Microsoft Defender for Office 365 Reviews

We are using Microsoft Defender for Office 365 primarily for security purposes.

The integration with Office 365 is seamless, and we don't need a large IT team to manage it. It helps in maintaining the basic security functions without additional complexity.

Since we are using the basic version, we find that it covers most of our requirements without needing additional configurations. It’s easy to handle integrations, and we don't need a lot of people in our IT team.

Sometimes, phishing emails manage to pass through the filter, so the system needs to enhance its phishing email detection capabilities. We also need alerting features for abnormal actions like unusual logins or abnormal activities in the mailbox.

We have been using Microsoft Defender for Office 365 for seven to eight years.

Stability is generally good; I would rate it an eight out of ten.

Scalability is also quite good. I would rate it an eight out of ten.

Technical support from Microsoft is reliable and meets our expectations. I would rate it an eight out of ten.

Positive

We chose Microsoft Defender as it integrates easily with our existing Office 365 setup, and we do not need to pay extra for security functions.

The setup was easy and not time-consuming. We didn’t need to set up much as it was integrated with Office 365.

The installation was handled by two engineers in our team.

Since we are using the basic functions, we don't need to invest a lot of money. It does help in cost reduction.

The pricing is reasonable since it comes integrated with our Office 365 license.

In our current situation, we are not considering other vendors for this purpose.

Integration with Office 365 is one of the strongest points. I recommend it for easy handling and less need for additional IT resources.

I'd rate the solution eight out of ten.

I work in the industry where we use Microsoft 365 and its associated products like Office Works, PowerPoint, Excel, and Word.

We use Microsoft Defender to help protect our business areas by integrating it with our existing infrastructure, including Azure, which assists in defending the business areas.

We use Microsoft Defender for its ability to integrate with existing business technologies, which is beneficial for protecting business areas.

Configuration at the mid-level could be improved for the support team.

I have about ten years of experience with Microsoft Defender for Office 365.

The solution is very stable, and Microsoft products have general high availability within the company.

Microsoft 365 meets the needs of the company, which suggests that Microsoft Defender is a scalable solution.

We have a premium contract for Microsoft support, which is rated nine or ten. Although I am not directly involved with their support, clients usually appear satisfied.

Positive

I do not have experience with other email security solutions.

The setup is easy and not difficult.

I do not understand the question regarding return on investment.

I do not know the value of the contracts or the cost compared to competitors.

I have not evaluated other solutions for email security.

Configuration for end users is simple, but improvements can be made in mid-level configurations to make it better for the team.

I'd rate the solution eight out of ten.

As a specialist in SOC, we work closely with multiple customers to cover their IT assets using Microsoft 365 Defender. They have Microsoft Defender for Endpoint deployment, especially for Microsoft 365. We configure the tool to implement the different policies and requirements to cover the email security part and the cloud apps part with the different strategies available on the platform.

After that, we either work directly on the Microsoft 365 portal or configure the sending of the alerts from this portal to Microsoft Sentinel. This will act as a single pane of glass for us to follow the incidents and advise our customers based on that.

One of the best features of the tool is its capability to aggregate insights from different workloads, basically from the Office 365 and endpoints part. With the integration of Microsoft Defender for Identity and Microsoft Entra ID Protection, we will have insights from the identity part. Finally, with the Microsoft Defender for Cloud Apps, we'll also have insights about our cloud apps, either Microsoft 365 cloud apps or third-party cloud apps.

The aggregation of all of these insights into the tool's incident feature will help us have a global vision of the incidents and find multistage attacks at the first steps of the attacks.

Microsoft Defender for Cloud Apps is a very good solution that allows you to use a single port or tool to control everything happening with your organization's different cloud applications.

Configuring the default strategies and policies in Microsoft Defender for Cloud Apps generates a lot of noise and false positives. Also, the documentation does not have many details about that. The bad configuration and lack of good documentation prevent professionals from taking the most advantage of this tool.

One of the big problems that some customers face is that Microsoft always changes its products' names. For example, four to six months ago, Microsoft Defender for Office 365 was renamed Microsoft Defender XDR. Microsoft comes up with a new name for the tool every one or two years, which sometimes is hard for customers to follow.

Microsoft should improve some integrations in the Microsoft Defender for Cloud Apps sub-category. With a specific configuration to Microsoft Defender for Endpoint, we can get logs and insights from network devices and other workloads on our system.

I have been using Microsoft Defender for Office 365 for two years.

I rate the solution an eight or nine out of ten for stability.

We configure the tool for different clients, and thousands of people work with the solution. The tool scales out very well and can cover and monitor devices and users ranging from a few hundred to thousands without any problem. Our clients for Microsoft Defender for Office 365 are medium and small businesses. Microsoft Defender for Office 365 is a scalable solution. There are no issues with the solution's scalability or latency.

I rate the solution's scalability ten out of ten.

The technical support for the solution is very good, and I didn't face any issues with it.

Positive

I have previously used CrowdStrike Falcon. Microsoft Defender for Office 365 and CrowdStrike Falcon are both great tools. Each has its advantages and disadvantages. In my opinion, CrowdStrike is more mature in the endpoint and classic antivirus parts. On the other hand, Microsoft Defender for Office 365 is more mature regarding identity and Office 365.

For artificial intelligence integration, Microsoft 365 Defender is far ahead of others with the integration of CoPilot within the portal. This feature that helps analysts reduce time to analyze and respond to incidents does not exist in CrowdStrike.

The solution's initial setup is very straightforward. You have to go to the portal and click on the incident icon, and the tool will automatically start configuring itself. After that, the integration of the endpoints depends on your workload. For example, 1,000 devices will take much longer than two or three devices.

Automation tools are available within the platform to help us automatically deploy the sensors on different workloads that we will need to cover with this tool. The solution's initial configuration and deployment are very straightforward. A lot of videos and documentation are available for the same.

The initial configuration and deployment of the tool for a specific tenant takes five to ten minutes. After that, it depends on what you want to do. You can implement specific strategies today. Based on the evolution of threats, you will need to configure different things tomorrow.

We tried to solve a lot of issues by implementing the solution. The solution helps us detect problems related to the endpoints, like the detection of suspicious processes or suspicious installation of suspicious software. We will raise an alert, and it will show us a graph of the different entities included in the incident, including users, computers, or endpoints.

If it is related to email, it will show us the initial email and different insights about the incident. We'll go through those alerts and try to check them manually. Sometimes, the tool detects suspicious emails for some incidents and automatically quarantines them.

After that, we, as analysts, will do the manual review. If we find an action suspicious, we use the tool to blocklist the domain that has sent the email. If we find that it's a false positive, we will reject this automatic action by the XDR, and the email will be delivered to the end user.

Unified identity and access management is a new feature on the Microsoft 365 Defender portal. It's all about having a single pane of glass to give you insights into the different identities available on your tenant. Those identities are either on-premises, cloud-based, or synchronized between the on-premises and cloud-based workloads.

The solution's security covers more than just Microsoft technologies. Microsoft Defender for Endpoint and Microsoft Defender for Cloud Apps have a specific configuration to get insights from third-party cloud applications or from within the Microsoft Defender for Endpoint sensors. We can also get logs and insights from other network devices present in our perimeter, like routers, switches, or firewalls. All those insights will help us gain some visibility into our security posture.

The product has gone through a lot of improvements, especially in the last few moments. It will be like a SOC unified platform with the integration of the Microsoft Sentinel tool within the Microsoft 365 Defender portal. This tool is available to cover all the perimeters. Even third-party solutions and workloads that do not have any security tools from where we can get insights, we can directly use something else to install the low connectors and get visibility about those.

Also, the most significant evolution is the integration of artificial intelligence with Microsoft Copilot for security. This is also a big added value that will help analysts investigate and minimize the meantime needed to respond to advanced threats.

The solution stops the lateral movement of advanced attacks, like ransomware or business email compromise, in a good way. Specific measures and configurations are implemented within the tool that will help us detect advanced attacks in the early stages. We can set configurations for business email compromise.

With the help of artificial intelligence, we'll get insights about emails that may be starting a business email compromise based on specific keywords. It's the same for ransomware and other advanced attacks.

The solution's integration into a company will help it be more resilient to cyber attacks. It will help the company prepare for attacks at an early stage and respond quickly, which will help it be more secure.

Being an XDR, the solution has detection and response capabilities. With adequate configuration, we can configure the required measures to stop or at least quarantine attacks and isolate the assets involved with the attacks in the early stage upon detection. After that, the manual site comes into the picture, and we do the manual review. Based on our review and feedback, the tool will learn from us and behave better in the next similar incident.

I saw a demo about the solution's multi-tenant management feature, and it's a very good feature. It will help big companies with multiple tenants and MSSPs that deal with multiple tenants for users. It will help them to work with multiple tenants by flipping a switch.

I'm a big fan of the solution. Having a Microsoft E5 license will help you to cover all the different types of security, including the identity, the endpoint, the email, and even the cloud. I'm just an engineer and work with whatever tool the client provides me. I noticed that many customers have a Microsoft E5 license, but they don't know a lot about the capabilities that come with it.

They buy or add other tools from third parties when they have that feature or capability included within the E5 license. Microsoft needs to talk to different customers and show them the capabilities that come with these types of licenses, which cover a lot of features.

The integration of Copilot has helped us a lot in concentrating on a single portal to get different insights. This will help a lot to reduce the meantime to respond to incidents by 50%.

The configuration of the Copilot assistant is very straightforward and doesn't take more than 30 minutes. After that, when the tool automatically detects incidents and you go to the analysis page of a specific incident, you will find an initial analysis of the whole incident by the Copilot security assistant.

You may also interact with it using chat, and it will help you if you haven't understood any specific terms from the initial analysis. It can be configured to automatically respond to specific incidents based on workbooks, which will help us automatically apply the measures to respond to specific incidents for remediation.

Microsoft Defender for Office 365 is a cloud-based solution. Since it's a cloud-based solution, Microsoft does all the maintenance for the tool. We are notified via email if there is a shortage or a problem. The SLAs are usually very good, and I have not noticed any problems in the last two years where we could not access the tool.

I would recommend the solution to other users because it's a very good solution and one of the best XDRs in the world right now. If you go through reviews from Gartner or other companies, you will see that Microsoft Defender for Office 365 is a leader in the XDR market. It has the capability to collect and aggregate insights from different sources, either cloud-based or on-premises.

The integration of artificial intelligence will greatly help final users and security practitioners respond to incidents adequately and efficiently.

Overall, I rate the solution an eight out of ten.

We use Microsoft Defender for Office 365 for our endpoint security.

Microsoft Defender for Office 365's visibility is good.

Microsoft Defender for Office 365 helps prioritize threats across our enterprise by using an endpoint.

Integrating with other Microsoft solutions is generally straightforward, as everything can be managed from a single console. However, there are some cases where the integration process can be complex, such as when it requires accessing a different dashboard. Overall, the benefits of managing multiple Microsoft solutions from a single place outweigh the occasional complexity of integration.

Our solutions work together natively to provide coordinated detection and response across our entire environment. This coordinated detection provides high-quality results because it is easy to check emails and endpoints for threats. We chose to bundle the solutions because of their ability to integrate.

Coordination and integration are essential in cybersecurity because there are many resources to monitor. The ability to coordinate and integrate from a single source makes it easier and helps to eliminate the need for multiple products.

Microsoft Defender for Office 365 has improved our security posture, especially around email. It integrates easily with our other Microsoft solutions and provides good visibility into our systems.

Microsoft Defender for Office 365 helps automate routine tasks.

Automation allows us to focus our resources on critical issues instead of the standard security tasks that can be automated.

Microsoft Defender for Office 365 saved our organization time.

Microsoft Defender for Office 365 increased our productivity, which resulted in cost savings.

Microsoft Defender for Office 365 helped decrease our time for detection and response. 

Microsoft Defender for Office 365's most valuable feature is its performance.

The ransomware protection is good.

Microsoft Defender for Office 365 is a comprehensive security solution, but it could be improved. Compared to other solutions, Microsoft Defender for Office 365's security reports are not as detailed and the visibility into our network coverage could be better.

The IOC scanning has room for improvement.

The XDR dashboard has room for improvement. The dashboard needs more of a single pane of glass because currently, Microsoft Defender for Office 365 does not give me any options to scan an email thread or attachment for IOCs on my endpoint. I need to manually download the file from the email and then scan it with Microsoft Defender for Office 365. I think Microsoft Defender for Office 365 should be able to scan email threads and attachments directly, without the need for manual intervention.

Secondly, the Data Loss Prevention functionality in Microsoft Defender for Office 365 is very limited. It can only scan for certain types of data. Microsoft Defender for Office 365 should be able to scan for a wider variety of data types, such as customer lists and intellectual property.

Attack process management and breach attack simulation should be included in Microsoft Defender for Office 365.

I have been using Microsoft Defender for Office 365 for six years.

Microsoft Defender for Office 365 is stable.

Microsoft Defender for Office 365 is scalable.

Technical support is generally helpful, but we often need to escalate tickets to resolve issues.

Neutral

I previously used Kaspersky Security for Mail Server, Trend Micro Email Security, CrowdStrike, and Mandiant. However, my organization now uses Microsoft Defender for Office 365. This is because we are a Microsoft customer and it makes sense in terms of cost and integration.

We have seen a return on investment using Microsoft Defender for Office 365.

Compared to other brands, Microsoft Defender for Office 365's pricing is competitive.

I give Microsoft Defender for Office 365 an eight out of ten.

The maintenance is seamless.

A single-vendor approach is better than a best-of-breed approach because it provides a more integrated and seamless solution. This means that there is no need to worry about compatibility issues or data silos and the overall security posture is better.

Microsoft works hard to provide customers with a single pane of glass so they can easily manage, scale, and maintain their solutions. I recommend Microsoft Defender for Office 365.

The benefit that stands out to me is the ability for multiple individuals to collaborate simultaneously within the same document. Additionally, there is the option to save the document directly in the integrated OneDrive or SharePoint. 

Microsoft Defender for Office 365 should improve the troubleshooting tools. It's unclear whether the device is blocked at the firewall level or at the device itself. The granularity needed for troubleshooting is currently lacking.

From my perspective, Microsoft should address this issue to benefit many users who likely share the same sentiment.

I have been using the product for three years. 

Microsoft Defender for Office 365 is stable. 

You can scale up as you pay. 

Evaluating Microsoft support can be a bit mixed. Sometimes, it's good, but not so much. The initial contact is typically with the help desk. When I call, I usually need someone at a higher level, maybe level three, to assist with more complex problems. The challenge is that it can take up to two weeks to resolve issues, and my main complaint is the waiting times and the basic nature of level-one support. Getting to the expert who can fix the problem often takes a couple of weeks.

Neutral

My clients used Norton and McAfee before Microsoft Defender for Office 365. It makes sense in the long term, especially when many clients already have Microsoft 365 in their licenses. Paying more to get the security features with Microsoft instead of additional licensing costs with a different company is a practical choice. It seems to be mainly about saving money.

The tool's deployment is not straightforward. However, it has good documentation. 

The solution is good but not cheap. It offers a big ecosystem where you can manage everything from one place. 

Integrating identity and access management into Microsoft 365 Defender is important for my customers and me. The ability to centrally manage these aspects within the platform is highly valuable. Rather than navigating through numerous consoles to verify various aspects, having almost everything in a single location saves time. This integrated approach streamlines operations and reduces the complexity of learning and managing different products.

Nowadays, everyone uses not just Microsoft products but also third-party ones. It would be good if Microsoft could make its security tools work with all kinds of software. Nowadays, there are so many cyber attacks and security threats. Having one product that can handle and manage all these threats across the board is beneficial.

We have stopped using Trend Micro in a couple of places. I am not sure if it was due to cost or pricing. 

The product is more convenient to manage, and it saves time. Instead of navigating through different controls, having everything in one place allows the security team to take action on threats or issues.

I rate the product a nine out of ten. I have used it for security and compliance. In my experience, they're doing quite well; it's a good product. If people are considering Microsoft products, I would say, why not? It's just that support during implementation could be better sometimes. However, it's a good product with frequent updates. 

It allows us to effectively detect and manage malicious URLs within emails. This proactive approach allows your team to identify and resolve security incidents promptly. We optimize our security by incorporating Microsoft's IOCs into both Defender for Office 365 and endpoint protection. This integration prevents our devices from accessing known threats, saving significant time weekly. Centralized management of threat indicators proves highly efficient, potentially saving hours. This comprehensive strategy enhances our proactive security measures across our systems.

When dealing with a large volume of emails, whether received or sent by users, Defender solutions, particularly Threat Explorer, prove to be highly effective. In instances where users may have inadvertently interacted with potentially harmful emails, it enables me to isolate and analyze these emails by placing them in a secure sandbox environment. This insight is crucial for addressing incidents promptly and collaboratively, fostering a cooperative approach to resolving potential security issues within the organization. In Defender 365, we've implemented a dual-pronged approach for automating tasks and managing security incidents. When alerts like a user clicking on a malicious URL occur, data is directed to Sentinel or Log Analytics. A logic app is then employed to analyze the user's actions using Defender for Endpoint, tracking device activities, and making informed decisions. This integrated system enables us to swiftly identify, analyze, and respond to security incidents, enhancing our ability to manage and mitigate potential threats effectively. It has significantly reduced our time to detect and respond to security incidents. While I don't have an exact figure, the impact has been substantial. By consolidating multiple solutions into logic apps and gaining visibility, we can now respond much more efficiently than before. Without this integrated approach, lacking visibility hampers our ability to identify and address potential threats promptly.

Threat Explorer is an invaluable tool for me, and it plays a crucial role in helping me discern the origins of various email campaigns, pinpointing where they emanate from, and identifying the individuals within our organization who are affected. The convenience of having a centralized location for extracting comprehensive data is particularly noteworthy. With Threat Explorer, I can efficiently manage and mitigate the impact of these campaigns by removing problematic emails from mailboxes, all in one centralized location, eliminating the need to navigate through multiple areas. Effectively prioritizing threats across our enterprise is crucial for us, given that the primary avenue of attack is often through phishing emails. By having robust protection in place, we're able to significantly mitigate this prevalent threat, essentially clearing a major portion of the cybersecurity landscape.

There's room for improvement regarding the time frame for retrieving emails. Currently, the limitation allows users to go back only thirty days when pulling emails or conducting related actions. Enhancing this capability to extend the timeframe, perhaps to sixty or ninety days, would be beneficial.

I have been working with it for three years.

It has been reliable. I haven't encountered any instances of downtime or significant bugs; occasionally, signing out and back in resolves minor issues.

In terms of scalability, our institution has expanded with more students and staff, and we haven't experienced any performance issues with Defender for Office 365. It has proven to be effective and adaptable to the growth of our organization. We currently have approximately four thousand staff members.

The support team, not only for Defender for Office 365 but for any issues I've encountered, has been exceptional. Whether reaching out through email or submitting a support ticket, I typically receive a callback within hours. I've never personally faced any challenges in contacting Microsoft support—they've consistently been prompt and responsive. The account managers, or whatever they're officially called, have been quick to answer and address any inquiries, making the support experience highly satisfactory. I would rate it ten out of ten.

Positive

I would highly recommend it as it offers numerous features that can significantly enhance your security posture. Overall, I would rate it ten out of ten.

We use Microsoft Defender for Office 365 for protection. 

Microsoft Defender for Office 365 has improved my organization's security. It makes it easier to manage the infrastructure without the help of third-party applications. 

The product helped us maintain collaboration and communication during the pandemic with the help of Teams. 

Microsoft Defender for Office 365 must improve the overall management style, including the GUI. It also needs to change the filters so that it is easy to whitelist and blacklist data. 

I have been using the product for six years. 

The product is stable. I rate it a ten out of ten. 

Microsoft Defender for Office 365 is scalable. I rate it a ten out of ten. 

The tool's support is good. 

Positive

Microsoft Defender for Office 365 is expensive but does what it says. 

Microsoft Defender for Office 365 is efficient and picks up threats before they pass on to the systems. 

The tool's automation has made us more efficient in our daily tasks. 

The solution saves much time since you don't have to reimage the computer after an attack. 

We use Defender for Office for its five core features: anti-phishing, malware, link scanning, attachment scanning, and anti-spam.

We switched from Mimecast to Defender, and it's been a massive difference. Mimecast is convoluted, obtuse, and frustrating. That's not the case for Microsoft 365. Mimecast has more false positives, and the link-scanning feature requires you to authenticate devices every time you use the solution, which is untenable if you're on your phone. It's just not possible. 

If you're trying to look up a PDF that somebody sent, and a safe link is embedded in that, Mimecast and Microsoft write it into the "send" box. However, Microsoft is much better because you are already authenticated, so you don't need to re-authenticate again. Mimecast makes you reauthenticate every time.

It gives us one admin portal to see the things we need, which has made life for my admin team easier. I estimate it saves us about an hour or two a week. It saves the clients money because my team spends fewer hours doing tasks each week. 

The most valuable feature is protection against malicious links, fishing, and impersonation. You can train people to be aware of these threats, but they're not always careful. When they're using their phones between meetings, they click on a link, and it's game over. 

Impersonation detection is also crucial because attackers are increasingly advanced. They keep changing their tactics and adapting. People are getting emails with display names that look like people from their organization. SDF records, DMARC, and all that stuff don't always work because people often ignore email addresses. We have also used the phishing simulation component. That's pretty good.

The only thing they should improve is the licensing model. They should stop changing it. A year ago, the five features I mentioned were included in one product. Now, three of them are bundled into one product, and you have to pay extra for the other two. I don't mind paying extra, but I don't want them to change it every year or every six months. I need to know what I'm looking at and not worry about it next year.

I've used Defender in production for about a year.

Defender is stable. 

The number of users isn't significant, so I'm not worried about scalability.

Deploying Defender is a two-person job. You don't have to do much to maintain it per se. You occasionally get tickets from users who expected an email that got quarantined. You need to pay attention to that. You'll get access when you get a false positive, and you need one help desk person to look into it. There's no maintenance outside of that. 

Defender is cheaper than Mimecast in the long run, so there are savings, if not a return. It's like proving a negative. We haven't been hacked, so I don't know if that's worth anything.

The price is reasonable. 

I rate Defender for Office 365 a nine out of ten. If you could find a better solution than Defender, I would take a look. I originally went with Mimecast because they seemed to have a better product, but that's no longer true. Microsoft Defender is better than Mimecast. I used Mimecast for four years before switching. It used to be better, but now it isn't. You go with the best. Diversifying it is not helpful. Microsoft is finally doing a good job doing this email protection, they didn't do well in the past, but now they are.