Microsoft Defender XDR Reviews

We use Defender XDR to assign roles and monitor based on the analytics report from Microsoft. 

Defender XDR has improved the organization's confidentiality. If there's a DLP violation, such as someone sharing documents inappropriately, a notification will automatically trigger. Defender stops the movement of advanced attacks. We first need to set up some independent indicators of compromise. The IOCs are connected to some attack surface reduction rules.

We get alerts if someone tries installing something on the system or adding an external hard drive. We get security recommendations from Microsoft, but our security implements them on their own. We don't use the AI feature. We see significant time savings from the alerts based on the indicators of compromise. It saves us about 10 to 15 percent.

The best feature is probably the alert generation. When I do a security reset, the other session triggers instantly from the Defender console, and I can work on it. The policies are three times, but they are also ready to install it.

The identity management feature is something we need for our use case. It wraps up the access management and XDR components, so it's not just Defender. It works well with Azure AD for access management. I didn't think I needed identity and access management in the past, but it's nice to have if you're performing a significant migration on a tight schedule. 

Defender XDR's coverage extends beyond Microsoft technologies. It covers all the endpoints of users in the organization. I can manage access to any application and system within the organization. 

Defender XDR could provide recommendations for threat-hunting queries. Some people do not know how to write an advanced threat query, so we need to spend time training them. 

We have used Defender XDR for about 15 months.

I rate Defender XDR 10 out of 10 for stability. It's a stable solution. We've had no outages. 

The scalability depends on the number of licenses you can purchase. If I want to add more endpoints or solutions from Microsoft XDR, I have to pay more. The scale depends on the pricing. 

I rate Microsoft support eight out of 10. Some cases are easy fixes, so they don't take much time, whereas some of our more complex tickets take some time.

Positive

I've also worked with Trellix. Microsoft provides better recommendations for protecting our tools, devices, and files. Trellix has XDR capabilities, too, but Microsoft's recommendations are more robust. 

Defender XDR is a SaaS solution. The deployment is ongoing because we're constantly onboarding and retiring endpoints. Microsoft handles most of the maintenance for it. It rarely requires maintenance from our end. 

Defender XDR is fairly priced and cost-effective. 

I rate Microsoft Defender XDR eight out of 10. If you want to implement this product, you should have a team who understands the product well. It's SaaS-based, so the Microsoft team is delivering everything to you. However, you still need to know the product.

We use Microsoft Defender XDR to protect our endpoints, computers, mobile devices, and emails.

In part, Microsoft Defender XDR provides unified identity and access management.

Microsoft Defender XDR can protect 98 percent of devices.

With Microsoft Defender XDR we can now manage all of our non-critical computers from one console. The management level and implementation level are easy. Microsoft Defender XDR is also cost-effective.

We have been using Microsoft solutions for over 25 years so it didn't take much convincing to start using Microsoft Defender XDR.

Microsoft Defender XDR has enabled us to discontinue the use of Kaspersky in our safe computers.

Being able to reduce the number of solutions used has been helpful to our security team's operations. The discontinued use of other security products has reduced manual correlation. Using Microsoft has a lot of advantages, especially in management. The reduction in manual correlation is important for our organization.

Microsoft Defender XDR saves our security team around three hours a day.

The most valuable features are spam filtering, attachment filtering, and antivirus protection.

Microsoft Defender XDR is not a full-fledged EDR or XDR. Any true XDR should be more powerful than what Microsoft is currently providing. For some public-facing companies, computers, and endpoint computers, we need additional security from CrowdStrike or other third-party XDR.

Microsoft Defender XDR does not stop 100 percent of the lateral movement or advanced attacks. Our machines use both Microsoft Defender XDR and Crowdstrike and we have had instances where attacks were missed by Microsoft Defender XDR but caught by Crowdstrike.

I have been using Microsoft Defender XDR for four years.

Microsoft Defender XDR is stable.

Microsoft Defender XDR is scalable.

We previously used Kaspersky, Norton, and CrowdStrike. We switched to Microsoft Defender XDR because of its streamlined management capabilities.

The initial deployment was straightforward. We pushed Microsoft Defender XDR remotely across our system consisting of 300 computers. We are a team of seven people and each of us was involved in the deployment process.

The implementation was done in-house.

Microsoft Defender XDR is expensive.

We did not evaluate other security solutions because I have extensive knowledge of most products, their strengths and weaknesses, and their overall capabilities. Additionally, considering all our products are on Microsoft 365, a cloud-based platform, and we already utilize its various components like mail, documents, and more, integrating Microsoft Defender for threat detection and management was a natural choice due to existing ecosystem compatibility and streamlined administration.

I would rate Microsoft Defender XDR an eight out of ten.

Microsoft Defender XDR is deployed across multiple locations and departments.

Minimal maintenance is required for patching.

We have it deployed as part of our security stack for our endpoints.

The technicians working on the issues have a clearer idea of a higher priority issue versus a lower priority. 

I like that Defender is easy to use and the alerts are all in one central location.

Some of our older hardware experienced a slight bump in CPU and memory usage. Although I don't have empirical data to back that up, I would suggest possibly more streamlining in the software.

I have been using Defender XDR for seven months.

We haven't had any issues with it, so I don't have any problems with its stability.

From what I have seen, it's easy to roll out to new onboarded machines and servers.

Microsoft support is not very good. You get stuck in low-level support for way longer than you should, instead of them escalating the issue up the chain. This is kind of the same with all Microsoft support, not just XDR.

Positive

We had BitDefender EDR, which is a pretty similar product, but we switched because we were trying to put everything under the Microsoft umbrella. We got good pricing on it and were happy with the results of the testing we did. Defender XDR officers richer insights into Defender XDR. It's a better overall experience. 

I don't personally crunch those numbers, so I don't know. But I know that we're committed to this for the future, so I would assume that we're doing okay.

Defender XDR is priced comparably to other solutions on the market.

I would rate Defender XDR as an eight or a nine. There is always room for improvement.

We're a small business. Defender XDR gives us a centralized security solution for monitoring our servers and some user PCs. We have around 30 machines, 10 of which are servers. 

Defender XDR saves the security team time by telling us what patches to apply. We also get preemptive notes about things that need to be done.

I like Defender XDR's reports and alerts. They give you updates about the latest hotfixes and zero-day vulnerabilities, which gives me all the information I need to maintain my servers. 

Defender's AI for identifying suspicious activity could be improved. Also, I do a lot of home updates. Maybe there is a way to set it up faster. For example, let's say that I want to automatically update seven computers, servers, etc. I wouldn't do it to a user, but maybe the server. I don't mind if the server restarts automatically.

I have used Defender XDR for a year.

Defender XDR is stable.

Defender is scalable. I haven't had any issues with that part.  

Microsoft support is good. I usually don't contact them directly. We have a support partner. If there's an issue, they can resolve it with Microsoft quickly.

We previously used Symantec antivirus. We're a small company, so switching wasn't a big deal. We switched because Symantec discontinued the solution we were using. They actually don't sell it anymore.

I wasn't involved in the decision to purchase Defender XDR. We are a small company, so we needed a vendor to support SMEs, and Microsoft caters to businesses of all sizes. We checked some other solutions but went with Defender because we're already on Azure, so the solutions complement each other.

Deploying Defender XDR was easy. Our external security guy handled most of the settings and onboarding, and our IT guy handled a few of the problematic cases. Most of the maintenance was automatic.

I don't know the exact pricing, but I believe Defender offered the best small business solution for the price.

I rate Microsoft Defender XDR nine out of 10. I don't have experience with other XDRs that I can compare it to, but I think Defender is an excellent solution. It's fairly easy to understand and navigate, and it's a good value.

We are a managed security service provider, and we use Microsoft 365 Defender to provide EDR and endpoint, and email protection to our customers.

Microsoft 365 Defender has great threat analytics integration. It has visibility into threat incidents that occur across different organizations, and this is directly integrated into the tool. Rather than checking for indicators that are available online, we can directly look at which endpoint or user has been impacted in the organization, and this makes our job easier.

Another valuable feature is vulnerability management. The inbuilt vulnerability management service automatically scans devices for vulnerabilities and separates them as critical and non-critical. We don't need to have a separate vulnerability assessment device.

In terms of prioritizing threats, we have come across vulnerabilities and threats that are present in our customers' environments and have been able to discover the devices that are vulnerable to particular attacks. We have then been able to immediately inform our customers and help them update to the latest version of the particular software that was vulnerable. There are automatic response actions in the tool so that a threat can be remediated within the tool itself.

I also like the lab devices that are available within the tool itself with which we can do all the tests. We can simulate some threat activities in these lab devices that are provided by Microsoft and don't need to prepare a separate device to validate it or to simulate a threat tag duty.

The threat intel integration provides great visibility into threats. Microsoft has a huge team that handles threat intel research, and their findings are integrated with their tools like Defender or Sentinel. The features within the tool itself work very well. There's an automatic threat handling module available in the tool, and there are lots of threat handling queries specific to different attack campaigns. We can run those queries to know if any IOCs related to those are present in the devices. Also, there are several inbuilt analytics rules available.

We have integrated Microsoft Sentinel and Office 365, and Defender and Sentinel as well. Some, like Office 365, are natively integrated, and there are connectors available for those that are not. It is easy to integrate the solutions. For example, to integrate Defender and Sentinel we just deployed a connector. There was a short latency period, but other than that, it was seamless.

The automatic investigation and remediation (AIR) feature helps to automatically investigate and terminate many of the malicious files. Without this feature, we would have the difficult task of going to each and every endpoint to delete a particular file or prevent execution.

Microsoft 365 Defender has eliminated the need to look at multiple dashboards and has given us one XDR dashboard. We have a wider range of visibility from a single pane of glass, which also makes it easier to manage.

Regarding saving time, the key has been the fact that everything can be managed from a single pane of glass where we have visibility into all of the endpoints and users. Previously, we had to look into each device belonging to the customer before deploying a solution. Automatic remediation and vulnerability management features have saved us a lot of time. The time-savings have resulted in saving us money as well.

Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded.

Licensing is also confusing, particularly with regard to Microsoft Defender for Endpoint.

A good feature to add would be automatic patch deployment. Currently, the vulnerability management feature shows all of the vulnerabilities present in different devices that have been onboarded. It shows what manual actions can be taken or what patches can be deployed, but automatic patch deployment is not an option. It would be great if a patch can also be deployed right from the tool.

I've been using Microsoft 365 Defender for 1.5 years.

Other than a few times where we faced issues with hanging, the solution has mostly been stable.

It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment.

We have had to rely on technical support quite a few times, and they have been very responsive. I'd rate technical support at nine out of ten.

Positive

Because it's a cloud solution, Microsoft 365 Defender is easy to deploy.

I prefer to go with a best-of-breed strategy rather than with a single vendor's security suite, but the tool would need to integrate with as many products as possible, as in an open XDR strategy. However, if you can't integrate with multiple devices by having an open XDR tool, it's best to have a single vendor's tool in order to have greater integration.

If you are looking into Microsoft 365 Defender, my advice would be to make sure that you know your licensing requirements. If you already have a Microsoft-based environment, then this solution may be a good fit as it will integrate with all other Microsoft products. Also, Microsoft is constantly improving their solutions, and it's a good time to be in the Microsoft security sphere.

Overall, I'd rate Microsoft 365 Defender at eight on a scale from one to ten.

We are using Microsoft Defender for Office 365 for identity and email security, safe links, etc.

It works as an antivirus, and it also works for any behavioral issues in a particular machine. It protects all the applications from any vulnerability. It works in both ways. It works for vulnerability management and also for the EDR part. Earlier, we had Qualys for vulnerability management, but Microsoft Defender takes care of both. It provides information about how vulnerable a machine is, and it also takes care of the antivirus and behavioral issues in a particular machine due to some threats or any unwanted applications installed.

It helps us manage vulnerabilities. If there are any vulnerabilities in a machine due to a lack of patches or end-of-life software installed on the machine, it gives us the report. After seeing the report, we can fix those vulnerabilities by uninstalling the vulnerable applications or by patching them.

It takes care of the antivirus part. The signatures are constantly getting updated related to new viruses. It covers any identity-related issues or device-specific issues. It covers the MITRE framework. If any threat or risk is present in our environment, it takes care of that and then tells us that these are the issues that we need to work on. After we get the alerts, we do the investigation and remediation.

It provides unified identity and access management. You can create role-based access. You can create policies based on different risk levels. You can also trigger password resets. There are a lot of capabilities that are built in. You can also create conditional access (CA) policies. If any vulnerable application is installed on a device, you do not want that device to be connected to your network, you can create conditional access policies. It will first check whether the integrity of the device is as per your organization's requirements. If it is compliant, then only that device will be allowed to connect to your network. The same goes for identity. If MFA is enabled in your environment, the users will be allowed to connect only if their accounts have MFA enabled. Otherwise, the access is blocked. You can automate such things.

It is important that identity and access management are included in Microsoft Defender rather than needing an additional solution. Nowadays, you see a lot of phishing emails and unsecure links being forwarded to user accounts. In Microsoft Defender, we have secure links and safe links. Once enabled, if any malicious link is sent to a user account, when the user clicks on a link, it immediately checks whether it is safe to access. If it is found to be malicious, it is immediately blocked. If a user mistakenly clicks on a link, the risk state is changed automatically in the web portal. If you have a conditional policy in place, the access is blocked for that user. Even if the attackers have access, they will not be able to do anything. In today's scenario, it is pretty important to have these in place.

As of now, the integration part is pretty limited to Microsoft products. However, by using Sentinel, which is a SIEM solution, you can integrate other products.

It stops the lateral movement of advanced attacks like ransomware or business email compromise. You can create lateral movement policies, and you also can create high-risk users or high-risk devices. You can have customized policies for them. You can create different policies, and the alerts triggered from those devices or users are put into high severity so that you can take immediate action.

You get the telemetry of any attack observed by Microsoft Defender. You can see everything from the starting point till the remediation steps automatically taken by Microsoft Defender. The investigations can be found easily. They are pretty detailed. Everything is there in the portal.

It has the ability to adapt to evolving threats. Threat intelligence is embedded in the portal itself for new threats, technologies, ransomware, or malware. All the latest threats are automatically handled by Microsoft Defender. Remediation is also automatically available.

It saves time. There is automatic remediation, and there are playbooks that you can configure. You can automate the remediation steps that you have already tried on a particular machine. If you want to suppress some of the alerts, you can create suppression rules so that your team does not spend time investigating them. Playbooks, automatic remediation, and suppression of similar alerts save a lot of time.

Vulnerability management is valuable. We had a different product for vulnerability management. We were using Qualys for that, but after we got Microsoft Defender, we also got the vulnerability management part. It is embedded in the portal itself. We do not have to look into another solution or tool. We did not have to install any additional sensor which reduces the overhead and does not affect the machine's capability. With the same sensor, we get the vulnerability report and threat report. We also get to know any risks and issues related to malware and other things.

The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging. For a different set of teams or departments, we can create different device groups. Based on the teams and their work portfolio, we can create different policies. It is quite handy, whereas with the Qualys solution, the portal was quite cluttered. To find a particular option, we had to look at many options, whereas Microsoft Defender is quite user-friendly.

We are also getting all the reports by using the same sensor. It is light on the machines as well. It consumes less resources than other solutions available in the market.

It is evolving. We are seeing new advancements and integrations. They have integrated Copilot, so going forward, we can take the AI advantage. It will be quite easy for us to run any queries. These are the advantages that I see in Microsoft Defender in comparison to others.

The patching capability should be there. Patching is something that you cannot do even though you see the vulnerabilities present in your environment. For patching, you have to depend on another solution.

Other than that, there are still limitations in creating device groups. You can create tags, but these tags are based on limited options. There are only a few categories based on which you can create a tag or device group. If there are other conditions that you want to put, such as creating a group based on the application installed on a particular machine, you cannot do that. There are some shortcomings. Also, if you want to whitelist a particular application for a set of groups, you cannot do that. We had an incident where we wanted to whitelist a particular application that was getting blocked by Microsoft Defender, but we were not able to create those groups. We were not able to whitelist the application for some of the devices. We had to whitelist it for the whole environment, which we did not want to do.

It only has pre-built dashboards. You cannot create customized dashboards. They have a set of dashboards, but they are not customizable.

We can create reports using KQL, but it is hard to create customized reports using KQL. You get a CSV, but you need to use Power BI or another reporting product to create the report. The other products available in the market give you customized dashboards, customized reporting, and customized workflows. This is pending in Microsoft Defender.

I have been working with this solution for 1.5 years.

It is a Microsoft product. It is similar to any other Microsoft product in terms of stability. They do change the name and other functionalities, but it is pretty much similar to any other Microsoft product.

It is pretty scalable. It does not stop you anywhere.

I am working in an MNC. We have more than 6,000 people.

It depends upon the license that you have. They have a different set of licenses based on which you get support. It depends on the support packages you have purchased.

It is very easy to raise a request. They have a portal. From there, you can create a ticket by email or by chat. The response is based on the support package that you have. If you have premium support, you can get a response in minutes. 

In my previous organization, I worked with Palo Alto XDR. In this organization, we had McAfee, which is a signature-based solution. Microsoft Defender is more advanced than McAfee. It is EDR-based, whereas McAfree was signature-based. It was based on the signatures related to a particular threat or virus. It was handling threat prevention, but behavioral analysis and other functionalities that you see in EDRs were not there. We wanted to move to a behavioral-based antivirus solution. That is why we opted for Microsoft Defender.

Microsoft Defender also enabled us to discontinue the Qualys solution. It has many capabilities related to vulnerability management. They are available out of the box, but patching is something that is missing. For patching, you need to use Intune, whereas, in Qualys, you can also do patching, so patching is something that is missing in Microsoft Defender. However, Microsoft Defender is very good for the assessment of vulnerabilities.

You also get visibility of the devices that are still not onboarded to Microsoft Defender. You have something called Device Discovery in Microsoft Defender. Once enabled, you can get details of all the machines that still do not have Defender, whereas, in Qualys, you have to create customized or scheduled scans of your network. They then run on a periodic basis, but that is not the case with Microsoft Defender. It is on a real-time basis. The Microsoft Defender client continuously does the scanning, and you get visibility into all the machines on your network that still do not have Microsoft Defender onboarded. However, you cannot do patching with Microsoft Defender.

Microsoft Defender can save costs. Qualys is pretty expensive. Microsoft Defender does vulnerability management out of the box, so if you do not want to do patching and you have another solution for patching, you can save costs. It also has out-of-the-box functionality for identity protection.

It is deployed on a public cloud. If you do not have people in your team who know about this product, Microsoft can give you a vendor to help with deployment, creating the policies, etc.

Overall, it is pretty straightforward because Microsoft Defender is enabled on all Windows machines. All you need to do is to activate the sensor that is already installed. The installation process is not much, but if you want somebody to help you, Microsoft can help you with a list of vendors at a particular location. The vendor can help you with configuring the policies and activating different licenses.

Documentation is available on the Microsoft portal to help you create policies and go forward as per your environment.

We took help from somebody for implementation.

It does not require a lot of people because it is a cloud solution and the sensor is already available in the machine itself. It does not require a lot of manpower to get started with Microsoft Defender and do a migration. However, it also depends on how big your organization is. If it is an MNC with a presence in multiple countries, you might need at least one person per region. If any hands-on support is required on a client machine, you can do troubleshooting remotely or provide on-site support. If you have only one site, you do not need much manpower. A single person can do it.

Its maintenance is similar to any other solution. If you are changing any policy, you have to test them before putting them into production. Apart from that, it does not require anything. The Defender updates are automatically available. You can push them through your patching solution. Its maintenance is not hard.

Every organization has different requirements. In my previous organization, we opted for Palo Alto even though we had Defender and CrowdStrike. CrowdStrike is also a best-in-class solution, but we opted for Palo Alto because it was giving something that was a requirement. In that organization, we also wanted to do some management. We wanted to run some scripts through our XDR solution. CrowdStrike had some limitations. We also wanted to do a console login for a particular machine. CrowdStrike gave that functionality, but it was pretty limited, whereas, in Palo Alto, it was limitless. We could straightaway see the files present on a machine by using the console view. We could run a different set of queries. It did not matter whether we were running a PowerShell script, a Python script, or any other language script because the compiler was embedded in the sensor. Palo Alto met the needs of that company. For the use cases, it was the best fit.

In my current organization, the use cases are different. We only wanted an EDR solution. Also, because most of the products in our environment are from Microsoft, the integration with them was pretty easy. That is why we opted for Microsoft Defender. An organization should look at its use cases and then decide on an EDR/XDR solution.

Comparing Microsoft Defender's EDR capabilities with other solutions, I would recommend going for another solution available in the market. I would rate it a 6 out of 10 because there are a lot of things that are available in other solutions, such as doing a remote of a particular machine and running other language scripts. Other solutions are also better in terms of the isolation of a particular device, removal from the isolation, and granularity of security control. I am not comparing it with others for vulnerability management because Palo Alto or CrowdStrike do not do that. If there are any vulnerabilities and you want to fix them, you have to do all the work.

We use Microsoft Defender XDR to secure all data transfers between the company network, databases, and user devices. It also protects against malware, ransomware, and other security threats.

Microsoft Defender XDR provides unified identity and access management.

Microsoft Defender XDR can extend beyond to cover more than just Microsoft technology.

The most beneficial aspect of Microsoft Defender XDR is the integration with Office 365.

We can realize the benefits of Microsoft Defender XDR anywhere from two weeks to three months, depending on the organization.

Microsoft Defender XDR stops the lateral movement of advanced attacks.

When a user exhibits suspicious activity, Defender XDR and Microsoft Sentinel work together to provide real-time protection and automation for prevention. This includes threats like insecure connections, lateral movement by malware, and unauthorized email sending. While Microsoft Defender XDR is a powerful solution on its own, combining it with Microsoft Sentinel and automation creates an even more robust defense.

Microsoft Defender XDR helps to discontinue other third-party solutions in our environment.

The cost savings potential of Microsoft Defender XDR depends on the size of an organization and the specific licensing chosen.

Microsoft Defender XDR streamlines security team workflows by offering a unified console for investigation, blocking, and mitigation.

The integration between all the Defender products is the most valuable feature.

The management and automation of the cloud apps have room for improvement.

I have been using Microsoft Defender XDR for 3 years.

Microsoft Defender XDR is stable.

The scalability of Microsoft Defender XDR depends on your organization's network for on-premises deployments, but it offers excellent scalability for cloud deployments.

Scaling Microsoft Defender XDR on-premises can lead to network and access control list problems, as well as VPN restrictions.

Microsoft Defender XDR boasts a straightforward setup process. This ease of use stems from its integration with existing Microsoft products. Once we have the appropriate license, we can be up and running quickly. Extensive documentation is available, and Defender XDR enjoys broad industry compatibility. Many other security solutions readily integrate with Defender XDR, opening their products to its robust security features.

The deployment time depends on each environment and can take anywhere from a couple of days to one month.

The number of people required for deployment also depends on the environment and varies between two to eight people.

The price we see for Microsoft Defender XDR is typically the discounted rate we offer to our customers. However, when we bundle Defender XDR with other Microsoft products, the overall bundle price may differ. Despite any initial price considerations, Defender XDR offers excellent value. It's important to compare similar products to make a fair assessment. For organizations already using Microsoft products, which applies to roughly 90 percent of our customers, Defender XDR is easy to set up. Unlike some third-party security solutions, Defender XDR integrates seamlessly with our existing Microsoft environment, eliminating the need for complex identity management configurations and development efforts.

While the standalone price of Defender XDR might seem high, its value becomes clear when considering the ease of implementation and smooth integration with our existing Microsoft infrastructure, especially when bundled with other Microsoft products.

I would rate Microsoft Defender XDR nine out of ten.

Between one and two people are required for maintenance which is conducted twice a month to roadmap Microsoft and check new features.

I recommend thoroughly reading the documentation. Additionally, if there are opportunities to attend Microsoft events, such as a partner workshop focused on Defender, these would be valuable resources. By participating in these activities, you can gain a deeper understanding of what needs to be done within your environment to successfully implement Microsoft Defender XDR.

We use Microsoft Defender XDR for antivirus, threat intelligence, and email blocking.

Microsoft Defender's XDR platform provides unified identity and access management. It has improved significantly, although other products remain slightly ahead. I would rate it among the top four or five XDR platforms I've used, and Microsoft is continuously enhancing its capabilities. Overall, it's a fairly good solution.

Consolidating identity and access management under one umbrella within Defender 365 offers significant advantages. This unified approach simplifies control and visibility, eliminating the need to navigate through different screens from multiple vendors. With everything centralized, we gain a comprehensive overview of all IAM activities and can easily access specific details through subcategories. The main page provides a clear starting point, highlighting key information and granting quick access to deeper levels of detail when needed.

While Microsoft Defender can effectively impede the lateral movement of advanced ransomware, it cannot guarantee complete protection. No system is perfect, and vulnerabilities will always exist.

Defender's ability to stop attacks includes its adaptability to evolving threats. Microsoft has been steadily improving Defender over the past few years, and they continue to do so. Several updates in recent months have changed Defender's functionality, making it more effective. While technology advances and tools like Defender improve, the skills of hackers and their tools also evolve. This necessitates continuous improvement to keep pace.

Adaptability to evolving threats is crucial. A static system is vulnerable to attack. Its unchanging vulnerabilities can be readily identified and exploited, allowing unauthorized access and manipulation. Constant improvement is necessary to maintain security.

While we have reduced our reliance on other products, we haven't eliminated them at this time. We are actively reducing our use of other products as we progress. Once we have completed the configuration and setup process for Defender XDR, we can then fully transition to using it as our primary product.

Defender XDR has saved our security team approximately two hours per day. Automation is improving steadily, allowing us to automate audit file processing and scheduling. This provides us with continuous insight into our environment. The main page offers a high-level overview of current activity, enabling us to quickly identify any anomalies. Our security team can then address these anomalies promptly.

The threat intelligence is excellent. Email collaboration is very good. Device protection is useful. Overall, 90 percent of Microsoft Defender XDR is used weekly, primarily for email collaboration.

Advanced attacks could use an improvement.

I have been using Microsoft Defender XDR for almost four years.

I would rate the stability of Microsoft Defender XDR a nine out of ten.

Microsoft Defender XDR is scalable and we are planning to increase the usage.

The Microsoft technical support I used in the past was quite good. They were typically responsive and efficient, providing solutions quickly. However, I haven't needed their assistance in the last year, so I can't offer an updated assessment.

Our past experience includes Sophos, Check Point, and ESET. We briefly utilized SentinelOne as well, but ultimately opted for Microsoft Defender XDR. We had Defender included in our purchases but it wasn't being utilized fully until I fine-tuned and set it up to work more efficiently.

I would rate Microsoft Defender XDR an eight out of ten.

We require three people for maintenance.

We have Microsoft Defender XDR deployed across multiple locations, roles, and teams.

Before implementing Microsoft Defender XDR, ensure that all the features will be utilized otherwise it is more cost-effective to go with a smaller package that includes only the features needed by the organization.