Top scoring in industry tests
Microsoft Defender XDR technologies consistently achieve high scores in independent tests, demonstrating the strength of its enterprise threat protection capabilities. Microsoft aims to be transparent about these test scores. This page summarizes the results and provides analysis.
Microsoft Defender XDR
Microsoft Defender XDR is a unified pre- and post-breach enterprise defense suite. It natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.
Microsoft Defender XDR combines the capabilities of Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Entra ID Protection, and Microsoft Defender for Cloud Apps into a single solution.
MITRE: Demonstrated real-world detection, response, and protection from advanced attacks
Core to MITRE's testing approach is emulating real-world attacks to understand whether solutions can adequately detect and respond to them. While the test focused on endpoint detection and response, MITRE's simulated APT29 attack spans multiple attack domains, creating opportunities to empower defenders beyond just endpoint protection. Microsoft expanded visibility beyond the endpoint with Microsoft Defender XDR.
ATT&CK-based evaluation of Microsoft Defender XDR - April 2022: [Microsoft Defender XDR demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations](Microsoft Security Blog: Microsoft Defender XDR demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations)
ATT&CK-based evaluation of Microsoft Defender XDR - April 2021: Evaluation proves Microsoft Defender for Endpoint stops advanced attacks across platforms
Microsoft Defender XDR provided nearly 100 percent coverage across the attack chain stages. It delivered leading out-of-box visibility into attacker activities. The visibility dramatically reduces manual work for the security operations center and vendor solutions that relied on specific configuration changes. Microsoft Defender XDR also had the fewest gaps in visibility, diminishing attacker ability to operate undetected.
Next generation protection
Microsoft Defender Antivirus in Windows consistently performs highly in independent tests, displaying how it's a top choice in the antivirus market. Keep in mind, these tests only provide results for antivirus and don't test for additional security protections.
Microsoft Defender Antivirus is the next generation protection capability in the Microsoft Defender for Endpoint Windows security stack that addresses the latest and most sophisticated threats today. In some cases, customers might not even know they were protected because a cyberattack is stopped milliseconds after a campaign starts. That's because Microsoft Defender Antivirus and other endpoint protection platform (EPP) capabilities in Defender for Endpoint detect and stop malware at first sight. They use machine learning, artificial intelligence, behavioral analysis, and other advanced technologies.
AV-TEST: Protection score of 6.0/6.0 in the latest test
The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The following scores are for the Protection category that has two scores: Real-World Testing and the AV-TEST reference set (known as "Prevalent Malware").
2022 AV-TEST Award – for tested IT Security: Best Advanced Protection for Consumer Users and Best Advanced Protection
November - December 2021 AV-TEST Business User test: Protection score 6.0/6.0 Latest
Microsoft Defender Antivirus achieved a perfect Protection score of 6.0/6.0, with 100% in November and December. 18,870 malware samples were used.
September - October 2021 AV-TEST Business User test: Protection score 6.0/6.0
July - August 2021 AV-TEST Business User test: Protection score 6.0/6.0
May - June 2021 AV-TEST Business User test: Protection score 6.0/6.0
March - April 2021 AV-TEST Business User test: Protection score 6.0/6.0
January - February 2021 AV-TEST Business User test: Protection score 6.0/6.0 | Analysis
AV-Comparatives: Protection rating of 99.8% in the latest test
Business Security Test consists of three main parts: the Real-World Protection Test that mimics online malware attacks, the Malware Protection Test where the malware enters the system from outside the internet (for example by USB), and the Performance Test that looks at the impact on the system's performance.
Business Security Test 2021 (August - November): Real-World Protection Rate 99.8% Latest
Microsoft Defender Antivirus has scored consistently high in Real-World Protection Rates over the past year, with 99.8% in the latest test.
Business Security Test 2021 (March - June): Real-World Protection Rate 99.7%
Business Security Test 2020 (August - November): Real-World Protection Rate 99.8%
Business Security Test 2020 (March - June): Real-World Protection Rate 99.7% | Analysis
SE Labs: AAA award in the latest test
SE Labs test a range of solutions used by products and services to detect and/or protect against attacks. It includes endpoint software, network appliances, and cloud services.
Best Email Security Service of 2023: AAA award
Annual Report 2020 - 2021: AAA award Latest
Enterprise Endpoint Protection: October - December 2021: AAA award
Enterprise Advanced Security (EDR): Kaspersky: August to September 2021: AAA award
Enterprise Advanced Security (EDR): Crowdstrike: August to September 2021: AAA award
Breach Response (NDR Detection): VMware NSX Network Detection and Response: August 2021: AAA award
Enterprise Endpoint Protection: July - September 2021: AAA award
Breach Response (Protection): BlackBerry Protect and Optics: July 2021: AAA award
Enterprise Endpoint Protection: April - June 2021: AAA award
Enterprise Endpoint Protection: January - March 2021: AAA award pdf
Endpoint detection & response
Microsoft Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
Microsoft Defender for Endpoint's EDR and endpoint protection capabilities have received positive results from industry tests and publications. SC Labs assessed endpoint security tools in June 2020, and gave Microsoft Defender for Endpoint 5/5 stars. They called out Microsoft Defender for Endpoint's ability to protect organizations against the modern threat landscape using a full set of security capabilities. SC Labs also identified the endpoint security solution as holistic and unified. They also acknowledged the convergence of endpoint protection with endpoint detection and response functionality, because the attack chain now gets fully covered by solutions.
To what extent are tests representative of protection in the real world?
Independent security industry tests aim to evaluate the best antivirus and security products in an unbiased manner. However, Microsoft sees a wider and broader set of threats beyond what's tested in the evaluations highlighted in this article. In an average month, Microsoft's security products identify over 100 million new threats. Even if an independent tester can acquire and test 1% of those threats, that is a million tests across 20 or 30 products. In other words, the vastness of the malware landscape makes it difficult to evaluate the quality of protection against real world threats.
The capabilities within Microsoft Defender for Endpoint provide additional layers of protection that aren't factored into industry antivirus tests, and address some of the latest and most sophisticated threats. Isolating AV from the rest of Defender for Endpoint creates a partial picture of how Microsoft's security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We've proven that Microsoft Defender for Endpoint components catch samples that Microsoft Defender Antivirus missed in these industry tests. It's more representative of how effectively Microsoft's security suite protects customers in the real world.
Learn more about Microsoft Defender for Endpoint and evaluate it in your own network by signing up for a 90-day trial, or enabling Preview features on existing tenants.
Learn more about Microsoft Defender XDR or start using the service.
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.