Cloud Architect at a consultancy with 11-50 employees
Real User
Top 20
Robust security posture and streamlined incident response with excellent automation features, seamless integration within Microsoft systems and efficient threat prioritization
Pros and Cons
  • "The most valuable aspect lies in its automation capabilities, particularly within security automation."
  • "In terms of improvements for their technical support, a focus on enhancing response times could be beneficial."

What is our primary use case?

It is a comprehensive monitoring solution for all user activities and their associated details within our tenant. All data flows seamlessly through Sentinel, streamlining the process and ensuring thorough oversight of our environment.

How has it helped my organization?

It enhances our security posture. It seamlessly integrates with all our systems, particularly across our Microsoft infrastructure. It offers insights into threats, furnishing information about potential security risks within our environment. It effectively sets up alerts to notify us of any suspicious or unusual activities. The prioritization of threats holds significant importance. It concentrates on the most crucial threats rather than overwhelming us with all potential risks. It excels at organizing and highlighting those critical threats, providing a level of efficiency beyond what I've observed elsewhere. It has proven to be a cost-effective solution, saving both time and money, as the adage goes—time is money. Specifically, it has significantly reduced our time to detect and respond to incidents. Its real-time threat detection and blocking capabilities contribute to these improvements.

What is most valuable?

The most valuable aspect lies in its automation capabilities, particularly within security automation. It contributes to more efficient time management for us and it provides an efficient way to keep track of user actions and maintain a secure and well-monitored system.

What needs improvement?

In terms of improvements for their technical support, a focus on enhancing response times could be beneficial.

Buyer's Guide
Microsoft Defender for Endpoint
May 2024
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: May 2024.
772,422 professionals have used our research since 2012.

For how long have I used the solution?

I have been using it for approximately five years.

What do I think about the stability of the solution?

The stability is excellent and I've never encountered any issues; it has consistently performed well.

What do I think about the scalability of the solution?

The scalability is impressive, especially since we use it in the cloud. It works seamlessly without any issues.

How are customer service and support?

Microsoft's technical support is commendable. I would rate it eight out of ten.

How would you rate customer service and support?

Positive

What other advice do I have?

Overall, I would rate it nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
SOC Analyst with 1-10 employees
Real User
Provides comprehensive logs and the live response feature allows me to remotely access different endpoints and investigate malicious files
Pros and Cons
  • "I enjoy using the live response feature, which allows me to remotely access different endpoints and investigate malicious files, such as malware that people may have downloaded, and other related issues."
  • "Threat intelligence has the potential for improvement, particularly by integrating more sources."

What is our primary use case?

I am a SOC analyst and I use Microsoft Defender for Endpoint to investigate endpoints in our environment and malicious activity.

How has it helped my organization?

The visibility into threats that Defender provides is excellent. The logs I receive are quite comprehensive, allowing me to see what is happening on each endpoint, including the running processes and generated alerts. It does a pretty good job of detecting when certain events occur, which helps me stay attentive to potential issues. Overall, it offers significant visibility.

Defender does a good job in helping to prioritize threats across our entire enterprise because it provides me with context by distinguishing between high and medium threats.

We also utilize Azure Sentinel, Defender for Cloud Apps, Defender for Identity, and Office 365. These solutions are integrated together, and whenever one of them receives an alert, it is sent to the main alert queue. I would give the integration an eight out of ten.

Sentinel allows us to collect data from our entire ecosystem. We primarily use it for the network firewall logs, but it can also handle other types of logs.

Sentinel does an excellent job of providing us with comprehensive security protection and visibility into security alerts and incidents. It informs us about policy violations, such as foreign user sign-ins and sign-ins from multiple or different devices, among other things. Therefore, it offers greater visibility beyond just phishing alerts.

Microsoft Defender for Endpoint has significantly improved our organization by identifying the activities of individual users and effectively hunting for any threatening activities they might engage in. For instance, if a user downloads a malicious file or clicks on a malware-infected link, the software can promptly detect and mitigate the issue on the server.

Defender helps to automate routine tasks and the identification of high-value alerts. Sentinel aids in the automation process by allowing me to address the issue of numerous false positives. Specifically, I automated the handling of certain false positives that originated from a particular IP range. This IP range was generating false positives due to a flagged server, even though the server itself was not actually malicious. In such cases, Sentinel proved to be beneficial as it facilitated the automation and removal of unnecessary noise.

Microsoft Defender for Endpoint has helped save us the trouble of looking at multiple dashboards by providing a single XDR dashboard.

Microsoft Defender for Endpoint has been instrumental in saving us time, especially by identifying true positives instead of wasting time on false positives.

What is most valuable?

I enjoy using the live response feature, which allows me to remotely access different endpoints and investigate malicious files, such as malware that people may have downloaded, and other related issues.

What needs improvement?

Threat intelligence has the potential for improvement, particularly by integrating more sources. This will enable us to accurately identify when a domain or an IP is malicious. If we could obtain information from external sources, it would reduce the need to use different open source tools to verify whether a domain or IP is malicious or not.

For how long have I used the solution?

I have been using Microsoft Defender for Endpoint for a year and a half.

What do I think about the stability of the solution?

Microsoft Defender for Endpoint is stable. I have only experienced one crash.

What do I think about the scalability of the solution?

Microsoft Defender for Endpoint proved to be scalable in our environment, supporting over 500 endpoints.

Which solution did I use previously and why did I switch?

I have also used Splunk. Splunk is more modular and portable, allowing us to integrate it with a wide range of different tools. In contrast, features of Defender and Sentinel, such as those provided by Microsoft, do not integrate well with as many other options.

What other advice do I have?

I would rate Microsoft Defender for Endpoint a nine out of ten. It provides me with greater certainty regarding malicious activity compared to Splunk, which demands much more analysis. Defender for Endpoint performs a significant amount of work in terms of identifying and validating malicious elements. This saves us from having to read and interpret a large number of logs. It takes care of the interpretation and conducts about half of the log analysis on our behalf.

I still have to conduct threat intelligence on my own, such as open-source intelligence. I don't automatically search VirusTotal for things, but I still end up doing my own source searching.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Microsoft Defender for Endpoint
May 2024
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: May 2024.
772,422 professionals have used our research since 2012.
David Frerie - PeerSpot reviewer
Head of IT & Database Management at a educational organization with 51-200 employees
Real User
Top 5
Is easy to use and implement, and decreases the threat detection and response times
Pros and Cons
  • "I like the simplicity of the portal and the integration with Microsoft Intune. Microsoft Defender for Endpoint is easy to use and implement."
  • "Right now, there's a portal for Azure, portals for Microsoft Office, and portals for endpoints. It would be good to have only one portal and integrate everything."

What is our primary use case?

We use it to prevent malware attacks.

How has it helped my organization?

The automatic report is very good, and it is easy to see which user or device has a problem. The benefit we were able to realize immediately was protection.

What is most valuable?

I like the simplicity of the portal and the integration with Microsoft Intune. Microsoft Defender for Endpoint is easy to use and implement.

It has helped automate routine tasks and the finding of high-value alerts. However, we have a small IT team, and we have not automated many tasks.

It has also helped us save a little time, but we have saved more time with email protection. We have saved money as well because of ransomware protection.

Microsoft Defender for Endpoint's threat intelligence has helped us prepare for potential threats before they hit and take proactive steps. We have a scoreboard of each device and can quickly see which device needs an upgrade.

This solution has made our threat detection and response time faster by a few hours.

What needs improvement?

Right now, there's a portal for Azure, portals for Microsoft Office, and portals for endpoints. It would be good to have only one portal and integrate everything.

For how long have I used the solution?

I've been using this solution for five years.

What do I think about the stability of the solution?

Because it is in the cloud, the stability is good.

What do I think about the scalability of the solution?

It is easy to scale and increase capacity.

We are at one location with multiple departments such as IT, marketing, sales, invoicing, etc. We are a small company and have 53 users of Microsoft Defender for Endpoint.

How are customer service and support?

I have contacted Microsoft technical support a few times a year, and they have responded quickly. I'd give them a rating of nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used a different solution and switched to Microsoft Defender for Endpoint because the integration and alignment with Microsoft was great. The previous solution was heavy, and it took a long time to update. 

How was the initial setup?

The initial deployment was easy and took a few hours.

It is deployed to the cloud, and I don't have to spend time on maintenance.

What about the implementation team?

I deployed it myself.

What was our ROI?

The ROI is very difficult to calculate, but it may be 20% ROI. We don't have any problems with ransomware or malware.

What's my experience with pricing, setup cost, and licensing?

It is an expensive solution. It would be nice if it could be included with the Microsoft Office package.

What other advice do I have?

In theory, the best-of-breed strategy is not secure, and practically, a single vendor's suite is better because there is only one contact.

I would recommend trying Microsoft Defender for Endpoint and would give it an overall rating of nine on a scale from one to ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
SAMUELMWANGI - PeerSpot reviewer
Director at Calidad Systems Limited
Real User
Straightforward setup and good anti-malware but needs better online protection
Pros and Cons
  • "It is a straightforward setup."
  • "They can improve it on the online protection front since people nowadays are moving online and working from home."

What is our primary use case?

Normally, we use the solution for our workstations.

What is most valuable?

The solution is quite stable.

You get online privacy. It also protects the machines from malware and trojans.

It's a scalable product.

It is a straightforward setup.

What needs improvement?

There is always room for improvement. They can improve it on the online protection front since people nowadays are moving online and working from home. That would be a good thing to focus on. 

For how long have I used the solution?

I've been using the solution for one year. It hasn't been that long just yet.

What do I think about the stability of the solution?

The product is very stable and quite reliable. There are no bugs or glitches. It doesn't crash or freeze. The performance has been good. 

What do I think about the scalability of the solution?

The product can scale well.

Around 15 people are using it in our organization. 

We may increase it in the future. 

How are customer service and support?

I can't recall ever contacting support.

Which solution did I use previously and why did I switch?

I'm also familiar with Kaspersky. We were previously using ESET.

How was the initial setup?

The initial setup is quite simple and quite straightforward. It's not overly complex or difficult. 

The deployment is fast. It only takes a minute or so.

You only need one person - an engineer - to manage the product once it is up and running. 

What about the implementation team?

We handled the initial setup on our own. We did not need any consultant or integrator help.

What's my experience with pricing, setup cost, and licensing?

We pay annually for a license. 

What other advice do I have?

I'd rate the solution seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Technical Specialist at a retailer with 10,001+ employees
Real User
Very user-friendly, offering safety, security and providing a phenomenal amount of good information
Pros and Cons
  • "User-friendly, offering safety and security."

    What is our primary use case?

    It's an antivirus product, so its main use is to protect us.

    What is most valuable?

    This is a really good product, it's user-friendly and offers us safety and security. 

    What needs improvement?

    The technical support could be improved. 

    For how long have I used the solution?

    I've been using this solution for three years. 

    What do I think about the stability of the solution?

    The solution is stable. 

    What do I think about the scalability of the solution?

    In terms of scalability, we went from 10 pilot machines to 35,000 devices.

    How are customer service and support?

    The technical support isn't too bad but their responsiveness needs to be improved. I'd say it's their biggest issue. 

    How was the initial setup?

    The initial setup is very easy, probably one of the easiest onboarding processes I've done. Implementation was done in-house and takes a few minutes per device; click it and go. I deal with anything related to antivirus patching and encryption and we have four cyber analysts that look after whatever comes out of ATP or Defender for Endpoint. 

    What other advice do I have?

    My advice would be to plan carefully and make sure you take notice of what's coming out because it pushes out a lot of very useful information. It's a matter of having sufficient staff because the amount of information it gives you is phenomenal. If a company doesn't have sufficient resources then any other antivirus might work, but this thing produces so much useful information that if you're implementing this solution it's worthwhile having the staff to deal with it. 

    I rate this product 10 out of 10. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Senior Manager at RP Sanjiv Goenka Group
    Real User
    Good security, scales well, and automatically updates
    Pros and Cons
    • "The patch updates and version updates are very good. Those happen on an automated basis whenever I'm connecting to the organization network, either through LAN or through the VPN."
    • "The price, in general, could always be a little bit cheaper."

    What is our primary use case?

    We have a dedicated team that handles all security-related aspects of the solution, however, my understanding is that the solution helps guard the endpoints in our organization. 

    What is most valuable?

    Along with security, there are certain IT policies in terms of accessibility of different sites, which are there in the organization. With everything put together, there haven't been any instances where I have seen any kind of issues such as malware or other malicious event getting through on my laptop. From that perspective, everything is fine. 

    The patch updates and version updates are very good. Those happen on an automated basis whenever I'm connecting to the organization network, either through LAN or through the VPN. I never have to worry about anything being out-of-date.

    The solution scales well.

    I have found the stability to be good.

    What needs improvement?

    From a general user perspective, I don't see any further improvements needed. 

    The price, in general, could always be a little bit cheaper.

    For how long have I used the solution?

    I've used the solution for two years or so. It's not much more than that.

    What do I think about the stability of the solution?

    The stability of the product is good. I have not dealt with bugs or glitches. It doesn't crash or freeze. the performance is good. It's reliable. 

    What do I think about the scalability of the solution?

    The solution scales well. If a company needs to expand it, it can.

    We have 1,000 to 2,000 people on the solution currently.

    How are customer service and support?

    I've never directly dealt with technical support for issues related to Defender. Many years ago I had reached out to Microsoft support for an issue related to Visio, a different product.

    How was the initial setup?

    The initial setup is straightforward. There are certain automatic patches as well that keep on updating and those automatically install.

    I don't recall how long the product took to deploy. When any new laptop or anything is assigned in an organization, all these things are installed prior to coming to us. Therefore, I wasn't actually a part of the installation process. 

    We have a few contractors working with the in-house team. There may be around five to ten people. Any maintenance that is needed would be done by them.

    What's my experience with pricing, setup cost, and licensing?

    The pricing could be lower. That said, I cannot speak to the exact costs involved as I do not directly deal with that aspect of the product. I'm unsure if the company is set up with a monthly or yearly subscription package. 

    What other advice do I have?

    I'm just a customer and an end-user.

    I'd rate the solution at an eight out of ten. I've been very pleased with how it has worked for me over the last two years. 

    I would recommend the solution to others, however, I'm just a passive end-users and not as technically involved as those deploying the solution in our company. However, from my perspective, there has never been an issue on my machine with malware and therefore it seems to be doing what it's designed to do.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Technology Consultant at a computer software company with 51-200 employees
    MSP
    A very solid security system with advanced hunting capabilities and great stability
    Pros and Cons
    • "It's a very solid security system, and the advanced hunting and everything really lets you dive deep into things."
    • "I would just like them to have more consistency, and that's a comment that's across the board with Microsoft. They change things a lot."

    What is our primary use case?

    The solution is used for endpoint detection and response, however, it also has vulnerability management. I don't use that as much as the endpoint detection and response. I use it in combination with Cloud App Security and Endpoint Manager.

    What is most valuable?

    The most valuable feature is the fact that, if you have the M365 E5, it's included and everything is in the bundle. 

    It's a very solid security system and the advanced hunting and everything really lets you dive deep into things.

    What needs improvement?

    Overall, they're doing a much better job. However, recently, they added the Azure Defender. When you use the Azure Defender licenses, you're already enrolled. 

    I prefer that they had the old interface that was not combined with compliance, and still, they've changed that to make it better. I would just like them to have more consistency, and that's a comment that's across the board with Microsoft. They change things a lot.

    For how long have I used the solution?

    I probably started diving into Microsoft Defender about two years ago.

    What do I think about the stability of the solution?

    Stability-wise, I have not had another product that has been as stable and has had fewer issues. It's amazing.

    What do I think about the scalability of the solution?

    The solution is scalable. For example, I helped a 12,000-person company put it in and automated it without any issue.

    How are customer service and support?

    In terms of technical support, I have not had to call them related to anything on Defender for Endpoint. I'm a CSP, so I'm calling and I'm getting different assistance than, say, a home user. That said, at the same time, it really depends on if you're getting level one or level three support.

    How was the initial setup?

    The initial setup is very straightforward. There's a lot of people putting it in that don't understand it, however. They're not using device groups and auto-remediation settings.

    I do a lot of security reviews as well, and what I find is that, although it works well out of the box, there are missing components. Another thing is that people will basically use the product, and yet, not set up the integrations with Cloud App Security and Endpoint Manager. When they do that, they're not getting the full functionality of it. I, on the other hand, know the system, so I see people often having trouble with it. If people are trained or go through training, they would be able to get the full functionality out of it.

    What was our ROI?

    I can't give numbers, however, for the price, when you're increasing from an E3 to an E5 license, the amount of features you get eliminates a lot of other systems. Therefore, you do get a pretty good ROI. On top of that, you only have one management system and one reporting system. Overall, the numbers have been quite impressive.

    What's my experience with pricing, setup cost, and licensing?

    I don't know the standalone costs. It is my understanding that the M365 E5 is $56 a month or something close to that pricing. That would be for the full suite. Just Defender might be $8 a month. I can't say for sure.

    What other advice do I have?

    I'm a consultant. I primarily work with Microsoft and I do the threat management and check vulnerabilities on the database. I'm looking for something that is not super expensive yet covers vulnerability management and where you can pick the products, and pick alerts, and you get a weekly digest report, just so that we can better manage everything.

    I work with pretty much all of the 365 products. I'm pretty widely experienced in Defender. I work for a managed service provider. I'm one of the people that's, besides having my Microsoft Azure architecture, Azure security, Microsoft 365 expert level, plus M365 security knowledge. I focus on Azure and M365 security.

    For Microsoft Defender, the product is cloud-based, therefore it is managed and it's updated constantly.

    I would advise users to take advantage of Microsoft integrations. I would suggest that they put it all together, so they can use it as a full bundle.

    I'd rate the solution at a ten out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    EMEA IT Infrastructure Manager at a consumer goods company with 5,001-10,000 employees
    Real User
    Works well as part of an overall security solution and has no impact on end-users
    Pros and Cons
    • "Defender has very little impact on the end-user and the agent works quite well with a minimal impact on the client and server."
    • "Cortex... has good investigation capabilities, out-of-the-box, in case there is an event that you'd like to investigate. It's quite convenient. Microsoft has those capabilities as well, but you need a bit more training on the product to get the basic information that you can get out-of-the-box with Cortex."

    What is our primary use case?

    We use it for endpoint security.

    How has it helped my organization?

    When looking at the ecosystem as a whole, security-wise, Microsoft provides a complete solution with the E5 Security suite. Microsoft has a big advantage because Defender knows how to interact with the CASB and all the other security components that you have. Overall, that makes the management of the environment much easier. It's easier to understand what's going on, to become aware of risks, and to take action.

    What is most valuable?

    • Defender has very little impact on the end-user.
    • The agent works quite well with a minimal impact on the client and server.
    • It's very easy to deploy it.

    For how long have I used the solution?

    We did a trial of Microsoft Defender for Endpoint for about three months, and now we are in the process of rolling it out.

    How was the initial setup?

    We have about 4,300 users of Defender and it took two days to have it fully deployed. With Cortex it took some time. With Cortex, we had some 500 clients that we had to investigate because for some reason they did not get the agent immediately and we had to do some tweaking to get it to all the end-users.

    What about the implementation team?

    We used consultants for the deployment of both Cortex and Defender.

    Which other solutions did I evaluate?

    We gave Palo Alto Cortex XDR a try and we are now in the process of removing it and going to Microsoft Defender for Endpoint. I have experience with both of them.

    Cortex has quite good management capabilities that give IT organizations quite a good picture of attempted cyber attacks. It has good investigation capabilities, out-of-the-box, in case there is an event that you'd like to investigate. It's quite convenient. Microsoft has those capabilities as well, but you need a bit more training on the product to get the basic information that you can get out-of-the-box with Cortex.

    The onboarding process with Defender is much easier. In two days we were able to deploy it to our whole organization. Cortex is much more cumbersome. But the onboarding process is not the issue. A more important difference is that once you have security risks that you would like to mitigate, Cortex more easily gives you information regarding the threats. Microsoft gives you exactly the same information, but you have to know how to dig a bit more and do some manual steps that, with Cortex, are more straightforward.

    The main issue that we had with Cortex, and the reason we decided to roll back and go to Defender, is that Cortex has a horrible impact on the performance of the system. For an enterprise-level organization, it kills the system. Users were complaining that when moving between emails in Outlook it would take a lot of time, creating a lot of delays and timeouts. Web browsing and every action on their computers took much more time than usual with Cortex.

    What other advice do I have?

    I would rate Defender a nine out of 10, while Cortex XDR is a five out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.
    Updated: May 2024
    Buyer's Guide
    Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.