Microsoft Defender for Office 365 Reviews

We use Defender with Sentinel to investigate user activity on Office 365 applications.

Defender enables us to secure all 365-related activity from a single place. It gives us visibility into everything happening in Outlook, protecting us against phishing and other email-based threats. Defender helps us detect any suspicious behaviors.

The solution helps us automate some tasks. For example, instead of going through alerts one at a time, we can ping using Sentinel, and everything will be reduced to one group because it is already done in Defender. I don't need to write a KQL or investigate everything. It reduces the time spent and helps me to prioritize. Sentinel usually resolves the low-level alerts on its own, so I don't need to spend much time. 

Defender lets us consolidate dashboards, so we can see all the information we need in one place. It's time-consuming to switch between multiple dashboards to find what you need. 

The solution's threat intelligence helps us stay on top of new attacks. Novel threats are flagged in Microsoft Defender. It will show you what to look for, and you can learn the recommended remediation steps, so you can take steps to mitigate risk before the issue occurs.

It reduces the work we need to do for our clients because we can quickly find the information we need and take action. Every alert takes some time to respond to. If we see something suspicious, we can gather all the details and provide them to the client. We do about 90 percent of the work; the other 10 percent is the client's responsibility. 

Defender provides all the details and evidence we need about an incident, so you don't need to look for it. Once you enter the tab, you get all the information about the user's activity and everything you need to know within the alert. 

It also helps us identify vulnerabilities. When a new threat is discovered, Defender will flag the client's vulnerable assets and tell us what needs to be patched. That is helpful information to share with our clients. They can patch the vulnerability before being affected. 

Microsoft Defender enables us to prioritize threats. It's crucial because if we ignore critical alerts, we might miss a severe vulnerability, and the user host could be affected if that happens. We must prioritize alerts to address the ones with the highest risk first. Next, we move on to the medium or low-risk alerts and the purely informational notifications. 

We use Defender for 365 with Defender for Cloud and Sentinel. Microsoft Defender for Cloud is primarily for checking the client's security posture. Sentinel ingests data from our entire ecosystem and helps us correlate events from the logs to understand user activity better. 

We can run queries on user behavior or check the logs for any activity related to the alert. Integrating Sentinel and Defender is vital because getting the information from the logs is much easier. We don't need to look at the metadata because we can see the events in a structured format. A few of the alerts can always be resolved by SIEM analysis. If it isn't a high-priority alert, Sentinel can clear it. 

Having everything available in one place is helpful for our investigation. We can forward those details to our clients so they can take action. All the information is in the logs. 

Sentinel allows us to analyze user behavior and assign user risk based on patterns. For example, we can see if a user attempts to log in with an abusive IP. It detects the behavior, so we don't need to search the logs or look through the threat intel. Sentinel gives us a report of all the risky users. The sign-in logs and audits are neatly formatted so we can click through instead of searching manually.

Microsoft sometimes has downtime, and we'll get several incidents coming back-to-back. We have a huge backlog of notifications, many of which may be false positives. However, there might be serious alerts, so we can't risk dismissing all of them at once.

A few days ago, we had an issue where everything that came into the user's mailbox was flagged. We got hundreds of notifications. It was problematic for us, but the investigation was easy. 

I have used Defender for 365 for around six months.

I rate Defender for 365 an eight out of ten for stability. 

I rate Defender a nine out of ten for scalability. 

I rate Microsoft's support a nine out of ten. 

Positive

I rate Microsoft Defender for Office 365 a nine out of ten. We work in more of an investigative role. Defender helps us automate many tasks. It's better to go with a single vendor instead of a best-of-breed strategy. 

I use it for email security and to scan for phishing attempts. I use it for endpoint security as well and scan for any malicious activities, such as viruses, malware, or possible ransomware; to prevent any kind of malicious activity. I also use it to investigate and respond to malicious activity.

So far, it has helped with how we organize data flow within our IT department and has given us increased visibility.

The solution has also eliminated having to look at multiple dashboards. Reconnaissance, or data gathering, is very important, and the speed at which we gather data is very important when responding to a threat.

It saves me time because I don't have to go from one tool to the next, or one dashboard to the next to get similar information. Now, I just log in one time to my Azure portal and I can get everything I need from there. It also assists with email alerts because they are consolidated and very simplified. We don't have different tools sending alerts. It's just one tool sending them and they differentiate based on what is going on. That has really been awesome.

The threat intelligence also helps prepare us for potential threats before we encounter them. We see recommendations and predictions from their SIEM.

The anti-phishing component and the investigation consoles that Microsoft gives you with this product are the most valuable features. The consoles are very detailed and mostly accurate. There are fewer false positives than in other products that I've used.

It also gives me good visibility because, with Defender, I'm using a Microsoft product to defend Microsoft products. The integration was really seamless and I have wide visibility because it picks up almost everything. Literally, I can see almost every activity that happens, from the email to the workstation itself. It's a really awesome product in terms of giving me visibility into what's happening with the endpoints in my corporate environment.

On the investigation console, it shows the form of attack vectors that I may be exposed to and it prioritizes things based on the risk factor. I know what to give priority to when it comes to remediation and prevention.

In addition to Microsoft Defender for Office 365, we use Sentinel and ATP. They are all integrated. I wouldn't be the best person to speak about the integration process itself because I had huge assistance with that aspect. But I'm assuming it was not too tough because that part of the project was pretty quick. It's all license-based, so it's not that difficult.

These products work together, natively, to deliver detection and response in a coordinated way. Whatever is reflected in one of them can be seen through evidence in the other tools. For example, if there's an email threat in an attachment and it is downloaded, Defender continues to pick up the trail from there and resolves the threat.

One aspect of Sentinel that is very important is that it enables us to ingest data from our entire ecosystem. Sentinel is like having built-in AI that analyzes everything that goes on in the environment. The feedback from Sentinel is very important, so it's very important that it has 100% visibility into the environment. It helps us to make a lot of logical decisions.

Sentinel also helps us to investigate threats and respond in an integrated way from one spot. That is important because the speed at which you respond to a threat is very important. The longer you take, the harder the threat will be to dissolve. The quicker the response, the better it is when it comes to remediating the attack or undoing the damage, and keeping downtime to a minimum.

And the AI technology of Sentinel has helped to automate finding high-risk alerts. The alerts are prioritized based on the risk factor.

We recently implemented Microsoft Defender for Office 365 and have been using it for about two months.

It's pretty stable. There's nothing on-prem except for the agents. They are the only thing you have to worry about. Everything else is in the cloud, so you don't have the responsibility of downtime when it comes to security.

One area for improvement is support, in terms of being able to reach them and, especially, technical support for configuration.

Neutral

The solution could be better by simplifying the business model of their licensing. It was hard to figure out how to get the licensing done for the environment, initially. That was the only hiccup we had when we enrolled with Microsoft for security.

We tried Cybereason and SimplySecure. We also tried SentinelOne and it was really good. The reason we chose to go with Microsoft was the added features for securing our email tenant.

Sentinel is pretty cost-effective compared to other solutions because, with Microsoft, we get multiple products for a holistic, cheaper subscription price. The things we would have to purchase from different vendors are the things that Microsoft gives us all in one. Instead of paying Splunk for a SIEM, and paying Fortinet for EDR, we can have a subscription-based solution at a cheaper rate from Microsoft, which is an all-in-one solution.

They really keep up to date with the definitions and upcoming threats that are out there and are doing a pretty good job of defending us, in comparison to other products. They're really catching on. Before, I wasn't a Microsoft person, but I'm slowly getting there because these products have really assisted me of late. They have given me a lot of perspectives on security in general.

It's a good solution for enrolling all your devices. You can have Mac, Windows, and Linux in your console for security visibility. Once your alerts are configured correctly, you shouldn't be missing anything. It's really good for getting alerts to you about anything anomalous.

We are using Microsoft Defender for Office 365 to avoid spam, malware, and similar threats.

Microsoft Defender for Office 365 helps us prioritize threats across our enterprise. I am able to let the system fix the malware while I focus on other tasks.

Microsoft Defender for Office 365 automates routine tasks and highlights critical alerts, significantly improving our security operations. This automation saves us time by reducing repetitive tasks, allowing us to focus on developing new services instead of solely on security operations.

The threat intelligence feature helps us take proactive steps to prevent threats.

Microsoft Defender for Office 365 saves us time and money and has helped decrease the time to detection and response.

It has helped us to avoid malware in the system and prevent unwanted emails from entering our system.

The most valuable aspect of Microsoft Defender for Office 365 is its ability to protect us from malware. This has effectively helped us avoid malware in the system and keep out unwanted emails. It allows us to spend less time on repeated tasks, enabling us to develop new services.

The changes to customer service, specifically the new model for support agreements, are not favorable. We have to pay $600 for every instance, making it too expensive. We might need to look at other support options.

I have been using Microsoft Defender for Office 365 for over ten years.

Microsoft Defender for Office 365 is stable. It's doing what it's supposed to do.

The solution is scalable. Microsoft Defender for Office 365 is flexible with other security products we use. Our usage depends on Microsoft adding features.

We have a premier support agreement. Initially, it worked well, but the new model, where we have to pay for every instance, is not satisfactory.

Positive

We used alternative solutions prior to implementing Microsoft Defender for Office 365. We selected it due to its superior integration with our existing security infrastructure.

The implementation was completed in-house.

We evaluated other solutions before switching to Microsoft Defender for Office 365.

I would rate Microsoft Defender for Office 365 ten out of ten.

The big things we take advantage of are Safe Links for Teams, SharePoint, and Email. We have office locations all over the world. We are in New Zealand, Africa, Europe, the USA, and South America. We have deployed the license for every single person with a mailbox.

Since we have started using the solution, there have been fewer compromises. We're more secure having Safe Links.

It is a high-impact tool. It keeps users from doing anything wrong.

The product must provide better malware detection. The detection algorithms don't perform the way I hope they would.

I have been using the solution for three years.

The tool has 100% stability. It has never been down.

The tool is deployed globally in our tenants. It is scalable. We have about 5500 licenses.

Most of the time, I can get what I need from the support. Sometimes, it is a hit or miss. It is not always straightforward. I often state my problem clearly, and then the support person asks me to explain it again. They must read what I've already written when I opened the ticket. All the details are right there. Far too often, the support personnel do not read the ticket I raise.

Neutral

The initial deployment was pretty simple. We were already under a microscope, so we were pressured. I had to learn what I wanted. We had to deploy the product quickly. We use both AWS and Azure as our cloud providers.

The pricing is too much compared to other security products that do the same things. The product is very expensive. I have a hard time demonstrating more value out of it.

We didn't evaluate anybody else. We had been compromised, so we decided to buy the product.

We get a lot of good visibility. When we look for something, it's pretty easy to see the IP from which the user signed in. We get to know where the person is logging in from. It lets us know quickly whether a particular IP should be logged in at a particular time.

The solution does not help us prioritize threats. It helps us mitigate some of the threats we identify. I don't think prioritization is important. Whoever makes the most has the highest priority.

The solution’s threat intelligence helps us take proactive steps, especially with Safe Links. It helps us track down and look at logs, see what document libraries a threat might have gone to, and try to review the exposed data and potentially exfiltrate it.

The solution has saved my company's money. The tool has decreased our time to respond by a couple of hours per incident. I don't have to involve my network or security teams. We could click through to determine whether an access is legitimate. There may be more cost-effective solutions in the market.

Overall, I rate the solution a nine out of ten for its functionality.

We use Microsoft Defender for Office 365 for our external developers. 

The tool offers the best experience to meet international contractors. 

Microsoft Defender for Office 365 helps people to work remotely. It is a secure solution. We don't need to use our company's computers or get VPN connections to the networks. I can control how they share screens and what they send to the devices. It keeps our organizations confidential and sensitive information safe. 

Microsoft Defender for Office 365 is scalable. 

Microsoft Defender for Office 365's deployment is straightforward. 

The product is expensive. 

The flexible tool helps hide windows from people trying to control the PC's remote. I rate it a seven out of ten. 

We primarily use the solution for security purposes. 

Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect our organization against unknown malware and viruses by providing robust zero-day protection and includes features to safeguard our organization from harmful links in real-time. Defender for Office 365 has rich reporting and URL trace capabilities that give us (administrators) insight into the kind of attacks happening in our organization. We can discover how Defender for Office 365 can help in define protection policies, analyze threats to our organization, and respond to attacks.

Defender for Office 365 can help your organization configure policies, analyze threats to your organization and respond to attacks.  It is important to note that there are different levels of protection and capabilities depending upon which version of Office365 license you have. The best features we found most valuable are Forwarding Report, Safe Attachment Files Types, Treat Protection Status, Malware Detected in Email, URL Threat Protection and many more.

The custom alerts have to improve a lot. Though the system is very good, we have to go and check inside the admin panel to look at all kinds of reports. We won't get any mail alerts that highlight for us, for example, "today this many of spam attacks have happened". Or "these many emails have been blocked." We have to manually go into the admin panel and have to check it out. It would be nice if there are custom email notifications/alerts.

Right now, there are additional features such as mobile device management and data loss prevention, or eDiscovery (where the admin scans through the inboxes and see all your mail and notes any deviation) that are only currently available under the E5 license. You can't get these services as part of a base plan. In the future, it would be nice if they were added as part of the base plan as well.  

We've been using the solution for two years at this point. 

In terms of Scalability, Microsoft has heavily invested in scalability and security of its Microsoft 365 platform in the last few years.

Since it is a cloud based solution, at any point of time we can upgrade the number of users without any hassle and there is no user cap limit.

Currently, we have 350 users at this time.

The technical support is good. However, for us, personally, we didn't had any serious issues to contact with the technical support team as most of the errors or issues we faced we easily resolved from documentation from Microsoft website. 

We have been using Fortinet Mail however, later on, we went with the Office 365 Email Protection Plan. The main reason for switching is before we were using G-Suite from google for emailing solution and later on we shifted to Office 365 and the Defender is an inbuilt feature provided by microsoft.

The initial setup is so easy and the Microsoft Help Center is available to assist as necessary. In our case, we just went through the documentation which was provided on the Microsoft website and based on the document, we were able to easily configure it.

We implemented it in-house and no support was taken from vendor. Everything is in the documentation of Microsoft Website.

The pricing is pretty good and was a major factor in choosing it. The pricing is reasonable when compared with Cisco or some other products.

If it is an IT company, the budget allocation will be more and focused on the IT part. However, when it comes to a manufacturing company, the budget focus will be more on manufacturing and the budget allocation will be very low in terms of IT. 

For us Office 365 was better in terms of Pricing.

Before choosing this solution, we had evaluated Cisco. I just visited your site and I just downloaded that datasheet. I compared it to Office 365 Mail Protection. Both are good, however, in terms of the pricing part, Office 365 was better choice.

No matter what ever solution we take be it Google/ Cisco/ Microsoft, every one provided the same security. However there would be some features differ based on the plan/license we take.

With my personal experience, If you don't have any budget constraints go for Google or Cisco.
If you are on a low budget and if you want a solution that needs to be suitable for your business, then you can go for Microsoft.

I'd rate the solution at an eight out of ten.

I use it for investigating incidents.

It has helped eliminate looking at multiple dashboards, which is very useful. During the investigation of incidents, it helps in making reports.

It has saved me time and my nerves. It has also likely saved us money by blocking unexpected threats. It has also definitely decreased our time to detection and time to respond. 

I like its investigation capabilities, as that is what is most important to me. It is fairly simple with a user-friendly interface. 

Also, all Microsoft products can be used with each other, as opposed to other vendors' products that cannot be used with each other.

They have moved features from one console to another. Things have been moved around in the interface and it takes me time to find where certain features are. 

I've been working with Microsoft 365 for two years.

It's a stable solution. I have only had one serious incident, a few months ago, when Microsoft wrote that there were some difficulties with networking.

It's scalable and this is important. I have had clients with 10 to 20 users and others with a few thousand.

Unfortunately, support has become difficult. Very often I get a hyperlink from Microsoft as an answer, but I only submit requests after I have read all the information that is available. My questions are not simple. In the past, I would have rated their support a nine or 10 out of 10, but now it's a seven.

Neutral

I used ESET and Fortinet at my previous companies. 

Our deployments are on private cloud, hybrid, and on-premises. Deployment time depends on the tasks involved. Some are done in a few days and others can take six weeks.

The initial setup can be straightforward or complex. For one client, due to authentication methods, some users couldn't access their old clients.

One problem is its pricing because I was working in the government and it was too expensive for us to use our Microsoft products.

For protection, I like Microsoft Defender for Office 365 and ESET in this price range.

I work for a consulting company that implements security solutions. Defender for 365 helps clients weed out suspicious mail that contains phishing links or fails to meet other criteria in our policies. We set security policies and take action based on the severity of the threat. Defender has preset templates that we modify based on each company's requirements. 

Some of our customers use multiple Microsoft security solutions, and others have a mixture. For example, one of our customers must use CyberArk as their single sign-on solution. If our customers want to use another application, we have a procedure to implement and integrate that.

Our customers are satisfied with Defender for 365 because Microsoft products are easy to use and customize to meet the client's needs. Everything is in one place, so we can adjust policies as needed for phishing, DLP, ATP, or any other security features that our clients want to apply.

Defender allows you to prioritize threats based on severity. We can automate it to trigger alerts based on defined policies and send notifications to the appropriate teams. It may be a security incident or a performance issue like disk, memory, or hardware utilization. We'll set a threshold value for each alert. 

Prioritization is essential, but each customer has different priorities based on their requirements. For example, some customers need to monitor servers, and some don't. We have to implement a policy based on what the customer uses. We want everything to be secure and implement security everywhere.

Microsoft has the latest threat information from around the world. They have a central repository that is constantly updated to address emerging threats and secure customers against them.

Customers can save time and money by implementing the Microsoft package because it's easy to implement. Defender streamlines detection and response. Everything is on the cloud, and you can get a complete picture of your environment from one console. 

Defender for 365 provides a single integrated platform for securing and managing Office 365 solutions like Microsoft Exchange, SharePoint, Microsoft Teams, etc. Sentinel is included in the same security package. It provides continuous monitoring and alerts.

Microsoft security solutions work together to provide comprehensive protection. They are regularly updating the threat database, and we can detect any novel threats on all the endpoints within the cloud. We have policies in place to relocate affected devices to a sandbox, and we can restore it after clearing it.

Microsoft's security solutions work as expected. They are constantly updating the solutions to make them better. At the same time, the changes can impact a customer's environment, and we need to adjust settings. Sometimes we aren't aware of the changes, and nothing is pushed from the backend automatically. 

I have used Microsoft Defender security products for three years. 

Defender is stable. Microsoft guarantees 99.9 percent availability. 

Defender is scalable. 

I rate Microsoft's support a nine out of ten. Their support engineers are highly experienced people. They provide accurate and straightforward suggestions. Sometimes, they need to take time to consult with the backend team and return with a solution. Microsoft offers various levels of support depending on the package you've purchased. Microsoft support can help you investigate issues or root causes, and they will assist you if you get stuck during implementation. 

Positive

I've also worked with Symantec ATP and DLP.

Deploying Defender is straightforward once the client is ready to be onboarded. Before that happens, the sales and technical teams have to demonstrate that the solution meets the customer's requirements. Once the customer purchases the license, Defender will appear in their console. They only need to log in and verify the purchase. The only other setup is configuration. Defender is a cloud-based solution, so it requires no regular maintenance. We will open a ticket if there are any significant outages or performance problems. 

Microsoft Defender is expensive. I typically recommend it only if clients have the budget. Otherwise, I would suggest an alternative. 

I rate Microsoft Defender for Office 365 an eight out of ten. Microsoft covers most security areas, and Azure has a complete infrastructure solution. If someone is willing to learn cloud security, I would prefer an Azure-based security solution.

I recommend Defender for 365 depending on a client's security needs. We need to consult with them to learn about their requirements.