We provide services to medium-sized businesses in the banking and administrative sectors. We are also using Microsoft Sentinel and Defender for 365.
Manager IT Services, Admin at asTech
It has a nice console and everything is in one place
Pros and Cons
- "Defender is easy to use. It has a nice console, and everything is all in one place."
- "The console is missing some features that would be helpful for a managed services provider, like device and user management."
What is our primary use case?
How has it helped my organization?
Defender helps our clients protect against any threats from outside the organization. Defender XDR helps our clients save about 25 percent by offloading some on-prem functions to the cloud. It also saves time because the cloud interface is manageable, and we can investigate incidents quickly. It's easy to create reports and share information with other teams.
What is most valuable?
I like Defender XDR's threat detection and prevention capabilities. Defender's built-in identity and access management features are critical. The solution's coverage extends beyond Microsoft software. Defender is easy to use. It has a nice console, and everything is all in one place.
What needs improvement?
The console is missing some features that would be helpful for a managed services provider, like device and user management.
Buyer's Guide
Microsoft Defender XDR
March 2025

Learn what your peers think about Microsoft Defender XDR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,040 professionals have used our research since 2012.
For how long have I used the solution?
I have used Defender XDR for the last two years.
What do I think about the stability of the solution?
I rate Defender XDR nine out of 10.
What do I think about the scalability of the solution?
I rate Defender XDR eight out of 10 for scalability.
How are customer service and support?
I rate Microsoft support nine out of 10.
How would you rate customer service and support?
Positive
How was the initial setup?
Some aspects of the deployment were not straightforward. It was moderately complex. I enabled all the connections and onboarding process, then implemented a basic set of configurations. It took about seven to 10 days to deploy.
What was our ROI?
My clients have seen an ROI from using Defender XDR.
What's my experience with pricing, setup cost, and licensing?
Defender XDR is reasonably priced but may be less affordable in certain countries. For example, it might be expensive for some customers in India.
What other advice do I have?
I rate Defender XDR eight out of 10. I would recommend Defender XDR. It's a fast solution, and it's easy to train people to use Defender.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer:

Cybersecurity Intern
It provides solid visibility because we can map out what's happening and get a good overview
Pros and Cons
- "The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
- "The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
What is our primary use case?
I use 365 Defender to protect against phishing attacks and filter out our email to pick up certain vulnerabilities. For example, if someone sends out their credentials, it triggers an alarm.
How has it helped my organization?
Features like filtering and phishing simulation increase our email security. The main purpose is to protect employees and sensitive company information. Everything is connected, so an intruder can potentially access sensitive, confidential information by breaching just one account. 365 Defender is a good way to protect the entire environment.
Defender helped us automate tasks because we had everything preconfigured. We create alerts and automated responses, which save us some time. Threat intelligence is helpful. For example, if there is a suspicious IP address based in Russia, we can block that address. I didn't do much of that, but it's possible.
What is most valuable?
365 Defender provides solid visibility because we can map out what's happening and get a good overview of the intelligence. The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats.
I also like that Microsoft has a lot of resources online. It's easy to Google information about the tool and what it can do for your organization.
What needs improvement?
The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process.
For how long have I used the solution?
I used Microsoft 365 Defender for 10 weeks during an internship.
What do I think about the stability of the solution?
365 Defender is highly stable. I've never had any issues with it. It can be slower at times, but that may not be product's fault. Maybe there's too much traffic or an issue with the connection.
What do I think about the scalability of the solution?
365 Defender can scale. More than a thousand people work for this company, and some of them have multiple endpoints, like laptops, workstations, phones, etc.
Which solution did I use previously and why did I switch?
I've used CrowdStrike and some other tools for endpoint and email security. Microsoft Defender is excellent because it covers everything in one place, including endpoint protection, email security, phishing simulation, spam filtering, etc.
What's my experience with pricing, setup cost, and licensing?
365 Defender is billed per account. I don't know the exact price, but my supervisor told me that Microsoft Defender is cheaper than the alternatives. It's bundled, so you get all the features in one place.
What other advice do I have?
I rate Microsoft 365 Defender a nine out of ten. It's an excellent product that protects employees and organizations from attacks. If you have it configured correctly, you should be good. It's an ideal solution for new companies that are starting up and need protection.
If I were asked to pick between a best-of-breed strategy or getting all of my solutions from one company, I would say that it depends on the product. Many companies have products that offer the same quality as others. The Microsoft family covers so much, but you can also try CrowdStrike for endpoint protection or Proofpoint for email security.
Each platform offers flexibility, and some can be better than Microsoft, but when it comes to creating configurations, I feel that it's a better option. Also, you can get a better price by purchasing all your solutions from one company.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Microsoft Defender XDR
March 2025

Learn what your peers think about Microsoft Defender XDR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,040 professionals have used our research since 2012.
It isn't customizable enough and not all of the solutions are fully integrated
Pros and Cons
- "My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
- "My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
What is our primary use case?
One of my largest customers deployed Defender for Endpoint, but they also wanted Defender XDR to get a specific feature. Defender XDR is included in the E5 license, but it's a bit too expensive. Our customer wanted Defender XDR's file integrity monitor tools for compliance. My client is using Defender with Sentinel, but I'm unsure how much they use it.
What is most valuable?
My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files.
What needs improvement?
My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it.
We have a similar tool to Defender's file integrity monitoring. Under the VMware VM properties, there is a change-checking tool, and it will tell us if the extension is in a different location. You can configure checking and do the monitoring. When I log into Defender's file integrity portal, I cannot see that this machine was enabled. It's the same agent and extension.
It's confusing because I don't know how to tell the customer they don't need to pay $15 per month because you already can enable the extension in VMware. Under the Defender account, it all seems like it's high code, and we cannot change it. Every customer has requirements for us to customize those things.
For how long have I used the solution?
I have used Defender XDR for about a year.
What do I think about the scalability of the solution?
Defender XDR is an enterprise-scale solution.
How are customer service and support?
I rate Microsoft support 4 out of 10.
How would you rate customer service and support?
Neutral
What other advice do I have?
I rate Defender XDR 3 out of 10. I don't think Defender XDR is ready to deploy in its current state. It has too many solutions inside, and they're not fully integrated.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: partner/reseller
Security analyst trainee at a tech services company with 11-50 employees
The solution can replace multiple security products because it covers everything
Pros and Cons
- "The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
- "The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
How has it helped my organization?
Defender XDR can replace multiple security products. It covers everything, including phishing protection, network security, device security, applications, etc.
The solution has reduced time spent on manual tasks because almost everything is automated. You don't have to do anything. If something happens, you'll get a notification, and it will instantly run the playbook for the incident. For example, a phishing email might take an hour to investigate manually. If you have Defender, you will have all the information you need on the incident page. It's all there, so you can investigate the incident in around 5 to 10 minutes.
Adopting Defender cuts costs. While the solution is a little pricey, you only need two products—XDR and Sentinel—so you don't need to add other security products. You only need to use the Microsoft security stack.
What is most valuable?
The advantage Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR.
The identity protection is excellent. It uses some rules, including some built-in rules from Microsoft itself. It identifies risky users and differentiates between a user who is trying to sign in and isn't the actual user. Identity and access management is a valuable component of Defender.
Defender covers non-Microsoft technologies if you're using the full Microsoft stack with Sentinel and Defender. You can ingest logs from other solutions, like Palo Alto and Fortinet firewalls.
It stops advanced attacks like ransomware and phishing in real time and prevents them from entering your environment. There's a feature called Security Advisory that shows you all the latest threats and vulnerabilities in the market so that you can make rules for them. It helps you understand them more.
With Sentinel and Microsoft Lighthouse, you can use multi-tenant access. It allows you to connect multiple tenants to one tenant, which you can use to monitor everything from there. Before we had Microsoft Defender, we had to go to each tenant, log n from your account, and investigate the incident if it's there. Lighthouse has one page with all the alerts, and they're all connected together. You can investigate every alert from one page.
What needs improvement?
The design of the user interface could use some work. Sometimes it's hard to find the exact information you need.
What do I think about the stability of the solution?
I rate Microsoft Defender XDR 7 out of 10 for stability. There are some performance issues maybe 5% of the time.
What do I think about the scalability of the solution?
I rate Microsoft Defender XDR 9 out of 10. It's easy to scale.
How are customer service and support?
I rate Microsoft support 8 out of 10. They answer quickly. If you open a ticket, they will respond immediately. You can chat with them or schedule a call.
How would you rate customer service and support?
Positive
How was the initial setup?
The setup is straightforward. You only need to buy the product and onboard every device. It's like a script for Microsoft Intune. The process takes a couple of days for a small company, but a larger business may require three or four days.
What's my experience with pricing, setup cost, and licensing?
Defender XDR is fairly priced.
What other advice do I have?
I rate Microsoft XDR Defender 8 out of 10. I recommend giving the product a try. If it doesn't work for you, try something else until you find a suitable product. There might be other solutions that are a better fit. It's good for my case, but it might not be right for everyone.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Engineer at Secure Networks
Helps stop advanced attacks, saves costs, and time
Pros and Cons
- "Microsoft Defender is stable."
- "Microsoft Defender is slow to adapt to evolving threats."
What is our primary use case?
Microsoft Defender is used for email protection.
How has it helped my organization?
Microsoft Defender helps stop advanced attacks. We use PII disclosure, we track sensitive data in emails, ransomware, and phishing emails.
Microsoft Defender has saved us costs.
Microsoft Defender has helped save us investigation time.
What needs improvement?
Microsoft Defender is slow to adapt to evolving threats.
For how long have I used the solution?
I was using Microsoft Defender for one and a half years until a month ago when I switched to a different team.
What do I think about the stability of the solution?
Microsoft Defender is stable.
What do I think about the scalability of the solution?
Microsoft Defender is scalable.
Which solution did I use previously and why did I switch?
I previously used Rapid7 InsightIDR for Security Information Event Management and Extended Detection and Response. While InsightIDR offered a user-friendly dashboard for managing detected incidents, its limitation of creating only around 25 custom rules restricted our ability to identify emerging threats. With the ever-evolving threat landscape, I believe a solution with a more adaptable defense system, like Microsoft Defender, is necessary to keep up with the pace of new incidents.
How was the initial setup?
Microsoft Defender was straightforward to set up. It came with a lot of useful documentation to help.
The deployment took almost two months.
What's my experience with pricing, setup cost, and licensing?
Microsoft Defender falls within a mid-tier price range compared to other security solutions.
What other advice do I have?
I would rate Microsoft Defender eight out of ten.
Microsoft Defender is well-documented and we can find answers to our questions from the user community.
I recommend Microsoft Defender for organizations that are already using other Microsoft products. Since they're likely within the same ecosystem, integrating Defender for antivirus protection should be a smooth process.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Analyst at a tech services company with 10,001+ employees
Eliminates looking at multiple screens, giving us one XDR dashboard, and that saves time
Pros and Cons
- "We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
- "There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
What is our primary use case?
It's the main tool that we use for the customer that we support. We don't use any other tools to monitor the environment.
How has it helped my organization?
It helps us prioritize threats.
In addition, Microsoft Sentinel enables you to ingest data from your entire ecosystem. One of the main reasons we use Sentinel is to receive logs from different sources and create analytical routines to generate alerts. Sentinel enables you to investigate threats and respond from one place and that is also very important because it becomes part of the monitoring team.
Microsoft 365 Defender has also helped eliminate looking at multiple dashboards, giving us one XDR dashboard. That means we don't have to spend too much time checking different pages. We just have one specific portal with all the information.
The solution has saved us time, although we haven't measured how much. It has reduced our time to detection and time to response by about 20 percent.
What is most valuable?
The most valuable features are the
- integration among all the Microsoft tools
- details of the alerts.
We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience the with the integrations, it was just a click of a button and things were integrated. It's just a button.
They work natively together to deliver coordinated detection and response across the environment. We get more details when we integrate more tools, so it's relevant to have integration enabled. When it comes to monitoring an environment, this is very important, because you get different perspectives and points of view on the same alert.
I have a positive impression of the visibility into threats that the solution provides. It brings a lot of information and details related to the alerts or any security threat.
What needs improvement?
There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups.
There could also be an improvement on the customization part. Sometimes we need to customize a few configurations but we can't.
For how long have I used the solution?
I have been using Microsoft 365 Defender for a year and a half.
What do I think about the stability of the solution?
We have never had any problem with downtime.
What do I think about the scalability of the solution?
The scalability is good.
How are customer service and support?
Sometimes, they still take too much time to reply. But when they do reply, it's positive support.
How would you rate customer service and support?
Neutral
How was the initial setup?
I was not involved in the initial setup, but there is no maintenance involved now.
What other advice do I have?
My advice would be to have someone from Microsoft involved in the deployment part to help. There are a lot of details that they have information about, and it's impossible to know everything.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Systems Manager at a energy/utilities company with 1,001-5,000 employees
Efficient protection against emerging cyber threats providing unified threat detection, incident response, and significant cost savings while streamlining operations
Pros and Cons
- "The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
- "Stability could be improved by avoiding frequent changes to the interface."
What is our primary use case?
It is an integral part of our security infrastructure, primarily serving to monitor both our server and client environments comprehensively.
How has it helped my organization?
Its strength lies in providing a holistic view of the protection it offers. When a threat is detected, the system not only identifies the nature of the threat but also provides valuable insights into how and why it was detected. This thorough understanding empowers us to take well-informed steps to remediate the threat effectively. The unified Microsoft environment enhances overall ease of use, making it considerably simpler for our team members to collaborate and work efficiently, given our familiarity with Microsoft products. Unified identity and access benefits stand out as crucial, especially as we delve deeper into compliance considerations. The increasing importance lies in having a centralized view, streamlining visibility through a single interface rather than navigating across various sections in Defender.
What is most valuable?
The incident threat response and its ability to facilitate effective remediation against threats are the standout features. I haven't encountered a similar level of comprehensive incident response in other solutions before.
What needs improvement?
Perhaps there's room for visual enhancements to make the platform more appealing. Stability could be improved by avoiding frequent changes to the interface.
For how long have I used the solution?
We have been working with it for approximately a year.
What do I think about the scalability of the solution?
It has proven to be scalable within our organization, which, while not exceptionally large, consists of around eight hundred users globally. It strikes a balance, meeting our needs effectively without being overly complex.
How are customer service and support?
The technical support is generally good, but we sometimes find the first-line support process a bit cumbersome. After initiating a case, we, as experienced professionals, go through the standard script diligently (ABC), only to find that first-level support requests the same steps again. While I understand the need for thorough troubleshooting before escalation, it can be time-consuming. I would rate it six out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Compared to antivirus or security products such as Trend Micro or McAfee, Microsoft Defender XDR appears notably more user-friendly and offers a clearer interface. The adoption of Microsoft Defender allowed us to phase out the use of other security products, including our long-standing reliance on McAfee and Trend Micro. The transition was prompted by the effectiveness of Advanced Threat Protection offered through Microsoft Defender 365. The decision to consolidate under Microsoft's umbrella proved advantageous, making the adoption process smoother and more efficient for our organization.
How was the initial setup?
The initial setup wasn't overly complicated. We only needed to create a few scripts, which were then executed on our local machines within the environment. This process seamlessly integrated the machines into Defender within our tenant.
What about the implementation team?
We use a third-party software tool for executing scripts and deploying software packages.
What was our ROI?
We've achieved significant cost savings, primarily in the realm of security. As Microsoft continues to enhance Defender, we anticipate further opportunities to streamline and consolidate various aspects of security monitoring and software under the Microsoft umbrella. I'd estimate the savings to be in the tens of thousands of dollars annually.Considering our relatively small team of around thirty IT professionals, especially those at the first level primarily using security products like Defender, the streamlined access within the same application prevents them from having to navigate through multiple applications. This efficiency translates to a potential saving of around a dozen hours per month per individual.
What's my experience with pricing, setup cost, and licensing?
Understanding the subscription model has been a bit challenging, as every feature or requirement comes with an additional cost.
What other advice do I have?
Overall, I would rate it eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Country Manager at Arkano Software
Simple for new users, reliable, and scalable
Pros and Cons
- "Microsoft 365 Defender is a good solution and easy to use."
- "The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
What is our primary use case?
We have many clients that have large companies in the south region of Mexico. They use the solution for security.
What is most valuable?
Microsoft 365 Defender is a good solution and easy to use.
For how long have I used the solution?
I have been using Microsoft 365 Defender for approximately 15 years.
What do I think about the stability of the solution?
Microsoft 365 Defender is a stable solution.
What do I think about the scalability of the solution?
The scalability of Microsoft 365 Defender has been good.
How are customer service and support?
The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist.
How was the initial setup?
If the solution is deployed using a good specialist with the correct configuration it works very well for normal users.
What about the implementation team?
The amount of people needed for the deployment depends on the number of licenses the customer has. if it is a large company as we have with approximately 8,000 to 12,000 people, we need more people to do customer service in this case. However, for small to medium companies, we have two people that do the implementation.
What's my experience with pricing, setup cost, and licensing?
We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue.
What other advice do I have?
I rate Microsoft 365 Defender an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Buyer's Guide
Download our free Microsoft Defender XDR Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Extended Detection and Response (XDR) Endpoint Detection and Response (EDR) Microsoft Security SuitePopular Comparisons
CrowdStrike Falcon
SentinelOne Singularity Complete
Cortex XDR by Palo Alto Networks
IBM Security QRadar
Elastic Security
Trellix Endpoint Security
Intercept X Endpoint
Trend Vision One
Forescout Platform
Vectra AI
Rapid7 InsightIDR
Mandiant Advantage
Stellar Cyber Open XDR
Buyer's Guide
Download our free Microsoft Defender XDR Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the best EDR or XDR product for a company with 9000 employees?
- When evaluating Extended Detection and Response (XDR), what aspect do you think is the most important to look for?
- How do you decide about the alert severity in your Security Operations Center (SOC)?
- Which is better for Endpoint Security: EDR or XDR solutions?
- What are the main differences between XDR and SIEM?
- Why is Extended Detection and Response (XDR) important for companies?
- How do you use the MITRE ATT&CK framework for improving enterprise security?
- What tools and solutions do you use for automated incident response in an enterprise in 2022?
- FortiXDR vs Cortex Pro - which is the best?
- What is Cognitive Cybersecurity and what is it used for?