Microsoft Defender Threat Intelligence Reviews

We use the product to capture the logs, collect data, and understand patterns.

The product provides smooth functioning for our service desk and the technical team. It helps in efficiently generating reports to update the management.

There could be AI functionality included for features like reporting and dashboard preparation.

We have been using Microsoft Defender Threat Intelligence for more than a year.

The product has high stability.

The product has high scalability.

The technical support services are excellent.

The initial setup process is straightforward. It took us three months to deploy.

We implemented the product with the help of an integrator.

Microsoft Defender Threat Intelligence generates a good return on investment.

The product’s pricing is worth it.

I recommend Microsoft Defender Threat Intelligence to others and rate it a nine out of ten.

We use the product for endpoint security of machines. It includes threat detection, defining compliance rules, and governance policies. It helps us with extracting reports as well.

The platform ensures that the environment is fully protected. Its operational excellence helps us reduce resource costs. We do not need a large team to manage security. The subscription models provide monthly and short-term -plans. We can the number of items scale according to the requirements, and dynamically adjust resources during lean periods. It doesn’t require us to purchase long-term licensing plans.

The product’s most valuable feature is the ability to provide threat detection and protection simultaneously. It doesn’t require additional power for processing similar to other products.

One area where Microsoft Defender could be improved is in its support for non-Microsoft products, particularly for systems running Linux or other open-source platforms across ecosystems.

We have been using Microsoft Defender Threat Intelligence for five years.

We have 7000 Microsoft Defender Threat Intelligence users. It scales automatically depending on the requirements. It is a highly available application.

The technical support team responds immediately to the queries.

Positive

The initial setup is straightforward. It has a good amount of documentation available to refer to the steps. It is a cloud-based application and thus, easy to implement compared to an out-of-the-box version. It can be deployed on endpoint devices as well.

The product has multiple subscription models. The pricing is expensive, but it is justifiable considering the amount of threat-related information it provides.

The platform is built for threat detection and protection. It saves the environment from zero-day attacks. It offers an intermittent mechanism for new operating system updates. It can be integrated with many enterprise-grade solutions. We can build APIs and explore the logs as well.

Microsoft Defender has played a crucial role in addressing security incidents related to auditing and compliance within our organization. During audits, a common requirement is to ensure that the environment is fully patched, updated, and compliant with all necessary security measures. With Defender in place, it allows auditors direct access to relevant reports, and verify them.

I advise others to use the product if they are planning to move to a cloud environment. It gives a sufficient amount of information or threat intelligence data.

I rate it a nine out of ten.

We use the software to scan malware for email attachments by identifying and blocking phishing emails.

The product's anti-spam and malware-scanning features are useful. We scan email attachments, documents, and malicious codes.

The software is expensive.

We have been using Microsoft Defender Threat Intelligence for almost a year now.

The software is stable, similar to Office 365.

We have 400 Microsoft Defender Threat Intelligence users. It is a scalable product. However, the cost increases as we increase the number of users.

We receive technical support services via the integrator as well as the vendor.

The software is deployed on the cloud. The setup requires technical knowledge or assistance from the integrators.

The product generates ROI for securing the company resources at minimum cost. We don't need to employ two to three analysts for this purpose.

It is an expensive product. We purchase its yearly license.

We evaluated a few products before.

I rate Microsoft Defender Threat Intelligence a ten out of ten.

We employ this solution within our Office 365 environment, focusing primarily on email security through features like application guard, safe attachments, and safe URLs. This setup significantly aids our cybersecurity operations, helping us mitigate various threats. The team is designing a couple of policies and will revise the usage depending on the threat.

The solution has notably improved our IT operations by facilitating seamless integration with other Microsoft tools like Intune and Azure. This integration simplifies our IT management process and enhances our overall cybersecurity framework.

The most valuable aspects are its integration capabilities with other Microsoft products like Intune, Office 365, and Azure cloud applications. The intuitive user interface and reporting are also positive features of the solution. These features provide a unified experience, making it easier for our IT team to manage and navigate between screens efficiently.

While the current setup meets our needs, Microsoft can constantly improve customization and adaptability to rapidly evolving cybersecurity threats. 

The stability of the solution also requires some improvement. 

Future releases could benefit from enhanced predictive analytics tools and deeper AI integration to better predict and mitigate potential threats.

I have been using Microsoft Defender Threat Intelligence for six months. My company has a partnership with Microsoft, giving us access to their latest security enhancements.

The solution is stable, scoring an eight out of ten, indicating a reliable performance with room for minor improvements.

Due to limited endpoints, scalability is not our primary concern currently. But as of now, the endpoints and the infrastructure we have are covered with the tools we already have. The existing setup adequately supports our needs without requiring significant scaling. Regularly, two hundred and fifty users use the solution.

We already have competent engineers on our team. While we rarely need external support or have raised a ticket, our interactions with Microsoft's customer service have generally been satisfactory, fulfilling most of our technical needs, if not all and the answers that we were seeking.

Positive

The setup was straightforward, aligning with our move towards cloud-based operations and authentication of our users and policies, thus simplifying the overall deployment process.

The solution is relatively expensive; however, our status as a gold partner provides us with several complimentary licenses, which offsets the cost.

Currently, we are only using Office 365 and Defender for Endpoint 32-bit. Previously, one from our management was a part of the trial, but not anymore. As we have layers of policies placed, they cover everything. 

Microsoft is very dynamic, and when it comes to their products, sometimes they change the licensing cost or the features. So, I think the product should have a license model. Since we read about Micorosft daily as users, we should be aware of the changes they bring. 

I rate the overall solution an eight out of ten. 

At our company, we use Microsoft Defender Threat Intelligence for vulnerability management. The solution's infrastructure and overall software are improving. 

A new valuable feature from the solution allows an user to close all tickets from a single console. At our company, we are also working on the CM side to analyze the solution's behavior and we have noticed that our customers prefer to use a single console. 

A stable licensing model is absent with Microsoft Defender Threat Intelligence. Implementation of the product can be difficult if the team on the customer's end is not willing to work on pilots. 

I have been using the solution for five years. 

I am satisfied with the technical support provided for the solution. I would rate technical support an eight out of ten. 

Positive

I find the Sentinel solution, its Hunting feature, automation rules, and customization rules valuable. Our company sometimes recommends Carbon Black, CrowdStrike, and Fidelis instead of Microsoft Defender Threat Intelligence because there have been fewer security incidents. 

The product can be easily implemented for customers who are already using Microsoft Cloud. For hybrid or on-prem customers of our organization, deployment is difficult. 

With Microsoft, at our company, we have one or three-year TCO, and we have to renew the license for this solution two times per year. I am looking to integrate a CRM product from Microsoft with the solution so that the pricing is more reasonable and transparent.

At our company, we are willing to integrate multiple Microsoft solutions: EDR for infrastructure and server end, another for vulnerability, and Microsoft Defender Threat Intelligence for endpoint security, and we offer the same to our customers.

The implementation cost versus the license cost needs to be analyzed for Microsoft Defender Threat Intelligence. When some of our company's customers are not comfortable with Microsoft products, we provide them with a different option. 

Real-time threat detection usage of the solution depends upon the varying strategies and maturity of our organization's customers. At our company, we are implementing the mesh as well as cybersecurity laws. Our company is focusing on implementing observations instead of threat hunting with Microsoft Defender Threat Intelligence.  

At our company, we are offering Sentinel solutions to Tier-1 customers. The integration capabilities of the solution have improved the security posture of our customers but it also depends upon the maturity. Few of the customers of our company are using an in-house solution so they are aware of the posture and the rating. Our organization offers solutions to the customers, but often, they develop their own road map for expansion. 

The actionable insights of the solution have aided in incident response by mitigating major attacks. Our company rarely utilizes customization options for the solution, as customers can start using the product comfortably in the default configuration. For vulnerability management with Microsoft Defender Threat Intelligence, our company needs to adapt and apply the processes followed by the customer's organization; there are limited opportunities for customization.

I would recommend the product to others. But as part of our company offerings, a pilot can also be provided to the customers for comparison on the KPIs. I am satisfied with the product as it meets all the expectations on the infrastructure and security aspects. A user should choose between Microsoft Defender Threat Intelligence and other competitive products after verifying the feature expectations. 

I would overall rate the product an eight out of ten. The product can be effortlessly integrated with the existing system of cloud based customers. 

We use Defender Threat Intelligence for threat detection. 

The most valuable aspect is that it just runs in the background. I don't have to worry about its intelligence. It is easy to use. 

I would like for there to be extra confirmation that there aren't viruses. Even if the virus detection software is always running there could be hidden applications that are using the computer. 

I have been using Microsoft Defender Threat Intelligence for three years. 

It is a stable solution. I rate the stability nine out of ten. 

The technical support is good. They are good at fixing any issues we have.

The initial setup is easy. 

The pricing of the solution is good. 

Overall I would rate the solution a nine out of ten. 

We use Microsoft Defender Threat Intelligence for security. It alerts us on anomalies. 

Microsoft Defender Threat Intelligence assesses machines for vulnerabilities and gives remediations. 

The tool's onboarding of users that use on-premise or hybrid environments needs to be improved. 

I have been using the product for six years. 

I rate the product's stability a nine out of ten. 

Microsoft Defender Threat Intelligence is scalable. My company has 7000 users for it. 

Microsoft Defender Threat Intelligence's deployment is not straightforward. 

We have seen ROI with the product's use. 

The tool is expensive as a stand-alone solution. However, it is not cheap when you purchase it as a bundle. 

I rate Microsoft Defender Threat Intelligence a nine out of ten. 

In terms of threat intelligence, let's take Microsoft Sentinel as an example. We onboard threat intelligence from different sources, such as open-source MISP and AlienVault. We also develop our own threat intelligence signals based on the threats we observe. For instance,  Cisco TALOS is another example. 

We integrate all these threat intelligence feeds into Microsoft Sentinel and create detections based on them. For instance, if we integrate threat intelligence data for specific IP addresses, we create detections to monitor for activity from those IPs. We also conduct hunting based on these feeds. 

In addition, we use automated tools like VirusTotal and AlienVault OTX to scan entities, URLs, and API connections when incidents occur, providing results on whether they are malicious or safe. These are some of the integration scenarios we typically work on in terms of threat intelligence.

Microsoft collects trillions of signals from all over the world, which is incredibly valuable. It helps us identify zero-day vulnerabilities and global threats. 

The vast amount of threat data that Microsoft gathers globally is a significant advantage. It's built into their protection mechanisms and helps us stay ahead of emerging threats.

One area that can be improved is reducing false positives. They could be more finely tuned. For instance, if we see regular alerts from an IP that isn't malicious, we modify those rules and hunt things to ensure we don't produce more false positives. We do fine-grain the environment. Some procedures could be more refined to reduce these false positives. That's a basic issue I've seen with Microsoft products.

In terms of Microsoft, almost all Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud Apps, and Defender for Cloud, all of these are within the Microsoft ecosystem. I work in a complete Microsoft environment. 

So, starting from Sentinel, all these Defender products come together. We also integrate data from third-party products like firewalls. Essentially, we create a SOC scenario to onboard SOC services based on different products or services. 

I typically work on onboarding SOC services for multiple clients, including Cybercon, cloud security personal management, and cloud security assessment, among other things.

Scalability is well-managed in Microsoft Defender Threat Intelligence. It's a built-in service that doesn't require us to handle the underlying infrastructure. When we use it as a service from a public cloud provider, they take care of the infrastructure management. 

If we were to configure it ourselves, we'd need to set up servers, ensure high availability, and enhance security with load balancers and firewalls. 

However, when using managed services from providers, we don't have to concern ourselves with the underlying infrastructure. So, it's a matter of choice. 

If I were to set it up independently, I'd ensure high availability, robust security measures, and efficient load balancing. But if we opt for managed services, there's no need to deal with the infrastructure intricacies. It really depends on our specific needs and preferences.

The customer service and support are a bit hard to reach. It's sometimes really hard to get a hold of them.

Neutral

Setting up the SOC service from scratch requires a great amount of familiarity, experience, and visibility in the cybersecurity space. You need to understand coverage for identity, applications, endpoints, networks, and more. 

There's the task of understanding the umbrella and defining the architecture, whether it's multi-tenant or single-tenant, and how it's user-based. 

It's complex, especially when onboarding from scratch. So, these kinds of things I do on a regular basis, so I would say making the architecture, defining the coverage thing, tune-up the customer environment, and setting up another 24/7 monitoring service. It's a job which requires a lot of experience and skills.

Given the intricacies and the experience needed, I would rate it as an eight out of ten in terms of complexity.

The deployment duration varies. For Threat Intelligence, it also depends on the platform and the integration data connector you have. If you factor in the entire setup of SOC services, it can take a while. It depends on the number of users, the licenses, and network devices. 

If we're talking about just Threat Intelligence, are they integrating only paid sources, or are they using open source or creating their own Threat Intelligence?  So, taking all those things into account, it takes a fair amount of time to get everything up and running in terms of SOC services.  

The overall product is very good. I've worked with multiple operations using Microsoft's security suite, including Defender. Threat Intelligence is nice. It's flagged numerous security vulnerabilities, even some zero-days. Comparing it to other solutions, it often outperforms. 

Overall, I would rate the solution a nine out of ten.