Microsoft Defender for Endpoint Reviews

The solution can be used on everything. It can be used on the cloud. You can also use it for on-premises devices, from servers to laptops. It's a pretty good solution to manage devices and servers.

Usually, our clients have an on-premises infrastructure and they want to start working in the cloud, especially in Azure. We use Microsoft Defender to manage on-premises devices from Azure. Especially over the last two years, a lot of companies have wanted to focus more on their own business and that's why they have us manage their IT security.

The main goal of using Defender for our clients is to do vulnerability scanning and to be aware of any possible security breaches in their infrastructure.

Microsoft Defender is totally integrated with Microsoft 365 Azure. For example, years ago a software company that was working on-premises with Microsoft products came to us. They asked us to help them connect to Azure because with Azure, they could, of course, run their core business, but it would also help them create more value in the market. Microsoft Defender is the best way to manage on-premises devices, but also devices on the cloud.

It also helps us to prioritize threats.

In addition, the solution gives us a single dashboard that we can customize. When our security operators start their day, they look at the dashboard information. If there is a big issue, they automatically get the information. They can send an email to the team involved. The dashboard helps the security team, day-to-day, to ensure everything is secure for the client. The dashboard is really important.

And overall, the solution has saved us 50 percent of our time. It also saves us money because it prevents ransomware and web application attacks every day. Currently, with the war in Ukraine, because I work in Europe, hackers are trying to hack into enterprises, and that's another reason it's really important to have this kind of solution.

It may be saving us 30 percent, in terms of money, because once you have the system in place, you can avoid a lot of attacks and keep secret information away from hackers. When we talk about security, we're also talking about the reputation of the company. Using this kind of solution helps our clients not to lose money through a loss of reputation.

In terms of time to respond, someone who is working every day on the security operation team, can respond correctly within five minutes, to be conservative, to a problem they receive from the scanning done by Defender. It has decreased that time by about 20 percent, although keep in mind that I am a security architect and not part of the operations team.

The scanning part is one of the most valuable features with the automation of vulnerability scanning. That's why we use Defender. It gives us a lot of information on how to improve security.

There are some competitive products on the market, but the best is Microsoft Defender because it's very easy to integrate. That's one reason a lot of clients want Microsoft Defender.

It's also very easy to implement compared to other solutions.

Regarding other Microsoft solutions, about half of our clients take Sentinel, while 90 percent take Defender. They are very easy to integrate. That's one of the reasons, for me, that Microsoft is the best on the market. And in reviews about the best tools on the market, everybody agrees that Sentinel is the best on the market in the security area. When you work with Sentinel, it's easy to work with the Microsoft suite of products. It's easy to integrate every product from Microsoft.

We also use Microsoft Defender for Cloud's bidirectional sync capabilities. For security, they allow us to get all the information we need on time.

After scanning, there are false positives so sometimes you need to manage the results.

Also, we would like to see more tools for managing on-premises security. A lot of companies have their own on-premises infrastructure and want to move to the cloud. Sometimes, we have the tools, like Defender, to manage security in the cloud, but because we are so focused on the cloud, we forget the fact that we need to be sure about the security of the on-premises environment, specifically Active Directory. I know it's tricky, but I'd like to see them add some tools for a really good dashboard to introduce the fact that we also need to be careful about on-premises.

A lot of companies have their Active Directory on an on-premises physical server. When they start the journey of moving to the cloud, especially to Azure, they use Microsoft Defender to do device management, especially servers and computers. But to improve security monitoring it would help if we could monitor on-premises, especially identity. Usually, when hackers hack into an environment, they use tools to get the identity of a person. If we had tools to integrate with Defender, it would help improve security.

I have been working with Microsoft Defender for two years.

It's a stable solution.

It's also a scalable solution.

About 90 percent of our clients have deployments in multiple locations because they are usually multi-national, and that's why it sometimes takes more time to do the implementation.

The technical support of Microsoft is good.

Positive

I have always used Microsoft solutions.

The deployment is straightforward. The amount of time it takes depends on the configuration the client wants, but it's easy enough to deploy. 

If we need to implement it for a client with 2,000 devices, it takes more time. Just the implementation, for me, takes 20 minutes, but after that we have to implement configuration on the cloud, and that is totally different.

If it's a big company, it could take three months, because we have to do discovery. We have a lot of clients that use customized containers and customized Linux servers, and that's where we have to be sure we do the implementation the right way.

Usually, when working with clients and proposing different solutions, they prefer to work with Microsoft Defender because it is integrated. And when you talk about the price, it's really perfect, compared to other advanced threat-scanning products on the market. Overall, 90 percent choose Microsoft Defender because it's great and very easy to put in place. You don't need to install an extra service or do a big design. You pay for the licenses and that's it.

If you're considering working with Microsoft Defender, the first thing you need to do is an inventory of the infrastructure. We need to know what the client has: how many Windows Servers, how many Linux servers, and how much content. And then you need to know what you want to do with the devices. Some devices are not supported anymore. We need to know which devices the client wants to be covered by Defender.

A lot of times, we want to work with Sentinel because it's the best on the market. But Sentinel is more tricky to put that in place. But when you advise a client on security, of course, you propose a lot of solutions, including Defender and Sentinel. You propose the best on the market to improve their security.

Usually, they go for Microsoft Defender, but for Sentinel, sometimes it takes time. They say to us, "We don't have the money right now, let's wait two years." On many of my projects, my clients have already worked in the cloud and they want to start working with Azure. That's why Microsoft Defender is a good tool to implement. There are times we advise the client about Sentinel but they already have a SIEM solution like Splunk.

Defender for Endpoint does not help us automate routine tasks right now because it's extra work. I know we could put that in place, but often, when we start working with a client in the cloud, we spend a lot of money on that. I know, in the day-to-day operations of the security teams of our clients, they have so much to do and it would be really good to implement automation. We propose it to our clients, but it's up to them to decide if they want to do it.

The threat intelligence can help prepare for potential threats before they hit, but this is also something we need to talk to the client about. Sometimes, it's not in our hands. We can propose things to the client, but they have to choose. So far, after proposing these kinds of things to clients, I haven't received their agreement. This part of the solution is really interesting, but it can also be expensive for some clients. It depends on their budget.

And in terms of using multiple vendors for security or a single-vendor security suite, in my current company, we generally advise our clients to have different vendors, but it depends on the client. I, myself, am not a risky guy. But a lot of our clients have Microsoft products, and we'll advise them to use Microsoft products. You don't want to go to war with your client.

Sometimes, they want to work with a lot of different products, but when you try to do that it can be really expensive because you need to work on the connections between them. I usually advise Microsoft because it's very easy and a lot of clients already have Windows Servers, et cetera. It really depends on each case. It depends on who is paying, who is asking, and what they want.

We use Microsoft Defender for Endpoint as our EDR solution on all of our user endpoints.

Microsoft Defender for Endpoint provides comprehensive visibility into endpoint security. I've been impressed with its ability to detect and monitor threats without any noticeable gaps in coverage.

We use the entire suite of Microsoft products, which are all integrated. Integrating them is very easy. However, getting them to function as expected after integration was a little more difficult.

The integrated solutions work together to deliver detection and response. However, their behavior may not always align with our expectations.

The implementation of Microsoft Defender for Endpoint has enhanced our organization's security posture by augmenting our visibility, particularly through the integration of MDE, Sentinel, and Defender for Cloud Apps. Additionally, Intune, when utilized in conjunction with these products, provides comprehensive insights into identity and device risks. The deployment began about three years ago before I joined the company. In terms of EDR or just basic visibility, that was achieved within the first year or so. However, we are still working towards a holistic vision of visibility, especially with Defender for Cloud Apps.

Microsoft Defender for Endpoint consolidates multiple dashboards, as all of our security products are Microsoft-based, simplifying our security management.

Microsoft Defender for Endpoint has saved us time compared to our previous solution, which was an on-premises Trellix EDR solution. This is especially evident in the areas of maintenance and operations.

Microsoft Defender for Endpoint's WCS function, a content filtering solution, has proven to be the most useful, stable, and reliable option for our current needs.

Defender for Cloud Apps is one of the most significant products that Microsoft could improve. We've encountered several limitations with Defender for Cloud Apps, such as the inability to create custom cloud applications and add URLs. These features would be valuable for the scoping feature in Defender for Cloud Apps, as each application can currently only have one scope. It cannot have multiple scopes, meaning that an application cannot be blocked for some device groups and allowed for others. This is another limitation we've encountered frequently.

The technical support is slow to respond.

The product development team makes frequent changes that affect the stability of the solution.

I am currently using Microsoft Defender for Endpoint. 

Microsoft Defender for Endpoint is generally stable, but the frequent product changes made by the development team have caused several instances of unusability this year. These changes often introduce bugs that disrupt web functionality, bringing it to a standstill. While the product itself is stable when not affected by these bugs, the recurring issue has occurred three or four times in the past year.

Microsoft Defender for Endpoint is as scalable as any other cloud-based EDR solution. I would give the scalability a nine out of ten.

The technical support is slow to respond and very log-focused.

Neutral

The deployment process is straightforward. We can utilize a script for Intune that can be deployed through SCCM.

The base price for an E5 license, which includes Enterprise Mobility + Security E5, is $57 per user per month. However, there are additional costs for certain security features, such as Premium Threat and Vulnerability Management and Insider Risk Management.

I would rate Microsoft Defender for Endpoint six out of ten. The support and product development team need to improve.

We have deployed Microsoft Defender for Endpoint across the globe on all of our endpoints.

Microsoft Defender for Endpoint updates itself so there is no need for maintenance.

It is advisable to always exercise patience with technical support and occasionally guide them in the right direction. Otherwise, they may become overly focused on irrelevant logs. Additionally, it is crucial to always have a contingency plan in place in case Microsoft Defender for Endpoint encounters unforeseen challenges.

The effectiveness of both best-of-breed and single-vendor security suite methodologies hinges on seamless integration. When products integrate effectively, they provide a unified view of the security landscape, enabling comprehensive monitoring and threat detection. A SIEM, XDR, or similar tool can serve as this centralized dashboard, providing a single pane of glass for security operations. By centralizing visibility and streamlining response times, organizations can effectively achieve their information security analysis and response objectives.

Our target is to have control over protected endpoints. As a centralized console dashboard, we want to see the exposure level and security weaknesses associated with those protected endpoints.

We are a consultancy company and a Microsoft Gold partner, so we are strictly attached to the Microsoft stack. We have used Microsoft Defender for Cloud for some of our customers on a few occasions.

The solution is deployed on the cloud. From an infrastructure point of view, it's on Microsoft and likely would be geo-distributed. The solution is typically deployed for all endpoints that require cloud protection in an organization. If a company has 300 devices, typically all 300 devices are connected. It doesn't make sense to divide profiles for different departments.

On average, we have 300 to 600 devices and a similar amount of users. In a few cases, we have Defender for Endpoint protecting shared workstations.

The solution helps us prioritize threats across our enterprise. If we're talking about projected vulnerabilities, like an outdated web browser, then there's a different priority associated with that. Conversely, if we have an endpoint out of data, like outdated Windows security patches, it will be registered with a different, higher priority. It helps a lot.

Sentinel enables us to natively ingest data from our entire ecosystem. By design, Microsoft ingests data from Office 365 to Sentinel.

This ingestion of data is critical to our security operations. Without data ingestion, nothing is shown in the dashboard or in the security and compliance portal. If it stops, we don't have data to analyze.

Sentinel enables us to investigate threats and respond holistically from one place. There are threat investigations directly in the portal, which depends on the license. This feature is really important for enterprise-class companies that have a huge emphasis on security.

Since using this solution, we have seen a better perception of incoming and active threats. We're able to see weaknesses or misconfigurations in applications and operating systems for devices.

It definitely takes time to realize benefits from the time of deployment. After we deployed the agent for Microsoft Defender for Endpoint, it took about a week to collect data.

Defender for Endpoint doesn't help us automate routine tasks or automate finding high-value alerts. The most valuable feature is attack surface reduction rules, and in this case, we have an automated response. It's a lot like SOAR, which helps to contain security risks in an unmanned way, but it's limited to just that feature.

This solution absolutely eliminated the need to look at multiple dashboards because we have one XDR. It's a worthy capability that helps a lot. Having one dashboard makes our security operations more seamless. To retrieve data, we consult different places within the portal.

The solution's threat intelligence helps us prepare for potential threats before they hit and take proactive steps.

The solution saves us time, but it depends on the point of view. It helps to have a better understanding and outlook on our current situation within our organization and plan proactively for tasks in order to improve our security score.

We saved money by not needing to buy additional pieces of software or deploying additional infrastructure for an on-premises security product.

It also depends on the competitor and the infrastructure required.

Detection and response take minutes because as soon as something is compromised or something happens within our organization, an alert will be triggered within minutes. After we receive an email with an alert, we are likely to start the analysis and remediation if it exceeds or doesn't fall within the scope of the attack surface reduction rules.

The attack surface reduction rules are the most valuable. We're able to have unattended remediation actions when the solution works side by side with a local antivirus like Microsoft Defender or Kaspersky. The attack surface reduction rules help us to proactively block and stop threats.

The visibility into threats is fair. It's accurate and gives us control over threats.

Prioritization is pretty important to us because we need to concentrate on new threats with higher risks associated with them.

Generally speaking, Microsoft Defender for Endpoint, along with Sentinel, provides fair, decent capabilities but it depends on the situation.

Reporting could be improved. I would like to see how many security incidents occurred in the last six months, how many devices were highly exposed to security risks, and how many devices were actually compromised.

I have worked with this solution for more than a year.

It's very stable.

Generally speaking, there are no bugs or glitches. We have had issues twice in the past two months, but nothing too critical. Before those two occasions, it hadn't happened in a year or more.

It's highly scalable considering it's a SaaS solution.

I would rate technical support an eight out of ten. It depends on the support engineer who is working on the problem.

Positive

We used Kaspersky, but the version is exactly comparable to Microsoft Defender for Endpoint.

We switched to Microsoft for better integration. It integrates very well with the Microsoft antivirus, so we don't have to deploy additional infrastructure or an additional piece of software. We have extended security controls over Windows devices especially and a single dashboard.

There is also integration with Intune, which is the MDM from Microsoft.

The initial setup was absolutely straightforward. We spent some time reading the documentation in order to understand how the setup and agent deployment worked, but then it was pretty straightforward.

It took a couple of hours to deploy the solution. Assuming you have the current licenses, you need to enable the features at the tenant level, and then you have to create a policy to distribute the Defender for the Endpoint sensor.

One person is sufficient to set up and onboard devices. The solution doesn't require any maintenance because the solution is upgraded from the cloud. Maintenance is very limited.

We have absolutely received ROI. Initially, it's time-consuming to understand how to onboard devices and start protecting them, but it's pretty easy to replicate the configuration across different customers.

The price is fair for the features Microsoft delivers. If you want tailor-made features, you have to mix different licenses. It isn't straightforward.

Intune is an additional cost. Microsoft Defender for Endpoint works really well with Intune, but you may decide to go for a license that encompasses Microsoft Defender for Endpoint, Microsoft Defender for Identity, and Intune, which is typically a Microsoft E5 license.

I evaluated other solutions, but the decision diverted to Microsoft products because we have a Microsoft partnership. I requested more information from PeerSpot about the differences between Microsoft Defender for Endpoint and Sophos Intercept X because I had to provide a business justification to a customer in order to go for Microsoft Defender for Endpoint.

I would rate this solution an eight out of ten.

There are pros and cons to having a best-of-breed strategy versus a single vendor security suite. I would go for a single vendor security solution just to have convergence but it depends. Considering the fact that I'm working for a Microsoft Gold partner, I haven't had the occasion to make a comparison.

I would recommend implementing Microsoft Defender for Endpoint. My advice is to use Intune to have better control, especially for Microsoft devices. I would also advise using third-party local antivirus solutions rather than relying on Microsoft Defender Antivirus, which is a lock-in to a single vendor.

Microsoft Defender is a Windows platform that can be integrated with various solutions. It has a complete dashboard that gives us clear visibility into the total security of things, the endpoint devices connected, and their status. It also gives us information about who has been logged in and at what time. Compared to other solutions, Microsoft Defender for Endpoint gives us more visibility and threat analysis reports.

Microsoft Defender for Endpoint has improved my security score very well. Since it is a fully automated solution, all false positives have been ruled out for me. The investigations provided by the dashboard have compliance functionality and are useful for auditing purposes.

The solution's latest features for threat analysis are updated to provide us with future protection against the latest threats worldwide. It allows us to prepare from our side for the worst scenarios so that the business operations would not be affected.

Microsoft Defender for Endpoint should include better automation that will make it faster to detect the latest threats happening across the world. The solution should also generate an automatic report for any investigation before I generate a report. The solution's cost could be improved as it is an expensive tool.

I have been using Microsoft Defender for Endpoint for four years.

Microsoft Defender for Endpoint is a highly stable solution.

Microsoft Defender for Endpoint is a scalable solution. We have around 3,000 total endpoint devices with two administrators, and we have plans to increase the usage.

The solution's technical support is good. We were able to get proper support from the technical support team.

Positive

The solution’s initial setup is easy.

The solution’s deployment took almost three weeks. Two network engineers and I ensured the configuration of the group policies. We ensured that all the inbound and outbound traffic was properly configured and implemented.

We have seen a return on investment with Microsoft Defender for Endpoint.

Microsoft Defender for Endpoint is an expensive solution.

Before choosing Microsoft Defender for Endpoint, we evaluated other solutions by Azure. We chose Microsoft Defender for Endpoint because of its better functionalities and capabilities.

The solution provides us with clear visibility. We have a clear dashboard analysis, and we don't need to worry about the changes we need to make as it gives a clear solution for us. Threat hunting is the best feature that gives the response to any event happening.

The solution helps me prioritize threats across our enterprise because I'm able to map all the devices across my enterprise. It is improving my security score compared to the earlier one. Compared to our earlier endpoint protection solutions, we have a good edge over the mapping we have with Microsoft Defender for Endpoint. Any new devices getting added to our ecosystem are getting secured in a better way.

We use more than one Microsoft security product. We have integrated all of these products, and it was easy to integrate them.

The integrated Microsoft security solutions work natively together to deliver coordinated detection and response across our environment. This is very important for us because we follow a framework where protection, detection, response, and recovery have to happen in a seamless manner.

Microsoft security products give visibility into the information about the latest threats happening across the globe. This gives us awareness and helps us to be well-prepared before the attacks.

We use Microsoft Defender for Cloud, and we make use of its bi-directional sync capabilities. Microsoft Defender for Endpoint has both on-premises and cloud capabilities.

We use Microsoft Sentinel, which enables us to ingest data from our entire ecosystem. We have different types of endpoints. The ingestion of data gives more data and more credibility to the logs, which makes my environment more secure.

MS Sentinel enables us to investigate threats and respond holistically from one place. It provides vulnerability management and threat detection so that we'll be able to see different logs and parameters. Normally, the threat collection, detection, and response are very much important for an organization.

MS Sentinel’s built-in SOAR and UEBA are different higher-end functionalities with artificial intelligence that provide a secure environment for any platform. It can analyze more volumes of data.

Compared to MS Sentinel, SOAR solutions are more costly.

Our Microsoft security solution helps automate routine tasks and help automate the finding of high-value alerts. It gives us a clear investigation report to find the RCA appropriately, thereby speeding up our response time.

Our Microsoft security solution has helped eliminate having to look at multiple dashboards and given us one XDR dashboard. I can integrate all my security parameters into one dashboard, and looking for the management review is easy for me.

The solution’s threat intelligence helps prepare us for potential threats before they hit and to take proactive steps. It alerts me immediately from which IP the threat is coming so that I can block that respective port immediately and prevent it from entering my network.

Our Microsoft security solution has saved us time by making the operations faster and reducing the response time. The solution has saved me almost 15 days in a month.

Our Microsoft security solution has saved us money by providing a single integrated solution and eliminating the need for different security solutions.

The solution has decreased our time to detect and respond. The solution has enabled me to act quickly on any issue before it hits me.

Microsoft Defender for Endpoint is a one-stop solution for your protection, and it gives overall visibility of your endpoint devices. You can easily add on the devices whenever the enterprise is growing.

With Microsoft Defender for Endpoint, you can club your endpoint protection, email protection, network protection, and application protection and ensure they are in good hands. We can handle anything regarding security operations, investigations, or complaints from a single point.

Overall, I rate Microsoft Defender for Endpoint a nine out of ten.

I'm a consultant. When we do a project with a client, they want us to make an assessment of their environment so they know how to improve their security through Endpoint. I give advice on how to manage the daily case reports that Microsoft automatically sends. 

The solution is mainly deployed on the cloud. Most of our clients are on-premises, but they are transitioning and moving most of their administrative tasks to the cloud.

We deploy this solution for multi-national companies. For example, the last customer I worked with has several departments and locations in several countries. It's a mixture of everything. It's a multi-national company nowadays.

We use all of the M365 security products. I'm also looking into Sentinel. For on-premise security, we're using Windows Defender managed by Security Center or Intune.

We have integrated the solution with other Microsoft products. For example, integrating Azure Active Directory and on-premises computers with Intune is really easy to accomplish. The security console gives us visibility over all the products that are managed by different Microsoft tools. The integration is amazing. 

The solutions work natively together to deliver coordinated detection and response across our environment.

Using ORCA PowerShell provides us with an extensive report and assessment of the platform. It's officially recommended by Microsoft to get an assessment of their environment. It's easier to get the big picture from this tool than from the Microsoft console.

The main improvement is that we have complete integration. For example, there were a couple of projects where I integrated the already managed platform from on-premises using Endpoint Corporation Manager with Defender. The integration between the on-premises Microsoft hybrid environment, Intune, and Defender for Endpoint is secure. It gives me a full picture of the status of the entire organization. That was unimaginable a couple of years ago, but now it's real.

This solution helps us train a lot of customers and their employees to be aware of what they shouldn't do with certain behaviors, mail, and files on their corporate computers. It helps customers to be more aware of behaviors that put the entire company at risk.

We realized these benefits from the beginning of using this solution. It gives us information from different points of view and consoles in a convenient way.

It helps prioritize threats across an enterprise. The reporting shows companies what they need to do to resolve abnormalities and prioritize what needs to be solved in order to improve the security level of the company.

Prioritization is important because it's absolutely necessary to know what has been upgraded and what hasn't. Hackers take advantage of that.

Defender gives us the ability to look at all the dashboards from a single screen. The solution's threat intelligence helps us prepare for potential threats before they hit and take proactive steps by configuring some behaviors.

Microsoft Endpoint saved us from a lot of potential problems. It has absolutely saved us time. From the point of view of our clients, the solution saves money because the main tools that are used by the platform are already integrated into their contracts with Microsoft.

The solution provides protection and reports strange behavior and automatically blocks some of it. I love the way that statuses are represented.

It provides visibility into threats and gives daily reports about new threats and how to deal with them. We can change configurations so customers are continuously aware of new threats.

The dashboard customization could be improved. It's not as good as Azure. The center console isn't very flexible.

The automated remediation could be improved too. If there's a problem, most of the time they open a ticket for another help desk team. They don't remediate these vulnerabilities themselves 90% of the time.

I have been using this solution for about five years.

It's stable. From time to time, there's a blackout on the web pages.

The quality of technical support depends on the technicians who are assigned to your case, but the solutions they provided us with have worked every time. The reply time can be fast, but it depends on if you're lucky or not. You can be waiting for a week or two days. 

I would rate technical support an eight out of ten. 

Positive

The setup is very quick. The amount of time it takes depends on the infrastructure that someone wants to maintain or update.

Only a couple of people were involved in the deployment. From my point of view, I leave the customer's teams in charge of the maintenance of the tools. I recommend taking a look at the weekly reports that Microsoft sends in order to know what changed, what's new, and what has been upgraded.

I would rate this solution an eight out of ten.

There are several free platforms to test all the functionalities and evaluate the solution. If you see that they cover all of your needs, my advice is to buy the product.

I prefer a single vendor's security suite because integration is easier.

We are a property investment company, and people here use Microsoft Surface devices for their daily job. We are a Microsoft-oriented company, and we use it for our basic endpoint security implementation. 

Our entire security is based on this endpoint solution. Sometimes you have centralized security where you scan all traffic going through a central firewall and you also check through several types of solutions. You also check HTTPS connections. Basically, for all the traffic going inside and outside the company, you use a security firewall, and this endpoint solution is actually a firewall solution or security solution that is distributed. So, all the traffic coming from and going into the end-user device is basically submitted for scanning. If you download an ISO on a website or an email, everything is scanned for security to check whether it contains any malicious data. 

We are using Microsoft Defender for Endpoint Plan 2, which is the enterprise version of Microsoft Defender for Endpoint. We are using the most recent version of it.

We deploy it via Intune. The feature is called Microsoft Intune Autopilot. We have a hardware hash. A colleague of mine prepares the configuration and then based on the hardware hash and Autopilot, the devices are completely installed and joined to Azure AD and then to our enterprise. Intune is a Microsoft device management platform that comes with Microsoft solutions. When you buy a new device, based on the hardware hash, it can automatically find that device through Autopilot and do the specific deployment for your company. So, the users can use any type of device, start it, and then it will automatically be joined to our environment.

It is a completely integrated platform with advanced threat analysis, SIEM features, updated inventory, and so on. It is an all-in-one solution. Microsoft is taking over lots of companies to provide more and better services to its clients. This is one of the best solutions around at the moment.

It protects our organization from all kinds of attacks, such as ransomware attacks and any malware downloads. It is like an oracle who knows everything about:

• What is around at the moment?
• From where the attacks are coming?
• What is currently going on security-wise?

It knows about all the software that you have installed on the laptop, and whether they are not patched or have security issues. It covers everything you want from your security platform.

It is a very advanced system based on AI. It has a very large database of places or sites on the internet where you should not go. It is continuously online. 

It is completely self-sufficient. You don't have to install anything. It is completely integrated into the operating system, and it also has a centralized information dashboard where you can immediately see:

• Are all your devices up to date?
• Are there any threats?
• Are the devices having problems with updates?
• Are they infected with anything?
• Was something blocked?

You can immediately see what is going on in your enterprise, in different networks, and also in people's homes in terms of endpoint security.

It is a zero-trust platform, and it integrates with all types of enterprise services that we run. It also integrates with the Office 365 environment where you can securely connect from anywhere.

It makes your Surface devices hot. It is resource-intensive. It strains your CPU, not more than other file scanners around, but it also does a lot more. When you are transmitting files or data, it is continuously scanning the traffic and analyzing it bit by bit to see what's going on, and that, of course, is costly in terms of CPU. It is CPU intensive, and if you are on battery, it drains your battery fast. That's the only drawback that it has.

They're continuously improving it. You can compare it with Teams. About a year ago, the codex and the presentation of the Teams application were not very well optimized, and if you were using the Teams application, it used to drain your battery. It still drains your battery, but they have improved it a lot, and it is a lot less CPU intensive after one year. They're working on Defender for Endpoint to make it less CPU intensive.

We have been using Microsoft Defender for Endpoint for more than six months.

Its stability is quite good, especially with Windows 11, which is a very stable operating system. Of course, you can run into some issues. We have some issues with docking stations for Surface and screens, but generally, the operating system together with the endpoint security solution is very stable.

It is the most scalable solution around. You can create an Azure tenant, and with a script, you can deploy 1,000 user accounts. There is no actual limit to it, so the scalability is infinite.

Their support has improved. They're quite good. I would rate them an eight out of ten.

Positive

It has the easiest setup that I've ever seen. It's completely integrated with Microsoft. When you deploy your machine through Autopilot and Intune and assign the license, everything is done automatically. Of course, you have a lot of possibilities and a lot of freedom for detailed configuration, but out of the box, it comes completely self-sustained. You don't have to do anything. This is one of the easiest solutions that I've seen.

You just apply for the plan in Office 365, and you set up your very basic Autopilot template where you would specify the types of software that have to be installed. For instance, you want Office or other types of software. The very basic template is enough to roll it out fully automatically.

It takes a couple of hours. If you apply for a tenant on Azure, you pay for the licenses, and you can roll out with a click on 200 to 1,000 endpoint devices within the hour. This cloud is really amazing.

We are a small company with a few technical engineers, and we provide services for our clients. We provide all kinds of services such as maintaining endpoints and Azure cloud solutions with virtualized services and SaaS services.

Its implementation is more or less handled by my colleague. I do a little bit of configuration but not so much. My colleague knows about all the technical details. He does the complete installation and the complete central management of policies and templates. However, a basic part with basic software is very quickly implemented. You just create a tenant on microsoft.com, and then you can very easily roll out to as many workstations as you would like the necessary configuration for Defender for Endpoint.

Its price at the moment is very good because you get a lot of value for your money, especially with the subscriptions. If you have the E1, E3, or E5 enterprise subscription, you pay per month per user, and you get almost an infinite number of solutions. If you compare the price to the number of solutions that you get, it is a very good deal. 

I'm only concerned about the future because Microsoft is taking over one company after another. In the end, there will be no alternative and then they can do whatever they like, but for now, in terms of price, Microsoft is one of the best performers.

At the moment, it is one of the best security platforms for endpoint security in the market. It is comparable to SentinelOne in terms of features and functions.

It is part of Microsoft's ecosystem. If you need a reliable and secure work environment, and you are bound by GDPR and other standards where you have to take care of your data and prevent breaches and unauthorized access, it is a great solution. 

The E1, E3, or E5 license contains Defender for Endpoint along with many other solutions. Having just the scanner is not enough these days. You need an overview of your whole environment. You need to make sure that your endpoints are encrypted, they are up to date, and they are correctly using zero-trust relationships for your central services. All these things that you need these days are perfectly implemented in the solutions that Microsoft provides. This is the only way for a company that takes data seriously and has to give a guarantee to customers that data is protected.

It is resource-intensive, but you have to take into account that it is not only a file scanner. It is continuously scanning every connection you make on the internet. It is deeply investigating the data that you transport and the connections that you make. It is scanning your files, and it is scanning your software against all kinds of knowledge bases to identify whether there are vulnerabilities in the software that you use. It is a solution that integrates almost everything. It is doing what a central firewall did before, but it is doing that in a distributed way on your device. So, it does so much more than you expect. If you are providing it to your users, you have to take its CPU consumption into account, and you need to provide sufficient CPU power for this.

I would rate it an eight out of ten.

What I found most valuable in Microsoft Defender for Endpoint is that it's out-of-the-box, which brings more value to the customer. The technical support for the product is also one of the best parts, because it's good, in terms of the product knowledge of the technical engineers.

In Microsoft Defender for Endpoint, the devices still need to mature a little more when compared to other AV solutions. Microsoft Defender for Endpoint is not as robust, and you cannot customize it much, so that's a challenge. These are the rooms for improvement in the product.

Microsoft Defender for Endpoint is still being improved. I would say it's still in the development stage. Daily, Microsoft is getting feedback from the customers, so they are modifying the product based on the feedback and requirements of the customers. It's an ongoing process, and as a consultant, I'm in a much better shape, from a consultant point of view, in terms of speaking with customers.

What I'd like to see in the next release of Microsoft Defender for Endpoint is a single console where you can manage all the policies, Intune, and the EDR capability that can be managed through Intune. There should be a single portal for that to make it more convenient for the security consultant engineer to work with. Right now, I have to hop between different controls. Even the tenant attach feature needs to become more mature in Microsoft Defender for Endpoint because it's just very basic. The concept is good, but it's very basic, so it requires more effort for the engineer to configure.

I've been dealing with Microsoft Defender for Endpoint since 2018.

Microsoft Defender for Endpoint is a stable product.

Microsoft Defender for Endpoint is a cloud solution, so it's always scalable.

Technical support for Microsoft Defender for Endpoint is good, and it's the best part. Microsoft knows that the product needs some development, so they're working on improvements, but all the technical engineers I've worked with so far are very technically sound and they know the product.

The initial setup for Microsoft Defender for Endpoint is straightforward, if you are aware or have knowledge of it. For example, it's easy if you have gone through all the phases of setting up Microsoft Defender for Endpoint when it started as a manual deployment, manual configuration, then it came through GTO, then SSCM, then Intune, and now SMM. If you have gone through all the phases of deployment, then you know where you need to go and where to change the settings.

If you just started with Intune, or you're dealing with a combination of Intune and a firewall, the initial setup won't be as easy. It could be challenging for a newcomer, because you do not have much experience with Microsoft Defender for Endpoint, but they'll give you good support, and they'll try to resolve the challenges that come up when setting up the solution.

Pricing for Microsoft Defender for Endpoint is competitive. Out of the bundle, you will get a lot of security, if I talk about Microsoft E5, for example, and get a lot of benefits. If the customer goes and purchases a different solution, it will cost more, so pricing for Microsoft Defender for Endpoint is quite reasonable at the moment. There isn't any challenge in terms of pricing, for example, I didn't see a customer who pulled back because of the price. Some prices could be negotiable, and sometimes, as a sales point, the two become negotiable, but they don't bill one and pull back because of the pricing. If you have an E5 license, you get everything.

Customers don't worry about the prices too much, because what they're a little bit worried about is the complete capability of Microsoft Defender for Endpoint in the endpoint security space when compared to other legacy solutions such as McAfee Endpoint Security and Symantec End-User Endpoint Security that are quite mature enough in this market, as seen on Gartner. Sometimes the customer is reluctant to move to Microsoft Defender for Endpoint, but not because of its price. I didn't have customers who questioned the pricing for the solution.

I'm currently working with all these solutions: McAfee Endpoint Security, Symantec End-User Endpoint Security, and Microsoft Defender for Endpoint, because I'm a consultant. I'm not a customer. I do use it, and the organization I'm in uses it, but I'm a consultant to the customer. I do pre-sales and look into any of the technical aspects of Microsoft Defender for Endpoint.

In terms of comparing Symantec End-User Endpoint Security with Microsoft Defender for Endpoint, they both work, but in different ways and they have different approaches. Microsoft Defender for Endpoint doesn't have HIPS, while Symantec End-User Endpoint Security has HIPS. Microsoft Defender for Endpoint has ASR rules which are compulsory, but there are some activities that Microsoft Defender for Endpoint can't do in an environment, particularly if it is an air-gapped network. In an air-gapped network, which is very secure, my team can't open the internet, and Microsoft Defender for Endpoint fails in that, despite being an EDR solution, because it's cloud-based and it doesn't work there. Microsoft still doesn't have any solution for mitigating the air-gapped network.

My advice to people looking into implementing Microsoft Defender for Endpoint is to do it very fast because the tool is changing very rapidly, so if you are a novice and you are just learning, what you learn might get changed in the next quarter. Some of the functionality might get changed, so you need to keep up with the changes, and you need to learn quickly and implement Microsoft Defender for Endpoint fast.

My rating for Microsoft Defender for Endpoint is seven out of ten.

It's used to improve the security score for the whole system, even if it is the cloud or on-premises version.

The security is very useful.

Its stability is okay.

The solution can scale. 

Technical support has been great.

There's no setup process; a user simply needs to enable it to get started.

We'd like the stability to be better.

I've been using the solution for about two years. 

The solution is stable. There are no bugs or glitches and it doesn't crash or freeze. It's reliable and the performance is good.

The product can scale if a company needs it to.

There's a big number of users on the solution in our company. It's likely more than 400 users. 

We've dealt with support in the past and found them to be very helpful. We're quite satisfied with the level of service. 

I'm also familiar with Trend Micro, which is similar. However, Defender is specific to Microsoft.

The company does use more than one solution as well. 

There's not really an installation process. A user simply needs to enable it. That's all.

We pay a yearly licensing fee.

I'd rate the solution eight out of ten.