We performed a comparison between Cortex XDR by Palo Alto Networks and Microsoft 365 Defender based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Cortex XDR offers an intuitive interface, advanced identification of risks, expandability, and compatibility with various other solutions. Microsoft 365 Defender offers effortless integration with other Microsoft solutions. Users praised its flexibility and comprehensive protection against multiple threat types. Cortex XDR could use enhancements in hard disk encryption, security integration, and customer education. Microsoft 365 Defender could upgrade its machine learning and AI capabilities. Some users suggested adopting Zero Trust features.
Service and Support: Some customers were impressed with Palo Alto's support, while others reported mixed experiences. Some of our reviewers were satisfied with Microsoft's support, but others complained about slow responses and lackluster problem-solving capabilities.
Ease of Deployment: Some users thought Cortex XDR’s deployment was fast and straightforward, while others consider it to be a complex and time-consuming task that requires thorough planning. Setting up Microsoft 365 Defender is potentially complex and may involve integrating with existing policies. Some users reported longer deployment times.
Pricing: Some reviewers said Cortex XDR is expensive, but others said it was reasonable for the robust feature set Cortex offers. Some users say that Microsoft 365 Defender is good value, but other users perceive it as more expensive than similar competing products.
ROI: Cortex XDR creates value by ensuring system and data security rather than a financial return on investment. Microsoft 365 Defender offers savings, attack prevention, consolidation of security measures, and proactive threat detection.
Comparison Results: Our users prefer Cortex XDR over Microsoft 365 Defender. Cortex XDR offers a comprehensive platform with excellent visibility, protection, and control over network endpoints. Users appreciate the simplicity and efficiency of Cortex XDR's initial setup, as well as its ease of maintenance and updates. Microsoft 365 Defender receives mixed reviews about its initial setup, pricing, and customer support.
"The setup is pretty simple."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"It is stable and scalable."
"The solution was relatively easy to deploy."
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"The information the dashboard provides is very clear."
"Cortex XDR lets us manage several clients from the same console, and its endpoint defense is more advanced than traditional antivirus."
"This software helps us understand any issues that may arise when someone is not at work."
"After deploying Traps, we saw the performance of the network improve by 65 to 70 percent."
"One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network."
"Cortex XDR is a simple platform that's easy for administrators and users. You have a lot of flexibility to change or customize the features."
"It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else."
"Has great threat detection capabilities."
"Microsoft 365 Defender is simple to upgrade."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"The product integrates security into one tool instead of having third-party security tools."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"Microsoft Defender XDR is scalable."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"The most valuable feature is the network security."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"The SIEM could be improved."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"Detections could be improved."
"FortiEDR can be improved by providing more detailed reporting."
"ZTNA can improve latency."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"In general, the price could be more competitive."
"Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."
"The solution lacks real-time, on-demand antivirus."
"The licensing model is complex to understand. It requires expertise to explain how the licensing works. You need expertise to guide you through the subscription plan."
"There are a large number of false positives."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."
"Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"Stability could be improved by avoiding frequent changes to the interface."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 79 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Microsoft Defender XDR is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Check Point Harmony Endpoint, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Microsoft Entra ID. See our Cortex XDR by Palo Alto Networks vs. Microsoft Defender XDR report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
