The State of Microsoft Hybrid Client Security Management

• For client endpoint protection, organizations should consider Microsoft Defender for Endpoint first but may still need the Endpoint Protection application for Windows PC management.
• Defender for Endpoint offers comprehensive protection of Windows, macOS, and Linux and is included in higher-tiered Microsoft 365 suites, while Endpoint Protection only protects Windows systems and must be licensed through System Center.
• Endpoint Protection supports clients that are shared among users or that have no Internet connection.
• Defender for Endpoint’s distinctive features require sending telemetry to Microsoft, an unacceptable risk for some firms.

Endpoint Protection (EP) and Microsoft Defender for Endpoint (MDE) offer the same fundamental antivirus and antimalware protection for Windows systems. For most organizations, the MDE hosted service is the best choice because it can offer additional layers of analysis, incident correlation, and remediation that EP cannot. EP continues to have a role where organizations cannot or will not let clients connect to the Internet, where clients are shared among users, or where sending MDE telemetry to Microsoft poses too much security and regulatory compliance risk.