Microsoft Defender XDR Reviews

We use Microsoft 365 Defender to help secure threats of the Office package, such as Word, Excel, and PowerPoint. Additionally, it can fix issues.

Microsoft 365 Defender is simple to upgrade.

The user interface of Microsoft 365 Defender could improve. They could make it simpler.

I have been using Microsoft 365 Defender for approximately one year.

Microsoft 365 Defender has been a stable solution.

We have approximately 1,000 people using this solution in my organization. If we expand then we will increase usage.

The support for Microsoft 365 Defender is good.

The installation of Microsoft 365 Defender was automatic when we did the installation of Microsoft Windows.

My internal IT team does the supporting of the solution.

I would recommend this solution to others.

I rate Microsoft 365 Defender a nine out of ten.

We use the solution for endpoints. 

What I like most about the product is its all-in-one solution. With Microsoft Defender XDR, we get coverage for various aspects like endpoint security, cloud security, and image-related cases, all within a single platform. This eliminates the need for multiple products or technical controls to address incidents. The main benefit became evident immediately after deployment, especially in its ability to analyze files and phishing emails quickly. By submitting suspicious files or emails, we receive quick results on whether they are legitimate, suspicious, or malicious, saving time. 

The solution could enhance the threat Intelligence feature by making it more relevant to specific industries. Much of the threat intelligence information isn't directly applicable to our environment. It would be beneficial if the threat intelligence were tailored to the industry, such as healthcare or fintech, where the solution is being used.

Additionally, the MDCA feature could be improved to provide more accurate data on how much data is uploaded or downloaded from the cloud. This might involve better implementation from our infrastructure team, but clearer and more precise reporting on cloud data activities would be valuable.

I have been using the product for eight to ten months. 

The solution works smoothly. 

The tool's scalability is good. 

If we open a case on the Microsoft portal, a support person from Microsoft helps resolve the queries. From our side, it usually involves two or three people. The Microsoft support person sometimes brings in another expert to resolve technical queries.

We've submitted our queries, and a tech support engineer comes through on a chat, a Zoom call, or another type of call. We discuss the queries with them, and they usually resolve the issues in one or two sessions.

Sometimes, if one engineer can't resolve the query, they will bring in another engineer, which can take an additional one or two days. 

Neutral

We chose Microsoft Defender XDR because it provides a one-stop solution. Everything related to endpoint security, email security, or cloud applications is integrated and visible in a single window. If we were to use other solutions, we would need to implement three different products to achieve the same level of integration and functionality.

We had some issues while deploying the tool's on-prem version. Support helped us resolve them. The cloud version is easy to deploy, while the on-prem version takes one month and doesn't require any maintenance.  

I rate the overall product an eight out of ten. If a new customer is going to buy Microsoft Defender XDR, they should clearly state their needs in front of the Microsoft team. They need to specify what they want and what features they require. It's good for the Microsoft team and the customer to understand all the requirements before deployment clearly. This way, any potential issues can be addressed beforehand, making the deployment smoother.

We use Microsoft Defender XDR for endpoint protection.

We have integrated Microsoft Defender XDR with 365 for identity and access management.

Microsoft Defender XDR protects against ransomware, business, and mail compromise. Microsoft offers the MITRE ATT&CK framework through its Defender XDR platform. This integration is particularly beneficial for Microsoft Office environments. It's a common practice to use Sentinel to investigate potential security incidents. For instance, we can check logs, examine hunting patterns, and review queries in Sentinel. Additionally, I've encountered situations where clients have lost their conditional access policies due to various factors, such as country-based rules, MSA-related rules, or application-based roles. Clients need to maintain these specific policies to ensure optimal security.

Multi-tenant management is a relatively new concept. I currently work with GCP, Microsoft 365, AWS, and Azure, where I access and perform assessments.

Microsoft Defender XDR helps replace other security products in our environment.

Microsoft Defender XDR helps save us time.

The common and advanced security policies for threat hunting and blocking attacks are valuable.

The UI is user-friendly. 

Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features. This can make it difficult for users to keep track of the latest changes and find the information they need. For example, every month, Microsoft might rename a product, change a portal, or update a feature. This can lead to confusion and frustration for users.

I have been using Microsoft Defender XDR for seven years.

I would rate the stability of Microsoft Defender XDR eight out of ten.

I would rate the scalability of Microsoft Defender XDR eight out of ten.

The few times I have contacted technical support, they have been helpful.

Positive

The initial setup is straightforward. Depending on the size of the environment, two to three people are involved in the installation.

Purchasing Microsoft Defender XDR as part of a Microsoft 365 bundle can be cost-effective, but acquiring it as a standalone product may be more expensive.

I would rate Microsoft Defender XDR eight out of ten.

We make use of Microsoft Defender for Office 365 for endpoint security and email and we use Defender umbrella for impersonation and sales. Under Defender umbrella, we use a lot of products depending on the customer requirements. As a company, we use Defender for email as well as for endpoint security.

We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence. 

This solution could be improved if it included features such as those offered by Malwarebytes. 

We have used this solution for many years and we are a Microsoft partner. We use this solution on a daily basis.

This is a stable solution. 

This is a scalable solution.

We have not yet needed to contact Microsoft for support with Defender. 

We have previously used a number of different solutions including Trend Micro, Symantec, Sophos Intercept X and Malwarebytes. Overall, we are more comfortable using Defender.

The initial setup was straightforward. 

I would rate this solution a nine out of ten. 

We are using it for incidents and alerts. It is helpful for threat hunting.

We have tied it to Azure AD or Microsoft Entra, and we are trying to implement it for Linux.

It saves the investigation time. There is a lot of information about the threats and other things.

Advanced hunting is good. I like that. We can drill down to lots of details.

It is user-friendly. It has a lot of parts. For me, it was pretty quick to get a sense of it.

It protects from phishing emails, but sometimes, some of the emails are not detected. They are getting delivered into the inbox, not in a junk folder or spam folder. Users are reporting them as phishing emails.

At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times. 

In terms of additional features, it is too early for me. I am still learning all the parts. I am just scratching the surface of the tool. One year is not enough to get every detail of it.

I have been using Microsoft Defender XDR for about a year.

It is stable, but sometimes, we experience an issue. Clicking the link in an incident email opens a small window, but we cannot find anything there. This has happened a couple of times. There is a bug.

Other than that, we have not experienced any downtime or any big issues. It is pretty stable.

We have plans to maximize its usage. We are trying to see how to get the most out of it, but my older colleagues would know more about it. I am still learning it.

I have not contacted them.

I am not sure. I am relatively new. I have only been working here for a year. They already had it in place.

I have not worked on a similar tool before. This is my first XDR tool.

It is on the cloud. I am not aware of its deployment because it was already deployed before I joined.

I cannot recommend it because this is the only tool for XDR that I have used. I have not used any other tool, but it is a good tool.

I would rate Microsoft Defender XDR a nine out of ten.

We have very strong DLP policies. The product will inspect each and every outgoing email and what kind of attachments they have, including if any have business-sensitive information such as outgoing email going to some public domain such as Gmail or Yahoo. If the solution detects this, it'll raise an alarm and notify the required teams. On top of that, the incoming email will scan attachments for any potential malware tech or any phishing link. 

The native capabilities are quite good as it slips in seamlessly as part of our integration. 

It integrates well without AD, Active Directory.

It gives a lot of flexibility in terms of configuration and customization as per the business requirements.

These days, in the security industry, there is a buzzword called zero trust. I personally have not seen much evidence of how Defender can enhance the story of Zero Trust for enterprises. Microsoft needs to offer more features here or spread awareness in the industry and the market about how Defender addresses Zero Trust issues.  

I've used the solution for more than a year now.

The stability is good. it's up to the mark. 

It's usually scalable. 

We're using it on a daily basis. 

The solution works for any size of organization. There is no such limitation for Microsoft as the ecosystem they have built doesn't really have a limiting factor. It will work for a small sized up to a big-sized organization. Our company is half a million strong. If it satisfies our needs, then definitely it can satisfy anybody else as well.

I personally have never reached out to technical support as our in-house expertise is good enough.

It's good for the most part, as it is their own homegrown product and they understand it well.

We haven't worked with any other products.

The setup is a simple process, however, users can adopt the phase-in approach and start simple and then yeah. For example, over a period of time, you can achieve what you want to achieve, but not in a single shot. You can do it in phases and work everything in slowly.

The amount of time it will take to deploy Defender depends, actually. If a customer is already sure about all the processes and reporting information they require, then to start, it should not take more than a couple of months, including planning.

There is some maintenance required. We need a team to run the show, however, when you compare it to other options, the maintenance requirements are reduced. We typically have a cloud operations team to oversee it, and it's business as usual. Our company is able to provide any needed maintenance services to our clients. 

Our company integrates this solution into our client's infrastructure.

We have E3 and E5 licenses for our users and there is the default.

Depending on the user role, the senior people and critical positions have been allocated the E5 licenses and the intermediate users have been allocated E3 licenses.

Whether it is inexpensive or not is not a very straightforward question as, when you compare the total cost, you have to consider the total cost of ownership. It's not only a comparison between two products. You have to see the other dependencies when you deploy any other solution. That said, I would say it is more or less cost-effective.

We are partners with Microsoft.

I'm in a customer-facing role where we propose different email security solutions to our customers. My role demands that I identify the required security solutions for the different needs of our customers.

We are on the latest version of the product.

I'd advise potential new users to define their business requirements first, however, it's likely Defender will need them and provide what they need.

I'd rate the solution at a nine out of ten.

We rely on Microsoft 365 Defender for workstation detection across a number of categories, including virus detection, potential unknown application detection, and monitoring for suspicious website interactions, including clicks and access attempts.

I have used Microsoft 365 Defender in the cloud.

We have experienced significant advantages from implementing Microsoft 365 Defender, as it provides enhanced visibility into workstations and the ability to automatically remediate threats. This means that not every incident requires manual intervention, as certain tasks can be handled automatically, often in conjunction with Microsoft Sentinel.

We are able to ingest collected data from our entire ecosystem. This is an important feature.

We are able to prioritize threats accounts our whole environment.

The solution has helped automate routine tasks and help automate high-value alerts.

The threat intelligence has helped prepare us for potential threats before they hit and we took proactive steps. We are able to check our workstations are well.

We have saved some time by using the solution.

I have found that having solutions from multiple vendors is more helpful than from one.

The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management.

The support could be more knowledgable to improve their offering.

I have been using Microsoft 365 Defender for approximately one and a half years.

The solution is stable.

We have a few thousand people using this solution in my organization.

The scalability of Microsoft 365 Defender is scalable.

I have used the support and they do not know how to fix the issues. Their knowledge could improve.

I rate the support from Microsoft 365 Defender a seven out of ten.

Neutral

We have used Microsoft Sentinel. Microsoft Sentinel enables us to investigate threats and respond holistically quickly from one place.

The comprehensive features of Sentinel Security Protection are impressive, particularly its integrated SOIR and UEBA functionalities, as well as its robust threat intelligence capabilities.

I have used McAfee previously and Microsoft 365 Defender is much better.

I rate Microsoft 365 Defender a ten out of ten.

We use Microsoft Defender XDR for malware detection and browser protection. We have around 500 devices to protect. We use it to get reports for each of these devices. 

We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing. 

We should be able to use the product on devices like Apple, Linux, etc. 

I have been working with the product for three to four years. 

The tool's scalability is good. 

I research in forums or contact support whenever I encounter issues. We have four types of support plans available. I rate the cheapest plan a two or three out of ten since responses are slow. I rate ten out of ten for an expensive support plan. 

Neutral

We have a vendor who gives us a better price. The product is expensive. Selecting the entire Microsoft suite is cheaper than using random services or products. 

Bitdefender costs around five dollars per month per device. However, Microsoft Defender XDR costs 2500 dollars per month. 

We are evaluating Bitdefender for Windows. 

Microsoft Defender XDR helps us save time for clients. 

Microsoft Defender XDR provides unified identity and access management. It is installed on every computer and checked from the Microsoft security admin center. 

The tool is easy to use. You can use one account to log in to any Microsoft service. 

We are aware of our compliance. We can now check the devices and get reports about it. 

The product can adapt to evolving threats. We use it to manage only one tenant. We have Mac devices where Microsoft Defender XDR cannot help us. 

We have the tool deployed across different locations like Germany and Denmark. 

I rate the product an eight out of ten. You need to follow its guidelines.