Try our new research platform with insights from 80,000+ expert users
Assistant Vice President at a financial services firm with 10,001+ employees
Real User
Though the tool offers threat prevention and blocking capabilities, it needs to improve its stability
Pros and Cons
  • "The product's initial setup phase was straightforward."
  • "The stability of the product is an area of concern where improvements are required."

What is our primary use case?

I use Microsoft Defender Threat Intelligence at my home for its threat prevention and blocking capabilities.

What is most valuable?

I can't comment on the valuable features offered by Microsoft Defender Threat Intelligence as the PC at my home is currently used by my family while I use my office laptop.

What needs improvement?

In Microsoft Defender Threat Intelligence, automatic threat blocking and in-memory attacks are areas of concern where improvements are required.

The stability of the product is an area of concern where improvements are required.

For how long have I used the solution?

I have been using Microsoft Defender Threat Intelligence for a couple of years. I am a user of the product.

Buyer's Guide
Microsoft Defender Threat Intelligence
October 2024
Learn what your peers think about Microsoft Defender Threat Intelligence. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.

What do I think about the stability of the solution?

It is a stable solution. I rate the product's stability a six out of ten.

What do I think about the scalability of the solution?

It is not a scalable solution since I use it on a PC at home, so per PC, a license amount is paid.

Only one person uses the solution at my home.

How was the initial setup?

The product's initial setup phase was straightforward.

The product's installation phase just requires me to enable it on my system, as Microsoft Defender Threat Intelligence is a product that came along when I purchased my laptop.

The product is deployed based on the product's licenses, so it doesn't matter whether it is deployed on an on-premises model or on the cloud.

What was our ROI?

The basic requirements offered by the product are good enough for home-based PCs.

What's my experience with pricing, setup cost, and licensing?

I use the product's default version, which is a free one and not the licensed version.

What other advice do I have?

I rate the overall product a six to seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT infrastructure lead at 0
Real User
Top 5
Provides an ease of deployment and efficient security features
Pros and Cons
  • "The product is stable."
  • "There could be a better notification system."

What is our primary use case?

The product helps us monitor business devices for authentication and response on all endpoints, servers, passwords, and plans.

How has it helped my organization?

The primary value is enhanced security and efficient incident response. The integration with Microsoft infrastructure provides a seamless experience.

What is most valuable?

The product's ease of deployment is a major advantage, as it integrates seamlessly with our existing systems. The dashboard and backend profile provide comprehensive visibility into user activities and potential threats. Additionally, the product offers valuable security insights and advice on areas for improvement.

What needs improvement?

There could be a better notification system. Currently, the user sees an icon, but it would be beneficial to have messages prompting them to contact IT immediately or take their device offline if necessary.

I would like to see more system automation actions, such as user-initiated tests or more proactive alerts.

For how long have I used the solution?

I have been using Microsoft Threat Intelligence for a few years now. 

What do I think about the stability of the solution?

The product is stable. 

What do I think about the scalability of the solution?

Scalability is quite flexible and depends on purchasing the appropriate licenses for the company.

How was the initial setup?

The setup is straightforward, typically taking about 15 minutes to an hour. The system allows for smooth switching between devices, whether online or offline.

What's my experience with pricing, setup cost, and licensing?

The product is a part of my Microsoft 365 subscription, so there is no additional cost. It is cost-effective.

What other advice do I have?

Unless you have very complex requirements, if you are already paying for a Microsoft subscription, you should take advantage of Microsoft Defender.

I rate it a nine out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Microsoft Defender Threat Intelligence
October 2024
Learn what your peers think about Microsoft Defender Threat Intelligence. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
James Selby - PeerSpot reviewer
Manager Security Division at Virtual-IT
MSP
Top 5Leaderboard
Offers multiple security components, including email security, local firewall, and anti-malware
Pros and Cons
  • "The global review and remediation of malicious code is probably the most valuable feature."
  • "Microsoft itself is a major target for attacks and threats due to its size and popularity. That could be considered Microsoft's Achilles heel."

What is our primary use case?

From a threat intelligence perspective, we use Microsoft Defender in conjunction with Azure and the cloud for our cloud-based customers. It helps us defend against various types of malicious code, whether it's through email inbounds or uploaded through USB sticks. It offers a wide range of capabilities.

What is most valuable?

Microsoft Defender is delivered in different components. One of them is the Microsoft community, where they share information about discovered malicious code, and remediation is promptly provided. This collaborative approach ensures that threats found in one country can be quickly addressed in other countries.

The global review and remediation of malicious code is probably the most valuable feature.

What needs improvement?

It's difficult to provide direct feedback to Microsoft, even as a Microsoft partner. However, the community out there supports and assists each other if that helps.

Microsoft itself is a major target for attacks and threats due to its size and popularity. That could be considered Microsoft's Achilles heel. Being the largest technology provider attracts significant threats. Microsoft is constantly fighting against threat actors trying to breach its technology. So by being the biggest, you attract the biggest threats.

I believe Microsoft could play more nicely with other IT security vendors. Currently, if you want your technology to integrate with Microsoft, you have to go through an extensive testing program to ensure compatibility with Azure. So, even the partnership program could be more efficient, allowing for smoother integration.

For how long have I used the solution?

I've been working with it since its inception. I've been involved in IT security for over thirty years, so I've seen it evolve.

What do I think about the stability of the solution?

If I were to rate the stability, I would say it's around an eight. However, there are occasional outages in Microsoft 365. So, stability can vary depending on the region, and there are instances of outages.

What do I think about the scalability of the solution?

I would give it an eight, without a doubt. It's highly scalable. Microsoft Defender can fulfill the needs of both small businesses and enterprise businesses effectively.

How are customer service and support?

Directly contacting Microsoft can be quite challenging. However, there is a community platform where users can find resolutions to specific issues. Microsoft also has an extensive patching program, and Microsoft releases updates to its solutions on the first Tuesday of every month.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Microsoft Defender is comprehensive. It covers areas such as email security, local firewall, and anti-malware. It's a comprehensive solution with different components within Defender. It also supports the operating system, Windows 11. 

It's not limited to a single function. Defender encompasses various security aspects, like email security, local firewall, and anti-malware. Moreover, it's designed to work seamlessly with Windows 11.

How was the initial setup?

On a scale of one to ten, where one is the most difficult and ten is the easiest, I would say it's around a seven or eight. No software is perfect, including Microsoft.

Most organizations are moving to the cloud now, so the majority of deployments are in the cloud. However, we don't provide extensive support for that. The deployment depends on how the customer wants to set it up. A lot of it is in the private cloud, but it is essentially in public areas. It's a combination of both.

What about the implementation team?

The deployment process can vary, but on average, it can take anywhere from two to twenty-four hours, depending on the tenant and whether it's a single or multiple tenancy setup. So, it depends on the specific circumstances.

What's my experience with pricing, setup cost, and licensing?

Considering Microsoft is constantly changing licensing, I would give it a seven out of ten. It can be difficult to get your head around it, especially for small to medium-sized enterprises (SMEs) like most of my clients. We typically deal with E3 licensing rather than the larger corporate E5 licensing.

So, the pricing is subject to changes, and it can be complex, especially for SMEs. It's traditionally based on E3 licensing for our clients.

Which other solutions did I evaluate?


What other advice do I have?

I wouldn't always advise my clients to exclusively rely on Microsoft products. However, they should derive maximum benefits from the licensing they pay for. For example, you can't simply purchase Defender on its own because it's bundled with the operating system. So, that question loses some relevance since you already have it regardless of choice. So, the value of Defender is already included with the operating system, and users don't have the option to choose whether to have it or not.

However, you can explore other solutions to enhance the security of Windows 11 or Windows 10, such as cloud-based options. But I would suggest making the most out of Defender. If you encounter any limitations, then you can consider other technologies to fill those gaps. So, it's about maximizing the potential of Defender and, if necessary, supplementing it with additional technologies.

You have the option to bolster the security of your Windows system with other solutions if needed, but Defender should be your primary focus.

Overall, I would rate it an eight out of ten because it is bundled with Windows OS. However, it doesn't cover all threats, and it remains a target for threat actors. So, depending on your business needs and the specific areas where Defender falls short in delivering effective security, you may need to supplement it with other technologies to strengthen your overall security position.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
TapabrataSamanta - PeerSpot reviewer
Lead Architect at Zones
MSP
Top 5
A cost-effective solution for monitoring and security but lacks supports for non-Microsoft products
Pros and Cons
  • "It helps to monitor by providing the best 24/7 monitoring integrated with Sentinel and IBM systems."
  • "Non-Microsoft products may not integrate as smoothly."

How has it helped my organization?

It helps to monitor by providing the best 24/7 monitoring integrated with Sentinel and IBM systems.

What is most valuable?

It works well when customers also use Azure, an added advantage. Even the cloud is from Microsoft, making it a complete Microsoft ecosystem. Sometimes, the customer has no other choice but to go with Microsoft because everything is integrated with Microsoft products. However, this can disadvantage non-Microsoft products, as they may not integrate as smoothly.

What needs improvement?

There are weaknesses, and  Microsoft is working on addressing them. Over the past three to four years, the ATP and other components have improved significantly, and the integration has also advanced.

We are using third-party services. While we have Microsoft Threat Intelligence, which leverages Microsoft's facilities, we also utilize additional third-party threat intelligence. As of today, we don't completely rely on Microsoft for certain regions. This is an area where Microsoft needs to improve. Consequently, we use Anomali, a third-party threat intelligence provider. We integrate our product's intelligence with Anomali, from which we obtain threat insights.

Microsoft products offer significant advantages, especially in the realm of threat intelligence. It works very well with Microsoft products. However, you might need additional services if you have non-Microsoft products in your environment. For instance, if you use Apple or Linux, Microsoft's solutions alone might not be sufficient.

If they can work more effectively, especially with zero-day attack speed and other sophisticated threats, it will help us provide our customers with timely newsletters about new attacks. 

For how long have I used the solution?

I have been using Microsoft Defender Threat Intelligence as a partner and reseller.

What's my experience with pricing, setup cost, and licensing?

Microsoft offers a package with a per-system cost. After discounts, it can be less than two to two and a half dollars.

What other advice do I have?

Customization was not available before, but now there are many options. You can customize various features. However, there is still a long way to go regarding setting and seasons. Currently, the advanced features are perfect for Microsoft code. Defender and Second Agent Services are about integrating your team and security systems. You need to identify threats, zero-day attacks, and other issues before they occur. Your feeds and other tools can actively prevent security incidents.

 We have integration with Anomali and IBM. We use Microsoft, but on top of it, we have some additional pay. We use Microsoft 365 and cloud apps, and they are very strong.

Overall, I rate the solution a seven to eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Deputy Manager - Radio Frequency Planning at RF-SMART
Real User
Top 5Leaderboard
Highly effective safeguarding against cyber threats with robust security features, timely threat intelligence and efficient performance
Pros and Cons
  • "Its user-friendliness is its most valuable aspect."
  • "It would be beneficial to enhance the pricing structure and make it more affordable."

What is our primary use case?

The protection provided by Microsoft Defender Threat Intelligence is robust and effective.

How has it helped my organization?

It efficiently helped us in threat hunting.

The malware virus posed significant security challenges, but Microsoft played a pivotal role in addressing and resolving the incident.

The timeliness and accuracy of Threat Intelligence are commendable.

The primary advantage lies in its robust security and overall performance.

What is most valuable?

Its user-friendliness is its most valuable aspect. I am satisfied with its performance in general.

What needs improvement?

It would be beneficial to enhance the pricing structure and make it more affordable.

For how long have I used the solution?

I have been using it for six months.

What do I think about the stability of the solution?

It provides good stability capabilities with occasional delays. I would rate it eight out of ten.

What do I think about the scalability of the solution?

I would rate its scalability abilities eight out of ten.

Which solution did I use previously and why did I switch?

I used Norton previously, but that was quite some time ago.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

Deployment is quick, typically ranging from five to ten minutes. I was responsible for the deployment. First, you need to install the antivirus software on the system. Then proceed with the installation process.

What's my experience with pricing, setup cost, and licensing?

It's reasonably priced, though there's room for further improvement.

What other advice do I have?

I would recommend it because of its strong security and user-friendly interface. Overall, I would rate it eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
MOHAMEDTRABELSI - PeerSpot reviewer
Senior infrastructure engineer at Cubic Information Systems
Real User
Top 5Leaderboard
Has efficient antivirus features and a simple setup process
Pros and Cons
  • "The product provides efficient email security for sending links and file attachments."
  • "We encounter problems connecting the product deployed on the user endpoints with the servers."

What is our primary use case?

We use the product as a defender for Office 365, endpoints, and security-dependable cloud apps.

What is most valuable?

The product provides efficient email security for sending links and file attachments. It has valuable features for anti-spam and antivirus. It integrates well with Microsoft Sentinel as well.

What needs improvement?

We encounter problems connecting the product deployed on the user endpoints with the servers. Additionally, the license model for the servers needs improvement.

For how long have I used the solution?

We have been using Microsoft Defender Threat Intelligence for two years.

What do I think about the stability of the solution?

It is a very stable product.

What do I think about the scalability of the solution?

Microsoft Defender Threat Intelligence is scalable.

How was the initial setup?

The initial setup is simple. However, it takes a lot of bandwidth to scan the device. It is challenging to deploy backups of thousands of computers. We have to configure the integration between the Defender for the endpoint and the server. The deployment and maintenance process requires one technical engineer to troubleshoot issues by reviewing PCs and setups.

What's my experience with pricing, setup cost, and licensing?

They offer two license plans: Microsoft Defender for endpoints and Microsoft Defender for businesses.

Which other solutions did I evaluate?

I have evaluated Kaspersky.

What other advice do I have?

I advise others to develop a good infrastructure and a vision for security before deploying any product. I rate Microsoft Defender Threat Intelligence a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Operational Cyber Security Specialist at a non-profit with 1,001-5,000 employees
Real User
Highly scalable and stable solution
Pros and Cons
  • "It is very scalable. There are approximately 2,000 endpoints and up to 200 servers in our company."
  • "It's a bit complicated to manage because you have many dependencies of servers, many dependencies in queue, and so on. Entries or different endpoints, and you make different configuration topics for each one. So that's a major problem."

What is our primary use case?

We use it for Cloud Security and Endpoint Protection. We have offices in each country on the planet. And so we have many, many, many external people who work with this solution. 

What needs improvement?

It's a bit complicated to manage because you have many dependencies of servers, many dependencies in queue, and so on. Entries or different endpoints, and you make different configuration topics for each one. So that's a major problem.

I would like to see a feature that would allow us to easily manage our Defender configurations.

It needs high-level administration.

For how long have I used the solution?

We have been using it for about six months.

What do I think about the stability of the solution?

It is a very stable product.

What do I think about the scalability of the solution?

It is very scalable. There are approximately 2,000 endpoints and up to 200 servers in our company.

Which solution did I use previously and why did I switch?

I used Trend Micro. Trend Micro has an easier grid, but the functions are the same.

The advantage is to have only one vendor, which provides Office tickets, communication, storage, and cloud. It's just one solution from one end, from one provider.

How was the initial setup?

We have our documents and processes in the cloud, in the Microsoft cloud.

The maintenance is done by Microsoft. We are on-premises, and our configuration allows access outside the company's local data center.

What other advice do I have?

I would recommend using this solution. It works. We have no problems with it.

Overall, I would rate the solution an eight out of ten. 

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Oscar Abouchaaya - PeerSpot reviewer
Partner / Consultant at Procomix
Real User
Top 5
A solution with a variety of applications bolstered by strong features and functionality
Pros and Cons
  • "I value how Threat Intelligence integrates with the different platforms in Microsoft."
  • "I would like to see more AI features and capabilities."

What is our primary use case?

Threat Intelligence is a modern antivirus XDR solution that we use to protect the environment, identities, data, and endpoints from attacks.

How has it helped my organization?

It was an excellent tool for its covered area and protected data, applications and controlled user access remotely.

What is most valuable?

I value how Threat Intelligence integrates with the different platforms in Microsoft.

What needs improvement?

I would like to see more AI features and capabilities.

For how long have I used the solution?

I've been providing the solution to customers for a little over two years.

What do I think about the stability of the solution?

I rate Microsoft Defender Threat Intelligence's stability a ten out of ten.

What do I think about the scalability of the solution?

I rate Microsoft Defender Threat Intelligence's scalability a ten out of ten. We have about 50 customers using the solution.

How are customer service and support?

The technical support for Threat Intelligence is very good.

Which solution did I use previously and why did I switch?

We have previously tried Trend Micro Palo Alto CrowdStrike and several others. We chose Microsoft Defender Threat Intelligence because it has more features and functionalities, is more effective with attacks, and integrates better with different platforms, especially Sentinel, which helped us build a SOC. Threat Intelligence has better reactivity, too, so this solution was what we needed. The other solutions were a bit more complicated and had limitations.

Another interesting thing was how the solution had other data applications, not only endpoints but also identity and so on.

How was the initial setup?

The initial setup is not complicated at all. Threat Intelligence is something engineers can develop and deploy properly. However, the initial setup's difficulty depends on the experience the engineers have with the cases that they need to deploy for, and this is where the skills come into play.

The time taken to deploy the solution depends really on the scenarios. And besides this company, we deployed the solution for small projects, which took less than ten days. There is also integration with Sentinel and third-party tools, so the time to deploy Threat Intelligence depends on what's needed. The deployment, when compared to other solutions, Is not complicated and does not take much time.

What's my experience with pricing, setup cost, and licensing?

The solution can be licensed, but most users would already have it in their Office 365 license. They just need to use it. The solution is very cost-effective and not expensive compared to what other vendors provide. Since the solution is part of a bigger bundle, customers would not have to pay extra.

What other advice do I have?

I rate Microsoft Defender Threat Intelligence a ten out of ten. People planning to implement this solution can confidently choose it. I wouldn't hesitate a minute to renew my license because it's very cost-effective and rich in functionalities. It has more features than other vendors' applications.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Download our free Microsoft Defender Threat Intelligence Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Buyer's Guide
Download our free Microsoft Defender Threat Intelligence Report and get advice and tips from experienced pros sharing their opinions.