Microsoft Defender for Office 365 Reviews

I use Microsoft Defender for Office 365 for various compliance tasks. For example, I can use it for eDiscovery to search mailbox content. Just today, a manager requested all emails for a departing user who no longer had an active license. Using Defender's content search feature, I exported the user's entire mailbox as a PST file for the manager to import into Outlook. Beyond eDiscovery, Defender also helps us monitor compliance and security scores, manage quarantine emails, investigate phishing alerts, and configure data classification, labeling, anti-spam, and anti-malware policies.

Before using Microsoft Defender for Office 365, we were plagued by phishing and ransomware emails, especially for our board members. To combat this, we implemented a Defender policy that triggers alerts for emails containing keywords like "bank account" or "credit card details." Additionally, a policy tip and disclaimer appear in user mailboxes for such emails. This disclaimer clarifies the email's external origin and allows users to move it directly to junk with a single click. Simultaneously, an alert goes to the administrator, who investigates the email: if legitimate, it's released, otherwise it's blocked.

Our organization operates a single, hybrid tenant environment with a mix of on-premises and cloud-based mailboxes, with the majority residing in the cloud. This small, non-multi-tenant setup supports approximately 2,000 users.

While Microsoft Defender for Office 365 integrates with third-party solutions, our organization prioritizes Microsoft technologies for security. We only integrate external tools with explicit management approval. This focus extends to data backup. Even though Office 365 is a cloud service, we recently purchased Barracuda, a tool that seamlessly integrates with Office 365 for data backup.

Prior to my arrival, our organization lacked a dedicated Office 365/Microsoft 365 security specialist, with IT admins relying on web searches for configuration. Upon identifying vulnerabilities, I implemented Microsoft Defender and other security measures. Our compliance score, which was around 30 percent a year and a half ago, now consistently ranges from 75 to 85 percent, thanks in large part to Microsoft Defender for Office 365.

Microsoft Defender for Office 365 helps prevent advanced attacks like business email compromise by stopping lateral movement within the network. It also includes data loss prevention features, where our custom policies have helped block malicious emails, ransomware, and spam before they ever reach our servers. While not perfect, Microsoft Defender has significantly improved our email security, offering around 80 to 90 percent effectiveness, which we're quite happy with.

Microsoft Defender for Office 365 has significantly improved our security team's efficiency. The comprehensive security analytics dashboard provides insightful information on threats, including the number of phishing attempts and attacks on our servers. This data can be easily exported for clear reporting to management. Overall, Microsoft Defender for Office 365 saves us time and simplifies security analysis presentations.

Our long-established organization has faced recent economic downturns, leading to employee departures. Managers frequently request departing users' SharePoint data, Mailboxes including PST files, and other associated information. So the most valuable feature of Microsoft Defender for Office 365 is data backups that we can provide through ticket requests.

Microsoft Defender for Office 365's Mac functionality requires improvement to deliver the same level of protection found on Windows devices.

I have been using Microsoft Defender for Office 365 for two years.

I would rate the stability of Microsoft Defender for Office 365 nine out of ten.

Microsoft Defender for Office 365 is highly scalable.

I've found that Microsoft's third-party support teams are slow to resolve issues. While they do eventually fix the problem, it can take a week for issues that should only take a day or two. In contrast, Microsoft employees can typically resolve issues within two days.

Neutral

While deploying Microsoft Defender for Office 365 in my previous organization with multiple tenants was complex, the current single-tenant setup was easy.

We had a team of four involved in the deployment. Two were in the United States and Belgium and two were in India. 

The implementation was completed in-house.

While Microsoft Defender for Office 365 necessitates pricier E3 or E5 subscriptions, the extensive functionality offered by these licenses across various Microsoft products justifies the investment.

I would rate Microsoft Defender for Office 365 eight out of ten.

Microsoft Defender for Office 365 is deployed in multiple regions in India, China, Belgium, Italy, and the United States.

So far, no maintenance has been required yet, but we regularly check Microsoft's security advisories and discuss them in our scrum meetings. If an advisory requires action, we'll address it accordingly.

I would recommend Microsoft Defender for Office 365 to others.

With over ten years of experience using Microsoft 365 and Microsoft 365 Defender exclusively, I've successfully implemented it at multiple companies. While the upfront cost may seem high, it delivers value based on your infrastructure size. Overall, Microsoft Defender is an excellent security product for any environment, regardless of size.

Over 4,000 employees across my organization use all of the products under Office 365, as it is super pervasive. Everybody uses them every day in my organization. My organization is a manufacturing company, where Office 365 has become a daily necessity.

I am a little biased towards Microsoft Teams because it is what I use and helps me pay my bills. In Microsoft Teams, file-sharing options and ease of collaboration or meetings allow for quick collaborations and chats.

I work in my company's IT department, so I use all of the products under Office 365 daily, including Microsoft Word, Microsoft PowerPoint, Microsoft Teams, and all the other components in the product. My company can't make it through a day or go by without using the products offered under Office 365. Some of our manufacturing workers may use Office 365 a lot less, but it is still necessary for things like Microsoft Outlook and Exchange.

I found Microsoft Teams to be the most valuable feature of the solution, along with all of the products and features offered under Office 365. My organization has remote workers, and we can't run the company without meetings organized with the help of Microsoft Teams.

It seems like Microsoft has begun to roll out products before they are fully baked. Microsoft wants its well-paying customers to finish testing some of its half-baked products, find bugs, and report bugs back to Microsoft's team, which is a little frustrating for those who have to manage it and roll it up to thousands of people across the organization. I would say that Microsoft should release or launch better or fully baked products before going ahead with the GA phase.

I use Office 365 in my company as we have an enterprise contract with Microsoft from 2020 that ends in 2025, but it may get extended.

It is tough to speak about the stability-related area of the solution, especially considering that the newly released Microsoft Teams is not so great. The classic version of Microsoft Teams was relatively stable compared to its new version, but in our company, we faced some challenges with network performance. I don't know if there were any network performance issues at our end, with the ISPs, or at Microsoft's end, making it tough to pin it down.

The product's scalability is good.

Microsoft's support was great during the rollout period, especially since it was the product's operational phase. Microsoft's support team has scaled back, so my company has Microsoft365DSC for Microsoft Teams specifically. My company sometimes struggles with getting direct answers and real insights from Microsoft's support team, especially when we need a higher level of insight while no super technical questions need to be answered, leading to some frustrations.

I rate the technical support a seven out of ten.

Neutral

I was involved in the deployment of Microsoft Teams but not the rest of Office 365. Nowadays, everything is complex, but the deployment of Microsoft Teams was pretty straightforward since my company got a lot of help from Microsoft directly.

My company received direct help from Microsoft during our organization's deployment phase of Microsoft Teams.

I have seen a return on investment from the use of the product. With the product in place, my company no longer needs to rely on paper and pen in many ways, which has helped us save time, energy, effort, and money while ensuring an increase in productivity.

I know that the product is incredibly expensive. I know that my company has high expectations from Microsoft because of the high cost. I also know that Microsoft delivers tremendous value for our company in terms of productivity and collaboration. With Copilot coming along, the value Microsoft provides to my company will be even higher than what it was previously, owing to the productivity gain and the reformulation of how we work because of AI.

I believe that my organization will get ready to start looking into other solutions in the market because our contract with Microsoft will come to an end in 2025. I think that the evaluation process will be something that is on the horizon next year. My company may evaluate all of the available options in the market against Microsoft.

Unfortunately, I can't speak much about the visibility into threats that Microsoft's security solution provides.

I am unsure if the solution helps our organization prioritize threats across our enterprise, but I think it does. I get to leave the security part to be handled by the smart security personnel in my company.

I believe that Microsoft's security solution helps automate routine tasks and routine finding of high-value alerts. It is not my area of expertise, but the security team in my company seems to be pretty happy with the vendor.

I think the solution's threat intelligence helps my company prepare for potential threats before they hit us and helps us take some active steps.

I know that my company's security team is very aware of what Microsoft does, especially with Microsoft Defender and its related products. My company's security team is better equipped to stay at the front of any curve. My company's security team had approached me to speak about Microsoft Teams and asked me to tweak certain settings based on industry standards and the developments Microsoft has been coming forward with lately. The aforementioned aspects explain how threat intelligence affected my company's security operations.

Microsoft's security solution has helped my company save a lot of time, as we believe in being more proactive than cleaning up the mess at a later stage.

I am sure that the product helps my company save money, especially since it aids us in finding threats before they actually become a reality. Probably, my company saves millions in terms of money since we don't have to clean up any mess as the product has already prevented it.

I believe that the solution has helped my organization decrease the time to detect and respond to threats, but I can't explain how or how much.

I would suggest that others who plan to use it just find the right contact within Microsoft, work very closely with them, and lean on them as much as needed.

I rate the overall tool an eight out of ten.

365 Defender is a critical tool for mitigating attacks and preventing threats. We use it for email filtering and blocking phishing attacks throughout the entire enterprise. We have around 1,500 users. 

365 Defender has improved our security across multiple categories. It's effective against advanced attacks like phishing and ransomware. Defender's attack disruption works well if you have a strong policy configuration. It will automatically block threats and filter them in most cases without the need to investigate. It will remedy the threat immediately. 

The automated response reduces the manual work, saving our security team time. I would estimate it saves about six hours per day. 

Defender is a SaaS platform, so it offers more flexibility. Managing the permissions is easier. The solution's automated detection and response features are scalable. It's a unified solution that doesn't just cover Microsoft products. We're a multi-cloud shop, and having that coverage is critical. It also includes the latest IAM features like two-factor and multifactor authentication, giving us the most robust solution.

You should be able to deploy Defender for every subscription without the need to add servers. 

I have used 365 Defender for almost six years

I rate Microsoft 365 Defender nine out of 10 for stability.

I rate Microsoft 365 Defender nine out of 10 for scalability.

I rate Microsoft support nine out of 10. Their support is excellent. 

Positive

We migrated to 365 Defender from a McAfee solution.

365 Defender is a cloud-based solution deployed on Azure. You can set it up in two days with some help from Microsoft support using two people.

365 Defender is worth what we paid for it. 

I rate Microsoft 365 Defender nine out of 10. It's the most economical product you can buy, offering a range of features for safeguarding your enterprise. 

As a specialist in SOC, we work closely with multiple customers to cover their IT assets using Microsoft 365 Defender. They have Microsoft Defender for Endpoint deployment, especially for Microsoft 365. We configure the tool to implement the different policies and requirements to cover the email security part and the cloud apps part with the different strategies available on the platform.

After that, we either work directly on the Microsoft 365 portal or configure the sending of the alerts from this portal to Microsoft Sentinel. This will act as a single pane of glass for us to follow the incidents and advise our customers based on that.

One of the best features of the tool is its capability to aggregate insights from different workloads, basically from the Office 365 and endpoints part. With the integration of Microsoft Defender for Identity and Microsoft Entra ID Protection, we will have insights from the identity part. Finally, with the Microsoft Defender for Cloud Apps, we'll also have insights about our cloud apps, either Microsoft 365 cloud apps or third-party cloud apps.

The aggregation of all of these insights into the tool's incident feature will help us have a global vision of the incidents and find multistage attacks at the first steps of the attacks.

Microsoft Defender for Cloud Apps is a very good solution that allows you to use a single port or tool to control everything happening with your organization's different cloud applications.

Configuring the default strategies and policies in Microsoft Defender for Cloud Apps generates a lot of noise and false positives. Also, the documentation does not have many details about that. The bad configuration and lack of good documentation prevent professionals from taking the most advantage of this tool.

One of the big problems that some customers face is that Microsoft always changes its products' names. For example, four to six months ago, Microsoft Defender for Office 365 was renamed Microsoft Defender XDR. Microsoft comes up with a new name for the tool every one or two years, which sometimes is hard for customers to follow.

Microsoft should improve some integrations in the Microsoft Defender for Cloud Apps sub-category. With a specific configuration to Microsoft Defender for Endpoint, we can get logs and insights from network devices and other workloads on our system.

I have been using Microsoft Defender for Office 365 for two years.

I rate the solution an eight or nine out of ten for stability.

We configure the tool for different clients, and thousands of people work with the solution. The tool scales out very well and can cover and monitor devices and users ranging from a few hundred to thousands without any problem. Our clients for Microsoft Defender for Office 365 are medium and small businesses. Microsoft Defender for Office 365 is a scalable solution. There are no issues with the solution's scalability or latency.

I rate the solution's scalability ten out of ten.

The technical support for the solution is very good, and I didn't face any issues with it.

Positive

I have previously used CrowdStrike Falcon. Microsoft Defender for Office 365 and CrowdStrike Falcon are both great tools. Each has its advantages and disadvantages. In my opinion, CrowdStrike is more mature in the endpoint and classic antivirus parts. On the other hand, Microsoft Defender for Office 365 is more mature regarding identity and Office 365.

For artificial intelligence integration, Microsoft 365 Defender is far ahead of others with the integration of CoPilot within the portal. This feature that helps analysts reduce time to analyze and respond to incidents does not exist in CrowdStrike.

The solution's initial setup is very straightforward. You have to go to the portal and click on the incident icon, and the tool will automatically start configuring itself. After that, the integration of the endpoints depends on your workload. For example, 1,000 devices will take much longer than two or three devices.

Automation tools are available within the platform to help us automatically deploy the sensors on different workloads that we will need to cover with this tool. The solution's initial configuration and deployment are very straightforward. A lot of videos and documentation are available for the same.

The initial configuration and deployment of the tool for a specific tenant takes five to ten minutes. After that, it depends on what you want to do. You can implement specific strategies today. Based on the evolution of threats, you will need to configure different things tomorrow.

We tried to solve a lot of issues by implementing the solution. The solution helps us detect problems related to the endpoints, like the detection of suspicious processes or suspicious installation of suspicious software. We will raise an alert, and it will show us a graph of the different entities included in the incident, including users, computers, or endpoints.

If it is related to email, it will show us the initial email and different insights about the incident. We'll go through those alerts and try to check them manually. Sometimes, the tool detects suspicious emails for some incidents and automatically quarantines them.

After that, we, as analysts, will do the manual review. If we find an action suspicious, we use the tool to blocklist the domain that has sent the email. If we find that it's a false positive, we will reject this automatic action by the XDR, and the email will be delivered to the end user.

Unified identity and access management is a new feature on the Microsoft 365 Defender portal. It's all about having a single pane of glass to give you insights into the different identities available on your tenant. Those identities are either on-premises, cloud-based, or synchronized between the on-premises and cloud-based workloads.

The solution's security covers more than just Microsoft technologies. Microsoft Defender for Endpoint and Microsoft Defender for Cloud Apps have a specific configuration to get insights from third-party cloud applications or from within the Microsoft Defender for Endpoint sensors. We can also get logs and insights from other network devices present in our perimeter, like routers, switches, or firewalls. All those insights will help us gain some visibility into our security posture.

The product has gone through a lot of improvements, especially in the last few moments. It will be like a SOC unified platform with the integration of the Microsoft Sentinel tool within the Microsoft 365 Defender portal. This tool is available to cover all the perimeters. Even third-party solutions and workloads that do not have any security tools from where we can get insights, we can directly use something else to install the low connectors and get visibility about those.

Also, the most significant evolution is the integration of artificial intelligence with Microsoft Copilot for security. This is also a big added value that will help analysts investigate and minimize the meantime needed to respond to advanced threats.

The solution stops the lateral movement of advanced attacks, like ransomware or business email compromise, in a good way. Specific measures and configurations are implemented within the tool that will help us detect advanced attacks in the early stages. We can set configurations for business email compromise.

With the help of artificial intelligence, we'll get insights about emails that may be starting a business email compromise based on specific keywords. It's the same for ransomware and other advanced attacks.

The solution's integration into a company will help it be more resilient to cyber attacks. It will help the company prepare for attacks at an early stage and respond quickly, which will help it be more secure.

Being an XDR, the solution has detection and response capabilities. With adequate configuration, we can configure the required measures to stop or at least quarantine attacks and isolate the assets involved with the attacks in the early stage upon detection. After that, the manual site comes into the picture, and we do the manual review. Based on our review and feedback, the tool will learn from us and behave better in the next similar incident.

I saw a demo about the solution's multi-tenant management feature, and it's a very good feature. It will help big companies with multiple tenants and MSSPs that deal with multiple tenants for users. It will help them to work with multiple tenants by flipping a switch.

I'm a big fan of the solution. Having a Microsoft E5 license will help you to cover all the different types of security, including the identity, the endpoint, the email, and even the cloud. I'm just an engineer and work with whatever tool the client provides me. I noticed that many customers have a Microsoft E5 license, but they don't know a lot about the capabilities that come with it.

They buy or add other tools from third parties when they have that feature or capability included within the E5 license. Microsoft needs to talk to different customers and show them the capabilities that come with these types of licenses, which cover a lot of features.

The integration of Copilot has helped us a lot in concentrating on a single portal to get different insights. This will help a lot to reduce the meantime to respond to incidents by 50%.

The configuration of the Copilot assistant is very straightforward and doesn't take more than 30 minutes. After that, when the tool automatically detects incidents and you go to the analysis page of a specific incident, you will find an initial analysis of the whole incident by the Copilot security assistant.

You may also interact with it using chat, and it will help you if you haven't understood any specific terms from the initial analysis. It can be configured to automatically respond to specific incidents based on workbooks, which will help us automatically apply the measures to respond to specific incidents for remediation.

Microsoft Defender for Office 365 is a cloud-based solution. Since it's a cloud-based solution, Microsoft does all the maintenance for the tool. We are notified via email if there is a shortage or a problem. The SLAs are usually very good, and I have not noticed any problems in the last two years where we could not access the tool.

I would recommend the solution to other users because it's a very good solution and one of the best XDRs in the world right now. If you go through reviews from Gartner or other companies, you will see that Microsoft Defender for Office 365 is a leader in the XDR market. It has the capability to collect and aggregate insights from different sources, either cloud-based or on-premises.

The integration of artificial intelligence will greatly help final users and security practitioners respond to incidents adequately and efficiently.

Overall, I rate the solution an eight out of ten.

We utilize Microsoft Defender for Office 365 to enhance our email protection.

All of our Office 365 solutions are stored in the cloud. We have recently acquired multiple licenses for Microsoft Defender for Office 365.

We also use DMS. I believe that integration comes out of the box because both products are from Microsoft and I haven't taken any steps to do any integration myself.

The comprehensiveness of DMS and Microsoft Defender for Office 365 has been incredibly helpful, particularly concerning email attachments. They have successfully identified numerous suspicious attachments, some of which were reported. The integration of these two solutions has proven to be extremely beneficial. Additionally, they have been effective in detecting phishing links and untrusted sites in emails on several occasions.

I remember what actually prompted us to switch to using Microsoft Defender for Office 365. We had several people who were not tech-oriented receiving loads of phishing emails, and their credentials were almost compromised. It wasn't just them; we had many other users in the organization facing similar issues. To address this, we conducted a phishing simulation, and unfortunately, a lot of people failed the simulation. After analyzing the situation, we realized the need to provide better training and implement additional security measures in case someone made a mistake or failed to follow proper procedures. That's why we decided to go with Microsoft Defender for Office 365. So far, it has been effective in identifying a lot of threats. Previously, we received several complaints about compromised credentials, mainly due to phishing emails. However, since we started using Microsoft Defender for Office 365, the number of complaints has drastically reduced. Although some people still fail our phishing simulation during in-house tests, externally, Microsoft Defender for Office 365 has proven valuable in filtering out numerous threats. I'm confident that without it, many accounts would have been compromised.

Microsoft Defender eliminates the need for multiple dashboards. When I'm on the Office 365 dashboard, I don't see any reason why I would need to access another dashboard.

Microsoft Defender for Office 365 identifies various threats and notifies us whenever it detects something suspicious. Without Microsoft Defender for Office 365, it would be quite time-consuming. We used to receive numerous complaints about credential tests, but since its deployment, those complaints have drastically reduced. Microsoft Defender for Office 365 has saved me a considerable amount of time.

It indirectly helps our organization reduce costs. We encountered a situation where one of our financial officers had their credentials stolen, and someone attempted to impersonate them, trying to transfer funds to other accounts. However, the system flagged the suspicious activity, and we were able to prevent the unauthorized transfer.

Microsoft Defender for Office 365 improves our ability to detect and respond to threats. It easily identifies all potential threats and promptly notifies us. I can only imagine the consequences if it weren't in place. Numerous suspicious links and attachments might have gone through, resulting in additional work and time spent on finding ways to remediate, resolve, and contain the situation.

The two main features that prove most beneficial for us are URL scanning and attachment scanning.

URL scanning involves an automatic scan of links and emails. When a user clicks on a link within an email, the system promptly checks the link's safety. If the link is deemed safe, access is granted automatically. However, if it is flagged as unsafe, we receive feedback and notification to caution us about the potentially harmful link. At this point, we are presented with the option to proceed or return. I have personally witnessed the system identify a few unsafe links, making this the primary advantage of using the solution.

The second crucial aspect is the scanning of attachments. When an email containing an attachment arrives, we receive a notification of the new email, along with information that the attachment is being scanned for threats. This additional layer of security provides peace of mind for our organization.

While Microsoft Defender for Office 365 offers numerous features, these two stand out as particularly impressive and valuable to us.

Microsoft Defender for Office 365 should be more proactive. As a major global player, Microsoft possesses the platform to gather more information than any other company. Utilizing this information would enable them to make the system much more proactive. It would be sensible for Microsoft Defender for Office 365 to send occasional notifications, acting as advisories on how to prevent the latest threat trends. Similar to a newsletter, these notifications could guide users to take appropriate measures and review their organization's configurations, thereby ensuring maximum security.

I have been using Microsoft Defender for Office 365 for around four years.

Microsoft Defender for Office 365 is extremely stable. I have not seen any downtime.

Microsoft Defender for Office 365 is scalable. We only need to add licenses to include more users.

Eighty percent of the time, the technical support is good. There are occasions when we are redirected, which can be annoying, but for the most part, they are good.

Positive

The initial setup was straightforward. There wasn't much to do for Defender. We simply purchased the licenses and applied them to the users. It was a seamless deployment. As for Office 365, we had a couple of E3 licenses and had to install Office on the users' desktops. That proved to be a tedious task. 

To deploy Microsoft Defender for Office 365, we simply wrote a script to assign licenses to users in bulk. Three people, including myself, handled the deployment.

For small and medium organizations, the pricing might not be affordable. Although Microsoft Defender for Office 365 is a good product; something all organizations should have. However, the question is, can all organizations afford it? For large enterprise organizations, they can definitely afford it, but for small and medium organizations, they might struggle to cover the expenses. 

We also assessed Sophos Email before implementing Microsoft Defender for Office 365. Since we were already using Office 365, we believed it would be a seamless and more effective option to proceed with Microsoft Defender for Office 365.

I would rate Microsoft Defender for Office 365 a seven out of ten. The solution meets my expectations, but I would appreciate information on current threats and an increase in the level of intelligence gathering to be more proactive. It would be helpful to receive information on steps I can take to prevent potential threats, as our organization might be a target based on the threat intelligence it has gathered.

I have had a couple of Microsoft resellers try using Sentinel with my organization. Perhaps it was due to the configuration, but it didn't seem like there was much setup required. Essentially, we weren't able to see as many details as we expected, likely because we already have an in-house sync solution, and we were attempting to integrate Sentinel alongside it. Consequently, we also continued using the other solution. However, what we obtained from Sentinel, didn't provide us with much information compared to our existing solution. This is why we decided not to proceed further with the Proof of Concept for Sentinel. It's possible that the reseller didn't configure something properly, or maybe it didn't demonstrate some of the things it was supposed to. But based on our end-user experience, we didn't receive sufficient information from Sentinel as we do with our current solution. Hence, we made the decision not to move forward with the POC for Sentinel.

It is not advisable to engage with different vendors. This is because there will be instances where issues arise, and a particular vendor may not take responsibility for the problem. Dealing with multiple vendors makes it challenging to accomplish tasks efficiently, as we often find ourselves unsure about which vendor is accountable for each aspect. On the other hand, opting for a single vendor, even if they cannot fulfill all our requirements, is still preferable. This choice allows us to have a clear point of contact when something goes wrong, and the integrations are smoother. Additionally, using multiple vendors can lead to integration problems.

To properly utilize Microsoft Defender for Office 365, we must first acquire an Office 365 subscription. If we are already using Office 365 and seeking enhanced protection, Microsoft Defender for Office 365 becomes an obvious choice. It offers seamless integration and straightforward usage. To proceed effectively, we need a clear understanding of the users requiring protection and precise guidance on configuring the policies to ensure they provide the necessary protection effectively. 

I am the IT director for my organization, a small municipality with a population of 20,000 located in New Mexico. We employ 250 staff members. Our cybersecurity measures encompass a wide range, including endpoint management and the utilization of Windows Defender for Office 365. This software is internally deployed and primarily focuses on monitoring our email systems. This is where the most intricate configuration is applied. It examines our email traffic, aiming to prevent a significant amount of spam and numerous phishing attempts, although it cannot catch everything due to inherent limitations, it effectively performs tasks such as antivirus and antimalware functions within our email communication.

I would rate the visibility into threats eight out of ten.

Microsoft Defender for Office 365 assists to some extent in prioritizing threats across our enterprise, but it is not our primary tool for this purpose. I would rate the significance of this capability in Microsoft Defender for Office 365 a five out of ten.

I also utilize Windows Defender for both our desktops and mobile devices running on iOS and Android. Additionally, we employ Azure AD for authentication. All of these solutions have been seamlessly integrated into a unified dashboard. This integration process is highly straightforward and occurs automatically during the setup phase.

Our integrated solutions all work natively together to deliver coordinated threat responses.

Microsoft Defender for Office 365 assists in automating routine tasks and identifying high-value alerts. This has led to a 100 percent improvement in our security operations, as we had not implemented anything prior to the adoption of Microsoft Defender for Office 365.

Microsoft Defender for Office 365 has aided in decreasing the number of dashboards we need to monitor, although it does not eliminate all of them. As a cybersecurity practitioner, I still require external vulnerability management for certain third-party risk assessments; Microsoft Defender for Office 365 does not cover those aspects. Consequently, I utilize a separate product for that purpose.

It currently lacks built-in security awareness features. However, efforts are being made to develop such features. The initial stages of the security awareness program can already be observed in the Microsoft platform. Defender for Office 365 provides us with a tool called Safe Links, which enables us to analyze attachments, including both files and data. If someone attempts to access content that is later identified as malicious, we receive a notification. This allows us to identify users who may have interacted with harmful content to some extent, addressing active and potentially harmful interactions. If an individual receives a suspicious link, Safe Links examines the link for potential phishing characteristics. Although the link's malicious nature might not be immediately apparent, it is delivered within a protective Safe Links wrapper. Consequently, if the recipient clicks on the link, this action is logged within the Microsoft environment. Later, if the link is identified as part of a credential phishing attack, appropriate measures are taken. This includes deleting the associated email and notifying the user who clicked on the link. Subsequent actions may involve remediation, such as password changes if deemed necessary. This integration works seamlessly and proves to be highly effective.

Microsoft Defender for Office 365 has helped our organization save around 20 hours of work time.

It saves our organization money. No one would accuse the Microsoft product of being cheap or inexpensive. However, the reality is that most of the security functionality is included in the licensing that I need to purchase to support my operation. In other words, I'm not buying these security products separately; I'm obtaining them as part of my Microsoft 365 licensing. It's not an add-on; they are required components of the government cloud licensing that I have purchased. Therefore, I must acquire Microsoft 365 to access applications such as Office, SharePoint, OneDrive, Exchange, and others. The security features are all integrated within this package; I don't need to source them from elsewhere. Additionally, I would have had to pay for the performance products regardless.

There are several features that I consider valuable. These include anti-malware and anti-phishing capabilities, along with certain remediation abilities for addressing issues once identified. Moreover, the system allows for easy reporting of problems. In the event of a phishing attack, we can conveniently initiate a comprehensive search to identify all related elements of the campaign and remove them from users' mailboxes.

Additionally, the platform offers anti-spoofing measures targeting well-known high-value targets. This proactive approach helps in mitigating business email compromise by designating our high-value personnel. Consequently, any communication purporting to originate from these individuals undergoes a more rigorous verification process to ascertain its authenticity and whether it genuinely stems from a valid account associated with the respective individual.

Microsoft Defender for Office 365 lacks proactivity in assisting us with preparing for potential threats before they occur. While they employ a substantial amount of threat intelligence to preemptively prevent incidents, their effectiveness diminishes when it comes to delivering proactive threat intelligence alerts from Microsoft. Their focus primarily revolves around managing the internal environment. On the other hand, my other vendor, Check Point, along with my membership in MS-ISAC, supplements me with this type of information. 

The phishing and spam filters could use some improvement. It is adequate, but it doesn't match the quality of Proofpoint or Mimecast. However, it comes close in effectiveness. Plus, if we're obtaining it for free, investing in the other products seems impractical.

I have been using Microsoft Defender for Office 365 for around seven years.

Obtaining technical services is challenging.

Negative

I would rate Microsoft Defender for Office 365 eight out of ten.

I would rate the comprehensiveness of our integrated Microsoft products for threat protection a six out of ten.

We are using Microsoft Defender for Office 365 to avoid spam, malware, and similar threats.

Microsoft Defender for Office 365 helps us prioritize threats across our enterprise. I am able to let the system fix the malware while I focus on other tasks.

Microsoft Defender for Office 365 automates routine tasks and highlights critical alerts, significantly improving our security operations. This automation saves us time by reducing repetitive tasks, allowing us to focus on developing new services instead of solely on security operations.

The threat intelligence feature helps us take proactive steps to prevent threats.

Microsoft Defender for Office 365 saves us time and money and has helped decrease the time to detection and response.

It has helped us to avoid malware in the system and prevent unwanted emails from entering our system.

The most valuable aspect of Microsoft Defender for Office 365 is its ability to protect us from malware. This has effectively helped us avoid malware in the system and keep out unwanted emails. It allows us to spend less time on repeated tasks, enabling us to develop new services.

The changes to customer service, specifically the new model for support agreements, are not favorable. We have to pay $600 for every instance, making it too expensive. We might need to look at other support options.

I have been using Microsoft Defender for Office 365 for over ten years.

Microsoft Defender for Office 365 is stable. It's doing what it's supposed to do.

The solution is scalable. Microsoft Defender for Office 365 is flexible with other security products we use. Our usage depends on Microsoft adding features.

We have a premier support agreement. Initially, it worked well, but the new model, where we have to pay for every instance, is not satisfactory.

Positive

We used alternative solutions prior to implementing Microsoft Defender for Office 365. We selected it due to its superior integration with our existing security infrastructure.

The implementation was completed in-house.

We evaluated other solutions before switching to Microsoft Defender for Office 365.

I would rate Microsoft Defender for Office 365 ten out of ten.

We mainly use Microsoft Defender for Office 365 to secure our Office 365 combined application package, which includes Outlook, Word, Excel, PowerPoint, OneDrive, Skype, and Teams. We have all of these combined packages in our cloud. 

Before we deployed Defender, we didn't have the right solution to safeguard these applications because our data was moved from multiple locations, from Outlook to OneDrive, for instance. After the introduction of Defender, we could instantly control most threats.

We also use Microsoft Defender for Identity and Cloud Apps. We deployed Identity recently. 

Integration is easy because Microsoft is the vendor of all of these security products. Most of these products are closely integrated, whether they're on-premise or deployed on the cloud.

These solutions work natively together to deliver coordinated detection and response across our environment. All of these features work on different security layers to ensure protection. Microsoft Defender for Identity gives protection to users. That's an application layer. Simultaneously, Defender for Cloud also provides a layer of security. Each Microsoft product offers a different layer of security, so our organization is secure.

These security products offer comprehensive threat protection. Each day, thousands of people send emails that contain malicious content. Microsoft Defender for Office 365 constantly monitors those attachments and gives us alerts so that we're able to focus on threats and prioritize them accordingly.

We use the bidirectional sync capabilities. It's an important feature to us because we need it for proper syncing and security, both on-premises and on the cloud.

The solution is deployed on a public cloud.

Defender is used in one tenant, and multiple departments use it. It provides security for about 2,000 users.

We have seen multiple benefits from using Defender. Our data was on-premises about five years ago. We migrated our data to the cloud to improve our security. It's awesome to get all of the security features in the cloud. To apply these features on-premises requires different hardware and multiple vendors. With Microsoft Defender, we're able to have a single manufacturer.

Microsoft Defender for 365 helps automate routine tasks and the finding of high-value alerts. It's a detection mechanism, so it doesn't solve the issue, but it will give us alerts and other notifications. It provides system alerting and patches.

The alerting automation definitely affects our security because our organization requires alerts constantly. The Defender setup for Office 365 applications gives us a clear alerting dashboard. The dashboard has multiple features that are linked to most of our applications, so it's more secure.

This solution helps eliminate the need to look at multiple dashboards. With different vendors for security, we obviously had vertical dashboards. Microsoft Defender gives us a single dashboard that we can link to other applications. 

Defender has reduced time spent by 50%.

It definitely saves us money because other vendor products cost more. The hardware itself costs money. Defender's subscription costs less. We have saved 50% compared to other solutions.

Defender decreases the time it takes to detect and respond. We're able to detect 20-30% faster.

Most of our files are being stored in OneDrive. We need to safeguard those links because users have to forward them to multiple locations. Microsoft Defender has a feature to protect each and every attachment. Even if it's an encrypted attachment, it will check for any potential threats.

If there are any spam contents in an email, we will be notified. With the implementation of Defender, we're able to correctly monitor attachments, files, and safeguard the required data. 

Microsoft Defender for Office 365 provides us with visibility into threats. Our emailing system is Microsoft Office Outlook. We also use a mail server from Microsoft. If there's an issue, we're able to troubleshoot it right away and give a solution. All of the administrators are properly alerted in their dashboards.

Microsoft Defender for Office 365 helps us prioritize threats across our enterprise. It safeguards us from any incoming threats or viruses. It scans every bit of information from the software cloud, including attachments, links, or malicious emails that hackers generate to break the security system.

It's definitely important that Defender helps us prioritize threats across the enterprise because some of the security breaches are less serious, so there is more time to troubleshoot. We're able to see everything in the dashboard, so we're notified about the important threats and can act accordingly to resolve them.

The advanced threat protection requires awareness and knowledge from administrators. Microsoft should provide more documentation for users so they can self-educate. I would like to see more documentation for advanced security features.

I have used this solution for about five years.

It's completely stable.

It's scalable.

Technical support is really good. I would rate them as nine out of ten.

Positive

We haven't used any other solutions.

The setup was straightforward.

Maintenance isn't required because the solution auto-updates.

We received support from Microsoft for implementation. Four system administrators were needed for implementation.

We have definitely seen a return on investment. OneDrive stores a lot of data, and maintaining the security of that data is a large task. It would be expensive to integrate another solution for that task. Since implementing Defender, we have saved a lot of money.

There are other Microsoft products included in the package, so we're able to save more money. I think there's a great return on investment.

The pricing is normal. Considering its popularity, it's not overpriced.

We haven't evaluated other options. To secure Microsoft Office 365 applications, we wouldn't necessarily go for other third-party solutions because Microsoft has its own proprietary solutions.

I would rate this solution as nine out of ten.

My advice for other people who are in security is to try Defender. It's much better than other top security appliances and it's completely affordable. For large and medium enterprises, it's definitely worth trying because applications like OneDrive require constant monitoring. 

Multiple security solutions must be monitored constantly, and the maintenance cost will be much higher. Dependency issues will arise, and you will need multiple support people to troubleshoot issues. Sometimes the issue won't be found if it involves multiple dependencies from other vendors. We prefer to go with a single-vendor product like Microsoft because of their support.