Microsoft Defender for Endpoint Reviews

Our primary use case for Microsoft Defender for Endpoint is desktop security.

Defender for Endpoint has improved our security posture by ensuring that malicious websites aren't accessed, thereby enhancing desktop and network security.

The visibility into our attack surface provided by Defender for Endpoint is good.

Defender for Endpoint has significantly reduced our SOC team's workload by automating threat detection and response, allowing them to focus on other critical projects. This increased efficiency has minimized security concerns and freed up several hours per week for the team.

We are primarily a Microsoft environment, but we also utilize a few Macs. Microsoft Defender for Endpoint functions effectively across both platforms.

Web filtering is the most valuable feature of Microsoft Defender for Endpoint because it effectively maintains security for website access.

There is a need for improvement in reducing false positives. Defender flags vulnerabilities based on registry keys or temporary files that are not necessarily vulnerabilities. This creates a lot of false positives. There could also be better clarity in navigating through the GUI to identify and resolve vulnerabilities.

A disconnect exists between the subject-matter experts and Microsoft's Level One support teams, causing delays in issue resolution. Repeated interactions are necessary due to Level One's lack of tools and knowledge, hindering efficient problem-solving and negatively impacting our experience with Microsoft support.

I have been using Microsoft Defender for Endpoint for about three years.

Defender for Endpoint is a stable product with reliable uptime.

The support from Microsoft is somewhat lacking. The level-one support seems disconnected from subject matter experts, leading to back-and-forth delays in resolving issues.

Neutral

CrowdStrike's GUI is more user-friendly and provides easy-to-follow instructions, while Defender for Endpoint requires more effort to access detailed file information and vulnerability assessments. For instance, locating a specific device involves navigating through reported vulnerabilities, clicking on associated devices, and then searching for the device name to identify the vulnerabilities and their origins. The switch to Defender for Endpoint was likely motivated by cost savings and compliance requirements.

Defender for Endpoint is a good security product that provides a good return on investment.

I would rate Microsoft Defender for Endpoint a seven out of ten. It has effectively improved our security posture, but there are areas where support and usability can be enhanced.

Currently, I'm working to build out DLP policies in Defender for Endpoints.

Defender for Endpoint enables us to see vulnerabilities on certain endpoints and investigate the attack surface. We've improved our Security Score to the industry standard. The solution has reduced the mean time to remediation, but it's hard to give a precise number because it varies on a case-to-case basis. Automatic remediation of certain vulnerabilities has allowed our SOC to work on other projects. 

Attack surface reduction and limiting attack surface vectors are valuable features. It's helpful to isolate specific devices and get super granular with the features they offer. The visibility into the attack surface is good. It gets highly granular. I don't work on that side, but the people who do tell me they get more visibility. 

Defender for Endpoint is complex, and the documentation is detailed. At the same time, it's hard to navigate sometimes. You have to go through tons of documentation to find what you want.

I have been using Microsoft Defender for Endpoint for one and a half years.

The stability is great. I haven't seen any outages with Microsoft.

It's pretty easy to scale with Microsoft, as they make it easy if you look into the documentation.

I rate Microsoft support eight out of 10. Customer service has been pretty good. I don't have any complaints.

Positive

We've had E5 licensing for a while now, but our security stacks were spread across multiple resources, so we are currently consolidating.

I don't work much with the costs, but I have not heard of any issues with pricing, licensing, or setup costs for Microsoft Defender for Endpoint.

I rate Microsoft Defender for Endpoint eight out of 10.

We use Microsoft Defender for Endpoint as an enterprise security solution.

The visibility is great. For example, Microsoft Defender for Endpoint's portal has a section called threat analytics. There's a threat intelligence box. So all new threats and trending threats are visible. If any of our devices in our organization are susceptible to this threat, the solution will let us know because it searches for that specific particular vulnerability, which can be exploited. The Microsoft threat analytics tool gives us that type of visibility into the threats that might affect our organization. For example, the threat analysis updates every half hour to one hour with the top ten latest threats. The scan tries to ensure that these threats don't belong to our organization and if they do, it identifies the infected device. Microsoft Defender for Endpoint makes a lot of security recommendations when we onboard it to quarantine a lot of security recommendations that help to improve the security posture of our environment.

Microsoft Defender for Endpoint assists our organization in prioritizing threats across our enterprise by providing security recommendations based on the weaknesses in our organization. It includes a department that provides management licenses and uses analytics to identify high-priority threats in our environment. This is connected to a common protocol that assigns a priority level of five to devices with vulnerabilities, indicating what actions should be taken. Thus, we have all the necessary information in one place.

Prioritization is crucial because there is a possibility of a high-priority threat entering our environment. This is how the solution determines the priority of threats. For instance, if one of our high-impact business devices is vulnerable to a top-priority security five threat we need to address it first. Alternatively, we may choose to address the sixty computers with a level two or three security threat, which are mostly associated with lower impacts. Therefore, prioritization aids in determining which critical business infrastructure requires immediate attention.

There are several lines with multiple solutions, but Microsoft offers a comprehensive solution with its E5 license. This license includes a wide range of features such as purview information protection, data protection, and other business-related tools. In my previous experience, I have noticed that some organizations utilize multiple Microsoft products, such as Defender for Endpoint, Identity Management, Defender for Cloud Applications, and Defender for IoT. This combination of different products can be quite useful.

Microsoft Defender for Cloud on Azure can be easily integrated with Defender for Endpoint, including on-premise solutions that can be onboarded to Azure with different subscription values. The integration will already onboard it to the device with Defender for Endpoint, along with additional features such as Just-in-Time Access, Defender for Vulnerability Management, and Control Sign-in Monitoring. These features provide robust cloud security monitoring and can be added to Defender for Endpoint. Moreover, Defender for Cloud is integrated with Defender for Endpoint portals, enabling a one-stop shop for onboarding devices with all the cloud posture management required for a single computer or software. This integration is highly beneficial, and other applications can be similarly integrated.

It is easy to integrate Microsoft Defender for Endpoint with other solutions.

These solutions seamlessly integrate to create a zero-trust platform, as offered by Microsoft. This platform ensures protection from various threats such as networks, applications, and infrastructure, with the added benefit of Microsoft Sentinel. The Sentinel tool combines threat analytics from multiple sources into a user-friendly workspace, providing optimal productivity. Additionally, sending logs from any of these products, including Sentinel, to the cloud connector is a simple process.

The integrated Microsoft security products offer comprehensive threat protection, such as Microsoft Defender for Office. With these products, our office is now able to identify and address email threats in a single platform, instead of checking each platform individually for application, identity, vulnerability management, and endpoint security. Moreover, these products can be easily integrated into a single workspace solution. With the help of pre-existing methods in Sentinel, we can efficiently handle a large number of alerts that we receive. Rather than going through each alert individually, we can activate a playbook that provides solutions for common alerts and takes actions in parallel to resolving them. This integration simplifies the process of achieving a complete security solution.

When we transition from on-premise servers to Azure ARC resources and activate Defender for Cloud Applications, it becomes easier to manage our servers from different networks, especially when it comes to security features. For example, we can check the compliance of our devices and organization with PCI DSS or other security protocols. Running compliance checks during the transition while syncing data with a different SL Cloud provides us with a significant amount of data and valuable information, including recommendations for improving compliance. This process involves bi-directional communication between devices, the cloud, Azure, and different network clouds.

Microsoft Sentinel allows us to easily ingest data from our entire ecosystem.

Microsoft Sentinel allows us to investigate threats and respond holistically from a single platform. Sentinel is both a SOAR and SIEM solution, meaning we can perform responses, but we must create a separate playbook for them. The default method may include some pre-built responses. The most important aspect is that if our company uses SentinelOne instead of Defender, we can still easily send logs through our Sentinel Workspace using API calls. This can be accomplished with a few connections, and we can create our own playbooks for different types of alerts. For example, if SentinelOne is not sending data, we can generate alerts of this type and respond accordingly. This significantly reduces user effort.

The security protection offered by Sentinel is extensive. It can be integrated with any Microsoft solutions, including information protection, and can be connected directly to Microsoft's threat intelligence sources and other resources. This allows for comprehensive protection.

Our clients have reported that Sentinel's cost and ease of use, in comparison to other stand-alone SIEM and SOAR solutions, are favorable. They find the user-friendliness of Sentinel to be worth the cost.

Microsoft Defender for Endpoint assists in automating routine tasks and identifying high-value alerts. We can automate actions based on the alert's sensitivity, and in case we are uncertain of how to handle those alerts, we have the option to seek assistance from a Defender expert. This feature is particularly valuable, as it can provide guidance in identifying and investigating such alerts.

Microsoft Defender for Endpoint helps eliminate multiple dashboards by giving us one XDR dashboard.

The solution's threat intelligence helps us detect and respond to threats proactively by identifying suspicious behavior.

Microsoft Defender for Endpoint has been instrumental in saving us time by alerting us about potential threats and automatically guiding us through the necessary steps to eliminate them. The solution logs all the actions taken, saving us from having to spend valuable time retracing the steps.

By detecting threats in advance before they can propagate, Microsoft Defender for Endpoint helps our organization save money. The tool helps to identify potential security risks early, preventing their escalation and the associated costs of mitigation.

Our detection and response time has improved. This is thanks to Microsoft Defender, which has Endpoint Detection and Response capabilities. Before, we used to manually create policies to address security incidents, but now the system can automatically remediate issues without us having to intervene.

The most valuable aspect is the information, specifically the automatic investigation of packages. For instance, during an automated investigation, data and information are collected. Additionally, there is an encapsulated view that shows the origin of the package, how it was propagated, and any blockages or attacks that may have occurred. The most critical factor is the information gathered regarding various types of incidents, including how they are mapped and propagated, and what actions should be taken in response.

Creating antivirus profiles for Linux is a more challenging task compared to other operating systems. The profiling method currently in use is not very user-friendly and has ample scope for improvement.

I have been using the solution for over four years.

Microsoft Defender for Endpoint is stable.

Microsoft Defender for Endpoint can scale effectively to meet the needs of our environment, regardless of its size.

The technical support team is highly knowledgeable, and in cases where they are unable to provide a solution, they escalate the issue to the second level of support. Their services are available around the clock, and if the assigned representative is unavailable, they promptly transfer the ticket to another capable person to ensure a seamless resolution of the issue.

Positive

I previously utilized SentinelOne, Kaspersky Endpoint Detection and Response, Symantec Endpoint Detection and Response, and Carbon Black CB Defense. However, I find Microsoft Defender for Endpoint to be more user-friendly than the other solutions. The information provided by Defender is valuable, and the deployment process is easy. Additionally, it offers several valuable features.

The complexity of deployment depends on the client's environment. The number of people required for the deployment depends on the number of servers the organization has. For example, in a deployment of 700 workstations and 500 servers, one full-time and two part-time consultants are required.

We implement the solution for our clients in-house.

We experienced a positive return on investment by using Microsoft Defender for Endpoint. This solution allows us to streamline our operations by consolidating all necessary components under a single umbrella and eliminating the need for additional vendors and extra costs.

Microsoft Defender for Endpoint is included with a Microsoft E5 license.

I give the solution an eight out of ten.

The most cost-effective and user-friendly option for security is a single-vendor security suite. This approach also eliminates the need for multiple integrations.

I recommend that organizations avail themselves of Microsoft's trials and demos, and compare Defender with other solutions in their environment to determine the best fit. With a Microsoft E5 license, organizations can access all of Microsoft's solutions and use whatever they need.

Our primary use case is for protecting Windows 10 endpoints. We use it for email scanning and application control, we can run analytics through it, and the product enables web content filtering. The Defender 365 package is all-encompassing now; it's a good product.

The solution is deployed across our whole business with 3,000 endpoints, including phones, laptops, tablets, and desktops, with 1,700 end users.

We use multiple Microsoft security products, including Defender, Defender for Cloud Apps, Identity Manager, and Intune. We have the whole security package.  

I was the infrastructure engineer who integrated the products, which was elementary; we rolled out via Intune and used SCCM to build the endpoints.  

The solutions work natively together to deliver coordinated detection and response across our environment, and it's better than using Symantec, for example. Defender is the best product out there; it's built into Windows, and it makes sense to use built-in products. This coordination is strategically important to us, as it makes passing knowledge on to the team easier because it's all in one place.   

The solution offers better management of endpoints when it comes to antivirus and malware. It allows us to separate the functionality of managing that security area rather than putting it with the infrastructure team. The infrastructure team handles the monitoring services. At the same time, virus and threat detection can go to the core security team, which takes a load off the infrastructure team and allows the security team to concentrate fully on security.

Defender for Endpoint helps automate routine tasks and the finding of high-value alerts. Once we set our rules, including attack surface reduction (ASR) rules, there's a lot of automation capability. We can apply definitions for all endpoints across our organization.  

The solution helped eliminate having to look at multiple dashboards and gave us one XDR dashboard, which positively affected our security operations. There are four staff in the department, so they appreciate this kind of management. They can see everything from one place, and our security picture is more integrated. They can even carry out basic auditing from the dashboard.  

Defender for Endpoint saves us time because we can quickly go in and search for issues raised by the security department and eliminate the threat. We have 3,000 assets, so it saves the network around half an hour and the infrastructure staff a couple of hours.   

The virus scanning capability is excellent, and it feeds all the logs into the Microsoft 365 Defender portal, making them easy to search for.

We can track web activity and see what users are logged into. The solution picks up a lot of information from machines and pushes it into the Defender 365 portal and Cloud App Security portal.

The product provides good visibility into threats. We can also log in anywhere, which is handy for the security teams.  

Defender for Endpoint helps us prioritize threats across our enterprise; we can configure specific rules concerning viruses, malware, and threat detection.   

In terms of the comprehensiveness of the threat protection provided by Microsoft security products, it's the best in the marketplace. The top three are Defender, Sophos, and Symantec; the others don't come close to these. 

The solution's threat intelligence helps us take proactive steps to prepare for potential threats before they hit because it tracks definitions and threat footprints from the cloud. These can then be identified and stopped at the front door, which is the whole idea of antivirus products these days.

The integration and effectiveness of email security could be better. It's already built-in to the solution and checks emails, scans the links they contain etc.

I've been using the solution since its first iteration came out in 2005, so about 17 years. 

The solution is scalable; we have it deployed across our entire organization to 3,000 endpoints, and 1,700 end users. 

The support is good; I don't have an issue with them. It's straightforward to go into Azure and raise a ticket, although you must know how to ask the right question.

Positive

As far as I know, my organization used Defender for Cloud Apps for a long time and Symantec for service. Symantec is configurable, but it isn't always quick enough to deal with threats, as it has different quarantining methods.

I installed Darktrace for a data center and prefer to work with MS security products.

I wasn't involved in the initial setup; I was a global admin.  

In terms of maintenance, the product is lightweight; any patches are downloaded automatically, and we can configure when they're installed in our patch definitions.

We have the E5 security license, and the solution comes with that.

I rate the solution ten out of ten.

We use Defender for Cloud and make use of its bi-directional sync capabilities, or use Intune, so all our computer objects are synced via Azure ID and pushed into Intune. This capability is there, and it functions, though there are more important features.

It isn't easy to say if the product saves us money and the business is not overly concerned about the cost of Endpoint. You get what you pay for, it's an integrated solution, and there isn't a better one on the market. It does the job, is configurable, and has limitations like all products.

Once Defender for Endpoint becomes more mature in a couple of years, it'll be the Holy Grail like Windows 7 was.

To a security collogue who says it's better to go with a best-of-breed strategy rather than a single vendor's security suite, I'd say Microsoft is the best of breed for those who want a unified approach or integrated solution. I wouldn't use other security products because it's not necessary. I'd integrate the Microsoft security suite anywhere I go.   

I use Defender for Endpoint every day, for example, when a user downloads an unwanted application, we get an alert. Sometimes we have suspicious processes in an endpoint, and we receive an alert for those activities.

Microsoft Defender for Endpoint helps in detecting different alerts and potential threats by providing alerts and timelines with detailed explanations, which is useful to understand and close or address the issues.

In Microsoft Defender, there is a security portal that allows advanced hunting. You can query and access useful information from logs and events, which is powerful and efficient. Additionally, the timeline feature helps in understanding which process launched what and identifying errors.

Sometimes, there are difficulties in downloading a file considered as malicious. We encounter a bug that requires several attempts to download, which is a bit of a challenge.

I have been working with Microsoft Defender for Endpoint since February, which is approximately eight months.

The stability of the solution is rated an eight out of ten. It is quite stable.

The scalability of the solution is rated as eight, suggesting it is reasonably scalable.

I contacted Microsoft support for personal use of Defender, and they were very nice, providing solutions quickly. This was a positive experience.

Positive

Before using Defender for Endpoint, I used SentinelOne. Defender is easier to use than SentinelOne.

For the initial setup, I’d give it an eight out of ten, suggesting it’s quite straightforward.

The price for Microsoft Defender for Endpoint is about three euros, which is considered reasonably priced. I'd rate it seven out of ten for cost.

I have previously evaluated SentinelOne before using Microsoft Defender for Endpoint.

I'd advise others to use Microsoft Defender for Endpoint because it's a good solution with many experts behind it. Additionally, it's compatible and easy to use with Windows environments.

I'd rate the solution eight out of ten.

We use it to protect our servers and endpoints, which include our employees' laptops and our own endpoint portal, where we see the single pane of glass reports. It is our first line of defense.

We have seen improvement in all our endpoint vulnerabilities, which is very crucial for us. If this had not been implemented, we would be in trouble because our endpoints would be unprotected. It has definitely improved the security posture of our organization.

Also, automated investigation, protection, and alerts have affected our security operations in a positive way. We get to see the vulnerabilities quicker, and we get to see the root cause analysis as well.

Defender for Endpoint has also eliminated having to look at multiple dashboards. The Endpoint portal is sufficient. It is easier for our security operations team to look at the vulnerabilities and reports and plan for remediation actions.

In addition, the moment the solution's threat intelligence provides a suspicious IP or a suspicious URL, we block it right away. We are more secure. It has helped our security operations detect things in advance and preempt any vulnerabilities.

We have seen productivity gains in terms of the mean time to resolve issues, on the order of 20 to 30 percent. We have the unified dashboarding and reporting, the investigation, and automated remediation. Saving 20 percent of our time translates to saving money.

The detection features are valuable, as is the fact that it is easier to port these logs into Sentinel. That is also useful for us. It is more comprehensive.

The visibility into threats that Defender for Endpoint provides us with is quite deep and mature. The threats that we find help us understand our vulnerabilities and remediate them if required.

Another very important point is that it prioritizes threats across our enterprise. This is important; the solution is the first line of defense. Defender for Endpoint is very crucial for our defense, considering that we all work remotely.

We also use Defender for Cloud, Purview, and Microsoft Sentinel; all of these are integrated and go into Sentinel. It was easy to integrate them because we are using Azure Cloud, and all of them are native to Azure Cloud. The connectors also make it easy. The fact that these solutions work natively together, providing coordinated detection and response, is very important to us. That is precisely why we got into Azure. This does provide us with a comprehensive view of the threats, incidents, alerts, investigations, and threat-hunting processes. Overall, it gives us multiple ways of securing things.

If the solution could be integrated more with Defender for Cloud, to be more unified, that would help. It is good now, but even more integration could be done with Defender for Cloud. We see two different portals. If Defender for Endpoint could be ported to the CSPM, Defender for Cloud, that would make things even easier for us.

I have been using Microsoft Defender for Endpoint for three years.

We have never had any downtime or any other issues.

We have scaled up to 3,000 endpoints, and there is scope for it to be scaled more. When more employees join or more departments come in, we'll be scaling up.

Defender for Endpoint's technical support is fairly good. We haven't encountered many problems with them. We initially had some problems when we integrated Sentinel, but that was resolved internally.

Positive

We did not have another EDR solution. We started with Azure.

The deployment was straightforward because it's all native. We are integrating within the Azure environment, so it is easy.

This solution specifically would have taken a week or so to deploy, but it was part of our overall deployment along with the other Microsoft products. After a week, we started utilizing or pushing the data into our security operations.

We had multiple servers and laptops that were endpoints to be protected by Defender for Endpoint, almost 3,000 endpoints. We had to go one by one. Initially, we implemented 500, and eventually we built on top of that.

It doesn't require much maintenance unless we add more endpoints. That's when we need to push it. Otherwise, there is not much activity involved.

It was all done in-house and required three full-time resources.

We have easily seen 20 to 30 percent savings, year on year.

They would have definitely evaluated other solutions, but the clear preference for a native solution is what made this stand out.

A single-vendor security suite has its advantages in terms of ease of porting, ease of connecting to the SOC, and also dashboarding. For ease of use, a single vendor strategy is valuable. But cost-wise, if you go for multiple vendors, you may be able to negotiate the cost, but that approach makes things difficult to integrate.

It detects suspicious malware and credential access issues, and it even maps to the Mitre ATT&CK framework. It's a pretty good product. Try it out and implement it as soon as possible.

We deploy the solution for our customers, typically with Plan 1, as they generally have E3 licenses. We also use Microsoft Purview, the compliance system consolidating every security aspect into its portal. This offers centralized management and tight integration with Azure and Intune, which are identity and device management tools, respectively.

Our customers have a variety of cloud providers; Azure and GCP are the most popular, but we have some AWS users too. 

We use multiple Microsoft security products, including Azure Information Protection and DLP, in addition to the other flavors of Defender, such as Defender for Cloud and Defender for Identity.  

We integrated all of these products and the integration was easy. 

These solutions work natively together to deliver coordinated detection and response across our environment, which is essential. The beauty of Microsoft is the tight integration of their various products.  

The solution helps us prioritize threats across the enterprise, which is essential for every organization. If a malicious actor or another type of threat gets into the network, we need to know exactly what's happening, how it happened, who triggered it, lateral movement, etc.  

Defender for Endpoint is a 360° solution that sees and covers all areas. Microsoft also has a zero-day protection framework, so they are thinking ahead.

The product decreased our time to detect and respond to threats.

Defender for Endpoint provides good visibility into threats and has favorable threat intelligence. 

The product helps us automate routine tasks and the finding of high-value alerts; it discovers all threats and categorizes them as low, medium, or high priority, then begins remediation automatically based on the threat severity. It's also possible to automate the isolation from the production network of a device infected with ransomware. As always, the workflows and configurations should be optimized based on the environment.

The solution's threat intelligence helps us prepare for potential threats and take proactive steps before they hit. Some bots take care of remediation and an automatic ticketing system whereby open items trigger tickets sent to the team concerned.  

The solution has minimal customization options, especially compared to Mandiant, so we want to see more scope for customization. A single portal for customization would also be a welcome addition. 

A high level of expertise is required to maximize visibility into threats as the tool provides the data, but it isn't crystal clear. Other products are more straightforward and user-friendly, so admin and management-level staff can easily understand the root cause of a threat, which isn't the case with Microsoft. The threat detection and response are there, but significant expertise is required if we want the same level of visibility provided by third-party tools.

There are some issues around ingesting data from MS Sentinel. If we configure Purview, then our compliance is configured for our entire Microsoft tenant, but the integration isn't easy, and there are some known challenges.

We can't see all the data in one place, so we have to log into different portals to access various data, and this needs to be more straightforward. We want to see a single portal with one URL, so those with the appropriate credentials can gain access and see the big picture regarding the threat landscape.

We've been using the solution for over five years. 

The product is stable. 

Defender for Endpoint is scalable.

The deployment was relatively straightforward, but one issue is the knowledge base articles are not particularly accessible.

Regarding implementation strategy, we do discovery, make an assessment, and match with business needs; then, we know precisely what we have to do and which license is required. We can then start the implementation and deployment.

For maintenance, two team members are sufficient to manage 5,000 users or devices. 

We're a service provider, so we carry out the deployments ourselves. 

We have seen an ROI. 

I'm not too familiar with costs as I'm an architect, though I know about online pricing, as I help two teams with online purchasing and procurement. Nowadays, everyone has an enterprise agreement, such as an E3 license, which we provide to our customers.

The solution saved us money. 

We evaluated many solutions, including Mandiant, Cortex XDR, McAfee MVISION, and Fortinet FortiClient.

I rate the solution nine out of ten, and I recommend it.

We use Microsoft Sentinel, and it allows us to ingest data from our entire ecosystem.

Sentinel enables us to investigate threats and respond holistically from one place, which is important to us.  

We want to find a solution that fits businesses of every size and type, but we primarily target small and medium-sized enterprises. 

Defender helps us prioritize threats across the organization. When we needed to update the patches on our endpoints, we could look at all the patches and see what still needed to be fixed. We could decide whether it's necessary to address something urgently or deploy it as part of routine monthly maintenance. It's crucial to have the insights and a report that I can show to an executive to demonstrate that we need to act fast. This is less common because most people accept your hotfixes and patches when they come out, especially monthly security updates. However, some older shops might be like, "I'm running Windows 10. No one's touching this." We still need to service and support those machines, too. 

The solution helps us automate routine tasks and alerts. There's a dashboard where I can see the statuses of my machines in the environment. It helps us breathe a little bit easier. We're responding to businesses that had shifting needs during COVID. How can we be more proactive and help them to be more proactive? We shifted from traditional PC antivirus software to stuff that's totally different. I can't say it's "set it and forget it" because that implies a lazy mentality. However, I know I have a level of protection that I can have faith in. 

Defender helps us be more proactive. I find value in the zero-day threats that get fixed from Microsoft bug fixes or security updates. I can read and research about those zero-day threats from Microsoft's public site without digging too deeply into the Defender side of things. 

We've saved some time with Defender for Endpoint because we were doing a lot of unnecessary remediation with the other products. We had a series of servers that our previous product was installed on. It would blue-screen the server at random, and you can't have that. I'm not worried about Defender impacting my system stability. We put a lot of high-performance systems out there, including PCs and backend compute. I want to ensure we won't be overburdened by unnecessary security software that may not be giving me the protection I want.

Defender's reporting saves us four hours to eight hours each month. It has many of the standard reports we need built in, so it's effortless to generate and pull from. The time we save in other areas isn't as easy to quantify. I don't have to worry about the stability of a box or a computer cluster. 

It has decreased my detection time. On Wednesday, I got emails notifying me that new vulnerabilities were detected. They weren't new, but they were newly disclosed because patches came out for them. It has enabled us to react much quicker. 

I like Defender's reporting and logging features. The email alerts are also helpful. It's hard sometimes to sift through the email, especially if you're an IT firm managing hundreds if not thousands of endpoints, but we find email reporting useful. For example, last Tuesday, we learned of new vulnerabilities that were discovered as a result of the previous patches. The endpoints without those patches triggered alerts in Defender.

Defender ties into the Microsoft 365 portal where many shops spend a lot of their time doing password resets or other tasks. There is much more in the Azure portal too, but the 365 portal has a list of open issues, bugs, and necessary remediation steps. If I'm working on my security score, I have all of those on an active list, which is nice.

Defender should be more accessible for small and medium-sized businesses. You have some organizations that maybe have a hundred employees, and they're focused on making their widgets. That's their nine-to-five every day. They're not thinking about that security side, but maybe they're already invested in 365 or the Azure ecosystem and having Defender as an add-on makes sense from a price perspective. It's easy to deploy, but it could be easier for some of those smaller businesses to onboard endpoints.

The onboarding and deployment could be more user-friendly, and there is room to grow in some of the reports. I don't want them to be oversimplified or overly complex, but there is room for improvement in the reporting it can do. It's relatively minor.

We have used Defender for Endpoint for the last 18 months or so. 

Defender's stability is one of the things I love most about the solution. 

There are no limitations on Defender's scalability. I get the impression that it's designed to cater to massive enterprises with 20,000 or more endpoints, but I think there's a market for a simpler deployment, like 100 PCs, 10 servers, etc. Give me a deployment option that's simple. 

I rate Microsoft support eight out of 10. It's good overall, but it can be hit or miss depending on your issue, and sometimes you don't get the right level or technician. All of my 2023 support experiences have been stellar, but 2022 was a little inconsistent. 

Positive

The company evaluated other solutions in parallel and in tandem with it. Our trajectory shifted slightly during COVID-19, so we explored that more. We tried ESET and SentinelOne for a while. But those are apples-to-oranges comparisons. Defender for Endpoint is geared toward common reporting,  notifications, and backend stuff, whereas SentinelOne is designed to lock machines down. It has many more tendrils deep within, so they're not great comparisons. 

We decided to go with Defender because we're pretty heavily invested in the rest of the Microsoft Stack, so it made sense. However, we wanted to do our due diligence because we're already using other products. We wanted to ensure we were picking the best of breed for our customers fair enough.

We were having issues with other products like ESET, SentinelOne, and Symantec. SentinelOne is just too deep and heavy. It's like trying to shoot a fence post with a missile. It was too much. We rely on the product and trust it. It takes a little while to get there, but once you trust a product, you can move on to the next thing and know you're protected.

The onboarding process could be more straightforward. I wish the onboarding were simpler. It seems a little more ethereal than, "Hey, here's your executable, put this on every machine." That would be easier for a small shop. We're still deploying into a lot of our sites. It didn't take long at all, but it takes a while to get fully ready to deploy, 

Defender's pricing is competitive. There are ways to negotiate a better price with Microsoft or your reseller as your business grows. You can say, "Hey, I bought 365 Business, then E3, and E5. Now, I'm buying Defender, so give me bulk pricing."  There are opportunities to save as you grow that wouldn't exist if you picked a different vendor.

I rate Microsoft Defender for Endpoint eight out of 10.