Microsoft Defender for Endpoint Reviews

We use a package of Microsoft security products, including Defender for Endpoint, 365 Defender, Sentinel, and Defender for Identity. You can integrate them with a few clicks. They work together natively, and Sentinel provides advanced monitoring, so you know everything happening in your environment.

It's essential to have one space where you can manage all these solutions together because security can be complicated. It makes it that much more complex to have to navigate to a different portal for identity, email, etc. It's crucial to have a single place to manage all your security operations, so you don't have to move around. 

We started with endpoint protection, where you install an agent on your client with a sensor already built in. Once you have that agent installed, the endpoint can report to the Microsoft security portal. You'll be able to see the device onboarded on the portal using some scripts, and you can monitor most of the vulnerabilities. You can also detect, respond and remedy security vulnerabilities from the portal.

We added email protection by setting policies that will analyze our email. It analyzes our links and attachments to see if there's malware attached. We move ahead to use Defender for Office 365. We also moved forward with Defender for Cloud, and the solution for our workloads, like VM, our network security group, etc. There is another one called Defender for Identity that lets us manage our on-premises and cloud identity from a single portal.

Many of our users are on older operating systems and browsers with vulnerabilities that harm the environment. An attacker can take advantage of those old browsers to access the infrastructure. Defender for Endpoint lets us identify those browsers with vulnerabilities and resolve the issues. We can also find processes that we didn't initiate and stop them right away.

Defender helps us prioritize threats from the security portal. It shows us the dangers that matter the most to our own organization and which threats we should address first to achieve the most significant improvement in our security posture. 

We can manage Defender for Endpoint and Defender for 365 from the same integrated security portal, and it's user-friendly. Microsoft is much more user-friendly than Sophos. 

Microsoft covers every aspect of security and the global challenges we face. The biggest threat today is identity and access management. If someone has access to your identity, they can access much of your technology. They have solid solutions for identity, email, and cloud. I don't think there's anything Microsoft left out. Microsoft has your security environment protected. 

Sentinel enables you to ingest data from your entire ecosystem from on-premise to the cloud. It has single sign-on technology, so you can use your account from your on-prem to sign on to the cloud and vice versa. A user doesn't have to remember a lot of passwords.

Sentinel's data ingestion is essential. Security tasks can be tedious. It's great to have technology that lets you integrate all your data from different sources. You can also incorporate data from other clouds, not just Azure. You can have data from Azure and on-premise. 

So far, Sentinel is one of the most comprehensive SIEMs I've seen. They have even added this XDR. Sentinel doesn't just do SIEM and SOAR. It also covers XDR. The automation is there, so you don't have to do much work. The automation helps you look at the activities behind all this data and correlate them to see the relationships. It gives you information at a glance to see if there is a relationship between these various data sources. 

Defender saves us time. A task takes typically three days and could be accomplished in one day using Microsoft technology. With an on-premise network, you need to switch between portals on all your network devices, but you can achieve that from one portal. You can set policies that will block traffic to your infrastructure, so it saves time. The advanced threat protection using AI has also reduced our detection time. 

We've also saved money. We previously managed the technologies on-premise, so we had to maintain the solutions ourselves. We spend less using Microsoft cloud technology because we don't need to pay for those extra features. We only need to pay for operational expenses. 

We don't have to go to the affected devices when we see a security vulnerability from the portal. We can respond to those issues and resolve them using an endpoint management solution, like Intune. When we resolve a security issue, it takes a week to see the score, but we see the results immediately.

I like the security score that you can see from the portal. You can see the list of the vulnerabilities, and the security score tells you how well your organization is managing those vulnerabilities. It's a strong feature that helps improve your security operations.

Another helpful feature is the recommendations. The portal will guide you on how you can resolve those issues from your own endpoint. This feature is great if you don't have that kind of experience. It will help you understand the technology better and improve your security posture. 

Defender provides useful alerts and groups them. It sends an alert to your portal if it detects any malicious activity, and you can group multiple alerts to form an incident. 

I would like to see Sentinel better integrated with the rest of the security technology within one portal. 

I've been using Defender for more than a year.

I rate Microsoft support seven out of ten. I had some cases a while back and told an agent my issue. When I called the next day, I had to explain everything again to a different person, so I found it annoying to repeat myself all over. 

It would be helpful if they had some coordination between their support, so we don't have to repeat ourselves. They should be able to transfer your details from one agent to another. 

We previously used Sophos.

Defender doesn't cost that much. When you use Microsoft technology, you can start with the free version and see how much the technology helps your organization solve security problems before you use the subscription. They also do this pay-as-you-go model, so you only pay when you use it. 

I rate Defender for Endpoint nine out of ten. It's great. I don't have anything negative to say about those technologies. They are serving their purpose.

We primarily used the solution as Endpoint Detection and protection (EDR, EPP) with secondary benefits of threats and vulnerability management, security incident response, automated query and real-time device monitoring, and with the capability of email security, identity management (DFI), and task automation (Power automate). We used respective licenses where required.

The solution was also used for an endpoint antivirus for workstations in a multi-OS environment, including Windows and Mac OS. We had file, device, and user trajectory monitoring for the security operations team.

The solution benefited the company via:

• OS-level/Tool compatibility for endpoints running Windows (since both are Microsoft products and Defender core files are included in Win10 or later delivery).
• Heuristic capability. Consistent usage of MDE indicates that the tools are continuously learning new prevention techniques by pulling real-time up-to-date cloud resources.

• Alert chaining. The solution makes security Incidents, events, and alerts less tedious from a Security Operation Center standpoint. This can result in false negatives or detriment for small to medium-scale firms running no or semi-automated threat response features.

The most valuable aspects of the solution include:

• Advanced hunting. The product offers flexibility, visibility, and automation capability using a user-friendly query language (KQL).
• Reporting. Clear and concisely plotted graphics show real-time data representation - which is valuable to upper management.

• Scalability/API. We are able to productively integrate with existing on-prem, hybrid, or cloud applications. 
• Great OOB features. The solution comes with SIEM-ingestion-ready features for extensive visibility, automation, and integration, including advanced hunting, threats and vulnerability management, embedded simulation for end-to-end testing, ransomware prevention (Controlled Folder Access), and Attack Surface Reduction (ASR) rules.

Improvements could be made via:

• Clicks. There's a poor user experience with lots of optimizable opportunities of user interface particularly on the newly improved portal (https://security.microsoft.com/). Features like device inventory continue to lack essential workstation drill-downs showing the entire device information with the least effort.

• De-centralized console features. Discrepancies with enabling core features at the click of a button within the MDE portal is mostly due to prerequisites that are tied to the functionality or partial enforcement requirements from other Microsoft tools (Group policy, Azure, Sentinel, SCCM, Intune). EDR in block mode requires Intune security baselines and tamper protection requires MAPS enabled. Web content filtering also has security baseline dependencies

• No single pane of glass. There are too many loose ends with tiny bits and pieces to enforce essential security policies compared to other EDR solutions within the same caliber. A typical example is having to create exclusions in different locations for entirely different functionalities, such as: automation folder exclusion, group policy exclusions (per tenant), Controlled Folder Access (ASR) Allowed application, and Attack Surface Reduction (ASR).

• Service Requests. Noncritical cases with MDE technical support teams tend to be queued for over a week before the first customer engagement. Most of these tickets also end up in the hands of temporary or contracted non-Microsoft employees who are scripted and offer little attention to unique incidents.

Suggested additional features that should be included in the next release include:

• Digestible interface/filter for crown-jewel capabilities like ASR, CFA and Exploit mitigation occurrences.
• Restoration of an always visible search bar from the previous console view (https://securitycenter.windows.com).
• A definitive action plan for Secure Score recommendations and deduplicate of controls.

We were using Microsoft Defender for Endpoint prior to its change of name from Defender ATP. We experienced a plethora of GA changes including, but not limited to, IOS/multiple OS support, device discovery, web content filtering, API updates, and continuous integrations with existing security tools.

We were using the basic endpoint from Sophos without Intercept X and the EDR model, and currently, we are in the selection process of a new platform that has EDR embedded. We are using Microsoft Defender Antivirus for the time being till we get the new platform.

It is easy to use because it is already pre-installed in Windows 10. We don't have to do anything to configure it. You can also configure the firewall by using a group policy so that it can be easily adopted in an environment.

Microsoft Defender in the basic form is not very useful for managing the security environment. The free version is not capable of covering the needs of centralized management, EDR, and behavioral analysis. If you don't have the commercial version, you can't have centralized management and set up the policies and other things. Each client is a standalone installation, which is not useful for security in an enterprise model.

I have been using this solution for six months.

Currently, we have about 2,000 users.

I didn't use support for this solution.

It was already pre-installed in Windows 10.

It is free. It is included in Windows 10.

We are using Microsoft Defender only for the time being. We will switch to another endpoint platform that can offer us more advanced features, centralized management, and EDR. We have not chosen the solution at the moment, but we might go for Bitdefender. It is one of the products that we have evaluated, and it can be suitable for our environment. It has some use cases that are really in the same line as our requirements.

I would recommend this solution only for small home environments. It is not for enterprise environments unless you buy the commercial version.

I would rate Microsoft Defender Antivirus a seven out of ten.

It is a comprehensive monitoring solution for all user activities and their associated details within our tenant. All data flows seamlessly through Sentinel, streamlining the process and ensuring thorough oversight of our environment.

It enhances our security posture. It seamlessly integrates with all our systems, particularly across our Microsoft infrastructure. It offers insights into threats, furnishing information about potential security risks within our environment. It effectively sets up alerts to notify us of any suspicious or unusual activities. The prioritization of threats holds significant importance. It concentrates on the most crucial threats rather than overwhelming us with all potential risks. It excels at organizing and highlighting those critical threats, providing a level of efficiency beyond what I've observed elsewhere. It has proven to be a cost-effective solution, saving both time and money, as the adage goes—time is money. Specifically, it has significantly reduced our time to detect and respond to incidents. Its real-time threat detection and blocking capabilities contribute to these improvements.

The most valuable aspect lies in its automation capabilities, particularly within security automation. It contributes to more efficient time management for us and it provides an efficient way to keep track of user actions and maintain a secure and well-monitored system.

In terms of improvements for their technical support, a focus on enhancing response times could be beneficial.

I have been using it for approximately five years.

The stability is excellent and I've never encountered any issues; it has consistently performed well.

The scalability is impressive, especially since we use it in the cloud. It works seamlessly without any issues.

Microsoft's technical support is commendable. I would rate it eight out of ten.

Positive

Overall, I would rate it nine out of ten.

The solution is primarily used for antivirus and malware protection.

It definitely improves the organization in terms of security and productivity. We integrate the Defender with the Microsoft Cloud platform as well. It provides us with sandboxing and other functionalities in real time, where we can have the protection we need. 

It's integrated with advanced threat analysis so we can see how the threat is coming into our network, what it is doing, and more. We can see everything step by step if a threat comes, including how this threat impacted the organization, et cetera.

The first thing which I noticed is that it is completely compatible with Windows. It does not make Windows slow, as compared to all of the third part antiviruses.

The stability has been good.

Technical support is helpful and they have a very robust online community as well.

The product can scale very well.

We would like more customization, actually. They're not too customizable. We'd like the flexibility to be able to set some applications on a white list. We need more options. 

I've used the solution for approximately five years. 

The solution is stable and responsive. 

We have the solution deployed to around 350 users across four different locations.

It can scale to the thousands and thousands. I have seen customers here, some have approximately 12,000 devices and they're running that one program and it's going far without any issues. 

Technical support is good. They know things about the solution. The best part is that if anything happens, the Microsoft community is so big that any problem comes up, you can also just Google it and you will get the solution.

We used McAfee and another solution as well and they both are great and amazing, however, they make PCs slow and every time something happens you have to call the vendor and they will help you support. The difference is, with Defender, it doesn't slow things done and you never have to call Microsoft.

The initial setup is very straightforward. IT is actually my default. We actually helped our end-users with system centers, integrated Defender updates, Defender itself, patching, and Defender configuration using the consent and configuration manager. It's simple. It's not complex to set it up or manage.

It's a bulk operation to set it up, therefore, even if you have 100 PCs, it will only take you about an hour and you will be up and running with everyone. You only need one to two percent of your staff to handle the deployment and maintenance tasks. 

We used an integrator during the initial setup. They were quite helpful. Our experience with them was good. 

We have seen an ROI.

The solution is free for end-users. 

While we have the solution set up on our private cloud, you can also use a hybrid setup if that's better for your organization. 

I would advise new users to connect it with an endpoint manager and connect it with the cloud and then let the real magic happen.

I'd rate the solution an eight out of ten.

We use Microsoft Defender for Endpoint as an antivirus and antimalware solution. We also use it for endpoint management.

What I'd like included in the next release of Microsoft Defender for Endpoint is more integration with different platforms.

We've been using Microsoft Defender for Endpoint for four years.

Microsoft Defender for Endpoint is stable, except for occasional internet connection issues, but it's stable.

We contact the technical support team for this solution whenever we have an issue, and once you open a ticket, they respond as quickly as possible, though it would still depend on the severity level that you define.

The initial setup for Microsoft Defender for Endpoint was straightforward. It wasn't complicated.

We pay for our Microsoft Defender for Endpoint subscription yearly.

We've been working with various Microsoft solutions, e.g. Microsoft Defender for Endpoint, Microsoft Azure, etc.

Microsoft Defender for Endpoint has been awesome, so far.

I wasn't around during the setup of the solution, so I have no idea on how long setting it up took.

We have 6,000 end users of Microsoft Defender for Endpoint within the company, and it's being used on workstations, servers, and mobile devices.

I'm rating Microsoft Defender for Endpoint nine out of ten. I found it to be a good product. It's a fine product.

We use Microsoft Defender for Endpoint for network and endpoint protection.

Microsoft Defender for Endpoint could improve by making the reporting better.

I have been using Microsoft Defender for Endpoint for approximately three years.

Microsoft Defender for Endpoint is stable in my usage.

I have found Microsoft Defender for Endpoint to be scalable.

We have approximately 700 people using this solution and we plan to increase usage.

The technical support from Microsoft is very good. We are part of the Microsoft Suite, and from being part of this we have consistent news regarding Microsoft Defender for Endpoint.

I have previously used ESET.

The initial setup of Microsoft Defender for Endpoint was straightforward. 

We have two engineers that do the implementation and maintenance of Microsoft Defender for Endpoint.

Microsoft Defender for Endpoint has improved a lot over the years and it is a lot better now.

I would recommend this solution to others.

I rate Microsoft Defender for Endpoint an eight out of ten.

We are using Microsoft Windows Defender for Windows services because it is the default antivirus and protection solution with Windows Server 2016 and 2019. We are using it for Windows servers, file servers, and active directory.

Its simplicity is the most valuable. It also has very good integration. We like it.

Its interface can be improved a little bit. We would like to have some sort of centralization. It should have something like a central server that is managing all the other clients. There are solutions from Kaspersky or ESET NOD32 that are really doing this kind of thing currently. We would like to see something similar from Microsoft.

We have been using this solution for more than two years.

It is very stable. It is highly recommended.

It has good scalability. We are happy with it and plan to increase its usage. We currently have around 20 users.

Technical support is good. We like Microsoft, and they provide good technical support.

It is straightforward.

We implemented it by ourselves.

Currently, for us, Windows Defender is free with the purchase of Windows Server. Pricing is an important point for us when we are looking at the competitors of this solution. If we choose to go with another vendor, we will have to pay some license fees.

We are considering moving to another solution, so we are trying to inform ourselves about the other products in the market that will fit our budget and needs. We are trying to see what the competitors offer in the server market. We are looking into ESET NOD32 because we know the product from back in the day.

I would recommend this solution. It is free, and it is doing its job for Microsoft Windows Server. It is a good product. I would rate Microsoft Defender for Endpoint a nine out of ten.