Microsoft Defender for Endpoint Review

Product has a decent detection rate, but there are some challenges related to reporting

What is our primary use case?

We use this as our antivirus solution.

What is most valuable?

Within its class I think, it has a high and decent detection rate.

What needs improvement?

There were a few detections that are not picked up, and then Microsoft picks up on that and they update it. That's just a normal thing you go through based on every antivirus solution. You're always going to have viruses and signatures that are coming out.

So, I wouldn't say it's the perfect solution because if you're looking at next-generation behavioral based things, for example, if you're going to use ATP, that's when you can get more methods out of it. With Defender, if you pay more you can get the ATP component, which is sold separately by Microsoft.

We do have some challenges in the reporting aspect of it. 

There's a lot of manual effort involved to configure what we need.

There are also a few issues with policies.

For how long have I used the solution?

I've been using this solution for six months.

What other advice do I have?

Defender by itself is not a solution. Defender is basically a functionality.

We have some issues with reporting, but I think it's just the way we've integrated right now, again not using ATP. So, we just use STC MS management. Then it's limited in terms of reporting.

From an operator's perspective, I think there are some policy detection issues where you've got a detection for a signature but how it translates into the FCCM dashboard where it doesn't really categorize that particular model. It picks something up as bad but it's just unknown.

So, I think that's a known issue with this particular thing. Because it doesn't know what it is classified as it doesn't really do anything. For it to do something, the policy has to recognize the category of that number. It could be a trojan horse or whatever it is, but it doesn't really do that. It could be what they call an autonomous detection where the system categorizes it as not recognized and hence it blocks it, but it's not going to let you delete it instantly. Usually, you can say if it's detected you want to block it, that's the first step. The second step is to be able to delete the file or quarantine the file. But it doesn't recognize that, so it doesn't know what it needs to do. Instead, it just blocks it. It only blocks it because it doesn't recognize it as being Malware.

I would rate this product a six out of ten.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Microsoft Defender for Endpoint reviews from users
...who work at a Financial Services Firm
...who compared it with McAfee MOVE AntiVirus
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
536,244 professionals have used our research since 2012.
Add a Comment
ITCS user