Trace Id is missing
Skip to main content
Microsoft Security

Strengthen your Zero Trust posture—a new, unified approach to security is here.

Read the blog

Microsoft Defender for Endpoint

Help secure endpoints with industry-leading, multiplatform detection and response.

Disrupt ransomware on any platform

Apply AI-powered endpoint security across Windows, macOS, Linux, Android, iOS, and IoT devices.

Outmaneuver sophisticated adversaries with AI

Stop cyberattacks such as ransomware and move at machine speed with industry-transforming AI that amplifies your security team’s strengths.

Boost prevention with global threat intelligence

Minimize vulnerabilities with a clear view of your cyberattack surface and adversaries, along with best practices for cyberthreat prevention.

Secure devices end to end

Help protect your multiplatform and IoT devices with a comprehensive, industry-leading next-generation antivirus, detection, and response solution at the core of Microsoft Defender XDR.

Watch the video

Learn how to secure your devices and disrupt ransomware across all platforms with Defender for Endpoint.

Defender for Endpoint key capabilities

Disrupt ransomware early in the cyberattack chain

Automatically disrupt ransomware cyberattacks by blocking lateral movement and remote encryption in a decentralized way across all your devices.

Move at machine speed with Microsoft Security Copilot

Use built-in, security-specific generative AI to rapidly investigate and respond to incidents, prioritize alerts, and learn new skills. Copilot is now embedded in Microsoft Defender XDR for Copilot customers.

Device screen displaying Microsoft Defender for Endpoint investigation graph

Trick cyberattackers with auto-deployed deception

Automatically generate and disperse deception techniques at scale to expose cyberattackers with early-stage, high-fidelity signals.

Device screen displaying Windows Security protection history showing details about a blocked cyberthreat.

Gain an unimpeded view of adversaries

Know your adversaries with more than 78 trillion daily signals from multiple sources, including the largest clouds, security organizations, 1.5 billion devices, internet graphs, and more than 10 thousand experts in 72 countries.

Elevate your security posture

Improve your security configuration with prioritized recommendations from Microsoft Secure Score.

Configure flexible controls for your enterprise

Balance protection and productivity with granular controls including settings, policies, web and network access, cyberthreat detection, and automated workflows.

Device screen displaying Microsoft Defender service status.

Leave no device undetected

See and manage your cyberattack surface from a single view across all managed and unmanaged Windows, macOS, Linux, iOS, Android™, IoT, and network devices.

Operate security and IT teams in tandem

Simplify security and IT collaboration using unified endpoint management to prevent confusion, misconfigurations, and potential security gaps.

Back to tabs

Microsoft Security Copilot is now generally available

Use natural language queries to investigate incidents with Copilot, now with integrations across the Microsoft Security suite of products.

Unified security operations platform

Secure your digital estate with the only security operations (SecOps) platform that unifies the full capabilities of extended detection and response (XDR) and security information and event management (SIEM).

Animation of microsoft defender dashboard homepage

Unified portal

Detect and disrupt cyberthreats in near-real time and streamline investigation and response.

Back to tabs

Industry recognition

Microsoft Security is a recognized industry leader.

See what our customers are saying

PeerSpot logo

PeerSpot

Microsoft Defender for Endpoint is named a 2023 Tech Leader for Endpoint Detection and Response.

PeerSpot logo

PeerSpot

Microsoft Defender for Endpoint is named a 2023 Tech Leader for Endpoint Protection for Business.​

G2 logo

G2

Microsoft Defender for Endpoint is ranked number one in the Endpoint Detection & Response Software category.​

G2 logo

G2

Microsoft Defender for Endpoint is ranked number one in the Endpoint Protection Platforms category.​

Back to tabs

Compare flexible purchase options

Explore the comprehensive security capabilities in Microsoft Defender for Endpoint P1, included with Microsoft 365 E3, and Microsoft Defender for Endpoint P2, included with Microsoft 365 E5, including versions of these suites that do not include Microsoft Teams.

Endpoint protection focused on prevention

Microsoft Defender for Endpoint P1

Microsoft Defender for Endpoint P1 offers a foundational set of capabilities, including industry-leading antimalware, cyberattack surface reduction, and device-based conditional access.

  • Unified security tools and centralized management

  • Next-generation antimalware

  • Cyberattack surface reduction rules

  • Device control (such as USB)

  • Endpoint firewall

  • Network protection

  • Web control/category-based URL blocking

  • Device-based conditional access

  • Controlled folder access

  • APIs, SIEM connector, custom threat intelligence

  • Application control

Endpoint protection with advanced detection and response

Microsoft Defender for Endpoint P2

Microsoft Defender for Endpoint P2 offers all the capabilities in P1, plus endpoint detection and response, automated investigation and incident response, and cyberthreat and vulnerability management.

Includes everything in Endpoint P1, plus:

  • Endpoint detection and response

  • Deception techniques

  • Automated investigation and remediation

  • Cyberthreat and vulnerability management

  • Threat intelligence (cyberthreat analytics)

  • Sandbox (deep analysis)

  • Endpoint attack notifications6

Related Microsoft Defender products

Protect against cyberthreats with best-in-class security from Microsoft.

A person using a touchscreen monitor.

Microsoft Defender XDR

Get integrated threat protection across devices, identities, apps, email, data, and cloud workloads.

Two people working together at a desk with a desktop monitor.

Microsoft Defender Vulnerability Management

Reduce risk with continuous vulnerability assessment, risk-based prioritization, and remediation.

A coffee shop employee.

Microsoft Defender for Business

Discover enterprise-grade endpoint protection for small and medium businesses that's cost effective and easy to use.

Mobile and desktop displays of Microsoft Defender.

Microsoft Defender for individuals

Get online security protection for individuals and families with one easy-to-use app.7

Additional resources

Blog

Become a Microsoft Defender for Endpoint expert

Get training for security operations and security admins, whether you’re a beginner or have experience.

Webcast

Watch episode one of The Defender’s Watch

Learn how to strengthen your security with evidence-based insights from experts protecting against modern threats.

News

Stay up to date

Get product news, configuration guidance, product tutorials, and tips.

Documentation

Dive deeper into the product

Get technical details on capabilities, minimum requirements, and deployment guidance.

Frequently asked questions

  • Defender for Endpoint is a comprehensive, cloud-native endpoint security solution that delivers visibility and AI-powered cyberthreat protection to help stop cyberattacks across Windows, macOS, Linux, Android, iOS, and IoT devices. Built on the industry’s broadest cyberthreat and human intelligence insights, it can seamlessly evolve your security with XDR-level alert correlation to automatically disrupt sophisticated cyberthreats such as ransomware. Defender for Endpoint provides visibility into devices in your environment, offers vulnerability management to help you better understand your cyberattack surface, and delivers endpoint protection, endpoint detection and response (EDR), mobile cyberthreat protection, and managed hunting in a single platform. With Defender for Endpoint, customers can discover and secure endpoint devices across a multiplatform enterprise.

    Explore Defender for Endpoint documentation

  • As a comprehensive endpoint protection solution, Defender for Endpoint includes Microsoft Defender Antivirus—next-generation protection that reinforces the security perimeter of your network. It detects and blocks known and evolving cyberthreats in real time across Linux, macOS, Windows, and Android devices. Microsoft Defender Antivirus includes:

    • Real-time antivirus protection with always-on scanning that uses file and process-behavior monitoring and other heuristics. It also detects and blocks apps that are deemed unsafe but might not be detected as malware. 
    • Cloud-delivered protection with near-instant detection and blocking of new and emerging cyberthreats.
       

    Microsoft Defender Antivirus provides full coverage for all MITRE ATT&CK tactics and techniques. It was awarded Best Advanced Protection 2022 by AV-TEST and achieved the highest rating in all major industry antivirus tests across enterprise and consumer evaluations, including AV Comparatives, SE Labs, and MRG Effitas.

  • Defender for Endpoint provides cross-platform coverage across Windows, iOS, and Linux. New features or capabilities are typically provided on operating systems that haven't yet reached the end of their support lifecycle. In line with industry best practices, Microsoft recommends the installation of the latest available security patches for any operating system. 

    Explore supported Defender for Endpoint capabilities by platform

  • No. Security analysts manage Defender for Endpoint from the Microsoft Defender XDR portal—a single console for comprehensive endpoint protection, including vulnerability management, cyberthreat protection, and detection and response capabilities. 

    For customers wanting to operate their security and IT teams in tandem, Defender for Endpoint provides a consistent, single source of truth—mirrored in Intune—for managing endpoint security settings across Windows, macOS, and Linux.

    Customers who want to extend endpoint protection to multiple domains can avoid the extra integration steps often required by other endpoint protection vendors.

  • Microsoft Defender for Endpoint is a cloud-native endpoint security platform that provides visibility, cyberthreat protection, and EDR capabilities to stop cyberattacks across Windows, macOS, Linux, Android, iOS, and IoT devices. Microsoft Defender for Office 365 is a collaborative security solution that helps secure your email and Microsoft Teams environments with advanced protection against phishing, business email compromise, ransomware, and other cyberthreats. 

    Learn more about Microsoft Defender for Office 365

  • Microsoft has long invested in safe deployment practices and established a robust model in how we deliver updates to customers of Defender for Endpoint. In addition, customers have full control over how updates are delivered and how controls are applied to their device estate. This model of shared control helps ensure security and resiliency.

    Learn more about our safe deployment practices

Protect everything

Make your future more secure. Explore your security options today.

  • [1] Gartner Magic Quadrant for Endpoint Protection Platforms, Evgeny Mirolyubov, Franz Hinner, Deepak Mishra, Satarupa Patnaik, Chris Silva, 23 September 2024.

    Gartner is a registered trademark and service mark and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

    Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
  • [2] Forrester, Forrester New Wave, and Forrester Wave are trademarks of Forrester Research, Inc.
  • [3] The Forrester Wave™: Endpoint Security, Q4 2023. Paddy Harrington with Merritt Maxim, Angela Lozada, Christine Turley, October 2023.
  • [4] IDC MarketScape: Worldwide Modern Endpoint Security for Small Businesses Vendor Assessment |(doc #US50521424|), 2024, Michael Suby, March 2024.

    IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses Vendor Assessment (doc #US50521323), 2024, Michael Suby, February 2024.

    IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises Vendor Assessment (doc #US50521223), 2024, Michael Suby, January 2024.
  • [5] The Forrester Wave™: Endpoint Detection And Response Providers, Q2 2022, Allie Mellen with Stephanie Balaouras, Joseph Blankenship, Sarah Morana, Peggy Dostie, April 2022.
  • [6] Endpoint attack notifications are available to Microsoft Defender for Endpoint P2 customers as a free, opt-in feature.
  • [7] App is available on Windows, macOS, Android™, and iOS in select Microsoft 365 Family or Personal billing regions.

Follow Microsoft Security