Microsoft Defender XDR vs Rapid7 InsightIDR comparison

Microsoft and Rapid7 are both solutions in the Endpoint Detection and Response (EDR) category. Microsoft is ranked #7 with an average rating of 8.4, while Rapid7 is ranked #23 with an average rating of 7.8. Microsoft holds a 2.6% mindshare in EDR, compared to Rapid7’s 1.2% mindshare. Additionally, 98% of Microsoft users are willing to recommend the solution, compared to 96% of Rapid7 users who would recommend it.

Microsoft Defender XDR

Read 106 Microsoft Defender XDR reviews

10,762 Views
5,704 Comparison Views

98% willing to recommend

Rapid7 InsightIDR

Read 32 Rapid7 InsightIDR reviews

6,954 Views
2,017 Comparison Views

96% willing to recommend

Microsoft Defender XDR

Rapid7 InsightIDR

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 9, 2024

Rapid7 InsightIDR and Microsoft Defender XDR are leading security solutions. Users prefer Rapid7 InsightIDR for pricing and support, while Microsoft Defender XDR excels in features.

Features: Users praise Rapid7 InsightIDR for its robust incident detection and response capabilities, user-friendly setup, and automated workflows. Microsoft Defender XDR is highly rated for its comprehensive threat intelligence, integration with other Microsoft products, and advanced analytics.

Room for Improvement: Rapid7 InsightIDR needs better scalability, enhanced reporting, and faster query performance. Microsoft Defender XDR could improve interoperability with non-Microsoft environments, more intuitive alert management, and better integration with third-party tools.

Ease of Deployment and Customer Service: Rapid7 InsightIDR is praised for straightforward deployment and responsive customer support, with quick setup times and helpful resources. Microsoft Defender XDR has mixed reviews on customer service, with some users experiencing slower response times but is also straightforward to deploy.

Pricing and ROI: Users find Rapid7 InsightIDR's pricing competitive with a higher perceived ROI due to effective threat detection and ease of use. Microsoft Defender XDR is seen as more costly but justified by its extensive features and integrations.

To learn more, read our detailed Microsoft Defender XDR vs. Rapid7 InsightIDR Report (Updated: December 2025).

Buyer's Guide

Microsoft Defender XDR vs. Rapid7 InsightIDR

December 2025

Download the complete report

Helped 881,733 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Microsoft Defender XDR

Ranking in Endpoint Detection and Response (EDR)

7th

Ranking in Extended Detection and Response (XDR)

4th

Average Rating

8.4

Reviews Sentiment

7.1

Number of Reviews

106

Ranking in other categories

Microsoft Security Suite (5th)

Rapid7 InsightIDR

Ranking in Endpoint Detection and Response (EDR)

23rd

Ranking in Extended Detection and Response (XDR)

18th

Average Rating

8.4

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (14th), User Entity Behavior Analytics (UEBA) (8th), Threat Deception Platforms (4th)

Mindshare comparison

As of February 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Microsoft Defender XDR is 2.6%, down from 3.2% compared to the previous year. The mindshare of Rapid7 InsightIDR is 1.2%, up from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Endpoint Detection and Response (EDR) Market Share Distribution
Product	Market Share (%)
Microsoft Defender XDR	2.6%
Rapid7 InsightIDR	1.2%
Other	96.2%

Endpoint Detection and Response (EDR)

Featured Reviews

Kunle Oluwadiya

House security operator at Cypress Creek Renewables

Advanced threat hunting saves significant time in tracking and responding to incidents

Microsoft Defender XDR could be improved with a lower price. My main suggestion would essentially be what Copilot is providing, which is a single pane of glass, so I don't have to go to different windows. That's just a workflow consideration for me. It would be great to have all the information centralized into one particular data app. If I need to open up extra ones, I can, however, I would appreciate a future where everything I need is right there on one single pane of glass. Beyond that, there's really nothing else I see that I would want Microsoft to improve.

Read full review

SohailHyder

Head Of Cyber Security at Super Secure

Has supported compliance needs for mid-sized organizations but lacks customization and advanced integration

If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm. If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled. Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."

"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."

"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."

"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."

"Defender XDR enables you to scan a system remotely and get a complete inventory of its assets. You can gather more information from the asset inventory and apply threat intelligence using Office 365 or something."

"Defender XDR can stop advanced attacks, like ransomware or business email compromise."

"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."

"The stability has been great."

More Microsoft Defender XDR pros

"The web interface is great — very useful and user-friendly."

"Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log."

"Great coverage of all systems within our network from endpoint to firewall."

"I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."

"Log search allows us to dive deep into aggregated logs and query all event types at once."

"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."

"The UI is very good."

"I like that it's a cloud-based solution."

More Rapid7 InsightIDR pros

Cons

"Microsoft support is not very good. You get stuck in low-level support for way longer than you should, instead of them escalating the issue up the chain."

"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."

"There's still some more work to be done there. Additionally, the limited terminal live access an analyst has is very restricted."

"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."

"Sometimes, configurations take much longer than expected."

"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."

"There is no comprehensive visibility, making it less user-friendly."

"Just like in any solution, the price can always be cheaper."

More Microsoft Defender XDR cons

"There is a future in AI with Rapid7, however, it is not fully operated. There are certain limitations with Rapid7 that I am working on."

"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."

"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."

"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."

"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."

"I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."

"The APIs can be further improved in Rapid7."

"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."

More Rapid7 InsightIDR cons

Pricing and Cost Advice

"Microsoft purposely makes its license combinations complex and includes combinations like Microsoft 365 E3 and Microsoft 365 E5, Office 365 E3, Office 365 E5, and Office 365 E1, so you get confused. Microsoft tries to sell you a bundle of a lot of things together."

"It is fairly priced because we get complete integrated services with the E5 license."

"For Defender, they have Endpoint Plan 1 and Endpoint Plan 2, but I don't know on what basis they have classified Endpoint Plan 1 and Plan 2, but it has given me enough pain to pick and design Endpoint Plan 1 or Endpoint Plan 2 for my organization. In fact, we are still struggling with it. Too many SKUs are confusing. There should not be too many SKUs, and they shouldn't charge for every new feature."

"Microsoft Defender XDR is priced high."

"There are no issues with pricing, but sometimes, the clarity in licensing is a concern."

"The bundling of software makes it easier to manage our setup, but Microsoft purposefully obfuscates this through marketing ploys to hide costs."

"I find the pricing to be quite competitive, especially considering its inclusion in our E5 subscription, which provides a comprehensive set of functionalities."

"The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."

More Microsoft Defender XDR pricing and cost advice

"Rapid7 InsightIDR charges us based on the endpoints we connect to."

"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."

"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."

"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."

"The pricing is good, and it is not very expensive."

"The pricing of the solution depends on the user. But there is a yearly licensing cost."

"The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help."

"The solution has a mid-range price point in the market"

More Rapid7 InsightIDR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.

See recommendations

881,733 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

13%

Financial Services Firm

Manufacturing Company

Comms Service Provider

Computer Software Company

12%

Financial Services Firm

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	47
Midsize Enterprise	25
Large Enterprise	38

By reviewers
Company Size	Count
Small Business	20
Midsize Enterprise	5
Large Enterprise	6

Questions from the Community

What do you like most about Microsoft 365 Defender?

Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise.

See all answers

What is your experience regarding pricing and costs for Microsoft 365 Defender?

My experience with pricing, setup, costs, and licensing of Microsoft Defender XDR is tied to our E5 subscription, which is very straightforward for us. We also purchase the uplift for our mobile us...

See all answers

What needs improvement with Microsoft 365 Defender?

I am not aware of a mobile app that would be available for my team. With a single analyst, if she is ever away, it would be beneficial to have easier access. While she can use the web portal, the e...

See all answers

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...

See all answers

What do you like most about Rapid7 InsightIDR?

During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an applicati...

See all answers

What is your experience regarding pricing and costs for Rapid7 InsightIDR?

The product pricing is very cheap.

See all answers

Comparisons

CrowdStrike Falcon vs Microsoft Defender XDR

Compared 11% of the time

Wazuh vs Microsoft Defender XDR

Compared 8% of the time

Microsoft Defender for Cloud vs Microsoft Defender XDR

Compared 6% of the time

Microsoft Defender for Endpoint vs Microsoft Defender XDR

Compared 4% of the time

TrendAI Vision One vs Microsoft Defender XDR

Compared 4% of the time

More Microsoft Defender XDR Competitors

Rapid7 InsightVM vs Rapid7 InsightIDR

Compared 5% of the time

Microsoft Sentinel vs Rapid7 InsightIDR

Compared 5% of the time

Splunk Enterprise Security vs Rapid7 InsightIDR

Compared 5% of the time

CrowdStrike Falcon vs Rapid7 InsightIDR

Compared 4% of the time

Darktrace vs Rapid7 InsightIDR

Compared 3% of the time

More Rapid7 InsightIDR Competitors

Product Reports

Buyer's Guide

Microsoft Defender XDR

January 2026

Download Microsoft Defender XDR product report

Buyer's Guide

Rapid7 InsightIDR

January 2026

Download Rapid7 InsightIDR product report

Also Known As

Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender

InsightIDR

Overview

Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment.

It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks.

Users have found it effective in detecting and preventing various types of attacks, such as phishing attempts, malware infections, and data breaches.

Watch the Microsoft demo video here: Microsoft Defender XDR demo video.

Microsoft

Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

Rapid7

Sample Customers

Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.

Liberty Wines, Pioneer Telephone, Visier

Buyer's Guide

Microsoft Defender XDR vs. Rapid7 InsightIDR

December 2025

Free Report: Microsoft Defender XDR vs. Rapid7 InsightIDR

Find out what your peers are saying about Microsoft Defender XDR vs. Rapid7 InsightIDR and other solutions. Updated: December 2025.

DOWNLOAD NOW

881,733 professionals have used our research since 2012.

See our Microsoft Defender XDR vs. Rapid7 InsightIDR report.

See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.

We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.