We primarily use the solution for security. We removed all other antivirus products such as McAfee. We removed everything and now use Defender as Defender covers everything all third-party products used to cover.
Desktop Architecture and Design at a tech services company with 1-10 employees
Blocks and Monitors for security purposes without needing multiple other products to do different tasks
Pros and Cons
- "We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
- "The logs could be better."
What is our primary use case?
What is most valuable?
Overall, we are satisfied with the product.
Instead of using three or four tools for security, we can use one. With one product, Defender, we have all of the features we need. We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks.
It's very user-friendly.
What needs improvement?
The dashboards could be improved. They have to improve something about the dashboard. It is good, however, they need to provide some more information under each account.
The logs could be better.
For how long have I used the solution?
I've been using the solution for two years.
Buyer's Guide
Microsoft Defender XDR
April 2025

Learn what your peers think about Microsoft Defender XDR. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is a perfectly stable product.
What do I think about the scalability of the solution?
The scalability of the product is good.
How are customer service and support?
Technical support from Microsoft is good. We haven't had any issues with them. We are quite satisfied so far.
Which solution did I use previously and why did I switch?
We previously used McAfee, however, we wanted to have just one solution, Defender, to cover everything.
How was the initial setup?
The solution's initial setup is not complex yet not easy. We had to use some scripts and policies and a lot of things. If you set up a new environment with Defender, you have to integrate with the old policy and the same policy that was already set up. It needs time.
What about the implementation team?
I handled everything without any consultation from any outside sources.
What's my experience with pricing, setup cost, and licensing?
I don't know the cost. The costs are handled by management. I can't say if the cost is expensive or not. I don't handle that aspect.
What other advice do I have?
We're Microsoft partners.
I'd rate the solution at a ten out of ten. It's a pretty perfect product.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner

Cyber Security Engineer at a financial services firm with 1-10 employees
Unified security approach enhances threat containment and efficiency
Pros and Cons
- "Based on my experience, I rate Microsoft Defender XDR as nine out of ten."
- "For Microsoft Defender XDR, there is currently no ability to reset passwords for on-premises accounts, which is a key challenge."
What is our primary use case?
I use Microsoft Sentinel for monitoring cybersecurity threats as it is a SIM tool from Microsoft. Additionally, Microsoft Defender XDR provides security across multiple layers, deploying Defender for Endpoint on devices like laptops and desktops, Defender for Identity for Active Directory monitoring, and Defender for Office 365 for email security.
What is most valuable?
I find Microsoft Sentinel easier to configure since there is no need to manage all underlying components. Microsoft Defender XDR is effective for containment when threats occur, allowing for isolation of the host or account disabling. Although automation capabilities are better with Microsoft Sentinel, Microsoft Defender XDR shows potential. Integration with other Microsoft products is seamless, making it easier to create a unified security posture.
What needs improvement?
For Microsoft Defender XDR, there is currently no ability to reset passwords for on-premises accounts, which is a key challenge. Incident management can be difficult if third-party ITSM tools are connected with XDR. Initial tech support is slow in understanding problems. Improved integration with third-party ITSM solutions and enhanced automation in XDR would be beneficial.
For how long have I used the solution?
I have been working with Microsoft Defender XDR for more than five years.
What was my experience with deployment of the solution?
The deployment of Microsoft Defender XDR was not difficult. It is straightforward, and activating it involves just a couple of clicks.
What do I think about the stability of the solution?
I find Microsoft Defender XDR to be stable now.
What do I think about the scalability of the solution?
Microsoft Defender XDR is definitely scalable.
How are customer service and support?
The initial level of tech support is slow and rated as six out of ten. However, once issues are escalated to the second or third layer, the support is much better.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
For POC purposes, I have worked with CrowdStrike and Trellix XDR. However, I used Microsoft Defender XDR due to pre-existing Microsoft products in our ecosystem, ensuring seamless integration.
How was the initial setup?
The initial setup of Microsoft Defender XDR is easy. It involves enabling the system with a few clicks and then tuning it as needed. I wanted to leverage Microsoft products across all security areas for better compatibility.
What was our ROI?
I have seen an ROI in terms of efficiency. Previously, identifying and containing threats took a long time, but now, with Microsoft Defender XDR, it takes just a few minutes.
What's my experience with pricing, setup cost, and licensing?
The pricing for Microsoft Sentinel operates on a pay-as-you-go model based on data ingestion. I recall that Defender XDR pricing is based on the number of endpoints.
Which other solutions did I evaluate?
I evaluated CrowdStrike and Trellix XDR during the POC stage.
What other advice do I have?
Based on my experience, I rate Microsoft Defender XDR as nine out of ten. If you are utilizing Microsoft in-house products for different security postures, go with Microsoft Defender XDR as it is easier to manage and scalable. It is notably the most compatible option if your organization already uses Microsoft products.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Apr 23, 2025
Flag as inappropriate
Buyer's Guide
Download our free Microsoft Defender XDR Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2025
Product Categories
Extended Detection and Response (XDR) Endpoint Detection and Response (EDR) Microsoft Security SuitePopular Comparisons
CrowdStrike Falcon
SentinelOne Singularity Complete
Cortex XDR by Palo Alto Networks
IBM Security QRadar
Elastic Security
Trellix Endpoint Security
Intercept X Endpoint
Trend Vision One
Forescout Platform
Vectra AI
Rapid7 InsightIDR
Mandiant Advantage
Stellar Cyber Open XDR
Buyer's Guide
Download our free Microsoft Defender XDR Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the best EDR or XDR product for a company with 9000 employees?
- When evaluating Extended Detection and Response (XDR), what aspect do you think is the most important to look for?
- How do you decide about the alert severity in your Security Operations Center (SOC)?
- Which is better for Endpoint Security: EDR or XDR solutions?
- What are the main differences between XDR and SIEM?
- Why is Extended Detection and Response (XDR) important for companies?
- How do you use the MITRE ATT&CK framework for improving enterprise security?
- What tools and solutions do you use for automated incident response in an enterprise in 2022?
- FortiXDR vs Cortex Pro - which is the best?
- What is Cognitive Cybersecurity and what is it used for?