Microsoft Defender for Office 365 Reviews

I use it for investigating incidents.

It has helped eliminate looking at multiple dashboards, which is very useful. During the investigation of incidents, it helps in making reports.

It has saved me time and my nerves. It has also likely saved us money by blocking unexpected threats. It has also definitely decreased our time to detection and time to respond. 

I like its investigation capabilities, as that is what is most important to me. It is fairly simple with a user-friendly interface. 

Also, all Microsoft products can be used with each other, as opposed to other vendors' products that cannot be used with each other.

They have moved features from one console to another. Things have been moved around in the interface and it takes me time to find where certain features are. 

I've been working with Microsoft 365 for two years.

It's a stable solution. I have only had one serious incident, a few months ago, when Microsoft wrote that there were some difficulties with networking.

It's scalable and this is important. I have had clients with 10 to 20 users and others with a few thousand.

Unfortunately, support has become difficult. Very often I get a hyperlink from Microsoft as an answer, but I only submit requests after I have read all the information that is available. My questions are not simple. In the past, I would have rated their support a nine or 10 out of 10, but now it's a seven.

Neutral

I used ESET and Fortinet at my previous companies. 

Our deployments are on private cloud, hybrid, and on-premises. Deployment time depends on the tasks involved. Some are done in a few days and others can take six weeks.

The initial setup can be straightforward or complex. For one client, due to authentication methods, some users couldn't access their old clients.

One problem is its pricing because I was working in the government and it was too expensive for us to use our Microsoft products.

For protection, I like Microsoft Defender for Office 365 and ESET in this price range.

I work for a consulting company that implements security solutions. Defender for 365 helps clients weed out suspicious mail that contains phishing links or fails to meet other criteria in our policies. We set security policies and take action based on the severity of the threat. Defender has preset templates that we modify based on each company's requirements. 

Some of our customers use multiple Microsoft security solutions, and others have a mixture. For example, one of our customers must use CyberArk as their single sign-on solution. If our customers want to use another application, we have a procedure to implement and integrate that.

Our customers are satisfied with Defender for 365 because Microsoft products are easy to use and customize to meet the client's needs. Everything is in one place, so we can adjust policies as needed for phishing, DLP, ATP, or any other security features that our clients want to apply.

Defender allows you to prioritize threats based on severity. We can automate it to trigger alerts based on defined policies and send notifications to the appropriate teams. It may be a security incident or a performance issue like disk, memory, or hardware utilization. We'll set a threshold value for each alert. 

Prioritization is essential, but each customer has different priorities based on their requirements. For example, some customers need to monitor servers, and some don't. We have to implement a policy based on what the customer uses. We want everything to be secure and implement security everywhere.

Microsoft has the latest threat information from around the world. They have a central repository that is constantly updated to address emerging threats and secure customers against them.

Customers can save time and money by implementing the Microsoft package because it's easy to implement. Defender streamlines detection and response. Everything is on the cloud, and you can get a complete picture of your environment from one console. 

Defender for 365 provides a single integrated platform for securing and managing Office 365 solutions like Microsoft Exchange, SharePoint, Microsoft Teams, etc. Sentinel is included in the same security package. It provides continuous monitoring and alerts.

Microsoft security solutions work together to provide comprehensive protection. They are regularly updating the threat database, and we can detect any novel threats on all the endpoints within the cloud. We have policies in place to relocate affected devices to a sandbox, and we can restore it after clearing it.

Microsoft's security solutions work as expected. They are constantly updating the solutions to make them better. At the same time, the changes can impact a customer's environment, and we need to adjust settings. Sometimes we aren't aware of the changes, and nothing is pushed from the backend automatically. 

I have used Microsoft Defender security products for three years. 

Defender is stable. Microsoft guarantees 99.9 percent availability. 

Defender is scalable. 

I rate Microsoft's support a nine out of ten. Their support engineers are highly experienced people. They provide accurate and straightforward suggestions. Sometimes, they need to take time to consult with the backend team and return with a solution. Microsoft offers various levels of support depending on the package you've purchased. Microsoft support can help you investigate issues or root causes, and they will assist you if you get stuck during implementation. 

Positive

I've also worked with Symantec ATP and DLP.

Deploying Defender is straightforward once the client is ready to be onboarded. Before that happens, the sales and technical teams have to demonstrate that the solution meets the customer's requirements. Once the customer purchases the license, Defender will appear in their console. They only need to log in and verify the purchase. The only other setup is configuration. Defender is a cloud-based solution, so it requires no regular maintenance. We will open a ticket if there are any significant outages or performance problems. 

Microsoft Defender is expensive. I typically recommend it only if clients have the budget. Otherwise, I would suggest an alternative. 

I rate Microsoft Defender for Office 365 an eight out of ten. Microsoft covers most security areas, and Azure has a complete infrastructure solution. If someone is willing to learn cloud security, I would prefer an Azure-based security solution.

I recommend Defender for 365 depending on a client's security needs. We need to consult with them to learn about their requirements. 

We mainly use it to identify software vulnerabilities. It reports all the software vulnerabilities installed in our web stations and servers.

With Defender for Office 365, we have been able to increase the security posture across our organization. Within the first month of using this product, we realized that benefit.

When it comes to software vulnerabilities, we can target them and update the software as soon as we see that there is a vulnerability. And then we can make sure that they are updated and check that the update process was successful within a different department. That has really helped us improve our productivity.

The solution saves us time because we don't have to go here and there to identify things. It's a single portal that has all the details we need. Their support is also good. These features have, again, helped us improve our productivity a lot. It saves us about 25 percent of our time.

It has also saved us money because we don't have to pay for other security products like Nessus. This solution has almost everything we got from other products, so we don't have to go for an additional solution. It's saving us about 50 percent, cost-wise.

Our time to detect threats has decreased. With products like Nessus, until their scan runs, we are not aware whether a threat is fixed or not. But with Defender, within one to two hours that information is reflected. With Nessus, sometimes we had to wait a day to see that information reflected in the portal. Because we are aware of issues earlier, we can act on them sooner.

The most valuable feature is the score. By looking at the score, you can identify if you are at risk or not.

It also gives the vulnerability status according to the versions you have selected. Let's say you have Google Chrome. It mentions the versions it has, and it updates. Within two hours of an update, it is reflected in the dashboard. That's really nice to have.

It gives me everything I need, visibility-wise. It also helps prioritize threats across our enterprise and that's very important. That means we can identify the critical vulnerabilities first and keep an eye on other vulnerabilities. By looking at the dashboard, I immediately get an idea of how critical an issue is and we can fix vulnerabilities before they result in an attack.

It has also helped eliminate looking at multiple dashboards, giving us one XDR dashboard, which has made our security operations really easy. We can also create internal tickets within the portal itself. We can assign them to people and see how long it took them to close the tickets. That makes things really easy.

In one of the reports, I can get the exact place where a vulnerable file resides. But for that, I need to explicitly go into the device and check. If they could include that file part in the report, without my having to go to the device itself, that would help.

I have been using Microsoft Defender for Office 365 for about two years.

It is stable.

There are bugs here and there, but they have been able to rectify them.

It's scalable. It discovers almost all of the workstations and servers across our organization. We have about 3,000 endpoints.

Whenever we ask a question, they provide us with a solution. I'm happy with their technical support.

Positive

We previously used Nessus. We switched mainly because of the cost and the integration. With Nessus, we had to install an agent, but with Defender, since we were already using it, we could just turn it on with the cloud portal and deploy it very easily.

I wasn't involved in the initial setup, but in terms of maintenance, we push it through Windows Update so we don't have to explicitly do any updates.

I would recommend Microsoft Defender for Office 365. 

If you already have a deployment method, like CCM or something similar, it will be easy. Even if not, there are several other deployment methods that could support any scenario.

We already had an Office subscription, so we just started a trial and we were happy with it and we went with it.

In terms of a best-of-breed strategy rather than a single vendor security suite, a single vendor security suite is good when it comes to deployment and manageability. It's easy.

I use it for email security and to scan for phishing attempts. I use it for endpoint security as well and scan for any malicious activities, such as viruses, malware, or possible ransomware; to prevent any kind of malicious activity. I also use it to investigate and respond to malicious activity.

So far, it has helped with how we organize data flow within our IT department and has given us increased visibility.

The solution has also eliminated having to look at multiple dashboards. Reconnaissance, or data gathering, is very important, and the speed at which we gather data is very important when responding to a threat.

It saves me time because I don't have to go from one tool to the next, or one dashboard to the next to get similar information. Now, I just log in one time to my Azure portal and I can get everything I need from there. It also assists with email alerts because they are consolidated and very simplified. We don't have different tools sending alerts. It's just one tool sending them and they differentiate based on what is going on. That has really been awesome.

The threat intelligence also helps prepare us for potential threats before we encounter them. We see recommendations and predictions from their SIEM.

The anti-phishing component and the investigation consoles that Microsoft gives you with this product are the most valuable features. The consoles are very detailed and mostly accurate. There are fewer false positives than in other products that I've used.

It also gives me good visibility because, with Defender, I'm using a Microsoft product to defend Microsoft products. The integration was really seamless and I have wide visibility because it picks up almost everything. Literally, I can see almost every activity that happens, from the email to the workstation itself. It's a really awesome product in terms of giving me visibility into what's happening with the endpoints in my corporate environment.

On the investigation console, it shows the form of attack vectors that I may be exposed to and it prioritizes things based on the risk factor. I know what to give priority to when it comes to remediation and prevention.

In addition to Microsoft Defender for Office 365, we use Sentinel and ATP. They are all integrated. I wouldn't be the best person to speak about the integration process itself because I had huge assistance with that aspect. But I'm assuming it was not too tough because that part of the project was pretty quick. It's all license-based, so it's not that difficult.

These products work together, natively, to deliver detection and response in a coordinated way. Whatever is reflected in one of them can be seen through evidence in the other tools. For example, if there's an email threat in an attachment and it is downloaded, Defender continues to pick up the trail from there and resolves the threat.

One aspect of Sentinel that is very important is that it enables us to ingest data from our entire ecosystem. Sentinel is like having built-in AI that analyzes everything that goes on in the environment. The feedback from Sentinel is very important, so it's very important that it has 100% visibility into the environment. It helps us to make a lot of logical decisions.

Sentinel also helps us to investigate threats and respond in an integrated way from one spot. That is important because the speed at which you respond to a threat is very important. The longer you take, the harder the threat will be to dissolve. The quicker the response, the better it is when it comes to remediating the attack or undoing the damage, and keeping downtime to a minimum.

And the AI technology of Sentinel has helped to automate finding high-risk alerts. The alerts are prioritized based on the risk factor.

We recently implemented Microsoft Defender for Office 365 and have been using it for about two months.

It's pretty stable. There's nothing on-prem except for the agents. They are the only thing you have to worry about. Everything else is in the cloud, so you don't have the responsibility of downtime when it comes to security.

One area for improvement is support, in terms of being able to reach them and, especially, technical support for configuration.

Neutral

The solution could be better by simplifying the business model of their licensing. It was hard to figure out how to get the licensing done for the environment, initially. That was the only hiccup we had when we enrolled with Microsoft for security.

We tried Cybereason and SimplySecure. We also tried SentinelOne and it was really good. The reason we chose to go with Microsoft was the added features for securing our email tenant.

Sentinel is pretty cost-effective compared to other solutions because, with Microsoft, we get multiple products for a holistic, cheaper subscription price. The things we would have to purchase from different vendors are the things that Microsoft gives us all in one. Instead of paying Splunk for a SIEM, and paying Fortinet for EDR, we can have a subscription-based solution at a cheaper rate from Microsoft, which is an all-in-one solution.

They really keep up to date with the definitions and upcoming threats that are out there and are doing a pretty good job of defending us, in comparison to other products. They're really catching on. Before, I wasn't a Microsoft person, but I'm slowly getting there because these products have really assisted me of late. They have given me a lot of perspectives on security in general.

It's a good solution for enrolling all your devices. You can have Mac, Windows, and Linux in your console for security visibility. Once your alerts are configured correctly, you shouldn't be missing anything. It's really good for getting alerts to you about anything anomalous.

We are resellers of this solution and Microsoft partners. 

Defender for Office 365 helps in securing your users' email which is the number one method of compromise for most networks.

The solution does a thorough job of examining emails for malicious content and examines the URLs and potential malicious content in emails. It offers peace of mind with more real-time updates as far as what they're looking for as opposed to a signature-based solution. It's probably the most valuable feature in my mind. I've deployed it for a couple of clients in a 365 environment and it seems to be a pretty solid solution. 

This is not really a defined product. You have to go to a lot of different places to enable things so it would be nice if you could go to one tab that says 365 Defender for Office 365 or something similar. You would be able to make all the settings and changes there, rather than having to go to lots of different places in the admin center to get it configured.

Configuring Defender for Office 365 is not as easy as I would like but with some research and patience, you can tweak the solution to meet your needs. There are some pretty good articles online that assist in setting up Defender for Office 365 to meet your needs.

Creating a path for your Security Awareness Training (SAT) phishing tests to go around the Defender filtering is way too complex for our current solution KnowBe4. But I learned that is a KnowBe4 limitation. Phin SAT has a much easier method of injecting test phishing emails that do not require such acrobatics to configure.

I've been using this solution for two years. 

This is a stable solution. 

Defender is very scalable, it sits on the 365 environment so however big your 365 environment is, is how much you can expand. We've probably set up 300 or 400 users so far. There's no maintenance and you don't have to deploy updates. It's all taken care of in the background by Microsoft so it's pretty much set and forget it once you get it configured.

The support is mostly responsive, but I've had instances going for longer than a week that shouldn't have taken that long.

There's no specific solution I would relate to, Microsoft just seems like a cleaner solution as opposed to having a third party. We've used some other solutions in the past where we have to send the mail to that solution and then forward it from there to Microsoft. In this case, it all takes place in the Microsoft environment. 

Like most Microsoft products, it's not the easiest thing to get installed, but it seems to work once you have it deployed. You can easily do it in half a day, especially once you get familiar with it, but it's not particularly time-consuming. It's best to start out with more lenient definitions so you're not working on every mail, but we can tune it after that. Our in-house IT department deals with deployment. 

We haven't done any sort of analysis with regard to ROI, but in my mind, if you can stop one piece of ransomware or malware from getting onto your network, it's priceless.

The solution is not too expensive. 

This is the first option I tried. I'm considering looking into others to see if they are easier to set up and manage.

I'd highly recommend reading the documentation. It was pretty helpful in getting the solution set up.

I rate the solution an eight out of 10. 

We use it to monitor user behavior and activity. It also gives us analytics to protect the user identities and extensions stored in Active Directory. For one of the instances that we are managing, we have to sync it with Active Directory and protect user identity.

It is a basic SecOps tool. It has not increased or improved anything specifically for our organization, but I see it as a must-have for security ops.

It can help automate routine tasks and finding of high-value alerts. Our security operations are not very high-volume, but from the angle of process efficiency, it is definitely a very beneficial product.

Defender for Office 365 has helped eliminate having to look at multiple dashboards and that is the aspect I like most about it. It is simpler, effective, and convenient. The users like the process efficiency.

And there are a couple of aspects, time-wise. One is that the documentation makes everything so easy that we were able to understand it without much external support. The second is how it automates the process and gives everything in one console. It is helping us with process efficiency. I would estimate it is saving us 10 to 15 man-hours per month. But it is more an issue of process efficiency and having the right process in place. It is not for time-savings, primarily.

And it is likely to help us with our time to detect and respond, although we haven't faced one threat yet.

It's a little early to tell which features are most valuable, but by default, it gives analytics on user behavior. We have not been able to leverage it fully, but that is one of the interesting features. It's also very simple to use. The documentation has made it quite easy to implement and our team has been able to understand it.

And while we haven't had even one threat incident yet, functionality-wise, Defender for Office 365 can proactively detect threats and prevent them. It is not just a reactive mechanism.

One area for improvement is integration. For example, when it comes to external SaaS platforms, we were not able to get a lot of information on integrations with such apps for security and authentication. The awareness of ecosystem information that is provided needs to be better.

We implemented Microsoft Defender for Office 365 over the last month.

The stability of Defender for Office 365 is competitive.

It is very scalable. I've seen implementations in organizations with thousands of employees.

For us, it is being used across endpoints for all the users in our organization, and it is multi-geographic as well. We are a small organization with only 10 users.

Microsoft technical support is very good. For this particular product we have not reached out to them, but otherwise, we find Microsoft support to be quite good. 

The product itself is so good that we rarely have to raise a support ticket. The product and documentation are self-explanatory and we are able to troubleshoot things ourselves.

Positive

If we had compared it with other vendors, then I would have more to say about the cost, but we didn't. However, standalone, the cost is convenient.

We did not explore other vendors. This was a default choice for us.

We have not faced any incidents so we are not able to comment on how well it handles them. But in our organization, we are using basic antivirus software and that aspect is covered in that solution as well. It also has functionality for prioritizing threats but we have not implemented it.

The solution does not require much maintenance. There is the setup and it is mainly a matter of monitoring after that.

When you consider a best-of-breed strategy versus a single vendor's security suite, I prefer a single vendor because of the failure points. If there are interconnected failure points, there is a single vendor to work with to fix them and identify the gaps. And when it is within the same ecosystem, the product releases are compatible with each other and, together, give us more value. While a multi-vendor strategy has its benefits, if we stick to a single vendor for the entire stack, it is a better scenario in which to manage and monitor.

If you're using Office 365, Defender for Office 365 is the default primary choice. There are no shortcomings in it, that I have seen, that should make someone look for an alternate solution. It is the default choice for this particular use case and it serves its purpose.

Safe attachments, safe links, policies, and the ability to protect from zero-day threats are the most valuable features.

In some situations, it has not been able to pick impersonated emails having no attachments. Technical support definitely has a scope for improvement.

I have been using this solution for the last one year. I have its latest version.

It is stable. We didn't find any issues with that.

It is highly scalable. We have deployed for around 7,000 accounts.  Performance is not impacted.

Their technical support can definitely be improved. They can avoid using templatized response.

We had basic Exchange Online Protection. 

It was easy to configure and with one/two skilled the ongoing maintenance can be handled. 

It has a simple interface to configure and manage. From the pricing point of view, like any other product in the market, there is scope for negotiation. 

Before we chose to settle with this product, we experimented with Cisco, Forcepoint, etc.

I would advise others to do a proof of concept for at least a month before taking a decision.

I would rate Microsoft Defender for Office 365 a eight out of ten.

Defender for Office 365 protects Office 365, which is the industry standard office software suite. It is the only Microsoft security solution we use. We don't use any specialized features. It's a standard deployment. 

Defender helps us prioritize threats across our organization. Defender for 365 is highly efficient and saves us time. We save about 35 percent compared to other solutions. 

The pre-sales cost calculations could be more transparent. 

I have used Defender for Office 365 for the last three years.

We mostly rely on internal support at my organization. They are not certified by Microsoft, but they have some experience with Microsoft solutions. We contact Microsoft if we need additional support. I would rate them highly. 

Setting up Defender for 365 is straightforward, and we did it ourselves following the standard Office 365 setup. 

I rate Microsoft Defender for Office 365 an eight out of ten.