We performed a comparison between Cortex XDR by Palo Alto Networks and Microsoft 365 Defender based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Cortex XDR offers an intuitive interface, advanced identification of risks, expandability, and compatibility with various other solutions. Microsoft 365 Defender offers effortless integration with other Microsoft solutions. Users praised its flexibility and comprehensive protection against multiple threat types. Cortex XDR could use enhancements in hard disk encryption, security integration, and customer education. Microsoft 365 Defender could upgrade its machine learning and AI capabilities. Some users suggested adopting Zero Trust features.
Service and Support: Some customers were impressed with Palo Alto's support, while others reported mixed experiences. Some of our reviewers were satisfied with Microsoft's support, but others complained about slow responses and lackluster problem-solving capabilities.
Ease of Deployment: Some users thought Cortex XDR’s deployment was fast and straightforward, while others consider it to be a complex and time-consuming task that requires thorough planning. Setting up Microsoft 365 Defender is potentially complex and may involve integrating with existing policies. Some users reported longer deployment times.
Pricing: Some reviewers said Cortex XDR is expensive, but others said it was reasonable for the robust feature set Cortex offers. Some users say that Microsoft 365 Defender is good value, but other users perceive it as more expensive than similar competing products.
ROI: Cortex XDR creates value by ensuring system and data security rather than a financial return on investment. Microsoft 365 Defender offers savings, attack prevention, consolidation of security measures, and proactive threat detection.
Comparison Results: Our users prefer Cortex XDR over Microsoft 365 Defender. Cortex XDR offers a comprehensive platform with excellent visibility, protection, and control over network endpoints. Users appreciate the simplicity and efficiency of Cortex XDR's initial setup, as well as its ease of maintenance and updates. Microsoft 365 Defender receives mixed reviews about its initial setup, pricing, and customer support.
"We have FortiEDR installed on all our systems. This protects them from any threats."
"The solution was relatively easy to deploy."
"Ability to get forensics details and also memory exfiltration."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"This software helps us understand any issues that may arise when someone is not at work."
"It blocks malicious files. It prevents attacks. It doesn't require many updates, it's a very light application."
"The solution's most valuable feature is its ability to rapidly detect certain hardware files."
"It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe."
"It has pretty much everything we need and works well within the Palo Alto ecosystem."
"The most valuable for us is the correlation feature."
"After deploying Traps, we saw the performance of the network improve by 65 to 70 percent."
"WildFire AI is the best option for this product."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"The comprehensiveness of Microsoft's threat detection is good."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"The most valuable aspect is undoubtedly the exploration capability"
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"We'd like to see more one-to-one product presentations for the distribution channels."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"Cortex XDR could be improved with more GUI features."
"It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved."
"It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."
"Cortex XDR by Palo Alto Networks can improve mobile integration to allow access to the console."
"The price could be a little lower."
"We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do."
"The GUI could be improved."
"Cortex XDR is trickier to configure than other Palo Alto products. This is one area where we are not so satisfied."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"The mobile app support for Android and iOS is difficult and needs improvement."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Microsoft Defender XDR is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Check Point Harmony Endpoint, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Microsoft Entra ID. See our Cortex XDR by Palo Alto Networks vs. Microsoft Defender XDR report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.