We have tried Microsoft Defender Threat Intelligence. I have expertise with Microsoft Defender products. I am not familiar with Microsoft Defender for IoT because we did not use that in our environment since we had a different solution.
Cloud Solution architect at a tech services company with 51-200 employees
Real User
Top 5
2025-01-30T13:59:00Z
Jan 30, 2025
We are using Microsoft Defender ATP specifically as an email security solution, as well as for our critical servers as a web security solution. We have almost eleven hundred users utilizing it for email security.
I use the solution in my company since, overall, it is a good tool. You get good insights and details with the product. With the tool, you have good visibility over the underlying vulnerabilities in your environment, so you can act within the time for its remediation and align your vulnerability patching based on criticality and exposure.
We use the product for endpoint security of machines. It includes threat detection, defining compliance rules, and governance policies. It helps us with extracting reports as well.
Learn what your peers think about Microsoft Defender Threat Intelligence [EOL]. Get advice and tips from experienced pros sharing their opinions. Updated: September 2025.
IT Manager at a energy/utilities company with 10,001+ employees
Real User
Top 5
2023-12-01T11:30:00Z
Dec 1, 2023
The solution is used for threat intelligence. The tool enables us to detect potential breaches and react to them proactively. Alerts are sent to our SOC team. Our SOC team investigates whether it's a positive or a negative alert. Depending on the result, a playbook is started.
Testing and Production Engineer at a tech services company with 51-200 employees
Real User
2023-09-06T13:30:25Z
Sep 6, 2023
In terms of threat intelligence, let's take Microsoft Sentinel as an example. We onboard threat intelligence from different sources, such as open-source MISP and AlienVault. We also develop our own threat intelligence signals based on the threats we observe. For instance, Cisco TALOS is another example. We integrate all these threat intelligence feeds into Microsoft Sentinel and create detections based on them. For instance, if we integrate threat intelligence data for specific IP addresses, we create detections to monitor for activity from those IPs. We also conduct hunting based on these feeds. In addition, we use automated tools like VirusTotal and AlienVault OTX to scan entities, URLs, and API connections when incidents occur, providing results on whether they are malicious or safe. These are some of the integration scenarios we typically work on in terms of threat intelligence.
It can be used as an API solution to sign and send threat intelligence to a security operations center (SOC). This allows the SOC to detect and respond to threats more effectively.
From a threat intelligence perspective, we use Microsoft Defender in conjunction with Azure and the cloud for our cloud-based customers. It helps us defend against various types of malicious code, whether it's through email inbounds or uploaded through USB sticks. It offers a wide range of capabilities.
Cyber Security Manager at a manufacturing company with 1,001-5,000 employees
Real User
2022-09-16T10:19:59Z
Sep 16, 2022
We primarily use the solution not necessarily from a user point of view. Rather, we use it from an admin point of view. For example, the Log4j vulnerability. Last year, they released threat intelligence information on that vulnerability, put out the protections quickly, and updated their TVM module. It can easily identify what things are vulnerable and what assets you have that are vulnerable to attacks.
Partner & Director Advisory Services at Cruciallogics
Reseller
2022-08-17T15:27:22Z
Aug 17, 2022
We've used it in many different scenarios, including enterprise and SMB - all kinds of different situations. It really depends on how people want to receive their threat intel. Most people want to keep it in Microsoft using the Defender console. Some people just ask to fill in Sentinel and integrate it with Azure Sentinel. Some people want those events going into their SIM. We've had all of the above use cases.
Microsoft Defender Threat Intelligence [EOL] offers comprehensive security by integrating with Microsoft platforms, retaining data within tenants, and providing real-time threat detection and collaboration. It's designed for both enterprise and SMB environments.Microsoft Defender Threat Intelligence enhances cybersecurity operations by integrating with Azure Sentinel and Microsoft products like Intune and Azure. Its capabilities in endpoint, email, and cloud security ensure robust protection...
![Microsoft Defender Threat Intelligence [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_40/GqfBeX9zWxZG3rC5hyrUo9Aq.jpeg){kind=small}
We have tried Microsoft Defender Threat Intelligence. I have expertise with Microsoft Defender products. I am not familiar with Microsoft Defender for IoT because we did not use that in our environment since we had a different solution.
We are using Microsoft Defender ATP specifically as an email security solution, as well as for our critical servers as a web security solution. We have almost eleven hundred users utilizing it for email security.
The product helps us monitor business devices for authentication and response on all endpoints, servers, passwords, and plans.
I use the solution in my company since, overall, it is a good tool. You get good insights and details with the product. With the tool, you have good visibility over the underlying vulnerabilities in your environment, so you can act within the time for its remediation and align your vulnerability patching based on criticality and exposure.
We use the product for endpoint security of machines. It includes threat detection, defining compliance rules, and governance policies. It helps us with extracting reports as well.
The protection provided by Microsoft Defender Threat Intelligence is robust and effective.
The solution provides endpoint protection from malware.
The solution is used for threat intelligence. The tool enables us to detect potential breaches and react to them proactively. Alerts are sent to our SOC team. Our SOC team investigates whether it's a positive or a negative alert. Depending on the result, a playbook is started.
We use it to monitor endpoints for threats and duplicates on the server and defend identity and trust.
We use Microsoft Defender Threat Intelligence for security. It alerts us on anomalies.
We use the software to scan malware for email attachments by identifying and blocking phishing emails.
Threat Intelligence is a modern antivirus XDR solution that we use to protect the environment, identities, data, and endpoints from attacks.
We use the product to capture the logs, collect data, and understand patterns.
In terms of threat intelligence, let's take Microsoft Sentinel as an example. We onboard threat intelligence from different sources, such as open-source MISP and AlienVault. We also develop our own threat intelligence signals based on the threats we observe. For instance, Cisco TALOS is another example. We integrate all these threat intelligence feeds into Microsoft Sentinel and create detections based on them. For instance, if we integrate threat intelligence data for specific IP addresses, we create detections to monitor for activity from those IPs. We also conduct hunting based on these feeds. In addition, we use automated tools like VirusTotal and AlienVault OTX to scan entities, URLs, and API connections when incidents occur, providing results on whether they are malicious or safe. These are some of the integration scenarios we typically work on in terms of threat intelligence.
It can be used as an API solution to sign and send threat intelligence to a security operations center (SOC). This allows the SOC to detect and respond to threats more effectively.
From a threat intelligence perspective, we use Microsoft Defender in conjunction with Azure and the cloud for our cloud-based customers. It helps us defend against various types of malicious code, whether it's through email inbounds or uploaded through USB sticks. It offers a wide range of capabilities.
We primarily use the solution not necessarily from a user point of view. Rather, we use it from an admin point of view. For example, the Log4j vulnerability. Last year, they released threat intelligence information on that vulnerability, put out the protections quickly, and updated their TVM module. It can easily identify what things are vulnerable and what assets you have that are vulnerable to attacks.
We've used it in many different scenarios, including enterprise and SMB - all kinds of different situations. It really depends on how people want to receive their threat intel. Most people want to keep it in Microsoft using the Defender console. Some people just ask to fill in Sentinel and integrate it with Azure Sentinel. Some people want those events going into their SIM. We've had all of the above use cases.