Try our new research platform with insights from 80,000+ expert users

Microsoft Defender for Endpoint vs Rapid7 InsightIDR comparison

Microsoft and Rapid7 are both solutions in the Endpoint Detection and Response (EDR) category. Microsoft is ranked #3 with an average rating of 8.3, while Rapid7 is ranked #25 with an average rating of 8.0. Microsoft holds a 9.8% mindshare in EDR, compared to Rapid7’s 1.2% mindshare. Additionally, 94% of Microsoft users are willing to recommend the solution, compared to 95% of Rapid7 users who would recommend it.
Microsoft Defender for Endp...
Read 198 Microsoft Defender for Endpoint reviews
  • 35,345 Views
  • 18,026 Comparison Views
94% willing to recommend
Rapid7 InsightIDR
Read 32 Rapid7 InsightIDR reviews
  • 6,825 Views
  • 1,911 Comparison Views
95% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 9, 2024

Rapid7 InsightIDR and Microsoft Defender for Endpoint are leading security solutions. Reviews indicate Rapid7 InsightIDR is favored for pricing and support while Microsoft Defender for Endpoint is preferred for its comprehensive features, making users feel it is worth the investment.

Features: Rapid7 InsightIDR is user-friendly and known for strong threat detection. Microsoft Defender for Endpoint is known for integration with Microsoft tools and advanced threat protection. InsightIDR's incident detection is simpler, while Defender's integration capabilities are more versatile for larger ecosystems.

Room for Improvement: Rapid7 InsightIDR users desire enhanced analytics and deeper threat intelligence. Microsoft Defender for Endpoint users seek improvements in system performance and fewer false positives. Performance optimization in Defender is more frequently noted.

Ease of Deployment and Customer Service: Rapid7 InsightIDR has a quick deployment process and responsive support. Microsoft Defender for Endpoint provides efficient deployment but has some complexity due to integration. Customer services are well-regarded, with Rapid7's support slightly more praised for its promptness.

Pricing and ROI: Rapid7 InsightIDR is considered cost-effective with a favorable ROI due to lower setup costs and reliable performance. Microsoft Defender for Endpoint, although more expensive, offers a higher ROI through robust features and extensive security measures. Users feel the higher price is justified by its advanced capabilities.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Microsoft Defender for Endpoint vs. Rapid7 InsightIDR Report (Updated: September 2025).
Buyer's Guide
Microsoft Defender for Endpoint vs. Rapid7 InsightIDR
September 2025
Download the complete report
Helped 868,759 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender for Endp...
Ranking in Endpoint Detection and Response (EDR)
3rd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
198
Ranking in other categories
Endpoint Protection Platform (EPP) (2nd), Advanced Threat Protection (ATP) (3rd), Anti-Malware Tools (1st), Microsoft Security Suite (5th)
Rapid7 InsightIDR
Ranking in Endpoint Detection and Response (EDR)
25th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
32
Ranking in other categories
Security Information and Event Management (SIEM) (14th), User Entity Behavior Analytics (UEBA) (5th), Threat Deception Platforms (4th), Extended Detection and Response (XDR) (17th)
 

Mindshare comparison

As of October 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of Microsoft Defender for Endpoint is 9.8%, down from 11.7% compared to the previous year. The mindshare of Rapid7 InsightIDR is 1.2%, up from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Market Share Distribution
ProductMarket Share (%)
Microsoft Defender for Endpoint9.8%
Rapid7 InsightIDR1.2%
Other89.0%
Endpoint Detection and Response (EDR)
 

Featured Reviews

NaySan @ Suraj Verma - PeerSpot reviewer
Has effectively blocked sophisticated attacks and malicious activities while providing excellent support
Microsoft Defender for Endpoint is very good, but one suggestion is that in some products, we may need to configure security-related settings, whereas Microsoft Defender for Endpoint works completely differently, providing automatic recommendations and actions that we may need to perform ourselves. Regarding the pricing of Microsoft Defender for Endpoint, during the last three years, we set up the product and sold it, but we faced difficulties because Microsoft pricing is always the same. For example, whether I purchase Microsoft Defender for Endpoint for one year or for the next three years, the pricing remains constant with no discounts available. In contrast, competing products offer reduced pricing for long-term commitments, which makes it difficult for us in that environment. Microsoft should consider this option to remain competitive, but otherwise, everything else is fine.
Read full review
Asim Naeem - PeerSpot reviewer
Providing comprehensive insight into alerts while working towards AI enhancement
I definitely recommend Rapid7 InsightIDR. It is becoming better, with improvements being continuously made to the product. Right now, I do not have any advice about Rapid7 for other users because every organization or user has different criteria or multiple use cases, so I refrain from commenting on that. I rate the overall solution seven out of ten.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's a Microsoft product; it's easier to deploy this product than other options."
"The comprehensiveness of Microsoft threat-protection products is great... Today, Microsoft Sentinel by itself is a leading Gartner SIEM tool. It has advantages over competitors because of the ability to integrate with Microsoft solutions and automate continuous monitoring of Microsoft AD and Office 365 data."
"We are able to productively integrate with existing on-prem, hybrid, or cloud applications."
"It automatically detects intrusion and malware."
"The solution has an easy-to-use interface, is always updated, and is user-friendly."
"The best part is that it is built into Windows, whether it is a server base or a desktop base, which gives more control over the operating system. Because Defender, the operating system, and the Office solution are by Microsoft, everything is working like hand-in-glove. Its administrative overhead is less because a desktop user has already got some experience of how to handle a Microsoft Defender notification or administer it."
"Endpoint's most valuable feature is deep analysis."
"It can reach our applications and PC activities in the cloud."
More Microsoft Defender for Endpoint pros
"The solution is very scalable in terms of the licensing model."
"InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly."
"The UI is very good."
"I like the tool's user analysis feature."
"Rapid7's reporting is more robust than Tenable's."
"I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."
"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
More Rapid7 InsightIDR pros
 

Cons

"The solution could improve by providing more integration."
"It seems there are challenges associated with IP addresses at times."
"It would be helpful if they included XDR features, on top of the EDR functionality."
"The frequency of the patching, and the frequency of the updates, are not included with the free version."
"Microsoft support could be more knowledgeable."
"Microsoft Windows Defender doesn't have a game mode."
"Its price could be better."
"Something that is unique to Microsoft is its licensing model. When you go out and you buy McAfee or Symantec, you know what you're getting out of the box, but with Microsoft, often, when you're looking to achieve a certain set of capabilities, those capabilities are spread across different products. You might try to do something you could do with CrowdStrike, but then find out that you also need to purchase Microsoft Defender for Identity or Microsoft Defender for Azure. You realize that when they talk about what they can offer within the Microsoft platform, it's really the suite of investments. So, sometimes, you may find yourself buying Defender for Endpoint thinking that it matches CrowdStrike, but then you find that Microsoft really needs to sell you something else. One plus one will equal three, but when you have a very concise platform, such as CrowdStrike, you know what you're going to get."
More Microsoft Defender for Endpoint cons
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"The integration capabilities of the solution have certain shortcomings where improvements are required."
"The main problem lies in the processes within the client's operating systems."
"Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."
"The ability to tune the collector for custom logs would greatly help."
"The searching feature in Rapid7 InsightIDR needs to evolve"
"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
More Rapid7 InsightIDR cons
 

Pricing and Cost Advice

"The licensing fee is a function of your Office 365 license. The feature set you get is a function of the license as well. There is probably an E2 version, an E3 version, and an E5 version. There are several versions, and not all features are the same. So, you might want to check what features you're expecting because you might get shocked. If you only have an E3 license, the capability isn't the same."
"It's included with the Windows Operating System, I don't pay for any licensing fees."
"For most people, the price of the license is not something that they have to worry about."
"Licensing options vary. Some customers buy it as an enterprise agreement and pay yearly. Others buy it as a CSP, so they pay per month. It completely depends on the customer's needs."
"The solution is an open source version and was free with a paid version of Windows 10."
"If you don't purchase the advanced threat protection then there is no additional charge."
"It's all pretty easy. For some clients, it's an easier sell because it's just an add-on to their existing Microsoft licensing and Office 365 licensing."
"Defender doesn't cost that much. When you use Microsoft technology, you can start with the free version and see how much the technology helps your organization solve security problems before you use the subscription. They also do this pay-as-you-go model, so you only pay when you use it."
More Microsoft Defender for Endpoint pricing and cost advice
"It is more reasonably priced than other vendors."
"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."
"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."
"I rate Rapid7 InsightIDR's price a four on a scale of one to ten, where one is cheap, and ten is expensive."
"Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."
"The pricing of the solution depends on the user. But there is a yearly licensing cost."
"The solution has a mid-range price point in the market"
"Rapid7 InsightIDR is priced very well and is cost-effective."
More Rapid7 InsightIDR pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
See recommendations
868,759 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
13%
Manufacturing Company
8%
Government
8%
Financial Services Firm
8%
Computer Software Company
14%
Financial Services Firm
8%
Manufacturing Company
7%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business79
Midsize Enterprise34
Large Enterprise87
By reviewers
Company SizeCount
Small Business20
Midsize Enterprise5
Large Enterprise6
 

Questions from the Community

How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
See all answers
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
See all answers
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
See all answers
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
See all answers
What do you like most about Rapid7 InsightIDR?
During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an applicati...
See all answers
What is your experience regarding pricing and costs for Rapid7 InsightIDR?
The product pricing is very cheap.
See all answers
 

Comparisons

HP Wolf Security vs Microsoft Defender for Endpoint Logo
HP Wolf Security vs Microsoft Defender for Endpoint
Compared 5% of the time
CrowdStrike Falcon vs Microsoft Defender for Endpoint Logo
CrowdStrike Falcon vs Microsoft Defender for Endpoint
Compared 5% of the time
F-Secure Total vs Microsoft Defender for Endpoint Logo
F-Secure Total vs Microsoft Defender for Endpoint
Compared 4% of the time
Symantec Endpoint Security vs Microsoft Defender for Endpoint Logo
Symantec Endpoint Security vs Microsoft Defender for Endpoint
Compared 4% of the time
Trellix Endpoint Security Platform vs Microsoft Defender for Endpoint Logo
Trellix Endpoint Security Platform vs Microsoft Defender for Endpoint
Compared 4% of the time
More Microsoft Defender for Endpoint Competitors
Rapid7 InsightVM vs Rapid7 InsightIDR Logo
Rapid7 InsightVM vs Rapid7 InsightIDR
Compared 8% of the time
Darktrace vs Rapid7 InsightIDR Logo
Darktrace vs Rapid7 InsightIDR
Compared 8% of the time
Microsoft Sentinel vs Rapid7 InsightIDR Logo
Microsoft Sentinel vs Rapid7 InsightIDR
Compared 7% of the time
CrowdStrike Falcon vs Rapid7 InsightIDR Logo
CrowdStrike Falcon vs Rapid7 InsightIDR
Compared 6% of the time
Adlumin Security Operations vs Rapid7 InsightIDR Logo
Adlumin Security Operations vs Rapid7 InsightIDR
Compared 2% of the time
More Rapid7 InsightIDR Competitors
 

Product Reports

Buyer's Guide
Microsoft Defender for Endpoint
September 2025
Microsoft Defender for Endpoint reportDownload Microsoft Defender for Endpoint product report
Buyer's Guide
Rapid7 InsightIDR
September 2025
Rapid7 InsightIDR reportDownload Rapid7 InsightIDR product report
 

Also Known As

Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
InsightIDR
 

Interactive Demo

Microsoft
Demo not available
Rapid7
 

Overview

Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks.

With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to quickly investigate and respond to security incidents. It provides detailed insights into the attack timeline, enabling security teams to understand the scope and impact of an incident.

Microsoft Defender for Endpoint also offers proactive threat hunting, allowing organizations to proactively search for and identify potential threats within their network. It integrates seamlessly with other Microsoft security solutions, such as Microsoft Defender XDR, to provide a unified and holistic security approach. With its centralized management console, organizations can easily deploy, configure, and monitor the security solution across their entire network.

Microsoft Defender for Endpoint is a robust and scalable security solution that helps organizations protect their endpoints and data from evolving cyber threats.

Microsoft

Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

Rapid7
 

Sample Customers

Petrofrac, Metro CSG, Christus Health
Liberty Wines, Pioneer Telephone, Visier
Buyer's Guide
Microsoft Defender for Endpoint vs. Rapid7 InsightIDR
September 2025
Free Report: Microsoft Defender for Endpoint vs. Rapid7 InsightIDR
Find out what your peers are saying about Microsoft Defender for Endpoint vs. Rapid7 InsightIDR and other solutions. Updated: September 2025.
DOWNLOAD NOW
868,759 professionals have used our research since 2012.
See our Microsoft Defender for Endpoint vs. Rapid7 InsightIDR report.
See our list of best Endpoint Detection and Response (EDR) vendors.

We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.