We are using it for incidents and alerts. It is helpful for threat hunting.
We have tied it to Azure AD or Microsoft Entra, and we are trying to implement it for Linux.
We are using it for incidents and alerts. It is helpful for threat hunting.
We have tied it to Azure AD or Microsoft Entra, and we are trying to implement it for Linux.
It saves the investigation time. There is a lot of information about the threats and other things.
Advanced hunting is good. I like that. We can drill down to lots of details.
It is user-friendly. It has a lot of parts. For me, it was pretty quick to get a sense of it.
It protects from phishing emails, but sometimes, some of the emails are not detected. They are getting delivered into the inbox, not in a junk folder or spam folder. Users are reporting them as phishing emails.
At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times.
In terms of additional features, it is too early for me. I am still learning all the parts. I am just scratching the surface of the tool. One year is not enough to get every detail of it.
I have been using Microsoft Defender XDR for about a year.
It is stable, but sometimes, we experience an issue. Clicking the link in an incident email opens a small window, but we cannot find anything there. This has happened a couple of times. There is a bug.
Other than that, we have not experienced any downtime or any big issues. It is pretty stable.
We have plans to maximize its usage. We are trying to see how to get the most out of it, but my older colleagues would know more about it. I am still learning it.
I have not contacted them.
I am not sure. I am relatively new. I have only been working here for a year. They already had it in place.
I have not worked on a similar tool before. This is my first XDR tool.
It is on the cloud. I am not aware of its deployment because it was already deployed before I joined.
I cannot recommend it because this is the only tool for XDR that I have used. I have not used any other tool, but it is a good tool.
I would rate Microsoft Defender XDR a nine out of ten.
We use Microsoft Defender XDR for endpoint protection.
We have integrated Microsoft Defender XDR with 365 for identity and access management.
Microsoft Defender XDR protects against ransomware, business, and mail compromise. Microsoft offers the MITRE ATT&CK framework through its Defender XDR platform. This integration is particularly beneficial for Microsoft Office environments. It's a common practice to use Sentinel to investigate potential security incidents. For instance, we can check logs, examine hunting patterns, and review queries in Sentinel. Additionally, I've encountered situations where clients have lost their conditional access policies due to various factors, such as country-based rules, MSA-related rules, or application-based roles. Clients need to maintain these specific policies to ensure optimal security.
Multi-tenant management is a relatively new concept. I currently work with GCP, Microsoft 365, AWS, and Azure, where I access and perform assessments.
Microsoft Defender XDR helps replace other security products in our environment.
Microsoft Defender XDR helps save us time.
The common and advanced security policies for threat hunting and blocking attacks are valuable.
The UI is user-friendly.
Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features. This can make it difficult for users to keep track of the latest changes and find the information they need. For example, every month, Microsoft might rename a product, change a portal, or update a feature. This can lead to confusion and frustration for users.
I have been using Microsoft Defender XDR for seven years.
I would rate the stability of Microsoft Defender XDR eight out of ten.
I would rate the scalability of Microsoft Defender XDR eight out of ten.
The few times I have contacted technical support, they have been helpful.
Positive
The initial setup is straightforward. Depending on the size of the environment, two to three people are involved in the installation.
Purchasing Microsoft Defender XDR as part of a Microsoft 365 bundle can be cost-effective, but acquiring it as a standalone product may be more expensive.
I would rate Microsoft Defender XDR eight out of ten.
We use Microsoft Defender XDR for malware detection and browser protection. We have around 500 devices to protect. We use it to get reports for each of these devices.
We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing.
We should be able to use the product on devices like Apple, Linux, etc.
I have been working with the product for three to four years.
The tool's scalability is good.
I research in forums or contact support whenever I encounter issues. We have four types of support plans available. I rate the cheapest plan a two or three out of ten since responses are slow. I rate ten out of ten for an expensive support plan.
Neutral
We have a vendor who gives us a better price. The product is expensive. Selecting the entire Microsoft suite is cheaper than using random services or products.
Bitdefender costs around five dollars per month per device. However, Microsoft Defender XDR costs 2500 dollars per month.
We are evaluating Bitdefender for Windows.
Microsoft Defender XDR helps us save time for clients.
Microsoft Defender XDR provides unified identity and access management. It is installed on every computer and checked from the Microsoft security admin center.
The tool is easy to use. You can use one account to log in to any Microsoft service.
We are aware of our compliance. We can now check the devices and get reports about it.
The product can adapt to evolving threats. We use it to manage only one tenant. We have Mac devices where Microsoft Defender XDR cannot help us.
We have the tool deployed across different locations like Germany and Denmark.
I rate the product an eight out of ten. You need to follow its guidelines.
Microsoft 365 Defender is one of the first layers to our security. It's our first layer security product, e.g. we use it, then we also use Exchange Online Protection for email, Safelink, etc.
We always recommend these products to our customers, e.g. if the customer is using another third-party product. We are always recommending these compliance and security products, e.g. Microsoft 365 Defender, Cloud App Security, etc.
We usually recommend cloud security because it connects all of these security and compliance products in one center to take logs and make them meaningful, plus you can also create alerts. We are also recommending it because of Microsoft Teams usage, especially because in Microsoft Teams, users sometimes do mass deletion, mass download, etc. We always say: "Let's connect your Cloud App security with your Azure Information Protection, with Microsoft 365 Defender and your Microsoft Teams, your Engula, etc. We find cloud security to be very useful.
What I found most valuable in Microsoft 365 Defender is that it's able to scan emails and protect users from dangerous links or attachments. This is important in a first layer or base layer security product such as Microsoft 365 Defender. You can even combine Microsoft Defender for Endpoint with this solution to get the most benefits.
I also find Microsoft 365 Defender user-friendly, so that's another valuable feature of this solution.
What could be improved in Microsoft 365 Defender is its licensing. It needs to be more consolidated, because there are so many plans for Microsoft 365 Defender, and every other year, there will be new licensing options, e.g. plan one, plan two, etc., that become more and more different from each other. The most valuable product would be the most expensive product, and customers usually say: "We really need the last version, but that's really expensive for us, because we are in Turkey and the currency is very, very high now." Three years ago, this wasn't a problem, because $1 was three or four Turkish liras, but now it's 15.
In the licensing options, it would also be better if there can be some optimizations, similar to what Power BI Pro offers. There are two options in Power BI: user-based and capacity-based. It would be good if there can be another option for one consolidated product for the whole company with a higher price, but you cannot depend on user count.
What I'd like to see in the next release of Microsoft 365 Defender is for them to provide more details in the alerts and notifications they send out.
We've been a partner for Microsoft for 10 years.
I found that the stability of Microsoft 365 Defender is good.
Scalability is good in Microsoft 365 Defender.
What we have is Premier Support from Microsoft, e.g. we are a CSP partner, so we were required to buy Premier Support and Cloud Consulting from Microsoft. We are really happy with the support we've been receiving for Microsoft 365 Defender, but on the customer side, they don't have Premier Support, and sometimes, depending on the case, they're not very satisfied with the support.
Our satisfaction is five out of five, but our customers would only have three or four out of five, in terms of their satisfaction with Microsoft 365 Defender support.
The initial setup for Microsoft 365 Defender is really easy. It's not very complicated. I didn't see any other difficulties with setting it up, but customers sometimes think it's not very easy. They purchase consulting services from us, so it doesn't bother us, but sometimes the customer says: "I don't know how to start, but I use Microsoft Security." Microsoft is very late in the security niche, so customers sometimes say: "We have Symantec", or they would mention that they have other products from other vendors, and these vendors are very reliable for many, many years.
In the last three or four years, though, customers start to depend on Microsoft Security products, but they are not early adopters, because they usually tell us: "When we buy the product, some policies cannot be used, but after sometime we can use it." It's not really a problem, but I wanted to relay some of the feedback we get from our customers.
The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change.
We've been dealing with the latest version of Microsoft 365 Defender.
For an average project, deployment of Microsoft 365 Defender can take a week, but we do need some change management models, because we still need to train the users about safe links and attachments, so we sometimes have to expand the average time, but implementation is not very hard. If we only do the implementation, one week is more than enough.
We rely on just one to two persons, particularly engineers, for the deployment and maintenance of Microsoft 365 Defender.
My recommendation to others looking into implementing Microsoft 365 Defender is that reading the documentation is really good. If you are a Microsoft partner, you'll also have benefits, e.g. CDS tenants and demo tenants that are free to you for one year, so you can test the products first, before you implement. If you are a partner, my advice is to use your Microsoft partner benefits.
I'm giving Microsoft 365 Defender a rating of eight out of ten.
We have very strong DLP policies. The product will inspect each and every outgoing email and what kind of attachments they have, including if any have business-sensitive information such as outgoing email going to some public domain such as Gmail or Yahoo. If the solution detects this, it'll raise an alarm and notify the required teams. On top of that, the incoming email will scan attachments for any potential malware tech or any phishing link.
The native capabilities are quite good as it slips in seamlessly as part of our integration.
It integrates well without AD, Active Directory.
It gives a lot of flexibility in terms of configuration and customization as per the business requirements.
These days, in the security industry, there is a buzzword called zero trust. I personally have not seen much evidence of how Defender can enhance the story of Zero Trust for enterprises. Microsoft needs to offer more features here or spread awareness in the industry and the market about how Defender addresses Zero Trust issues.
I've used the solution for more than a year now.
The stability is good. it's up to the mark.
It's usually scalable.
We're using it on a daily basis.
The solution works for any size of organization. There is no such limitation for Microsoft as the ecosystem they have built doesn't really have a limiting factor. It will work for a small sized up to a big-sized organization. Our company is half a million strong. If it satisfies our needs, then definitely it can satisfy anybody else as well.
I personally have never reached out to technical support as our in-house expertise is good enough.
It's good for the most part, as it is their own homegrown product and they understand it well.
We haven't worked with any other products.
The setup is a simple process, however, users can adopt the phase-in approach and start simple and then yeah. For example, over a period of time, you can achieve what you want to achieve, but not in a single shot. You can do it in phases and work everything in slowly.
The amount of time it will take to deploy Defender depends, actually. If a customer is already sure about all the processes and reporting information they require, then to start, it should not take more than a couple of months, including planning.
There is some maintenance required. We need a team to run the show, however, when you compare it to other options, the maintenance requirements are reduced. We typically have a cloud operations team to oversee it, and it's business as usual. Our company is able to provide any needed maintenance services to our clients.
Our company integrates this solution into our client's infrastructure.
We have E3 and E5 licenses for our users and there is the default.
Depending on the user role, the senior people and critical positions have been allocated the E5 licenses and the intermediate users have been allocated E3 licenses.
Whether it is inexpensive or not is not a very straightforward question as, when you compare the total cost, you have to consider the total cost of ownership. It's not only a comparison between two products. You have to see the other dependencies when you deploy any other solution. That said, I would say it is more or less cost-effective.
We are partners with Microsoft.
I'm in a customer-facing role where we propose different email security solutions to our customers. My role demands that I identify the required security solutions for the different needs of our customers.
We are on the latest version of the product.
I'd advise potential new users to define their business requirements first, however, it's likely Defender will need them and provide what they need.
I'd rate the solution at a nine out of ten.
Defender XDR can replace multiple security products. It covers everything, including phishing protection, network security, device security, applications, etc.
The solution has reduced time spent on manual tasks because almost everything is automated. You don't have to do anything. If something happens, you'll get a notification, and it will instantly run the playbook for the incident. For example, a phishing email might take an hour to investigate manually. If you have Defender, you will have all the information you need on the incident page. It's all there, so you can investigate the incident in around 5 to 10 minutes.
Adopting Defender cuts costs. While the solution is a little pricey, you only need two products—XDR and Sentinel—so you don't need to add other security products. You only need to use the Microsoft security stack.
The advantage Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR.
The identity protection is excellent. It uses some rules, including some built-in rules from Microsoft itself. It identifies risky users and differentiates between a user who is trying to sign in and isn't the actual user. Identity and access management is a valuable component of Defender.
Defender covers non-Microsoft technologies if you're using the full Microsoft stack with Sentinel and Defender. You can ingest logs from other solutions, like Palo Alto and Fortinet firewalls.
It stops advanced attacks like ransomware and phishing in real time and prevents them from entering your environment. There's a feature called Security Advisory that shows you all the latest threats and vulnerabilities in the market so that you can make rules for them. It helps you understand them more.
With Sentinel and Microsoft Lighthouse, you can use multi-tenant access. It allows you to connect multiple tenants to one tenant, which you can use to monitor everything from there. Before we had Microsoft Defender, we had to go to each tenant, log n from your account, and investigate the incident if it's there. Lighthouse has one page with all the alerts, and they're all connected together. You can investigate every alert from one page.
The design of the user interface could use some work. Sometimes it's hard to find the exact information you need.
I rate Microsoft Defender XDR 7 out of 10 for stability. There are some performance issues maybe 5% of the time.
I rate Microsoft Defender XDR 9 out of 10. It's easy to scale.
I rate Microsoft support 8 out of 10. They answer quickly. If you open a ticket, they will respond immediately. You can chat with them or schedule a call.
Positive
The setup is straightforward. You only need to buy the product and onboard every device. It's like a script for Microsoft Intune. The process takes a couple of days for a small company, but a larger business may require three or four days.
Defender XDR is fairly priced.
I rate Microsoft XDR Defender 8 out of 10. I recommend giving the product a try. If it doesn't work for you, try something else until you find a suitable product. There might be other solutions that are a better fit. It's good for my case, but it might not be right for everyone.
We rely on Microsoft 365 Defender for workstation detection across a number of categories, including virus detection, potential unknown application detection, and monitoring for suspicious website interactions, including clicks and access attempts.
I have used Microsoft 365 Defender in the cloud.
We have experienced significant advantages from implementing Microsoft 365 Defender, as it provides enhanced visibility into workstations and the ability to automatically remediate threats. This means that not every incident requires manual intervention, as certain tasks can be handled automatically, often in conjunction with Microsoft Sentinel.
We are able to ingest collected data from our entire ecosystem. This is an important feature.
We are able to prioritize threats accounts our whole environment.
The solution has helped automate routine tasks and help automate high-value alerts.
The threat intelligence has helped prepare us for potential threats before they hit and we took proactive steps. We are able to check our workstations are well.
We have saved some time by using the solution.
I have found that having solutions from multiple vendors is more helpful than from one.
The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management.
The support could be more knowledgable to improve their offering.
I have been using Microsoft 365 Defender for approximately one and a half years.
The solution is stable.
We have a few thousand people using this solution in my organization.
The scalability of Microsoft 365 Defender is scalable.
I have used the support and they do not know how to fix the issues. Their knowledge could improve.
I rate the support from Microsoft 365 Defender a seven out of ten.
Neutral
We have used Microsoft Sentinel. Microsoft Sentinel enables us to investigate threats and respond holistically quickly from one place.
The comprehensive features of Sentinel Security Protection are impressive, particularly its integrated SOIR and UEBA functionalities, as well as its robust threat intelligence capabilities.
I have used McAfee previously and Microsoft 365 Defender is much better.
I rate Microsoft 365 Defender a ten out of ten.
We use Microsoft Defender XDR to centralize our security solutions.
Microsoft Defender XDR has helped us save some time.
The integration with other Microsoft solutions is the most valuable feature.
The mobile app support for Android and iOS is difficult and needs improvement.
I am currently using Microsoft Defender XDR.
Microsoft Defender XDR is stable.
Microsoft Defender XDR is scalable.
The technical support is good.
Positive
In addition to using Microsoft Defender XDR, we also use Fortinet. We implemented Microsoft Defender XDR as part of our organization's policy to use Microsoft solutions because of their integration.
The initial deployment was straightforward. We completed the implementation within one year.
I would rate Microsoft Defender XDR a nine out of ten.