Microsoft Defender for Endpoint Reviews

We use this solution for threat management and pallet management.

Threat intelligence is one of the most valuable features in Microsoft Defender for Endpoint. It's one of the key benefits we enjoy from the solution. The built-in Windows protection is another key benefit we like about the solution.

We've also integrated Microsoft Defender for Endpoint with the SIEM, for pallet management. It went smoothly and there were no challenges.

An additional feature I'd like to see in the next release is for this product to be more flexible when integrating with third-party systems.

Another feature I'd like to see in this product is the sandbox, particularly a third-party sandbox. This feature will help us give better service.

It's been six months since I've started using Microsoft Defender for Endpoint.

This solution has very good stability.

This solution is scalable.

Microsoft's technical support is good.

The initial setup for this solution was easy, but after the basic configuration, particularly the integration with other tools, there was some struggle initially, but later on, integration went through. Integration with third-party systems had some complexity involved.

Compared to ESET, the pricing for Microsoft Defender for Endpoint is on the higher side.

I evaluated ESET and ArcSight.

Currently, we have not experienced or seen any challenges with Microsoft Defender for Endpoint.

Our customers are mostly medium-sized companies.

My advice to people thinking about implementing Microsoft Defender for Endpoint is that it is good, in relation to Windows, but if they want to have a holistic product in relation to Linux and other systems, they need to consider other products.

I'm rating Microsoft Defender for Endpoint an eight out of ten.

Our clients use it for antivirus and anti-malware purposes.

It depends on the licensing. Most of the customers have got at least a 365 E3 license, and they can use most of the features of Windows 10 Defender. So, anyone who has got an enterprise license can start using those features. Some of the customers have got E5 licenses, and they can use all advanced features. Customers with E5 licenses use the advanced site protection (ATP) features and web content filtering without going via a proxy, which gives the benefit of replacing the proxy. They can get the benefit of MCAS and integration with Intune and the endpoint manager. It is a kind of single platform for all 365 technologies. It helps customers in managing everything through a unified portal.

Normally, we implement the attack surface reduction (ASR) rules and exploit protections. We also use Microsoft Defender Application Guard and ad blocker. Instead of using the application control list, we use the ad blocker at most of the places.

What I've heard from the customers is that the anti-malware engine is not up to date. So, sometimes, it may not detect such threats. I, however, haven't got any data to show for this.

Its licensing can be better. Currently, customers with the E3 license cannot use many features, and they would like those features to be available. With Windows 10 E5, Microsoft is phasing out all the functionality. They have also made a lot of changes recently where you can also buy add-ons for Defender ATP, but for Office 365, ADT, and other stuff, you still require E5 licensing. If they can improve its licensing, it would definitely be helpful in implementing the features from the security point of view. E5 definitely has more features from the security point of view.

I would like Microsoft to have some kind of direct integration for USB controls. They have GPO and other controls to control the access of the USB drives on devices, but if there is something that can be directly implemented into the portal, it would be good. There should be a way to control via a cloud portal or something like that in a dynamic way. USB control for data exfiltration would be a good feature to implement. Currently, there are ways to do it, but it involves too many different things. You have to implement it via GPOs and other stuff, and then you move or copy those big files via Defender ATP. If there is a simple way of implementing those features, it would be great.

We have been recommending Defender to customers for Windows 10 and helping them in implementing it for two years.

It is okay in terms of stability. I haven't seen any issues. Even if you go for a third-party vendor as your primary anti-malware software, you can get the benefit of Defender in a passive mode. 

I am an Azure engineer, and I work with an architect to design the solutions. I'm not a security person, and I don't know whether it catches all the new malware that comes into the IT world, and how quickly it gets updated because it is not my area of work as I'm not an SEC OP admin. I have read a few articles mentioning that the engine might only be 80% or 90% up to date. Obviously, no engine is 100% up to date, but it is still a little bit behind some of the third-party vendors. 

We haven't used their support much, but one of my colleagues has had some problems, and I think he didn't get good support from Microsoft. So, obviously, it depends on what kind of support engineer you have been assigned. Sometimes, it can be difficult. It is not only applicable to Defender; it could be with any of the products.

While implementing the ASR rules and other things, if you don't put it in the audit mode and don't do proper discovery, then it can definitely break lots of applications. You need to adhere to the implementation guidelines for ASR rules. So, proper analysis definitely needs to be done before implementing those rules because it can affect the business functionality.

Its deployment can take from few weeks to months depending on the size of the organization. In terms of the implementation strategy, we start with the pilot key users, and we deploy those policies. We also deploy ASR rules and other exploit protection rules in the audit mode, instead of directly enabling them. We then monitor the resources in terms of what can be blocked or what can get impacted by those rules. After that, we work with the users to implement it and see whether it breaks anything. If it breaks, then we look at the solutions. After we are happy with all those solutions and we know that enabling it won't break anything on a business side, we just roll it out.

Our clients are definitely seeing an ROI. Some of the clients have already got the licenses, and they can use lots of features of their Defender ATP. They are basically saving the cost of not going with a third-party solution.

Some of the clients who already had another third-party solution are also moving to Defender ATP because they already have the licenses, and they can save the cost on those. One of our clients is using ESET. They have the ESET standard version, so they are not getting any of the other features. They already have an E5 license to use all Defender ATP features. So, obviously, it would be beneficial for them to go with Defender ATP.

We did a little bit of comparison with Sophos. Sophos also offers cloud and network protection, but it would be an extra cost to buy it if you already have a license of Defender ATP. With Sophos, the USB features are a part of the cloud solution. So, you can configure USB restrictions and other things in the Sophos portal. With Defender, you will have to implement the USB security features via GPO or something else.

I would definitely recommend others to go with Defender ATP if they have got the licenses because it can give them a wide range of security controls. It is integrated with Office portals and Microsoft monitoring systems, so they get the sensors from different places. We haven't come across any security threats yet. From the point of view of its theory, implementation, and architecture, Defender ATP and other ATP integrations would definitely help customers in controlling their organization and implementing the best security rules and policies.

It hasn't affected the user experience much for our customers. Customers only see the notification pop up saying that Defender hasn't found anything and things like that.

I would rate Microsoft Defender for Endpoint a seven out of 10.

It is an antivirus. It is like any other antivirus, except it comes with Windows and you don't need to install anything extra.

People will ask you, "My system does not have an antivirus," because it is so hidden and subtle. You don't feel like you have an antivirus. Many users will wonder and come to you, saying, "I don't have an antivirus installed. Is that company policy? Do we need to get it from outside and install it?" So, we have to tell them, "No, there is an antivirus. It is there."

It is so seamless that people don't even feel or see it. It is just protecting everybody. If you are some kind of techie or have some experience with Windows Operating System, only then do you know that this thing is already built-in. If you go into the Task Manager, you can find the antivirus using up a lot of memory and a bit of CPU power, then you will understand that is the antivirus doing this. Normally, many people don't realize this.

It is already integrated with Windows 10, so you don't need to worry about that. 

It is a basic firewall with some additional anti-exploit measures and parental controls already built in.

It is using a large space in your memory all the time. While an antivirus will use some of your memory, if they could reduce the load of the antivirus to some extent that would be good.

We started using it when they started bundling it with Windows 10, which has been around three or four years.

It is very stable.

You do not need to worry about maintenance. It is automatically updated. Sometimes it will show you a red marker to do a system scan. People normally kind of ignore that, but I suggest people do a system scan from time to time. Now, what happens is just a bubble icon showing a red cross sign, but that may not be enough. It should give a pop-up window to remind people to scan the system once a month or quarter. It should be built-in scanning, without asking anybody, once per month or quarter.

It is scalable.

There is no need to get an additional solution because it comes bundled with Windows. 

We are protecting around 60 to 70 endpoints in India. In the entire company, there may be around 400 to 500.

We have used other antiviruses, like McAfee and Avira Antivirus.

The same thing can be viewed as a pro and a con:

Pro: It is more than silent; you do not even realize that it is an antivirus. Any other antivirus third-party will nag you with pop ups for any small threats. They want to show that they are doing something because you pay them money. They are funny, colorful pop-ups, whatever color they use is like an advertisement for them, e.g., "They are doing it wrong, and we pointed it out." Windows Defender does not do that. In a way, this is good for the people who know the threat sender. They do not really need to be nagged by the antivirus every time you open a site or click on a file.

Con: For normal people who do not know anything about the security side, some pop ups should be there. Some pop-ups call people's attention that you are doing it the wrong way. For example, "This is potentially wrong. Don't visit this site. Don't potentially open this link, file, or attachment." This is missing in Windows Defender.

It has a good return on investment, especially since we are used to paying for antivirus. Now, it is part of the Windows purchase.

You don't need to worry about the renewal and purchase of antivirus products. It is bundled with Windows 10, so you don't need to worry about separately purchasing any antiviruses. 

Whenever you purchase an antivirus, there are so many factors to consider, such as, weighing, doing a comparison, studying everything, and analyzing the cost-benefit factors. You don't need to consider any of this with Windows Defender because it all comes with it. So, you don't need to worry about it.

With Windows Defender, Microsoft is protecting their own operating system from hackers, viruses, malware, etc. It is better to use Windows Defender over other third-party providers. Microsoft knows what best is for the solutions.

If your computers or users are limited and you are not worried about using your computers for a lot of other browsing purposes or a lot of communication from the public, then you can depend on Microsoft Defender as your only solution. However, when your company is a lot more public facing, then you get a lot of mail from the public and must interact with the public. Also, if you must connect your computer to other computers not in your company, then I would suggest going for either a top-of-the line antivirus solution or third-party solutions. Totally depending on Microsoft Defender is not going to work for a company who is facing a lot of public interactions with their computer system.

I would rate it as an eight out of 10.

It can reach our applications and PC activities in the cloud.

Notifications are always popping up — I hate that. It could also be easier to use and more robust, overall. 

I have been using Microsoft Defender Antivirus for roughly two years. 

Within our organization, there are roughly 500 employees covered by Microsoft Defender Antivirus.

We have a team of 10 employees that handle all maintenance-related issues. We definitely plan to continue using this solution. 

Microsoft Defender Antivirus could be more scalable. 

I am satisfied with the technical support. 

Microsoft Defender Antivirus is easy to install. Installation takes half an hour, maximum.

Microsoft Defender Antivirus integrates automatically. 

You need a license to use this solution. 

We evaluated McAfee MOVE antivirus. 

Overall, on a scale from one to ten, I would give this solution a rating of seven. If they improved the scalability, I would give it a higher rating.

I use it mostly to detect threats or viruses. I am using its latest version.

It is stable and easy to use. Everything is okay, and there are no performance issues.

Its detection is not as quick. There should also be more frequent updates.

I have been using this solution for maybe five years.

It is stable.

We have about 20 users.

I have not contacted Microsoft's technical support.

I didn't use or evaluate other solutions.

Its installation is very easy. It came with Windows.

I can install it myself. We have three teams for deployment and maintenance.

It came with Windows.

I would recommend this solution. I would rate it a seven out of 10.

I am a Taiwan sole company reseller. We sell commercial software to enterprise customers.

I use the Microsoft Defender for scanning the antivirus or some hacker tools.

We sell the Microsoft solution for enterprise customers. We recommend to customers that they can use Microsoft Defender Antivirus.

Microsoft Defender can block some viruses or malware. So, it can protect my files. It can save files on Office 365 OneDrive. I use encryption for some files, then I can recover them from OneDrive.

The central console needs improvement. Both McAfee and Symantec antivirus have dashboards. These integrate with a server and work on my antivirus or some other product. However, with Microsoft Defender, you use Microsoft Group Policy Object. Defender does not provide a central console. Therefore, if you implement Defender, then maybe use another tool for the central view.

I have been using Microsoft Defender Antivirus for more than two years.

In general, Defender Antivirus can work with my operating system. So, its performance is okay.

Defender can integrate with other Office 365 security products. 

We just search for knowledge from Google.

My company deploys Symantec antivirus. However, when we buy a laptop, it includes Windows 10, which has Defender antivirus installed. Therefore, we use both antivirus software, Symantec and Defender.

We did not deploy Microsoft Defender Antivirus. It simply came preloaded with Windows 10.

I would recommend using Group Policy Object to deploy this solution and enable some functions.

You just pay Windows 10 prices, then you have antivirus software. As a price comparison, Defender's costs are very low.

We sell the Microsoft 365 solution to customers. If a customer wants Windows 10 Defender, they can choose Defender ATP in Office 365.

I would rate this solution as a five or six out of 10.

Within our company, there are roughly 400-500 users of this solution.

The antivirus features are very useful.

We encountered some issues when we were trying to enable automatic updates from our group policy.

We have onboarded a number of machines without any issues.

We find that Microsoft Defender Antivirus is very stable. We've experienced complications with other solutions in the past and found that this is one of the most stable solutions. It's also very scalable, too.

Marine data systems also handle our support. If we have any issues, we come to them first. Their support has been really good.

At first, the initial setup was a bit complex, but after we had some experience with it, it wasn't a problem.

Marine data systems is a partner of ours and they helped us with deployment — they're excellent.

We have evaluated and used Mindset before. We also evaluated Kaspersky. We decided to go with Microsoft Defender Antivirus because of its onboarding capabilities and automatic updating.

Before settling on this solution, you should explore more than one form of ATP. Overall, Microsoft Defender Antivirus is a very good application.

On a scale from one to ten, I would give this solution a rating of ten.

We replaced our antivirus with Microsoft Defender, and we are implementing three products. We have Microsoft Defender for Endpoint, which is deployed on all our endpoints. We also have Microsoft Defender for Office, which works very well to protect Office documents. 

We are using this solution for MDM and MAM for the endpoints. We are using its latest version.

It integrates very well with all Windows workstations or other Microsoft Endpoint products. It also works quite well. So far, I have not had any issue that hasn't been sorted out. 

It doesn't use too many resources, so you don't have to install different things.

Its price could be better.

We have been using it for three months. 

It is very stable for Windows. 

It has very good scalability. We have 151 users.

I have not directly interacted with them. My colleagues have interacted with them.

We were using another solution that was number three in the market according to Gartner 2019.

There wasn't really much that we had to do because we have Intune, so it was very easy to deploy. We used the Control Panel, and it was deployed on the rest of the machines. What took longer was the onboarding of the machines to Intune, but once they were there, they were all protected. We, of course, had to remove the old antivirus.

We used a partner. We had two people for this.

It is within the same range as other products. It is not too expensive, and it is also not cheap. Its price can be better, but, well, it is Microsoft.

I would recommend this solution to others. I have a lot of good things to say about it. We are still navigating through it, and it has been working very well. We will absolutely keep on using it. 

I would rate Microsoft Defender for Endpoint an eight out of ten.