Microsoft Defender for Endpoint Reviews

We're using it for endpoint security.

We are able to get quite a lot of details about the laptops that we have across the organization. I would rate it pretty high in terms of visibility into our environment.

We are better able to see or get alerts on things that we might not have been able to see before. With Norton, for example, we didn't have a centrally managed system. All we could see was that a node had some threat on it, and we had to manually log into that node and work with the user to figure out what that threat was. With Defender, we are able to see all of that through the console instead of having to reach out to the user, which speeds up the process of figuring out what type of vulnerability we're looking at, and we are able to run scans and do other things remotely without having to interact with the user anything. It speeds up our process of detecting vulnerabilities and threats.

It has significantly reduced the amount of time to respond to threats and manage threats.

It has definitely improved our security, and it also helped us in reducing management costs.

We had Norton Antivirus before, and with Norton, we didn't have a way to centrally manage a lot of features. Defender allowed us to deploy it from our Office 365 admin console. That is probably the biggest thing that made us go with Defender.

Since we moved to Defender, we have more visibility into our security posture for our devices across the organization. We can not only see how the devices are doing as far as AV is concerned; we can also see any threats that might come up. We get alerts on those as well, which is very useful for us.

One thing that was lacking in Defender was web filtering. Its web filtering wasn't as comprehensive. Sophos was a little bit better than Defender for blocking URLs or installing programs. 

In terms of additional features, we have more features than we use. We haven't really had a chance to dig too deep into it. 

We've been using this solution for about a year.

So far, so good. We haven't had any issues related to the service not being available or anything like that.

It is highly scalable. We were able to deploy it across the organization fairly quickly. It is also pretty straightforward to add users or remove users.

We use Office 365 and Azure AD. We have somewhere around 400 users dispersed across the USA.

When we reached out for support, there were times when it took a little bit longer than we liked, but once we were able to engage with their support, we were able to get the resolution fairly quickly.

Positive

We were using Norton as our endpoint antivirus solution. We switched so that we are able to centrally manage endpoint security.

My team implemented it, and I was in charge of overseeing the deployment.

We're a small team managing about 400 users across the organization. A lot of them are remote, especially since the pandemic. We have a couple of administrators who are responsible for checking Defender and just keeping on top of our security.

We have definitely seen improvements in terms of quickly being able to manage threats and being able to centrally manage everything.

We mostly use Microsoft products. We use Office 365, and we use Azure. We're also a Microsoft partner. So, the licensing was much cheaper for us, and at the same time, a lot of the features that we were looking for were included in Defender.

We were trying to get our firm the security certification for government contracting. One of the requirements was to upgrade our Microsoft licensing to a level to be able to use the government cloud. We found out that the required licensing already included Defender. So, it helped us kill two birds with one stone. It was much easier for us to convince the executives to go with it.

We did evaluate other options. CrowdStrike was one of the solutions we looked at. It was a pretty good option, and then there was Trend Micro. Symantec was another one, and then there was also Sophos. Those were the options that we were looking at.

Some of them were priced prohibitive for us. Sophos was a pretty good solution, but it was pretty expensive as compared to some of the other options. Trend Micro was good, but the management interface was lacking for us. It didn't have some of the features that we were looking for. Symantec was just expensive, and their centralized management was also not that great. So, both Trend Micro and Symantec didn't have good management interfaces. Sophos had probably the best one, but it was very expensive. Sophos was also better than Microsoft Defender in terms of web filtering. Web filtering was something for which Microsoft Defender didn't have as good features.

I would advise comparing it with others. If your environment is mostly Microsoft, it makes sense to use Microsoft Defender as part of your deployment.

I would rate it a nine out of ten.

We use Microsoft Defender for Endpoint as our EDR solution on all of our user endpoints.

Microsoft Defender for Endpoint provides comprehensive visibility into endpoint security. I've been impressed with its ability to detect and monitor threats without any noticeable gaps in coverage.

We use the entire suite of Microsoft products, which are all integrated. Integrating them is very easy. However, getting them to function as expected after integration was a little more difficult.

The integrated solutions work together to deliver detection and response. However, their behavior may not always align with our expectations.

The implementation of Microsoft Defender for Endpoint has enhanced our organization's security posture by augmenting our visibility, particularly through the integration of MDE, Sentinel, and Defender for Cloud Apps. Additionally, Intune, when utilized in conjunction with these products, provides comprehensive insights into identity and device risks. The deployment began about three years ago before I joined the company. In terms of EDR or just basic visibility, that was achieved within the first year or so. However, we are still working towards a holistic vision of visibility, especially with Defender for Cloud Apps.

Microsoft Defender for Endpoint consolidates multiple dashboards, as all of our security products are Microsoft-based, simplifying our security management.

Microsoft Defender for Endpoint has saved us time compared to our previous solution, which was an on-premises Trellix EDR solution. This is especially evident in the areas of maintenance and operations.

Microsoft Defender for Endpoint's WCS function, a content filtering solution, has proven to be the most useful, stable, and reliable option for our current needs.

Defender for Cloud Apps is one of the most significant products that Microsoft could improve. We've encountered several limitations with Defender for Cloud Apps, such as the inability to create custom cloud applications and add URLs. These features would be valuable for the scoping feature in Defender for Cloud Apps, as each application can currently only have one scope. It cannot have multiple scopes, meaning that an application cannot be blocked for some device groups and allowed for others. This is another limitation we've encountered frequently.

The technical support is slow to respond.

The product development team makes frequent changes that affect the stability of the solution.

I am currently using Microsoft Defender for Endpoint. 

Microsoft Defender for Endpoint is generally stable, but the frequent product changes made by the development team have caused several instances of unusability this year. These changes often introduce bugs that disrupt web functionality, bringing it to a standstill. While the product itself is stable when not affected by these bugs, the recurring issue has occurred three or four times in the past year.

Microsoft Defender for Endpoint is as scalable as any other cloud-based EDR solution. I would give the scalability a nine out of ten.

The technical support is slow to respond and very log-focused.

Neutral

The deployment process is straightforward. We can utilize a script for Intune that can be deployed through SCCM.

The base price for an E5 license, which includes Enterprise Mobility + Security E5, is $57 per user per month. However, there are additional costs for certain security features, such as Premium Threat and Vulnerability Management and Insider Risk Management.

I would rate Microsoft Defender for Endpoint six out of ten. The support and product development team need to improve.

We have deployed Microsoft Defender for Endpoint across the globe on all of our endpoints.

Microsoft Defender for Endpoint updates itself so there is no need for maintenance.

It is advisable to always exercise patience with technical support and occasionally guide them in the right direction. Otherwise, they may become overly focused on irrelevant logs. Additionally, it is crucial to always have a contingency plan in place in case Microsoft Defender for Endpoint encounters unforeseen challenges.

The effectiveness of both best-of-breed and single-vendor security suite methodologies hinges on seamless integration. When products integrate effectively, they provide a unified view of the security landscape, enabling comprehensive monitoring and threat detection. A SIEM, XDR, or similar tool can serve as this centralized dashboard, providing a single pane of glass for security operations. By centralizing visibility and streamlining response times, organizations can effectively achieve their information security analysis and response objectives.

Our target is to have control over protected endpoints. As a centralized console dashboard, we want to see the exposure level and security weaknesses associated with those protected endpoints.

We are a consultancy company and a Microsoft Gold partner, so we are strictly attached to the Microsoft stack. We have used Microsoft Defender for Cloud for some of our customers on a few occasions.

The solution is deployed on the cloud. From an infrastructure point of view, it's on Microsoft and likely would be geo-distributed. The solution is typically deployed for all endpoints that require cloud protection in an organization. If a company has 300 devices, typically all 300 devices are connected. It doesn't make sense to divide profiles for different departments.

On average, we have 300 to 600 devices and a similar amount of users. In a few cases, we have Defender for Endpoint protecting shared workstations.

The solution helps us prioritize threats across our enterprise. If we're talking about projected vulnerabilities, like an outdated web browser, then there's a different priority associated with that. Conversely, if we have an endpoint out of data, like outdated Windows security patches, it will be registered with a different, higher priority. It helps a lot.

Sentinel enables us to natively ingest data from our entire ecosystem. By design, Microsoft ingests data from Office 365 to Sentinel.

This ingestion of data is critical to our security operations. Without data ingestion, nothing is shown in the dashboard or in the security and compliance portal. If it stops, we don't have data to analyze.

Sentinel enables us to investigate threats and respond holistically from one place. There are threat investigations directly in the portal, which depends on the license. This feature is really important for enterprise-class companies that have a huge emphasis on security.

Since using this solution, we have seen a better perception of incoming and active threats. We're able to see weaknesses or misconfigurations in applications and operating systems for devices.

It definitely takes time to realize benefits from the time of deployment. After we deployed the agent for Microsoft Defender for Endpoint, it took about a week to collect data.

Defender for Endpoint doesn't help us automate routine tasks or automate finding high-value alerts. The most valuable feature is attack surface reduction rules, and in this case, we have an automated response. It's a lot like SOAR, which helps to contain security risks in an unmanned way, but it's limited to just that feature.

This solution absolutely eliminated the need to look at multiple dashboards because we have one XDR. It's a worthy capability that helps a lot. Having one dashboard makes our security operations more seamless. To retrieve data, we consult different places within the portal.

The solution's threat intelligence helps us prepare for potential threats before they hit and take proactive steps.

The solution saves us time, but it depends on the point of view. It helps to have a better understanding and outlook on our current situation within our organization and plan proactively for tasks in order to improve our security score.

We saved money by not needing to buy additional pieces of software or deploying additional infrastructure for an on-premises security product.

It also depends on the competitor and the infrastructure required.

Detection and response take minutes because as soon as something is compromised or something happens within our organization, an alert will be triggered within minutes. After we receive an email with an alert, we are likely to start the analysis and remediation if it exceeds or doesn't fall within the scope of the attack surface reduction rules.

The attack surface reduction rules are the most valuable. We're able to have unattended remediation actions when the solution works side by side with a local antivirus like Microsoft Defender or Kaspersky. The attack surface reduction rules help us to proactively block and stop threats.

The visibility into threats is fair. It's accurate and gives us control over threats.

Prioritization is pretty important to us because we need to concentrate on new threats with higher risks associated with them.

Generally speaking, Microsoft Defender for Endpoint, along with Sentinel, provides fair, decent capabilities but it depends on the situation.

Reporting could be improved. I would like to see how many security incidents occurred in the last six months, how many devices were highly exposed to security risks, and how many devices were actually compromised.

I have worked with this solution for more than a year.

It's very stable.

Generally speaking, there are no bugs or glitches. We have had issues twice in the past two months, but nothing too critical. Before those two occasions, it hadn't happened in a year or more.

It's highly scalable considering it's a SaaS solution.

I would rate technical support an eight out of ten. It depends on the support engineer who is working on the problem.

Positive

We used Kaspersky, but the version is exactly comparable to Microsoft Defender for Endpoint.

We switched to Microsoft for better integration. It integrates very well with the Microsoft antivirus, so we don't have to deploy additional infrastructure or an additional piece of software. We have extended security controls over Windows devices especially and a single dashboard.

There is also integration with Intune, which is the MDM from Microsoft.

The initial setup was absolutely straightforward. We spent some time reading the documentation in order to understand how the setup and agent deployment worked, but then it was pretty straightforward.

It took a couple of hours to deploy the solution. Assuming you have the current licenses, you need to enable the features at the tenant level, and then you have to create a policy to distribute the Defender for the Endpoint sensor.

One person is sufficient to set up and onboard devices. The solution doesn't require any maintenance because the solution is upgraded from the cloud. Maintenance is very limited.

We have absolutely received ROI. Initially, it's time-consuming to understand how to onboard devices and start protecting them, but it's pretty easy to replicate the configuration across different customers.

The price is fair for the features Microsoft delivers. If you want tailor-made features, you have to mix different licenses. It isn't straightforward.

Intune is an additional cost. Microsoft Defender for Endpoint works really well with Intune, but you may decide to go for a license that encompasses Microsoft Defender for Endpoint, Microsoft Defender for Identity, and Intune, which is typically a Microsoft E5 license.

I evaluated other solutions, but the decision diverted to Microsoft products because we have a Microsoft partnership. I requested more information from PeerSpot about the differences between Microsoft Defender for Endpoint and Sophos Intercept X because I had to provide a business justification to a customer in order to go for Microsoft Defender for Endpoint.

I would rate this solution an eight out of ten.

There are pros and cons to having a best-of-breed strategy versus a single vendor security suite. I would go for a single vendor security solution just to have convergence but it depends. Considering the fact that I'm working for a Microsoft Gold partner, I haven't had the occasion to make a comparison.

I would recommend implementing Microsoft Defender for Endpoint. My advice is to use Intune to have better control, especially for Microsoft devices. I would also advise using third-party local antivirus solutions rather than relying on Microsoft Defender Antivirus, which is a lock-in to a single vendor.

Microsoft Defender is a Windows platform that can be integrated with various solutions. It has a complete dashboard that gives us clear visibility into the total security of things, the endpoint devices connected, and their status. It also gives us information about who has been logged in and at what time. Compared to other solutions, Microsoft Defender for Endpoint gives us more visibility and threat analysis reports.

Microsoft Defender for Endpoint has improved my security score very well. Since it is a fully automated solution, all false positives have been ruled out for me. The investigations provided by the dashboard have compliance functionality and are useful for auditing purposes.

The solution's latest features for threat analysis are updated to provide us with future protection against the latest threats worldwide. It allows us to prepare from our side for the worst scenarios so that the business operations would not be affected.

Microsoft Defender for Endpoint should include better automation that will make it faster to detect the latest threats happening across the world. The solution should also generate an automatic report for any investigation before I generate a report. The solution's cost could be improved as it is an expensive tool.

I have been using Microsoft Defender for Endpoint for four years.

Microsoft Defender for Endpoint is a highly stable solution.

Microsoft Defender for Endpoint is a scalable solution. We have around 3,000 total endpoint devices with two administrators, and we have plans to increase the usage.

The solution's technical support is good. We were able to get proper support from the technical support team.

Positive

The solution’s initial setup is easy.

The solution’s deployment took almost three weeks. Two network engineers and I ensured the configuration of the group policies. We ensured that all the inbound and outbound traffic was properly configured and implemented.

We have seen a return on investment with Microsoft Defender for Endpoint.

Microsoft Defender for Endpoint is an expensive solution.

Before choosing Microsoft Defender for Endpoint, we evaluated other solutions by Azure. We chose Microsoft Defender for Endpoint because of its better functionalities and capabilities.

The solution provides us with clear visibility. We have a clear dashboard analysis, and we don't need to worry about the changes we need to make as it gives a clear solution for us. Threat hunting is the best feature that gives the response to any event happening.

The solution helps me prioritize threats across our enterprise because I'm able to map all the devices across my enterprise. It is improving my security score compared to the earlier one. Compared to our earlier endpoint protection solutions, we have a good edge over the mapping we have with Microsoft Defender for Endpoint. Any new devices getting added to our ecosystem are getting secured in a better way.

We use more than one Microsoft security product. We have integrated all of these products, and it was easy to integrate them.

The integrated Microsoft security solutions work natively together to deliver coordinated detection and response across our environment. This is very important for us because we follow a framework where protection, detection, response, and recovery have to happen in a seamless manner.

Microsoft security products give visibility into the information about the latest threats happening across the globe. This gives us awareness and helps us to be well-prepared before the attacks.

We use Microsoft Defender for Cloud, and we make use of its bi-directional sync capabilities. Microsoft Defender for Endpoint has both on-premises and cloud capabilities.

We use Microsoft Sentinel, which enables us to ingest data from our entire ecosystem. We have different types of endpoints. The ingestion of data gives more data and more credibility to the logs, which makes my environment more secure.

MS Sentinel enables us to investigate threats and respond holistically from one place. It provides vulnerability management and threat detection so that we'll be able to see different logs and parameters. Normally, the threat collection, detection, and response are very much important for an organization.

MS Sentinel’s built-in SOAR and UEBA are different higher-end functionalities with artificial intelligence that provide a secure environment for any platform. It can analyze more volumes of data.

Compared to MS Sentinel, SOAR solutions are more costly.

Our Microsoft security solution helps automate routine tasks and help automate the finding of high-value alerts. It gives us a clear investigation report to find the RCA appropriately, thereby speeding up our response time.

Our Microsoft security solution has helped eliminate having to look at multiple dashboards and given us one XDR dashboard. I can integrate all my security parameters into one dashboard, and looking for the management review is easy for me.

The solution’s threat intelligence helps prepare us for potential threats before they hit and to take proactive steps. It alerts me immediately from which IP the threat is coming so that I can block that respective port immediately and prevent it from entering my network.

Our Microsoft security solution has saved us time by making the operations faster and reducing the response time. The solution has saved me almost 15 days in a month.

Our Microsoft security solution has saved us money by providing a single integrated solution and eliminating the need for different security solutions.

The solution has decreased our time to detect and respond. The solution has enabled me to act quickly on any issue before it hits me.

Microsoft Defender for Endpoint is a one-stop solution for your protection, and it gives overall visibility of your endpoint devices. You can easily add on the devices whenever the enterprise is growing.

With Microsoft Defender for Endpoint, you can club your endpoint protection, email protection, network protection, and application protection and ensure they are in good hands. We can handle anything regarding security operations, investigations, or complaints from a single point.

Overall, I rate Microsoft Defender for Endpoint a nine out of ten.

I'm a consultant. When we do a project with a client, they want us to make an assessment of their environment so they know how to improve their security through Endpoint. I give advice on how to manage the daily case reports that Microsoft automatically sends. 

The solution is mainly deployed on the cloud. Most of our clients are on-premises, but they are transitioning and moving most of their administrative tasks to the cloud.

We deploy this solution for multi-national companies. For example, the last customer I worked with has several departments and locations in several countries. It's a mixture of everything. It's a multi-national company nowadays.

We use all of the M365 security products. I'm also looking into Sentinel. For on-premise security, we're using Windows Defender managed by Security Center or Intune.

We have integrated the solution with other Microsoft products. For example, integrating Azure Active Directory and on-premises computers with Intune is really easy to accomplish. The security console gives us visibility over all the products that are managed by different Microsoft tools. The integration is amazing. 

The solutions work natively together to deliver coordinated detection and response across our environment.

Using ORCA PowerShell provides us with an extensive report and assessment of the platform. It's officially recommended by Microsoft to get an assessment of their environment. It's easier to get the big picture from this tool than from the Microsoft console.

The main improvement is that we have complete integration. For example, there were a couple of projects where I integrated the already managed platform from on-premises using Endpoint Corporation Manager with Defender. The integration between the on-premises Microsoft hybrid environment, Intune, and Defender for Endpoint is secure. It gives me a full picture of the status of the entire organization. That was unimaginable a couple of years ago, but now it's real.

This solution helps us train a lot of customers and their employees to be aware of what they shouldn't do with certain behaviors, mail, and files on their corporate computers. It helps customers to be more aware of behaviors that put the entire company at risk.

We realized these benefits from the beginning of using this solution. It gives us information from different points of view and consoles in a convenient way.

It helps prioritize threats across an enterprise. The reporting shows companies what they need to do to resolve abnormalities and prioritize what needs to be solved in order to improve the security level of the company.

Prioritization is important because it's absolutely necessary to know what has been upgraded and what hasn't. Hackers take advantage of that.

Defender gives us the ability to look at all the dashboards from a single screen. The solution's threat intelligence helps us prepare for potential threats before they hit and take proactive steps by configuring some behaviors.

Microsoft Endpoint saved us from a lot of potential problems. It has absolutely saved us time. From the point of view of our clients, the solution saves money because the main tools that are used by the platform are already integrated into their contracts with Microsoft.

The solution provides protection and reports strange behavior and automatically blocks some of it. I love the way that statuses are represented.

It provides visibility into threats and gives daily reports about new threats and how to deal with them. We can change configurations so customers are continuously aware of new threats.

The dashboard customization could be improved. It's not as good as Azure. The center console isn't very flexible.

The automated remediation could be improved too. If there's a problem, most of the time they open a ticket for another help desk team. They don't remediate these vulnerabilities themselves 90% of the time.

I have been using this solution for about five years.

It's stable. From time to time, there's a blackout on the web pages.

The quality of technical support depends on the technicians who are assigned to your case, but the solutions they provided us with have worked every time. The reply time can be fast, but it depends on if you're lucky or not. You can be waiting for a week or two days. 

I would rate technical support an eight out of ten. 

Positive

The setup is very quick. The amount of time it takes depends on the infrastructure that someone wants to maintain or update.

Only a couple of people were involved in the deployment. From my point of view, I leave the customer's teams in charge of the maintenance of the tools. I recommend taking a look at the weekly reports that Microsoft sends in order to know what changed, what's new, and what has been upgraded.

I would rate this solution an eight out of ten.

There are several free platforms to test all the functionalities and evaluate the solution. If you see that they cover all of your needs, my advice is to buy the product.

I prefer a single vendor's security suite because integration is easier.

We are a property investment company, and people here use Microsoft Surface devices for their daily job. We are a Microsoft-oriented company, and we use it for our basic endpoint security implementation. 

Our entire security is based on this endpoint solution. Sometimes you have centralized security where you scan all traffic going through a central firewall and you also check through several types of solutions. You also check HTTPS connections. Basically, for all the traffic going inside and outside the company, you use a security firewall, and this endpoint solution is actually a firewall solution or security solution that is distributed. So, all the traffic coming from and going into the end-user device is basically submitted for scanning. If you download an ISO on a website or an email, everything is scanned for security to check whether it contains any malicious data. 

We are using Microsoft Defender for Endpoint Plan 2, which is the enterprise version of Microsoft Defender for Endpoint. We are using the most recent version of it.

We deploy it via Intune. The feature is called Microsoft Intune Autopilot. We have a hardware hash. A colleague of mine prepares the configuration and then based on the hardware hash and Autopilot, the devices are completely installed and joined to Azure AD and then to our enterprise. Intune is a Microsoft device management platform that comes with Microsoft solutions. When you buy a new device, based on the hardware hash, it can automatically find that device through Autopilot and do the specific deployment for your company. So, the users can use any type of device, start it, and then it will automatically be joined to our environment.

It is a completely integrated platform with advanced threat analysis, SIEM features, updated inventory, and so on. It is an all-in-one solution. Microsoft is taking over lots of companies to provide more and better services to its clients. This is one of the best solutions around at the moment.

It protects our organization from all kinds of attacks, such as ransomware attacks and any malware downloads. It is like an oracle who knows everything about:

• What is around at the moment?
• From where the attacks are coming?
• What is currently going on security-wise?

It knows about all the software that you have installed on the laptop, and whether they are not patched or have security issues. It covers everything you want from your security platform.

It is a very advanced system based on AI. It has a very large database of places or sites on the internet where you should not go. It is continuously online. 

It is completely self-sufficient. You don't have to install anything. It is completely integrated into the operating system, and it also has a centralized information dashboard where you can immediately see:

• Are all your devices up to date?
• Are there any threats?
• Are the devices having problems with updates?
• Are they infected with anything?
• Was something blocked?

You can immediately see what is going on in your enterprise, in different networks, and also in people's homes in terms of endpoint security.

It is a zero-trust platform, and it integrates with all types of enterprise services that we run. It also integrates with the Office 365 environment where you can securely connect from anywhere.

It makes your Surface devices hot. It is resource-intensive. It strains your CPU, not more than other file scanners around, but it also does a lot more. When you are transmitting files or data, it is continuously scanning the traffic and analyzing it bit by bit to see what's going on, and that, of course, is costly in terms of CPU. It is CPU intensive, and if you are on battery, it drains your battery fast. That's the only drawback that it has.

They're continuously improving it. You can compare it with Teams. About a year ago, the codex and the presentation of the Teams application were not very well optimized, and if you were using the Teams application, it used to drain your battery. It still drains your battery, but they have improved it a lot, and it is a lot less CPU intensive after one year. They're working on Defender for Endpoint to make it less CPU intensive.

We have been using Microsoft Defender for Endpoint for more than six months.

Its stability is quite good, especially with Windows 11, which is a very stable operating system. Of course, you can run into some issues. We have some issues with docking stations for Surface and screens, but generally, the operating system together with the endpoint security solution is very stable.

It is the most scalable solution around. You can create an Azure tenant, and with a script, you can deploy 1,000 user accounts. There is no actual limit to it, so the scalability is infinite.

Their support has improved. They're quite good. I would rate them an eight out of ten.

Positive

It has the easiest setup that I've ever seen. It's completely integrated with Microsoft. When you deploy your machine through Autopilot and Intune and assign the license, everything is done automatically. Of course, you have a lot of possibilities and a lot of freedom for detailed configuration, but out of the box, it comes completely self-sustained. You don't have to do anything. This is one of the easiest solutions that I've seen.

You just apply for the plan in Office 365, and you set up your very basic Autopilot template where you would specify the types of software that have to be installed. For instance, you want Office or other types of software. The very basic template is enough to roll it out fully automatically.

It takes a couple of hours. If you apply for a tenant on Azure, you pay for the licenses, and you can roll out with a click on 200 to 1,000 endpoint devices within the hour. This cloud is really amazing.

We are a small company with a few technical engineers, and we provide services for our clients. We provide all kinds of services such as maintaining endpoints and Azure cloud solutions with virtualized services and SaaS services.

Its implementation is more or less handled by my colleague. I do a little bit of configuration but not so much. My colleague knows about all the technical details. He does the complete installation and the complete central management of policies and templates. However, a basic part with basic software is very quickly implemented. You just create a tenant on microsoft.com, and then you can very easily roll out to as many workstations as you would like the necessary configuration for Defender for Endpoint.

Its price at the moment is very good because you get a lot of value for your money, especially with the subscriptions. If you have the E1, E3, or E5 enterprise subscription, you pay per month per user, and you get almost an infinite number of solutions. If you compare the price to the number of solutions that you get, it is a very good deal. 

I'm only concerned about the future because Microsoft is taking over one company after another. In the end, there will be no alternative and then they can do whatever they like, but for now, in terms of price, Microsoft is one of the best performers.

At the moment, it is one of the best security platforms for endpoint security in the market. It is comparable to SentinelOne in terms of features and functions.

It is part of Microsoft's ecosystem. If you need a reliable and secure work environment, and you are bound by GDPR and other standards where you have to take care of your data and prevent breaches and unauthorized access, it is a great solution. 

The E1, E3, or E5 license contains Defender for Endpoint along with many other solutions. Having just the scanner is not enough these days. You need an overview of your whole environment. You need to make sure that your endpoints are encrypted, they are up to date, and they are correctly using zero-trust relationships for your central services. All these things that you need these days are perfectly implemented in the solutions that Microsoft provides. This is the only way for a company that takes data seriously and has to give a guarantee to customers that data is protected.

It is resource-intensive, but you have to take into account that it is not only a file scanner. It is continuously scanning every connection you make on the internet. It is deeply investigating the data that you transport and the connections that you make. It is scanning your files, and it is scanning your software against all kinds of knowledge bases to identify whether there are vulnerabilities in the software that you use. It is a solution that integrates almost everything. It is doing what a central firewall did before, but it is doing that in a distributed way on your device. So, it does so much more than you expect. If you are providing it to your users, you have to take its CPU consumption into account, and you need to provide sufficient CPU power for this.

I would rate it an eight out of ten.

What I found most valuable in Microsoft Defender for Endpoint is that it's out-of-the-box, which brings more value to the customer. The technical support for the product is also one of the best parts, because it's good, in terms of the product knowledge of the technical engineers.

In Microsoft Defender for Endpoint, the devices still need to mature a little more when compared to other AV solutions. Microsoft Defender for Endpoint is not as robust, and you cannot customize it much, so that's a challenge. These are the rooms for improvement in the product.

Microsoft Defender for Endpoint is still being improved. I would say it's still in the development stage. Daily, Microsoft is getting feedback from the customers, so they are modifying the product based on the feedback and requirements of the customers. It's an ongoing process, and as a consultant, I'm in a much better shape, from a consultant point of view, in terms of speaking with customers.

What I'd like to see in the next release of Microsoft Defender for Endpoint is a single console where you can manage all the policies, Intune, and the EDR capability that can be managed through Intune. There should be a single portal for that to make it more convenient for the security consultant engineer to work with. Right now, I have to hop between different controls. Even the tenant attach feature needs to become more mature in Microsoft Defender for Endpoint because it's just very basic. The concept is good, but it's very basic, so it requires more effort for the engineer to configure.

I've been dealing with Microsoft Defender for Endpoint since 2018.

Microsoft Defender for Endpoint is a stable product.

Microsoft Defender for Endpoint is a cloud solution, so it's always scalable.

Technical support for Microsoft Defender for Endpoint is good, and it's the best part. Microsoft knows that the product needs some development, so they're working on improvements, but all the technical engineers I've worked with so far are very technically sound and they know the product.

The initial setup for Microsoft Defender for Endpoint is straightforward, if you are aware or have knowledge of it. For example, it's easy if you have gone through all the phases of setting up Microsoft Defender for Endpoint when it started as a manual deployment, manual configuration, then it came through GTO, then SSCM, then Intune, and now SMM. If you have gone through all the phases of deployment, then you know where you need to go and where to change the settings.

If you just started with Intune, or you're dealing with a combination of Intune and a firewall, the initial setup won't be as easy. It could be challenging for a newcomer, because you do not have much experience with Microsoft Defender for Endpoint, but they'll give you good support, and they'll try to resolve the challenges that come up when setting up the solution.

Pricing for Microsoft Defender for Endpoint is competitive. Out of the bundle, you will get a lot of security, if I talk about Microsoft E5, for example, and get a lot of benefits. If the customer goes and purchases a different solution, it will cost more, so pricing for Microsoft Defender for Endpoint is quite reasonable at the moment. There isn't any challenge in terms of pricing, for example, I didn't see a customer who pulled back because of the price. Some prices could be negotiable, and sometimes, as a sales point, the two become negotiable, but they don't bill one and pull back because of the pricing. If you have an E5 license, you get everything.

Customers don't worry about the prices too much, because what they're a little bit worried about is the complete capability of Microsoft Defender for Endpoint in the endpoint security space when compared to other legacy solutions such as McAfee Endpoint Security and Symantec End-User Endpoint Security that are quite mature enough in this market, as seen on Gartner. Sometimes the customer is reluctant to move to Microsoft Defender for Endpoint, but not because of its price. I didn't have customers who questioned the pricing for the solution.

I'm currently working with all these solutions: McAfee Endpoint Security, Symantec End-User Endpoint Security, and Microsoft Defender for Endpoint, because I'm a consultant. I'm not a customer. I do use it, and the organization I'm in uses it, but I'm a consultant to the customer. I do pre-sales and look into any of the technical aspects of Microsoft Defender for Endpoint.

In terms of comparing Symantec End-User Endpoint Security with Microsoft Defender for Endpoint, they both work, but in different ways and they have different approaches. Microsoft Defender for Endpoint doesn't have HIPS, while Symantec End-User Endpoint Security has HIPS. Microsoft Defender for Endpoint has ASR rules which are compulsory, but there are some activities that Microsoft Defender for Endpoint can't do in an environment, particularly if it is an air-gapped network. In an air-gapped network, which is very secure, my team can't open the internet, and Microsoft Defender for Endpoint fails in that, despite being an EDR solution, because it's cloud-based and it doesn't work there. Microsoft still doesn't have any solution for mitigating the air-gapped network.

My advice to people looking into implementing Microsoft Defender for Endpoint is to do it very fast because the tool is changing very rapidly, so if you are a novice and you are just learning, what you learn might get changed in the next quarter. Some of the functionality might get changed, so you need to keep up with the changes, and you need to learn quickly and implement Microsoft Defender for Endpoint fast.

My rating for Microsoft Defender for Endpoint is seven out of ten.

It's used to improve the security score for the whole system, even if it is the cloud or on-premises version.

The security is very useful.

Its stability is okay.

The solution can scale. 

Technical support has been great.

There's no setup process; a user simply needs to enable it to get started.

We'd like the stability to be better.

I've been using the solution for about two years. 

The solution is stable. There are no bugs or glitches and it doesn't crash or freeze. It's reliable and the performance is good.

The product can scale if a company needs it to.

There's a big number of users on the solution in our company. It's likely more than 400 users. 

We've dealt with support in the past and found them to be very helpful. We're quite satisfied with the level of service. 

I'm also familiar with Trend Micro, which is similar. However, Defender is specific to Microsoft.

The company does use more than one solution as well. 

There's not really an installation process. A user simply needs to enable it. That's all.

We pay a yearly licensing fee.

I'd rate the solution eight out of ten.