Microsoft Defender for Endpoint Reviews

We're using it for endpoint security.

We are able to get quite a lot of details about the laptops that we have across the organization. I would rate it pretty high in terms of visibility into our environment.

We are better able to see or get alerts on things that we might not have been able to see before. With Norton, for example, we didn't have a centrally managed system. All we could see was that a node had some threat on it, and we had to manually log into that node and work with the user to figure out what that threat was. With Defender, we are able to see all of that through the console instead of having to reach out to the user, which speeds up the process of figuring out what type of vulnerability we're looking at, and we are able to run scans and do other things remotely without having to interact with the user anything. It speeds up our process of detecting vulnerabilities and threats.

It has significantly reduced the amount of time to respond to threats and manage threats.

It has definitely improved our security, and it also helped us in reducing management costs.

We had Norton Antivirus before, and with Norton, we didn't have a way to centrally manage a lot of features. Defender allowed us to deploy it from our Office 365 admin console. That is probably the biggest thing that made us go with Defender.

Since we moved to Defender, we have more visibility into our security posture for our devices across the organization. We can not only see how the devices are doing as far as AV is concerned; we can also see any threats that might come up. We get alerts on those as well, which is very useful for us.

One thing that was lacking in Defender was web filtering. Its web filtering wasn't as comprehensive. Sophos was a little bit better than Defender for blocking URLs or installing programs. 

In terms of additional features, we have more features than we use. We haven't really had a chance to dig too deep into it. 

We've been using this solution for about a year.

So far, so good. We haven't had any issues related to the service not being available or anything like that.

It is highly scalable. We were able to deploy it across the organization fairly quickly. It is also pretty straightforward to add users or remove users.

We use Office 365 and Azure AD. We have somewhere around 400 users dispersed across the USA.

When we reached out for support, there were times when it took a little bit longer than we liked, but once we were able to engage with their support, we were able to get the resolution fairly quickly.

Positive

We were using Norton as our endpoint antivirus solution. We switched so that we are able to centrally manage endpoint security.

My team implemented it, and I was in charge of overseeing the deployment.

We're a small team managing about 400 users across the organization. A lot of them are remote, especially since the pandemic. We have a couple of administrators who are responsible for checking Defender and just keeping on top of our security.

We have definitely seen improvements in terms of quickly being able to manage threats and being able to centrally manage everything.

We mostly use Microsoft products. We use Office 365, and we use Azure. We're also a Microsoft partner. So, the licensing was much cheaper for us, and at the same time, a lot of the features that we were looking for were included in Defender.

We were trying to get our firm the security certification for government contracting. One of the requirements was to upgrade our Microsoft licensing to a level to be able to use the government cloud. We found out that the required licensing already included Defender. So, it helped us kill two birds with one stone. It was much easier for us to convince the executives to go with it.

We did evaluate other options. CrowdStrike was one of the solutions we looked at. It was a pretty good option, and then there was Trend Micro. Symantec was another one, and then there was also Sophos. Those were the options that we were looking at.

Some of them were priced prohibitive for us. Sophos was a pretty good solution, but it was pretty expensive as compared to some of the other options. Trend Micro was good, but the management interface was lacking for us. It didn't have some of the features that we were looking for. Symantec was just expensive, and their centralized management was also not that great. So, both Trend Micro and Symantec didn't have good management interfaces. Sophos had probably the best one, but it was very expensive. Sophos was also better than Microsoft Defender in terms of web filtering. Web filtering was something for which Microsoft Defender didn't have as good features.

I would advise comparing it with others. If your environment is mostly Microsoft, it makes sense to use Microsoft Defender as part of your deployment.

I would rate it a nine out of ten.

We are one of the major drug stores in Germany. We are located in 13 European countries such as Austria, Bulgaria, Czech Republic, and Poland. I'm working here as an IT Administrator, and I'm focusing on software deployment and antivirus solutions.

Our use case is that we got to have antivirus. Cyber insurance forces us to have an antivirus solution that meets the requirements the insurance has. 

In terms of deployment, we're using Defender without ATP in the old world. For domain-joined clients and on the Intune-managed clients, we use Defender in combination with ATP. The on-prem clients are usually old-school domain-joined clients.

We have its latest version. We always try to be at the newest version.

In the old world, we have Defender in combination with SCCM. It's not as good as Security Center, but you have all the reporting stuff that tells you whether your clients are up-to-date or not. The ATP Security Center is the mercy dispense of antivirus solutions because it is so much more than just antivirus. Microsoft Security Center comes with the ATP license, and it provides a really compact but whole view of your tenant and the vulnerabilities in your tenant. I feel that my administration got more proactive than just reacting. I can see that my Office is not up-to-date, or a client is using the old version of Firefox or Adobe Reader. So, Security Center tells me all this, and I can proactively update these clients and have a look at the bad guys in my environment. That was the part that McAfee never showed. I could see my clients with old signature files or engines, but McAfee Orchestrator didn't show the actual vulnerability of the client, which is the great benefit of Microsoft Security Center.

The whole bundle of the product, which is similar to other Microsoft products, is valuable. Ten years ago, you had third-party stuff for different things. You had one solution for email archiving and another third-party one for something else. Nowadays, Microsoft Office covers all the stuff that was formerly covered by third-party solutions. It is the same with antivirus. The functionality is just basic. You have the scanning, and then you also have a kind of cloud-based protection and reporting about your environment. With Microsoft Security Center, you have a complete overview of your environment. You know the software inventory, and you have security recommendations. You can not only see that the antivirus is up to date; you can also see where are the vulnerabilities in your system. Microsoft Security Center tells you where you have old, deprecated software and what kind of CVEs are addressed. It's really cool stuff.

We encountered some misbehavior between Microsoft Office Suite and Defender. We had issues of old macros being blocked and some stuff going around the usage of Win32 APIs. There is some improvement between the Office products and Defender, and there is a bunch of stuff that you can configure in your antivirus solutions, but you have several baselines, such as security baselines for Edge, security baselines for Defender, and security baselines for MDM. You have configuration profiles as well. So, there a lot of parts where we can configure our antivirus solution, and we're getting conflicting configurations. This is the major part with which we're struggling in this solution. We are having calls and calls with Microsoft for getting rid of all configuration conflicts that we have. That's really the part that needs to be improved. 

It would be cool to have just one interface or only one or two locations where you configure the stuff. Currently, they have three locations where you can configure your antivirus. Three locations are too much, and there is too much conflict. It is not a one-to-one configuration. There are some configuration settings that you can only do in SCCM. You don't find them in MDM. So, it's not always one-to-one. 

The last point of improvement is related to the quality of service that Microsoft provides. The quality of service that Microsoft provides should be improved.

We have been using Defender for two years. Two years ago, we migrated from McAfee Endpoint Protection to Defender Antivirus. This migration process took us one year to migrate all systems. So, we're now totally on Microsoft Defender on all workstations and servers.

Scalability and deployment always depend on how many of your clients are online. There is no problem with the scalability and deployments of servers because they are online 24/7, but client management is different than server management. We are located in 13 countries, and we have about 9,000 clients. Of course, they are not always online because of which you're always struggling with your client management. 

If you open a call with Microsoft, you're in God's hands. Some of their engineers are top-notch and some are not. We have some strange calls going on for weeks and months, and nothing is happening. There are always the same questions. The quality of service that Microsoft provides should be improved.

We migrated from McAfee Endpoint Protection to Defender Antivirus. I worked with ePolicy Orchestrator from McAfee for almost 20 years. The user interface of McAfee was fine, but the hassle began with Windows 10. Updating McAfee and the endpoint security stuff was always a hassle. We had to update all the McAfee stuff before having a feature update, so we were always in this hassle of the update process of either McAfee or Windows. Defender is a seamless solution for Windows. 

Microsoft has done a lot to improve Defender. There are not so many differences between basic scanners. If you look at the Gartner studies, Defender has really improved a lot. It came out one or one and a half years before we started to migrate our clients to Intune MDM solution, and within this migration to MDM managed clients, we also established advanced threat protection (ATP) with Defender. It met our requirements perfectly, and we did penetration testing for the solution, and it turned out to be perfect. 

The deployment process is okay. Of course, you always struggle at several points, but overall, the deployment is fine for Defender.

We evaluated a lot of different scanners, such as Passkey. McAfee ePolicy Orchestrator now comes with the option to integrate within Microsoft Security Center, but McAfee came up with its solution a little bit too late. 

In the on-prem world, we are using Microsoft Defender in combination with the endpoint manager to SCCM, and it is fine. I really prefer the interface of McAfee ePolicy Orchestrator, but it doesn't have as many benefits as Microsoft Defender in combination with SCCM.

In terms of the end-user experience, end-users don't like to be bothered with the virus scan. A virus scan is always annoying for the end-user. An end-user cannot actually configure the antivirus and only gets a notification if something is wrong or some malware is found. That's it. There is not really an end-user experience.

The performance of the client is fine with Defender. We are not encountering many performance issues or any serious issues with Defender. When we turned over to Defender, some of the applications that were functioning absolutely flawlessly with McAfee started to have serious performance issues. So, we had to define an exclusion list for some of the processes or applications, but there are always some applications that needed exclusions for McAfee or Defender.

I would rate Microsoft Defender for Endpoint an eight out of 10.

We use Microsoft Defender for Endpoint to protect our work environment.

The endpoint provides good visibility into threats. However, working with Microsoft Defender for Endpoint and its control panel can be challenging, especially when dealing with features such as compliance and cloud app security details. Nevertheless, with enough experience, it becomes a useful tool for threat detection. Although it may be difficult to work with initially, it is an essential instrument for information security.

Microsoft Defender for Endpoint helps us prioritize threats across our enterprise.

The integration of Microsoft Defender for Endpoint with other Microsoft solutions is easy. The integrated Microsoft solutions work natively with each other.

The level of comprehensiveness provided by all of the integrated solutions is satisfactory.

Microsoft Sentinel allows us to investigate and respond to threats from one place.

Microsoft Defender for Endpoint helps automate routine tasks and find high-value alerts. The solution has a powerful advanced query that we can schedule to run automatically.

Microsoft Defender for Endpoint simplifies the use of multiple dashboards by providing a single XDR feature. This is a beneficial feature, but my reliance is on the 50 automated rules that run on a schedule to keep me informed of any incidents.

The automatic rules and policies that we apply using Microsoft Defender for Endpoint save us around four hours per day.

Microsoft Defender for Endpoint has saved our organization money by protecting the environment from threats.

Microsoft Defender for Endpoint has reduced our time to detect and respond to security threats by consolidating all relevant information in a single panel within a web portal. This enables us to quickly review and respond to potential threats, thus improving our ability to mitigate risks effectively.

Microsoft Defender for Endpoint has helped our organization by working to identify threats quickly before they become a problem. 

The integration with all variations of Microsoft Defender, for Endpoint, 365, and Cloud is valuable.

The time it takes to implement policies has room for improvement. When we create policies or configure file profiles and assign them to specific groups, Microsoft Defender for Endpoint will apply these rules accordingly. If we need to make changes to the policy, it can take up to thirty minutes or even two to three hours for the changes to take effect on Microsoft Defender for Endpoint. This waiting period can be a significant amount of time to implement changes. It is at times quicker to create new policies than to make changes to existing policies.

We are experiencing problems with certain Samsung Android mobile devices that have Microsoft Defender for Endpoint installed. Specifically, when attempting to log into the corporate profile, users are prompted multiple times to enter their credentials.

I have been using Microsoft Defender for Endpoint for two years.

Microsoft Defender for Endpoint is extremely stable.

Microsoft Defender for Endpoint is scalable.

The technical support team is professional.

Positive

We previously used a separate antivirus and endpoint solution called Cynet but it was not very useful. Our organization moved into the Cloud so we decided to use Microsoft Defender for Endpoint.

We deployed Microsoft Defender for Endpoint across multiple locations in our organization.

We evaluated Splunk and Microsoft 365 before the head of our company chose Microsoft Defender for Endpoint.

I give Microsoft Defender for Endpoint an eight out of ten.

No maintenance is required on our end for Microsoft Defender for Endpoint.

Microsoft Defender for Endpoint is a powerful tool and I recommend it.

Using a single vendor security suite carries inherent risks, but with a well-established company like Microsoft, those risks are significantly reduced, and it's more cost-effective than using multiple best-of-breed solutions to achieve the same level of security.

Once we enroll devices, the Microsoft scanners scan them in the backend and find vulnerabilities for the devices. For example, if our Office version is outdated, or Chrome is an outdated version, or there are any vulnerabilities or security loopholes, they will be displayed in Defender for Endpoint. We go through those vulnerabilities and we try to fix them by creating group policies or by using Intune. If there are any security recommendations in Defender for Endpoint, we fix those assets.

It's the best solution for vulnerabilities. Most updates will be done by group policies in a big organization and everything will be maintained in that way. But with non-group policies, if it's not a hybrid environment, or they are only using cloud, or they're connected to Azure already, or they don't have AD, a lot of updates will be missed. That is a very difficult situation for handling vulnerabilities. In that situation, once we enroll the devices to Defender for Endpoint, all the vulnerabilities will be displayed on the dashboard and we can review them and fix them. In that way, we can stop most cyberattacks and close all the vulnerabilities and loopholes.

Before enrolling devices to Defender for Endpoint, we don't know what vulnerabilities or security loopholes are on those devices. Once we enroll devices we find a lot of vulnerabilities and we have been able to fix a lot of security-related issues. It has helped us a lot.

It is impacting our security score. Before we enrolled our devices to Defender for Endpoint, our security score was 58. When we enrolled 500-plus devices to Defender for Endpoint, our security score went down to about 42 percent. We then understood we need to maintain it above 50 percent, as recommended by Microsoft. We are trying to increase our security score by fixing those issues.

It shows how to fix a given vulnerability or security issue, providing step-by-step guidance. That saves a lot of time because if we didn't know how to fix a vulnerability, we would need to do some research and find the right document. That would take time. It is saving us 10 to 15 hours per month.

It finds the loopholes and vulnerabilities and shows you some security recommendations as well. Based on the requirements, we fix them. We don't necessarily need to fix all the vulnerabilities. For example, if an organization is using Office 365 and the accounts team wants Excel to be updated to version 16.2.0, some applications or some data will work only with that particular version, but some data will not be supported. In that situation, we don't want to upgrade MS Excel.

Integrating Microsoft solutions with other solutions is not that difficult. Microsoft provides documentation on how to integrate things, which is good. We get a lot of information from the Microsoft pages. Integration is very helpful for finding all the security-related stuff.

Defender for Endpoint has one dashboard with security-related information, vulnerability-related information, and basic recommendations from Microsoft, all in different tabs. That's helpful because if we want to fix only the recommended ones, we can go fix all of them, or if we want to work on the security-related ones, we can go to the security tab and work on all of them.

The solution's threat analytics is another tab and it is helpful for finding vulnerabilities, phishing emails, and spam emails. If we want to release them, we can release them. We will check IP abuse and whether the IP is related to brute force attacks. If we want to improve on something, we will send it to Microsoft to analyze it. Being proactive is important. As specialists, we need to review the recommendations from Microsoft on a day-to-day basis and fix them as much as we can. Day-to-day, we need to upgrade and make sure all the devices are up to date. That should not be done on a weekly or monthly basis.

Right now, the solution provides some recommendations on the dashboard but we don't have any priorities. It's a mix of all the vulnerabilities and all the security recommendations. I would like to see some priority or categorization of high, medium, and low so that we can fix the high ones first.

We have been using Microsoft Defender for Endpoint for one and a half years. 

I haven't seen any downtime. I don't see any issues with the stability. If there is any downtime, Microsoft will send a message on the dashboard and we can see any service issues.

Their tech support is very good. If we raise a ticket, they will respond within 15 to 20 minutes. If they don't know, they will do some research and come back to us. I love working with Microsoft

Positive

We used GFI Vipre. We switched because Vipre was not a Microsoft product, and we trust Microsoft. Between a third party and Microsoft, most people will choose Microsoft because the solution and the support are very good. We also have a client portfolio and we get a discount on the license.

The initial setup is simple. We run a script on the local machine and the device will be enrolled to Defender.

I completely configured Defender for Endpoint to be used in an automated way. We enrolled our devices to Intune and we configured Defender for Endpoint in Intune. Once we add our devices to Intune and to a group, those devices will be enrolled to Defender for Endpoint also. Enrolling takes around 24 to 48 hours.

Maintenance is pretty easy. Once we run that script, there are no complications while enrolling the devices.

The comprehensiveness of the threat-protection that Microsoft security products provide depends upon the license. Right now, we are using E5 licenses which cover every security feature. But if a small or mid-level organization uses an E3 license or Business Basic plan, not all the features are provided. The cost is high for E5 licenses, but if we go with the E3 license, most of the features are not covered.

We did some research and found other solutions. The support is very good for Microsoft. If we raise a ticket, within 15 to 20 minutes, we will get a response from the Microsoft support team regarding the issue. They keep an eye on it; every ticket is tracked. If we want, we can also escalate. With a third-party solution, we cannot get as much support as we can with Microsoft.

There are a lot of cyber security tools, so it depends upon the requirements. I'm not saying that we need to use only Microsoft. But when it comes to support, I don't know how the others do. Using a suite of solutions from Microsoft has benefits. Support is a very good one. The recommendations are also provided in the dashboard, and the SLA is 99.9 percent; we don't expect downtime with Microsoft.

We are not using Microsoft Sentinel. It will create alerts regarding VMs or storage but the cost is very high. Sentinel is not going to help much more when compared with Defender for Endpoint. Sentinel isn't preferable. It only creates alerts. There is not that much impact on the organization if it uses Sentinel also.

Microsoft Defender for Endpoint is a very good solution. I recommend using it.

We are a consulting company and we use this product for endpoint protection across the company, as well as for our clients.

Windows Defender makes it easy to streamline the updates so we don't really worry about managing it.

The patch management is very easy, as it can be done automatically or added to a schedule. This will update all of the virus signatures.

We have a hook from our on-premises application to the cloud services for advanced threat protection, so the management is in the cloud. Centralized management allows us to schedule malware scans.

When you hook it up to the cloud's advanced threat protection, it gives you more than protection from ransomware. It covers different types of malware and allows you to see what malicious software is being executed on the machine.

The product allows you to manage your machine through it, similarly to the way SCCM does.

I would like to see better integration with their other security products to give better visibility from a higher level. Integrating with email, Azure, identity management, and other security applications, putting them all together, would be very good.

The first level of technical support is not very useful and it sometimes takes time to escalate to somebody more knowledgeable.

We have been using Microsoft Windows Defender for years.

This product is pretty stable.

We have had no issues with scalability. We deploy it anywhere from a small environment with a hundred users, to a large environment with 15,000 to 20,000 endpoints. The majority of our clients are small to medium-sized, with 3,000 to 4,000 users in the mid-range.

I would rate Microsoft's technical support an eight out of ten. At the first level, the support is very limited. You have to escalate it to the more senior team to get good value.

Some of our clients have used different products from vendors such as Symantec and McAfee, and they were not happy with them. We steered them towards Windows Defender and they switched because of the ATP hook to the cloud.

With other products, you have a management console, so you have to push the signature updates. We still do that now, but it's all in the cloud.

Both Symantec and McAfee come at an additional charge because they are not included in the operating system.

The initial setup is very straightforward.

We are using the version that is included with Windows 10. If you don't purchase the advanced threat protection then there is no additional charge.

My advice for anybody who is implementing Windows Defender is to purchase the ATP, which is in addition to the version that comes with Windows 10. This will allow you to really get the benefits and manage your organization's endpoints as a whole. This requires a presence in the Microsoft environment, such as a subscription to Office 365 or Azure.

I think that people should explore Windows Defender before looking at third-party products. While they are not a pioneer in anti-malware and anti-virus software, they are attacking it and they have a good budget. The advanced threat protection has a large cloud presence in Azure that we can take advantage of, and they update their product frequently. As soon as there is a new threat, they act on it right away.

I would rate this solution a nine out of ten.

We have two phases with Defender for Endpoint because we have been using it on mobile since 2019, and we started this year changing out our Carbon Black Symantec deployment with Defender for Endpoint on our computers. Currently, the Defender for Endpoint deployment on computers like clients is mainly just a one-to-one takeover from Symantec. In the long run, we are exploring possibilities to use it for more advanced functions as it can work as a sensor and comply with the policies in Defender for Cloud apps and DLP policies.

From a security point of view, our mobile clients allow us to sleep at night. The current implementation on our client is economical because we have the E5 license, which we have anyway. In the long run, it would mean a more secure information security posture for our company, but we need to implement it first and then start the second phase.

It was quite important to have extra security on our mobile platform because of geopolitical situations, as we are located close to some countries that represent a concern. Defender for Endpoint allows us automatic resolutions if a unit is compromised or if a user clicks a malicious link. Importantly, the experience of an automatic attack disruption is quite positive for the end users. They don't feel supervised, which is essential for mobile phones since they are more private than work computers.

The auto-deployed anti-deception techniques are excellent because we have a large fleet on the Norwegian scale. We deployed it for 10,000 clients and about 5,000 servers in three months. 

Defender for Endpoint's coverage across different platforms in our environment is pretty good. We have devices running Linux, Mac OS, Windows, iOS, and Android. It covers all of them. 

The major area for improvement is the integration with a managed service provider. We use Microsoft partners to help govern the platform, and as part of an alliance, we want to gather data from each tenant and combine them for a complete view. This process has been complicated, though it has gotten better.

We see the possibilities in terms of visibility into our attack surface, but we haven't been able to enforce all the insights we can get from it. We have multiple endpoints, and we want to look for signals across tenants. 

We have been using it on mobile since 2019 and just started transitioning from Carbon Black Symantec to Defender for Endpoint on our computers this year.

I rate Defender 10 out of 10 for stability. We haven't had any issues with it.

We managed to scale it out in a short amount of time, with two months of planning and three months of implementation on 10,000 computers. It is a scalable platform.

I rate Microsoft support 10 out of 10. We have a unified support agreement with Microsoft involving biweekly or more frequent contact. We are supported by both Microsoft and our customer success manager. 

Positive

We previously used Carbon Black and Symantec for endpoint protection but transitioned to Defender for Endpoint as it was included in our license. Our ultimate goal was achieving a complete security posture, not just endpoint protection.

The initial setup and the deployment process have been easy, especially since we are using it with Azure.

We are working with a Microsoft partner called Supercellus as we transition to them from our previous managed service provider.

We are aiming to fully utilize the E5 license, using more of its features than before. However, the return on investment is not fully realized yet, as we are still implementing.

Given our extensive Microsoft licensing, transitioning to Defender for Endpoint did not affect licensing costs.

We did not evaluate other solutions, primarily because we were satisfied with our existing one. Still, when the license agreement with the other parts expired, we took the opportunity to switch.

I rate Microsoft Defender for Endpoint eight out of 10. While I think highly of it, there are issues with sharing data across tenants, which is a particular request but still affects our satisfaction.

Currently, I'm working to build out DLP policies in Defender for Endpoints.

Defender for Endpoint enables us to see vulnerabilities on certain endpoints and investigate the attack surface. We've improved our Security Score to the industry standard. The solution has reduced the mean time to remediation, but it's hard to give a precise number because it varies on a case-to-case basis. Automatic remediation of certain vulnerabilities has allowed our SOC to work on other projects. 

Attack surface reduction and limiting attack surface vectors are valuable features. It's helpful to isolate specific devices and get super granular with the features they offer. The visibility into the attack surface is good. It gets highly granular. I don't work on that side, but the people who do tell me they get more visibility. 

Defender for Endpoint is complex, and the documentation is detailed. At the same time, it's hard to navigate sometimes. You have to go through tons of documentation to find what you want.

I have been using Microsoft Defender for Endpoint for one and a half years.

The stability is great. I haven't seen any outages with Microsoft.

It's pretty easy to scale with Microsoft, as they make it easy if you look into the documentation.

I rate Microsoft support eight out of 10. Customer service has been pretty good. I don't have any complaints.

Positive

We've had E5 licensing for a while now, but our security stacks were spread across multiple resources, so we are currently consolidating.

I don't work much with the costs, but I have not heard of any issues with pricing, licensing, or setup costs for Microsoft Defender for Endpoint.

I rate Microsoft Defender for Endpoint eight out of 10.

We primarily use the solution for security. For most clients, we deploy the solution for security purposes. Some clients just deploy it as part of Microsoft. Some haven't fully set it up even though they've paid for it. Some may be deployed and set it up and then have it disabled. 

They've grown the solution into an XDR EDR type of solution. It's nice. Everyone is going in the same direction. There are good process flows and features that make permissions and setup easier if clients are all under Microsoft.

If you get it set up correctly, it just works. 

It does help us prioritize issues. It depends on how the user has it set up, however. You can make a very nice pane of glass. It depends on who it's set up for and what they are doing with it. Some people throw the Windows Defender EDR solution out there and walk away. It does you no good if you're not sitting there watching it, monitoring and setting it up to get the feeds and the alerts and everything else.

It integrates really well with other security tools. That's something they've done very well. Integration between Microsoft products is very easy. It also works well with API plugins, etc. It works natively with detection and response across the whole environment. There may be pieces that may be tuned or integrated correctly. However, it's all pretty seamless.

The threat protection is pretty comprehensive.  

Defender helps automate routine tasks and find high-value alerts. It's a one-stop shop. You can do integration, for example, with Microsoft Teams. It depends on the business you want to run. A mom-and-pop shop may not need so many tasks sent to very specific people. For larger enterprises, having the same tool across the board makes it very easy.

Defender Endpoint does help prepare for potential threats before they hit. When you're looking at signature-based AV, Defender, just like everyone else, will pick up something known. However, when it comes to user behavior analysis, that's a bit more complicated. 

We've saved five hours or less per month in terms of saving time.

I might help clients save money, depending on the size of the organization. With Defender, you are just paying for licensing. It's all moved to the cloud. 

If a threat actor comes in, and creates a global administrative account, they can gain access to everything and whitelist then block everything else. Having everything, including Defender, under one brand is like having all of your eggs in one basket.

Since they are linked to the operating system, they should have good visibility on what is malicious and what is not. They should be at the forefront in that area. However, they are doing what everyone is doing - especially in threat sharing. Pretty much any EDR solution has the same intelligence. Microsoft should go further since they do develop so much underlying infrastructure since they've "built the house" they should know everything about it. They should be more intuitive.

I haven't been using the solution for too long. I've started using it recently. However, Defender has been around for years.

Technical support is always good. There are different levels you can pay for. I personally have never had to use support for the Defender product. Getting really good technical support depends on what partner level you are. 

I'm also familiar with Sentinel and CrowdStrike. I do move my clients towards third parties and don't necessarily try to set them up under just Microsoft.

Inherently, everyone is using the trend intel. They share and ingest threat information. The intel is there. Some organizations may do it a bit better if you were ranking them. However, Microsoft's job isn't necessarily security. They have cloud infrastructure, et cetera. Unlike CrowdStrike, where security is their bread and butter. For Microsoft, Defender has always been the last on their list in terms of priorities.

Calculating ROI would depend on what your overall security posture is for your entire organization. If you are just trying to do PCI compliance, you may be opening yourself up to threats down the line. Also, if you are never updating, et cetera, you might be a target for ransomware. However, if you take the time to diversify and watch your systems regularly, you will see more ROI.

The solution is cost-effective as it is on-cloud. You don't need to accrue costs related to hosting. 

The pricing is fair. However, it depends on what you are trying to buy and what size your organization is. 

I'm a Microsoft partner. 

This solution does not make my top five.

As far as relatively decent, I'd say they are okay. I'd rate it seven out of ten. However, it's always the number one thing threat actors are targeting.