Skip to main content
Microsoft Security

Forrester names Microsoft a Leader in the 2023 Endpoint Security Wave™ report

We are excited to share that Microsoft has been named a Leader in The Forrester Wave™: Endpoint Security, Q4 2023. Microsoft received the highest possible scores in the strategy category for the vision and roadmap criteria. Forrester notes, “Microsoft’s outstanding roadmap for endpoint security includes expanding [Microsoft Defender for Endpoint] functionality to operational technology (OT) and Internet of Things (IOT) devices and continuing its strategy of building an extensive partner community.”

In the current offering category, Microsoft achieved the highest possible scores in the threat intelligence, suite automation, endpoint, including performance impact, runtime behavior detection and response protection, network cyberthreat detection, mobile device security, behavioral analysis capabilities, and vulnerability patching remediation criteria. Forrester also noted, “Being natively integrated into Windows minimizes the agent performance overhead…the Defender agent performs well on other operating systems (OS), and the agent’s runtime behavior protection functions integrate into conditional access methods that can provide device trust.”

Microsoft Defender for Endpoint

Discover and secure endpoint devices across your multiplatform enterprise.

a person sitting on the seat of a car

AI and SOC efficiency: core to our vision and roadmap

As Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management, Microsoft, states in her blog, the global shortage of skilled security professionals and the continued, unprecedented cybersecurity threats faced by organizations have been key drivers to create and integrate new technologies to help tip the scales in favor of security teams.

AI is one such technology. Bringing its breakthroughs, such as generative AI, within reach of organizations of all sizes has been core to Microsoft Defender for Endpoint’s strategy. AI goes hand-in-hand with security operations center (SOC) efficiency that spans our vision of protecting every endpoint on the planet for organizations of all sizes to our roadmap of capabilities that empower security teams to outmaneuver sophisticated adversaries. Automatic attack disruption, Microsoft Security Copilot, and native settings management are just three examples of how our vision and roadmap are already transforming the SOC in recent months.

Disrupting ransomware early in the cyberattack chain with automatic attack disruption

Gif demonstrating automatic attack disruption.

Figure 1. How automatic attack disruption stops a ransomware attack.

Security teams need every advantage in the fight against ransomware. Introduced in November 2022, Microsoft 365 Defender’s unique, industry-first automatic attack disruption stops the most sophisticated cyberattack campaigns—such as ransomware, business email compromise, and attacker-in-the-middle—at machine speed by leveraging multidomain signals across the extended detection and response (XDR) platform. This capability combines our industry-leading detection with AI enforcement mechanisms to block cyberthreats and limit their spread within the organization. In October 2023, we introduced the next evolution of automatic attack disruption that stops human-operated cyberattacks earlier in the cyberattack chain in a decentralized way across devices. This industry-first, Microsoft-patented capability contains compromised users across devices just by deploying Defender for Endpoint, bringing this XDR AI-powered security within reach of even more organizations.

Accelerating investigation and response with Security Copilot

Screenshot of the Microsoft 365 Defender portal where Microsoft Security Copilot is embedded in a security analyst workflow where they use natural language to create a complex KQL query for advanced hunting.

Figure 2. Microsoft 365 Defender portal showing Security Copilot within advanced hunting editor.

Security professionals are scarce, and we must empower them to disrupt cyberattackers’ traditional advantages. With this challenge in mind, we introduced Microsoft Security Copilot in March 2023. It is the industry’s first generative AI security product that allows security teams to move at machine speed. It combines OpenAI’s GPT-4 generative AI model with Microsoft’s security-specific model informed by our unique global threat intelligence and more than 65 trillion daily signals.1 This month, organizations started gaining access to Security Copilot. Embedded within Microsoft 365 Defender’s existing analyst workflows, Security Copilot simplifies complex tasks with capabilities like guided response actions, and provides intuitive, actionable insight across the cyberthreat landscape such as summarized incidents in natural language.

Fast-tracking setup with simplified settings management

Screenshot of the Microsoft 365 Defender portal settings management experience across Windows, mac, and iOS so that the security analyst can remain within this portal.

Figure 3. Security policy interface in the Microsoft 365 Defender portal.

Helping security teams move with speed and agility doesn’t always require AI. Security teams can now set up and configure Defender for Endpoint so much faster with simplified security settings management, announced in July 2023. The new streamlined approach is all contained within the unified Microsoft 365 Defender portal experience, supported across the multiplatform workloads of Windows, MacOS, and Linux. While the Microsoft Intune portal is no longer required as part of the setup experience, Microsoft Defender for Endpoint continues to work great with Intune, sharing a single consistent source of truth for endpoint security settings.  

In the coming months we look forward to introducing more AI-powered and efficiency-focused capabilities across all platforms.

Industry-leading endpoint security

Microsoft Defender for Endpoint is core to Microsoft 365 Defender, our XDR solution that spans identities, endpoints, cloud apps, email, and documents. Microsoft 365 Defender delivers intelligent, automated, and integrated security in a unified security operations experience, with detailed cyberthreat analytics and insights, unified threat hunting, and rapid detection and automation across domains—detecting and stopping cyberattacks anywhere in the cyberattack chain and eliminating persistent cyberthreats.

Our continued leadership in security is due in part to the close partnership we have with customers who give us continuous feedback in the product development process. We are grateful for their continued trust in us and are committed to delivering innovative security capabilities that help them secure their organizations.

Our mission is to empower security teams with the best security capabilities in the industry so that you can focus on what’s important: preventing and remediating cyberthreats.

You can download the report to get more details about our position as a Leader. We thank our customers and partners for being on this journey with us.

Recognition across the industry

Defender for Endpoint has consistently been recognized as delivering as an industry leader across analyst and customer evaluations:

Learn more

Microsoft Defender for Endpoint is a comprehensive, AI-powered endpoint security across platforms, devices, and IoT. With our solution, organizations can automatically disrupt ransomware on any platform. If you are not yet taking advantage of Microsoft’s unrivaled cyberthreat optics and proven capabilities, sign up for a free trial of Microsoft Defender for Endpoint today.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as “Twitter”) (@MSFTSecurity) for the latest news and updates on cybersecurity.


1Microsoft Digital Defense Report 2023, Microsoft. 2023.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.


Forrester Wave™: Endpoint Security, Q4 2023, Paddy Harrington, Merritt Maxim, Angela Lozada, Christine Turley. October 18, 2023.

Gartner, Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, Chris Silva, 31 December 2022. Gartner is a registered trademark and service mark and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.