Strengthen your Zero Trust posture—a new, unified approach to security is here.
Microsoft Defender for Endpoint
Help secure endpoints with industry-leading, multiplatform detection and response.
Disrupt ransomware on any platform
Apply AI-powered endpoint security across Windows, macOS, Linux, Android, iOS, and IoT devices.
Outmaneuver sophisticated adversaries with AI
Stop cyberattacks such as ransomware and move at machine speed with industry-transforming AI that amplifies your security team’s strengths.
Boost prevention with global threat intelligence
Minimize vulnerabilities with a clear view of your cyberattack surface and adversaries, along with best practices for cyberthreat prevention.
Secure devices end to end
Help protect your multiplatform and IoT devices with a comprehensive, industry-leading next-generation antivirus, detection, and response solution at the core of Microsoft Defender XDR.
Defender for Endpoint key capabilities
Disrupt ransomware early in the cyberattack chain
Automatically disrupt ransomware cyberattacks by blocking lateral movement and remote encryption in a decentralized way across all your devices.
Move at machine speed with Microsoft Security Copilot
Use built-in, security-specific generative AI to rapidly investigate and respond to incidents, prioritize alerts, and learn new skills. Copilot is now embedded in Microsoft Defender XDR for Copilot customers.
Trick cyberattackers with auto-deployed deception
Automatically generate and disperse deception techniques at scale to expose cyberattackers with early-stage, high-fidelity signals.
Gain an unimpeded view of adversaries
Know your adversaries with more than 78 trillion daily signals from multiple sources, including the largest clouds, security organizations, 1.5 billion devices, internet graphs, and more than 10 thousand experts in 72 countries.
Elevate your security posture
Improve your security configuration with prioritized recommendations from Microsoft Secure Score.
Configure flexible controls for your enterprise
Balance protection and productivity with granular controls including settings, policies, web and network access, cyberthreat detection, and automated workflows.
Leave no device undetected
See and manage your cyberattack surface from a single view across all managed and unmanaged Windows, macOS, Linux, iOS, Android™, IoT, and network devices.
Operate security and IT teams in tandem
Simplify security and IT collaboration using unified endpoint management to prevent confusion, misconfigurations, and potential security gaps.
Microsoft Security Copilot is now generally available
Use natural language queries to investigate incidents with Copilot, now with integrations across the Microsoft Security suite of products.
Unified security operations platform
Secure your digital estate with the only security operations (SecOps) platform that unifies the full capabilities of extended detection and response (XDR) and security information and event management (SIEM).
Unified portal
Detect and disrupt cyberthreats in near-real time and streamline investigation and response.
Microsoft Defender XDR
Achieve unified security and visibility across your clouds, platforms, and endpoints.
Microsoft Sentinel
Aggregate security data and correlate alerts from virtually any source with cloud-native SIEM.
Industry recognition
Microsoft Security is a recognized industry leader.
See what our customers are saying
PeerSpot
Microsoft Defender for Endpoint is named a 2023 Tech Leader for Endpoint Detection and Response.
PeerSpot
Microsoft Defender for Endpoint is named a 2023 Tech Leader for Endpoint Protection for Business.
G2
Microsoft Defender for Endpoint is ranked number one in the Endpoint Detection & Response Software category.
G2
Microsoft Defender for Endpoint is ranked number one in the Endpoint Protection Platforms category.
Compare flexible purchase options
Explore the comprehensive security capabilities in Microsoft Defender for Endpoint P1, included with Microsoft 365 E3, and Microsoft Defender for Endpoint P2, included with Microsoft 365 E5, including versions of these suites that do not include Microsoft Teams.
Microsoft Defender for Endpoint P1
Microsoft Defender for Endpoint P1 offers a foundational set of capabilities, including industry-leading antimalware, cyberattack surface reduction, and device-based conditional access.
-
Unified security tools and centralized management
-
Next-generation antimalware
-
Cyberattack surface reduction rules
-
Device control (such as USB)
-
Endpoint firewall
-
Network protection
-
Web control/category-based URL blocking
-
Device-based conditional access
-
Controlled folder access
-
APIs, SIEM connector, custom threat intelligence
-
Application control
Microsoft Defender for Endpoint P2
Microsoft Defender for Endpoint P2 offers all the capabilities in P1, plus endpoint detection and response, automated investigation and incident response, and cyberthreat and vulnerability management.
Includes everything in Endpoint P1, plus:
-
Endpoint detection and response
-
Deception techniques
-
Automated investigation and remediation
-
Cyberthreat and vulnerability management
-
Threat intelligence (cyberthreat analytics)
-
Sandbox (deep analysis)
-
Endpoint attack notifications6
Related Microsoft Defender products
Protect against cyberthreats with best-in-class security from Microsoft.
Microsoft Defender XDR
Get integrated threat protection across devices, identities, apps, email, data, and cloud workloads.
Microsoft Defender Vulnerability Management
Reduce risk with continuous vulnerability assessment, risk-based prioritization, and remediation.
Microsoft Defender for Business
Discover enterprise-grade endpoint protection for small and medium businesses that's cost effective and easy to use.
Microsoft Defender for individuals
Get online security protection for individuals and families with one easy-to-use app.7
Additional resources
Become a Microsoft Defender for Endpoint expert
Get training for security operations and security admins, whether you’re a beginner or have experience.
Watch episode one of The Defender’s Watch
Learn how to strengthen your security with evidence-based insights from experts protecting against modern threats.
Stay up to date
Get product news, configuration guidance, product tutorials, and tips.
Dive deeper into the product
Get technical details on capabilities, minimum requirements, and deployment guidance.
Frequently asked questions
-
Defender for Endpoint is a comprehensive, cloud-native endpoint security solution that delivers visibility and AI-powered cyberthreat protection to help stop cyberattacks across Windows, macOS, Linux, Android, iOS, and IoT devices. Built on the industry’s broadest cyberthreat and human intelligence insights, it can seamlessly evolve your security with XDR-level alert correlation to automatically disrupt sophisticated cyberthreats such as ransomware. Defender for Endpoint provides visibility into devices in your environment, offers vulnerability management to help you better understand your cyberattack surface, and delivers endpoint protection, endpoint detection and response (EDR), mobile cyberthreat protection, and managed hunting in a single platform. With Defender for Endpoint, customers can discover and secure endpoint devices across a multiplatform enterprise.
-
As a comprehensive endpoint protection solution, Defender for Endpoint includes Microsoft Defender Antivirus—next-generation protection that reinforces the security perimeter of your network. It detects and blocks known and evolving cyberthreats in real time across Linux, macOS, Windows, and Android devices. Microsoft Defender Antivirus includes:
- Real-time antivirus protection with always-on scanning that uses file and process-behavior monitoring and other heuristics. It also detects and blocks apps that are deemed unsafe but might not be detected as malware.
- Cloud-delivered protection with near-instant detection and blocking of new and emerging cyberthreats.
Microsoft Defender Antivirus provides full coverage for all MITRE ATT&CK tactics and techniques. It was awarded Best Advanced Protection 2022 by AV-TEST and achieved the highest rating in all major industry antivirus tests across enterprise and consumer evaluations, including AV Comparatives, SE Labs, and MRG Effitas.
-
Defender for Endpoint provides cross-platform coverage across Windows, iOS, and Linux. New features or capabilities are typically provided on operating systems that haven't yet reached the end of their support lifecycle. In line with industry best practices, Microsoft recommends the installation of the latest available security patches for any operating system.
Explore supported Defender for Endpoint capabilities by platform
-
No. Security analysts manage Defender for Endpoint from the Microsoft Defender XDR portal—a single console for comprehensive endpoint protection, including vulnerability management, cyberthreat protection, and detection and response capabilities.
For customers wanting to operate their security and IT teams in tandem, Defender for Endpoint provides a consistent, single source of truth—mirrored in Intune—for managing endpoint security settings across Windows, macOS, and Linux.
Customers who want to extend endpoint protection to multiple domains can avoid the extra integration steps often required by other endpoint protection vendors.
-
Microsoft Defender for Endpoint is a cloud-native endpoint security platform that provides visibility, cyberthreat protection, and EDR capabilities to stop cyberattacks across Windows, macOS, Linux, Android, iOS, and IoT devices. Microsoft Defender for Office 365 is a collaborative security solution that helps secure your email and Microsoft Teams environments with advanced protection against phishing, business email compromise, ransomware, and other cyberthreats.
-
Microsoft has long invested in safe deployment practices and established a robust model in how we deliver updates to customers of Defender for Endpoint. In addition, customers have full control over how updates are delivered and how controls are applied to their device estate. This model of shared control helps ensure security and resiliency.
Protect everything
Make your future more secure. Explore your security options today.
- [1] Gartner Magic Quadrant for Endpoint Protection Platforms, Evgeny Mirolyubov, Franz Hinner, Deepak Mishra, Satarupa Patnaik, Chris Silva, 23 September 2024.
Gartner is a registered trademark and service mark and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. - [2] Forrester, Forrester New Wave, and Forrester Wave are trademarks of Forrester Research, Inc.
- [3] The Forrester Wave™: Endpoint Security, Q4 2023. Paddy Harrington with Merritt Maxim, Angela Lozada, Christine Turley, October 2023.
- [4] IDC MarketScape: Worldwide Modern Endpoint Security for Small Businesses Vendor Assessment |(doc #US50521424|), 2024, Michael Suby, March 2024.
IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses Vendor Assessment (doc #US50521323), 2024, Michael Suby, February 2024.
IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises Vendor Assessment (doc #US50521223), 2024, Michael Suby, January 2024. - [5] The Forrester Wave™: Endpoint Detection And Response Providers, Q2 2022, Allie Mellen with Stephanie Balaouras, Joseph Blankenship, Sarah Morana, Peggy Dostie, April 2022.
- [6] Endpoint attack notifications are available to Microsoft Defender for Endpoint P2 customers as a free, opt-in feature.
- [7] App is available on Windows, macOS, Android™, and iOS in select Microsoft 365 Family or Personal billing regions.
Follow Microsoft Security