromise, ransomware, and other cyberthreats. 

    Learn more about Microsoft Defender for Office 365

  • [1] Gartner is a registered trademark and service mark and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

    Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

    Gartner Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, Chris Silva, 31 December 2022.
  • [2] Forrester, Forrester New Wave, and Forrester Wave are trademarks of Forrester Research, Inc.
  • [3] The Forrester Wave™: Endpoint Detection And Response Providers, Q2 2022, Allie Mellen with Stephanie Balaouras, Joseph Blankenship, Sarah Morana, Peggy Dostie, April 2022.
  • [4] The Forrester New Wave™: Extended Detection And Response (XDR) Providers, Q4 2021, Allie Mellen with Joseph Blankenship, Alexis Tatro, Peggy Dostie, October 2021.
  • [5] Endpoint attack notifications are available to Microsoft Defender for Endpoint P2 customers as a free, opt-in feature.
  • [6] App is available on Windows, macOS, Android™, and iOS in select Microsoft 365 Family or Personal billing regions.

Follow Microsoft