Microsoft Defender XDR Reviews

I'm a deployment engineer for Microsoft products, and we work with multiple SMEs. Customers adopting Microsoft products want the same features they had in their third-party solutions. We look at their requirements and the types of features they need. We determine the security mechanism that best addresses their vulnerabilities. We might suggest Defender for Identity,  Defender for Endpoint, 365 Defender, and Defender for Cloud Apps. In addition to those security solutions, we offer device management. We provide everything.

Defender improves our security operations. I've had chances to collaborate with our SOC team. Our customers face many random attacks they don't know how to prevent, and the SOC team handles them remotely. The security engineers can investigate the incident or use the information from the customer's environment to offer a recommendation. If the customer doesn't have the detection mechanism, we can recommend a product or find a solution for them. 

The solution can help customers save money because we can bundle it with all the other Microsoft solutions, like email and Defender for endpoint, identity, and cloud apps. Most of our customers use Windows 10 devices and Microsoft Active Directory, so everything is on the same page. Defender can save time by automating investigation and response. We don't need to spend much time because it'll automatically take action in many cases. 

The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI. 

Defender has integrated identity access management, and you can add DLP features through a separate solution called Microsoft Purview. Within the cloud, we can create access policies based on each user's risk. It's integrated with Azure AD and on-prem Active Directory, so all the user identities can be managed in a single portal.

We use the multi-tenant management capability, so we can cover customers that have multiple regions. We can easily investigate across tenants based on severity. For high-priority alerts, we start from scratch and ignore what's happening on the endpoints or emails. We isolate the device and ensure that nothing will be released from it. Next, we check this device and some more details.

There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the roadmap, and we were waiting for that feature. 

I have used 365 Defender for about four years.

365 Defender is stable. There is no downtime. Still, Microsoft is constantly rolling out features, so there are sometimes bugs after new releases. Our customer experience team is collaborating with Microsoft and sharing feedback with them. 

365 Defender is scalable 

I rate Microsoft support nine out of 10. The support depends on the product and the customer's issues. 

Positive

I work with customers coming to Microsoft from other third-party products, so I try to understand what the product does and suggest a solution. The names are different, but all the technology is the same.

Deploying Microsoft Defender isn't complex if you have experience. The deployment depends on the number of users, apps, and the client's requirements. If the client wants to implement XDR, it takes about a month to achieve full functionality.  Endpoint protection takes around five to ten days. It's a cloud product, so it doesn't require any maintenance. 

Defender XDR is agentless, so you don't need to install an agent anywhere. It's a cost-effective option.

I rate Microsoft 365 Defender nine out of 10. We recommend it to our customers. 

It's the main tool that we use for the customer that we support. We don't use any other tools to monitor the environment.

It helps us prioritize threats.

In addition, Microsoft Sentinel enables you to ingest data from your entire ecosystem. One of the main reasons we use Sentinel is to receive logs from different sources and create analytical routines to generate alerts. Sentinel enables you to investigate threats and respond from one place and that is also very important because it becomes part of the monitoring team.

Microsoft 365 Defender has also helped eliminate looking at multiple dashboards, giving us one XDR dashboard. That means we don't have to spend too much time checking different pages. We just have one specific portal with all the information.

The solution has saved us time, although we haven't measured how much. It has reduced our time to detection and time to response by about 20 percent.

The most valuable features are the 

• integration among all the Microsoft tools
• details of the alerts.

We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience the with the integrations, it was just a click of a button and things were integrated. It's just a button.

They work natively together to deliver coordinated detection and response across the environment. We get more details when we integrate more tools, so it's relevant to have integration enabled. When it comes to monitoring an environment, this is very important, because you get different perspectives and points of view on the same alert.

I have a positive impression of the visibility into threats that the solution provides. It brings a lot of information and details related to the alerts or any security threat.

There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups.

There could also be an improvement on the customization part. Sometimes we need to customize a few configurations but we can't.

I have been using Microsoft 365 Defender for a year and a half.

We have never had any problem with downtime.

The scalability is good.

Sometimes, they still take too much time to reply. But when they do reply, it's positive support.

Neutral

I was not involved in the initial setup, but there is no maintenance involved now.

My advice would be to have someone from Microsoft involved in the deployment part to help. There are a lot of details that they have information about, and it's impossible to know everything.

We use Microsoft Defender XDR to secure data. 

Microsoft Defender XDR has reduced our security staff. 

The product integrates security into one tool instead of having third-party security tools. 

The solution does not offer a unified response and standard data. 

I have been using the product for three years. 

Microsoft Defender XDR is stable. 

The solution is scalable. 

It takes weeks for the support to respond. They are not helpful. 

Negative

Microsoft Defender XDR's deployment was very easy. 

We have seen ROI with the tool's use. 

Microsoft Defender XDR's licensing is complicated. 

Microsoft Defender XDR has helped us reduce two full-time employees. 

The solution is our identity source, which protects our identities through Microsoft Intra ID.

The solution helped us save time by not flipping between the systems.  

I rate it an eight out of ten. 

We use Microsoft Defender XDR for our Microsoft 365 email service.

It helps protect us against ransomware. We were a victim of a malware attack in 2018 before implementation.

Email protection is the most valuable feature of Microsoft Defender XDR.

The price has room for improvement. The price should be adjustable by region.

I have been using Microsoft Defender XDR for almost 5 years.

Microsoft Defender XDR is stable.

Microsoft Defender XDR is scalable.

The technical support is good.

Positive

Microsoft Defender XDR is priced high.

I would rate Microsoft Defender XDR 8 out of 10.

No maintenance is required from our end because it updates with the OS.

I primarily use the solution as an engineer. I use the product to protect the endpoint and I use it to protect my customer's environment. 

The web protection on offer is very good. For a company that doesn't have a firewall, it's quite useful.

It gives feedback and helps protect internet access. It provides you with analysis on the state of the environment and you have a direct link to Microsoft which is doing its own research on security. You're constantly getting feedback from Microsoft resources so that you can be up to date in your own environment and you'll have a better understanding of the security landscape. 

The solution is great for companies on a budget.

Defender provides helpful visibility into threats. It covers a lot and comes with a next-gen antivirus. With that, you can register to the cloud, and, if you have cloud protection, your environment is protected even more. 

It helps us prioritize the threats across our enterprise. It covers all of our devices. You can cover your entire operation with the license you purchase.

Microsoft 365 Defender is easy to integrate with other products. You just have to configure some things in order to integrate everything and you are SDR compliant. We currently have it integrated natively, so we don't have to worry about configurations.

The comprehensiveness of Microsoft's threat detection is good. Microsoft provides a lot of security. It gives you visibility and IT has a lot of control over everything. You can see your environment, including clouds. You can block things within your environment as needed. The applications are easy to manage. It also has app governance to be able to gain visibility into permissions.

The product has helped automate routine tasks and the finding of high-value alerts. It has an automatic investigation feature that you can enable. It's great for automation. Thanks to automation, it has helped reduce the time it takes to analyze security events and alerts. You don't have to wait to take action. If there is a threat, you can neutralize it faster and it will record everything for audit records. While I know it has saved us time, I can't quantify that into a specific amount of hours.

We no longer need to look at multiple dashboards. Now, everything is centralized under one dashboard. 

The product's threat intelligence helps us prepare for potential threats and take proactive steps. Since we've been using it, we've had no security incidents.

The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging. We're working on the onboarding and configuration policies. We're collecting feedback from customers and partners in hopes of refining the future design for deployment.

I've used the solution for about two years.

The feedback I have received from customers is that the stability is very good. 

The product scales well.

If you have a license through a partner, it's the partner that will support you.

The only issue with Microsoft is the response times. They are very competent, however, sometimes you will send an email and get no response. 

Neutral

I previously used Sophos. I then switched to Microsoft Defender. The Sophos deployment is quite easy in comparison. You can do everything from a single portal. They had already achieved effective centralization. 

Right now, there are two different ways to onboard. You might have to have a different partner to configure policies. However, right now, you can also create policies from the activity center, so you don't have to do it from the device itself.

How long a deployment takes depends on your scope and the number of devices you are covering. 

If you do not get a license for the portal, you'll have to use the manual to deploy. If you have an older server you may encounter some issues. However, if you upgrade the server at the same time, you'll have fewer problems.

We do use more than one Microsoft security product. We've integrated with other products. 

I do not make use of the directional sync capabilities at this time. I'm also not using Microsoft Sentinel.

I'd rate the solution eight out of ten. If the deployment of the agent was better, I'd move my grade closer to ten. It should be more automatic. You also shouldn't have to install the logs. 

We make use of Microsoft Defender for Office 365 for endpoint security and email and we use Defender umbrella for impersonation and sales. Under Defender umbrella, we use a lot of products depending on the customer requirements. As a company, we use Defender for email as well as for endpoint security.

We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence. 

This solution could be improved if it included features such as those offered by Malwarebytes. 

We have used this solution for many years and we are a Microsoft partner. We use this solution on a daily basis.

This is a stable solution. 

This is a scalable solution.

We have not yet needed to contact Microsoft for support with Defender. 

We have previously used a number of different solutions including Trend Micro, Symantec, Sophos Intercept X and Malwarebytes. Overall, we are more comfortable using Defender.

The initial setup was straightforward. 

I would rate this solution a nine out of ten. 

We are using it for incidents and alerts. It is helpful for threat hunting.

We have tied it to Azure AD or Microsoft Entra, and we are trying to implement it for Linux.

It saves the investigation time. There is a lot of information about the threats and other things.

Advanced hunting is good. I like that. We can drill down to lots of details.

It is user-friendly. It has a lot of parts. For me, it was pretty quick to get a sense of it.

It protects from phishing emails, but sometimes, some of the emails are not detected. They are getting delivered into the inbox, not in a junk folder or spam folder. Users are reporting them as phishing emails.

At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times. 

In terms of additional features, it is too early for me. I am still learning all the parts. I am just scratching the surface of the tool. One year is not enough to get every detail of it.

I have been using Microsoft Defender XDR for about a year.

It is stable, but sometimes, we experience an issue. Clicking the link in an incident email opens a small window, but we cannot find anything there. This has happened a couple of times. There is a bug.

Other than that, we have not experienced any downtime or any big issues. It is pretty stable.

We have plans to maximize its usage. We are trying to see how to get the most out of it, but my older colleagues would know more about it. I am still learning it.

I have not contacted them.

I am not sure. I am relatively new. I have only been working here for a year. They already had it in place.

I have not worked on a similar tool before. This is my first XDR tool.

It is on the cloud. I am not aware of its deployment because it was already deployed before I joined.

I cannot recommend it because this is the only tool for XDR that I have used. I have not used any other tool, but it is a good tool.

I would rate Microsoft Defender XDR a nine out of ten.

We use Microsoft Defender XDR for endpoint protection.

We have integrated Microsoft Defender XDR with 365 for identity and access management.

Microsoft Defender XDR protects against ransomware, business, and mail compromise. Microsoft offers the MITRE ATT&CK framework through its Defender XDR platform. This integration is particularly beneficial for Microsoft Office environments. It's a common practice to use Sentinel to investigate potential security incidents. For instance, we can check logs, examine hunting patterns, and review queries in Sentinel. Additionally, I've encountered situations where clients have lost their conditional access policies due to various factors, such as country-based rules, MSA-related rules, or application-based roles. Clients need to maintain these specific policies to ensure optimal security.

Multi-tenant management is a relatively new concept. I currently work with GCP, Microsoft 365, AWS, and Azure, where I access and perform assessments.

Microsoft Defender XDR helps replace other security products in our environment.

Microsoft Defender XDR helps save us time.

The common and advanced security policies for threat hunting and blocking attacks are valuable.

The UI is user-friendly. 

Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features. This can make it difficult for users to keep track of the latest changes and find the information they need. For example, every month, Microsoft might rename a product, change a portal, or update a feature. This can lead to confusion and frustration for users.

I have been using Microsoft Defender XDR for seven years.

I would rate the stability of Microsoft Defender XDR eight out of ten.

I would rate the scalability of Microsoft Defender XDR eight out of ten.

The few times I have contacted technical support, they have been helpful.

Positive

The initial setup is straightforward. Depending on the size of the environment, two to three people are involved in the installation.

Purchasing Microsoft Defender XDR as part of a Microsoft 365 bundle can be cost-effective, but acquiring it as a standalone product may be more expensive.

I would rate Microsoft Defender XDR eight out of ten.