Microsoft Defender for Endpoint Reviews

Defender is basically a protective seal that is used to protect your Windows applications. Whenever you enable it your system is safe. You feel safe and your data and your security are verified by Defender and protected by the Defender seal. 

Defender is a part of Windows; you just need to enable it. There is no need to install anything. 

It's quite good for security. We are using Windows 11 and Windows 10. In Windows 11, Defender is very, very strong. They built in good features, good seals. Earlier, ransomware protection was not there. However, now, new ransomware protection is also available in Defender.

The solution is stable.

The solution could always be more secure. 

The solution is very stable. There are no bugs or glitches. It doesn't crash or freeze.

The scalability is totally based on your OS operating system as it's a part of the OS. You can't define it in a different way. If your Windows platform is working fine and is of a certain size, then you can say that it's quite good and it will cover that.

We have 200 to 300 people using the solution. Some of our employees use Windows and have Defender. Others use Mac devices. 

We've used technical support in the past and don't have anything negative to say about their services.

There isn't really an installation process. It's already a part of Windows and just needs to be activated. You can install Windows in home or business devices and have Defender at your fingertips immediately.

While you don't need a technical team to install it per se, every organization has an IT team that likely would be able to install Windows and everything else. We have a 40-plus IT team. Everybody has a defined role. 

We handled the implementation in-house using our IT team.

The solution is included with Microsoft Office 365 subscriptions.

New users who are leveraging Microsoft can decide if they want to use Defender. It's already there - you can either activate it or not, depending on your preference. It's nice that you have a choice. Many companies find Defender is enough for them, however, if you want more security, you may be able to add other firewalls or security features to your existing infrastructure.

I'd rate the solution at a seven out of ten.

The area that I focus on the most is Endpoint Protection. We use Intune to build custom devices and configurations, to push out group policies, and do quite a bit with Azure Log Analytics.  

I'm writing a script from a multi-home deployment of the MMA Agent. The use case varies a lot, depending on the clients' needs. Our clients tend to be pretty big companies. The smallest client I have is about 600 people. Our biggest client is about 50,000.

DFE organizational security posture has been a positive experience. We're a Microsoft house. It works. Once it's deployed and once it's configured, it works and our clients tend to be happy with it. I haven't really experienced anyone who has been so unsatisfied with the platform that they wanted to go a couple of different directions, that has never happened to me.

It's Microsoft native. Microsoft is the corporate default, so it makes sense to use security platforms that are baked into the Microsoft platform. That's probably the most valuable aspect of it.

It has specific features that improve our customer's security posture. It makes the monitoring a lot easier and minimizes on-prem administration. A lot of the administrative stuff is all folded into Azure. It makes things easier.

The platform just makes things easier compared to on-prem or hybrid solutions because if you start working in an on-prem solution, most of the time it's going to be a battlefield. 

DFE affects the end-user experience when it's deployed. The more freedom a user has on the device, the more they're used to doing things their own way. By locking things down, by having device configurations, you disrupt the workflow. You need a lot of user education where you have to explain why you're doing these things. I'm a part of security. It's twofold, in that users have to get used to the new configurations. And the reason why we might take a little bit longer with pilot phases is that we have to identify how it'll affect the users and how the differences of different business units will be affected. Developers need a more open environment than other solutions.

Everything can always be improved. Improvements would depend on the client. 

Monitoring can always be better, onboarding can be a little bit faster, log collection could be easier, they could streamline the dashboard. They could maybe split it up into different workspaces and have the ability to segment groups a little bit more.

I have been using Microsoft Defender for Endpoint on and off for about three or four years. 

It's only the last two and a half years that it's been a big part of my job.

Microsoft has some creative accounting when they promise an SLA of 99.99%. But it is generally good. There's always going to be a problem with the cloud. If it works 99% of the time, that's great.

The frustrating thing is, you're not sure if there's a problem with your configuration or if the service itself is down because Microsoft tends to only report that the service is down much later than when you started experiencing things. So sometimes I have to jump onto a private forum or a Slack channel and ask other consultants if they experienced something similar. But when it works, it works. There's never going to be a cloud solution that has 100% uptime.

Scalability is fine. I mainly work with implementation, so I haven't really had to mess around with the scalability. I'm responsible for setting up security policies, and then if they want to do scalability, that's another team. I sit in security.

I haven't worked with support. I generally don't use Microsoft Support.

We were Microsoft partners last year. We're gold partners where we won security partners of the year, so we have an account manager. If it really hits the fan, then I would just talk to him. 

I've been an IaaS specialist since I began my career. I've done Apple MDM solutions and I've done Google Workspace, but when it comes to actual IaaS, I can't really compare. Because we're a Microsoft house, we generally don't use third parties or competitors.

The complexity of the setup depends on the environment. If it's Greenfield, it's super easy. I've been doing this for two to three years now. Most of the time it's easy. The larger companies have more complex networks and systems. The smaller the company, the easier it is to deploy.

The beginning of the project, like scoping, implementation, the entire process, or just the actual deployment depends on the size of the company. For smaller companies, we'll push some policies out. We'll do a week or two of a pilot phase where we identify different stakeholders and different business units. We collect feedback from them, keep an eye out on the audit logs and if that goes well, then we go into phase two, which takes another week or two where we slowly push out, if it's an accounting department with 60 people, then we'll do batches of 20. We'll have a pilot group of five and then we'll push it out to 20 people at a time.

The project managers worry about the licenses. I get my scope, I know the limitations I have to work with, and then I just make a solution based on that. I'm a very technical consultant and I don't really care about licenses, that doesn't really have anything to do with me.

My advice would be to start small, don't start a project thinking that it's the best solution, and bowl it out straight away. Take your time. Don't think that you'll be able to incorporate the platform within a month, although that would depend on the size of your business. Take your time, there's no rush, be patient. Because there will always be some problems.

I would rate it an eight out of ten. 

This is an endpoint security product. It helps detect and prevent attacks and is very good when it comes to vulnerability assessment. It automatically detects attacks. It provides support for all the end devices, whether it is a Mac OS, Windows, mobiles, Android and iOS, it has support for all. I mostly deal with smaller and medium sized companies, I don't deal much with enterprises. I'm a customer of Microsoft and I work as a solution architect.

The product is very good when it comes to vulnerability assessment. It's a Microsoft flagship product and it integrates with Office 365. If my customers are using Office 365 or Azure or a Windows server, it helps to use Defender. Other products like Symantec or McAfee don't have that kind of integration with Microsoft products. In terms of identifying the attacks, it's far superior to Symantec. 

The GUI is very complex, particularly for normal users who work on it. It could be more user friendly. For future improvements, I'd be looking at internet security which we don't have as Microsoft does not distinguish whether a site is malicious or not. Kaspersky is very good at that but not Microsoft. It would be a big advantage for them if they were to include it. 

I've been using this solution for seven months. 

It's a stable product. Microsoft only recently entered this market and nobody believed that Microsoft antivirus would be good. They are now trying to prove everyone wrong in that sense by having a good security product. 

Scaling in or out is very easy. Scalability is really about licensing so you just have to request a registration license.

Ninety-nine percent of the time, I'm able to solve the problem. I do not have access to Microsoft support so if I go to their open support page and try to login a request, it takes up to 24 hours for the support agent to get back to me. It's pretty average. If you have the premium support or if you're a support partner of Microsoft, they respond back in one or two hours, something like that.

I tested the difference between Symantec and Defender by taking a malware from the internet and downloading it. Symantec allowed me to do it, even though it shouldn't have, but Defender, gave me notification and wouldn't allow me to do it. That said, Symantec is a very stable product that's been on the market for a long time. They have more expertise in endpoint protection than Microsoft. Symantec is not a cost-effective product for most customers. It's integrated with third party companies and is good in protecting endpoint. Because my customer base is companies that use Office 365 and Microsoft Azure so Microsoft integration with these products is very good.

The initial setup is very simple, you just have to attach it to the user's email address. Once the user logs in, it automatically downloads and starts working. I do the implementation.  In terms of maintenance, sometimes my engagement with the client is one time but sometimes, I do maintenance as well. This is a subscription-based, cloud-based product. They have to call me every year to renew. 

I would suggest that if you're already using Microsoft products, then I think it makes sense to go with Microsoft Defender over any other product.

I would rate this solution an eight out of 10. 

We used it as an EPP and EDR solution. 

Microsoft Defender made the work quite easy because we didn't have to rely on multiple tools, and we could look at one thing. It had a specific endpoint-level reporting standard as well where you can see the vulnerable threats and the outdated versions. It was very convenient.

We had certain compliance and usage issues. For example, our company wanted to go with CIS, but we didn't have a proper way of measuring whether the endpoints have the right standards in place or whether they were compliant with CIS. Microsoft Defender was like a one-stop for most things because it gave us the vulnerability and patching scores so that our vulnerability management teams can focus on covering up the vulnerabilities and the patching team can check the vulnerable versions and deploy the right versions. It had multiple advantages for us in terms of patching, vulnerability management, adhering to security standards, and EDR and AV capabilities. 

Microsoft Defender was pretty interesting in terms of visibility. When we compare the solution that we had before with Microsoft Defender, there is almost a night and day difference. Microsoft Defender is pretty advanced with the threats. We used to run, simulate, and see whether we were prone to the latest vulnerabilities. It was a pretty good solution in our experience.

It definitely saved us a lot of time. I don't have the metrics, but because it was a one-stop place, we didn't have to navigate through all the controls and go from one place to another to look for different reports for each section. We had one tool that could do everything in one place. It would have definitely saved us nearly one-fifth or 20% of the time. It would have also saved money because you rely on one single tool for multiple things. When you go with the premium suite, you get other tools as well. There is definitely a cost-saving aspect.

It came in a suite. There were multiple other products that were included with it as well in the premium suite. Another factor was that you don't have to invest in two products, and you can get both components, the EPP and the EDR, in one. You can also do simple vulnerability management, CIS hardening, and things like that from Microsoft Defender. Those were the main reasons for considering it back then.

I haven't used the product in nearly eight months. I use it on my device, but I haven't used it at an administrative level. Previously, with Microsoft Defender, we used to have certain problems with the Mac machines, but later on, they came up with various ways so that we could use the MDM solution to do the job. They provided pretty good support. Their engineers came and tried to figure out the solution.

I'm not too sure of its current capabilities, but I'm pretty sure they are doing a good job on Windows and Mac. However, I'm not sure whether they covered Linux. If I remember correctly, Microsoft Defender didn't have anything proper on Linux back then, but if they have improved it from that aspect, it would already be ticking all the boxes.

I have used Microsoft Defender for eight months to one year in my previous organization.

In comparison to the other solutions that I've had experience with, Microsoft Defender was very good.

It was definitely scalable. In my previous organization, we enrolled more than 20,000 endpoints.

It was pretty good. At that time, Microsoft Defender was very new. When they released it for Mac, that's when we got hold of them. There was a time when their support engineers learned certain things from me about it, and I also did learn something from them. It was a win-win situation for both of us.

I would rate their support a seven out of them. The level of support depends on the complexity of the issue. If an issue is small, anyone can solve it, and it wouldn't take much time, but when you run into a complex problem, you need proper people coming in quickly and giving you some support after looking into the issue. Ideally, if they are very well-trained at all levels, that would be good.

Neutral

We had other products for antivirus and EDR. We removed those two products and replaced them with Microsoft Defender. They both were pretty good solutions in the market back then. One of them is a pretty good solution even now.

We found Microsoft Defender pretty good when we did the PoC as compared to the rest of the tools. Some of the solutions were only antivirus, and some of them were only EDR, whereas this particular tool had a lot of features built into it. So, one agent could do many things. Another reason for going for this solution was that the company I used to work with was a bit biased toward Microsoft. They were a Microsoft customer, and they were comfortable with Microsoft. 

The reliability of support was one of the reasons why we chose Microsoft. When it comes to tools, there are always requirements related to budget, level of support, and other things. When you go for a PoC and look at the demo, you might think a product is stable, but when you run into a problem, the support could be weak. In such instances, what's the use of the product if you don't have good support or if they take at least two to three days to solve a small issue?

I handled the Mac machine part of it. Initially, setting up policies and getting all the configuration profiles in place was a bit of a challenge because they didn't have proper documentation at first. During the PoC, there were not many documents or support articles, but when we were in the deployment phase, they had everything, even specific to particular MDMs, which made it very smooth. We ran into a couple of small problems, but that's pretty common in every deployment. Other than that, it was pretty smooth. 

From Microsoft's side, there is a pretty good deployment strategy in place, but different companies have different objectives and different ways of working. There are situations where certain users and groups might need something specific but other users or groups don't. There could be multiple groups of users with different expectations. So, it is pretty straightforward, but like with any security tool, there could be internal user-level challenges. However, for a company that does not have a very complex environment, it should be a piece of cake. It should be pretty easy.

In terms of our implementation strategy, we first targeted the least impacted devices because we didn't want high-end or critical users complaining about having issues. So, we selected the low-priority users and implemented it for them, and then we tested it out. After that, we implemented it for users with higher priorities. We gradually moved based on the severity.

In terms of maintenance, agent updates are required, which we scheduled automatically. It didn't seem to need much attention. If the product is in a non-complex environment, it won't have many issues, but in a complex environment, there will be some because of VLAN restrictions, network connectivity limitations, etc. We also had issues where agents were not communicating, but it was not because of an issue with the tool. It was mainly because of the complexity of the environment in terms of networking and architecture.

Microsoft Defender decreased our time to detect and time to respond. However, we didn't completely rely on one solution. We had other means as well. We used to have another EDR solution as well, and we used to run both together.

I would definitely agree with a security colleague who says that it’s better to go with a best-of-breed strategy rather than a single vendor’s security suite. For example, if you are a one-vendor customer, the day the vendor gets hit with zero-day or any huge attack, none of your tools or software would work. Your data and other things are also at risk. So, having multiple vendors is good because you'll be covered by different products. 

Microsoft Defender's threat intelligence helps to prepare for potential threats before they hit and take practice steps, but there was another team that was using the threat intelligence and reporting capabilities to see whether the organization was ready. In my previous organization, we had overall IT support, which was then divided into nearly 20 different teams. We had one team specifically to do one specific job. 

For prioritization of threats, if I'm not wrong, Microsoft Defender gives you a severity value. I haven't been in the admin part for long, but it gives you a severity value. Based on that, you can prioritize your threats.

I would rate Microsoft Defender an eight out of ten. 

There are endpoints that are not in our organization's network but are connected directly to the web. We use Microsoft Defender for the antivirus.

We are not dealing with this solution daily, just when there is an issue from time to time.

The interface could be improved.

I have been using Microsoft Defender for Endpoint for a couple of years.

It's a stable solution.

We are only running it on a few workstations. The scalability is okay.

It's run on 10 out of 3,000 workstations and we plan to continue using it.

We have no more than 10 users in our organization.

We are also using Symantec. 

We have a few endpoints where we use Microsoft Defender because we cannot use the Symantec Sets.

The initial setup was straightforward. It was easy to install and t only took a couple of minutes.

There is no team for maintenance. If there is an issue, the security team helps to resolve it.

We completed the deployment and implementation ourselves.

We don't have an issue with the price. 

We have a bundle where the price includes all Microsoft products.

This is an area that I am not dealing with. I don't have all of the information.

It's pretty good.

I would rate this solution a nine out of ten.

We are a system integrator and I specialize in practically everything that is security-related. This is a product that we sell as part of Office 365, and rarely as a standalone solution.

Usually, if we have a customer with Office 365 and they need this type of solution then we increase the subscription to a point where it is included.

From the user's point of view, this is classic anti-virus software. From a management point of view, this product gives better control over endpoint devices because some processes can be stopped remotely. If you have a person that is watching over the system then they have a higher level of control over endpoints.

This is a cloud-based product so it is always updated by the end-user.

They have to improve the email scanning where email is coming from somewhere other than our private network. The scanning is slow when it is working with incoming emails. Often, I can see the email but the scanning process is not finished and I cannot open the attachment. In general, the scanning has to be faster.

This solution looks stable. Provided that Windows 10 is updated, everything is okay.

I have not been in contact with technical support in regards to this product. However, technical support for Microsoft products is always of bad quality. In my experience, if you cannot find the solution yourself then you will have a huge problem because it is not an easy task to have them understand and support you.

You can lose a lot of time explaining the problem before you receive something that works.

My advice to is look for a good support library and try to find the solution yourself. This means that you don't need to contact support.

We have worked with many different security solutions. For example, we are selling a Security Operations Center as a service. We implement EDR, Privileged Access Management, Identity Management, anti-fraud solutions, web application firewalls, database security, and more. We are working with practically everything in cybersecurity.

We are working with between 10 and 15 different vendors. Sometimes, this is too many, but it is useful to have information about each product, its quality, and how it compares to others. Two products that we are working with now are Cisco AMP and Carbon Black.

There is a free version of Windows Defender, although the paid version has EDR functionality. We sell this product as part of Office 365 and it is not expensive.

I have never touched this product. I'm just selling it, and I don't recommend it to anybody as a standalone solution.

I would rate this solution a five out of ten.

We are using it only for EDR, but we have a plan to extend it to Microsoft email as well as to the cloud.

Within one month of using Microsoft Defender for Endpoint, we could achieve great insights.

Microsoft Defender for Endpoint is a perfect solution. We have used several EDR products, and Microsoft Defender is the best one that I have worked with. It provides great visibility. It is very transparent. We can get so many details about a particular endpoint. It is a great product. I would rate it a five out of five in terms of visibility.

It helps us to identify process-based threats in our environment, not only the signature-based ones. We are able to identify some of the threats that were not detected previously.

We get severity levels from the solution itself. Based on them, we have developed our action plan to act upon any category of incident. It helps to achieve a better SLA to attend to incidents.

I am quite interested in the vulnerability dashboard. It provides vulnerability data according to the CVE database, which helps us to prioritize vulnerabilities in our environment and address them.

Microsoft Defender for Endpoint works with Windows and Linux, so we could cover them all. It is suitable for servers as well, not only for endpoints, so we could implement it on most devices in the organization. It has probably saved us 20% of the time. 

It has Kusto Query Language (KQL), so we can use our own queries to find anything.

We can get real-time updates. It is not just signature-based. It provides results based on behavior and successors. It analyzes the behavior and the process. With that, we can achieve greater results that other products do not offer.

We need better support to learn about the product. Documentation is available, but we need some kind of training program so that we can get a better understanding of the product.

We switched to Microsoft Defender for Endpoint about one month ago.

I would rate it an eight out of ten in terms of stability.

It is highly scalable. We have around 5,000 users. I would rate it a ten out of ten in terms of scalability.

Previously, we were using a separate EDR product in our environment. We were using Sophos. Our organization moved into Microsoft 365, so we switched to Microsoft Defender for Endpoint. 

We heard that it is one of the best products in the industry. We thought that we would get better results with Microsoft Defender for Endpoint. That is why we moved to Microsoft Defender for Endpoint, and we were able to achieve better results with it.

It is a cloud deployment. It took us a few months to make the switch.

It does not require any maintenance from our end.

Overall, I would rate Microsoft Defender for Endpoint a nine out of ten.

We use Microsoft Defender for Endpoint to secure our workstations, laptops, and servers. It helps us to do virus scanning and malware protection. 

Microsoft Defender for Endpoint is free and part of the licensing stack of other Microsoft products. 

The product should reduce updates since it is hard to keep up. 

I have been using the product for three to four years. 

The tool's deployment was simple. It took about a month to complete since we have over 5000 servers across various platforms. 

Microsoft Defender for Endpoint helps us save time since we don't have to keep a separate semantic console. 

We can see the threats as soon as they come in. Our security team gets notifications. 

I rate it an eight out of ten.