Windows Defender antivirus and Defender for Endpoint next-gen antivirus

New Contributor



Windows 10 includes Windows Defender antivirus, and there is also Microsoft Defender antivirus included in Defender for Endpoint package. 

As I understand Defender for Endpoint antivirus includes additional features cloud-delivered protection.

Does it use the same built-in Windows Defender engine with additional features or it is completely different service?

Can you please explain the difference?


6 Replies
Thanks, but do we unlock additional features for Windows Defender antivirus, if we use Defender for Endpoint? That's still not clear.

If you ask me: Yes. With MDE, you get the whole EDR/XDR part, post breach functionality, custom indicators, Advanced hunting, Reportingcapabilities via API and so on.
With only Defender AV built in Windows 10, you are missing all the features mentioned above and if you are also missing SCCM or Intune, you don't have the possibility to manage Defender , it updates and its detections. Only the Defender Settings can be distributed via GPO.

Hope this answers your question.

I can recommend the following video to learn about the MDE features:

It's a bit older, but still give you great insights.

@SteBeSec still not clear for me. I perfectly understand that MDE adds additional features besides tradional antivirus.

But this link ( states that MDE includes "Next-generation protection".

I have read further and understood, that MDE includes PUA (potentially unwanted application) detection. As well as it includes BAFS (Block at first sight) feature. And also there is dynamic emergency updates feature (Cloud-delivered protection and Microsoft Defender Antivirus | Microsoft Docs).


Are these available without MDE?



As mentioned by @SteBeSec those advanced features are only available on MDE and not the default Windows Defender AV. I have few videos on my channel as well about this Microsoft Defender for endpoint playlist