Microsoft Defender for Office 365 Reviews

We primarily use the solution for security purposes. 

Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect our organization against unknown malware and viruses by providing robust zero-day protection and includes features to safeguard our organization from harmful links in real-time. Defender for Office 365 has rich reporting and URL trace capabilities that give us (administrators) insight into the kind of attacks happening in our organization. We can discover how Defender for Office 365 can help in define protection policies, analyze threats to our organization, and respond to attacks.

Defender for Office 365 can help your organization configure policies, analyze threats to your organization and respond to attacks.  It is important to note that there are different levels of protection and capabilities depending upon which version of Office365 license you have. The best features we found most valuable are Forwarding Report, Safe Attachment Files Types, Treat Protection Status, Malware Detected in Email, URL Threat Protection and many more.

The custom alerts have to improve a lot. Though the system is very good, we have to go and check inside the admin panel to look at all kinds of reports. We won't get any mail alerts that highlight for us, for example, "today this many of spam attacks have happened". Or "these many emails have been blocked." We have to manually go into the admin panel and have to check it out. It would be nice if there are custom email notifications/alerts.

Right now, there are additional features such as mobile device management and data loss prevention, or eDiscovery (where the admin scans through the inboxes and see all your mail and notes any deviation) that are only currently available under the E5 license. You can't get these services as part of a base plan. In the future, it would be nice if they were added as part of the base plan as well.  

We've been using the solution for two years at this point. 

In terms of Scalability, Microsoft has heavily invested in scalability and security of its Microsoft 365 platform in the last few years.

Since it is a cloud based solution, at any point of time we can upgrade the number of users without any hassle and there is no user cap limit.

Currently, we have 350 users at this time.

The technical support is good. However, for us, personally, we didn't had any serious issues to contact with the technical support team as most of the errors or issues we faced we easily resolved from documentation from Microsoft website. 

We have been using Fortinet Mail however, later on, we went with the Office 365 Email Protection Plan. The main reason for switching is before we were using G-Suite from google for emailing solution and later on we shifted to Office 365 and the Defender is an inbuilt feature provided by microsoft.

The initial setup is so easy and the Microsoft Help Center is available to assist as necessary. In our case, we just went through the documentation which was provided on the Microsoft website and based on the document, we were able to easily configure it.

We implemented it in-house and no support was taken from vendor. Everything is in the documentation of Microsoft Website.

The pricing is pretty good and was a major factor in choosing it. The pricing is reasonable when compared with Cisco or some other products.

If it is an IT company, the budget allocation will be more and focused on the IT part. However, when it comes to a manufacturing company, the budget focus will be more on manufacturing and the budget allocation will be very low in terms of IT. 

For us Office 365 was better in terms of Pricing.

Before choosing this solution, we had evaluated Cisco. I just visited your site and I just downloaded that datasheet. I compared it to Office 365 Mail Protection. Both are good, however, in terms of the pricing part, Office 365 was better choice.

No matter what ever solution we take be it Google/ Cisco/ Microsoft, every one provided the same security. However there would be some features differ based on the plan/license we take.

With my personal experience, If you don't have any budget constraints go for Google or Cisco.
If you are on a low budget and if you want a solution that needs to be suitable for your business, then you can go for Microsoft.

I'd rate the solution at an eight out of ten.

This solution is a mixed product. It can be used for email security and for information protection which is basically data loss prevention. Many people do this type of setup for DLP, but it is under Microsoft's naming convention, they call it Microsoft Information Protection(MIP).

It definitely is a must for email protection and O365 app DLP.  Combined with Microsoft Defender for Endpoint, Microsoft Defender for Identity, and MCAS, it provides a holistic solution for threat protection, email protection, O365 apps protection, and DLP for both internal and external risks.

Some of the valuable features on the email side are anti-phishing, anti-malware, and Safe Links. Anything that has the word "safe" in it is essentially made to defend against the common email vulnerabilities that you would see in similar products. Without these features, it does not have nearly the capabilities. 

On the information protection side, the best features are probably the data loss prevention policies that cover the whole suite of Office 365 applications. I will explain it a little more, from an information protection standpoint, Defender for Office 365, does strictly apply to the Office apps, but that is where it can get confusing because it can do more. It works with MIP, and MIP can be part of a SKU in the M365, particularly the E5 SKU or equivalent. It can protect and prevent data loss of data wherever it operates. It does not matter where it operates, it can be in a different cloud service, on-premises, in Office, a SaaS application, or even It could be your own applications that you have developed. Defender for Office 365 helps with the loss prevention for Office 365 applications.

There needs to be an improvement in having the product work across multiple operating systems and have better support for non-Microsoft file types.

Defender for Office 365 handles the Microsoft supported file types, but MIP is limited. This solution does what it needs to do, but it does not go to the depth of if it was working with MIP, a holistic information protection system. It does not support all the file types an organization might use. For example, AutoCAD B1 for manufacturing or defence-oriented companies, they have to add a third-party add-on, or you would have to create the extensibility.

In an upcoming release, there should be business continuity features added. Proofpoint solution addresses what happens if you have an outage. If your tenant or your SaaS application is not available, there is no continuity right now with this solution. 

I have been using the solution for approximately 6 months.

Generally, it is stable with a good SLA.  Still there can be outages in either O365 or Azure AD but they are rare.  That is where Proofpoint adds a BC/DR feature that is lacking with O365 Exchange Online.

It is a scalable solution. We have deployed it to several hundred thousand people, and it scaled fine. There are different considerations that need to be made before the solution can scale properly. For example, If I am in a hybrid environment, my connection to the cloud is 100 MB, and I have got 100,000 users, that connection bandwidth is not going to work. As long as people know that there are certain adjustments that are needed to scale, then it will scale properly.

Another example, if it is a Multi-GEO spread across the globe, you are only as good as your network backbone or what you pay for your network backbone, this is the case in many clouds. If you are using a hybrid setup, it is the same situation, you need to figure out how to regionalize things and then have adequate bandwidth. There are techniques to use that makes sure you are using the shortest path to the cloud from each region. If you do not pay attention to all of these considerations when attempting to scale the product you are not going to have a good experience.

Microsoft does a very good job of having information available for customers such as documentation and online videos. The problem is wading into every consideration that you have to have, such as, is the network sufficient, or evaluating the different setup scenario types where it could get really complicated. For example, having a Multi-GEO setup, what is the impact of a network on the performance. There are scenarios where it can get difficult, where a company acquires another company and they both are in separate Active Directory force and a lot of them at times, they do not know the order of how to do things. The complication of supported models between how you do identity and some of them do not even know how to do enterprise architecture or the difference between enterprise architecture and solution architecture. You could run into best practices not being followed and have to re-engineer everything, I have run into all kinds of scenarios.

Generally, the only problem with the documentation is it is hard for people to put all the information together, there can be a lot of information. Microsoft support is only as good as their documentation, and their documentation is currently behind. Since Ignite 2020, all the announcements came out of that and the documentation still has not caught up. We are now at Ignite 2021. 

A lot of these technical support agents just read a script. However, it depends on which level you are talking about. If you get entry-level support and then you are moving up the ladder, it could take time to get the information you are seeking for a resolution. If you get the right support person then you are good, but if not then you could be going around in circles for a while before you are able to resolve your issue.

At GuidePoint Security we are paid consultant therefore work within the requirements of customers.  Some customers understand the holistic Microsoft XDR and information protection solutions and how they integrate together to send signals to a SIEM/SOAR product for incident discovery and remediation.  Others use a mixed bag of products from CrowdStrike, Symantec, etc. on endpoints, may use a third-party CASB product i.e. Netskope which combined with Netskope's Secure Web Proxy forms their SASE solution.

The installation can be easy in SMB but there can be some difficult challenges in large enterprises.  Typically it is companies going through mergers, etc.

Full deployment can have challenges, but it is all depending on your organization's usage. For example, organizations that have to be in the government cloud and where they have both US and non-US citizens. In the government cloud, friendly nations can participate in the government cloud and there are some that definitely cannot. There could be many that cannot be allowed. For example, If there were two that could not be allowed, those two clouds have to be separated completely. They cannot communicate with each other whatsoever. That is a little bit of a problem for some organizations. What if I have a subsidiary in Australia that says, "No, I do not want to be in the government cloud." how are you going to handle the fact that all your US subsidiaries have agreed to go into the government cloud and the Australian one is sitting out saying "no". You then now have to treat these separately like they are two separate organizations.

We have received a good return on investment with this solution, it does what it is supposed to do. Particularly from the email and information protection perspective, it does a very good job, but it could be better.

Microsoft licensing should include Microsoft Defender for O365 in their E3 and E5 licenses.  Currently it is all or nothing unless you purchase an add-on which we advise enterprise customers to do.

I have evaluated Proofpoint in the past which has continuity features that this solution is lacking.

The solution is really good, but not perfect, nothing is. They have done a very good job, they just have a little ways to go. The way their documentation is constructed, connecting the dots holistically is something people find hard and that is the reason they call people like me because I know how to connect the dots.

I rate Microsoft Defender for Office 365 a nine out of ten.

It allows us to effectively detect and manage malicious URLs within emails. This proactive approach allows your team to identify and resolve security incidents promptly. We optimize our security by incorporating Microsoft's IOCs into both Defender for Office 365 and endpoint protection. This integration prevents our devices from accessing known threats, saving significant time weekly. Centralized management of threat indicators proves highly efficient, potentially saving hours. This comprehensive strategy enhances our proactive security measures across our systems.

When dealing with a large volume of emails, whether received or sent by users, Defender solutions, particularly Threat Explorer, prove to be highly effective. In instances where users may have inadvertently interacted with potentially harmful emails, it enables me to isolate and analyze these emails by placing them in a secure sandbox environment. This insight is crucial for addressing incidents promptly and collaboratively, fostering a cooperative approach to resolving potential security issues within the organization. In Defender 365, we've implemented a dual-pronged approach for automating tasks and managing security incidents. When alerts like a user clicking on a malicious URL occur, data is directed to Sentinel or Log Analytics. A logic app is then employed to analyze the user's actions using Defender for Endpoint, tracking device activities, and making informed decisions. This integrated system enables us to swiftly identify, analyze, and respond to security incidents, enhancing our ability to manage and mitigate potential threats effectively. It has significantly reduced our time to detect and respond to security incidents. While I don't have an exact figure, the impact has been substantial. By consolidating multiple solutions into logic apps and gaining visibility, we can now respond much more efficiently than before. Without this integrated approach, lacking visibility hampers our ability to identify and address potential threats promptly.

Threat Explorer is an invaluable tool for me, and it plays a crucial role in helping me discern the origins of various email campaigns, pinpointing where they emanate from, and identifying the individuals within our organization who are affected. The convenience of having a centralized location for extracting comprehensive data is particularly noteworthy. With Threat Explorer, I can efficiently manage and mitigate the impact of these campaigns by removing problematic emails from mailboxes, all in one centralized location, eliminating the need to navigate through multiple areas. Effectively prioritizing threats across our enterprise is crucial for us, given that the primary avenue of attack is often through phishing emails. By having robust protection in place, we're able to significantly mitigate this prevalent threat, essentially clearing a major portion of the cybersecurity landscape.

There's room for improvement regarding the time frame for retrieving emails. Currently, the limitation allows users to go back only thirty days when pulling emails or conducting related actions. Enhancing this capability to extend the timeframe, perhaps to sixty or ninety days, would be beneficial.

I have been working with it for three years.

It has been reliable. I haven't encountered any instances of downtime or significant bugs; occasionally, signing out and back in resolves minor issues.

In terms of scalability, our institution has expanded with more students and staff, and we haven't experienced any performance issues with Defender for Office 365. It has proven to be effective and adaptable to the growth of our organization. We currently have approximately four thousand staff members.

The support team, not only for Defender for Office 365 but for any issues I've encountered, has been exceptional. Whether reaching out through email or submitting a support ticket, I typically receive a callback within hours. I've never personally faced any challenges in contacting Microsoft support—they've consistently been prompt and responsive. The account managers, or whatever they're officially called, have been quick to answer and address any inquiries, making the support experience highly satisfactory. I would rate it ten out of ten.

Positive

I would highly recommend it as it offers numerous features that can significantly enhance your security posture. Overall, I would rate it ten out of ten.

We have started using Defender on our endpoints, together with the basic Defender for email. We placed Defender on our endpoints through our XDR solution. It's connected to our SOC and the SIEM.

The fact that it's easy to integrate and implement has helped us to move forward with our project.

Also, on the clients, we have implemented automated identification and blocking, and these help our SOC team avoid doing manual work.

It gives us visibility into threats and, for endpoints, it helps us to prioritize threats. We used to have a lack of visibility, but now our time to detect and respond has decreased.

Also, in the beginning, Microsoft Defender for Office 365 saved us time because we had started a completely new company. Now that we are more established, we need another, more advanced solution with more machine learning and artificial intelligence related functionality.

About eight months ago, we started to measure the quantity of phishing and spam that we have been receiving, and it has been increasing a lot. That means that protection for our email is not as good as we were expecting.

Now that we have more visibility into threats, our orientation is to have a more top-market solution to give us more visibility and easier ways to respond to the threats that we find and also to identify threats better.

It is not really straightforward to get a lot of information from Microsoft Defender, so we have had to use Microsoft Graph to create some custom views to export custom information.

I have been using Microsoft Defender for Office 365 for four years.

The stability is really good. We have never had any problems related to Defender.

The scalability is also very good. It's easy to increase usage, but that's expected.

We are a multinational company, so we have multiple locations, including Brazil and several countries in Europe. We have about 470 end-users.

The technical support is really good. 

Positive

We used Symantec when we were part of a big company. We decided to use Microsoft because it is a fully integrated solution and was embedded in our licenses. We did not take into consideration all the features.

Our company was sold by that big company that we used to be part of and we then consolidated and created a new company about four years ago. We wanted to move forward, as fast as possible, with as much security as possible.

It was really straightforward to set up. We implemented it on our endpoint devices, and then we configured a lot of policies to manage and avoid threats, as well as policies for phishing and the cloud.

The maintenance is mostly related to fine-tuning phishing and other issues and is handled by one or two engineers, but it's not needed frequently.

It was done in-house, with two or three of our resources.

It is much more expensive than using another solution because we have had to include some options and upgrade our license. Be aware of the licensing model, because for certain features you need a different level of licensing.

We did not look at other options. The main reason we went with Microsoft was because of the complete integration.

If I were asked whether to go with a single vendor or multiple vendors for security, I would say use multiple vendors. We are using Microsoft for collaboration, email, chat, and security. It's like having the wolf secure your house. Having different vendors would help give you different visibility and data and different people managing different solutions.

We use it to monitor user behavior and activity. It also gives us analytics to protect the user identities and extensions stored in Active Directory. For one of the instances that we are managing, we have to sync it with Active Directory and protect user identity.

It is a basic SecOps tool. It has not increased or improved anything specifically for our organization, but I see it as a must-have for security ops.

It can help automate routine tasks and finding of high-value alerts. Our security operations are not very high-volume, but from the angle of process efficiency, it is definitely a very beneficial product.

Defender for Office 365 has helped eliminate having to look at multiple dashboards and that is the aspect I like most about it. It is simpler, effective, and convenient. The users like the process efficiency.

And there are a couple of aspects, time-wise. One is that the documentation makes everything so easy that we were able to understand it without much external support. The second is how it automates the process and gives everything in one console. It is helping us with process efficiency. I would estimate it is saving us 10 to 15 man-hours per month. But it is more an issue of process efficiency and having the right process in place. It is not for time-savings, primarily.

And it is likely to help us with our time to detect and respond, although we haven't faced one threat yet.

It's a little early to tell which features are most valuable, but by default, it gives analytics on user behavior. We have not been able to leverage it fully, but that is one of the interesting features. It's also very simple to use. The documentation has made it quite easy to implement and our team has been able to understand it.

And while we haven't had even one threat incident yet, functionality-wise, Defender for Office 365 can proactively detect threats and prevent them. It is not just a reactive mechanism.

One area for improvement is integration. For example, when it comes to external SaaS platforms, we were not able to get a lot of information on integrations with such apps for security and authentication. The awareness of ecosystem information that is provided needs to be better.

We implemented Microsoft Defender for Office 365 over the last month.

The stability of Defender for Office 365 is competitive.

It is very scalable. I've seen implementations in organizations with thousands of employees.

For us, it is being used across endpoints for all the users in our organization, and it is multi-geographic as well. We are a small organization with only 10 users.

Microsoft technical support is very good. For this particular product we have not reached out to them, but otherwise, we find Microsoft support to be quite good. 

The product itself is so good that we rarely have to raise a support ticket. The product and documentation are self-explanatory and we are able to troubleshoot things ourselves.

Positive

If we had compared it with other vendors, then I would have more to say about the cost, but we didn't. However, standalone, the cost is convenient.

We did not explore other vendors. This was a default choice for us.

We have not faced any incidents so we are not able to comment on how well it handles them. But in our organization, we are using basic antivirus software and that aspect is covered in that solution as well. It also has functionality for prioritizing threats but we have not implemented it.

The solution does not require much maintenance. There is the setup and it is mainly a matter of monitoring after that.

When you consider a best-of-breed strategy versus a single vendor's security suite, I prefer a single vendor because of the failure points. If there are interconnected failure points, there is a single vendor to work with to fix them and identify the gaps. And when it is within the same ecosystem, the product releases are compatible with each other and, together, give us more value. While a multi-vendor strategy has its benefits, if we stick to a single vendor for the entire stack, it is a better scenario in which to manage and monitor.

If you're using Office 365, Defender for Office 365 is the default primary choice. There are no shortcomings in it, that I have seen, that should make someone look for an alternate solution. It is the default choice for this particular use case and it serves its purpose.

The big things we take advantage of are Safe Links for Teams, SharePoint, and Email. We have office locations all over the world. We are in New Zealand, Africa, Europe, the USA, and South America. We have deployed the license for every single person with a mailbox.

Since we have started using the solution, there have been fewer compromises. We're more secure having Safe Links.

It is a high-impact tool. It keeps users from doing anything wrong.

The product must provide better malware detection. The detection algorithms don't perform the way I hope they would.

I have been using the solution for three years.

The tool has 100% stability. It has never been down.

The tool is deployed globally in our tenants. It is scalable. We have about 5500 licenses.

Most of the time, I can get what I need from the support. Sometimes, it is a hit or miss. It is not always straightforward. I often state my problem clearly, and then the support person asks me to explain it again. They must read what I've already written when I opened the ticket. All the details are right there. Far too often, the support personnel do not read the ticket I raise.

Neutral

The initial deployment was pretty simple. We were already under a microscope, so we were pressured. I had to learn what I wanted. We had to deploy the product quickly. We use both AWS and Azure as our cloud providers.

The pricing is too much compared to other security products that do the same things. The product is very expensive. I have a hard time demonstrating more value out of it.

We didn't evaluate anybody else. We had been compromised, so we decided to buy the product.

We get a lot of good visibility. When we look for something, it's pretty easy to see the IP from which the user signed in. We get to know where the person is logging in from. It lets us know quickly whether a particular IP should be logged in at a particular time.

The solution does not help us prioritize threats. It helps us mitigate some of the threats we identify. I don't think prioritization is important. Whoever makes the most has the highest priority.

The solution’s threat intelligence helps us take proactive steps, especially with Safe Links. It helps us track down and look at logs, see what document libraries a threat might have gone to, and try to review the exposed data and potentially exfiltrate it.

The solution has saved my company's money. The tool has decreased our time to respond by a couple of hours per incident. I don't have to involve my network or security teams. We could click through to determine whether an access is legitimate. There may be more cost-effective solutions in the market.

Overall, I rate the solution a nine out of ten for its functionality.

We use Microsoft Defender for Office 365 for protection. 

Microsoft Defender for Office 365 has improved my organization's security. It makes it easier to manage the infrastructure without the help of third-party applications. 

The product helped us maintain collaboration and communication during the pandemic with the help of Teams. 

Microsoft Defender for Office 365 must improve the overall management style, including the GUI. It also needs to change the filters so that it is easy to whitelist and blacklist data. 

I have been using the product for six years. 

The product is stable. I rate it a ten out of ten. 

Microsoft Defender for Office 365 is scalable. I rate it a ten out of ten. 

The tool's support is good. 

Positive

Microsoft Defender for Office 365 is expensive but does what it says. 

Microsoft Defender for Office 365 is efficient and picks up threats before they pass on to the systems. 

The tool's automation has made us more efficient in our daily tasks. 

The solution saves much time since you don't have to reimage the computer after an attack. 

We are resellers of this solution and Microsoft partners. 

Defender for Office 365 helps in securing your users' email which is the number one method of compromise for most networks.

The solution does a thorough job of examining emails for malicious content and examines the URLs and potential malicious content in emails. It offers peace of mind with more real-time updates as far as what they're looking for as opposed to a signature-based solution. It's probably the most valuable feature in my mind. I've deployed it for a couple of clients in a 365 environment and it seems to be a pretty solid solution. 

This is not really a defined product. You have to go to a lot of different places to enable things so it would be nice if you could go to one tab that says 365 Defender for Office 365 or something similar. You would be able to make all the settings and changes there, rather than having to go to lots of different places in the admin center to get it configured.

Configuring Defender for Office 365 is not as easy as I would like but with some research and patience, you can tweak the solution to meet your needs. There are some pretty good articles online that assist in setting up Defender for Office 365 to meet your needs.

Creating a path for your Security Awareness Training (SAT) phishing tests to go around the Defender filtering is way too complex for our current solution KnowBe4. But I learned that is a KnowBe4 limitation. Phin SAT has a much easier method of injecting test phishing emails that do not require such acrobatics to configure.

I've been using this solution for two years. 

This is a stable solution. 

Defender is very scalable, it sits on the 365 environment so however big your 365 environment is, is how much you can expand. We've probably set up 300 or 400 users so far. There's no maintenance and you don't have to deploy updates. It's all taken care of in the background by Microsoft so it's pretty much set and forget it once you get it configured.

The support is mostly responsive, but I've had instances going for longer than a week that shouldn't have taken that long.

There's no specific solution I would relate to, Microsoft just seems like a cleaner solution as opposed to having a third party. We've used some other solutions in the past where we have to send the mail to that solution and then forward it from there to Microsoft. In this case, it all takes place in the Microsoft environment. 

Like most Microsoft products, it's not the easiest thing to get installed, but it seems to work once you have it deployed. You can easily do it in half a day, especially once you get familiar with it, but it's not particularly time-consuming. It's best to start out with more lenient definitions so you're not working on every mail, but we can tune it after that. Our in-house IT department deals with deployment. 

We haven't done any sort of analysis with regard to ROI, but in my mind, if you can stop one piece of ransomware or malware from getting onto your network, it's priceless.

The solution is not too expensive. 

This is the first option I tried. I'm considering looking into others to see if they are easier to set up and manage.

I'd highly recommend reading the documentation. It was pretty helpful in getting the solution set up.

I rate the solution an eight out of 10.