There are weaknesses, and Microsoft is working on addressing them. Over the past three to four years, the ATP and other components have improved significantly, and the integration has also advanced. We are using third-party services. While we have Microsoft Threat Intelligence, which leverages Microsoft's facilities, we also utilize additional third-party threat intelligence. As of today, we don't completely rely on Microsoft for certain regions. This is an area where Microsoft needs to improve. Consequently, we use Anomali, a third-party threat intelligence provider. We integrate our product's intelligence with Anomali, from which we obtain threat insights. Microsoft products offer significant advantages, especially in the realm of threat intelligence. It works very well with Microsoft products. However, you might need additional services if you have non-Microsoft products in your environment. For instance, if you use Apple or Linux, Microsoft's solutions alone might not be sufficient. If they can work more effectively, especially with zero-day attack speed and other sophisticated threats, it will help us provide our customers with timely newsletters about new attacks.
There could be a better notification system. Currently, the user sees an icon, but it would be beneficial to have messages prompting them to contact IT immediately or take their device offline if necessary. I would like to see more system automation actions, such as user-initiated tests or more proactive alerts.
Improvement-wise, if it can give the option to patch the updates directly from within the tool, it would be a good thing, which other tools offer currently. The automation part of the product has certain shortcomings and is an area that needs to be improved. The in-built patching option should be given in the tool so that users don't have to route and export or import the patches and then do it. The response time and quality of the support needs improvement. It takes time for the support team to understand the issue, and they then respond with a delay at times, which causes a lot of trouble. The support team should be faster and more knowledgeable. Though the integration capabilities of the product are good, they need to be improved with time.
I would like for there to be extra confirmation that there aren't viruses. Even if the virus detection software is always running there could be hidden applications that are using the computer.
Learn what your peers think about Microsoft Defender Threat Intelligence. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
The solution could have integrated pricing. We have an enterprise license. We still need to pay to activate Defender for Trend Micro Identity. The enhanced pricing model will empower organizations to manage their security costs effectively.
Testing and Production Engineer at a tech services company with 51-200 employees
Real User
Top 5
2023-09-06T13:30:25Z
Sep 6, 2023
One area that can be improved is reducing false positives. They could be more finely tuned. For instance, if we see regular alerts from an IP that isn't malicious, we modify those rules and hunt things to ensure we don't produce more false positives. We do fine-grain the environment. Some procedures could be more refined to reduce these false positives. That's a basic issue I've seen with Microsoft products.
It's difficult to provide direct feedback to Microsoft, even as a Microsoft partner. However, the community out there supports and assists each other if that helps. Microsoft itself is a major target for attacks and threats due to its size and popularity. That could be considered Microsoft's Achilles heel. Being the largest technology provider attracts significant threats. Microsoft is constantly fighting against threat actors trying to breach its technology. So by being the biggest, you attract the biggest threats. I believe Microsoft could play more nicely with other IT security vendors. Currently, if you want your technology to integrate with Microsoft, you have to go through an extensive testing program to ensure compatibility with Azure. So, even the partnership program could be more efficient, allowing for smoother integration.
Cyber Security Manager at a manufacturing company with 1,001-5,000 employees
Real User
2022-09-16T10:19:59Z
Sep 16, 2022
I cannot recall any issues we've encountered or areas that need improvement. Technical support could be a bit better. Clients might prefer a lowering of the price.
Partner & Director Advisory Services at Cruciallogics
Reseller
2022-08-17T15:27:22Z
Aug 17, 2022
We have Microsoft bias. We generally don't have any significant negative feedback or improvement points around Defender, EDR and CMDR platforms. It does a good job across the board. The price point is something they can improve slightly for those who don't have an M 365 E5. I believe it's a $2.80 cents add-on. In Canadian, that's expensive. If they can drop it to a dollar, for those who don't have M 365 E5, they're going to open up market share and increase affordability for an entire market segment in the medium business category. Other than that, we have no major negative feedback.
Microsoft Defender Threat Intelligence is a comprehensive security solution that provides organizations with real-time insights into the latest cyber threats. Leveraging advanced machine learning and artificial intelligence capabilities, it offers proactive threat detection and response, enabling businesses to stay one step ahead of attackers. With Microsoft Defender Threat Intelligence, organizations gain access to a vast array of threat intelligence data, including indicators of compromise...
There are weaknesses, and Microsoft is working on addressing them. Over the past three to four years, the ATP and other components have improved significantly, and the integration has also advanced. We are using third-party services. While we have Microsoft Threat Intelligence, which leverages Microsoft's facilities, we also utilize additional third-party threat intelligence. As of today, we don't completely rely on Microsoft for certain regions. This is an area where Microsoft needs to improve. Consequently, we use Anomali, a third-party threat intelligence provider. We integrate our product's intelligence with Anomali, from which we obtain threat insights. Microsoft products offer significant advantages, especially in the realm of threat intelligence. It works very well with Microsoft products. However, you might need additional services if you have non-Microsoft products in your environment. For instance, if you use Apple or Linux, Microsoft's solutions alone might not be sufficient. If they can work more effectively, especially with zero-day attack speed and other sophisticated threats, it will help us provide our customers with timely newsletters about new attacks.
I would like to see more frequent updates, which is always better for security because of daily threats.
There could be a better notification system. Currently, the user sees an icon, but it would be beneficial to have messages prompting them to contact IT immediately or take their device offline if necessary. I would like to see more system automation actions, such as user-initiated tests or more proactive alerts.
Improvement-wise, if it can give the option to patch the updates directly from within the tool, it would be a good thing, which other tools offer currently. The automation part of the product has certain shortcomings and is an area that needs to be improved. The in-built patching option should be given in the tool so that users don't have to route and export or import the patches and then do it. The response time and quality of the support needs improvement. It takes time for the support team to understand the issue, and they then respond with a delay at times, which causes a lot of trouble. The support team should be faster and more knowledgeable. Though the integration capabilities of the product are good, they need to be improved with time.
The solution could be more stable and precise because, at times, the threats detected are not legitimate.
I would like for there to be extra confirmation that there aren't viruses. Even if the virus detection software is always running there could be hidden applications that are using the computer.
The price could be improved.
The solution could have integrated pricing. We have an enterprise license. We still need to pay to activate Defender for Trend Micro Identity. The enhanced pricing model will empower organizations to manage their security costs effectively.
The tool's onboarding of users that use on-premise or hybrid environments needs to be improved.
The software is expensive.
I would like to see more AI features and capabilities.
There could be AI functionality included for features like reporting and dashboard preparation.
One area that can be improved is reducing false positives. They could be more finely tuned. For instance, if we see regular alerts from an IP that isn't malicious, we modify those rules and hunt things to ensure we don't produce more false positives. We do fine-grain the environment. Some procedures could be more refined to reduce these false positives. That's a basic issue I've seen with Microsoft products.
I would like to see more integration with other solutions. For example, integration well with Microsoft but not with other solutions.
It's difficult to provide direct feedback to Microsoft, even as a Microsoft partner. However, the community out there supports and assists each other if that helps. Microsoft itself is a major target for attacks and threats due to its size and popularity. That could be considered Microsoft's Achilles heel. Being the largest technology provider attracts significant threats. Microsoft is constantly fighting against threat actors trying to breach its technology. So by being the biggest, you attract the biggest threats. I believe Microsoft could play more nicely with other IT security vendors. Currently, if you want your technology to integrate with Microsoft, you have to go through an extensive testing program to ensure compatibility with Azure. So, even the partnership program could be more efficient, allowing for smoother integration.
I cannot recall any issues we've encountered or areas that need improvement. Technical support could be a bit better. Clients might prefer a lowering of the price.
We have Microsoft bias. We generally don't have any significant negative feedback or improvement points around Defender, EDR and CMDR platforms. It does a good job across the board. The price point is something they can improve slightly for those who don't have an M 365 E5. I believe it's a $2.80 cents add-on. In Canadian, that's expensive. If they can drop it to a dollar, for those who don't have M 365 E5, they're going to open up market share and increase affordability for an entire market segment in the medium business category. Other than that, we have no major negative feedback.