Microsoft Defender for Office 365 Reviews

We primarily use the solution for security purposes. 

Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect our organization against unknown malware and viruses by providing robust zero-day protection and includes features to safeguard our organization from harmful links in real-time. Defender for Office 365 has rich reporting and URL trace capabilities that give us (administrators) insight into the kind of attacks happening in our organization. We can discover how Defender for Office 365 can help in define protection policies, analyze threats to our organization, and respond to attacks.

Defender for Office 365 can help your organization configure policies, analyze threats to your organization and respond to attacks.  It is important to note that there are different levels of protection and capabilities depending upon which version of Office365 license you have. The best features we found most valuable are Forwarding Report, Safe Attachment Files Types, Treat Protection Status, Malware Detected in Email, URL Threat Protection and many more.

The custom alerts have to improve a lot. Though the system is very good, we have to go and check inside the admin panel to look at all kinds of reports. We won't get any mail alerts that highlight for us, for example, "today this many of spam attacks have happened". Or "these many emails have been blocked." We have to manually go into the admin panel and have to check it out. It would be nice if there are custom email notifications/alerts.

Right now, there are additional features such as mobile device management and data loss prevention, or eDiscovery (where the admin scans through the inboxes and see all your mail and notes any deviation) that are only currently available under the E5 license. You can't get these services as part of a base plan. In the future, it would be nice if they were added as part of the base plan as well.  

We've been using the solution for two years at this point. 

In terms of Scalability, Microsoft has heavily invested in scalability and security of its Microsoft 365 platform in the last few years.

Since it is a cloud based solution, at any point of time we can upgrade the number of users without any hassle and there is no user cap limit.

Currently, we have 350 users at this time.

The technical support is good. However, for us, personally, we didn't had any serious issues to contact with the technical support team as most of the errors or issues we faced we easily resolved from documentation from Microsoft website. 

We have been using Fortinet Mail however, later on, we went with the Office 365 Email Protection Plan. The main reason for switching is before we were using G-Suite from google for emailing solution and later on we shifted to Office 365 and the Defender is an inbuilt feature provided by microsoft.

The initial setup is so easy and the Microsoft Help Center is available to assist as necessary. In our case, we just went through the documentation which was provided on the Microsoft website and based on the document, we were able to easily configure it.

We implemented it in-house and no support was taken from vendor. Everything is in the documentation of Microsoft Website.

The pricing is pretty good and was a major factor in choosing it. The pricing is reasonable when compared with Cisco or some other products.

If it is an IT company, the budget allocation will be more and focused on the IT part. However, when it comes to a manufacturing company, the budget focus will be more on manufacturing and the budget allocation will be very low in terms of IT. 

For us Office 365 was better in terms of Pricing.

Before choosing this solution, we had evaluated Cisco. I just visited your site and I just downloaded that datasheet. I compared it to Office 365 Mail Protection. Both are good, however, in terms of the pricing part, Office 365 was better choice.

No matter what ever solution we take be it Google/ Cisco/ Microsoft, every one provided the same security. However there would be some features differ based on the plan/license we take.

With my personal experience, If you don't have any budget constraints go for Google or Cisco.
If you are on a low budget and if you want a solution that needs to be suitable for your business, then you can go for Microsoft.

I'd rate the solution at an eight out of ten.

We use it for detecting any kind of breach or intrusion. It is not enabled for everyone because we have our own antivirus.

It has helped us in improving our security posture. It detects any kind of attack or abnormal behavior in accessing the system and sends an alert to the administrator who can check, understand, and review on time to ensure that all activities are legit.

It blocks all known threats immediately and sends alerts to follow up. It is not used on all devices. On the devices on which it is being used, it has improved the security by 80%.

It has improved our security awareness. It helped us in understanding the weaknesses in our configuration that needed to be fixed to avoid any kind of breach. It has increased our security level and mitigated the risk of being compromised.

The risk level notifications are most valuable. We get to know what kind of intrusion or attack is there, and we can fix a problem on time.

The visibility for the weaknesses in the system and unauthorized access can be improved.

Its price should be improved. Its cost is a major concern for us.

We started using it in 2019.

Its stability is good.

Its scalability is good. It is able to leverage more and more functions, which is essential because cybersecurity threats are increasing nowadays.

Initially, we had only 10 users, and currently, most of the users are switching to another platform. We only have one user, and only the system administrator is managing it.

I didn't need any tech support because the documentation and the procedures are simple and easy to understand.

We have Symantec Endpoint Protection, and we also use Sophos. We are using Defender only on our Azure system because it is a suitable tool for the Microsoft environment.

Its initial setup is straightforward. Because it is cloud-based, when we assign the license for Office 365, it can be automatically deployed from the console. Because the number was small, we manually installed it on each device one by one. Its deployment requires minimal staff. Depending on the connectivity, it can take about 30 minutes for each device.

We have not seen an ROI yet.

Defender is a little bit more expensive as compared to others. We are in the manufacturing environment. So, we don't have a high budget for all of our endpoint devices. Its cost is a major concern for us.

It is a good product, but its price is the most critical point for consideration. In terms of technology and capability, I would rate Microsoft Defender an eight out of 10.

We mainly use it to identify software vulnerabilities. It reports all the software vulnerabilities installed in our web stations and servers.

With Defender for Office 365, we have been able to increase the security posture across our organization. Within the first month of using this product, we realized that benefit.

When it comes to software vulnerabilities, we can target them and update the software as soon as we see that there is a vulnerability. And then we can make sure that they are updated and check that the update process was successful within a different department. That has really helped us improve our productivity.

The solution saves us time because we don't have to go here and there to identify things. It's a single portal that has all the details we need. Their support is also good. These features have, again, helped us improve our productivity a lot. It saves us about 25 percent of our time.

It has also saved us money because we don't have to pay for other security products like Nessus. This solution has almost everything we got from other products, so we don't have to go for an additional solution. It's saving us about 50 percent, cost-wise.

Our time to detect threats has decreased. With products like Nessus, until their scan runs, we are not aware whether a threat is fixed or not. But with Defender, within one to two hours that information is reflected. With Nessus, sometimes we had to wait a day to see that information reflected in the portal. Because we are aware of issues earlier, we can act on them sooner.

The most valuable feature is the score. By looking at the score, you can identify if you are at risk or not.

It also gives the vulnerability status according to the versions you have selected. Let's say you have Google Chrome. It mentions the versions it has, and it updates. Within two hours of an update, it is reflected in the dashboard. That's really nice to have.

It gives me everything I need, visibility-wise. It also helps prioritize threats across our enterprise and that's very important. That means we can identify the critical vulnerabilities first and keep an eye on other vulnerabilities. By looking at the dashboard, I immediately get an idea of how critical an issue is and we can fix vulnerabilities before they result in an attack.

It has also helped eliminate looking at multiple dashboards, giving us one XDR dashboard, which has made our security operations really easy. We can also create internal tickets within the portal itself. We can assign them to people and see how long it took them to close the tickets. That makes things really easy.

In one of the reports, I can get the exact place where a vulnerable file resides. But for that, I need to explicitly go into the device and check. If they could include that file part in the report, without my having to go to the device itself, that would help.

I have been using Microsoft Defender for Office 365 for about two years.

It is stable.

There are bugs here and there, but they have been able to rectify them.

It's scalable. It discovers almost all of the workstations and servers across our organization. We have about 3,000 endpoints.

Whenever we ask a question, they provide us with a solution. I'm happy with their technical support.

Positive

We previously used Nessus. We switched mainly because of the cost and the integration. With Nessus, we had to install an agent, but with Defender, since we were already using it, we could just turn it on with the cloud portal and deploy it very easily.

I wasn't involved in the initial setup, but in terms of maintenance, we push it through Windows Update so we don't have to explicitly do any updates.

I would recommend Microsoft Defender for Office 365. 

If you already have a deployment method, like CCM or something similar, it will be easy. Even if not, there are several other deployment methods that could support any scenario.

We already had an Office subscription, so we just started a trial and we were happy with it and we went with it.

In terms of a best-of-breed strategy rather than a single vendor security suite, a single vendor security suite is good when it comes to deployment and manageability. It's easy.

I use it for email security and to scan for phishing attempts. I use it for endpoint security as well and scan for any malicious activities, such as viruses, malware, or possible ransomware; to prevent any kind of malicious activity. I also use it to investigate and respond to malicious activity.

So far, it has helped with how we organize data flow within our IT department and has given us increased visibility.

The solution has also eliminated having to look at multiple dashboards. Reconnaissance, or data gathering, is very important, and the speed at which we gather data is very important when responding to a threat.

It saves me time because I don't have to go from one tool to the next, or one dashboard to the next to get similar information. Now, I just log in one time to my Azure portal and I can get everything I need from there. It also assists with email alerts because they are consolidated and very simplified. We don't have different tools sending alerts. It's just one tool sending them and they differentiate based on what is going on. That has really been awesome.

The threat intelligence also helps prepare us for potential threats before we encounter them. We see recommendations and predictions from their SIEM.

The anti-phishing component and the investigation consoles that Microsoft gives you with this product are the most valuable features. The consoles are very detailed and mostly accurate. There are fewer false positives than in other products that I've used.

It also gives me good visibility because, with Defender, I'm using a Microsoft product to defend Microsoft products. The integration was really seamless and I have wide visibility because it picks up almost everything. Literally, I can see almost every activity that happens, from the email to the workstation itself. It's a really awesome product in terms of giving me visibility into what's happening with the endpoints in my corporate environment.

On the investigation console, it shows the form of attack vectors that I may be exposed to and it prioritizes things based on the risk factor. I know what to give priority to when it comes to remediation and prevention.

In addition to Microsoft Defender for Office 365, we use Sentinel and ATP. They are all integrated. I wouldn't be the best person to speak about the integration process itself because I had huge assistance with that aspect. But I'm assuming it was not too tough because that part of the project was pretty quick. It's all license-based, so it's not that difficult.

These products work together, natively, to deliver detection and response in a coordinated way. Whatever is reflected in one of them can be seen through evidence in the other tools. For example, if there's an email threat in an attachment and it is downloaded, Defender continues to pick up the trail from there and resolves the threat.

One aspect of Sentinel that is very important is that it enables us to ingest data from our entire ecosystem. Sentinel is like having built-in AI that analyzes everything that goes on in the environment. The feedback from Sentinel is very important, so it's very important that it has 100% visibility into the environment. It helps us to make a lot of logical decisions.

Sentinel also helps us to investigate threats and respond in an integrated way from one spot. That is important because the speed at which you respond to a threat is very important. The longer you take, the harder the threat will be to dissolve. The quicker the response, the better it is when it comes to remediating the attack or undoing the damage, and keeping downtime to a minimum.

And the AI technology of Sentinel has helped to automate finding high-risk alerts. The alerts are prioritized based on the risk factor.

We recently implemented Microsoft Defender for Office 365 and have been using it for about two months.

It's pretty stable. There's nothing on-prem except for the agents. They are the only thing you have to worry about. Everything else is in the cloud, so you don't have the responsibility of downtime when it comes to security.

One area for improvement is support, in terms of being able to reach them and, especially, technical support for configuration.

Neutral

The solution could be better by simplifying the business model of their licensing. It was hard to figure out how to get the licensing done for the environment, initially. That was the only hiccup we had when we enrolled with Microsoft for security.

We tried Cybereason and SimplySecure. We also tried SentinelOne and it was really good. The reason we chose to go with Microsoft was the added features for securing our email tenant.

Sentinel is pretty cost-effective compared to other solutions because, with Microsoft, we get multiple products for a holistic, cheaper subscription price. The things we would have to purchase from different vendors are the things that Microsoft gives us all in one. Instead of paying Splunk for a SIEM, and paying Fortinet for EDR, we can have a subscription-based solution at a cheaper rate from Microsoft, which is an all-in-one solution.

They really keep up to date with the definitions and upcoming threats that are out there and are doing a pretty good job of defending us, in comparison to other products. They're really catching on. Before, I wasn't a Microsoft person, but I'm slowly getting there because these products have really assisted me of late. They have given me a lot of perspectives on security in general.

It's a good solution for enrolling all your devices. You can have Mac, Windows, and Linux in your console for security visibility. Once your alerts are configured correctly, you shouldn't be missing anything. It's really good for getting alerts to you about anything anomalous.

I use it for investigating incidents.

It has helped eliminate looking at multiple dashboards, which is very useful. During the investigation of incidents, it helps in making reports.

It has saved me time and my nerves. It has also likely saved us money by blocking unexpected threats. It has also definitely decreased our time to detection and time to respond. 

I like its investigation capabilities, as that is what is most important to me. It is fairly simple with a user-friendly interface. 

Also, all Microsoft products can be used with each other, as opposed to other vendors' products that cannot be used with each other.

They have moved features from one console to another. Things have been moved around in the interface and it takes me time to find where certain features are. 

I've been working with Microsoft 365 for two years.

It's a stable solution. I have only had one serious incident, a few months ago, when Microsoft wrote that there were some difficulties with networking.

It's scalable and this is important. I have had clients with 10 to 20 users and others with a few thousand.

Unfortunately, support has become difficult. Very often I get a hyperlink from Microsoft as an answer, but I only submit requests after I have read all the information that is available. My questions are not simple. In the past, I would have rated their support a nine or 10 out of 10, but now it's a seven.

Neutral

I used ESET and Fortinet at my previous companies. 

Our deployments are on private cloud, hybrid, and on-premises. Deployment time depends on the tasks involved. Some are done in a few days and others can take six weeks.

The initial setup can be straightforward or complex. For one client, due to authentication methods, some users couldn't access their old clients.

One problem is its pricing because I was working in the government and it was too expensive for us to use our Microsoft products.

For protection, I like Microsoft Defender for Office 365 and ESET in this price range.

I work for a consulting company that implements security solutions. Defender for 365 helps clients weed out suspicious mail that contains phishing links or fails to meet other criteria in our policies. We set security policies and take action based on the severity of the threat. Defender has preset templates that we modify based on each company's requirements. 

Some of our customers use multiple Microsoft security solutions, and others have a mixture. For example, one of our customers must use CyberArk as their single sign-on solution. If our customers want to use another application, we have a procedure to implement and integrate that.

Our customers are satisfied with Defender for 365 because Microsoft products are easy to use and customize to meet the client's needs. Everything is in one place, so we can adjust policies as needed for phishing, DLP, ATP, or any other security features that our clients want to apply.

Defender allows you to prioritize threats based on severity. We can automate it to trigger alerts based on defined policies and send notifications to the appropriate teams. It may be a security incident or a performance issue like disk, memory, or hardware utilization. We'll set a threshold value for each alert. 

Prioritization is essential, but each customer has different priorities based on their requirements. For example, some customers need to monitor servers, and some don't. We have to implement a policy based on what the customer uses. We want everything to be secure and implement security everywhere.

Microsoft has the latest threat information from around the world. They have a central repository that is constantly updated to address emerging threats and secure customers against them.

Customers can save time and money by implementing the Microsoft package because it's easy to implement. Defender streamlines detection and response. Everything is on the cloud, and you can get a complete picture of your environment from one console. 

Defender for 365 provides a single integrated platform for securing and managing Office 365 solutions like Microsoft Exchange, SharePoint, Microsoft Teams, etc. Sentinel is included in the same security package. It provides continuous monitoring and alerts.

Microsoft security solutions work together to provide comprehensive protection. They are regularly updating the threat database, and we can detect any novel threats on all the endpoints within the cloud. We have policies in place to relocate affected devices to a sandbox, and we can restore it after clearing it.

Microsoft's security solutions work as expected. They are constantly updating the solutions to make them better. At the same time, the changes can impact a customer's environment, and we need to adjust settings. Sometimes we aren't aware of the changes, and nothing is pushed from the backend automatically. 

I have used Microsoft Defender security products for three years. 

Defender is stable. Microsoft guarantees 99.9 percent availability. 

Defender is scalable. 

I rate Microsoft's support a nine out of ten. Their support engineers are highly experienced people. They provide accurate and straightforward suggestions. Sometimes, they need to take time to consult with the backend team and return with a solution. Microsoft offers various levels of support depending on the package you've purchased. Microsoft support can help you investigate issues or root causes, and they will assist you if you get stuck during implementation. 

Positive

I've also worked with Symantec ATP and DLP.

Deploying Defender is straightforward once the client is ready to be onboarded. Before that happens, the sales and technical teams have to demonstrate that the solution meets the customer's requirements. Once the customer purchases the license, Defender will appear in their console. They only need to log in and verify the purchase. The only other setup is configuration. Defender is a cloud-based solution, so it requires no regular maintenance. We will open a ticket if there are any significant outages or performance problems. 

Microsoft Defender is expensive. I typically recommend it only if clients have the budget. Otherwise, I would suggest an alternative. 

I rate Microsoft Defender for Office 365 an eight out of ten. Microsoft covers most security areas, and Azure has a complete infrastructure solution. If someone is willing to learn cloud security, I would prefer an Azure-based security solution.

I recommend Defender for 365 depending on a client's security needs. We need to consult with them to learn about their requirements. 

We use it to monitor user behavior and activity. It also gives us analytics to protect the user identities and extensions stored in Active Directory. For one of the instances that we are managing, we have to sync it with Active Directory and protect user identity.

It is a basic SecOps tool. It has not increased or improved anything specifically for our organization, but I see it as a must-have for security ops.

It can help automate routine tasks and finding of high-value alerts. Our security operations are not very high-volume, but from the angle of process efficiency, it is definitely a very beneficial product.

Defender for Office 365 has helped eliminate having to look at multiple dashboards and that is the aspect I like most about it. It is simpler, effective, and convenient. The users like the process efficiency.

And there are a couple of aspects, time-wise. One is that the documentation makes everything so easy that we were able to understand it without much external support. The second is how it automates the process and gives everything in one console. It is helping us with process efficiency. I would estimate it is saving us 10 to 15 man-hours per month. But it is more an issue of process efficiency and having the right process in place. It is not for time-savings, primarily.

And it is likely to help us with our time to detect and respond, although we haven't faced one threat yet.

It's a little early to tell which features are most valuable, but by default, it gives analytics on user behavior. We have not been able to leverage it fully, but that is one of the interesting features. It's also very simple to use. The documentation has made it quite easy to implement and our team has been able to understand it.

And while we haven't had even one threat incident yet, functionality-wise, Defender for Office 365 can proactively detect threats and prevent them. It is not just a reactive mechanism.

One area for improvement is integration. For example, when it comes to external SaaS platforms, we were not able to get a lot of information on integrations with such apps for security and authentication. The awareness of ecosystem information that is provided needs to be better.

We implemented Microsoft Defender for Office 365 over the last month.

The stability of Defender for Office 365 is competitive.

It is very scalable. I've seen implementations in organizations with thousands of employees.

For us, it is being used across endpoints for all the users in our organization, and it is multi-geographic as well. We are a small organization with only 10 users.

Microsoft technical support is very good. For this particular product we have not reached out to them, but otherwise, we find Microsoft support to be quite good. 

The product itself is so good that we rarely have to raise a support ticket. The product and documentation are self-explanatory and we are able to troubleshoot things ourselves.

Positive

If we had compared it with other vendors, then I would have more to say about the cost, but we didn't. However, standalone, the cost is convenient.

We did not explore other vendors. This was a default choice for us.

We have not faced any incidents so we are not able to comment on how well it handles them. But in our organization, we are using basic antivirus software and that aspect is covered in that solution as well. It also has functionality for prioritizing threats but we have not implemented it.

The solution does not require much maintenance. There is the setup and it is mainly a matter of monitoring after that.

When you consider a best-of-breed strategy versus a single vendor's security suite, I prefer a single vendor because of the failure points. If there are interconnected failure points, there is a single vendor to work with to fix them and identify the gaps. And when it is within the same ecosystem, the product releases are compatible with each other and, together, give us more value. While a multi-vendor strategy has its benefits, if we stick to a single vendor for the entire stack, it is a better scenario in which to manage and monitor.

If you're using Office 365, Defender for Office 365 is the default primary choice. There are no shortcomings in it, that I have seen, that should make someone look for an alternate solution. It is the default choice for this particular use case and it serves its purpose.

Safe attachments, safe links, policies, and the ability to protect from zero-day threats are the most valuable features.

In some situations, it has not been able to pick impersonated emails having no attachments. Technical support definitely has a scope for improvement.

I have been using this solution for the last one year. I have its latest version.

It is stable. We didn't find any issues with that.

It is highly scalable. We have deployed for around 7,000 accounts.  Performance is not impacted.

Their technical support can definitely be improved. They can avoid using templatized response.

We had basic Exchange Online Protection. 

It was easy to configure and with one/two skilled the ongoing maintenance can be handled. 

It has a simple interface to configure and manage. From the pricing point of view, like any other product in the market, there is scope for negotiation. 

Before we chose to settle with this product, we experimented with Cisco, Forcepoint, etc.

I would advise others to do a proof of concept for at least a month before taking a decision.

I would rate Microsoft Defender for Office 365 a eight out of ten.