Senior program lead at a manufacturing company with 10,001+ employees
Real User
Top 20
2023-11-28T10:11:00Z
Nov 28, 2023
The endpoint detection of threats is valuable. The initial detection of things like ransomware and viruses and being able to shut down machines immediately and stop a threat is valuable. We can stop a threat at a source versus allow it to propagate it across the network.
We can react to threats faster and stop them from spreading from one machine to another. It protects from suspicious email attachment downloads. It will lock down the SOC and the workstations.
WPS Security Engineer at a tech services company with 201-500 employees
Real User
Top 5
2023-11-14T12:44:00Z
Nov 14, 2023
Microsoft Defender for Endpoint's WCS function, a content filtering solution, has proven to be the most useful, stable, and reliable option for our current needs.
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
The solution's threat protection is mostly AI and machine-learning based. That is the most important feature of the product. It also offers centralized management so I can remotely manage devices.
For threat-hunting, I'll put some threats in a test scenario. I've downloaded known viruses that are out in the public for testing. They're not really a virus but they've got a signature. Defender for Endpoint will automatically find those, quarantine them for me, and alert me to what it did. It gives me "automated eyes."
Cyber Security Senior Analyst at a security firm with 51-200 employees
Real User
Top 20
2023-01-18T21:21:00Z
Jan 18, 2023
We had certain compliance and usage issues. For example, our company wanted to go with CIS, but we didn't have a proper way of measuring whether the endpoints have the right standards in place or whether they were compliant with CIS. Microsoft Defender was like a one-stop for most things because it gave us the vulnerability and patching scores so that our vulnerability management teams can focus on covering up the vulnerabilities and the patching team can check the vulnerable versions and deploy the right versions.
There are some competitive products on the market, but the best is Microsoft Defender because it's very easy to integrate. That's one reason a lot of clients want Microsoft Defender. It's also very easy to implement compared to other solutions.
Associate Director-Technology Consultancy at a consultancy with 1,001-5,000 employees
MSP
2022-11-21T19:24:00Z
Nov 21, 2022
The most important feature is the way it monitors the threats and blocks them. About 10 days ago, we were implementing SOC for a particular client. The SOC was not yet implemented, but they had Microsoft Defender. That organization was hit by some ransomware, but the hacker could not succeed. Because of the EDR, the hacker could not install the hacking tools. They were trying to do that, but Microsoft Defender completely blocked that. The hacker could log into the system, but they could not install anything.
Assistant Manager - Cyber & Cloud Security at a financial services firm with 1,001-5,000 employees
Real User
2022-10-09T19:38:00Z
Oct 9, 2022
It's very easy to scale because it comes built-in with Windows 10, and you just need to enable it. This can be done on scale using group policies or through Endpoint Manager on cloud or Intune.
Information Security Engineering Lead at a energy/utilities company with 10,001+ employees
Real User
2022-10-09T17:07:00Z
Oct 9, 2022
One feature I like the most is vulnerability management, which shows any vulnerable software or OS present in my environment. Microsoft Defender for Endpoint provides a complete overview and also recommends the steps to mitigate the vulnerabilities or threats. Most of the other antivirus or EDR solutions generally don't provide vulnerability management. It is an add-on that Microsoft Defender for Endpoint provides.
Director of Security at Overseas Adventure Travel Partners, Inc.
Real User
2022-08-28T04:07:00Z
Aug 28, 2022
The best thing I like about it is its interaction with the other Defender products. It provides the ability to push telemetry up. It gives me endpoint visibility and allows me to take automated actions.
Specialist - Collaboration Platform Engineer at a tech vendor with 1,001-5,000 employees
Real User
2022-08-14T13:49:00Z
Aug 14, 2022
Defender for Endpoint has one dashboard with security-related information, vulnerability-related information, and basic recommendations from Microsoft, all in different tabs. That's helpful because if we want to fix only the recommended ones, we can go fix all of them...
The visibility into threats that the solution provides is pretty awesome... This is something that makes me think, "Wow, okay. If I had my own organization, I would probably get this too." It stops the threat before an employee gets phished or something gets downloaded to their computer.
Manager at a recruiting/HR firm with 51-200 employees
Real User
2022-08-04T07:57:00Z
Aug 4, 2022
We had Norton Antivirus before, and with Norton, we didn't have a way to centrally manage a lot of features. Defender allowed us to deploy it from our Office 365 admin console. That is probably the biggest thing that made us go with Defender.
Cloud Productivity and Security Engineer at a tech vendor with 11-50 employees
Real User
2022-07-31T15:20:00Z
Jul 31, 2022
Defender provides useful alerts and groups them. It sends an alert to your portal if it detects any malicious activity, and you can group multiple alerts to form an incident.
Network Engineer at a real estate/law firm with 51-200 employees
Real User
2022-06-28T00:47:00Z
Jun 28, 2022
It is a very advanced system based on AI. It has a very large database of places or sites on the internet where you should not go. It is continuously online.
The integration of Defender, Security Center, and the Microsoft compliance score, is the feature we use most to share the results with our clients and to create a roadmap together.
What I found most valuable in Microsoft Defender for Endpoint is that it's out-of-the-box, which brings more value to the customer. The technical support for the product is also one of the best parts, because it's good, in terms of the product knowledge of the technical engineers.
Assistant Chief Manager at a financial services firm with 5,001-10,000 employees
Real User
2022-04-07T14:48:41Z
Apr 7, 2022
We found that because the endpoint devices are based on Microsoft Windows devices and Windows Defender is integrated with the foundation and the core layer, it makes it more integrated and more agile in terms of responding to any security threats or changes or development
The technical support from Microsoft is very good. We are part of the Microsoft Suite, and from being part of this we have consistent news regarding Microsoft Defender for Endpoint.
Easy to understand and easy to set up endpoint security solution. It's a multifeatured product with web content filtering and automated investigation features. It also has a fantastic vulnerability management dashboard.
It captures data through machine learning, which is built-in on the back-end. It also provides built-in analytics and a threat intelligence feature. It is a one-stop solution that doesn't require an antivirus because it comes prebuilt into Windows 10.
Security Consultant at a tech services company with 51-200 employees
Consultant
2021-09-01T20:09:00Z
Sep 1, 2021
DFE organizational security posture has been a positive experience. We're a Microsoft house. It works. Once it's deployed and once it's configured, it works and our clients tend to be happy with it. I haven't really experienced anyone who has been so unsatisfied with the platform that they wanted to go a couple of different directions, that has never happened to me.
The best feature is the fact that for certain mobiles you can control your corporate profiles versus your personal profiles. That is amazingly important. Apple just supported the separation of corporate and personal profiles, whereas Android has been doing that for quite some time... Because Android supports that, if an Android phone is lost or stolen, I can wipe out all the corporate-related information from that phone and not touch the personal side. I can separate the apps and I can separate the ability to cut and paste between apps.
Azure Engineer at a tech services company with 51-200 employees
Real User
2021-06-21T21:11:00Z
Jun 21, 2021
It depends on the licensing. Most of the customers have got at least a 365 E3 license, and they can use most of the features of Windows 10 Defender. So, anyone who has got an enterprise license can start using those features. Some of the customers have got E5 licenses, and they can use all advanced features. Customers with E5 licenses use the advanced site protection (ATP) features and web content filtering without going via a proxy, which gives the benefit of replacing the proxy. They can get the benefit of MCAS and integration with Intune and the endpoint manager. It is a kind of single platform for all 365 technologies. It helps customers in managing everything through a unified portal.
IT Administrator at dm-drogerie markt GmbH + Co. KG
Real User
2021-06-21T11:01:00Z
Jun 21, 2021
The whole bundle of the product, which is similar to other Microsoft products, is valuable. Ten years ago, you had third-party stuff for different things. You had one solution for email archiving and another third-party one for something else. Nowadays, Microsoft Office covers all the stuff that was formerly covered by third-party solutions. It is the same with antivirus. The functionality is just basic. You have the scanning, and then you also have a kind of cloud-based protection and reporting about your environment. With Microsoft Security Center, you have a complete overview of your environment. You know the software inventory, and you have security recommendations. You can not only see that the antivirus is up to date; you can also see where are the vulnerabilities in your system. Microsoft Security Center tells you where you have old, deprecated software and what kind of CVEs are addressed. It's really cool stuff.
I like that it's easy to deploy because it already comes with Windows 10. Overall, it has all the features that we need. Easy to deploy, comes with updates, and comes with Windows updates. You don't have to really manage or update the signature.
Professional Prospect List Building Service Provider, Email Sourcer, Virtual Assistant at Freelance
Real User
2021-05-31T19:06:00Z
May 31, 2021
A few years ago, when I was using a different product, I was affected by a virus that destroyed everything. Since using Microsoft Defender, I have not had this kind of problem.
Cyber Security Specialist at a healthcare company with 10,001+ employees
Real User
2021-04-26T18:37:00Z
Apr 26, 2021
One of the features which differentiates it from other EDR providers is the Automated Investigation and Response, which reduces the workload of SOC analysts or engineers. They don't have to manually investigate each and every alert on the endpoint, since it does so automatically. And you can automate the investigation part.
Head Of Information Technology at a financial services firm with 1,001-5,000 employees
Real User
2020-12-16T16:00:26Z
Dec 16, 2020
It integrates very well with all Windows workstations or other Microsoft Endpoint products. It also works quite well. So far, I have not had any issue that hasn't been sorted out.
It doesn't use too many resources, so you don't have to install different things.
Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks.
With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to...
The most valuable aspect lies in its automation capabilities, particularly within security automation.
The endpoint detection of threats is valuable. The initial detection of things like ransomware and viruses and being able to shut down machines immediately and stop a threat is valuable. We can stop a threat at a source versus allow it to propagate it across the network.
Microsoft Defender for Endpoint is free and part of the licensing stack of other Microsoft products.
I like that Defender is integrated and doesn't have a third-party payload trying to advertise subscription renewal.
We can react to threats faster and stop them from spreading from one machine to another. It protects from suspicious email attachment downloads. It will lock down the SOC and the workstations.
Microsoft Defender for Endpoint's WCS function, a content filtering solution, has proven to be the most useful, stable, and reliable option for our current needs.
The solution's latest features for threat analysis are updated to provide us with future protection against the latest threats worldwide.
We can run the virus scan across our entire environment.
The antivirus is the most valuable feature.
There are a couple of features, such as isolating the devices or connecting the device and connecting live response.
The ransomware and malware protection is the most valuable feature.
The solution's threat protection is mostly AI and machine-learning based. That is the most important feature of the product. It also offers centralized management so I can remotely manage devices.
Defender's analytics are much better than CrowdStrike's.
The most valuable aspect is information, specifically the automatic investigation of packages.
Defender for Endpoint provides good visibility into threats and has favorable threat intelligence.
For threat-hunting, I'll put some threats in a test scenario. I've downloaded known viruses that are out in the public for testing. They're not really a virus but they've got a signature. Defender for Endpoint will automatically find those, quarantine them for me, and alert me to what it did. It gives me "automated eyes."
We had certain compliance and usage issues. For example, our company wanted to go with CIS, but we didn't have a proper way of measuring whether the endpoints have the right standards in place or whether they were compliant with CIS. Microsoft Defender was like a one-stop for most things because it gave us the vulnerability and patching scores so that our vulnerability management teams can focus on covering up the vulnerabilities and the patching team can check the vulnerable versions and deploy the right versions.
There are some competitive products on the market, but the best is Microsoft Defender because it's very easy to integrate. That's one reason a lot of clients want Microsoft Defender. It's also very easy to implement compared to other solutions.
The most important feature is the way it monitors the threats and blocks them. About 10 days ago, we were implementing SOC for a particular client. The SOC was not yet implemented, but they had Microsoft Defender. That organization was hit by some ransomware, but the hacker could not succeed. Because of the EDR, the hacker could not install the hacking tools. They were trying to do that, but Microsoft Defender completely blocked that. The hacker could log into the system, but they could not install anything.
The investigation aspect is the most useful. It's user friendly and has a good user interface.
It's very easy to scale because it comes built-in with Windows 10, and you just need to enable it. This can be done on scale using group policies or through Endpoint Manager on cloud or Intune.
The threat hunting service is very useful for a security professional.
One feature I like the most is vulnerability management, which shows any vulnerable software or OS present in my environment. Microsoft Defender for Endpoint provides a complete overview and also recommends the steps to mitigate the vulnerabilities or threats. Most of the other antivirus or EDR solutions generally don't provide vulnerability management. It is an add-on that Microsoft Defender for Endpoint provides.
I like the simplicity of the portal and the integration with Microsoft Intune. Microsoft Defender for Endpoint is easy to use and implement.
It doesn't cause the slowness of the system, which is one of the reasons why I like it.
The best thing I like about it is its interaction with the other Defender products. It provides the ability to push telemetry up. It gives me endpoint visibility and allows me to take automated actions.
Defender for Endpoint has one dashboard with security-related information, vulnerability-related information, and basic recommendations from Microsoft, all in different tabs. That's helpful because if we want to fix only the recommended ones, we can go fix all of them...
The visibility into threats that the solution provides is pretty awesome... This is something that makes me think, "Wow, okay. If I had my own organization, I would probably get this too." It stops the threat before an employee gets phished or something gets downloaded to their computer.
You have endpoint security to keep your devices safe. That's the feature that we're interested in.
We had Norton Antivirus before, and with Norton, we didn't have a way to centrally manage a lot of features. Defender allowed us to deploy it from our Office 365 admin console. That is probably the biggest thing that made us go with Defender.
Defender provides useful alerts and groups them. It sends an alert to your portal if it detects any malicious activity, and you can group multiple alerts to form an incident.
It is a very advanced system based on AI. It has a very large database of places or sites on the internet where you should not go. It is continuously online.
The integration of Defender, Security Center, and the Microsoft compliance score, is the feature we use most to share the results with our clients and to create a roadmap together.
What I found most valuable in Microsoft Defender for Endpoint is that it's out-of-the-box, which brings more value to the customer. The technical support for the product is also one of the best parts, because it's good, in terms of the product knowledge of the technical engineers.
It is a straightforward setup.
The most valuable features of Microsoft Defender for Endpoint are the ease of use and it was available within the operating system.
Provides good security features and you can view it in the central console.
We are a Microsoft shop, and Defender is a Microsoft solution that provides some security at a reasonable cost.
User-friendly, offering safety and security.
The performance of Microsoft Defender for Endpoint has been good.
We found that because the endpoint devices are based on Microsoft Windows devices and Windows Defender is integrated with the foundation and the core layer, it makes it more integrated and more agile in terms of responding to any security threats or changes or development
Microsoft Defender for Endpoint's most valuable feature is its ease of use.
The technical support from Microsoft is very good. We are part of the Microsoft Suite, and from being part of this we have consistent news regarding Microsoft Defender for Endpoint.
Stable endpoint manager, antivirus, and antimalware, with fast technical support and a straightforward setup.
I am satisfied with the performance, as well as the security.
Defender is a part of Windows; you just need to enable it. There is no need to install anything.
The installation is straightforward.
Easy to understand and easy to set up endpoint security solution. It's a multifeatured product with web content filtering and automated investigation features. It also has a fantastic vulnerability management dashboard.
Defender is stable enough and is competitive with the other products in the market.
Its threat intelligence feature is beneficial.
This solution smoothly integrates with SIEM.
It captures data through machine learning, which is built-in on the back-end. It also provides built-in analytics and a threat intelligence feature. It is a one-stop solution that doesn't require an antivirus because it comes prebuilt into Windows 10.
The most valuable feature is that it comes with the package, so there is no additional installation of third-party software. It's also easy to use.
In terms of the installation, ease of use, and user interface, Defender has been great so far.
Microsoft Defender for Endpoint is scalable. Currently, we have 600,000 users in our organization.
The ability to integrate into hybrid cloud solutions is relatively simple if you can set it up.
The licensing model and the associated pricing convince many customers.
However, what costs nothing is not worth it.
It is stable and easy to use. Everything is okay, and there are no performance issues.
Defender is stable. The performance is good.
Technical support is good.
It's a very solid security system, and the advanced hunting and everything really lets you dive deep into things.
DFE organizational security posture has been a positive experience. We're a Microsoft house. It works. Once it's deployed and once it's configured, it works and our clients tend to be happy with it. I haven't really experienced anyone who has been so unsatisfied with the platform that they wanted to go a couple of different directions, that has never happened to me.
The solution has an easy-to-use interface, is always updated, and is user-friendly.
It's not really visible for the user - which is a benefit.
The best feature is the fact that for certain mobiles you can control your corporate profiles versus your personal profiles. That is amazingly important. Apple just supported the separation of corporate and personal profiles, whereas Android has been doing that for quite some time... Because Android supports that, if an Android phone is lost or stolen, I can wipe out all the corporate-related information from that phone and not touch the personal side. I can separate the apps and I can separate the ability to cut and paste between apps.
Offers good protection.
It depends on the licensing. Most of the customers have got at least a 365 E3 license, and they can use most of the features of Windows 10 Defender. So, anyone who has got an enterprise license can start using those features. Some of the customers have got E5 licenses, and they can use all advanced features. Customers with E5 licenses use the advanced site protection (ATP) features and web content filtering without going via a proxy, which gives the benefit of replacing the proxy. They can get the benefit of MCAS and integration with Intune and the endpoint manager. It is a kind of single platform for all 365 technologies. It helps customers in managing everything through a unified portal.
The whole bundle of the product, which is similar to other Microsoft products, is valuable. Ten years ago, you had third-party stuff for different things. You had one solution for email archiving and another third-party one for something else. Nowadays, Microsoft Office covers all the stuff that was formerly covered by third-party solutions. It is the same with antivirus. The functionality is just basic. You have the scanning, and then you also have a kind of cloud-based protection and reporting about your environment. With Microsoft Security Center, you have a complete overview of your environment. You know the software inventory, and you have security recommendations. You can not only see that the antivirus is up to date; you can also see where are the vulnerabilities in your system. Microsoft Security Center tells you where you have old, deprecated software and what kind of CVEs are addressed. It's really cool stuff.
I like that it's easy to deploy because it already comes with Windows 10. Overall, it has all the features that we need. Easy to deploy, comes with updates, and comes with Windows updates. You don't have to really manage or update the signature.
Microsoft's technical support is fantastic.
It's pretty easy to scale.
A few years ago, when I was using a different product, I was affected by a virus that destroyed everything. Since using Microsoft Defender, I have not had this kind of problem.
One of the main features is the solution is very light on resources and we do not have any problems with it.
One of the features which differentiates it from other EDR providers is the Automated Investigation and Response, which reduces the workload of SOC analysts or engineers. They don't have to manually investigate each and every alert on the endpoint, since it does so automatically. And you can automate the investigation part.
Microsoft Defender for Endpoint is quite good. We haven't really experienced any issues with it.
We use Microsoft Defender for the antivirus.
The primary advantage is that you don't need to install it. It's included in the Windows 10 delivery.
Its simplicity is the most valuable. It also has very good integration. We like it.
It integrates very well with all Windows workstations or other Microsoft Endpoint products. It also works quite well. So far, I have not had any issue that hasn't been sorted out.
It doesn't use too many resources, so you don't have to install different things.
What I like most is the protection against phishing emails and anti-spam.
It shows us the risky sign-ins, and if a user's password has been compromised.
Provides good vulnerability assessment.
The patch management is very easy, as it can be done automatically or added to a schedule.