What is our primary use case?
Microsoft 365 Defender is one of the first layers to our security. It's our first layer security product, e.g. we use it, then we also use Exchange Online Protection for email, Safelink, etc.
We always recommend these products to our customers, e.g. if the customer is using another third-party product. We are always recommending these compliance and security products, e.g. Microsoft 365 Defender, Cloud App Security, etc.
We usually recommend cloud security because it connects all of these security and compliance products in one center to take logs and make them meaningful, plus you can also create alerts. We are also recommending it because of Microsoft Teams usage, especially because in Microsoft Teams, users sometimes do mass deletion, mass download, etc. We always say: "Let's connect your Cloud App security with your Azure Information Protection, with Microsoft 365 Defender and your Microsoft Teams, your Engula, etc. We find cloud security to be very useful.
What is most valuable?
What I found most valuable in Microsoft 365 Defender is that it's able to scan emails and protect users from dangerous links or attachments. This is important in a first layer or base layer security product such as Microsoft 365 Defender. You can even combine Microsoft Defender for Endpoint with this solution to get the most benefits.
I also find Microsoft 365 Defender user-friendly, so that's another valuable feature of this solution.
What needs improvement?
What could be improved in Microsoft 365 Defender is its licensing. It needs to be more consolidated, because there are so many plans for Microsoft 365 Defender, and every other year, there will be new licensing options, e.g. plan one, plan two, etc., that become more and more different from each other. The most valuable product would be the most expensive product, and customers usually say: "We really need the last version, but that's really expensive for us, because we are in Turkey and the currency is very, very high now." Three years ago, this wasn't a problem, because $1 was three or four Turkish liras, but now it's 15.
In the licensing options, it would also be better if there can be some optimizations, similar to what Power BI Pro offers. There are two options in Power BI: user-based and capacity-based. It would be good if there can be another option for one consolidated product for the whole company with a higher price, but you cannot depend on user count.
What I'd like to see in the next release of Microsoft 365 Defender is for them to provide more details in the alerts and notifications they send out.
For how long have I used the solution?
We've been a partner for Microsoft for 10 years.
Buyer's Guide
Microsoft Defender XDR
April 2025
Learn what your peers think about Microsoft Defender XDR. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.
What do I think about the stability of the solution?
I found that the stability of Microsoft 365 Defender is good.
What do I think about the scalability of the solution?
Scalability is good in Microsoft 365 Defender.
How are customer service and support?
What we have is Premier Support from Microsoft, e.g. we are a CSP partner, so we were required to buy Premier Support and Cloud Consulting from Microsoft. We are really happy with the support we've been receiving for Microsoft 365 Defender, but on the customer side, they don't have Premier Support, and sometimes, depending on the case, they're not very satisfied with the support.
Our satisfaction is five out of five, but our customers would only have three or four out of five, in terms of their satisfaction with Microsoft 365 Defender support.
How was the initial setup?
The initial setup for Microsoft 365 Defender is really easy. It's not very complicated. I didn't see any other difficulties with setting it up, but customers sometimes think it's not very easy. They purchase consulting services from us, so it doesn't bother us, but sometimes the customer says: "I don't know how to start, but I use Microsoft Security." Microsoft is very late in the security niche, so customers sometimes say: "We have Symantec", or they would mention that they have other products from other vendors, and these vendors are very reliable for many, many years.
In the last three or four years, though, customers start to depend on Microsoft Security products, but they are not early adopters, because they usually tell us: "When we buy the product, some policies cannot be used, but after sometime we can use it." It's not really a problem, but I wanted to relay some of the feedback we get from our customers.
What's my experience with pricing, setup cost, and licensing?
The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change.
What other advice do I have?
We've been dealing with the latest version of Microsoft 365 Defender.
For an average project, deployment of Microsoft 365 Defender can take a week, but we do need some change management models, because we still need to train the users about safe links and attachments, so we sometimes have to expand the average time, but implementation is not very hard. If we only do the implementation, one week is more than enough.
We rely on just one to two persons, particularly engineers, for the deployment and maintenance of Microsoft 365 Defender.
My recommendation to others looking into implementing Microsoft 365 Defender is that reading the documentation is really good. If you are a Microsoft partner, you'll also have benefits, e.g. CDS tenants and demo tenants that are free to you for one year, so you can test the products first, before you implement. If you are a partner, my advice is to use your Microsoft partner benefits.
I'm giving Microsoft 365 Defender a rating of eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner