Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint

Applies to:


  • Windows

Microsoft Defender Antivirus is the next-generation protection component of Microsoft Defender for Endpoint (Microsoft Defender for Endpoint).

Although you can use a non-Microsoft antivirus solution with Microsoft Defender for Endpoint, there are advantages to using Microsoft Defender Antivirus together with Defender for Endpoint. Not only is Microsoft Defender Antivirus an excellent next-generation antivirus solution, but combined with other Defender for Endpoint capabilities, such as endpoint detection and response and automated investigation and remediation, you get better protection that's coordinated across products and services.

13 reasons to use Microsoft Defender Antivirus together with Microsoft Defender for Endpoint

# Advantage Why it matters
1 Antivirus signal sharing Microsoft applications and services share signals across your enterprise organization, providing a stronger single platform. See Insights from the MITRE ATT&CK-based evaluation of Microsoft Defender for Endpoint.
2 Threat analytics and your score for devices Microsoft Defender Antivirus collects underlying system data used by threat analytics and Microsoft Secure Score for Devices. This provides your organization's security team with more meaningful information, such as recommendations and opportunities to improve your organization's security posture.
3 Performance Microsoft Defender for Endpoint is designed to work with Microsoft Defender Antivirus, so you get better performance when you use these offerings together. Evaluate Microsoft Defender Antivirus and Microsoft Defender for Endpoint.
4 Details about blocked malware More details and actions for blocked malware are available with Microsoft Defender Antivirus and Microsoft Defender for Endpoint. Understand malware & other threats.
5 Attack surface reduction Your organization's security team can reduce your vulnerabilities (attack surfaces), giving attackers fewer ways to perform attacks. Attack surface reduction uses cloud protection for a number of rules. Get an overview of attack surface reduction.
6 Network protection Your organization's security team can protect your network by blocking specific URLs and IP addresses. Protect your network.
7 Indicators, such as file, IP address, URL, and/or certificate allow or block indicators Your organization's security team can import threat intel, which blocks known Indicators of Compromise (IoC's) Get an overview of Indicator of compromise (IoC).
8 File blocking Your organization's security team can block specific files. Stop and quarantine files in your network.
9 Auditing events Auditing event signals are available in endpoint detection and response capabilities. (These signals are not available with non-Microsoft antivirus solutions.)
10 File recovery via OneDrive If you are using Microsoft Defender Antivirus together with Office 365, and your device is attacked by ransomware, your files are protected and recoverable. OneDrive Files Restore and Windows Defender take ransomware protection one step further.
11 Controlled folder access Your organization's security team can reduce malware from encrypting end-users data by preventing unknown applications or services being able to write to protected folders. Get an overview of controlled folder access.
12 Geographic data Compliant with ISO 270001 and data retention, geographic data is provided according to your organization's selected geographic sovereignty. See Compliance offerings: ISO/IEC 27001:2013 Information Security Management Standards.
13 Technical support By using Microsoft Defender for Endpoint together with Microsoft Defender Antivirus, you have one company to call for technical support. Troubleshoot service issuesand review event logs and error codes with Microsoft Defender Antivirus.

Learn More

Microsoft Defender for Endpoint

Microsoft Defender Vulnerability Management


Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.