Microsoft Defender for Endpoint Reviews

It is the end defense against anything coming into our computers and through other channels, e.g., we have some other measures. A lot of our users use Microsoft Remote Desktop Services, so all our servers are locked down. The solution handles what nothing else finds along the way. It is a standard endpoint for computers, servers, and tablets.

What the user doesn't see or experience, the user is happy with. Every time our other services go in and put a stop pop-up in front of what they are doing when they want to visit a website, but the browser says, "No," or they are trying to download a link and then says, "Oh, no. This is dangerous," that upsets users because they can't do what they want to do. As long as we don't get any of that, then users are happy. If users don't feel it or know about it, then they are happy. Everything else will make them unhappy.

Our end users expect to be protected and that everything works. When IT doesn't work as they expect, then they get unhappy in some form. We kind of forced this solution upon them, so they don't have a choice. As long as it doesn't meddle with their normal work, they are fine. For example, when GDPR hit us in May of 2018, that was upsetting because they now had to do some of their work a little differently. So, they don't like GDPR because it interferes with their normal workflow. Normally, users come to me if they have issues with anything. However, if everything works as expected, they are happy. In addition, they expect that they are protected.

When you have something fail and you have three or four different vendors where the fail might be located, everyone just says, "Well, it's awful." Then, you have to go and find out where the fault is. That is really annoying and can cost the business money. For that reason, if I can have one single point of contact when I have a problem to help me out, and say, "Let's find the solution." That is much better instead of having me contact multiple companies to track errors down.

The protection will always need improvement:

• From a technical standpoint, I would like better artificial intelligence on how it does its stuff in the background. It will always be behind. However, at some point, it would be nice if it could get better. It is not bad, but it could always be better.
• From an audit point of view, our auditors would like to have more reports on how things are used, if things go wrong, and how they went wrong. For example, if something got a warning, "Why?" So, we would like more versatility for tracing and reporting. That would improve the product, as long as the user interface doesn't get bogged down.

I have been using the current solution since 2014.

We haven't had any issues. I haven't had any bad experiences. I expect it to work, and it works. It is just there. For example, when you have Word or the whole Office package, as long as it works, people are happy. You just have it, and you don't have to say, "Oh, this version is really..." It is just Microsoft. For most users, Microsoft is Windows, Defender, and the Office package. As long as you just use that, then people will say, "Okay, we're just basically using Windows." They don't care about one thing or another, as long as IT works.

As long as things are slowly upgraded, it works, and we don't have any issues, then I am happy.

I let my outsource company handle scalability. I only get involved if there are issues.

We have 50-plus servers with around 125 to 150 endpoints.

Our consultancy has a deal with Microsoft where they can get access to Microsoft directly. We are part of that deal. When we have issues that need some type of Microsoft input, we can get it. However, I will let the consultancy do that. I wouldn't do that myself.

We use different email solutions and web solutions to handle incoming and outgoing traffic. However, we have not previously used another endpoint protection solution.

In 2014, we upgraded from Windows 7. It was a completely new deployment of everything. Every server, every endpoint, and even the old laptops and desktops were upgraded. So, it wasn't just Defender. Microsoft Defender wasn't really the issue, as it worked. We had a lot of other IT that was annoying, but I don't remember that we had any struggles with Defender.

Microsoft Defender is always running. It is doing its job, so it is fine. I don't have any issues with the way it was implemented or how we are running it. We have been upgrading IT throughout the years, but there have been no issues.

We had a migration deadline set by our mother company. We had to stop using Windows 7 and server 2003 by 15th of June, and we started in April. So, it was done in just under two months right before June 1st.

We are part of the aircraft industry. We have been going downhill for some time, and now we are sort of going up again. At the time of purchase, we simply bought the outsourcing with the solution, meaning we would get this many machines and servers using these services. They kind of supplied everything.

We outsourced the deployment to another company at that point in time, who put up all the consultants and stuff. Before that, we had everything internally and on-premises. At that point, we moved it out still on-premises, but not in our own house. So, we built a separate system, then moved users over.

We didn't have Microsoft in to specifically help us.

The administration of this solution is outsourced. We use a consultancy who has 50-plus employees/consultants. They take care of nearly all services: Defender, Teams, SQL, etc. I then only have to talk to one or two people who are specialized in what needs to be done.

I have been very happy with our current IT services provider. We have had them for about a year. They took over from the old consultancy who installed our IT in 2014. Our current consultancy took over in 2020 because I wasn't so happy with the old guys.

It provides peace of mind with really good pricing. It won't be upsetting my budgets or anything like that.

Our outsourcer handled the decision that we were to use Defender, Remote Desktop Services, etc. They just said, "If you choose us, this will be your solution." It came as a package. Unfortunately, that company was bought by another IT services company, who bogged everything up. The service went downhill and stuff didn't get upgraded. So, we switched to another Danish supplier with whom we currently are happy.

Go for it. It is a standard solution. If you use Windows, you might as well go for Defender. With this solution, you have your normal dependencies within Microsoft. This means that you don't have to talk to another company; you talk directly to Microsoft. Some people might go for something else, and that is fine too. However, depending on how big your company is, if you are a small or medium business, you may want to have as many eggs in one basket to have fewer points of contacts.

It is a good endpoint. All the administration is handed over to our outsource partner. So far, it has been good. We have been using it for years, so it is the de facto standard for us right now.

As far as I know, its capabilities are okay. It is up there with the rest of them. Sometimes, this is what Gartner says is the best, the next best, the 10th best, etc. That will always change. As long as we don't get hit, we are fine. If we get hit, then there are questions around what we can expect from it, what we can get out of it, what help did we get, etc., but I would let my outsource partner deal with that. Directly, I don't have my hands on it.

I would rate this solution as an eight out of 10.

We use Microsoft Defender for Endpoint for protection, asset onboarding, and service onboarding. We primarily focus on Microsoft-based endpoints. Specifically, we look for processes to determine if malware, viruses, or adware have been installed.

Microsoft Defender for Endpoint helps prioritize threats across our enterprise. The solution notifies us of new vulnerabilities, including those that have been published, exploited, or are being exploited, and it provides some visibility into these threats.

Microsoft Defender for Endpoint has a significant impact on reducing the number of affected machines. I personally write custom detection rules to analyze the environment and look for specific patterns, such as ransomware. Although some of the pre-built detection rules in Azure on GitHub are useful, they are not as flexible in terms of use cases. Therefore, it makes sense to write custom rules instead of importing the pre-built ones.

Microsoft Defender for Endpoint helps automate routine tasks and helps automate the finding of high-value alerts.

Microsoft Defender for Endpoint improved our security posture and operations by automating some of the mundane tasks, such as analyzing alerts. This allows us to focus on incidents that were created from specific individual alerts.

Microsoft Defender for Endpoint saved us time in terms of operational and C- CERT security. It reduced the amount of time we spend analyzing what happened on a particular endpoint, which processes were started, and which ones were suspicious. For example, it helped us to quickly identify suspicious installation protocols.

Microsoft Defender for Endpoint reduced our time to detect and respond by 25 percent.

Endpoint's most valuable feature is deep analysis. It provides a lot more in-depth findings. However, it only analyzes portable files with the .exe and .drl extensions. It does not analyze other file extensions. Additionally, it does not provide all the necessary information about the file's memory usage or size. I have to download the file to my computer to do further analysis. Therefore, the size of the application that the deep analysis analyzes is the only other red flag I can think of.

Microsoft Defender for Endpoint does not provide much flexibility in terms of threats. It only looks at what is currently in the environment. It does not provide flexibility like threat modeling, where we can provide our own threat model within the environment. This would allow Defender to provide us with feedback on threat intelligence that is tailored to our organization's needs and threat landscape.

Microsoft Defender for Endpoint's deep analysis shows that it works well with Microsoft's standard applications. However, it does not function as intended when used with Unix or Linux distributions. Therefore, it would be beneficial to improve support for other systems.

I have been using Microsoft Defender for Endpoint for one and a half years.

In terms of resources, I believe the solution is more resource-intensive because I can initiate multiple automated investigations, which will likely take a day or two to complete.

Our organization has thousands of people using the solution.

I give Microsoft Defender for Endpoint an eight out of ten.

No maintenance is required from our end.

I believe a best-of-breed solution is better because it eliminates some of the limitations of applications that do not provide solid stability in terms of detection time, response time, and eradication. This is because a best-of-breed solution is designed to be the best in its class at each of these tasks. As a result, it can identify threats more quickly, respond to them more effectively, and eradicate them more completely.

When evaluating the solution, we must understand how our environment is structured. Is it a hybrid environment? Does it have Unix, Linux, or Microsoft distributions? And within those distributions, do we plan to purchase multiple enterprise systems to cater to each individual distribution?

I am using Defender for one of my customers. 

We use Defender with Sentinel, so we can see everything from one dashboard. You can also use the 365 security portal to manage all your Microsoft solutions, but Sentinel covers the entire estate. It has automation features, but I am not the one who configured that. A separate team does that for the customer. 

Defender helps us be more proactive about security with suggestions on how to improve. It provides a Microsoft security score for 365 and Azure, both of which are helpful. 

Defender saved us time. I believe it saved the customer some money, but I could not provide exact figures.

Defender's analytics are much better than CrowdStrike's. It has the ability to intelligently learn and respond to threats. We conducted a simulated ransomware attack to test it, and Defender detected it faster than CrowdStrike. 

My customer is also happy with Defender's interface. It helps them prioritize threats across their environment. We also use Sentinel and Defender for Cloud. I also tested a VM deployed with Defender that reports back to the 365 portal. It's easy to integrate Microsoft security solutions. All of the solutions work in concert, and they're synchronized. I have no problems with integration and can see the entire landscape. The protection is comprehensive. I'm impressed. I have no complaints about the product.

The bidirectional sync with Defender for Cloud is crucial. If I check the other side of the signal, I can update the source of the alerts. It's vital to have a bidirectional connection for analysis and feedback. 

The documentation could be better. When they update their manuals, sometimes they refer to products by their old names, so it is a little confusing. For example, the documentation might still say "Advanced Threat Protection" instead of Defender for Endpoint. 

I have used Defender for Endpoint for three months. 

I rate Defender a nine out of ten for stability. 

Defender scales well. 

I rate Microsoft's support a nine out of ten. They were impressive. Microsoft has excellent support engineers.

Positive

I previously worked with CrowdStrike Falcon. Defender is more effective because it identifies more threats than Falcon.

I rate Microsoft Defender for Endpoint a nine out of ten. If someone asked me whether a best-in-breed or single-vendor strategy was better, I would say there's no right or wrong answer. It's better to use one vendor from an integration perspective because it's easier to set up. 

A single-vendor approach also simplifies support. For example, if you use CrowdStrike, you might be using Splunk as your SIEM. When you open a ticket with CrowdStrike, they will only be able to answer questions about their own products. 

We use it for security purposes. It provides important security for some critical systems, such as network devices.

For securing access, USB security helps us block our USB ports and that ensures that users do not plug USB drives into their computers.

In addition, our efficiency in the way we handle our processes has been improved because the solution automates routine tasks and helps find high-value alerts.

It has also saved us a good amount of time, something like 15 percent, while decreasing our time to detect and our time to respond, each, by 5 percent.

It automatically detects intrusion and malware.

It's also easy to use. The interface is user-friendly and the navigation is 
not difficult. It is very easy to move from one hyperlink to another, to move from one solution within the platform to another solution.

And in terms of categorizing the info and the actions that need to be done, it helps you to prioritize threats. That is very important.

The time it takes to restore the application could be improved. It has a lot of dependencies. It's not like the Microsoft security that comes with the OS. Updating through the command prompt, most of the time, it takes some time to download some of these dependencies. They need to make the download of the dependencies more efficient.

I have been using Microsoft Defender for Endpoint for more than five years.

The stability is okay.

It is scalable. We use it for multiple departments, teams, and locations. We have over 5,000 users.

I would rate Microsoft's technical support at seven out of 10, because of the time it takes them to respond. But when they finally respond, they give us complete attention and things are resolved within the SLA.

Neutral

Before Microsoft Defender for Endpoint, we were using McAfee.

We constantly get updates from Microsoft that are light and they don't really affect us while we're working. The updates have been very helpful.

I would recommend Microsoft Defender for Endpoint.

Our server is on Azure, so we get alerts on Microsoft Defender. If it's an endpoint alert, we investigate the endpoint based on the type of endpoint it is, whether it's a computer or a phone, et cetera. We then figure out what kind of file was downloaded, if it was bad or good, based on the hash file. 

We also use Microsoft Defender for Office 365 for email, where we get alerts based on phishing emails, spam, and we investigate them. We also do Sentinel queries, with KQL (Kusto Query Language).

Automation has had a positive impact. When we have a lot of false-positive alerts, we are able to set up a condition in Microsoft Defender where it will automatically close that as false. I don't create those conditions, that's something our security engineer does, but it makes my job easier.

Also, threat intelligence helps against potential threats before they hit. You can actually block and delete the emails from MDE whenever you detect them, or when they report, "Hey, this is a phishing email or spam email." It's also able to block and detect a bad or phishing URL. It has decreased our time to respond because if it detects a URL, we're able to automatically block and delete it before a user even sees their mailbox the next morning. It's very fast in detecting and we like that.

As a SOC, it has saved us time, on the order of 60 percent of our time.

The Microsoft Sentinel part is the most valuable when you have to search for the malicious folder or file the user downloaded. We use it to ingest data from our entire ecosystem and that is very important if we have to go back 30 days and investigate cases, and we need more details. It's able to ingest that much data. That's pretty important.

Sentinel also enables us to respond holistically from one place and that's good for my job. It makes it easy.

Also, the visibility into threats that the solution provides is pretty awesome. I had never actually seen this type of technology before. It was the first time I had exposure to the cloud. This is something that makes me think, "Wow, okay. If I had my own organization, I would probably get this too." It stops the threat before an employee gets phished or something gets downloaded to their computer. Even if it gets downloaded to the computer, it doesn't spread to the other networks, because Defender will automatically block it.

Another thing that is pretty awesome is that our Microsoft security products work natively together and deliver coordinated detection and response throughout our environment. As a SOC person, it makes my job very easy.

When it comes to the comprehensiveness of the threat protection from these products, so far I have seen how it's able to pick up the smallest script that is hidden in any type of malicious file. It's so good. And it gives you all the details: what kind of script was run, what kind of hash file, and what type of command was run. I'm pretty happy with it.

If there were more template queries in the library, that would make it much easier. They could have basic things, like, "Where's the IP for this user?" or, "What file was downloaded from this user?" If there were more of those basic queries that would help. I haven't seen basic ones, but there are a lot of advanced queries, where people need to know the KQL language to understand them. I'm still learning so that's why I'm providing that feedback.

I have been using Microsoft Defender for Endpoint for almost a year.

The stability has been really good so far. I haven't seen it go down or have an issue where it didn't work. 

We have had some integration issues when something breaks, but that's just occasional. So far, it's good.

We have it deployed across various departments. The IT users have more privileged settings.

When I started with this company we used Splunk before we switched to Sentinel. We switched because Sentinel seems way faster.

I wasn't involved in the setup of the solution, but when it comes to maintenance, we have security engineers who maintain our alerts, in case there are false positive alerts coming in.

Work on Sentinel. It has a lot of power versus the Microsoft Defender solution.

We used it as an EPP and EDR solution. 

Microsoft Defender made the work quite easy because we didn't have to rely on multiple tools, and we could look at one thing. It had a specific endpoint-level reporting standard as well where you can see the vulnerable threats and the outdated versions. It was very convenient.

We had certain compliance and usage issues. For example, our company wanted to go with CIS, but we didn't have a proper way of measuring whether the endpoints have the right standards in place or whether they were compliant with CIS. Microsoft Defender was like a one-stop for most things because it gave us the vulnerability and patching scores so that our vulnerability management teams can focus on covering up the vulnerabilities and the patching team can check the vulnerable versions and deploy the right versions. It had multiple advantages for us in terms of patching, vulnerability management, adhering to security standards, and EDR and AV capabilities. 

Microsoft Defender was pretty interesting in terms of visibility. When we compare the solution that we had before with Microsoft Defender, there is almost a night and day difference. Microsoft Defender is pretty advanced with the threats. We used to run, simulate, and see whether we were prone to the latest vulnerabilities. It was a pretty good solution in our experience.

It definitely saved us a lot of time. I don't have the metrics, but because it was a one-stop place, we didn't have to navigate through all the controls and go from one place to another to look for different reports for each section. We had one tool that could do everything in one place. It would have definitely saved us nearly one-fifth or 20% of the time. It would have also saved money because you rely on one single tool for multiple things. When you go with the premium suite, you get other tools as well. There is definitely a cost-saving aspect.

It came in a suite. There were multiple other products that were included with it as well in the premium suite. Another factor was that you don't have to invest in two products, and you can get both components, the EPP and the EDR, in one. You can also do simple vulnerability management, CIS hardening, and things like that from Microsoft Defender. Those were the main reasons for considering it back then.

I haven't used the product in nearly eight months. I use it on my device, but I haven't used it at an administrative level. Previously, with Microsoft Defender, we used to have certain problems with the Mac machines, but later on, they came up with various ways so that we could use the MDM solution to do the job. They provided pretty good support. Their engineers came and tried to figure out the solution.

I'm not too sure of its current capabilities, but I'm pretty sure they are doing a good job on Windows and Mac. However, I'm not sure whether they covered Linux. If I remember correctly, Microsoft Defender didn't have anything proper on Linux back then, but if they have improved it from that aspect, it would already be ticking all the boxes.

I have used Microsoft Defender for eight months to one year in my previous organization.

In comparison to the other solutions that I've had experience with, Microsoft Defender was very good.

It was definitely scalable. In my previous organization, we enrolled more than 20,000 endpoints.

It was pretty good. At that time, Microsoft Defender was very new. When they released it for Mac, that's when we got hold of them. There was a time when their support engineers learned certain things from me about it, and I also did learn something from them. It was a win-win situation for both of us.

I would rate their support a seven out of them. The level of support depends on the complexity of the issue. If an issue is small, anyone can solve it, and it wouldn't take much time, but when you run into a complex problem, you need proper people coming in quickly and giving you some support after looking into the issue. Ideally, if they are very well-trained at all levels, that would be good.

Neutral

We had other products for antivirus and EDR. We removed those two products and replaced them with Microsoft Defender. They both were pretty good solutions in the market back then. One of them is a pretty good solution even now.

We found Microsoft Defender pretty good when we did the PoC as compared to the rest of the tools. Some of the solutions were only antivirus, and some of them were only EDR, whereas this particular tool had a lot of features built into it. So, one agent could do many things. Another reason for going for this solution was that the company I used to work with was a bit biased toward Microsoft. They were a Microsoft customer, and they were comfortable with Microsoft. 

The reliability of support was one of the reasons why we chose Microsoft. When it comes to tools, there are always requirements related to budget, level of support, and other things. When you go for a PoC and look at the demo, you might think a product is stable, but when you run into a problem, the support could be weak. In such instances, what's the use of the product if you don't have good support or if they take at least two to three days to solve a small issue?

I handled the Mac machine part of it. Initially, setting up policies and getting all the configuration profiles in place was a bit of a challenge because they didn't have proper documentation at first. During the PoC, there were not many documents or support articles, but when we were in the deployment phase, they had everything, even specific to particular MDMs, which made it very smooth. We ran into a couple of small problems, but that's pretty common in every deployment. Other than that, it was pretty smooth. 

From Microsoft's side, there is a pretty good deployment strategy in place, but different companies have different objectives and different ways of working. There are situations where certain users and groups might need something specific but other users or groups don't. There could be multiple groups of users with different expectations. So, it is pretty straightforward, but like with any security tool, there could be internal user-level challenges. However, for a company that does not have a very complex environment, it should be a piece of cake. It should be pretty easy.

In terms of our implementation strategy, we first targeted the least impacted devices because we didn't want high-end or critical users complaining about having issues. So, we selected the low-priority users and implemented it for them, and then we tested it out. After that, we implemented it for users with higher priorities. We gradually moved based on the severity.

In terms of maintenance, agent updates are required, which we scheduled automatically. It didn't seem to need much attention. If the product is in a non-complex environment, it won't have many issues, but in a complex environment, there will be some because of VLAN restrictions, network connectivity limitations, etc. We also had issues where agents were not communicating, but it was not because of an issue with the tool. It was mainly because of the complexity of the environment in terms of networking and architecture.

Microsoft Defender decreased our time to detect and time to respond. However, we didn't completely rely on one solution. We had other means as well. We used to have another EDR solution as well, and we used to run both together.

I would definitely agree with a security colleague who says that it’s better to go with a best-of-breed strategy rather than a single vendor’s security suite. For example, if you are a one-vendor customer, the day the vendor gets hit with zero-day or any huge attack, none of your tools or software would work. Your data and other things are also at risk. So, having multiple vendors is good because you'll be covered by different products. 

Microsoft Defender's threat intelligence helps to prepare for potential threats before they hit and take practice steps, but there was another team that was using the threat intelligence and reporting capabilities to see whether the organization was ready. In my previous organization, we had overall IT support, which was then divided into nearly 20 different teams. We had one team specifically to do one specific job. 

For prioritization of threats, if I'm not wrong, Microsoft Defender gives you a severity value. I haven't been in the admin part for long, but it gives you a severity value. Based on that, you can prioritize your threats.

I would rate Microsoft Defender an eight out of ten. 

We are using this product as part of our EDR solution, and we use it in conjunction with CrowdStrike. We are a solution provider and this is one of the products that we deploy for our clients.

This product has features that improve our security posture including good vulnerability detection, maintaining endpoint devices, and unified management. The management feature allows us to manage all of our devices from a single location.

The advanced techniques used by Microsoft Defender are improving our user experience. Our users used to complain that they didn't need certain features, but this was because the legacy antivirus and other EDR solutions were hampering their usage. Nowadays, vulnerability detection is very effective and they are comfortable with the security, as well as the administration, giving them a better overall experience.

The most valuable feature is threat detection. We have been notified of viruses and threats of problems such as ransomware attacks.

The Cloud App Security features are useful.

We apply the DLP policies across a range of endpoints and it is very accurate when reporting vulnerabilities, including those in email attachments.

Microsoft Defender integrates well with Office 365.

Especially these days, with the COVID situation, this product helps us to better reach our users and solve problems. For example, we no longer need to ask them to bring in their laptop to check for and address issues. We can apply policy, automatically define rules, and remedy problems using the central management features. 

It would be helpful if they included XDR features, on top of the EDR functionality. It would improve the capabilities, as XDR solutions are doing better.

I have been working with Microsoft Defender for Endpoint for almost a year, with the E5 licenses.

Stability-wise, it is responsive and I don't see any drawbacks. They have additional features that make it a little more robust.

Scalability-wise, considering the integration that they have, it's good. For example, it can be integrated with Azure Sentinel. We have two or three people who work with managing and deploying this product.

We deploy across Qatar and currently have about 68,000 endpoints protected with Defender. Our usage will increase based on the number of clients we have that buy the product. Ultimately, it depends on the licensing model.

Prior to working with Microsoft Defender, we used CrowdStrike and SentinelOne. We switched because these other products are standalone, and require that we install and maintain them manually. Microsoft Defender is unified and comes as part of Microsoft 365, which makes it easier to set up and manage.

The advantage that these other products have is the XDR features.

The initial setup is straightforward. We deploy this product using Microsoft Intune, which is very helpful. It took us one month to deploy approximately 5,000 users. We had a specific plan that we followed for the implementation. 

I completed the deployment.

This product offers cost-effective threat protection, which integrates with Office 365 and has unified endpoint management features.

We currently use the enterprise-level, E5 licensing scheme. It is a complete bundle that includes the Microsoft 365 products, the Zero Trust solution, and Microsoft Defender.

The E5 license is the one that I recommend because it comes with Cloud App Security, which is a good thing to have on top of Microsoft Defender. It means that you can monitor any threats, sign-in attempts, and other resources whether on the cloud or on-premises.

I would rate this solution an eight out of ten.

Microsoft Defender for Endpoint can be used for protecting personal information and file in my organization.

The solution has saved us time by not having to install separate third-party antivirus solutions.

Microsoft Defender for Endpoint is beneficial because we are using Microsoft Windows and all the core solutions are made by Microsoft, such as the authentic platform, operating system, and antivirus protection. It is a heterogeneous environment. We had to use third-party solutions before and update everything separately. For example, the policy for antivirus. With Microsoft Defender for Endpoint, when Microsoft Windows receives updates it will update with it. This is one main advantage of this solution.

Microsoft Defender for Endpoint can improve by making the reporting faster. It takes some time to reflect back to the administration portal of what has been updated. For example, out of 100 Computers, approximately 90 computers received updates, but when you check the administration portal over one or two days, you will only see 75, even though 90 were updated.

I have been using Microsoft Defender for Endpoint for approximately one year.

The solution is stable.

Microsoft Defender for Endpoint has been scalable.

We have more than 200 users using this solution in my organization.

Previously we used McAfee and Symantec Endpoint. Every five years we change the solution. However, this time we changed to Microsoft Defender for Endpoint because we wanted a unified platform.

When you install Microsoft Windows 10, Microsoft Defender for Endpoint comes with it. There is no installation of the solution other than installing Windows 10. It saves time because you do not have to use any new kind of policy or deployment.

We have a team of three that do the management of the solution.

The solution comes free with Microsoft Windows 10.

I rate Microsoft Defender for Endpoint a ten out of ten.