Microsoft Defender for Endpoint Reviews

We use it as an Enterprise Detection and Response (EDR) solution. We use it for compliance purposes, and we are starting to use it for DLP purposes.

Microsoft Defender for Endpoint allows our threat hunting and threat remediation teams to reduce the footprint of viruses when they come on the network.

We have immediate visibility on all endpoints. It is very good at visibility.

For prioritizing threats across our enterprise, the threat-hunting system in Microsoft Defender for Endpoint is not top-notch. We usually integrate it into things like our SIEM or Sentinel or other things to prioritize or our SOAR system to automate.

We can feed the alerts coming out of it into our XSOAR system to immediately act on events versus waiting until people see them and use the ticketing system.

Microsoft Defender for Endpoint has saved us time. It has saved us at least 40 hours a week. We are able to automate and have the ability to handle threats on an enterprise with 50,000 devices.

Microsoft Defender for Endpoint has not saved us costs. It is a Microsoft product.

Microsoft Defender for Endpoint has reduced our time to detect and respond. By going from a manual process to an automated process, depending on the severity, the time reduced has gone from minutes and days to seconds.

The endpoint detection of threats is valuable. The initial detection of things like ransomware and viruses and being able to shut down machines immediately and stop a threat is valuable. We can stop a threat at a source versus allow it to propagate it across the network.

The product itself does not necessarily need improvement, but the support and implementation of the product are the disaster cases. Instead of being able to go back to Microsoft and ask how to do something, we have to work with a vendor who does not exactly know how to do that and has to go to Microsoft to say, "How do we do this?" so that they can answer our questions. There are a lot of things in relation to various compliance standards such as CIS. The primary levels of support of Microsoft do not know or cannot implement that. Working through vendors is time-consuming. It is a painful process to get back to them to get the answers.

I have been using Microsoft Defender for Endpoint for three years.

We have never seen any downtime in it, so it is incredibly stable.

It is incredibly scalable. However, its ability to bind things into the groups on its dashboard is limited. You can see your 50,000 machines empire, but dividing it into regions, and dividing it into subgroups and management areas is very limited.

It is deployed across the world. There are 250 sites worldwide with 50,000 devices.

I would rate their support poorly. I would rate them a two out of ten.

Negative

The history would be a Symantec product, but I do not remember what it was. Then we went up through Azure ATP to Microsoft EDR. 

I was involved in its deployment and initial setup, but I was not a part of PoC at the time. The deployment was very easy. We pushed it out with SCCM.

Our implementation strategy was PoC, small user groups, and then wide or regional deployments.

We have on-premises and cloud deployments. It is an endpoint protection platform. It goes on any endpoint that we have or that we have running. It could be an endpoint that is sitting in the cloud. It could be an endpoint that is sitting on-prem. We use Azure, GCP, and AWS. There is also some limited rack space from IBM.

We used CDW.

We have reduced man hours using the product. We have definitely been able to leverage automation with it more than other products that we have used previously and other products that we are using.

I recently switched from education to private business, and all I can say is that private business licensing from Microsoft is not cheap until you hit certain quantities or scale. That does not mean that it is not comparable to other industries. It is similar pricing, but it is still crazy to me how much you pay for a client. I feel it is high, but it is in line with other vendors.

We evaluated Cortex XDR, Carbon Black, and QRadar or whatever that solution was from IBM.

The Microsoft ecosystem is the main difference. Everything under the umbrella of the Microsoft security toolkit makes life easier when all the systems talk together nicely.

To those evaluating this solution, I would advise first figuring out what your needs are. Figure out what levels of granularity you need in the system to see if it will support your needs. For example, if you have something like department-level control over devices, you might want to look at another system versus a central security solution that controls all devices. Beyond that, make sure your machines have the resources necessary to support the features you turn on in the environment. A lot of the resources in Microsoft Defender for Endpoint can be shut down for slower machines and older machines.

I would rate Microsoft Defender for Endpoint a solid nine out of ten.

We use Microsoft Defender for Endpoint to prevent traffic attacks. The solution displays each attack through Symantec. Therefore, we do not need to develop any use cases. It will detect anomalies using machine learning in Defender for Endpoint. It collects logs from the sensor, which include all mission data from the Windows sensor. The machine logs will then be sent to the cloud for analysis, and for every anomaly found, an alert is generated in our console.

Microsoft Defender for Endpoint provides comprehensive threat visibility. It allows for file analysis, checking unsupported files in the system, and accessing the Mission Live console. Unused files can be deleted, and suspicious files are analyzed and checked for viruses on the platform. In cases where a file has numerous detections from different security vendors, it is quarantined, blocking it in the organization. Care is taken to avoid quarantining legitimate files to prevent disruption. Additionally, there are numerous advanced configuration options available.

It helps us prioritize threats across our entire enterprise. We receive notifications for any advanced threats and can also identify if there is an advanced threat within our organization. Additionally, we can view the different priorities, such as high, medium, or low, and understand the severity of the alerts. For high and medium alerts, we can take immediate action, such as isolating the machines from the network.

We also utilize Microsoft Elastic Cloud and EnCase. I believe the integration is straightforward, but I was only responsible for monitoring after the integration had been completed.

Microsoft offers four products that can seamlessly work together and be accessed through one console. These products are Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, and Microsoft CloudApp Security. With the appropriate license, we can subscribe to all four solutions from the Microsoft security website.

Sentinel allows us to collect data from our entire ecosystem and seamlessly integrate the log files with an API.

Microsoft Sentinel allows us to investigate threats and respond swiftly from a centralized platform. We possess the capability to generate customized queries and delve deep into the logs.

Microsoft Sentinel also has built-in SOAR, UEBA, and threat intelligence capabilities. The playbooks make the security analyst's job much easier. If there is unwanted software, we can configure a notification from the playbook to send the user a message or block the IOCs.

Defender for Endpoint aids our organization by enabling us to monitor the antivirus status on devices to ensure they are up-to-date. We can also access vulnerability details that we can share with the vulnerability team to promptly apply necessary patches. Additionally, it allows us to identify any pending configurations, streamlining our security analysis process.

It helped eliminate having to look at multiple dashboards and gave us one XDR dashboard for everything.

Microsoft Defender for Endpoint's threat intelligence assists us in proactively preparing for potential threats before they strike. Any threats detected by Microsoft Defender for Endpoint are automatically blocked, while for those that are not, we have the option to block them manually.

I find the vulnerability management section of Microsoft Defender for Endpoint to be very useful for organizations. It provides details on vulnerabilities, connection, and software vulnerabilities, and identifies any unauthenticated extensions. The Secure Score option is also helpful for reviewing configurations. In a project to improve Secure Score, we reviewed configurations on a weekly basis and implemented changes gradually. Each section (Identity, Endpoint, Encryption) can be configured phase by phase, and the changes are tracked through a graph. Comparing our Secure Score with other organizations is also possible. From a security perspective, Microsoft Defender for Endpoint is easy to understand and facilitates advanced investigations.

The time to generate certain alerts on our dashboard can take between 45 minutes to an hour, and I am unsure of the factors that influence this duration. When I analyze the logs, I notice that some incidents occurred an hour before the alert was generated and sent to the console. This suggests that we are not detecting threats in real-time. Additionally, we encountered another issue with the dashboard while monitoring multiple organizations. One organization received a notification that 70 of their machines were at risk, while the other organizations only had five or ten machines at risk. Upon checking all 70 machines, we found no alerts or vulnerabilities in the logs. We submitted a ticket and provided the logs to Microsoft, but they were unable to offer a proper explanation for the triggered alert on those machines being at risk.

We were experiencing high CPU usage issues on the servers and found that Microsoft Defender for Endpoint was the root cause. We reached out to Microsoft and, after two weeks, they provided us with a solution to edit the registry keys and update the software.

I have been using Microsoft Defender for Endpoint for two years.

The stability is good.

The technical support team is good.

The initial setup is simple. We can deploy using Microsoft SCCM and provide the onboarding package to SCCM. 

There are different licenses, such as E3 and E5. With an E5 license, we can access all the solutions, which is better, but the cost is high. However, it is still valuable from a security perspective.

I give Microsoft Defender for Endpoint an eight out of ten.

We deployed Microsoft Defender for Endpoint and CrowdStrike together in one organization. While Microsoft Defender for Endpoint displayed valid alerts, there were no alerts in CrowdStrike.

We use it for threat protection.

It protects my endpoints from malware and viruses. Those benefits were immediate.

And the automation of routine tasks, such as finding high-value alerts, had an immediate impact because I can see all the threats in a single console, and how they are mitigated.

It has also definitely eliminated having to look at multiple dashboards, giving me one XDR dashboard. It's really effective because it is very tough to handle two different dashboards or environment consoles. The single console gives me a one-shot view of the whole infrastructure, security-wise.

The solution also saves me time because there is no need to install it on all the machines. That is automated. Even the mitigation is sometimes automated, which definitely saves time. It saves me about 90 percent of the time I would otherwise spend on these things.

I have also seen a clear improvement in time to detect and respond. It is instant.

The solution's threat protection is mostly AI and machine-learning based. That is the most important feature of the product. It also offers centralized management so I can remotely manage devices.

In terms of visibility, it gives me all the threats. They are showcased in the management portal. I check there and it's nice.

We also use Microsoft Intune and Azure Information Protection and have them integrated with Defender For Endpoint. The integration was moderately difficult, slightly confusing, but it can be done. But the solutions work natively together to deliver coordinated detection and response. That is very important. Integration is one of the main things I look at. The fact that they work together is the best thing. The threat protection these solutions provide is very comprehensive and very detailed. They cover different aspects and layers of security and that's why it's very important to have them integrated.

The automation could be simpler on the mitigation side. It has a learning curve. Otherwise, it's pretty easy.

I have been using Microsoft Defender for Endpoint for one and a half years.

It is a stable solution.

It's also scalable.

If I have any issues I can relate them to support. But they are quite slow in responding.

Neutral

We used Sophos and we switched because of integration. 

It's deployed on the cloud and the setup is quite fast. I just needed to add the machines and the deployment happened quickly. Within a day, we were up and running. It was straightforward and involved two people.

There is not much maintenance required.

We have definitely seen ROI, due to the fact that I only have one dashboard and one solution. Our ROI is around 20 percent.

The cost is high, compared to other products in the market, if you look at it as a separate product. If you look at the cost where it is part of a bundle, the cost is okay.

Defender for Endpoint doesn't really help to prioritize threats across the enterprise. It's more of a basic threat protection solution. It's more of a reactive approach, once something hits.

With a single vendor, it's much easier to detect alerts and threats beforehand. Having a single vendor helps.

I would recommend Defender For Endpoint. If you are using other Microsoft products, together, this is a better security solution.

We use Microsoft Defender for Endpoint to secure our customers' networks. One of the main reasons we chose this solution is its seamless integration with other Microsoft products, including Security. This integration enables the efficient exchange of signals and facilitates incident investigation and correlation with other security measures. Therefore, we recommend Microsoft Defender to our customers for robust endpoint security. 

Microsoft has been recognized as a leader in Gartner reports for two consecutive years for their exceptional threat-capturing abilities within their division. In comparison to other solutions, Microsoft Defender Endpoint Security offers a wide range of features, and the benefit of integration with other solutions makes it a more powerful product. This is in contrast to individual products from separate vendors, which lack default integrations and may not offer visibility over other endpoints in our environment.

The solution provides a high level of visibility into threats and is integrated with other solutions such as Microsoft Defender for Identity. This integration enables the solution to receive signals from Microsoft Defender for Identity, which are then relayed to users who attempt to log in to an infected device. If the threat originates from Microsoft Defender or Office 365, users are alerted and advised not to open any suspicious links or attachments. This integration greatly enhances the investigation experience and is extremely useful in the detection and analysis of potential threats.

Microsoft Defender for Endpoint helps prioritize the threats across our organization.

The automatic investigation response is the key feature of Microsoft Defender for Endpoint. It enables us to concentrate on the critical incidents related to the endpoint or machines. This capability enables the security team to focus on the most significant alerts or incidents related to the device's self-analytics. Prioritizing our investigations and responses with Microsoft Defender for Endpoint is crucial.

The integration with Microsoft solutions is smooth, and integrating with other products can be done with just one click.

In most cases, the solutions work natively together to deliver coordinated detection responses across our environment, which is very helpful.

The comprehensiveness of threat protection offered by Microsoft's solutions is extensive. These solutions can thoroughly investigate all resources in an organization when deployed correctly according to best practices. They can detect any threats related to email, endpoints, and identity attacks, whether on-premises or in the cloud.

Microsoft Defender for Endpoint has been instrumental in enhancing our organization's operations. It detects the majority of threats aimed at our devices, aiding us in our efforts to combat threats. Additionally, it expedites the investigation process by running playbooks on incidents. This saves us time and increases efficiency. Furthermore, the integration capabilities of Microsoft Defender for Endpoint allow us to address the source of the threat by partnering it with other solutions. Microsoft Defender for Endpoint can be integrated with Microsoft Intune, allowing us to provide device signals to the latter. This permits us to grant or deny access to specific sources based on device signals.

The solution assists in automating routine tasks and streamlines the identification of high-value alerts. When used in conjunction with Microsoft Sentinel, which is highly effective in detection and comprehensive investigations, the quality of high-value alerts is excellent.

Microsoft Defender for Endpoint has eliminated the need to access multiple dashboards and provided us with a single XDR dashboard. Instead of logging into five different portals to investigate a threat, we only need to access one portal, Microsoft Defender for Endpoint. This portal collects signals from various solutions and integrates them into a single incident, providing a comprehensive view of the detection from different sources in one place. This improves our visibility and simplifies the threat investigation process.

Having a consolidated dashboard saves us a significant amount of time by eliminating the need to log into multiple portals. This single portal can be used for investigation purposes and can relate to various aspects. It simplifies the process of monitoring a multitude of sources or resources in the environment, making it easier to detect and investigate potential issues. A consolidated dashboard improves collections and visibility, streamlining the investigation process.

The threat intelligence provided by the solution helps us prepare for potential threats and take proactive measures before they occur. Many of Microsoft's security solutions now depend on Microsoft's security intelligence. The ISG collects signals from various products worldwide, providing extensive information on recent global threats targeting different products. Integrating with Microsoft Defender for Endpoint, this information is particularly helpful.

The solution has helped us save time. I suggested that we check Microsoft Defender for Endpoint daily to review the latest incidents that occurred during the process. We can quickly examine the incident and then take action based on the recommendations provided by either Microsoft Defender for Endpoint or Microsoft 365 Defender, as it consolidates the signals.

This solution is cost-effective since we would otherwise have to pay for multiple licenses if we were to use various solutions. Additionally, we prefer not to subscribe to multiple vendors for different services. By integrating these features, we save time, and they are already integrated by default, unlike other vendors who may not offer this feature or integration.

Real-time detection and cloud-based delivery of detections are highly efficient. I have deployed the Microsoft Application Control which I found to be very effective, albeit difficult to deploy. I have implemented point guard and attack deduction rules which enable me to identify attack locations effectively. Microsoft Defender for Endpoint has several excellent features, and the correlation of alerts and investigation experiences within the platform helps lead investigations

The application control feature requires improvement. It is currently challenging to detect and fine-tune the application control policies. A better GUI is needed for configuring the policies, beyond the current partial console, such as a third-party or Microsoft tool. Additionally, more documentation is required for the application control section as there is currently none available in Microsoft's resources. This lack of documentation can make the process confusing.

The policy configuration has room for improvement. Currently, we require additional solutions to configure policies for Microsoft Defender for Endpoint. We need either Microsoft Intune or a new policy object. It seems many individuals find this process confusing. It is perplexing to me why we must configure policies using different solutions when ideally, we should have all configurations for Microsoft Defender for Endpoint in a single portal. It would be more practical to configure policies directly within Microsoft Defender for Endpoint, rather than using external solutions.

I have been using the solution for three years.

Microsoft Defender for Endpoint is stable.

Microsoft Defender for Endpoint is scalable.

I previously used Trend Micro Apex One, but I've found that Microsoft Defender for Endpoint has more benefits. Although I haven't worked with the full suite of Trend Micro, I believe that their Suite is also highly effective. However, I have experience using the full suite of Microsoft Defender, and I find it to be a more powerful tool for threat detection. While Trend Micro Apex One is easy to implement, has a seamless implementation experience, and is superior when it comes to policy configuration; For threat detection capabilities, Microsoft Defender for Endpoint is stronger.

The initial setup is straightforward because we just need to onboard devices, through a script, employment, onboarding package, or any other MDM Solution like Intune. The deployment takes between four and eight hours and requires a maximum of two people.

We implement the solution for our customers.

Microsoft Defender for Endpoint can be costly as a standalone solution. However, when included in a bundled license with other Microsoft solutions, it becomes a cost-effective option. Microsoft Defender for Endpoint provides excellent value for our organization.

There is an additional cost for Microsoft Premier support.

I give the solution an eight out of ten.

Microsoft Defender for Endpoint is deployed across multiple locations and departments. The solution can be used for enterprise, medium, and small businesses but can be expensive for SMBs.

To achieve success with Microsoft Defender for Endpoint, it is crucial to establish best practices and ensure full deployment without causing any disruptions to business productivity. Simply enabling all features without understanding their impact could lead to interruptions in productivity. By adhering to best practices and carefully assessing the impact of each policy, we can ensure a smooth and effective implementation.

Microsoft Defender for Endpoints supports any changes to file permissions, file access, and modifications to file delivery, as well as anti-virus and anti-malware protection. We enable Microsoft Defender on subscription. We depend on the solution for anti-malware, antivirus, and threat protection.

Regarding visibility into threats, Automatic integration enables Microsoft Defender on the level of subscription on the virtual machine. On the level of resources, and OS services, the direct integration between Azure Resources and Microsoft Defender is very smooth. The solution is perfect compared to using third-party software such as antivirus, Symantec, or any other option. We may face some issues in some integrations, but Microsoft Defender for Endpoint integration with Azure Resources is much better than trying to integrate with other solutions.

We use additional Microsoft solutions such as Gateway which is automatically integrated with Microsoft Defender by enabling it from the portal.

The integrated Microsoft products we are using work together to provide a coordinated detection response. The logs are all integrated and sent to a Log at network spaces. Level network spaces and Azure Monitor are already integrated with Microsoft Defender, and if an alert appears in the environment from a firewall, the web, or any other security component, it will automatically generate a security alert on Microsoft Defender. Microsoft Defender becomes the interface or supporter that manages all the security alerts in the environment.

All of our subscriptions are on the Cloud. We don't use anything on-prem. Microsoft Defender is a portal that manages all Endpoint Defender resources in an environment. This includes Defender for Endpoint on virtual machines, Defender for Cloud, Defender for App Service, and any other Defender resource.

We integrated Microsoft Sentinel with Defender Endpoint enabling us to ingest data from our entire ecosystem.

We utilize the interface for our Security Environment. We don't install any other third-party products such as Microscan at the outset, but we are a partner of Microsoft, and we only use Microsoft products.

We act according to the automatic alerts triggered by the Microsoft Center.

Microsoft Defender for Endpoint helps us eliminate the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription and the vulnerability that needs to be remediated for each resource.

Having a consolidated dashboard allows us to address the vulnerabilities that automatically appear on the portal sooner using the recommendations provided by the solution.

Microsoft Defender for Endpoint automatically protects our environment once a virus or malware is detected without any action from our end.

Microsoft Defender for Endpoint has saved us time detecting viruses, but we still have to manually manage any viruses related to the Windows updates batching in order to fix vulnerabilities on a monthly basis.

The solution has decreased our time to detect and respond to threats. Microsoft Defender for Endpoint should secure the environment automatically. We just act when any threat is detected on the back end by the SOC team.

File protection is the most valuable feature. Antivirus security on the Level OS, Microsoft Defender, and Microsoft Guard for 2019. 

Threat protection is a critical part of Azure security and is managed under the umbrella of Microsoft Defender. All threat protection services work directly with the Microsoft Defender agent or the Qualys vulnerability scanner.

Microsoft Defender for Endpoint is enabled on the machines to automatically route tasks and help us automate the findings of high-value alerts. The alerts appear on the security alert under the Microsoft Defender for Cloud.

The solution should be updated by Microsoft with new features from time to time. The backend may have been changed to be more stable and secure, but there have been no major changes to the portal itself.

For the next update, I would like a link that connects directly to the resource, instead of having to connect manually. This will make it easier to identify any issues related to App Service.

I have been using the solution for four years.

The solution is stable.

The solution automatically scales to our requirements and we currently have plans to scale up.

The quality of Microsoft's technical support depends on the service type. Some services are okay, and some are not. Sometimes we open a case and get the result the first time, and sometimes it takes more than one session.

Neutral

The initial setup is straightforward and takes about an hour.

We enable all subscriptions, which come with free basic services, and we can upgrade to premium services by selecting the required resources. If we have Azure Sequel, or infrastructure, such as virtual machines, we enable it at the virtual machine level. We enable services according to the current resource.

The implementation was completed in-house by a team of two people.

Bundling our Microsoft products is more effective and cost-efficient.

The license cost is around $35 per machine, which is not expensive compared to other products. In addition to the solution's license fee, Azure DevOps Standard costs around $30,000. I believe this is too expensive and hope that the cost can be lowered in the future.

I give the solution a nine out of ten.

The solution is used for a website and is deployed in one location. We have 1,000 users.

Maintenance is completed once a month for batching the products in the environment for Sequel, SharePoint, and Microsoft products. Two people are required for the maintenance.

Microsoft Defender for Endpoint is a very good solution. I recommend the solution to others and suggest using only Microsoft products in order to receive all the support from one place.

We use Defender for Endpoint to secure our Windows 10 endpoints and Windows servers. We use Microsoft Defender as an antivirus, and we also leverage the EDR capability. If any malware or threat is present, Defender can take action on those threats and remediate if there are any malicious actors present in our environment.

It is deployed on-premises, on the cloud, and on multi-cloud solutions like AWS on Azure. We have a diverse, global environment with devices or servers in Europe, the US, and the Asia-Pacific region, except for China.

One feature I like the most is vulnerability management, which shows any vulnerable software or OS present in my environment. Microsoft Defender for Endpoint provides a complete overview and also recommends the steps to mitigate the vulnerabilities or threats. Most of the other antivirus or EDR solutions generally don't provide vulnerability management. It is an add-on that Microsoft Defender for Endpoint provides.

Also, because of this solution's EDR capabilities, we can determine what we want Microsoft Defender to do and then automate the entire process. We have already enabled these automated response capabilities and are leveraging them.

The visibility into threats that Microsoft Defender provides is very detailed. If we want to investigate how a threat was initially integrated into our environment, we can do that with a detailed activity timeline. It will be across the servers or Windows Endpoint, so we will be able to see the correlation and gain a complete picture of any threat within that timeline.

It helps us prioritize threats across our enterprise to a certain extent. Whenever there is a threat, we'll get a risk score along with the level of severity. We will then be able to see whether the threats are of high, medium, or low severity and can prioritize them accordingly.

Prioritization is really important to our organization because with 100,000 people working, we see an immense number of threat alerts including phishing, identity, and other kinds of threats. We have a limited number of people working in security operations centers, and we may see 30,000 alerts come through. Therefore, it's very important for us to prioritize those alerts so that we don't end up working on threats that are not important and miss critical alerts.

Along with Microsoft Defender, we also use Microsoft Defender for Cloud Apps, Microsoft Defender for Cloud, and Microsoft Defender for Identity. Integrating these products is quite simple. You just toggle the button, and the integration will be turned on. Once you have turned on integration, you will see feeds from the other portals. That is, if I get something in Defender for Identity, then I will be able to see relevant items in the Defender for Endpoint portal as well. It's out-of-the-box integration, and no additional measures are required.

These solutions work natively together to deliver coordinated detection and response across our environment. They work in the background and share common intelligence with each other and provide correlated feeds within these portals. They provide comprehensive threat protection.

When the integration is in place, it eliminates the need to look at multiple dashboards. Initially, we used to have different portals for incidents, but now, we have one central console. We can see alerts and incidents from Defender for Cloud, Defender for Identity, etc. It saves us a lot of time because our analysts don't have to spend time looking at different dashboards or consoles.

In terms of preparing for potential threats before they hit and taking proactive steps, the feeds in Microsoft Defender for Endpoint help us detect zero-day vulnerabilities or any ransomware. The threat analytics show us what the current and upcoming threats are. I can get the indicators of compromise from that particular list and can prepare my team on how to act on those particular threats. It has helped us to become more efficient.

Overall, this solution has helped us save 30% to 40% of our time.

Also, our time to detect and respond has decreased by around 40 to 50%.

One major item for improvement is the ability to add exceptions. We can add some exceptions, but not at the level we need to.

The second major area for improvement involves enhanced capabilities for different operating systems or platforms. That is, even though we have coverage for different operating systems or platforms such as Linux, we don't get all of the controls and enhanced capabilities that are available with Windows devices.

Reporting could also be improved because, at present, we get limited results at times. For example, in an environment with more than 100,000 devices, you may just get 10,000 results when you run a report.

I've been using it for close to four years.

It's not very stable because Microsoft keeps making a lot of improvements as it's a new product. For example, today I might see something on one page, on another day, it might be located on some other page or portal. However, I have seen stability to some extent over the last couple of months.

It's definitely a scalable solution. Almost all of the users in my organization, close to 70,000, use this solution.

Technical support is an area that needs a lot of improvement. Microsoft does not have the right people who can help with any challenges or problems, and ultimately, we end up finding the solutions on our own rather than relying on them. They take a lot of time to work on a support case, and we can't find the right level of support as well. Therefore, on a scale from one to ten with one being the worst and ten being the best, I would give technical support a rating of four.

Neutral

We have seen a return on investment in the last few years in terms of our organization being protected against threats.

Microsoft Defender for Endpoint is cost-effective because there's one unified license, and with this unified license, you get the capabilities for your cloud applications, servers, and endpoints as well. Therefore, it saves us a lot of money because the cost with other solutions is for just one piece of OS or maybe an urban environment. The licensing process is not complex as well.

Your use cases, how your organization is configured, and what your infrastructure is like will determine whether you go with a best-of-breed strategy rather than a single vendor's security suite. From a cost perspective, I think it's better to just go with one technology because when you have two technologies in place, there may be conflicts with policies that may result in additional time spent investigating.

However, if an organization has a high number of macOSs and they have a lot of Linux servers, they may choose to go with two technologies if Microsoft Defender doesn't provide a complete set of security capabilities.

Before you implement the solution, first see what your use cases are and what you're actually looking for. Then, define your environment and what you're going to protect first, whether they be application servers or just endpoints. Then, you can have a detailed discussion with the implementer or vendor.

On a scale from one to ten, I would give Microsoft Defender for Endpoint an overall rating of seven.

We use Microsoft Defender for Endpoint as our EDR solution on all of our user endpoints.

Microsoft Defender for Endpoint provides comprehensive visibility into endpoint security. I've been impressed with its ability to detect and monitor threats without any noticeable gaps in coverage.

We use the entire suite of Microsoft products, which are all integrated. Integrating them is very easy. However, getting them to function as expected after integration was a little more difficult.

The integrated solutions work together to deliver detection and response. However, their behavior may not always align with our expectations.

The implementation of Microsoft Defender for Endpoint has enhanced our organization's security posture by augmenting our visibility, particularly through the integration of MDE, Sentinel, and Defender for Cloud Apps. Additionally, Intune, when utilized in conjunction with these products, provides comprehensive insights into identity and device risks. The deployment began about three years ago before I joined the company. In terms of EDR or just basic visibility, that was achieved within the first year or so. However, we are still working towards a holistic vision of visibility, especially with Defender for Cloud Apps.

Microsoft Defender for Endpoint consolidates multiple dashboards, as all of our security products are Microsoft-based, simplifying our security management.

Microsoft Defender for Endpoint has saved us time compared to our previous solution, which was an on-premises Trellix EDR solution. This is especially evident in the areas of maintenance and operations.

Microsoft Defender for Endpoint's WCS function, a content filtering solution, has proven to be the most useful, stable, and reliable option for our current needs.

Defender for Cloud Apps is one of the most significant products that Microsoft could improve. We've encountered several limitations with Defender for Cloud Apps, such as the inability to create custom cloud applications and add URLs. These features would be valuable for the scoping feature in Defender for Cloud Apps, as each application can currently only have one scope. It cannot have multiple scopes, meaning that an application cannot be blocked for some device groups and allowed for others. This is another limitation we've encountered frequently.

The technical support is slow to respond.

The product development team makes frequent changes that affect the stability of the solution.

I am currently using Microsoft Defender for Endpoint. 

Microsoft Defender for Endpoint is generally stable, but the frequent product changes made by the development team have caused several instances of unusability this year. These changes often introduce bugs that disrupt web functionality, bringing it to a standstill. While the product itself is stable when not affected by these bugs, the recurring issue has occurred three or four times in the past year.

Microsoft Defender for Endpoint is as scalable as any other cloud-based EDR solution. I would give the scalability a nine out of ten.

The technical support is slow to respond and very log-focused.

Neutral

The deployment process is straightforward. We can utilize a script for Intune that can be deployed through SCCM.

The base price for an E5 license, which includes Enterprise Mobility + Security E5, is $57 per user per month. However, there are additional costs for certain security features, such as Premium Threat and Vulnerability Management and Insider Risk Management.

I would rate Microsoft Defender for Endpoint six out of ten. The support and product development team need to improve.

We have deployed Microsoft Defender for Endpoint across the globe on all of our endpoints.

Microsoft Defender for Endpoint updates itself so there is no need for maintenance.

It is advisable to always exercise patience with technical support and occasionally guide them in the right direction. Otherwise, they may become overly focused on irrelevant logs. Additionally, it is crucial to always have a contingency plan in place in case Microsoft Defender for Endpoint encounters unforeseen challenges.

The effectiveness of both best-of-breed and single-vendor security suite methodologies hinges on seamless integration. When products integrate effectively, they provide a unified view of the security landscape, enabling comprehensive monitoring and threat detection. A SIEM, XDR, or similar tool can serve as this centralized dashboard, providing a single pane of glass for security operations. By centralizing visibility and streamlining response times, organizations can effectively achieve their information security analysis and response objectives.

We use Microsoft Defender for Endpoint for our antivirus protection.

The visibility into threats that Defender for Endpoint provides is good because we are using all Microsoft products. 

Microsoft Defender for Endpoint assists us in prioritizing threats throughout our enterprise. This prioritization of threats is crucial for safeguarding end-user devices.

Sentinel allows us to gather data from our entire ecosystem, and the interface is highly impressive. Data ingestion is of utmost importance for our organization, especially concerning the security of our environment.

It allows us to comprehensively investigate threats and respond from a unified platform. This is of great significance to us, as Sentinel plays a pivotal role in our Security Operations Center.

Microsoft Defender for Endpoint assists us in automating the prioritization of critical alerts. I am certified in cybersecurity. Recently, I have begun the process of renewing my certification as it is set to expire next year. I have been reading numerous articles regarding Sentinel, Defender for Cloud, Identity, and Endpoint applications, and there is a multitude of information available. Automation is now fully integrated, which holds significant importance for enterprise-level customers.

The solution assists in eliminating the necessity of using multiple dashboards, providing us with a single XDR dashboard integrated across various Microsoft products.

The threat intelligence assists us in preparing for potential threats before they occur, allowing us to take proactive measures to prevent them. The assessment mechanism analyzes and identifies threats, providing clear instructions before we proceed to the security parameters.

It has saved our clients time, mainly with their SOC operations. 

The antivirus is the most valuable feature.

There are alternative solutions that offer a greater range of dashboard insights when compared to Microsoft Defender for Endpoint. The solution needs better integration with third-party vendors.

The analysis that identifies the threats and remedies them can be enhanced in a future release.

I have been using Microsoft Defender for Endpoint for almost four years.

Microsoft Defender for Endpoint is stable.

Microsoft Defender for Endpoint is scalable.

The quality of technical support is determined by the customer's priority levels: P1, P2, and P3. Overall, they are known to provide good support.

Sometimes, the support takes a while to respond, and their shifts change, so we have to begin again with the new person on the shift.

Positive

The initial setup is straightforward for me. All Microsoft products are easy to configure and integrate data also. To properly utilize all the features the person integrating must understand the architecture code concept as well.

Before deployment, I consistently conduct a rapid assessment to comprehend the customer's infrastructure. Subsequently, I formulate a plan grounded in this information. Typically, we aim for minimal personnel involvement due to the centralized nature of cloud operations. Additionally, we can advocate for either GPO or CCM deployment software. Our approach entails utilizing a singular architect, one resource, and one SME for implementing and overseeing the infrastructure, aligning with the security prerequisites of the customer's locale. Continuous monitoring of the infrastructure is imperative, maintaining a 24/7 vigilance.

The implementation takes around three months to install and configure.

The pricing is competitive. The pay model is pay as we use.

For organizations that make use of all Microsoft solutions, the cost is lower, and the visibility is increased.

I rate Microsoft Defender for Endpoint nine out of ten.

Microsoft Defender for Endpoint is indeed a commendable product. However, despite its implementation, we should consider the integration of other security products. This is due to the escalating variety of cyberattacks prevalent today. While Windows consistently issues patches to update its existing products, I propose the adoption of a dual-product approach within our infrastructure. This approach aims to preempt eleventh-hour security breaches. By juxtaposing and scrutinizing the attributes of different solutions, we can better comprehend their nuances, specifically at the feature level. The pivotal factor lies in how adeptly a solution identifies and mitigates potential threats. Therefore, I advocate for the incorporation of two distinct solutions within our infrastructure. This strategy is poised to yield heightened efficiency, effectively mitigating the risks of both security breaches and data breaches.