Try our new research platform with insights from 80,000+ expert users
Mohamed Abdel Hassanein - PeerSpot reviewer
Managing Director at FORESEC
Reseller
Fair price and useful for protection, but should have the ability to recover data from the last normal copy
Pros and Cons
  • "We have just started to implement it. It is useful for protection from malware and ransomware."
  • "Auto recovery is the most important feature that we would need from this solution. For decryption, similar to Malwarebytes, there should be something to be able to recover the data up to the last normal status. Its ability to recover data to the last normal copy must not exceed 5 to 10 minutes."

What is our primary use case?

We are using it for protection. We had a request from one of our customers, and we just started to implement it. We don't have any great idea about it. We are in the process of implementing it for the first time.

We are using its latest version. It is on-prem. The problem with going for a cloud version is that most of our customers prefer to work with on-prem solutions. So, we need all the features to be available on-prem as well as on the cloud.

What is most valuable?

We have just started to implement it. It is useful for protection from malware and ransomware. We are not exactly sure about zero-day, but we are trying to see if it will be effective for everyday antivirus purposes.

What needs improvement?

Auto recovery is the most important feature that we would need from this solution. For decryption, similar to Malwarebytes, there should be something to be able to recover the data up to the last normal status. Its ability to recover data to the last normal copy must not exceed 5 to 10 minutes.

For how long have I used the solution?

We just started to use it.

Buyer's Guide
Microsoft Defender for Endpoint
March 2025
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.

What do I think about the stability of the solution?

We need to test its functionality in heavy environments.

How are customer service and support?

Their support could be faster through the phone. The support through chat is very unuseful. It takes a lot of time and effort and but does not help in any way. We provide the first line of support to customers, so it is not a big issue for us.

Which solution did I use previously and why did I switch?

We work on most of the protection products, such as Kaspersky, Malwarebytes. We normally use a lot of them. We had a request from one of our customers, so we started to implement Microsoft Defender for Endpoint.

How was the initial setup?

Its initial setup is straightforward. The solution itself doesn't take more than 15 to 20 minutes, but the configuration duration depends on the environment, such as the number of policies, users, etc. It will vary according to the environment in which you are doing the implementation.

What about the implementation team?

We implement it ourselves. Currently, we have only one customer of this solution.

What's my experience with pricing, setup cost, and licensing?

Its price is fair. It has approximately the same price as the other products such as Kaspersky. It is much cheaper than Malwarebytes.

What other advice do I have?

I would rate Microsoft Defender for Endpoint a seven out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1386096 - PeerSpot reviewer
Assistant Manager IT at a educational organization with 1,001-5,000 employees
Real User
Good performance, reliable, and offers effective ransomware protection
Pros and Cons
  • "The most valuable feature is ransomware protection, which can detect malicious activity from IPs or a malicious payload in DLLs, or other things that can corrupt the system."
  • "The file scanning has room for improvement. Many people use macros within their files, so there should be a mechanism that helps us to scan them for malicious payloads."

What is our primary use case?

We use Microsoft Defender Antivirus to scan for malicious payloads that may come in files, emails, a USB drive, or another type of external drive. It helps us to identify any malicious load that could compromise the security of any of our systems.

We are in a decentralized environment. We have multiple offices but they are not connected physically. The offices are directly managed from the internet.

We have a mixed environment with Linux and Windows machines.

We operate in the educational sector.

How has it helped my organization?

We have not fully considered how this product affects our overall security posture, although this is because we have not yet explored all of the features. Once we have all of our offices connected, it is something that we will be looking into. At this point, it does not affect all of our machines. On a scale from one to five, I would rate our security posture a four.

What is most valuable?

The most valuable feature is ransomware protection, which can detect malicious activity from IPs or a malicious payload in DLLs, or other things that can corrupt the system.

The performance is good. Usually, end-users complain that whenever background or real-time scanning is done, the effects are felt as there is a slowdown in the system. This is not the case with Microsoft Defender.

What needs improvement?

The file scanning has room for improvement. Many people use macros within their files, so there should be a mechanism that helps us to scan them for malicious payloads.

If there is a Word file then it is able to scan it, but if there is a malicious payload within its signature then it will not be detected. Deep packet scanning must be used to improve the overall product.

For how long have I used the solution?

We have been using Microsoft Defender Antivirus since we upgraded to Windows 10 from Windows 8.

What do I think about the stability of the solution?

This is a stable product. We have been using the standard version for a long time and it hasn't negatively affected our environment. Generally speaking, it is reliable.

What do I think about the scalability of the solution?

Microsoft is actively working on this product and I think that it is becoming more scalable, day by day. For example, prior to Windows 10, there was no ransomware support. Now, it comes with Windows 20S2 and Windows 20H1.

With our decentralized environment, I don't know the exact number of users or devices that we have. However, I can say that there are more than 500 devices being protected by this solution.

Most of the machines in our environment are in areas that don't have internet access. This is because they are stationed in remote areas of the country. This means that we need to use USB drives to update the machines manually. Given the number of devices and that the management is done manually at this time, it is pretty painful for our IT people.

How are customer service and technical support?

We have not purchased support for this product, although, for most products, we usually do have it. To this point, it hasn't been required.

Which solution did I use previously and why did I switch?

When we were running older operating systems including Windows XP and Windows Vista, we had a Symantec Endpoint solution. We had that for a long time but we opted out. After that, we used McAfee and other antivirus products. However, since Windows 10 was released, and with Microsoft Defender included by default, we felt that it was the solution for us.

As I recall, we stopped using McAfee and Symantec once we moved to Windows 8.

How was the initial setup?

This product came pre-installed with Windows 10 on the machines that we procured from the vendor. It is straightforward and easy to configure, as well. Once Windows is installed, setting up the antivirus and scheduling scans just involves clicking the Next button several times. It is pretty easy for anyone and if the user is non-technical, we guide them through the process.

It takes a maximum of 10 to 15 minutes to install and configure on a PC. Whenever a new configuration is required, you need to configure it on each individual machine that you have. This is why we are investigating a centralization solution. It will help us out in applying things on a global level. For example, we can apply settings based on what is in Active Directory or other policies.

What about the implementation team?

One person, in-house, is all that is required to set it up.

There is not much maintenance required, as our environment is pretty standard. Also, all of the updates come from the Microsoft update center and they are automatically installed on the machines.

What was our ROI?

It is difficult to determine ROI at this point. Once all of our PCs are joined together, we will have a better idea.

What's my experience with pricing, setup cost, and licensing?

As we operate in the educational sector, we are eligible for an educational discount.

Which other solutions did I evaluate?

We are currently looking into other solutions that will give us centralized control over Microsoft Defender. However, we are still strictly in the research phase.

Once we decide on a product and a solution is proposed, it is a long process that involves budgetary considerations. Once a PoC is completed, the budget constraints are considered, and this is part of a very long chain of processes that take place before final adoption.

What other advice do I have?

Since we started using this product, we have not had any breaches. When we were using the products by McAfee and Symantec, there were issues with viruses and malicious payloads. Now, it is better because we haven't had any major issues with the systems.

My advice for anybody who is implementing this product is to let the IT staff manage it, and not allow end-users to configure it or modify their own settings.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Microsoft Defender for Endpoint
March 2025
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
UchechiSylvanus - PeerSpot reviewer
Team Lead, Process Improvement & RPA at Fidelity Bank Plc
Real User
Top 10
Automation of routine tasks makes our processes more efficient
Pros and Cons
  • "It automatically detects intrusion and malware."
  • "The time it takes to restore the application could be improved. It has a lot of dependencies. It's not like the Microsoft security that comes with the OS. Updating through the command prompt, most of the time, it takes some time to download some of these dependencies."

What is our primary use case?

We use it for security purposes. It provides important security for some critical systems, such as network devices.

How has it helped my organization?

For securing access, USB security helps us block our USB ports and that ensures that users do not plug USB drives into their computers.

In addition, our efficiency in the way we handle our processes has been improved because the solution automates routine tasks and helps find high-value alerts.

It has also saved us a good amount of time, something like 15 percent, while decreasing our time to detect and our time to respond, each, by 5 percent.

What is most valuable?

It automatically detects intrusion and malware.

It's also easy to use. The interface is user-friendly and the navigation is 
not difficult. It is very easy to move from one hyperlink to another, to move from one solution within the platform to another solution.

And in terms of categorizing the info and the actions that need to be done, it helps you to prioritize threats. That is very important.

What needs improvement?

The time it takes to restore the application could be improved. It has a lot of dependencies. It's not like the Microsoft security that comes with the OS. Updating through the command prompt, most of the time, it takes some time to download some of these dependencies. They need to make the download of the dependencies more efficient.

For how long have I used the solution?

I have been using Microsoft Defender for Endpoint for more than five years.

What do I think about the stability of the solution?

The stability is okay.

What do I think about the scalability of the solution?

It is scalable. We use it for multiple departments, teams, and locations. We have over 5,000 users.

How are customer service and support?

I would rate Microsoft's technical support at seven out of 10, because of the time it takes them to respond. But when they finally respond, they give us complete attention and things are resolved within the SLA.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

Before Microsoft Defender for Endpoint, we were using McAfee.

What other advice do I have?

We constantly get updates from Microsoft that are light and they don't really affect us while we're working. The updates have been very helpful.

I would recommend Microsoft Defender for Endpoint.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1489944 - PeerSpot reviewer
Security Technical Specialist at a retailer with 10,001+ employees
Real User
Very user-friendly, offering safety, security and providing a phenomenal amount of good information
Pros and Cons
  • "User-friendly, offering safety and security."

    What is our primary use case?

    It's an antivirus product, so its main use is to protect us.

    What is most valuable?

    This is a really good product, it's user-friendly and offers us safety and security. 

    What needs improvement?

    The technical support could be improved. 

    For how long have I used the solution?

    I've been using this solution for three years. 

    What do I think about the stability of the solution?

    The solution is stable. 

    What do I think about the scalability of the solution?

    In terms of scalability, we went from 10 pilot machines to 35,000 devices.

    How are customer service and support?

    The technical support isn't too bad but their responsiveness needs to be improved. I'd say it's their biggest issue. 

    How was the initial setup?

    The initial setup is very easy, probably one of the easiest onboarding processes I've done. Implementation was done in-house and takes a few minutes per device; click it and go. I deal with anything related to antivirus patching and encryption and we have four cyber analysts that look after whatever comes out of ATP or Defender for Endpoint. 

    What other advice do I have?

    My advice would be to plan carefully and make sure you take notice of what's coming out because it pushes out a lot of very useful information. It's a matter of having sufficient staff because the amount of information it gives you is phenomenal. If a company doesn't have sufficient resources then any other antivirus might work, but this thing produces so much useful information that if you're implementing this solution it's worthwhile having the staff to deal with it. 

    I rate this product 10 out of 10. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Senior Manager at RP Sanjiv Goenka Group
    Real User
    Good security, scales well, and automatically updates
    Pros and Cons
    • "The patch updates and version updates are very good. Those happen on an automated basis whenever I'm connecting to the organization network, either through LAN or through the VPN."
    • "The price, in general, could always be a little bit cheaper."

    What is our primary use case?

    We have a dedicated team that handles all security-related aspects of the solution, however, my understanding is that the solution helps guard the endpoints in our organization. 

    What is most valuable?

    Along with security, there are certain IT policies in terms of accessibility of different sites, which are there in the organization. With everything put together, there haven't been any instances where I have seen any kind of issues such as malware or other malicious event getting through on my laptop. From that perspective, everything is fine. 

    The patch updates and version updates are very good. Those happen on an automated basis whenever I'm connecting to the organization network, either through LAN or through the VPN. I never have to worry about anything being out-of-date.

    The solution scales well.

    I have found the stability to be good.

    What needs improvement?

    From a general user perspective, I don't see any further improvements needed. 

    The price, in general, could always be a little bit cheaper.

    For how long have I used the solution?

    I've used the solution for two years or so. It's not much more than that.

    What do I think about the stability of the solution?

    The stability of the product is good. I have not dealt with bugs or glitches. It doesn't crash or freeze. the performance is good. It's reliable. 

    What do I think about the scalability of the solution?

    The solution scales well. If a company needs to expand it, it can.

    We have 1,000 to 2,000 people on the solution currently.

    How are customer service and support?

    I've never directly dealt with technical support for issues related to Defender. Many years ago I had reached out to Microsoft support for an issue related to Visio, a different product.

    How was the initial setup?

    The initial setup is straightforward. There are certain automatic patches as well that keep on updating and those automatically install.

    I don't recall how long the product took to deploy. When any new laptop or anything is assigned in an organization, all these things are installed prior to coming to us. Therefore, I wasn't actually a part of the installation process. 

    We have a few contractors working with the in-house team. There may be around five to ten people. Any maintenance that is needed would be done by them.

    What's my experience with pricing, setup cost, and licensing?

    The pricing could be lower. That said, I cannot speak to the exact costs involved as I do not directly deal with that aspect of the product. I'm unsure if the company is set up with a monthly or yearly subscription package. 

    What other advice do I have?

    I'm just a customer and an end-user.

    I'd rate the solution at an eight out of ten. I've been very pleased with how it has worked for me over the last two years. 

    I would recommend the solution to others, however, I'm just a passive end-users and not as technically involved as those deploying the solution in our company. However, from my perspective, there has never been an issue on my machine with malware and therefore it seems to be doing what it's designed to do.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Head, Information Security & Network Operations at a consumer goods company with 10,001+ employees
    Real User
    Nice interface and good reporting, but the alerts need to be more timely
    Pros and Cons
    • "This is not an inventory solution, but it helps you take count of how many workstations you have, as well as what software is installed on each of them."
    • "Alerts need to be sent immediately because as it is now, you see some of them without delay and others arrive perhaps 30 minutes later, and it leaves important gaps in terms of information gathering."

    What is our primary use case?

    We combine Microsoft Defender with Advanced Threat Protection to manage, isolate, and scan our laptops and workstations for security threats. We have a dashboard that is embedded into Office 365 and it allows us to remotely scan for viruses and malware, so we don’t have to have the laptop present.

    How has it helped my organization?

    Using this product helps with device inventory. This is not an inventory solution, but it helps you take count of how many workstations you have, as well as what software is installed on each of them. It is important because any software installed on a workstation may be vulnerable to parts of the internet.

    Microsoft Defender has features that have helped to add layers to our security posture. The most important of these features is visibility and the provision of detailed alerts. It correlates the data and using this information, I can identify a threat and see if any other workstation in the environment has been affected by it.

    Using this product has not negatively affected our user experience. It is just like using Windows 10.

    What is most valuable?

    The GUI is very nice.

    The reporting capabilities are fantastic.

    In the future, I would like to have the ability to patch using this product. Specifically, in an enterprise environment, it would be very good if you could patch the workstations remotely.

    What needs improvement?

    The alerting is something that needs to be improved. Alerts need to be sent immediately because as it is now, you see some of them without delay and others arrive perhaps 30 minutes later, and it leaves important gaps in terms of information gathering.

    For how long have I used the solution?

    I have been working with Microsoft Defender Antivirus since it first came out, at least seven or eight years ago.

    What do I think about the stability of the solution?

    With respect to the stability of the product line, Microsoft has many products that do almost the same thing. The question becomes which one you want to use. This is a good product but at the same time, after a while, you don't know if it is the next one that Microsoft is going to stop releasing because of other products that practically do the same thing.

    What do I think about the scalability of the solution?

    Microsoft Defender is very scalable and there is a lot of room to expand and add extra layers. We have 2,500 endpoints and we plan to expand; however, we are thinking about using the Microsoft Endpoint Manager in place of it.

    Once the decision is made to stay with this product or instead adopt Endpoint Manager, we will expand to cover 6,000 endpoints.

    How are customer service and technical support?

    I have not been in contact with technical support.

    Which solution did I use previously and why did I switch?

    Prior to Microsoft Defender, we tried quite a few different products from vendors such as Kaspersky and McAfee. One of the major reasons that we adopted Defender is because of the advantage that Microsoft owns the platform, Windows 10. As they have developed the operating system, it is believed that they understand how to guard it much better against a third party. An attacker has to learn a lot about Windows 10.

    Another reason we selected Defender is the frequency of updates. Every other time that Windows is updated, Defender is updated. Again, this is because it is owned by Microsoft and exists on its platform.

    We also use Microsoft ATP and we are currently looking at Microsoft Endpoint Manager.

    How was the initial setup?

    The initial setup is straightforward. Basically, once you have the competency with the product, it is straightforward and there are no surprises. It is not rocket science.

    This product is built into the Windows 10 image that we install. As you roll out Windows 10, it is already set up and pre-configured, so there is no additional work required.

    What was our ROI?

    We saw a return on our investment within the first two years.

    If I quantify the effort used for the setup and compare it with the pricing of the previous solution, value for the money was realized during the second year.

    What's my experience with pricing, setup cost, and licensing?

    We have an enterprise agreement so from my perspective, this is a product that ships with Windows and it is not priced standalone. It comes together with the other Microsoft products that we buy.

    Which other solutions did I evaluate?

    When we evaluated Kaspersky and McAfee, we found the scalability was better for Microsoft. You can do in-place upgrades of the endpoints with Defender but for the others, you would have to re-install the upgraded agents on the workstation. This takes a lot of time and it is not productive.

    We are currently evaluating Microsoft Endpoint Manager by comparing the differences between it and Microsoft Defender. This is being done in advance of expanding our usage.

    What other advice do I have?

    My advice for anybody who is implementing this product is to first analyze their critical assets to have an understanding of what they are. Then, decide if they want a scalable solution. New threats are coming in every month and the way this is going, Microsoft is learning lessons from networks that have been compromised. With this information, they give updates and patches to everybody. In support of this product, you have to consider the patching, consider the visibility that it gives, and then consider the critical assets it is protecting.

    I would rate this solution a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Solution Architect at KIAN company
    Real User
    Simple to use, flexible, easy to update, but the central management console needs improvement
    Pros and Cons
    • "This product is flexible, and it is very easy to get updates from the Microsoft website."
    • "The central management console should be improved because it provides limited options to configure Windows Defender."

    What is our primary use case?

    This product is our antivirus for Windows 10 machines, Windows Server 2016, and in our Azure environment. In addition to this, we have a project for an oil company that is implemented in Azure, and we had to migrate the majority of their systems to that platform. Once the migration was complete, we configured Windows Defender as its antivirus.

    What is most valuable?

    It is very simple to use and easy to scan systems.

    This product is flexible, and it is very easy to get updates from the Microsoft website.

    We are using the firewall features.

    What needs improvement?

    The central management console should be improved because it provides limited options to configure Windows Defender. It should provide a lot of options and features, in the same way, that Symantec does, or the Kaspersky Central Management Console does. Essentially, we should have a central management console on Azure that can be used to manage Windows Defender on all of our machines.

    What do I think about the stability of the solution?

    This is a very stable solution and we plan to continue using it.

    What do I think about the scalability of the solution?

    The company that I implemented this for has approximately 2,000 staff and 1,000 virtual machines on Azure. 

    How are customer service and technical support?

    I have not been in contact with Microsoft support. Rather, I have learned by using the materials that are provided online.

    Which solution did I use previously and why did I switch?

    We were originally using a product from Symantec before we switched to using Windows Defender. After that, we adopted the Microsoft solution for Azure.

    How was the initial setup?

    I have configured Windows Defender for different locations by using Group Policy Settings and each time, it took between five and ten minutes, based on the guidelines.

    What about the implementation team?

    I configured it personally by downloading and reading materials that I found on the Microsoft website.

    What's my experience with pricing, setup cost, and licensing?

    This is an expensive product and licensing for all Microsoft products is a big issue. However, Volume Licensing and Educational Licensing are good options to decrease the cost.

    What other advice do I have?

    In general, Windows Defender is a good feature for the Windows Operating System.

    I would rate this solution a seven out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Jim Wang - PeerSpot reviewer
    Security Researcher/Data Scientist at a tech vendor with 1,001-5,000 employees
    Real User
    Top 10
    Enhanced security through detailed threat investigation and alerting
    Pros and Cons
    • "Investigators can trace back to find the root cause."
    • "It seems there are challenges associated with IP addresses at times."

    What is our primary use case?

    I have been using Microsoft Defender for EDR (Endpoint Detection and Response). I started working with Microsoft when Defender was an anti-malware product. Over time, it evolved into an EDR solution.

    How has it helped my organization?

    Microsoft Defender helps investigate and monitor security alerts effectively. The EDR collects all the information from the device and matches it with an attack database. If it finds a match, it alerts, and then an investigator can trace back to find the root cause of what happened. This is very helpful for investigation purposes.

    What is most valuable?

    The valuable feature of Microsoft Defender is its ability to collect all the information from the device and match it with the attack database to alert if something matches. Investigators can trace back to find the root cause.

    What needs improvement?

    I have not thought about areas needing improvement, however, it seems there are challenges associated with IP addresses at times.

    For how long have I used the solution?

    I began using Microsoft Defender since its beginning as an EDR solution and worked on it for a long time, even before it was known as Microsoft Defender when it was just an anti-malware product.

    What do I think about the stability of the solution?

    There are no stability issues. It is stable.

    What do I think about the scalability of the solution?

    Scalability is good.

    Which solution did I use previously and why did I switch?

    Many security products are used, including Trend Micro, Microsoft, Cisco, and Oracle. I worked with Microsoft for around ten years, focusing on Microsoft Windows Defender.

    How was the initial setup?

    The initial setup is pretty easy to use.

    What's my experience with pricing, setup cost, and licensing?

    I don't have any information on the pricing, setup cost, or licensing.

    What other advice do I have?

    Microsoft Defender is integrated into Windows systems and is a pretty good product. It is something I would recommend to others.

    I'd rate the solution nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.
    Updated: March 2025
    Buyer's Guide
    Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.