What is your primary use case for Microsoft Defender for Endpoint?

I use Defender for Endpoint every day, for example, when a user downloads an unwanted application, we get an alert. Sometimes we have suspicious processes in an endpoint, and we receive an alert for those activities.

We primarily use the solution for security. For most clients, we deploy the solution for security purposes. Some clients just deploy it as part of Microsoft. Some haven't fully set it up even though they've paid for it. Some may be deployed and set it up and then have it disabled.

Very first thing is to be brining "Zero-day trust". 

If devices are covered, enrolled with INTUNE and M365 licenses (E3, E5) are already in place then Defender platform to secured devices is best option here instead of using third party Antimalware tool. 

It is a comprehensive monitoring solution for all user activities and their associated details within our tenant. All data flows seamlessly through Sentinel, streamlining the process and ensuring thorough oversight of our environment.

We use it as an Enterprise Detection and Response (EDR) solution. We use it for compliance purposes, and we are starting to use it for DLP purposes.

We use Microsoft Defender for Endpoint to secure our workstations, laptops, and servers. It helps us to do virus scanning and malware protection.

We use Defender for endpoint security, firewall administration, and antivirus.

Microsoft Defender for Endpoint provides visibility into our workstations at SOC.

We use Microsoft Defender for Endpoint as our EDR solution on all of our user endpoints.

Microsoft Defender is a Windows platform that can be integrated with various solutions. It has a complete dashboard that gives us clear visibility into the total security of things, the endpoint devices connected, and their status. It also gives us information about who has been logged in and at what time. Compared to other solutions, Microsoft Defender for Endpoint gives us more visibility and threat analysis reports.

We utilize Microsoft Defender for Endpoint as our EDR solution, which stands for endpoint detection and response. Through this solution, devices are integrated. If new vulnerabilities or novel attacks emerge, Defender for Endpoint promptly identifies them. It serves as our primary EDR solution amidst the variety available in the market. The current surge in Defender for Endpoint's popularity is attributed to its real-time detection capabilities. Additionally, we can execute SOAR actions, namely security orchestration response. For instance, if we need to isolate a device from the network or run an antivirus scan on a machine, Defender for Endpoint facilitates these tasks. Consider a scenario where one of the devices becomes compromised. During the investigation, if a malicious IP address is identified, it can be blocked using Defender for Endpoint.

We use Microsoft Defender for Endpoint for our antivirus protection.

We use Microsoft Defender for Endpoint for anti-malware purposes.

I use Microsoft Defender for Endpoint to protect my computer when downloading files. Whether it's documents from my email or web browser, this is the first thing I use the solution for. It also provides protection against ransomware. Additionally, the monthly report indicates the number of infected files that were blocked during that month.

We use it for threat protection.

I am using Defender for one of my customers.

We use Microsoft Defender for Endpoint as an enterprise security solution.

We deploy the solution for our customers, typically with Plan 1, as they generally have E3 licenses. We also use Microsoft Purview, the compliance system consolidating every security aspect into its portal. This offers centralized management and tight integration with Azure and Intune, which are identity and device management tools, respectively. Our customers have a variety of cloud providers; Azure and GCP are the most popular, but we have some AWS users too. We use multiple Microsoft security products, including Azure Information Protection and DLP, in addition to the other flavors of Defender, such as Defender for Cloud and Defender for Identity. We integrated all of these products and the integration was easy. These solutions work natively together to deliver coordinated detection and response across our environment, which is essential. The beauty of Microsoft is the tight integration of their various products.

Initially, I was running a different endpoint security program but it did not have a dashboard that met my needs. It would only do on-premises. If laptops, desktops, or VDIs were remote, such as people working from home or in a different office, my VDIs—which are really just on-premises but they're in a separate subnet in VMware, Windows 10, Windows 7, Windows 11, 2008, all the way up to 2022—I could only get the servers that were on-prem. That solution had a management console but there was no integrated console within Microsoft so that I could cover all bases. I deployed Defender for Endpoint and now I'm able to see them in there. For some, I've still got the old AMP on them, but Defender will run in passive mode and let AMP run and report to its own console. The reason I don't want to run AMP, primarily, is that it's a resource hog. Defender for Endpoint integrates it and automatically comes with the Windows operating system or Windows Server Desktop. Plus I can use Defender for IoT and see, on my network—which is a home lab company—my routers, my switches, and, believe it or not, my televisions and refrigerators; the IoT devices that I might have on my network. And that integrates into Defender for Endpoint. And with Sentinel, I'm hoping to pull that into logs that I have for my cloud-based and on-premises-based servers so I have one pane of glass that will alert me if something is going on. It will correlate those logs from Defender on every endpoint and put them into one incident if there are alerts to be had.

We used it as an EPP and EDR solution.

The solution can be used on everything. It can be used on the cloud. You can also use it for on-premises devices, from servers to laptops. It's a pretty good solution to manage devices and servers. Usually, our clients have an on-premises infrastructure and they want to start working in the cloud, especially in Azure. We use Microsoft Defender to manage on-premises devices from Azure. Especially over the last two years, a lot of companies have wanted to focus more on their own business and that's why they have us manage their IT security. The main goal of using Defender for our clients is to do vulnerability scanning and to be aware of any possible security breaches in their infrastructure.

We provide solutions to our customers based on their requirements. We started working with Microsoft products because we saw people getting more inclined toward Microsoft security products. For example, previously, for SOC, we saw more organizations working with Splunk or QRadar. However, over the last six months, we have seen a lot of customers migrating to Microsoft Sentinel because they already have Microsoft products in their environment, and it works better with other Microsoft products.

I used MDE to investigate individual alerts. We were able to initiate AV scans on devices from MDE. That was our normal practice as soon as we pulled up an alert. My understanding was that it wouldn't slow down the throughput or the productivity of the endpoint device. We could theoretically isolate the device via MDE. We also used Cloud App Security, Microsoft Defender for Cloud, and Azure Sentinel. At my last two organizations, they were in the process of moving from Splunk to the Microsoft security suite. It was standard procedure for us to install MDE on Microsoft Defender as the endpoint solution for every device. We didn't have anything on-premises. I have experience with Microsoft Sentinel. We were transitioning toward using that as our SIEM. They encouraged us to learn the Kusto Query Language, which is extremely useful. My organization was in the process of using Sentinel to ingest data from their entire ecosystem. The solution was deployed across multiple departments and multiple locations in North America. It was deployed on a private cloud.

In an enterprise setting, I use the product to protect workstations, and more recently servers, from all sorts of threats, including malware, viruses, trojans, etc.

We use Defender for Endpoint to secure our Windows 10 endpoints and Windows servers. We use Microsoft Defender as an antivirus, and we also leverage the EDR capability. If any malware or threat is present, Defender can take action on those threats and remediate if there are any malicious actors present in our environment. It is deployed on-premises, on the cloud, and on multi-cloud solutions like AWS on Azure. We have a diverse, global environment with devices or servers in Europe, the US, and the Asia-Pacific region, except for China.

We use it to prevent malware attacks.

I have tried so many antiviruses personally, but this one is integrated with the operating system. That's one of the main reasons for considering this.

It is our endpoint protection solution as a part of the full Defender Suite that we use. We use it for every one of our devices, including Macs and Windows. Each endpoint is with Intune, and then the management is done out of Azure.

Once we enroll devices, the Microsoft scanners scan them in the backend and find vulnerabilities for the devices. For example, if our Office version is outdated, or Chrome is an outdated version, or there are any vulnerabilities or security loopholes, they will be displayed in Defender for Endpoint. We go through those vulnerabilities and we try to fix them by creating group policies or by using Intune. If there are any security recommendations in Defender for Endpoint, we fix those assets.

Our server is on Azure, so we get alerts on Microsoft Defender. If it's an endpoint alert, we investigate the endpoint based on the type of endpoint it is, whether it's a computer or a phone, et cetera. We then figure out what kind of file was downloaded, if it was bad or good, based on the hash file. We also use Microsoft Defender for Office 365 for email, where we get alerts based on phishing emails, spam, and we investigate them. We also do Sentinel queries, with KQL (Kusto Query Language).

I'm part of a team that does governance and consulting for migration from Symantec Endpoint Security to Microsoft Defender for Endpoint.

We're using it for endpoint security.

We use a package of Microsoft security products, including Defender for Endpoint, 365 Defender, Sentinel, and Defender for Identity. You can integrate them with a few clicks. They work together natively, and Sentinel provides advanced monitoring, so you know everything happening in your environment. It's essential to have one space where you can manage all these solutions together because security can be complicated. It makes it that much more complex to have to navigate to a different portal for identity, email, etc. It's crucial to have a single place to manage all your security operations, so you don't have to move around. We started with endpoint protection, where you install an agent on your client with a sensor already built in. Once you have that agent installed, the endpoint can report to the Microsoft security portal. You'll be able to see the device onboarded on the portal using some scripts, and you can monitor most of the vulnerabilities. You can also detect, respond and remedy security vulnerabilities from the portal. We added email protection by setting policies that will analyze our email. It analyzes our links and attachments to see if there's malware attached. We move ahead to use Defender for Office 365. We also moved forward with Defender for Cloud, and the solution for our workloads, like VM, our network security group, etc. There is another one called Defender for Identity that lets us manage our on-premises and cloud identity from a single portal.

We are a property investment company, and people here use Microsoft Surface devices for their daily job. We are a Microsoft-oriented company, and we use it for our basic endpoint security implementation. Our entire security is based on this endpoint solution. Sometimes you have centralized security where you scan all traffic going through a central firewall and you also check through several types of solutions. You also check HTTPS connections. Basically, for all the traffic going inside and outside the company, you use a security firewall, and this endpoint solution is actually a firewall solution or security solution that is distributed. So, all the traffic coming from and going into the end-user device is basically submitted for scanning. If you download an ISO on a website or an email, everything is scanned for security to check whether it contains any malicious data. We are using Microsoft Defender for Endpoint Plan 2, which is the enterprise version of Microsoft Defender for Endpoint. We are using the most recent version of it. We deploy it via Intune. The feature is called Microsoft Intune Autopilot. We have a hardware hash. A colleague of mine prepares the configuration and then based on the hardware hash and Autopilot, the devices are completely installed and joined to Azure AD and then to our enterprise. Intune is a Microsoft device management platform that comes with Microsoft solutions. When you buy a new device, based on the hardware hash, it can automatically find that device through Autopilot and do the specific deployment for your company. So, the users can use any type of device, start it, and then it will automatically be joined to our environment.

Our use case is for financial groups and we use it to control malware, as well as for antivirus. Our focus is on using it as an endpoint solution, but we cover the older servers too.

Normally, we use the solution for our workstations.

We use Microsoft Defender for Endpoint for threat protection.

We use this product for our endpoint detection and all the remediation.

We use Defendor for endpoint monitoring. It alerts us when a machine has issues, and we take the necessary steps to resolve them.

It's an antivirus product, so its main use is to protect us.

Microsoft Defender for Endpoint is used for securing endpoints from threats.

We are using Microsoft Defender for Endpoint with advanced threat production. Microsoft's enterprise mobility and security suite fulfills a large number of security strategy requirements for our organization. We are going to use this solution for identity production and for endpoint security. It's a hybrid setup. The advanced threat protection only comes from the cloud intelligence engine. That's something of a new experience for us, but the rest of the components will be on-prem. We are using Microsoft's cloud. The whole suite of security enhancement doesn't just include Microsoft Defender. It also covers many of the features that come with the Windows Enterprise version. With this option, we are actually upgrading to the Enterprise version as well and unlocking those security features which are not available in Windows Professional. Microsoft Defender is a whole suite, which is simply not comparable with a usual anti-virus, anti-malware product.

I am using Microsoft Defender for Endpoint for system alerts of any kind of suspicious items or unusual network traffic. I only use it for personal use. The solution has shown me different kinds of requests from the websites that were made and cookies that have been created. It has provided me with statistics.

We use Microsoft Defender for Endpoint for network and endpoint protection.

We use Microsoft Defender for Endpoint as an antivirus and antimalware solution. We also use it for endpoint management.

Microsoft Defender for Endpoints provides important security for some critical systems, such as network devices.

Defender is basically a protective seal that is used to protect your Windows applications. Whenever you enable it your system is safe. You feel safe and your data and your security are verified by Defender and protected by the Defender seal.

Microsoft Defender for Endpoint gives us a second layer of security as well as the third layer of security. One of them is interested in web security and email security. One of them, similar to Cisco, is a Cisco FirePOWER. These are a compilation or a group of devices for security.

Most of my clients use Microsoft Defender for Endpoint for attack and threat prevention. I always look at the alert page to get alert details. This solution is also used for EDR (endpoint detection and response). We also use it for web content filtering and for completely automated investigations.

I primarily use Defender for web protection.

We use this solution for threat management and pallet management.

I lead a delivery team. I have a team of about 20 technology specialists and we do the deployment for Microsoft Defender. Instead of having a third-party antivirus, then you can have a Microsoft ecosystem for your entire endpoint protection.

My primary use case is as an end-user solution. It helps protect the computer against viruses and malware. It has a firewall option and offers basic protection for an end-user and a home user. If you are a home user, it's a very good solution for you.

We primarily use the solution for cloud security. It was used for threat detection and endpoint to endpoint. The product can be used for organizations that use Microsoft as their primary security defender and need zero-day threat protection. It's good for companies that want to make sure there are no threats or attacks on their information.

Microsoft Defender for Endpoint is integrated into Microsoft Windows and is used for system protection.

Usually, the solution is used in relation to keys management. We implemented a program for it, for the lifecycle of the keys. We've also used it for certificate management.

The solution is used for endpoint detection and response, however, it also has vulnerability management. I don't use that as much as the endpoint detection and response. I use it in combination with Cloud App Security and Endpoint Manager.

The area that I focus on the most is Endpoint Protection. We use Intune to build custom devices and configurations, to push out group policies, and do quite a bit with Azure Log Analytics. I'm writing a script from a multi-home deployment of the MMA Agent. The use case varies a lot, depending on the clients' needs. Our clients tend to be pretty big companies. The smallest client I have is about 600 people. Our biggest client is about 50,000.

I use Microsoft Defender for Endpoint protection on my personal computer.

The solution is used to protect the endpoint. Also, there's an antivirus and then advanced threat protection. It's also detecting threats and sending that to the cloud and correlating that without the events from other parts of the EMS suites. That's primarily what we are using it for. It is also capable of doing some attack surface reduction that you can configure on the endpoint. It's basic protection plus surveillance. It's also an EDR, however, we are not using that.

integrated anti-malware/end-point (without additional costs), as ATP/ATA sensor, Linux local "agent" (recently) and HIDS. 

Our use cases, and the way we deploy it, depend on the different situations we encounter. There may be a company that is already using the Endpoint Protection solution and we have to do a migration. Another scenario is that a company may be migrating away from another endpoint threat protection solution. And there are some companies that are already using SCCM, and we may have to go through one of two scenarios. One is to co-manage with what they call Microsoft Endpoint Manager and Configuration Manager. If they are already using SCCM, and only SCCM, we will typically have to go through a process where we integrate SCCM into Endpoint Manager and then they'll usually bring some endpoints into Intune and they'll do a PLC. They have to Azure AD-join or register a device into that so it can be managed through Intune. They may even co-manage it for a while until they fully onboard into Intune only. A lot of people are looking to get away from co-management and managing through Endpoint Manager. But there are some prerequisites to accomplish that. The endgame for most companies is they want to manage things from Intune only. There are different paths to get there, depending on what they already have in place.

We use this solution mainly for safeguarding online use of laptops.

Our clients use it for antivirus and anti-malware purposes.

We are one of the major drug stores in Germany. We are located in 13 European countries such as Austria, Bulgaria, Czech Republic, and Poland. I'm working here as an IT Administrator, and I'm focusing on software deployment and antivirus solutions. Our use case is that we got to have antivirus. Cyber insurance forces us to have an antivirus solution that meets the requirements the insurance has. In terms of deployment, we're using Defender without ATP in the old world. For domain-joined clients and on the Intune-managed clients, we use Defender in combination with ATP. The on-prem clients are usually old-school domain-joined clients. We have its latest version. We always try to be at the newest version.

We use it to protect computers or endpoints from any malicious software, malware, and other viruses. You have to use this one as part of your overall protection plan.

We primarily use this product to get antivirus protection in a cost-effective way.

We use the most up-to-date version. Our primary use case is for basic EDRs for simple interfaces.

I primarily use this solution for the safety of my PC. It protects me against ransomware and other types of viruses.

We use this solution for business security protection.

We use it for endpoint detection and response. The agent is installed on the endpoint, on the laptop or desktop, but it's a SaaS solution.

Just as the name states, we use this solution to defend endpoints. We're actually in the process of moving away from this solution. We are beginning to use SentinelOne.

There are endpoints that are not in our organization's network but are connected directly to the web. We use Microsoft Defender for the antivirus. We are not dealing with this solution daily, just when there is an issue from time to time.

We use this solution and we also implement it for customers. We mainly use it for its anti-malware and threat protection capabilities. If a client comes to us who uses Office 365, then we suggest this solution. At the moment we have between 10 to 50 customers. We definitely plan to keep using this solution. We're currently just pushing out all other solutions because they're not integrated and they have additional deployment costs. The only thing which is a bit peculiar is that you need to convince the customer that you're not talking about an antivirus solution. If we do, then they end up comparing things that are incomparable.

We are using Microsoft Windows Defender for Windows services because it is the default antivirus and protection solution with Windows Server 2016 and 2019. We are using it for Windows servers, file servers, and active directory.

We replaced our antivirus with Microsoft Defender, and we are implementing three products. We have Microsoft Defender for Endpoint, which is deployed on all our endpoints. We also have Microsoft Defender for Office, which works very well to protect Office documents. We are using this solution for MDM and MAM for the endpoints. We are using its latest version.

We are a system integrator and I specialize in practically everything that is security-related. This is a product that we sell as part of Office 365, and rarely as a standalone solution. Usually, if we have a customer with Office 365 and they need this type of solution then we increase the subscription to a point where it is included. From the user's point of view, this is classic anti-virus software. From a management point of view, this product gives better control over endpoint devices because some processes can be stopped remotely. If you have a person that is watching over the system then they have a higher level of control over endpoints.

We are using Microsoft Defender ATP to prevent anti-phishing, malware transportation, and unwanted spam emails.

We are using this solution for threat detection.

This is an endpoint security product. It helps detect and prevent attacks and is very good when it comes to vulnerability assessment. It automatically detects attacks. It provides support for all the end devices, whether it is a Mac OS, Windows, mobiles, Android and iOS, it has support for all. I mostly deal with smaller and medium sized companies, I don't deal much with enterprises. I'm a customer of Microsoft and I work as a solution architect.

We are a consulting company and we use this product for endpoint protection across the company, as well as for our clients.