Lookout vs Microsoft Defender for Endpoint comparison

Lookout and Microsoft are both solutions in the Endpoint Detection and Response (EDR) category. Lookout is ranked #44 with an average rating of 8.0, while Microsoft is ranked #3 with an average rating of 8.3. Lookout holds a 0.4% mindshare in EDR, compared to Microsoft’s 10.5% mindshare. Additionally, 75% of Lookout users are willing to recommend the solution, compared to 94% of Microsoft users who would recommend it.

Lookout

Read 6 Lookout reviews

636 Views
97 Comparison Views

75% willing to recommend

Microsoft Defender for Endp...

Read 197 Microsoft Defender for Endpoint reviews

19,755 Views
3,983 Comparison Views

94% willing to recommend

Lookout

Microsoft Defender for Endp...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 9, 2024

Lookout and Microsoft Defender for Endpoint compete in the cybersecurity products category. Microsoft Defender for Endpoint is perceived to have the upper hand due to its superior features and comprehensive threat protection capabilities.

Features: Lookout users value strong mobile threat defense, ease of integration, and effective management of mobile endpoints. Microsoft Defender for Endpoint users highlight comprehensive threat detection, response capabilities, and extensive protection suite.

Room for Improvement: Lookout users suggest enhancements in reporting capabilities, more proactive threat identification, and improved customer support. Microsoft Defender for Endpoint users point out the need for a more intuitive setup process, lighter system impact, and refined user experience.

Ease of Deployment and Customer Service: Lookout is praised for quick and straightforward deployment, but users desire more robust customer support. Microsoft Defender for Endpoint has a more complex deployment but receives better feedback on customer service responsiveness.

Pricing and ROI: Lookout is noted for its competitive setup cost and decent ROI. Microsoft Defender for Endpoint’s setup cost is higher, but users report greater ROI due to its superior threat protection.

To learn more, read our detailed Lookout vs. Microsoft Defender for Endpoint Report (Updated: June 2025).

Buyer's Guide

Lookout vs. Microsoft Defender for Endpoint

June 2025

Download the complete report

Helped 860,168 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Lookout

Ranking in Endpoint Detection and Response (EDR)

44th

Average Rating

7.2

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Secure Web Gateways (SWG) (26th), Mobile Data Protection (3rd), Cloud Access Security Brokers (CASB) (15th), Threat Intelligence Platforms (23rd), Mobile Threat Defense (2nd), ZTNA as a Service (19th), ZTNA (15th), Secure Access Service Edge (SASE) (21st)

Microsoft Defender for Endp...

Ranking in Endpoint Detection and Response (EDR)

3rd

Average Rating

8.2

Reviews Sentiment

7.1

Number of Reviews

197

Ranking in other categories

Endpoint Protection Platform (EPP) (1st), Advanced Threat Protection (ATP) (4th), Anti-Malware Tools (1st), Microsoft Security Suite (4th)

Mindshare comparison

As of July 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of Lookout is 0.4%, up from 0.3% compared to the previous year. The mindshare of Microsoft Defender for Endpoint is 10.5%, down from 13.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Endpoint Detection and Response (EDR)

Featured Reviews

David Baynton

IT Manager at NHS Trust

Enhanced mobile security with visibility into app and website usage, but installation challenges remain

We use Lookout for mobile devices, such as phones It has reduced our risk around mobile devices. I like the security features and being able to see what apps and websites people are using. There is nothing we have come across that we've desired. We have been using Lookout for one year. The…

Read full review

Sudhen Swami

Senior Enterprise Architect at MTVH

Easy to update with good protection and a useful cloud portal

We've mainly used it for endpoints. However, we've also used it for DLP as well. We're also in the process of implementing it for cloud and identity as well. However, it's very good for endpoints, and that's our main focus. The malware protection is good. The visibility it provides is very useful. We can combine visibility with wider security features and alerts around malware, misconfiguration, or any other kinds of threats. The cloud portal is quite good. From there, we are able to see alerts and have colleagues review issues and monitor to see if any patterns arise. It's serving us quite well overall. It allows us to look at other items, like application and browser control. It helps us prioritize threats. We have a process in place now where we can review issues and remediate them effectively. We have been able to integrate a variety of Microsoft security products together. We use Azure AD, for example, and we've begun to implement DLP, among other items. We're looking at labeling and tagging and will expand into that soon. Defender has more stringent system requirements than, for example, Check Point. So when we implemented the Check Point Endpoint agent, that solution didn't mind what version of Windows you were using. When we moved to Defender, Defender had certain system prerequisites that had to be met. So we had to make sure that we're on a minimum version of Windows when we're utilizing Office, and Office has to be a particular version as well. It has more stringent system requirements that have to be met before you can implement it. It works natively together with other Microsoft solutions. Once you get more and more of those different components across the environment, then you start to get better visibility. So, rather than having lots of different solutions, you have fewer solutions and a single vendor solution. That way, you start getting into a position where you get better visibility and integration as well. The standardization is good. It's important. It's helping me with monitoring and learning. Updates and upgrades are quite smooth and seamless. Defender helps us automate routine tasks. Quite a lot of Microsoft is straightforward for us now. Previously, we didn't have enough resources and were unable to look at the alerts. Having this in place makes things a lot more straightforward for us. We have both the technology and the people in place now, alongside the process. We do see the benefits in that, and that's why we're continuing our adoption across the estate in terms of client and server as well. It's helping us avoid looking at multiple dashboards and centralized monitoring. We're not fully there yet. We're getting there. While we haven't witnessed time saving yet, once it's fully deployed, it will. By then, we'll have standardized processes across a single solution. We have saved money, however, as we continue to reduce non-Mircosft systems. Since we won't be using various competing technologies, we can save on licensing costs. We've likely so far saved 15%. While it's hard to estimate exactly how much, the solution has helped us decrease time to detection and time to respond.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The protection offered by the product is the most valuable feature. It detects vulnerabilities or traps on our users' phones and then prompts them to clean up their devices. Tools we used previously would only discover, which required us to gather information on the backend, so Lookout is a welcome upgrade."

"The most valuable features are the antivirus as a whole, the anti-malware, and all of the protection features that scan our enterprise devices."

"We have not had any issues with bugs or breakdowns."

"The solution is stable."

"On the outside, the main differentiation is because Lookout ingest. They have ingested basically all of the apps for the last ten years and all the versions of all the apps, and we have that in a corporate database that allows us to do very large-scale machine learning and analysis on that data set. That's not something that any of the competitors really have the capability to do because they don't have access to the data set. A lot of the apps you can no longer get them because that version of the app is five or six years old, and it just doesn't exist anywhere anymore, except within our infrastructure. So, the ability to have that very rich dataset and learn from that dataset is a real differentiator."

"In my opinion, the most valuable aspects are the reporting analytics and integration with Sentinel. Defender does an excellent job of correlating the different entities that comprise threat analysis, analytics data, and log analytics. It helps to piece together investigations into any exploit or malicious activity within a specific tenant. AI and analytics tools are probably the most valuable components."

"The most valuable features are the Windows Firewall and the regular virus definition updates. These features are very helpful and have helped to improve our security."

"We like that it has a free version available."

"It's one of the best antiviruses on the market."

"The endpoint detection of threats is valuable. The initial detection of things like ransomware and viruses and being able to shut down machines immediately and stop a threat is valuable. We can stop a threat at a source versus allow it to propagate it across the network."

"The installation is straightforward."

"We can run the virus scan across our entire environment."

"Within its class I think, it has a high and decent detection rate."

More Microsoft Defender for Endpoint pros

Cons

"The initial setup requires a little bit of experience with configuration."

"The stability depends on the service from where you access it. Because sometimes, the place you are in, you have Gateway. You don't have Gateway. The gateway is overutilized. At the end, you need to go through their gateways. And this is the key point here. You have a tracking point. If it's not well orchestrated, and it scales up as you add more to the existing team, you will suffer"

"We just submitted an enhancement request reflecting the main area we want to see improvement in; the APIs. Currently, we're able to build dashboards, but it's somewhat backward because we use our MDM API to create them. Lookout should provide API to customers so we can query our data and use it in our cloud, and this is the only outstanding area for improvement with the product right now."

"From the analysis that we've done, they do seem to be maybe a step behind in trying to enter the market with a new solution. But when they do pick up, they do come out with some good products."

"Lookout was moving into the SSE space. And so their work on SecureWeb Gateway and SD-WAN is still sort of evolving."

"The solution can be more user-friendly."

"Monitoring can always be better, onboarding can be a little bit faster, log collection could be easier, they could streamline the dashboard. They could maybe split it up into different workspaces and have the ability to segment groups a little bit more."

"Lacks some additional integration."

"It should support non-Windows products better. Microsoft is now one of the leading vendors in the security area. So, they should be product-independent."

"I would just like them to have more consistency, and that's a comment that's across the board with Microsoft. They change things a lot."

"A challenge is that it is not a multi-tenant solution. Microsoft's tenant is a licensed tenant. I'm an MSSP. So, I have multiple customers. In Microsoft's world, that means that I can't just buy an E5 license and give that out to all my customers. That won't work because all of the customer data resides within a single tenant in Microsoft's world. Other products—such as SentinelOne, Palo Alto Cortex, CrowdStrike, et cetera—are multi-tenant. So, I can have it at the top of the pyramid for my analyst to look into it and see all the customers, but each customer's data is separate. If the customer wants to look at what we see, they would only see their data, whereas in the Microsoft world, if I've got multiple customers connected to the same Microsoft tenant, they would see everybody else's data, which is a privacy problem in Europe. It is not possible to share the data, and it is a breach of privacy."

"We would like to see more tools for managing on-premises security... Sometimes, we have the tools, like Defender, to manage security in the cloud, but because we are so focused on the cloud, we forget the fact that we need to be sure about the security of the on-premises environment, specifically Active Directory."

"It makes your Surface devices hot. It is resource-intensive. It strains your CPU, not more than other file scanners around, but it also does a lot more. When you are transmitting files or data, it is continuously scanning the traffic and analyzing it bit by bit to see what's going on, and that, of course, is costly in terms of CPU. It is CPU intensive, and if you are on battery, it drains your battery fast. That's the only drawback that it has."

More Microsoft Defender for Endpoint cons

Pricing and Cost Advice

"Lookout is definitely on the lower end when it comes to price point and that seems to be the only differentiator. The technology is in place in this space and it's really about who is coming in at the better price point now."

"The pricing is fair; it's comparable to our previous solution, and we carried out multiple POCs and POVs (proof of value). The product is worth the money we pay for it."

"In terms of feature performance versus cost, they're a good value."

"The licensing costs are good. Prisma has much more options and support for security, but it has a higher cost. For example, Lookout costs 2/3rd of Prisma's licensing price."

"The license for Microsoft Defender for Endpoint is included in the license for the Microsoft Windows operating system."

"There is not a license required for this particular solution."

"We sell this product as part of Office 365 and it is not expensive."

"Because Microsoft Defender comes as an add-on, it can be a bit expensive if you're trying to buying it separately. Another option is to upgrade, but the enterprise licenses for Microsoft can also be quite a bit pricey. Overall, the cost of Microsoft Defender compared to that of other endpoint detection solutions is slightly higher."

"You need a license to use this solution."

"Its price at the moment is very good because you get a lot of value for your money, especially with the subscriptions. If you have the E1, E3, or E5 enterprise subscription, you pay per month per user, and you get almost an infinite number of solutions. If you compare the price to the number of solutions that you get, it is a very good deal."

"There is an annual license required."

"Even if you are not registered as a not-for-profit, the offering that they have is definitely worth consideration. This is in the sense that the E5 stack just gives you so many benefits. You get your entire productivity suite through Microsoft 365 apps. You get all your security and identity protection. You get the Defender for Endpoint and Defender for Identity. You get the cloud access security broker as well. You get Azure Active Directory Premium P2, which gives you so many good things that you can configure and deploy. You don't have to configure them on day one, but you have access to so many different tools that will protect your data, security, endpoints, and identities that you could build out a security strategy 18 months long, and slowly work your way through it, based on what you have available to you through your license."

More Microsoft Defender for Endpoint pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.

See recommendations

860,168 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

19%

Manufacturing Company

10%

Financial Services Firm

10%

Government

Educational Organization

14%

Computer Software Company

13%

Government

Financial Services Firm

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Lookout?

The solution is stable.

See all answers

What is your experience regarding pricing and costs for Lookout?

The pricing is a little expensive. We are currently looking at comparisons with other solutions, including Umbrella.

See all answers

What needs improvement with Lookout?

There is nothing we have come across that we've desired.

See all answers

How is Cortex XDR compared with Microsoft Defender?

Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...

See all answers

Which offers better endpoint security - Symantec or Microsoft Defender?

We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...

See all answers

How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?

The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...

See all answers

Comparisons

Zimperium vs Lookout

Compared 22% of the time

Check Point Harmony Mobile vs Lookout

Compared 11% of the time

CrowdStrike Falcon vs Lookout

Compared 7% of the time

Pradeo Mobile Threat Defense vs Lookout

Compared 6% of the time

iVerify vs Lookout

Compared 4% of the time

More Lookout Competitors

CrowdStrike Falcon vs Microsoft Defender for Endpoint

Compared 6% of the time

HP Wolf Security vs Microsoft Defender for Endpoint

Compared 5% of the time

F-Secure Total vs Microsoft Defender for Endpoint

Compared 5% of the time

Trellix Endpoint Security Platform vs Microsoft Defender for Endpoint

Compared 4% of the time

Symantec Endpoint Security vs Microsoft Defender for Endpoint

Compared 4% of the time

More Microsoft Defender for Endpoint Competitors

Product Reports

Buyer's Guide

Lookout

June 2025

Download Lookout product report

Buyer's Guide

Microsoft Defender for Endpoint

June 2025

Download Microsoft Defender for Endpoint product report

Also Known As

CipherCloud

Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus

Interactive Demo

Demo not available

Lookout

Microsoft

Overview

Lookout is a well-established and powerful secure web gateway (SWG) solution backed by the company’s deep mobile security expertise and a large-scale mobile threat telemetry dataset of over 200 million devices. This broader threat intelligence helps Lookout strengthen its detection capabilities across the board. Lookout is designed to enable organizations to work remotely while maintaining a tight blanket of security over their confidential business data. It provides administrators with security that extends from their endpoints to the cloud service that they are using to run their organization’s network.

Users of Lookout are able to proactively detect threats and keep themselves secure from a field of threats that constantly evolves. IT teams can protect their organizations without having to rely on any other security solutions. This singular solution can run on multiple kinds of mobile devices. The privacy of individuals is preserved while keeping compliance rules intact. Additionally, users gain access to a number of tools that enable them to prevent security breaches from taking place.

Lookout Benefits

Some of the ways that organizations can benefit by deploying Lookout include:

Ease of deployment. Lookout is a solution whose design makes it easy for users to deploy it. It provides users with simple, step-by-step instructions that remove the need for organizations to devote extensive amounts of time to make sure that it is properly set up. Anyone can quickly set up the solution without undergoing technical training.

Built-in support. Users of the Lookout application have access to built-in demos that can teach them how to use various solution features. Instead of spending time trying to figure out the application, users can watch the demo that is most relevant to them and see for themselves how that particular feature is used.

Easy-to-use user interface. Lookout’s user interface is laid out in an intuitive way that makes it easy for administrators to navigate. This interface is present in both the mobile and desktop versions of this solution.

Settings customization. Lookout has a built-in settings customization menu. This makes it possible for administrators to easily customize their settings so that they best conform to their needs.

Lookout Features

Activity monitoring and activity tracking. Lookout’s activity monitoring and activity tracking capabilities enable users to keep a close eye on the activities that are taking place in their networks. IT teams and administrators have the ability to watch their networks for any unusual activity. These features ensure that organizations can keep ahead of any potential threats. They provide the kinds of insights and warnings that make the jobs of those IT teams and administrators much easier and more streamlined.

Encryption. Organizations that employ Lookout can encrypt their networks and keep crucial business data from being read by unauthorized parties. This feature keeps the secrets organizations are trying to keep out of the wrong hands.

Anti-virus tools. Lookout provides users with tools to block threats from harming their networks. These tools can successfully block 99.6 percent of threats without raising false alarms.

Lookout

Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks.

With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to quickly investigate and respond to security incidents. It provides detailed insights into the attack timeline, enabling security teams to understand the scope and impact of an incident.

Microsoft Defender for Endpoint also offers proactive threat hunting, allowing organizations to proactively search for and identify potential threats within their network. It integrates seamlessly with other Microsoft security solutions, such as Microsoft Defender XDR, to provide a unified and holistic security approach. With its centralized management console, organizations can easily deploy, configure, and monitor the security solution across their entire network.

Microsoft Defender for Endpoint is a robust and scalable security solution that helps organizations protect their endpoints and data from evolving cyber threats.

Microsoft

Sample Customers

Information Not Available

Petrofrac, Metro CSG, Christus Health

Buyer's Guide

Lookout vs. Microsoft Defender for Endpoint

June 2025

Free Report: Lookout vs. Microsoft Defender for Endpoint

Find out what your peers are saying about Lookout vs. Microsoft Defender for Endpoint and other solutions. Updated: June 2025.

DOWNLOAD NOW

860,168 professionals have used our research since 2012.

See our Lookout vs. Microsoft Defender for Endpoint report.

See our list of best Endpoint Detection and Response (EDR) vendors.

We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.