Microsoft Defender for Office 365 Reviews

We use Microsoft Defender for Office 365 for protection. 

Microsoft Defender for Office 365 has improved my organization's security. It makes it easier to manage the infrastructure without the help of third-party applications. 

The product helped us maintain collaboration and communication during the pandemic with the help of Teams. 

Microsoft Defender for Office 365 must improve the overall management style, including the GUI. It also needs to change the filters so that it is easy to whitelist and blacklist data. 

I have been using the product for six years. 

The product is stable. I rate it a ten out of ten. 

Microsoft Defender for Office 365 is scalable. I rate it a ten out of ten. 

The tool's support is good. 

Positive

Microsoft Defender for Office 365 is expensive but does what it says. 

Microsoft Defender for Office 365 is efficient and picks up threats before they pass on to the systems. 

The tool's automation has made us more efficient in our daily tasks. 

The solution saves much time since you don't have to reimage the computer after an attack. 

Our primary use case is for features like mail protection and preventing impersonation. It has extended the protection for the user.

What I don't like about Microsoft Defender for Office 365 is that many of the features should be default. They should be included, not optional, like other vendors provide.

I have been working with Defender for Office since the beginning. It's been evolving all the time.

I would rate the stability an eight out of ten. We noticed that from time to time, Microsoft does have problems. Sometimes the service goes up and down. Sometimes they change without prior notice. 

It is a scalable solution. Our organization has around a thousand users using Microsoft Defender for Office 365. 

Sometimes it's good. Sometimes it's bad. It's up and down.

The initial setup is straightforward. You just add the license, click it, and then you can set up the rules. It is quite simple. 

You can set it up in-house. 

The pricing has become expensive. 

Some customers want to use a monthly payment, but Microsoft recently changed its license policies. So we are encouraging most users to pay annually.

Overall, I would rate the solution a nine out of ten. I would definitely recommend using the solution. 

We have started using Defender on our endpoints, together with the basic Defender for email. We placed Defender on our endpoints through our XDR solution. It's connected to our SOC and the SIEM.

The fact that it's easy to integrate and implement has helped us to move forward with our project.

Also, on the clients, we have implemented automated identification and blocking, and these help our SOC team avoid doing manual work.

It gives us visibility into threats and, for endpoints, it helps us to prioritize threats. We used to have a lack of visibility, but now our time to detect and respond has decreased.

Also, in the beginning, Microsoft Defender for Office 365 saved us time because we had started a completely new company. Now that we are more established, we need another, more advanced solution with more machine learning and artificial intelligence related functionality.

About eight months ago, we started to measure the quantity of phishing and spam that we have been receiving, and it has been increasing a lot. That means that protection for our email is not as good as we were expecting.

Now that we have more visibility into threats, our orientation is to have a more top-market solution to give us more visibility and easier ways to respond to the threats that we find and also to identify threats better.

It is not really straightforward to get a lot of information from Microsoft Defender, so we have had to use Microsoft Graph to create some custom views to export custom information.

I have been using Microsoft Defender for Office 365 for four years.

The stability is really good. We have never had any problems related to Defender.

The scalability is also very good. It's easy to increase usage, but that's expected.

We are a multinational company, so we have multiple locations, including Brazil and several countries in Europe. We have about 470 end-users.

The technical support is really good. 

Positive

We used Symantec when we were part of a big company. We decided to use Microsoft because it is a fully integrated solution and was embedded in our licenses. We did not take into consideration all the features.

Our company was sold by that big company that we used to be part of and we then consolidated and created a new company about four years ago. We wanted to move forward, as fast as possible, with as much security as possible.

It was really straightforward to set up. We implemented it on our endpoint devices, and then we configured a lot of policies to manage and avoid threats, as well as policies for phishing and the cloud.

The maintenance is mostly related to fine-tuning phishing and other issues and is handled by one or two engineers, but it's not needed frequently.

It was done in-house, with two or three of our resources.

It is much more expensive than using another solution because we have had to include some options and upgrade our license. Be aware of the licensing model, because for certain features you need a different level of licensing.

We did not look at other options. The main reason we went with Microsoft was because of the complete integration.

If I were asked whether to go with a single vendor or multiple vendors for security, I would say use multiple vendors. We are using Microsoft for collaboration, email, chat, and security. It's like having the wolf secure your house. Having different vendors would help give you different visibility and data and different people managing different solutions.

We're an MSP, and we deploy security solutions to our clients based in the UAE. We are currently implementing the product ourselves and developing the capacity to deploy it to our clients. We have around 200 total end users. 

In addition to Defender for Office 365, we also use Defender for Cloud and Microsoft Sentinel. The products are integrated.    

The integration was straightforward, as most of our clients and we operate an Azure environment, so integration is usually as simple as a few clicks.

Defender for Office 365 helps automate routine tasks and find high-value alerts, which we can do using Azure Logic Apps. We can create operations, automate them, and make a workflow using automation. One of our clients didn't have the budget to invest in a SOC team, but we deployed the solution for them, and they now run a SOC with only one analyst. They can achieve this kind of maturity through the product's automation.   

The solution's threat intelligence helps prepare us for potential threats before they hit and take proactive steps. Sentinel also features robust threat hunting, which provides indicators of possible attacks and is beneficial information to have.   

Defender for Office 365 saved us time, we have seen many improvements to the product, and Microsoft regularly brings out new features. The tool is at a good point right now and is on the path to improvement. Time saved is in the region of 30-40%.  

It decreased our time for detection and response, especially with its SOAR capabilities. We can activate automated runbooks in a few clicks and block a malicious or unauthorized user in a single click. We rapidly receive alerts, which reduces our response time such that what once took at least an hour can now be resolved in minutes.   

The email protection is excellent, especially in terms of anti-phishing policies. 

The solution's information protection around sensitive labels and compliance-related security features are also very valuable.

Defender for Office 365 provides excellent visibility into threats; we can see the attacks and phishing campaigns running against our users from the portal.  

The product helps us prioritize threats across the enterprise, which is essential because most of our clients come to us with alert fatigue. They have so many alerts they often need help determining which ones to work on, and the solution's threat prioritization helps us narrow that down.  

The comprehensiveness of the threat protection provided by Microsoft security products is excellent; we wouldn't use any other third-party security solutions, and it all comes packaged with Azure or an E5 license.    

Microsoft Sentinel enables us to ingest data from our entire ecosystem, which is vital because when we deliver security products for clients, one of their primary requirements is to collect all the on-prem logs and put them in the cloud. Sentinel is capable of this and requires some expertise to operate in this way. 

Sentinel allows us to investigate threats and respond holistically from one place; that's what it's built for. We work offsite as we aren't in the same region as our clients, so the ability to respond remotely is essential to us.  

Several simulation options are available within 365, and the phishing simulation could be better.

I want to see improvements that will make the tool easier to operate. 

We've been using the solution for one year. 

The product is stable. 

Defender for Office 365 is scalable. 

We never had to contact technical support. When we encounter an issue, we can search for a solution on the internet or YouTube, for example, for specific configurations. There's excellent community support available.

We didn't previously use a different solution. When I joined the company, we were and remained Microsoft Gold Partners, so we don't have any other third-party tools.

I wasn't involved in the initial setup, and the solution is lightweight in terms of maintenance. A yearly configuration review is sufficient. 

Defender for 365 comes in various plans and licenses, along with other Microsoft security solutions. Purchasing this kind of package or security bundle gives good value for money, and that's what I recommend.

To a colleague who says it's better to go with a best-of-breed strategy rather than a single vendor's security suite, in terms of pricing, it's better to get a good package for security solutions from one vendor rather than multiple vendors.  

I rate the solution eight out of ten.

Multiple integrated Microsoft solutions work natively together to deliver coordinated detection and response across our environment, and we Microsoft Sentinel to our clients. It's a SIEM tool, and once we configure Defender, we can push alerts to Sentinel, which is valuable.   

We leverage Sentinel's SOAR capabilities with the help of Logic Apps, and many libraries are available to make automation easier. However, some complexity is involved in developing Logic Apps, so it requires some expertise.

The big things we take advantage of are Safe Links for Teams, SharePoint, and Email. We have office locations all over the world. We are in New Zealand, Africa, Europe, the USA, and South America. We have deployed the license for every single person with a mailbox.

Since we have started using the solution, there have been fewer compromises. We're more secure having Safe Links.

It is a high-impact tool. It keeps users from doing anything wrong.

The product must provide better malware detection. The detection algorithms don't perform the way I hope they would.

I have been using the solution for three years.

The tool has 100% stability. It has never been down.

The tool is deployed globally in our tenants. It is scalable. We have about 5500 licenses.

Most of the time, I can get what I need from the support. Sometimes, it is a hit or miss. It is not always straightforward. I often state my problem clearly, and then the support person asks me to explain it again. They must read what I've already written when I opened the ticket. All the details are right there. Far too often, the support personnel do not read the ticket I raise.

Neutral

The initial deployment was pretty simple. We were already under a microscope, so we were pressured. I had to learn what I wanted. We had to deploy the product quickly. We use both AWS and Azure as our cloud providers.

The pricing is too much compared to other security products that do the same things. The product is very expensive. I have a hard time demonstrating more value out of it.

We didn't evaluate anybody else. We had been compromised, so we decided to buy the product.

We get a lot of good visibility. When we look for something, it's pretty easy to see the IP from which the user signed in. We get to know where the person is logging in from. It lets us know quickly whether a particular IP should be logged in at a particular time.

The solution does not help us prioritize threats. It helps us mitigate some of the threats we identify. I don't think prioritization is important. Whoever makes the most has the highest priority.

The solution’s threat intelligence helps us take proactive steps, especially with Safe Links. It helps us track down and look at logs, see what document libraries a threat might have gone to, and try to review the exposed data and potentially exfiltrate it.

The solution has saved my company's money. The tool has decreased our time to respond by a couple of hours per incident. I don't have to involve my network or security teams. We could click through to determine whether an access is legitimate. There may be more cost-effective solutions in the market.

Overall, I rate the solution a nine out of ten for its functionality.

We use the solution to add and move staff when they leave to secure the laptops and other assets for the company. All our contractors work remotely.

The solution helps us prioritize threats across our entire enterprise. 

I found the prioritization to be effective for the amount I have used it.

The solution helps us automate routine tasks and find high-value alerts. We use automation to create printers in terms of notifications that notify us when a device is trying to gain access.

The solution saved us between 24 and 48 hours of time.

The solution saved us money.

We are a small Software as a Service company, so when we hire contractors for projects, we usually move on to a different contractor with the relevant expertise. This means we have a lot of contractors coming in and out of the company, and the solution helps to keep our platforms secure when they have finished working by removing their credentials.

The solution provides us with visibility into threats; however, there is room for improvement in the threat visibility, as it could be more granular, refined, and detailed.

The UI needs to be more user-friendly. Some of the dashboard views are hard to follow and make the reporting complicated.

I have been using the solution for two years.

The technical support is good and quick to resolve issues.

Positive

I give the solution a six out of ten.

We use it to monitor user behavior and activity. It also gives us analytics to protect the user identities and extensions stored in Active Directory. For one of the instances that we are managing, we have to sync it with Active Directory and protect user identity.

It is a basic SecOps tool. It has not increased or improved anything specifically for our organization, but I see it as a must-have for security ops.

It can help automate routine tasks and finding of high-value alerts. Our security operations are not very high-volume, but from the angle of process efficiency, it is definitely a very beneficial product.

Defender for Office 365 has helped eliminate having to look at multiple dashboards and that is the aspect I like most about it. It is simpler, effective, and convenient. The users like the process efficiency.

And there are a couple of aspects, time-wise. One is that the documentation makes everything so easy that we were able to understand it without much external support. The second is how it automates the process and gives everything in one console. It is helping us with process efficiency. I would estimate it is saving us 10 to 15 man-hours per month. But it is more an issue of process efficiency and having the right process in place. It is not for time-savings, primarily.

And it is likely to help us with our time to detect and respond, although we haven't faced one threat yet.

It's a little early to tell which features are most valuable, but by default, it gives analytics on user behavior. We have not been able to leverage it fully, but that is one of the interesting features. It's also very simple to use. The documentation has made it quite easy to implement and our team has been able to understand it.

And while we haven't had even one threat incident yet, functionality-wise, Defender for Office 365 can proactively detect threats and prevent them. It is not just a reactive mechanism.

One area for improvement is integration. For example, when it comes to external SaaS platforms, we were not able to get a lot of information on integrations with such apps for security and authentication. The awareness of ecosystem information that is provided needs to be better.

We implemented Microsoft Defender for Office 365 over the last month.

The stability of Defender for Office 365 is competitive.

It is very scalable. I've seen implementations in organizations with thousands of employees.

For us, it is being used across endpoints for all the users in our organization, and it is multi-geographic as well. We are a small organization with only 10 users.

Microsoft technical support is very good. For this particular product we have not reached out to them, but otherwise, we find Microsoft support to be quite good. 

The product itself is so good that we rarely have to raise a support ticket. The product and documentation are self-explanatory and we are able to troubleshoot things ourselves.

Positive

If we had compared it with other vendors, then I would have more to say about the cost, but we didn't. However, standalone, the cost is convenient.

We did not explore other vendors. This was a default choice for us.

We have not faced any incidents so we are not able to comment on how well it handles them. But in our organization, we are using basic antivirus software and that aspect is covered in that solution as well. It also has functionality for prioritizing threats but we have not implemented it.

The solution does not require much maintenance. There is the setup and it is mainly a matter of monitoring after that.

When you consider a best-of-breed strategy versus a single vendor's security suite, I prefer a single vendor because of the failure points. If there are interconnected failure points, there is a single vendor to work with to fix them and identify the gaps. And when it is within the same ecosystem, the product releases are compatible with each other and, together, give us more value. While a multi-vendor strategy has its benefits, if we stick to a single vendor for the entire stack, it is a better scenario in which to manage and monitor.

If you're using Office 365, Defender for Office 365 is the default primary choice. There are no shortcomings in it, that I have seen, that should make someone look for an alternate solution. It is the default choice for this particular use case and it serves its purpose.

We use Defender for Office for its five core features: anti-phishing, malware, link scanning, attachment scanning, and anti-spam.

We switched from Mimecast to Defender, and it's been a massive difference. Mimecast is convoluted, obtuse, and frustrating. That's not the case for Microsoft 365. Mimecast has more false positives, and the link-scanning feature requires you to authenticate devices every time you use the solution, which is untenable if you're on your phone. It's just not possible. 

If you're trying to look up a PDF that somebody sent, and a safe link is embedded in that, Mimecast and Microsoft write it into the "send" box. However, Microsoft is much better because you are already authenticated, so you don't need to re-authenticate again. Mimecast makes you reauthenticate every time.

It gives us one admin portal to see the things we need, which has made life for my admin team easier. I estimate it saves us about an hour or two a week. It saves the clients money because my team spends fewer hours doing tasks each week. 

The most valuable feature is protection against malicious links, fishing, and impersonation. You can train people to be aware of these threats, but they're not always careful. When they're using their phones between meetings, they click on a link, and it's game over. 

Impersonation detection is also crucial because attackers are increasingly advanced. They keep changing their tactics and adapting. People are getting emails with display names that look like people from their organization. SDF records, DMARC, and all that stuff don't always work because people often ignore email addresses. We have also used the phishing simulation component. That's pretty good.

The only thing they should improve is the licensing model. They should stop changing it. A year ago, the five features I mentioned were included in one product. Now, three of them are bundled into one product, and you have to pay extra for the other two. I don't mind paying extra, but I don't want them to change it every year or every six months. I need to know what I'm looking at and not worry about it next year.

I've used Defender in production for about a year.

Defender is stable. 

The number of users isn't significant, so I'm not worried about scalability.

Deploying Defender is a two-person job. You don't have to do much to maintain it per se. You occasionally get tickets from users who expected an email that got quarantined. You need to pay attention to that. You'll get access when you get a false positive, and you need one help desk person to look into it. There's no maintenance outside of that. 

Defender is cheaper than Mimecast in the long run, so there are savings, if not a return. It's like proving a negative. We haven't been hacked, so I don't know if that's worth anything.

The price is reasonable. 

I rate Defender for Office 365 a nine out of ten. If you could find a better solution than Defender, I would take a look. I originally went with Mimecast because they seemed to have a better product, but that's no longer true. Microsoft Defender is better than Mimecast. I used Mimecast for four years before switching. It used to be better, but now it isn't. You go with the best. Diversifying it is not helpful. Microsoft is finally doing a good job doing this email protection, they didn't do well in the past, but now they are.