We performed a comparison between Cortex XDR by Palo Alto Networks and Microsoft 365 Defender based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Cortex XDR offers an intuitive interface, advanced identification of risks, expandability, and compatibility with various other solutions. Microsoft 365 Defender offers effortless integration with other Microsoft solutions. Users praised its flexibility and comprehensive protection against multiple threat types. Cortex XDR could use enhancements in hard disk encryption, security integration, and customer education. Microsoft 365 Defender could upgrade its machine learning and AI capabilities. Some users suggested adopting Zero Trust features.
Service and Support: Some customers were impressed with Palo Alto's support, while others reported mixed experiences. Some of our reviewers were satisfied with Microsoft's support, but others complained about slow responses and lackluster problem-solving capabilities.
Ease of Deployment: Some users thought Cortex XDR’s deployment was fast and straightforward, while others consider it to be a complex and time-consuming task that requires thorough planning. Setting up Microsoft 365 Defender is potentially complex and may involve integrating with existing policies. Some users reported longer deployment times.
Pricing: Some reviewers said Cortex XDR is expensive, but others said it was reasonable for the robust feature set Cortex offers. Some users say that Microsoft 365 Defender is good value, but other users perceive it as more expensive than similar competing products.
ROI: Cortex XDR creates value by ensuring system and data security rather than a financial return on investment. Microsoft 365 Defender offers savings, attack prevention, consolidation of security measures, and proactive threat detection.
Comparison Results: Our users prefer Cortex XDR over Microsoft 365 Defender. Cortex XDR offers a comprehensive platform with excellent visibility, protection, and control over network endpoints. Users appreciate the simplicity and efficiency of Cortex XDR's initial setup, as well as its ease of maintenance and updates. Microsoft 365 Defender receives mixed reviews about its initial setup, pricing, and customer support.
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"We have FortiEDR installed on all our systems. This protects them from any threats."
"The stability is very good."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"This is stable and scalable."
"Forensics is a valuable feature of Fortinet FortiEDR."
"The interface is easy to use and it is more up to date than our previous solution."
"Cortex XDR can integrate the firewalls and determine the tendencies of the attacks. It's a new generation antivirus, with protection endpoints and detection response. It is very easy to use and everybody can operate the solution."
"It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe."
"The most valuable feature of Cortex XDR by Palo Alto Networks is the low consumption of system resources. The solution uses a lot of AI and machine learning."
"The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past."
"Stability is a primary factor, and then there's the ease of distribution and policy management."
"It has pretty much everything we need and works well within the Palo Alto ecosystem."
"The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"The integration, visibility, vulnerability management, and device identification are valuable."
"The most valuable feature is the network security."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"Making the portal mobile friendly would be helpful when I am out of office."
"The dashboard isn't easy to access and manage."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"The solution should address emerging threats like SQL injection."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"We'd like to see more one-to-one product presentations for the distribution channels."
"The only minor concern is occasional interference with desired programs."
"Cortex XDR should have a lightweight agent, and the agent size should not be heavy."
"It's very time-consuming to log support issues and the people that answer the tickets aren't very knowledgeable."
"The encryption is not up to the mark."
"In an upcoming release, the solution could improve by proving hard disk encryption. If it could support this it would be a complete solution."
"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."
"The solution should force customers to integrate with network traffic to see the full benefits of XDR."
"The playbooks could be improved to include more functionalities or actions."
"I would like to see some additional features related to email protection included."
"The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"The web filtering solution needs to be improved because currently, it is very simple."
"The tool gives inconsistent answers and crashes a lot."
"We should be able to use the product on devices like Apple, Linux, etc."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 3rd in Extended Detection and Response (XDR) with 80 reviews while Microsoft Defender XDR is ranked 6th in Extended Detection and Response (XDR) with 75 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Microsoft Defender XDR is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "It provides a whole new level of visibility and integrates with most other vendors". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and SentinelOne Singularity Complete, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Secureworks Taegis XDR. See our Cortex XDR by Palo Alto Networks vs. Microsoft Defender XDR report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.