Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help organizations prevent, detect, investigate, and respond to advanced threats on their endpoints. These endpoints include laptops, phones, tablets, PCs, access points, routers, and firewalls.
As the endpoint security pillar of Microsoft Defender, Defender for Endpoint feeds endpoint signals into the unified Defender portal. The portal correlates these signals with alerts from identity, email, and cloud workloads to form complete incident views. Your security team can trace an attack from a phishing email to a compromised endpoint to lateral movement - all in one place.
Defender for Endpoint also integrates with the broader Microsoft security ecosystem, including:
- Intune
- Microsoft Defender for Cloud
- Microsoft Defender for Cloud Apps
- Microsoft Defender for Identity
- Microsoft Defender for Office
- Microsoft Defender Vulnerability Management
- Microsoft Sentinel
Operating systems
Microsoft Defender for Endpoint supports the following operating systems: Windows, macOS, Linux, Android, and iOS. For detailed information about capabilities on each platform, see the following articles.
- Microsoft Defender for Endpoint on Windows
- Microsoft Defender for Endpoint on Linux
- Microsoft Defender for Endpoint on macOS
- Microsoft Defender for Endpoint on Android and iOS
For detailed system requirements and supported versions, see Minimum requirements for Microsoft Defender for Endpoint.
Licensing
To onboard Defender for Endpoint, you need a license. Choose from the following options:
- Microsoft Defender for Business - An endpoint security solution designed for small and medium-sized businesses (up to 300 users).
- Defender for Endpoint Plan 1 - Provides core endpoint protection capabilities, including next-generation antivirus, attack surface reduction, and centralized management.
- Defender for Endpoint Plan 2 - A comprehensive endpoint protection solution that includes advanced capabilities such as endpoint detection and response, automated investigation, and vulnerability management.
- Microsoft Defender for Servers Plan 1 or Plan 2 - To onboard servers to Defender for Endpoint.
- Microsoft Defender for Endpoint for servers - To onboard servers to Defender for Endpoint.
- Microsoft Defender for Business servers - For small and medium-sized businesses only.
Microsoft 365 E5 and Microsoft 365 E5 Security include Defender for Endpoint. To onboard servers, you need server licenses. For more information, see the licensing section in Minimum requirements for Microsoft Defender for Endpoint.
Tip
The more Microsoft Defender workloads you deploy (identity, email, cloud apps, and endpoints), the stronger your overall protection becomes. Each workload contributes signals that enrich detection, correlation, and automated response in the unified Defender portal.
For full plan comparison and pricing, see Microsoft Defender for Endpoint plans and pricing.
Defender for Endpoint capabilities
Defender for Endpoint provides a comprehensive set of capabilities, including endpoint detection and response, autonomous protection with automatic attack disruption and predictive shielding, next-generation protection with ransomware prevention, attack surface reduction, vulnerability management, Endpoint Attack Notifications, and APIs for integration with your existing workflows.
For guidance on planning and rolling out Defender for Endpoint in your environment, see Plan your Defender for Endpoint deployment. To learn about new and upcoming capabilities, see What's new in Microsoft Defender for Endpoint. To turn on preview features in your environment, see Preview features in Microsoft Defender XDR.
For a step-by-step workflow for piloting and deploying Defender for Endpoint in a production environment, including onboarding endpoints and verifying pilot groups, see Pilot and deploy Defender for Endpoint.
For platform-specific capabilities, see the Windows, Linux, macOS, and Android and iOS mobile threat defense documentation.
APIs and integrations
Use these capabilities to integrate Microsoft Defender for Endpoint with your existing security tools and workflows, and automate tasks by using APIs. Management and automation APIs enable you to automate workflows and integrate Defender for Endpoint into your existing processes. You can also use partner integrations to connect with Microsoft and non-Microsoft security solutions.
Privacy and compliance
- Zero Trust
- Microsoft Trust Center - Data protection and privacy
- Privacy at Microsoft
- Privacy & data management overview