Microsoft Defender for Endpoint Reviews

We use Microsoft Defender for Endpoint to secure our customers' networks. One of the main reasons we chose this solution is its seamless integration with other Microsoft products, including Security. This integration enables the efficient exchange of signals and facilitates incident investigation and correlation with other security measures. Therefore, we recommend Microsoft Defender to our customers for robust endpoint security. 

Microsoft has been recognized as a leader in Gartner reports for two consecutive years for their exceptional threat-capturing abilities within their division. In comparison to other solutions, Microsoft Defender Endpoint Security offers a wide range of features, and the benefit of integration with other solutions makes it a more powerful product. This is in contrast to individual products from separate vendors, which lack default integrations and may not offer visibility over other endpoints in our environment.

The solution provides a high level of visibility into threats and is integrated with other solutions such as Microsoft Defender for Identity. This integration enables the solution to receive signals from Microsoft Defender for Identity, which are then relayed to users who attempt to log in to an infected device. If the threat originates from Microsoft Defender or Office 365, users are alerted and advised not to open any suspicious links or attachments. This integration greatly enhances the investigation experience and is extremely useful in the detection and analysis of potential threats.

Microsoft Defender for Endpoint helps prioritize the threats across our organization.

The automatic investigation response is the key feature of Microsoft Defender for Endpoint. It enables us to concentrate on the critical incidents related to the endpoint or machines. This capability enables the security team to focus on the most significant alerts or incidents related to the device's self-analytics. Prioritizing our investigations and responses with Microsoft Defender for Endpoint is crucial.

The integration with Microsoft solutions is smooth, and integrating with other products can be done with just one click.

In most cases, the solutions work natively together to deliver coordinated detection responses across our environment, which is very helpful.

The comprehensiveness of threat protection offered by Microsoft's solutions is extensive. These solutions can thoroughly investigate all resources in an organization when deployed correctly according to best practices. They can detect any threats related to email, endpoints, and identity attacks, whether on-premises or in the cloud.

Microsoft Defender for Endpoint has been instrumental in enhancing our organization's operations. It detects the majority of threats aimed at our devices, aiding us in our efforts to combat threats. Additionally, it expedites the investigation process by running playbooks on incidents. This saves us time and increases efficiency. Furthermore, the integration capabilities of Microsoft Defender for Endpoint allow us to address the source of the threat by partnering it with other solutions. Microsoft Defender for Endpoint can be integrated with Microsoft Intune, allowing us to provide device signals to the latter. This permits us to grant or deny access to specific sources based on device signals.

The solution assists in automating routine tasks and streamlines the identification of high-value alerts. When used in conjunction with Microsoft Sentinel, which is highly effective in detection and comprehensive investigations, the quality of high-value alerts is excellent.

Microsoft Defender for Endpoint has eliminated the need to access multiple dashboards and provided us with a single XDR dashboard. Instead of logging into five different portals to investigate a threat, we only need to access one portal, Microsoft Defender for Endpoint. This portal collects signals from various solutions and integrates them into a single incident, providing a comprehensive view of the detection from different sources in one place. This improves our visibility and simplifies the threat investigation process.

Having a consolidated dashboard saves us a significant amount of time by eliminating the need to log into multiple portals. This single portal can be used for investigation purposes and can relate to various aspects. It simplifies the process of monitoring a multitude of sources or resources in the environment, making it easier to detect and investigate potential issues. A consolidated dashboard improves collections and visibility, streamlining the investigation process.

The threat intelligence provided by the solution helps us prepare for potential threats and take proactive measures before they occur. Many of Microsoft's security solutions now depend on Microsoft's security intelligence. The ISG collects signals from various products worldwide, providing extensive information on recent global threats targeting different products. Integrating with Microsoft Defender for Endpoint, this information is particularly helpful.

The solution has helped us save time. I suggested that we check Microsoft Defender for Endpoint daily to review the latest incidents that occurred during the process. We can quickly examine the incident and then take action based on the recommendations provided by either Microsoft Defender for Endpoint or Microsoft 365 Defender, as it consolidates the signals.

This solution is cost-effective since we would otherwise have to pay for multiple licenses if we were to use various solutions. Additionally, we prefer not to subscribe to multiple vendors for different services. By integrating these features, we save time, and they are already integrated by default, unlike other vendors who may not offer this feature or integration.

Real-time detection and cloud-based delivery of detections are highly efficient. I have deployed the Microsoft Application Control which I found to be very effective, albeit difficult to deploy. I have implemented point guard and attack deduction rules which enable me to identify attack locations effectively. Microsoft Defender for Endpoint has several excellent features, and the correlation of alerts and investigation experiences within the platform helps lead investigations

The application control feature requires improvement. It is currently challenging to detect and fine-tune the application control policies. A better GUI is needed for configuring the policies, beyond the current partial console, such as a third-party or Microsoft tool. Additionally, more documentation is required for the application control section as there is currently none available in Microsoft's resources. This lack of documentation can make the process confusing.

The policy configuration has room for improvement. Currently, we require additional solutions to configure policies for Microsoft Defender for Endpoint. We need either Microsoft Intune or a new policy object. It seems many individuals find this process confusing. It is perplexing to me why we must configure policies using different solutions when ideally, we should have all configurations for Microsoft Defender for Endpoint in a single portal. It would be more practical to configure policies directly within Microsoft Defender for Endpoint, rather than using external solutions.

I have been using the solution for three years.

Microsoft Defender for Endpoint is stable.

Microsoft Defender for Endpoint is scalable.

I previously used Trend Micro Apex One, but I've found that Microsoft Defender for Endpoint has more benefits. Although I haven't worked with the full suite of Trend Micro, I believe that their Suite is also highly effective. However, I have experience using the full suite of Microsoft Defender, and I find it to be a more powerful tool for threat detection. While Trend Micro Apex One is easy to implement, has a seamless implementation experience, and is superior when it comes to policy configuration; For threat detection capabilities, Microsoft Defender for Endpoint is stronger.

The initial setup is straightforward because we just need to onboard devices, through a script, employment, onboarding package, or any other MDM Solution like Intune. The deployment takes between four and eight hours and requires a maximum of two people.

We implement the solution for our customers.

Microsoft Defender for Endpoint can be costly as a standalone solution. However, when included in a bundled license with other Microsoft solutions, it becomes a cost-effective option. Microsoft Defender for Endpoint provides excellent value for our organization.

There is an additional cost for Microsoft Premier support.

I give the solution an eight out of ten.

Microsoft Defender for Endpoint is deployed across multiple locations and departments. The solution can be used for enterprise, medium, and small businesses but can be expensive for SMBs.

To achieve success with Microsoft Defender for Endpoint, it is crucial to establish best practices and ensure full deployment without causing any disruptions to business productivity. Simply enabling all features without understanding their impact could lead to interruptions in productivity. By adhering to best practices and carefully assessing the impact of each policy, we can ensure a smooth and effective implementation.

We use Microsoft Defender for Endpoint to manage the firewall and provide endpoint security, such as antivirus protection, on the endpoint.

The visibility of threats is excellent. The most difficult aspect of Microsoft Defender for Endpoint, especially for a small MSP, is the amount of information that needs to be filtered through. There is a lot that can be done in the portal, so it requires someone to spend a lot of time going through all the settings and making sure any issues are resolved. This is why we added Huntress to it, as it helps with the identification of other issues.

Microsoft Defender for Endpoint helps prioritize threats across the enterprise. The great thing about the Defender portal is that if there is a new issue, it highlights the issue for us in the portal, enabling us to easily check the CVE report to see which devices are affected, and make the necessary changes.

The major advantage of Microsoft Defender for Endpoint for us is that we receive a great deal of information. Initially, when we encountered the solution, the most difficult thing was that there was a lot more detail to go through, a lot more logs, and settings that we had to configure. However, once we had everything in place, as we are covering so many devices using the same solution, we were able to make a significant impact on our security.

The solution helps automate the high-value alerts to identify the devices that are at high risk of attack, but we still have to remediate ourselves.

We still enjoy jumping between Defender and Huntress' portals. Microsoft has removed the need for a large number of solutions as the Defender portal itself encompasses a great deal. This is both good and bad as they continue to add to the Defender portal. For a small team, it can be quite overwhelming to have to go through the one Defender portal. However, if the team was larger and we had more dedicated staff, it would be great as everything would be in one place.

Microsoft Defender for Endpoint's threat intelligence helps us prepare for potential threats before they occur and take proactive steps based on the CVE reports, which advise us which devices have higher threat issues.

Being aware of the issues is a good thing, and with solutions like Webroot Business Endpoint Protection, we may think everything is fine as long as the antivirus is installed. However, with Microsoft Defender for Endpoint, we are given a lot of information and become more aware of the issues. This helps us strive to reach the 100 mark on the security score.

Microsoft Defender for Endpoint has saved time by preventing attacks from occurring, and I have been able to rely on it. In contrast, when we used Webroot Business Endpoint Protection, we installed it and then largely forgot about it, assuming it would take care of itself. Webroot rarely gave us any warnings, which may have been due to the product not knowing what to do or not having anything to alert us about. On the other hand, Defender is constantly active and provides us with updates about the endpoints. This may take up more time, as it is making us aware of a lot of other things.

Microsoft Defender for Endpoint is more expensive than Webroot Business Endpoint Protection. However, the value is there in terms of the product we are getting. The cost savings with Microsoft Defender for Endpoint come from being aware of the issues and taking steps to prevent them from occurring. The savings come from avoiding the issues.

Microsoft Defender for Endpoints has a quick response time when it detects a threat. From what I've seen, the system is quite fast. It's not instantaneous when changes are made in the portal and sent to the endpoint, but it is still quick.

The most valuable feature of Microsoft Defender for Endpoint is its ability to bring together all the data, providing more information than just antivirus hits. Additionally, it has a useful security score that is tied into the Defender platform, giving us a better understanding of what is happening at the endpoint.

Microsoft often changes the names of its products, the design of its portals, and what is included in them. This can be confusing for people who are not using them regularly. There is a lot of information to take in, and the portals tend to change quickly due to the fast-paced nature of the industry. This can be frustrating when something that was there one day is gone the next.

I would like to see when NDR solutions become more widespread in other regions. It would be amazing to observe how that progresses. It is something that we are considering, having Microsoft do part of the work using the dependent portal instead of having engineers from our own company do it. Therefore, I am eager to see where that goes.

The stability has room for improvement.

I have been using the solution for over one year.

When testing to see if the antivirus solution is working properly with a lot of different events occurring on the device, we found that the Defender interface can become cluttered. The solution does not always give us a real-time view of what is happening, making it difficult to navigate the user interface. Therefore, there is potential for improvement in terms of stability.

We've deployed the solution in small environments and larger ones. So we haven't had any issues going between the two. Microsoft Defender for Endpoint is scalable.

We have encountered two technical issues in the past. The support team was very competent, and when I contacted Microsoft support, they were extremely helpful.

Positive

We had previously used Webroot Business Endpoint Protection, Bitdefender GravityZone, CrowdStrike Falcon, and Cortex XDR by Palo Alto Networks. Microsoft Defender for Endpoint is now included in our licenses, making it an easy addition for many of our clients since some of them already had the licenses that included the solution. Moreover, since many of us already use Microsoft products and portals daily, we were comfortable with Microsoft and the solution did not require a lot of retraining. Additionally, the price was another factor that made the solution attractive; CrowdStrike and the requirements associated with it are too costly for some of our clients.

The initial setup is not complex. It is more cumbersome than Huntress because it is not just an installer. We have a package that needs to be deployed to a few machines. We can run a script, or use a GPO package to distribute it. Although it is not as easy as some of the other smaller solutions, it is still quite simple. We can roll out a group policy. The deployment didn't take long at all. We had already set people up with licenses to access a Hive with Microsoft, so the deployment solution was straightforward. Most of our clients also have directories managed through Azure, which made the rollout easy.

The deployment process requiring engineering numbers or similar is very minimal as it can be done through a single group policy.

The implementations are completed in-house for our clients.

The licensing costs for Microsoft Defender for Endpoint are reasonable.

I give the solution an eight out of ten. When discussing Microsoft Defender with other engineers, we agree that it can be challenging to become accustomed to and comprehend the UI at first. Once we have a grasp on the UI, it is excellent; however, initially, it is difficult to learn.

Microsoft Defender for Endpoint is deployed in systems located in data centers and on-premises, providing a wide range of devices. Approximately two thousand endpoint devices are in use.

Since the solution is a Windows subsystem, it is not difficult to maintain. We utilize a management solution to run many of those updates regularly, ensuring that they are completed regularly.

No single solution or vendor has all the answers, and it can be risky to rely on just one source. If an attack occurs and we are only using one form of security, if it is breached, the attackers will have unfettered access. Therefore, I believe it is beneficial to have a multi-layered approach, utilizing multiple solutions and vendors with different technologies that can work together.

I suggest people do some Microsoft training regarding the Defender platform to become comfortable with it before deploying it to understand exactly what is necessary to make it work.

We provide solutions to our customers based on their requirements. We started working with Microsoft products because we saw people getting more inclined toward Microsoft security products. For example, previously, for SOC, we saw more organizations working with Splunk or QRadar. However, over the last six months, we have seen a lot of customers migrating to Microsoft Sentinel because they already have Microsoft products in their environment, and it works better with other Microsoft products.

The main purpose of EDR is threat protection, and Microsoft Defender is most impressive when you are factoring in the E3 and E5 security enhancements. It gives all monitoring alerts on a proactive basis. It generates an alert if it finds suspicious traffic, and it also helps to understand where the risks are.

It helps us to prioritize threats across our enterprise. That's one of the key features.

It helps automate routine tasks and the finding of high-value alerts. Because of the automation, you don't need to do anything. You are not required to do anything manually. It automatically detects threats and blocks them. It reduces a lot of manual effort.

It makes the organization much more secure. Microsoft Defender is one of the leading products. It works perfectly. When you are monitoring daily alerts, you can understand what kind of threats your organization is facing or how it is blocking. Based on this analysis, you can secure your organization more. Based on their automation, they are protecting you, and from that analysis, you can understand what threats your organization is facing. So, you can focus more on that area. It helps you to identify and secure those areas so that the same threats don't come in the future.

It has saved us about 20% of the time from an endpoint perspective. It has reduced our time to detect and respond by 50%.

Our customers also use M365 and Microsoft Sentinel. We have integrated all of these products. The base product is Microsoft Sentinel because that is the SIEM. All M365 logs get ingested for the phishing attack checks, and Microsoft Defender logs get integrated with Microsoft Sentinel to check all the endpoint-related activities. These endpoints include Windows servers, laptops, and desktops. On Windows Server also, we have installed Microsoft Defender EDR. From there, the logs go to Microsoft Sentinel, and from there, a centralized monitoring console works. These solutions work natively together to deliver coordinated detection and response across an environment.

The most important feature is the way it monitors the threats and blocks them. About 10 days ago, we were implementing SOC for a particular client. The SOC was not yet implemented, but they had Microsoft Defender. That organization was hit by some ransomware, but the hacker could not succeed. Because of the EDR, the hacker could not install the hacking tools. They were trying to do that, but Microsoft Defender completely blocked that. The hacker could log into the system, but they could not install anything. 

Microsoft Defender is a lot proactive, and it can also analyze the threats on the latest technologies. In the case of the attack that happened just 10 days ago, we immediately logged in and saw various challenges because we didn't have any other logs. SOC was not ready, and we only had EDR logs. From there, we could identify that the hacker couldn't succeed because Microsoft Defender was proactively working. It prevented the complete attack.

It is proficient and proactive in monitoring threats. It can seamlessly monitor all the individual assets in real time. Another thing is that after installing the Microsoft Defender agent, your computer doesn't slow down even though real-time scanning is going on in the background.

It should support non-Windows products better. Microsoft is now one of the leading vendors in the security area. So, they should be product-independent.

I have been using it for the last year.

It is stable.

It is scalable.

I have not faced any issues with their technical support. Our client has a tie-up with Microsoft, and the Microsoft team has provided them with good support, but I'm not sure how they will be in the case of small customers. 

We are working with multiple vendors for our clients. We are using CrowdStrike for some of the other organizations. Microsoft Defender has grown in a very big way in a very short period, but CrowdStrike Falcon is ahead of it in terms of protection.

Microsoft doesn't give everything in a single dashboard, whereas with Mandiant or Secureworks, from a single dashboard, you can manage everything, such as your EDR threats, vulnerability detection and response, and network detection and response. Microsoft has not grown up in that way.

It is much easier to deploy for the Windows platform. One of the customers had 3,000 or 4,000 endpoints, and we could do the deployment in two months.

There was a team of 10 members. They were working on multiple things. They were not fully dedicated to it. We had SCCM, and we had to push everything through SCCM. That helped a lot to automatically push to multiple endpoints at the same time.

If it is on the cloud, you don't require any separate maintenance, but when their patch is coming, you have to do the patch upgrade. You can make that automated. It is easy.

It is hard to measure the amount of money saved from using this solution because it depends on if you had any attack, and if an attack happens, how much your organization would lose based on the threat. It was published that in the last year, companies have lost millions of dollars because of ransomware and multiple attacks.

They are now doing it on an endpoint basis. It is based on the number of endpoints, which is good.

We made multiple comparisons between tools. We had not only Microsoft Defender but also CrowdStrike and Tanium. I was working on some of the requirements for one of our clients, and based on that, we started evaluating these three products. We started working with Microsoft Defender based on the endpoints or hosts available on the Windows platform. We saw that most of the organizations are still on the Windows platform. They have Windows laptops as well as Windows servers. 

One of the reasons why the client agreed to go with Microsoft Defender was that it was easy to deploy. We didn't need to spend a lot of time implementing it. It is much simpler compared to other competitive products.

During the PoC, we found Microsoft Defender to be easy to implement. It was able to detect a lot of things, but in a few areas, we found CrowdStrike much ahead of Microsoft Defender. Another difference is that CrowdStrike is product-independent, whereas Microsoft Defender is limited to Microsoft products. Also, if you have any other EDR running on your system and if you implement Microsoft Defender, it'll immediately disable others. In this tenure, if something happens, there is always a risk.

To a security colleague who says it’s better to go with a best-of-breed strategy rather than a single vendor’s security suite, I would agree. I prefer multiple vendors. I am not in favor of implementing Microsoft products in all areas because, in every domain, there are some specialty products. You should focus on that and see how to make your organization much safer. Every organization claims that it has all the products, but all the products are not good. That's why you have to find out the best one and put it there.

I would recommend comparing it with other products and defining what are the most important needs for your organization. You may not require all the features. Microsoft Defender includes a lot of things. Microsoft Defender has its own MCAS solution. It also supports DLP, which is not yet mature. You should see what is required for your organization and then do a testing or PoC on that.

Microsoft Defender works well with Microsoft products. You can implement or install it on the Windows platform, but you will have to find another way to track non-Windows platforms, such as Linux platforms or Unix platforms.

Similarly, Microsoft Sentinel does the analysis for Microsoft products in a better way, but they are yet to catch up when it comes to non-Windows products. It lacks when it comes to analyzing non-Windows products. It isn't able to identify all the threats properly. The number of false positives is much more compared to other products, but still, Microsoft Sentinel is one of the leading products in the market. It has developed a lot as compared to what we saw one year ago. It enables you to ingest data from your Microsoft environment, but I am not sure about the non-Microsoft environment. This data ingestion is very important. Without ingesting all the logs to your SIEM, you can't monitor the threats. When it comes to security products, they need to be product-independent. In terms of cost, it is almost similar to other products, but it is a little bit cheaper than Splunk. In terms of ease of use, on the Windows platform, it is very easy to use, but it is not so easy for non-Windows platforms.

Overall, I would rate Microsoft Defender an eight out of ten.

I'm a consultant. When we do a project with a client, they want us to make an assessment of their environment so they know how to improve their security through Endpoint. I give advice on how to manage the daily case reports that Microsoft automatically sends. 

The solution is mainly deployed on the cloud. Most of our clients are on-premises, but they are transitioning and moving most of their administrative tasks to the cloud.

We deploy this solution for multi-national companies. For example, the last customer I worked with has several departments and locations in several countries. It's a mixture of everything. It's a multi-national company nowadays.

We use all of the M365 security products. I'm also looking into Sentinel. For on-premise security, we're using Windows Defender managed by Security Center or Intune.

We have integrated the solution with other Microsoft products. For example, integrating Azure Active Directory and on-premises computers with Intune is really easy to accomplish. The security console gives us visibility over all the products that are managed by different Microsoft tools. The integration is amazing. 

The solutions work natively together to deliver coordinated detection and response across our environment.

Using ORCA PowerShell provides us with an extensive report and assessment of the platform. It's officially recommended by Microsoft to get an assessment of their environment. It's easier to get the big picture from this tool than from the Microsoft console.

The main improvement is that we have complete integration. For example, there were a couple of projects where I integrated the already managed platform from on-premises using Endpoint Corporation Manager with Defender. The integration between the on-premises Microsoft hybrid environment, Intune, and Defender for Endpoint is secure. It gives me a full picture of the status of the entire organization. That was unimaginable a couple of years ago, but now it's real.

This solution helps us train a lot of customers and their employees to be aware of what they shouldn't do with certain behaviors, mail, and files on their corporate computers. It helps customers to be more aware of behaviors that put the entire company at risk.

We realized these benefits from the beginning of using this solution. It gives us information from different points of view and consoles in a convenient way.

It helps prioritize threats across an enterprise. The reporting shows companies what they need to do to resolve abnormalities and prioritize what needs to be solved in order to improve the security level of the company.

Prioritization is important because it's absolutely necessary to know what has been upgraded and what hasn't. Hackers take advantage of that.

Defender gives us the ability to look at all the dashboards from a single screen. The solution's threat intelligence helps us prepare for potential threats before they hit and take proactive steps by configuring some behaviors.

Microsoft Endpoint saved us from a lot of potential problems. It has absolutely saved us time. From the point of view of our clients, the solution saves money because the main tools that are used by the platform are already integrated into their contracts with Microsoft.

The solution provides protection and reports strange behavior and automatically blocks some of it. I love the way that statuses are represented.

It provides visibility into threats and gives daily reports about new threats and how to deal with them. We can change configurations so customers are continuously aware of new threats.

The dashboard customization could be improved. It's not as good as Azure. The center console isn't very flexible.

The automated remediation could be improved too. If there's a problem, most of the time they open a ticket for another help desk team. They don't remediate these vulnerabilities themselves 90% of the time.

I have been using this solution for about five years.

It's stable. From time to time, there's a blackout on the web pages.

The quality of technical support depends on the technicians who are assigned to your case, but the solutions they provided us with have worked every time. The reply time can be fast, but it depends on if you're lucky or not. You can be waiting for a week or two days. 

I would rate technical support an eight out of ten. 

Positive

The setup is very quick. The amount of time it takes depends on the infrastructure that someone wants to maintain or update.

Only a couple of people were involved in the deployment. From my point of view, I leave the customer's teams in charge of the maintenance of the tools. I recommend taking a look at the weekly reports that Microsoft sends in order to know what changed, what's new, and what has been upgraded.

I would rate this solution an eight out of ten.

There are several free platforms to test all the functionalities and evaluate the solution. If you see that they cover all of your needs, my advice is to buy the product.

I prefer a single vendor's security suite because integration is easier.

Our target is to have control over protected endpoints. As a centralized console dashboard, we want to see the exposure level and security weaknesses associated with those protected endpoints.

We are a consultancy company and a Microsoft Gold partner, so we are strictly attached to the Microsoft stack. We have used Microsoft Defender for Cloud for some of our customers on a few occasions.

The solution is deployed on the cloud. From an infrastructure point of view, it's on Microsoft and likely would be geo-distributed. The solution is typically deployed for all endpoints that require cloud protection in an organization. If a company has 300 devices, typically all 300 devices are connected. It doesn't make sense to divide profiles for different departments.

On average, we have 300 to 600 devices and a similar amount of users. In a few cases, we have Defender for Endpoint protecting shared workstations.

The solution helps us prioritize threats across our enterprise. If we're talking about projected vulnerabilities, like an outdated web browser, then there's a different priority associated with that. Conversely, if we have an endpoint out of data, like outdated Windows security patches, it will be registered with a different, higher priority. It helps a lot.

Sentinel enables us to natively ingest data from our entire ecosystem. By design, Microsoft ingests data from Office 365 to Sentinel.

This ingestion of data is critical to our security operations. Without data ingestion, nothing is shown in the dashboard or in the security and compliance portal. If it stops, we don't have data to analyze.

Sentinel enables us to investigate threats and respond holistically from one place. There are threat investigations directly in the portal, which depends on the license. This feature is really important for enterprise-class companies that have a huge emphasis on security.

Since using this solution, we have seen a better perception of incoming and active threats. We're able to see weaknesses or misconfigurations in applications and operating systems for devices.

It definitely takes time to realize benefits from the time of deployment. After we deployed the agent for Microsoft Defender for Endpoint, it took about a week to collect data.

Defender for Endpoint doesn't help us automate routine tasks or automate finding high-value alerts. The most valuable feature is attack surface reduction rules, and in this case, we have an automated response. It's a lot like SOAR, which helps to contain security risks in an unmanned way, but it's limited to just that feature.

This solution absolutely eliminated the need to look at multiple dashboards because we have one XDR. It's a worthy capability that helps a lot. Having one dashboard makes our security operations more seamless. To retrieve data, we consult different places within the portal.

The solution's threat intelligence helps us prepare for potential threats before they hit and take proactive steps.

The solution saves us time, but it depends on the point of view. It helps to have a better understanding and outlook on our current situation within our organization and plan proactively for tasks in order to improve our security score.

We saved money by not needing to buy additional pieces of software or deploying additional infrastructure for an on-premises security product.

It also depends on the competitor and the infrastructure required.

Detection and response take minutes because as soon as something is compromised or something happens within our organization, an alert will be triggered within minutes. After we receive an email with an alert, we are likely to start the analysis and remediation if it exceeds or doesn't fall within the scope of the attack surface reduction rules.

The attack surface reduction rules are the most valuable. We're able to have unattended remediation actions when the solution works side by side with a local antivirus like Microsoft Defender or Kaspersky. The attack surface reduction rules help us to proactively block and stop threats.

The visibility into threats is fair. It's accurate and gives us control over threats.

Prioritization is pretty important to us because we need to concentrate on new threats with higher risks associated with them.

Generally speaking, Microsoft Defender for Endpoint, along with Sentinel, provides fair, decent capabilities but it depends on the situation.

Reporting could be improved. I would like to see how many security incidents occurred in the last six months, how many devices were highly exposed to security risks, and how many devices were actually compromised.

I have worked with this solution for more than a year.

It's very stable.

Generally speaking, there are no bugs or glitches. We have had issues twice in the past two months, but nothing too critical. Before those two occasions, it hadn't happened in a year or more.

It's highly scalable considering it's a SaaS solution.

I would rate technical support an eight out of ten. It depends on the support engineer who is working on the problem.

Positive

We used Kaspersky, but the version is exactly comparable to Microsoft Defender for Endpoint.

We switched to Microsoft for better integration. It integrates very well with the Microsoft antivirus, so we don't have to deploy additional infrastructure or an additional piece of software. We have extended security controls over Windows devices especially and a single dashboard.

There is also integration with Intune, which is the MDM from Microsoft.

The initial setup was absolutely straightforward. We spent some time reading the documentation in order to understand how the setup and agent deployment worked, but then it was pretty straightforward.

It took a couple of hours to deploy the solution. Assuming you have the current licenses, you need to enable the features at the tenant level, and then you have to create a policy to distribute the Defender for the Endpoint sensor.

One person is sufficient to set up and onboard devices. The solution doesn't require any maintenance because the solution is upgraded from the cloud. Maintenance is very limited.

We have absolutely received ROI. Initially, it's time-consuming to understand how to onboard devices and start protecting them, but it's pretty easy to replicate the configuration across different customers.

The price is fair for the features Microsoft delivers. If you want tailor-made features, you have to mix different licenses. It isn't straightforward.

Intune is an additional cost. Microsoft Defender for Endpoint works really well with Intune, but you may decide to go for a license that encompasses Microsoft Defender for Endpoint, Microsoft Defender for Identity, and Intune, which is typically a Microsoft E5 license.

I evaluated other solutions, but the decision diverted to Microsoft products because we have a Microsoft partnership. I requested more information from PeerSpot about the differences between Microsoft Defender for Endpoint and Sophos Intercept X because I had to provide a business justification to a customer in order to go for Microsoft Defender for Endpoint.

I would rate this solution an eight out of ten.

There are pros and cons to having a best-of-breed strategy versus a single vendor security suite. I would go for a single vendor security solution just to have convergence but it depends. Considering the fact that I'm working for a Microsoft Gold partner, I haven't had the occasion to make a comparison.

I would recommend implementing Microsoft Defender for Endpoint. My advice is to use Intune to have better control, especially for Microsoft devices. I would also advise using third-party local antivirus solutions rather than relying on Microsoft Defender Antivirus, which is a lock-in to a single vendor.

We're using it for endpoint security.

We are able to get quite a lot of details about the laptops that we have across the organization. I would rate it pretty high in terms of visibility into our environment.

We are better able to see or get alerts on things that we might not have been able to see before. With Norton, for example, we didn't have a centrally managed system. All we could see was that a node had some threat on it, and we had to manually log into that node and work with the user to figure out what that threat was. With Defender, we are able to see all of that through the console instead of having to reach out to the user, which speeds up the process of figuring out what type of vulnerability we're looking at, and we are able to run scans and do other things remotely without having to interact with the user anything. It speeds up our process of detecting vulnerabilities and threats.

It has significantly reduced the amount of time to respond to threats and manage threats.

It has definitely improved our security, and it also helped us in reducing management costs.

We had Norton Antivirus before, and with Norton, we didn't have a way to centrally manage a lot of features. Defender allowed us to deploy it from our Office 365 admin console. That is probably the biggest thing that made us go with Defender.

Since we moved to Defender, we have more visibility into our security posture for our devices across the organization. We can not only see how the devices are doing as far as AV is concerned; we can also see any threats that might come up. We get alerts on those as well, which is very useful for us.

One thing that was lacking in Defender was web filtering. Its web filtering wasn't as comprehensive. Sophos was a little bit better than Defender for blocking URLs or installing programs. 

In terms of additional features, we have more features than we use. We haven't really had a chance to dig too deep into it. 

We've been using this solution for about a year.

So far, so good. We haven't had any issues related to the service not being available or anything like that.

It is highly scalable. We were able to deploy it across the organization fairly quickly. It is also pretty straightforward to add users or remove users.

We use Office 365 and Azure AD. We have somewhere around 400 users dispersed across the USA.

When we reached out for support, there were times when it took a little bit longer than we liked, but once we were able to engage with their support, we were able to get the resolution fairly quickly.

Positive

We were using Norton as our endpoint antivirus solution. We switched so that we are able to centrally manage endpoint security.

My team implemented it, and I was in charge of overseeing the deployment.

We're a small team managing about 400 users across the organization. A lot of them are remote, especially since the pandemic. We have a couple of administrators who are responsible for checking Defender and just keeping on top of our security.

We have definitely seen improvements in terms of quickly being able to manage threats and being able to centrally manage everything.

We mostly use Microsoft products. We use Office 365, and we use Azure. We're also a Microsoft partner. So, the licensing was much cheaper for us, and at the same time, a lot of the features that we were looking for were included in Defender.

We were trying to get our firm the security certification for government contracting. One of the requirements was to upgrade our Microsoft licensing to a level to be able to use the government cloud. We found out that the required licensing already included Defender. So, it helped us kill two birds with one stone. It was much easier for us to convince the executives to go with it.

We did evaluate other options. CrowdStrike was one of the solutions we looked at. It was a pretty good option, and then there was Trend Micro. Symantec was another one, and then there was also Sophos. Those were the options that we were looking at.

Some of them were priced prohibitive for us. Sophos was a pretty good solution, but it was pretty expensive as compared to some of the other options. Trend Micro was good, but the management interface was lacking for us. It didn't have some of the features that we were looking for. Symantec was just expensive, and their centralized management was also not that great. So, both Trend Micro and Symantec didn't have good management interfaces. Sophos had probably the best one, but it was very expensive. Sophos was also better than Microsoft Defender in terms of web filtering. Web filtering was something for which Microsoft Defender didn't have as good features.

I would advise comparing it with others. If your environment is mostly Microsoft, it makes sense to use Microsoft Defender as part of your deployment.

I would rate it a nine out of ten.

We are a property investment company, and people here use Microsoft Surface devices for their daily job. We are a Microsoft-oriented company, and we use it for our basic endpoint security implementation. 

Our entire security is based on this endpoint solution. Sometimes you have centralized security where you scan all traffic going through a central firewall and you also check through several types of solutions. You also check HTTPS connections. Basically, for all the traffic going inside and outside the company, you use a security firewall, and this endpoint solution is actually a firewall solution or security solution that is distributed. So, all the traffic coming from and going into the end-user device is basically submitted for scanning. If you download an ISO on a website or an email, everything is scanned for security to check whether it contains any malicious data. 

We are using Microsoft Defender for Endpoint Plan 2, which is the enterprise version of Microsoft Defender for Endpoint. We are using the most recent version of it.

We deploy it via Intune. The feature is called Microsoft Intune Autopilot. We have a hardware hash. A colleague of mine prepares the configuration and then based on the hardware hash and Autopilot, the devices are completely installed and joined to Azure AD and then to our enterprise. Intune is a Microsoft device management platform that comes with Microsoft solutions. When you buy a new device, based on the hardware hash, it can automatically find that device through Autopilot and do the specific deployment for your company. So, the users can use any type of device, start it, and then it will automatically be joined to our environment.

It is a completely integrated platform with advanced threat analysis, SIEM features, updated inventory, and so on. It is an all-in-one solution. Microsoft is taking over lots of companies to provide more and better services to its clients. This is one of the best solutions around at the moment.

It protects our organization from all kinds of attacks, such as ransomware attacks and any malware downloads. It is like an oracle who knows everything about:

• What is around at the moment?
• From where the attacks are coming?
• What is currently going on security-wise?

It knows about all the software that you have installed on the laptop, and whether they are not patched or have security issues. It covers everything you want from your security platform.

It is a very advanced system based on AI. It has a very large database of places or sites on the internet where you should not go. It is continuously online. 

It is completely self-sufficient. You don't have to install anything. It is completely integrated into the operating system, and it also has a centralized information dashboard where you can immediately see:

• Are all your devices up to date?
• Are there any threats?
• Are the devices having problems with updates?
• Are they infected with anything?
• Was something blocked?

You can immediately see what is going on in your enterprise, in different networks, and also in people's homes in terms of endpoint security.

It is a zero-trust platform, and it integrates with all types of enterprise services that we run. It also integrates with the Office 365 environment where you can securely connect from anywhere.

It makes your Surface devices hot. It is resource-intensive. It strains your CPU, not more than other file scanners around, but it also does a lot more. When you are transmitting files or data, it is continuously scanning the traffic and analyzing it bit by bit to see what's going on, and that, of course, is costly in terms of CPU. It is CPU intensive, and if you are on battery, it drains your battery fast. That's the only drawback that it has.

They're continuously improving it. You can compare it with Teams. About a year ago, the codex and the presentation of the Teams application were not very well optimized, and if you were using the Teams application, it used to drain your battery. It still drains your battery, but they have improved it a lot, and it is a lot less CPU intensive after one year. They're working on Defender for Endpoint to make it less CPU intensive.

We have been using Microsoft Defender for Endpoint for more than six months.

Its stability is quite good, especially with Windows 11, which is a very stable operating system. Of course, you can run into some issues. We have some issues with docking stations for Surface and screens, but generally, the operating system together with the endpoint security solution is very stable.

It is the most scalable solution around. You can create an Azure tenant, and with a script, you can deploy 1,000 user accounts. There is no actual limit to it, so the scalability is infinite.

Their support has improved. They're quite good. I would rate them an eight out of ten.

Positive

It has the easiest setup that I've ever seen. It's completely integrated with Microsoft. When you deploy your machine through Autopilot and Intune and assign the license, everything is done automatically. Of course, you have a lot of possibilities and a lot of freedom for detailed configuration, but out of the box, it comes completely self-sustained. You don't have to do anything. This is one of the easiest solutions that I've seen.

You just apply for the plan in Office 365, and you set up your very basic Autopilot template where you would specify the types of software that have to be installed. For instance, you want Office or other types of software. The very basic template is enough to roll it out fully automatically.

It takes a couple of hours. If you apply for a tenant on Azure, you pay for the licenses, and you can roll out with a click on 200 to 1,000 endpoint devices within the hour. This cloud is really amazing.

We are a small company with a few technical engineers, and we provide services for our clients. We provide all kinds of services such as maintaining endpoints and Azure cloud solutions with virtualized services and SaaS services.

Its implementation is more or less handled by my colleague. I do a little bit of configuration but not so much. My colleague knows about all the technical details. He does the complete installation and the complete central management of policies and templates. However, a basic part with basic software is very quickly implemented. You just create a tenant on microsoft.com, and then you can very easily roll out to as many workstations as you would like the necessary configuration for Defender for Endpoint.

Its price at the moment is very good because you get a lot of value for your money, especially with the subscriptions. If you have the E1, E3, or E5 enterprise subscription, you pay per month per user, and you get almost an infinite number of solutions. If you compare the price to the number of solutions that you get, it is a very good deal. 

I'm only concerned about the future because Microsoft is taking over one company after another. In the end, there will be no alternative and then they can do whatever they like, but for now, in terms of price, Microsoft is one of the best performers.

At the moment, it is one of the best security platforms for endpoint security in the market. It is comparable to SentinelOne in terms of features and functions.

It is part of Microsoft's ecosystem. If you need a reliable and secure work environment, and you are bound by GDPR and other standards where you have to take care of your data and prevent breaches and unauthorized access, it is a great solution. 

The E1, E3, or E5 license contains Defender for Endpoint along with many other solutions. Having just the scanner is not enough these days. You need an overview of your whole environment. You need to make sure that your endpoints are encrypted, they are up to date, and they are correctly using zero-trust relationships for your central services. All these things that you need these days are perfectly implemented in the solutions that Microsoft provides. This is the only way for a company that takes data seriously and has to give a guarantee to customers that data is protected.

It is resource-intensive, but you have to take into account that it is not only a file scanner. It is continuously scanning every connection you make on the internet. It is deeply investigating the data that you transport and the connections that you make. It is scanning your files, and it is scanning your software against all kinds of knowledge bases to identify whether there are vulnerabilities in the software that you use. It is a solution that integrates almost everything. It is doing what a central firewall did before, but it is doing that in a distributed way on your device. So, it does so much more than you expect. If you are providing it to your users, you have to take its CPU consumption into account, and you need to provide sufficient CPU power for this.

I would rate it an eight out of ten.

It's used to improve the security score for the whole system, even if it is the cloud or on-premises version.

The security is very useful.

Its stability is okay.

The solution can scale. 

Technical support has been great.

There's no setup process; a user simply needs to enable it to get started.

We'd like the stability to be better.

I've been using the solution for about two years. 

The solution is stable. There are no bugs or glitches and it doesn't crash or freeze. It's reliable and the performance is good.

The product can scale if a company needs it to.

There's a big number of users on the solution in our company. It's likely more than 400 users. 

We've dealt with support in the past and found them to be very helpful. We're quite satisfied with the level of service. 

I'm also familiar with Trend Micro, which is similar. However, Defender is specific to Microsoft.

The company does use more than one solution as well. 

There's not really an installation process. A user simply needs to enable it. That's all.

We pay a yearly licensing fee.

I'd rate the solution eight out of ten.