Microsoft Defender for Endpoint
Help secure endpoints with industry-leading, multiplatform detection and response.
OVERVIEW
Disrupt ransomware on any platform
- Stop cyberattacks and protect endpoints at speed and scale with industry-transforming AI that amplifies your security team’s strengths.
- Minimize vulnerabilities with a clear view of your cyberattack surface and adversaries, along with best practices for cyberthreat prevention.
- Help protect your IoT and multiplatform devices with a comprehensive, next-generation antivirus, detection, and response solution at the core of Microsoft Defender XDR.
CAPABILITIES
Prevent, detect, and respond to threats
Automatic attack disruption
Automatically disrupt ransomware cyberattacks by blocking lateral movement and remote encryption in a decentralized way across all your devices.
Microsoft Security Copilot
Rapidly investigate and respond to incidents with built-in, security-specific generative AI.
Exposure management
Proactively secure your device estate with pre- and post-breach capabilities that help you minimize exposure risk and anticipate a cyberattacker’s next move.
Global threat intelligence
Know your adversaries, drawing insights from 84 trillion daily signals and 10 thousand experts in 72 countries.
Flexible enterprise controls
Balance protection and productivity with granular controls for settings, policies, web and network access, detections, and automated workflows.
Network detection and response
See and manage your cyberattack surface from a single view across all managed and unmanaged Windows, Linux, macOS, iOS, Android, IoT, and network devices.
Simplified endpoint management
Streamline security and IT collaboration using unified endpoint management to prevent confusion, misconfigurations, and potential security gaps.
BENEFITS
Disrupt ransomware with industry-leading, AI-powered endpoint security
Gain comprehensive protection across all devices and platforms for unmatched, cross-domain visibility across your organization.
3
minutes average time to disrupt ransomware
35,000
incidents disrupted per month
180,000
devices saved from an attack in the last six months
LICENSING
Compare flexible purchase options
Explore the comprehensive security capabilities in Defender for Endpoint. Choose from the following plans.
Microsoft Defender for Endpoint P1
Offers a foundational set of capabilities, including industry-leading antimalware, cyberattack surface reduction, and device-based conditional access.
Included in Microsoft 365 E3 (no Teams)
Offers a foundational set of capabilities, including industry-leading antimalware, cyberattack surface reduction, and device-based conditional access.
Included in Microsoft 365 E3 (no Teams)
This product is not available in your market.
- Unified security tools and centralized management
- Device control (such as USB)
- Network protection and endpoint firewall
- Web control/category-based URL blocking
- APIs, SIEM connector, and custom threat intelligence
- Application control
Microsoft Defender for Endpoint P2
Offers all the capabilities of P1, plus exposure management, endpoint detection and response, automatic attack disruption, and cyberthreat and vulnerability management.
Included in Microsoft 365 E5 (no Teams)
Offers all the capabilities of P1, plus exposure management, endpoint detection and response, automatic attack disruption, and cyberthreat and vulnerability management.
Included in Microsoft 365 E5 (no Teams)
This product is not available in your market.
- Includes everything in Defender for Endpoint P1, plus:
- Endpoint detection and response
- Deception techniques
- Automatic attack disruption
- Exposure management
- Threat intelligence (cyberthreat analytics)
- Sandbox (deep analysis)
-
-
-
RELATED PRODUCTS
Our products work better together
Help secure every facet of your business with comprehensive security solutions.
Industry recognition
Microsoft is recognized as an Endpoint Protection Leader
CUSTOMER STORIES
See how customers are securing endpoints
RESOURCES
Dive into Defender for Endpoint
Resource Library
Cybersecurity and AI news
Discover the latest trends and best practices in cyberthreat protection and AI for cybersecurity.
Frequently asked questions
- Defender for Endpoint is a comprehensive, cloud-native endpoint security solution that delivers visibility and AI-powered cyberthreat protection to help stop cyberattacks across Windows, macOS, Linux, Android, iOS, and IoT devices. Built on the industry’s broadest cyberthreat and human intelligence insights, Defender for Endpoint can seamlessly evolve your security with XDR-level alert correlation to automatically disrupt sophisticated cyberthreats such as ransomware. Defender for Endpoint provides visibility into devices in your environment and offers exposure management to help you better understand your cyberattack surface. It delivers endpoint protection, endpoint detection and response (EDR), mobile cyberthreat protection, and advanced hunting in a single platform. With Defender for Endpoint, customers can discover and secure endpoint devices across a multiplatform enterprise.
- As a comprehensive endpoint protection solution, Defender for Endpoint includes Microsoft Defender Antivirus—next-generation protection that reinforces the security perimeter of your network. It detects and blocks known and evolving cyberthreats in real time across Linux, macOS, Windows, and Android devices. Microsoft Defender Antivirus includes:
- Real-time antivirus protection with always-on scanning that uses file and process-behavior monitoring and other heuristics. It also detects and blocks apps that are deemed unsafe but might not be detected as malware.
- Cloud-delivered protection with near-instant detection and blocking of new and emerging cyberthreats.
https://selabs.uk/reports/microsoftdefender-for-office-365/
- Defender for Endpoint provides cross-platform coverage across Windows, Linux, macOS, iOS, Android, and IoT devices. New features or capabilities are typically provided on operating systems that haven't yet reached the end of their support lifecycle. In line with industry best practices, Microsoft recommends the installation of the latest available security patches for any operating system.
- No. Security analysts manage Defender for Endpoint from the Microsoft Defender XDR portal—a single console for comprehensive endpoint protection, including vulnerability management, cyberthreat protection, and detection and response capabilities.
For customers wanting to operate their security and IT teams in tandem, Defender for Endpoint provides a consistent, single source of truth—mirrored in Intune—for managing endpoint security settings across Windows, macOS, and Linux.
Customers who want to extend endpoint protection to multiple domains can avoid the extra integration steps often required by other endpoint protection vendors.
- Microsoft Defender for Endpoint is a cloud-native endpoint security platform that provides visibility, cyberthreat protection, and EDR capabilities to stop cyberattacks across Windows, macOS, Linux, Android, iOS, and IoT devices. Microsoft Defender for Office 365 is a collaborative security solution that helps secure your email and Microsoft Teams environments with advanced protection against phishing, business email compromise, ransomware, and other cyberthreats.
- Microsoft has long invested in safe deployment practices and established a robust model in how we deliver updates to customers of Defender for Endpoint. In addition, customers have full control over how updates are delivered and how controls are applied to their device estate. This model of shared control helps ensure security and resiliency.
Protect everything
Make your future more secure. Explore your security options today.
- [1]A Microsoft 365 Family or Personal subscription is required. Note that Microsoft Defender is not available in certain Microsoft 365 Personal or Family regions.
- [2]Gartner, Magic Quadrant for Endpoint Protection Platforms, Evgeny Mirolyubov, Deepak Mishra, Franz Hinner. July 14, 2025.
Gartner is a registered trademark and service mark and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved..
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. - [3]The Forrester Wave™: Extended Detection And Response Platforms, Forrester Research, Inc., June 2, 2024.
Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here.
Follow Microsoft Security