What advice do you have for others considering Microsoft Defender for Office 365?

Integration with Office 365 is one of the strongest points. I recommend it for easy handling and less need for additional IT resources. I'd rate the solution eight out of ten.

We tried to solve a lot of issues by implementing the solution. The solution helps us detect problems related to the endpoints, like the detection of suspicious processes or suspicious installation of suspicious software. We will raise an alert, and it will show us a graph of the different entities included in the incident, including users, computers, or endpoints. If it is related to email, it will show us the initial email and different insights about the incident. We'll go through those alerts and try to check them manually. Sometimes, the tool detects suspicious emails for some incidents and automatically quarantines them. After that, we, as analysts, will do the manual review. If we find an action suspicious, we use the tool to blocklist the domain that has sent the email. If we find that it's a false positive, we will reject this automatic action by the XDR, and the email will be delivered to the end user. Unified identity and access management is a new feature on the Microsoft 365 Defender portal. It's all about having a single pane of glass to give you insights into the different identities available on your tenant. Those identities are either on-premises, cloud-based, or synchronized between the on-premises and cloud-based workloads. The solution's security covers more than just Microsoft technologies. Microsoft Defender for Endpoint and Microsoft Defender for Cloud Apps have a specific configuration to get insights from third-party cloud applications or from within the Microsoft Defender for Endpoint sensors. We can also get logs and insights from other network devices present in our perimeter, like routers, switches, or firewalls. All those insights will help us gain some visibility into our security posture. The product has gone through a lot of improvements, especially in the last few moments. It will be like a SOC unified platform with the integration of the Microsoft Sentinel tool within the Microsoft 365 Defender portal. This tool is available to cover all the perimeters. Even third-party solutions and workloads that do not have any security tools from where we can get insights, we can directly use something else to install the low connectors and get visibility about those. Also, the most significant evolution is the integration of artificial intelligence with Microsoft Copilot for security. This is also a big added value that will help analysts investigate and minimize the meantime needed to respond to advanced threats. The solution stops the lateral movement of advanced attacks, like ransomware or business email compromise, in a good way. Specific measures and configurations are implemented within the tool that will help us detect advanced attacks in the early stages. We can set configurations for business email compromise. With the help of artificial intelligence, we'll get insights about emails that may be starting a business email compromise based on specific keywords. It's the same for ransomware and other advanced attacks. The solution's integration into a company will help it be more resilient to cyber attacks. It will help the company prepare for attacks at an early stage and respond quickly, which will help it be more secure. Being an XDR, the solution has detection and response capabilities. With adequate configuration, we can configure the required measures to stop or at least quarantine attacks and isolate the assets involved with the attacks in the early stage upon detection. After that, the manual site comes into the picture, and we do the manual review. Based on our review and feedback, the tool will learn from us and behave better in the next similar incident. I saw a demo about the solution's multi-tenant management feature, and it's a very good feature. It will help big companies with multiple tenants and MSSPs that deal with multiple tenants for users. It will help them to work with multiple tenants by flipping a switch. I'm a big fan of the solution. Having a Microsoft E5 license will help you to cover all the different types of security, including the identity, the endpoint, the email, and even the cloud. I'm just an engineer and work with whatever tool the client provides me. I noticed that many customers have a Microsoft E5 license, but they don't know a lot about the capabilities that come with it. They buy or add other tools from third parties when they have that feature or capability included within the E5 license. Microsoft needs to talk to different customers and show them the capabilities that come with these types of licenses, which cover a lot of features. The integration of Copilot has helped us a lot in concentrating on a single portal to get different insights. This will help a lot to reduce the meantime to respond to incidents by 50%. The configuration of the Copilot assistant is very straightforward and doesn't take more than 30 minutes. After that, when the tool automatically detects incidents and you go to the analysis page of a specific incident, you will find an initial analysis of the whole incident by the Copilot security assistant. You may also interact with it using chat, and it will help you if you haven't understood any specific terms from the initial analysis. It can be configured to automatically respond to specific incidents based on workbooks, which will help us automatically apply the measures to respond to specific incidents for remediation. Microsoft Defender for Office 365 is a cloud-based solution. Since it's a cloud-based solution, Microsoft does all the maintenance for the tool. We are notified via email if there is a shortage or a problem. The SLAs are usually very good, and I have not noticed any problems in the last two years where we could not access the tool. I would recommend the solution to other users because it's a very good solution and one of the best XDRs in the world right now. If you go through reviews from Gartner or other companies, you will see that Microsoft Defender for Office 365 is a leader in the XDR market. It has the capability to collect and aggregate insights from different sources, either cloud-based or on-premises. The integration of artificial intelligence will greatly help final users and security practitioners respond to incidents adequately and efficiently. Overall, I rate the solution an eight out of ten.

I would highly recommend it as it offers numerous features that can significantly enhance your security posture. Overall, I would rate it ten out of ten.

Microsoft Defender for Office 365 can stop evolving threats, which provides peace of mind. The solution has helped us discontinue other security products. It has helped us save time and money. I rate the product a nine out of ten.

Integrating identity and access management into Microsoft 365 Defender is important for my customers and me. The ability to centrally manage these aspects within the platform is highly valuable. Rather than navigating through numerous consoles to verify various aspects, having almost everything in a single location saves time. This integrated approach streamlines operations and reduces the complexity of learning and managing different products. Nowadays, everyone uses not just Microsoft products but also third-party ones. It would be good if Microsoft could make its security tools work with all kinds of software. Nowadays, there are so many cyber attacks and security threats. Having one product that can handle and manage all these threats across the board is beneficial. We have stopped using Trend Micro in a couple of places. I am not sure if it was due to cost or pricing. The product is more convenient to manage, and it saves time. Instead of navigating through different controls, having everything in one place allows the security team to take action on threats or issues. I rate the product a nine out of ten. I have used it for security and compliance. In my experience, they're doing quite well; it's a good product. If people are considering Microsoft products, I would say, why not? It's just that support during implementation could be better sometimes. However, it's a good product with frequent updates.

Unfortunately, I can't speak much about the visibility into threats that Microsoft's security solution provides. I am unsure if the solution helps our organization prioritize threats across our enterprise, but I think it does. I get to leave the security part to be handled by the smart security personnel in my company. I believe that Microsoft's security solution helps automate routine tasks and routine finding of high-value alerts. It is not my area of expertise, but the security team in my company seems to be pretty happy with the vendor. I think the solution's threat intelligence helps my company prepare for potential threats before they hit us and helps us take some active steps. I know that my company's security team is very aware of what Microsoft does, especially with Microsoft Defender and its related products. My company's security team is better equipped to stay at the front of any curve. My company's security team had approached me to speak about Microsoft Teams and asked me to tweak certain settings based on industry standards and the developments Microsoft has been coming forward with lately. The aforementioned aspects explain how threat intelligence affected my company's security operations. Microsoft's security solution has helped my company save a lot of time, as we believe in being more proactive than cleaning up the mess at a later stage. I am sure that the product helps my company save money, especially since it aids us in finding threats before they actually become a reality. Probably, my company saves millions in terms of money since we don't have to clean up any mess as the product has already prevented it. I believe that the solution has helped my organization decrease the time to detect and respond to threats, but I can't explain how or how much. I would suggest that others who plan to use it just find the right contact within Microsoft, work very closely with them, and lean on them as much as needed. I rate the overall tool an eight out of ten.

Microsoft Defender for Office 365 is efficient and picks up threats before they pass on to the systems. The tool's automation has made us more efficient in our daily tasks. The solution saves much time since you don't have to reimage the computer after an attack.

The flexible tool helps hide windows from people trying to control the PC's remote. I rate it a seven out of ten.

I would rate Microsoft Defender for Office 365 eight out of ten. I would rate the comprehensiveness of our integrated Microsoft products for threat protection a six out of ten.

I would rate Microsoft Defender for Office 365 a seven out of ten. The solution meets my expectations, but I would appreciate information on current threats and an increase in the level of intelligence gathering to be more proactive. It would be helpful to receive information on steps I can take to prevent potential threats, as our organization might be a target based on the threat intelligence it has gathered. I have had a couple of Microsoft resellers try using Sentinel with my organization. Perhaps it was due to the configuration, but it didn't seem like there was much setup required. Essentially, we weren't able to see as many details as we expected, likely because we already have an in-house sync solution, and we were attempting to integrate Sentinel alongside it. Consequently, we also continued using the other solution. However, what we obtained from Sentinel, didn't provide us with much information compared to our existing solution. This is why we decided not to proceed further with the Proof of Concept for Sentinel. It's possible that the reseller didn't configure something properly, or maybe it didn't demonstrate some of the things it was supposed to. But based on our end-user experience, we didn't receive sufficient information from Sentinel as we do with our current solution. Hence, we made the decision not to move forward with the POC for Sentinel. It is not advisable to engage with different vendors. This is because there will be instances where issues arise, and a particular vendor may not take responsibility for the problem. Dealing with multiple vendors makes it challenging to accomplish tasks efficiently, as we often find ourselves unsure about which vendor is accountable for each aspect. On the other hand, opting for a single vendor, even if they cannot fulfill all our requirements, is still preferable. This choice allows us to have a clear point of contact when something goes wrong, and the integrations are smoother. Additionally, using multiple vendors can lead to integration problems. To properly utilize Microsoft Defender for Office 365, we must first acquire an Office 365 subscription. If we are already using Office 365 and seeking enhanced protection, Microsoft Defender for Office 365 becomes an obvious choice. It offers seamless integration and straightforward usage. To proceed effectively, we need a clear understanding of the users requiring protection and precise guidance on configuring the policies to ensure they provide the necessary protection effectively.

Overall, I would rate the solution an eight out of ten. The reporting features have room for improvement.

I rate Microsoft Defender for Office 365 nine out of 10. Before deploying Defender, you can compare its engine with that of Symantec, Trend Micro, and other brands.

Overall, I would rate the solution a nine out of ten. I would definitely recommend using the solution.

If I were asked whether to go with a single vendor or multiple vendors for security, I would say use multiple vendors. We are using Microsoft for collaboration, email, chat, and security. It's like having the wolf secure your house. Having different vendors would help give you different visibility and data and different people managing different solutions.

I give the solution a six out of ten.

I rate Microsoft Defender for Office 365 an eight out of ten.

I rate Defender for Office 365 a nine out of ten. If you could find a better solution than Defender, I would take a look. I originally went with Mimecast because they seemed to have a better product, but that's no longer true. Microsoft Defender is better than Mimecast. I used Mimecast for four years before switching. It used to be better, but now it isn't. You go with the best. Diversifying it is not helpful. Microsoft is finally doing a good job doing this email protection, they didn't do well in the past, but now they are.

I would rate this solution as nine out of ten. My advice for other people who are in security is to try Defender. It's much better than other top security appliances and it's completely affordable. For large and medium enterprises, it's definitely worth trying because applications like OneDrive require constant monitoring. Multiple security solutions must be monitored constantly, and the maintenance cost will be much higher. Dependency issues will arise, and you will need multiple support people to troubleshoot issues. Sometimes the issue won't be found if it involves multiple dependencies from other vendors. We prefer to go with a single-vendor product like Microsoft because of their support.

We have not faced any incidents so we are not able to comment on how well it handles them. But in our organization, we are using basic antivirus software and that aspect is covered in that solution as well. It also has functionality for prioritizing threats but we have not implemented it. The solution does not require much maintenance. There is the setup and it is mainly a matter of monitoring after that. When you consider a best-of-breed strategy versus a single vendor's security suite, I prefer a single vendor because of the failure points. If there are interconnected failure points, there is a single vendor to work with to fix them and identify the gaps. And when it is within the same ecosystem, the product releases are compatible with each other and, together, give us more value. While a multi-vendor strategy has its benefits, if we stick to a single vendor for the entire stack, it is a better scenario in which to manage and monitor. If you're using Office 365, Defender for Office 365 is the default primary choice. There are no shortcomings in it, that I have seen, that should make someone look for an alternate solution. It is the default choice for this particular use case and it serves its purpose.

I rate the solution eight out of ten. Multiple integrated Microsoft solutions work natively together to deliver coordinated detection and response across our environment, and we Microsoft Sentinel to our clients. It's a SIEM tool, and once we configure Defender, we can push alerts to Sentinel, which is valuable. We leverage Sentinel's SOAR capabilities with the help of Logic Apps, and many libraries are available to make automation easier. However, some complexity is involved in developing Logic Apps, so it requires some expertise.

Overall, it is a very good solution. We estimate that we have a 30-35% time savings thanks to this solution. My primary focus is the compatibility with Microsoft 365. If a solution is compatible and gives good results, then it's fine with me. I've been unable to find a solution, apart from Defender, that gives us flexibility for end-to-end security and is compatible with Office 365. I would rate this solution as a nine out of ten.

In terms of a best-of-breed strategy rather than a single vendor security suite, a single vendor security suite is good when it comes to deployment and manageability. It's easy.

I rate Microsoft Defender for Office 365 a seven out of ten.

I rate Microsoft Defender for Office 365 a nine out of ten.

We haven't had a review recently, so I can't say that this is the best solution on the market. Things are evolving all the time with new features constantly being added to all solutions. For now, I would rate this solution seven out of 10.

While the deployment is a hybrid model, we have migrated all the mailboxes to Office 365. We are completely running the services from the cloud. I'd rate the solution at a seven out of ten. there's always room for improvement. It's a bundled offer. When we procured the licenses of Office 365, it came up under those licenses. We are not using any other product, so I cannot say or I'm not in a position to say that any other product is good or Defender is not good, as I am not using any other product.

I rate Defender a seven out of ten because it's easy to operate and maintain, but it could be improved by spam and phishing detection.

I'd highly recommend reading the documentation. It was pretty helpful in getting the solution set up. I rate the solution eight out of 10.

It is a good product, but its price is the most critical point for consideration. In terms of technology and capability, I would rate Microsoft Defender an eight out of 10.

I would recommend the solution because it's very helpful as a scalable and resilient solution. It's useful for our users here every day. On a scale from one to ten, I would give Microsoft Defender for Office 365 a nine.

I would advise others to do a proof of concept for at least a month before taking a decision. I would rate Microsoft Defender for Office 365 a eight out of ten.

The solution is really good, but not perfect, nothing is. They have done a very good job, they just have a little ways to go. The way their documentation is constructed, connecting the dots holistically is something people find hard and that is the reason they call people like me because I know how to connect the dots. I rate Microsoft Defender for Office 365 a nine out of ten.

I feel Defender is a product that is good enough, especially for small to medium-size businesses. I would rate this solution an eight out of ten.