Try our new research platform with insights from 80,000+ expert users
Microsoft Defender XDR Logo

Microsoft Defender XDR pros and cons

Vendor: Microsoft
4.2 out of 5
Badge Leader
336 followers
Post review

Pros & Cons summary

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Microsoft Defender XDR offers strong integration with various Microsoft platforms and applications, providing a cohesive narrative and central management across Microsoft's ecosystem.
The platform provides advanced threat detection capabilities, allowing users to track threat activities through timelines and benefit from comprehensive threat intelligence.
Microsoft Defender XDR is highly scalable, accommodating small to large environments and adaptable to different organizational needs.
It includes advanced automation capabilities, enabling organizations to automate responses and make use of playbooks to handle alerts efficiently.
Defender XDR focuses on robust threat protection features, including antivirus, antiphishing, and machine learning-driven threat remediation.

CONS

Microsoft Defender XDR could improve in terms of faster scanning for email attachments, especially with frequent updates to combat new viruses.
There is a need for enhanced machine learning and AI capabilities within Microsoft Defender XDR.
Microsoft 365 Defender lacks integration with emerging endpoint security technologies like EDR and XDR.
The licensing for Microsoft Defender XDR is complex and requires consolidation and clarification.
Offboarding and onboarding process for devices in Microsoft Defender XDR is manual and could be improved for better efficiency.
 

Microsoft Defender XDR Pros review quotes

Eric Mannon - PeerSpot reviewer
Nov 27, 2023
The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def
PD
Nov 19, 2024
For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity.
Gabor Nyerd - PeerSpot reviewer
May 17, 2023
Microsoft 365 Defender's most valuable feature is the ability to control the shadow IP.
Learn what your peers think about Microsoft Defender XDR. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
James-Hinojosa - PeerSpot reviewer
Apr 5, 2023
In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments.
reviewer2187066 - PeerSpot reviewer
May 17, 2023
Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment.
Siddharth Kumar - PeerSpot reviewer
May 24, 2024
In our company,we have faced multiple attacks over the last few months, but none of them have been successful, and I think Microsoft Defender XDR has played a major role in it.
reviewer2186769 - PeerSpot reviewer
May 17, 2023
Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit.
Patrick Celano Ciccarino - PeerSpot reviewer
Mar 8, 2024
The integration, visibility, vulnerability management, and device identification are valuable.
Michael Wurz - PeerSpot reviewer
Nov 22, 2023
From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave.
NitinKumar1 - PeerSpot reviewer
Apr 17, 2024
The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging.
 

Microsoft Defender XDR Cons review quotes

Eric Mannon - PeerSpot reviewer
Nov 27, 2023
From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it.
PD
Nov 19, 2024
For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details.
Gabor Nyerd - PeerSpot reviewer
May 17, 2023
Sometimes, configurations take much longer than expected.
Learn what your peers think about Microsoft Defender XDR. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
James-Hinojosa - PeerSpot reviewer
Apr 5, 2023
At times, there may be delays in the execution of certain actions and their effects.
reviewer2187066 - PeerSpot reviewer
May 17, 2023
In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals.
Siddharth Kumar - PeerSpot reviewer
May 24, 2024
I do think that maybe having a feature within my organization where there are three different domains within which we have to operate would be helpful, as there is currently no unified view within the domains.
reviewer2186769 - PeerSpot reviewer
May 17, 2023
Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful.
Patrick Celano Ciccarino - PeerSpot reviewer
Mar 8, 2024
The web filtering solution needs to be improved because currently, it is very simple.
Michael Wurz - PeerSpot reviewer
Nov 22, 2023
The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense.
NitinKumar1 - PeerSpot reviewer
Apr 17, 2024
The patching capability should be there. Patching is something that you cannot do even though you see the vulnerabilities present in your environment. For patching, you have to depend on another solution.