SentinelOne vs Microsoft Defender for Endpoint

15 October 2020 | ITHQ Tech Team

Microsoft Defender for Endpoint was, until recently, known as Defender ATP. How does it stack up against rising star, SentinelOne, for endpoint protection?

If you're a start-up or SME heavily invested in a Microsoft environment, you'll already be familiar with Defender Antivirus and Exploit Guard - they are included with all versions of Windows.

However, most enterprise buyers will want to move to Defender for Endpoint for better EDR functionality such as attack visibility, reporting and threat hunting, as well as vulnerability management. Ultimately, next-generation malware requires next-generation cyber security.


Spread your IT eggs across multiple baskets for security

Opting for another Microsoft product might seem like an attractive option for familiarity. But recent outages demonstrate the dangers of putting all your tech eggs in one - albeit well-known and trusted - basket.

Spreading risk across multiple products and platforms is by far the safer option. It's worth exploring newer companies that offer a serious challenge to the established players.

SentinelOne is rapidly becoming synonymous with unbeatable endpoint protection, as its record-breaking MITRE ATT&CK APT29 2020 test showed and its 100% Total Accuracy Rating by SE Labs.

It is a Gartner Magic Quadrant Leader and also making waves in further testing, as the table below shows. It is competitively and transparently priced, whilst Defender for Endpoint is more expensive and subject to Microsoft's complex licensing.

SentinelOne has published some seriously impressive video proof of its capabilities, not least where it defeats Maze ransomware in under two minutes. The platform also comes with a built-in ransomware warranty of up to $1 million - a warranty that has never been claimed.

If you're looking for a next generation endpoint protection solution and need help creating a shortlist, here's a direct comparison page to help.


Endpoint Protection: Key considerations

  • Is it easy to deploy and manage?
  • Is it dependent on cloud command and control for detection and response?
  • How effective has it been against zero-day attacks?
  • Do you have feature parity across Windows, Mac and Linux?
  • How does it perform in real world test scenarios?
  • What do other customers say about it?


Comparison of Business Benefits and Features

  Microsoft Defender for Endpoint SentinelOne logo
Business Benefits
Autonomous Protection and Response No - requires cloud connectivity
Fast Recovery
Partial (AIR on E5)
Can be automated or 1-click
OS freedom (Windows / Mac / Linux feature parity)
No Yes
Fewer alerts with more context
Incident based
Threat hunting
Explorer - manual storylines Yes - full storyline
API integration Yes Yes
On-device AI
On-device behavioural AI
Exploit protection
Heuristics Yes + context
Lateral movement Heuristics Yes + context
Rollback No
Integrated threat feeds Yes
Remote shell
Device control USB - no Bluetooth control
Device control
Firewall control Yes Yes
Bluetooth control Yes
Threat hunting
Explorer - manual storylines
Yes - full storyline
Deep visibility No


Industry and Peer Reviews

Gartner Peer Insights


Microsoft Defender for Endpoint logo

SentinelOne logo


Gartner Peer Insights SentinelOne vs Microsoft Defender




Gartner Magic Quadrant for Endpoint Protection Platforms

May 2021 - full report here





Independent Testing


Microsoft Defender for Endpoint


SentinelOne logo
Provided coverage across the attack chain stages


APT29 2020

Scored record results:

 - Least missed detections

 - Most high-quality detections

 - Most correlated   detections
NSS labs Top ROI score and Recommended rating 2019
Unknown VB100virus 100% block rate across   Windows testing
Top Product
AVTest Certified for Windows and MacOS
AAA rated: In top 10 vendors
SELabslogo AAA rated: In top 10 vendors




All prices calculated at per endpoint per month, for comparison purposes.

Pricing is 'starting from' and based on list pricing. It can be subject to change, volume discounts etc.

Correct at October 2020


Contact us for accurate pricing based on your specific requirements

SentinelOne logo

 Minimum purchase - 5 endpoints - only through ITHQ

Payment can be billed monthly - only through ITHQ

To achieve these prices below, minimum purchase 100 endpoints, billed annually.

Quote always required for accurate pricing

Core Control Complete
$4.16 $4.90 $9.00
Includes full advanced EDR
All Core features plus device, firewall and bluetooth control
All Control features plus threat hunting and deep visibility


Microsoft Defender for Endpoint Logo

Minimum purchase - 100 endpoints

Payment always billed annually

Priced according to Microsoft

£48 per endpoint per month

(can't be bought separately – requires Office365 license)

£20 per month uplift from previous tier.

Does include other aspects like advanced AD, Azure ATP whether you need them or not. There is no option to remove them.

This means that to buy security from Microsoft, you have to effectively buy email, the office suite, Azure AD, Windows 10, Teams, OneDrive, Sharepoint, Bitlocker, SCCM and more. 


SentinelOne Get a Demo