Microsoft Defender XDR Reviews

Microsoft Defender XDR is used as an additional layer of protection we moved to Microsoft 365. It helps protect both our cloud infrastructure and endpoints.

We conduct regular phishing tests and have seen a decline in breaches because our users pay more attention to what's coming into their inboxes. We've seen fewer incidents.

The email protection feature is the most valuable because our risks primarily lie there, and it seems to be the most popular target. 

Sometimes, digging into the information and knowing where to go can be difficult. It would be better if much of that information were immediately visible, especially when looking at endpoints or users.

I have used Microsoft Defender XDR for around four years now.

The stability has been great. I haven't noticed many issues.

Regarding scalability, we're not a very large organization, with about three hundred people worldwide, so it has worked for us so far.

I rate Microsoft customer service seven out of 10. I have been able to get the help I need, but I know other technicians have had difficulty getting support.

Neutral

Previously, we had on-prem solutions and used Cisco Firepower as our main security. The pandemic accelerated our switch to Microsoft Defender XDR in 2020, as Skype for Business was going away, leaving Teams as the only option and leading us to look more to the cloud.

Moving all our mailboxes up to the cloud was pretty seamless. There weren't many hiccups, so I thought it went well.

We worked with Softchoice to initially get the ball rolling. They had someone come in to guide us through the steps.

On my side, it's difficult to speak about the return on investment, but we've improved our security posture.

I rate Microsoft Defender XDR an eight out of 10. It functions well for our needs and has not presented many performance issues. It's easy to take action, and we have not found many pain points.

We use Defender XDR to assign roles and monitor based on the analytics report from Microsoft. 

Defender XDR has improved the organization's confidentiality. If there's a DLP violation, such as someone sharing documents inappropriately, a notification will automatically trigger. Defender stops the movement of advanced attacks. We first need to set up some independent indicators of compromise. The IOCs are connected to some attack surface reduction rules.

We get alerts if someone tries installing something on the system or adding an external hard drive. We get security recommendations from Microsoft, but our security implements them on their own. We don't use the AI feature. We see significant time savings from the alerts based on the indicators of compromise. It saves us about 10 to 15 percent.

The best feature is probably the alert generation. When I do a security reset, the other session triggers instantly from the Defender console, and I can work on it. The policies are three times, but they are also ready to install it.

The identity management feature is something we need for our use case. It wraps up the access management and XDR components, so it's not just Defender. It works well with Azure AD for access management. I didn't think I needed identity and access management in the past, but it's nice to have if you're performing a significant migration on a tight schedule. 

Defender XDR's coverage extends beyond Microsoft technologies. It covers all the endpoints of users in the organization. I can manage access to any application and system within the organization. 

Defender XDR could provide recommendations for threat-hunting queries. Some people do not know how to write an advanced threat query, so we need to spend time training them. 

We have used Defender XDR for about 15 months.

I rate Defender XDR 10 out of 10 for stability. It's a stable solution. We've had no outages. 

The scalability depends on the number of licenses you can purchase. If I want to add more endpoints or solutions from Microsoft XDR, I have to pay more. The scale depends on the pricing. 

I rate Microsoft support eight out of 10. Some cases are easy fixes, so they don't take much time, whereas some of our more complex tickets take some time.

Positive

I've also worked with Trellix. Microsoft provides better recommendations for protecting our tools, devices, and files. Trellix has XDR capabilities, too, but Microsoft's recommendations are more robust. 

Defender XDR is a SaaS solution. The deployment is ongoing because we're constantly onboarding and retiring endpoints. Microsoft handles most of the maintenance for it. It rarely requires maintenance from our end. 

Defender XDR is fairly priced and cost-effective. 

I rate Microsoft Defender XDR eight out of 10. If you want to implement this product, you should have a team who understands the product well. It's SaaS-based, so the Microsoft team is delivering everything to you. However, you still need to know the product.

It is a universal security tool across our organization, catering to staff members using standard laptops and PCs. Currently, we employ an in-house solution built upon a smaller product from a Finnish company.

Although it integrates with Microsoft AD, our solution remains somewhat proprietary as we've independently implemented and tailored it to our specific needs.

We do not leverage the multi-tenant management capabilities of the solution. In our scenario, we operate as a single organization, allowing us to utilize a straightforward, single-setup approach.

The identity protection offered by the solution has proven highly effective for us because we developed it in-house. Crafting it ourselves has allowed us to seamlessly integrate all of our specifications with the solution within a relatively short timeframe. 

The significance of using the identity and access management integrated into Microsoft 365 Defender cannot be overstated, as it is vital for the proper functioning of the product. While it is crucial, the available functionality might not be entirely sufficient. We have opted for our in-house solution to complement and address the additional requirements.

It empowers us to phase out the use of other security products.

Its most significant advantage lies in its affordability. Being an integral part of the Microsoft Stack, it comes with a cost-effective package. Especially for higher education, there's an appealing pricing structure.

The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution. Enhanced integration would contribute to a smoother user experience, and ease of use is a key aspect that could benefit from such improvements.

We have been using it for approximately four years.

It has demonstrated exceptional stability, with no concerns or complaints on my end.

It exhibits sufficient scalability for our specific needs.

We utilize extended support for Microsoft's stability, and the quality is excellent.

Positive

Within our network, we incorporate Cisco products, utilizing various security features and functionalities offered by Cisco. For instance, our firewalls are implemented using Cisco technologies. This adds diversity to our security landscape, as Microsoft alone may not cover all our security needs.

It has been implemented across various locations, spanning our three campuses and multiple departments. Maintenance is handled by a team of four people.

It didn't contribute to cost reduction. Our expenditure has maintained a consistent level, with little change over the years, aside from factors like inflation.

Using it has resulted in time savings for our security team. Currently, the team comprises approximately four individuals working with these technologies, equating to a total of four times thirty-seven hours per week.

It has consistently offered highly appealing academic pricing, with distinct rates for higher education and general educational purposes. This differential pricing is a significant factor and it influenced our choice to use Microsoft products.

Overall, I would rate it nine out of ten.

We use Microsoft Defender XDR to protect our endpoints, computers, mobile devices, and emails.

In part, Microsoft Defender XDR provides unified identity and access management.

Microsoft Defender XDR can protect 98 percent of devices.

With Microsoft Defender XDR we can now manage all of our non-critical computers from one console. The management level and implementation level are easy. Microsoft Defender XDR is also cost-effective.

We have been using Microsoft solutions for over 25 years so it didn't take much convincing to start using Microsoft Defender XDR.

Microsoft Defender XDR has enabled us to discontinue the use of Kaspersky in our safe computers.

Being able to reduce the number of solutions used has been helpful to our security team's operations. The discontinued use of other security products has reduced manual correlation. Using Microsoft has a lot of advantages, especially in management. The reduction in manual correlation is important for our organization.

Microsoft Defender XDR saves our security team around three hours a day.

The most valuable features are spam filtering, attachment filtering, and antivirus protection.

Microsoft Defender XDR is not a full-fledged EDR or XDR. Any true XDR should be more powerful than what Microsoft is currently providing. For some public-facing companies, computers, and endpoint computers, we need additional security from CrowdStrike or other third-party XDR.

Microsoft Defender XDR does not stop 100 percent of the lateral movement or advanced attacks. Our machines use both Microsoft Defender XDR and Crowdstrike and we have had instances where attacks were missed by Microsoft Defender XDR but caught by Crowdstrike.

I have been using Microsoft Defender XDR for four years.

Microsoft Defender XDR is stable.

Microsoft Defender XDR is scalable.

We previously used Kaspersky, Norton, and CrowdStrike. We switched to Microsoft Defender XDR because of its streamlined management capabilities.

The initial deployment was straightforward. We pushed Microsoft Defender XDR remotely across our system consisting of 300 computers. We are a team of seven people and each of us was involved in the deployment process.

The implementation was done in-house.

Microsoft Defender XDR is expensive.

We did not evaluate other security solutions because I have extensive knowledge of most products, their strengths and weaknesses, and their overall capabilities. Additionally, considering all our products are on Microsoft 365, a cloud-based platform, and we already utilize its various components like mail, documents, and more, integrating Microsoft Defender for threat detection and management was a natural choice due to existing ecosystem compatibility and streamlined administration.

I would rate Microsoft Defender XDR an eight out of ten.

Microsoft Defender XDR is deployed across multiple locations and departments.

Minimal maintenance is required for patching.

We use Microsoft Defender XDR in our multi-tenant environment comprising Windows, Linux, and the Cloud.

We have Microsoft Defender deployed in a hybrid environment across AWS, Azure, and GCP.

Microsoft Defender XDR provides unified identity and access management. The identity protection the solution provides is good. 

If we had to use a separate solution for identity and access management I believe the performance would be clunky.

Microsoft Defender XDR extends beyond just Microsoft technologies, encompassing a wider range of platforms and services. This broad coverage is a key strength of the solution.

Since implementing Microsoft Defender XDR, the centralized view and management console have been beneficial.

Microsoft Defender XDR limits the lateral movement of advanced attacks.

It integrated seamlessly into our SIEM environment so there are no disruptions to our security operations.

The ability to adapt to evolving threats is critical as the landscape is expanding daily.

The multi-tenant management capabilities for investigating and responding to threats across tenants are good.

We are enabled us to discontinue the use of other vulnerability management tools.

The reduction in the number of vulnerability management tools we use has helped reduce manual operations.

Microsoft Defender XDR has helped reduce our costs by ten percent.

Microsoft Defender XDR has helped save our security team between five and ten percent of their time.

The unified view of the threat landscape on a central dashboard is the most valuable feature.

The naming convention keeps changing and has room for improvement.

The licensing is a nightmare and has room for improvement.

I have been using Microsoft Defender XDR for three years.

Microsoft Defender XDR is stable.

Microsoft Defender XDR is a SaaS product so it is scalable.

The technical support is good.

Positive

We previously used VMware Carbon Black and switched to Microsoft Defender for the multi-cloud environment support.

The initial deployment is straightforward. We identify the critical assets and just deploy for those initially and then slowly roll out for the rest. Around five people were involved in the deployment.

The implementation was completed in-house.

We have seen a return on investment.

I would rate Microsoft Defender XDR a nine out of ten.

We have it deployed as part of our security stack for our endpoints.

The technicians working on the issues have a clearer idea of a higher priority issue versus a lower priority. 

I like that Defender is easy to use and the alerts are all in one central location.

Some of our older hardware experienced a slight bump in CPU and memory usage. Although I don't have empirical data to back that up, I would suggest possibly more streamlining in the software.

I have been using Defender XDR for seven months.

We haven't had any issues with it, so I don't have any problems with its stability.

From what I have seen, it's easy to roll out to new onboarded machines and servers.

Microsoft support is not very good. You get stuck in low-level support for way longer than you should, instead of them escalating the issue up the chain. This is kind of the same with all Microsoft support, not just XDR.

Positive

We had BitDefender EDR, which is a pretty similar product, but we switched because we were trying to put everything under the Microsoft umbrella. We got good pricing on it and were happy with the results of the testing we did. Defender XDR officers richer insights into Defender XDR. It's a better overall experience. 

I don't personally crunch those numbers, so I don't know. But I know that we're committed to this for the future, so I would assume that we're doing okay.

Defender XDR is priced comparably to other solutions on the market.

I would rate Defender XDR as an eight or a nine. There is always room for improvement.

We're a small business. Defender XDR gives us a centralized security solution for monitoring our servers and some user PCs. We have around 30 machines, 10 of which are servers. 

Defender XDR saves the security team time by telling us what patches to apply. We also get preemptive notes about things that need to be done.

I like Defender XDR's reports and alerts. They give you updates about the latest hotfixes and zero-day vulnerabilities, which gives me all the information I need to maintain my servers. 

Defender's AI for identifying suspicious activity could be improved. Also, I do a lot of home updates. Maybe there is a way to set it up faster. For example, let's say that I want to automatically update seven computers, servers, etc. I wouldn't do it to a user, but maybe the server. I don't mind if the server restarts automatically.

I have used Defender XDR for a year.

Defender XDR is stable.

Defender is scalable. I haven't had any issues with that part.  

Microsoft support is good. I usually don't contact them directly. We have a support partner. If there's an issue, they can resolve it with Microsoft quickly.

We previously used Symantec antivirus. We're a small company, so switching wasn't a big deal. We switched because Symantec discontinued the solution we were using. They actually don't sell it anymore.

I wasn't involved in the decision to purchase Defender XDR. We are a small company, so we needed a vendor to support SMEs, and Microsoft caters to businesses of all sizes. We checked some other solutions but went with Defender because we're already on Azure, so the solutions complement each other.

Deploying Defender XDR was easy. Our external security guy handled most of the settings and onboarding, and our IT guy handled a few of the problematic cases. Most of the maintenance was automatic.

I don't know the exact pricing, but I believe Defender offered the best small business solution for the price.

I rate Microsoft Defender XDR nine out of 10. I don't have experience with other XDRs that I can compare it to, but I think Defender is an excellent solution. It's fairly easy to understand and navigate, and it's a good value.

We are a managed security service provider, and we use Microsoft 365 Defender to provide EDR and endpoint, and email protection to our customers.

Microsoft 365 Defender has great threat analytics integration. It has visibility into threat incidents that occur across different organizations, and this is directly integrated into the tool. Rather than checking for indicators that are available online, we can directly look at which endpoint or user has been impacted in the organization, and this makes our job easier.

Another valuable feature is vulnerability management. The inbuilt vulnerability management service automatically scans devices for vulnerabilities and separates them as critical and non-critical. We don't need to have a separate vulnerability assessment device.

In terms of prioritizing threats, we have come across vulnerabilities and threats that are present in our customers' environments and have been able to discover the devices that are vulnerable to particular attacks. We have then been able to immediately inform our customers and help them update to the latest version of the particular software that was vulnerable. There are automatic response actions in the tool so that a threat can be remediated within the tool itself.

I also like the lab devices that are available within the tool itself with which we can do all the tests. We can simulate some threat activities in these lab devices that are provided by Microsoft and don't need to prepare a separate device to validate it or to simulate a threat tag duty.

The threat intel integration provides great visibility into threats. Microsoft has a huge team that handles threat intel research, and their findings are integrated with their tools like Defender or Sentinel. The features within the tool itself work very well. There's an automatic threat handling module available in the tool, and there are lots of threat handling queries specific to different attack campaigns. We can run those queries to know if any IOCs related to those are present in the devices. Also, there are several inbuilt analytics rules available.

We have integrated Microsoft Sentinel and Office 365, and Defender and Sentinel as well. Some, like Office 365, are natively integrated, and there are connectors available for those that are not. It is easy to integrate the solutions. For example, to integrate Defender and Sentinel we just deployed a connector. There was a short latency period, but other than that, it was seamless.

The automatic investigation and remediation (AIR) feature helps to automatically investigate and terminate many of the malicious files. Without this feature, we would have the difficult task of going to each and every endpoint to delete a particular file or prevent execution.

Microsoft 365 Defender has eliminated the need to look at multiple dashboards and has given us one XDR dashboard. We have a wider range of visibility from a single pane of glass, which also makes it easier to manage.

Regarding saving time, the key has been the fact that everything can be managed from a single pane of glass where we have visibility into all of the endpoints and users. Previously, we had to look into each device belonging to the customer before deploying a solution. Automatic remediation and vulnerability management features have saved us a lot of time. The time-savings have resulted in saving us money as well.

Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded.

Licensing is also confusing, particularly with regard to Microsoft Defender for Endpoint.

A good feature to add would be automatic patch deployment. Currently, the vulnerability management feature shows all of the vulnerabilities present in different devices that have been onboarded. It shows what manual actions can be taken or what patches can be deployed, but automatic patch deployment is not an option. It would be great if a patch can also be deployed right from the tool.

I've been using Microsoft 365 Defender for 1.5 years.

Other than a few times where we faced issues with hanging, the solution has mostly been stable.

It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment.

We have had to rely on technical support quite a few times, and they have been very responsive. I'd rate technical support at nine out of ten.

Positive

Because it's a cloud solution, Microsoft 365 Defender is easy to deploy.

I prefer to go with a best-of-breed strategy rather than with a single vendor's security suite, but the tool would need to integrate with as many products as possible, as in an open XDR strategy. However, if you can't integrate with multiple devices by having an open XDR tool, it's best to have a single vendor's tool in order to have greater integration.

If you are looking into Microsoft 365 Defender, my advice would be to make sure that you know your licensing requirements. If you already have a Microsoft-based environment, then this solution may be a good fit as it will integrate with all other Microsoft products. Also, Microsoft is constantly improving their solutions, and it's a good time to be in the Microsoft security sphere.

Overall, I'd rate Microsoft 365 Defender at eight on a scale from one to ten.