Microsoft Defender for Endpoints supports any changes to file permissions, file access, and modifications to file delivery, as well as anti-virus and anti-malware protection. We enable Microsoft Defender on subscription. We depend on the solution for anti-malware, antivirus, and threat protection.

Initially, I was running a different endpoint security program but it did not have a dashboard that met my needs. It would only do on-premises. If laptops, desktops, or VDIs were remote, such as people working from home or in a different office, my VDIs—which are really just on-premises but they're in a separate subnet in VMware, Windows 10, Windows 7, Windows 11, 2008, all the way up to 2022—I could only get the servers that were on-prem. That solution had a management console but there was no integrated console within Microsoft so that I could cover all bases. I deployed Defender for Endpoint and now I'm able to see them in there. For some, I've still got the old AMP on them, but Defender will run in passive mode and let AMP run and report to its own console.

The reason I don't want to run AMP, primarily, is that it's a resource hog. Defender for Endpoint integrates it and automatically comes with the Windows operating system or Windows Server Desktop. Plus I can use Defender for IoT and see, on my network—which is a home lab company—my routers, my switches, and, believe it or not, my televisions and refrigerators; the IoT devices that I might have on my network. And that integrates into Defender for Endpoint.

And with Sentinel, I'm hoping to pull that into logs that I have for my cloud-based and on-premises-based servers so I have one pane of glass that will alert me if something is going on. It will correlate those logs from Defender on every endpoint and put them into one incident if there are alerts to be had.

I worked for an enterprise client in the public sector with half a million endpoints. I'm in Canada, and that's bigger than most US companies. Defender is an endpoint agent, but it's tied into what I would call a SOC outsourcing stack. It's part of a security operations center that is getting threat intelligence, comparing that to endpoint detection and response, and feeding it all back into a SIEM.

I use either E3 or will upgrade to the E5 full suite, or will go a la carte. You can pick one or two off there, but it usually makes more sense to go all E5. Sentinel and Defender are the two things I like in E5 that I work together.

We use Defender's bidirectional sync capabilities at a high level. I'm more of a high-end security architect, so I do the conceptual designs but not the implementation. Even though I like it, I don't know if it gets implemented and used or not. As a capability, as an architect, that's a good thing to have.

We use Microsoft Defender for Endpoint to protect our devices from virus and malware attacks.

We deploy the solution for our customers, typically with Plan 1, as they generally have E3 licenses. We also use Microsoft Purview, the compliance system consolidating every security aspect into its portal. This offers centralized management and tight integration with Azure and Intune, which are identity and device management tools, respectively.

Our customers have a variety of cloud providers; Azure and GCP are the most popular, but we have some AWS users too. 

We use multiple Microsoft security products, including Azure Information Protection and DLP, in addition to the other flavors of Defender, such as Defender for Cloud and Defender for Identity.  

We integrated all of these products and the integration was easy. 

These solutions work natively together to deliver coordinated detection and response across our environment, which is essential. The beauty of Microsoft is the tight integration of their various products.  

Microsoft Defender that you get by default on Windows is an unmanaged solution. It detects, but it is conventional EDR in the sense that it can detect malicious code on the machine, but it is not good from an enterprise point of view because you can't see what is being detected. The difference between Defender and Defender ATP is that you get what's called the execution chain, which is its classic use case. 

When I try to open an attachment to an email, Defender tells me that this is malicious, but when you are in an enterprise and you do receive an alert that the file is malicious, the problem usually for the analyst is that they don't know what the person clicked on. They know there was a malicious file but was it an attachment? Was it something on the USB stick? Did they download it from the internet? That's not clear. Defender ATP gives you the execution chain. In this particular example, you can see that it was outlook.exe that launched the suspicious file which then launched or tried to download various components. You can see the whole execution tree because very often, the initial thing you get is a dropper, which then downloads subsequent components, and very often, the subsequent components get missed.

It essentially gives you visibility into the execution chain. So, you are better able to do a risk assessment. For instance, if something came from Outlook, then you know that you need to go and look in exchange or look in the mail system. If the trigger came from winword.exe, then you know that it was a document, and the person had opened a document from the email. You might see Internet Explorer, when it was still there, spawn PowerShell or a command shell, which is unusual, or you might see calc.exe open a command shell. All of this detection is invaluable for identifying whether something is suspicious or not. Your EDR might not detect any of this, but ATP would see this suspicious sequence of opening and flag it. So, essentially it is the visibility and the ability to detect unusual behavior that conventional EDR would not necessarily do for you.

Its version is usually up to date. It is a cloud solution. 

The solution is used as an endpoint solution to provide a 360-degree portfolio around an endpoint. It acts as a next-gen antivirus. 

Our primary use case is for protecting Windows 10 endpoints. We use it for email scanning and application control, we can run analytics through it, and the product enables web content filtering. The Defender 365 package is all-encompassing now; it's a good product.

The solution is deployed across our whole business with 3,000 endpoints, including phones, laptops, tablets, and desktops, with 1,700 end users.

We use multiple Microsoft security products, including Defender, Defender for Cloud Apps, Identity Manager, and Intune. We have the whole security package.  

I was the infrastructure engineer who integrated the products, which was elementary; we rolled out via Intune and used SCCM to build the endpoints.  

The solutions work natively together to deliver coordinated detection and response across our environment, and it's better than using Symantec, for example. Defender is the best product out there; it's built into Windows, and it makes sense to use built-in products. This coordination is strategically important to us, as it makes passing knowledge on to the team easier because it's all in one place.   

I'm a security coach with multiple clients. I provide security implementation, planning, and maintenance through Microsoft Defender. I use all the Defender products, including Defender for Identity, Defender for Office 365, and Defender for Cloud. 

It's easy to integrate the solutions. You only need to go into the settings and switch on the connectivity to all the Defender for Endpoint connectivity telemetry. Microsoft documentation is thorough, and it walks you through all the necessary steps.

We're multi-client and multi-cloud. We're working with multiple organizations and departments, so it's complex. We have domains and sub-domains that we must account for on the deployment side. We also use Defender for ATP, which is the Defender for domain controllers.

We use Microsoft Defender for Endpoint as an enterprise security solution.

It is our endpoint protection solution as a part of the full Defender Suite that we use. We use it for every one of our devices, including Macs and Windows.

Each endpoint is with Intune, and then the management is done out of Azure.

It comes inbuilt with Windows Server and Windows 10, so we are using its latest version. It is deployed centrally on all the platforms, whether it is a virtual environment, a BYOD device, or an office device. It is deployed everywhere. 

All of our users are on Office 365. By default, every user is getting Office 365, and we are also incorporating this into data leak prevention. We have also enabled Azure Active Directory, so policies are deployed directly from our active directory. 

We use it as an antivirus and EDR solution. We also use it for vulnerability scanning and threat hunting.

It is cloud-based. We have a cloud-first strategy when it comes to our organization.

We are a very small, lightweight start-up organization who has only been around for a couple of years. We have 17 endpoints. 

We have it deployed on our endpoints and virtual servers. We have a few Windows Servers 2019, and we have onboarded those both onto Defender for Endpoint as well. Those servers are not managed by MDM because they are Server 2019, but we have onboarded them so they are being managed by Defender for Endpoint as well.

We utilize Microsoft Defender for Endpoint as our EDR solution, which stands for endpoint detection and response. Through this solution, devices are integrated. If new vulnerabilities or novel attacks emerge, Defender for Endpoint promptly identifies them. It serves as our primary EDR solution amidst the variety available in the market.

The current surge in Defender for Endpoint's popularity is attributed to its real-time detection capabilities. Additionally, we can execute SOAR actions, namely security orchestration response. For instance, if we need to isolate a device from the network or run an antivirus scan on a machine, Defender for Endpoint facilitates these tasks.

Consider a scenario where one of the devices becomes compromised. During the investigation, if a malicious IP address is identified, it can be blocked using Defender for Endpoint.

We use it as an Enterprise Detection and Response (EDR) solution. We use it for compliance purposes, and we are starting to use it for DLP purposes.

We use it to protect our servers and endpoints, which include our employees' laptops and our own endpoint portal, where we see the single pane of glass reports. It is our first line of defense.

We use Defender for Endpoint to secure our Windows 10 endpoints and Windows servers. We use Microsoft Defender as an antivirus, and we also leverage the EDR capability. If any malware or threat is present, Defender can take action on those threats and remediate if there are any malicious actors present in our environment.

It is deployed on-premises, on the cloud, and on multi-cloud solutions like AWS on Azure. We have a diverse, global environment with devices or servers in Europe, the US, and the Asia-Pacific region, except for China.

It's used to improve the security score for the whole system, even if it is the cloud or on-premises version.

We want to find a solution that fits businesses of every size and type, but we primarily target small and medium-sized enterprises. 

We use the solution for antivirus and firewall protection.

I offer a Security Operation Center (SOC), which is like a person standing and going through the metal detector at the airport. We're like the staff standing there and watching people and then having them send stuff through the conveyor. It is real-time detection and response.

I don't use Microsoft Defender that much. If I come across a client who doesn't want to spend on a different endpoint solution, I just have them use Microsoft Defender that is built into their devices.

We use it to protect computers or endpoints from any malicious software, malware, and other viruses. You have to use this one as part of your overall protection plan.

We use Microsoft Defender for Endpoint to secure our customers' networks. One of the main reasons we chose this solution is its seamless integration with other Microsoft products, including Security. This integration enables the efficient exchange of signals and facilitates incident investigation and correlation with other security measures. Therefore, we recommend Microsoft Defender to our customers for robust endpoint security. 

Microsoft has been recognized as a leader in Gartner reports for two consecutive years for their exceptional threat-capturing abilities within their division. In comparison to other solutions, Microsoft Defender Endpoint Security offers a wide range of features, and the benefit of integration with other solutions makes it a more powerful product. This is in contrast to individual products from separate vendors, which lack default integrations and may not offer visibility over other endpoints in our environment.

I used MDE to investigate individual alerts. We were able to initiate AV scans on devices from MDE. That was our normal practice as soon as we pulled up an alert. My understanding was that it wouldn't slow down the throughput or the productivity of the endpoint device. We could theoretically isolate the device via MDE.

We also used Cloud App Security, Microsoft Defender for Cloud, and Azure Sentinel. At my last two organizations, they were in the process of moving from Splunk to the Microsoft security suite. It was standard procedure for us to install MDE on Microsoft Defender as the endpoint solution for every device. We didn't have anything on-premises.

I have experience with Microsoft Sentinel. We were transitioning toward using that as our SIEM. They encouraged us to learn the Kusto Query Language, which is extremely useful.

My organization was in the process of using Sentinel to ingest data from their entire ecosystem.

The solution was deployed across multiple departments and multiple locations in North America. It was deployed on a private cloud.

We use Defender for endpoint security, firewall administration, and antivirus. 

We are a Microsoft-heavy organization, so we use Microsoft Defender for Endpoint because of its compatibility with our environment and its reports, which provide good visibility into our environment and send telemetry logs to the server.

I'm part of a team that does governance and consulting for migration from Symantec Endpoint Security to Microsoft Defender for Endpoint.

Microsoft Defender for Endpoint can be used for system protection. For example, anti-virus, malware, and EDR.

The solution can be used on everything. It can be used on the cloud. You can also use it for on-premises devices, from servers to laptops. It's a pretty good solution to manage devices and servers.

Usually, our clients have an on-premises infrastructure and they want to start working in the cloud, especially in Azure. We use Microsoft Defender to manage on-premises devices from Azure. Especially over the last two years, a lot of companies have wanted to focus more on their own business and that's why they have us manage their IT security.

The main goal of using Defender for our clients is to do vulnerability scanning and to be aware of any possible security breaches in their infrastructure.

I'm a consultant. When we do a project with a client, they want us to make an assessment of their environment so they know how to improve their security through Endpoint. I give advice on how to manage the daily case reports that Microsoft automatically sends. 

The solution is mainly deployed on the cloud. Most of our clients are on-premises, but they are transitioning and moving most of their administrative tasks to the cloud.

We deploy this solution for multi-national companies. For example, the last customer I worked with has several departments and locations in several countries. It's a mixture of everything. It's a multi-national company nowadays.

We use all of the M365 security products. I'm also looking into Sentinel. For on-premise security, we're using Windows Defender managed by Security Center or Intune.

We have integrated the solution with other Microsoft products. For example, integrating Azure Active Directory and on-premises computers with Intune is really easy to accomplish. The security console gives us visibility over all the products that are managed by different Microsoft tools. The integration is amazing. 

The solutions work natively together to deliver coordinated detection and response across our environment.

Using ORCA PowerShell provides us with an extensive report and assessment of the platform. It's officially recommended by Microsoft to get an assessment of their environment. It's easier to get the big picture from this tool than from the Microsoft console.

We're using it for endpoint security.

It is mainly utilized for telemetry collection and correlating specific behaviors or reactions to TTPs, IOCs, or indications of compromise. It is used for getting that level of detail. 

We are one of the major drug stores in Germany. We are located in 13 European countries such as Austria, Bulgaria, Czech Republic, and Poland. I'm working here as an IT Administrator, and I'm focusing on software deployment and antivirus solutions.

Our use case is that we got to have antivirus. Cyber insurance forces us to have an antivirus solution that meets the requirements the insurance has. 

In terms of deployment, we're using Defender without ATP in the old world. For domain-joined clients and on the Intune-managed clients, we use Defender in combination with ATP. The on-prem clients are usually old-school domain-joined clients.

We have its latest version. We always try to be at the newest version.

We use Microsoft Defender for Endpoint to protect our work environment.

Microsoft Defender is a Windows platform that can be integrated with various solutions. It has a complete dashboard that gives us clear visibility into the total security of things, the endpoint devices connected, and their status. It also gives us information about who has been logged in and at what time. Compared to other solutions, Microsoft Defender for Endpoint gives us more visibility and threat analysis reports.

We use Microsoft Defender for Endpoint to manage the firewall and provide endpoint security, such as antivirus protection, on the endpoint.

In an enterprise setting, I use the product to protect workstations, and more recently servers, from all sorts of threats, including malware, viruses, trojans, etc.

Once we enroll devices, the Microsoft scanners scan them in the backend and find vulnerabilities for the devices. For example, if our Office version is outdated, or Chrome is an outdated version, or there are any vulnerabilities or security loopholes, they will be displayed in Defender for Endpoint. We go through those vulnerabilities and we try to fix them by creating group policies or by using Intune. If there are any security recommendations in Defender for Endpoint, we fix those assets.

We use Microsoft Defender for Endpoint for anti-malware purposes.

Our target is to have control over protected endpoints. As a centralized console dashboard, we want to see the exposure level and security weaknesses associated with those protected endpoints.

We are a consultancy company and a Microsoft Gold partner, so we are strictly attached to the Microsoft stack. We have used Microsoft Defender for Cloud for some of our customers on a few occasions.

The solution is deployed on the cloud. From an infrastructure point of view, it's on Microsoft and likely would be geo-distributed. The solution is typically deployed for all endpoints that require cloud protection in an organization. If a company has 300 devices, typically all 300 devices are connected. It doesn't make sense to divide profiles for different departments.

On average, we have 300 to 600 devices and a similar amount of users. In a few cases, we have Defender for Endpoint protecting shared workstations.

We use Microsoft Defender for Endpoint to prevent traffic attacks. The solution displays each attack through Symantec. Therefore, we do not need to develop any use cases. It will detect anomalies using machine learning in Defender for Endpoint. It collects logs from the sensor, which include all mission data from the Windows sensor. The machine logs will then be sent to the cloud for analysis, and for every anomaly found, an alert is generated in our console.

We use it for threat protection.

We have been using it in our test environment. On the customer side, we are using the small business variant of the tool. So, we are using Microsoft Defender for Endpoint and Microsoft Defender for SMBs. They're pretty similar, but the one for SMBs is a little lighter.

In our test environment, we have access to 50-seat licenses for everything. So, we are making sure that we are technically in a good place before we begin to offer this kind of solution to our clients. In addition to our solutions, we are delivering services to our clients. So, when we sell an SMB or enterprise Microsoft license, we are able to do the migration, management, and other things for a client.

Normally, we use the solution for our workstations.

We use Microsoft Defender for Endpoint for our antivirus protection.

It's an AV and EDR. The AV is integrated with the OS and, once you onboard the devices through a portal, it also functions as an EDR.

We are a property investment company, and people here use Microsoft Surface devices for their daily job. We are a Microsoft-oriented company, and we use it for our basic endpoint security implementation. 

Our entire security is based on this endpoint solution. Sometimes you have centralized security where you scan all traffic going through a central firewall and you also check through several types of solutions. You also check HTTPS connections. Basically, for all the traffic going inside and outside the company, you use a security firewall, and this endpoint solution is actually a firewall solution or security solution that is distributed. So, all the traffic coming from and going into the end-user device is basically submitted for scanning. If you download an ISO on a website or an email, everything is scanned for security to check whether it contains any malicious data. 

We are using Microsoft Defender for Endpoint Plan 2, which is the enterprise version of Microsoft Defender for Endpoint. We are using the most recent version of it.

We deploy it via Intune. The feature is called Microsoft Intune Autopilot. We have a hardware hash. A colleague of mine prepares the configuration and then based on the hardware hash and Autopilot, the devices are completely installed and joined to Azure AD and then to our enterprise. Intune is a Microsoft device management platform that comes with Microsoft solutions. When you buy a new device, based on the hardware hash, it can automatically find that device through Autopilot and do the specific deployment for your company. So, the users can use any type of device, start it, and then it will automatically be joined to our environment.

Our use case is for financial groups and we use it to control malware, as well as for antivirus. Our focus is on using it as an endpoint solution, but we cover the older servers too.

We use it for endpoint detection and response.

The agent is installed on the endpoint, on the laptop or desktop, but it's a SaaS solution.

We are a consulting company and we use this product for endpoint protection across the company, as well as for our clients.

We primarily used the solution as Endpoint Detection and protection (EDR, EPP) with secondary benefits of threats and vulnerability management, security incident response, automated query and real-time device monitoring, and with the capability of email security, identity management (DFI), and task automation (Power automate). We used respective licenses where required.

The solution was also used for an endpoint antivirus for workstations in a multi-OS environment, including Windows and Mac OS. We had file, device, and user trajectory monitoring for the security operations team.

We use Microsoft Defender for Endpoint as our EDR solution on all of our user endpoints.

We provide solutions to our customers based on their requirements. We started working with Microsoft products because we saw people getting more inclined toward Microsoft security products. For example, previously, for SOC, we saw more organizations working with Splunk or QRadar. However, over the last six months, we have seen a lot of customers migrating to Microsoft Sentinel because they already have Microsoft products in their environment, and it works better with other Microsoft products.

Our primary use case is anti-malware and virus protection for our machines. We don't operate a network as such; our setup is almost entirely in the cloud.

We use the solution across multiple departments and teams, with about 400 total end users.

It is a comprehensive monitoring solution for all user activities and their associated details within our tenant. All data flows seamlessly through Sentinel, streamlining the process and ensuring thorough oversight of our environment.

I am a SOC analyst and I use Microsoft Defender for Endpoint to investigate endpoints in our environment and malicious activity.

We use it to prevent malware attacks.

It's an antivirus product, so its main use is to protect us.

We have a dedicated team that handles all security-related aspects of the solution, however, my understanding is that the solution helps guard the endpoints in our organization. 

The solution is used for endpoint detection and response, however, it also has vulnerability management. I don't use that as much as the endpoint detection and response. I use it in combination with Cloud App Security and Endpoint Manager.

We use it for endpoint security.

It is the end defense against anything coming into our computers and through other channels, e.g., we have some other measures. A lot of our users use Microsoft Remote Desktop Services, so all our servers are locked down. The solution handles what nothing else finds along the way. It is a standard endpoint for computers, servers, and tablets.

We use Microsoft Defender for Endpoint for protection, asset onboarding, and service onboarding. We primarily focus on Microsoft-based endpoints. Specifically, we look for processes to determine if malware, viruses, or adware have been installed.

I am using Defender for one of my customers. 

We use it for security purposes. It provides important security for some critical systems, such as network devices.

Our server is on Azure, so we get alerts on Microsoft Defender. If it's an endpoint alert, we investigate the endpoint based on the type of endpoint it is, whether it's a computer or a phone, et cetera. We then figure out what kind of file was downloaded, if it was bad or good, based on the hash file. 

We also use Microsoft Defender for Office 365 for email, where we get alerts based on phishing emails, spam, and we investigate them. We also do Sentinel queries, with KQL (Kusto Query Language).

We used it as an EPP and EDR solution. 

We are using this product as part of our EDR solution, and we use it in conjunction with CrowdStrike. We are a solution provider and this is one of the products that we deploy for our clients.

Microsoft Defender for Endpoint can be used for protecting personal information and file in my organization.

We are using it as the antivirus as well as the malware protection.

Microsoft Defender for Endpoint provides visibility into our workstations at SOC. 

We use Microsoft Defender for Endpoint to secure our workstations, laptops, and servers. It helps us to do virus scanning and malware protection. 

The solution is primarily used for antivirus and malware protection.

Defender is basically a protective seal that is used to protect your Windows applications. Whenever you enable it your system is safe. You feel safe and your data and your security are verified by Defender and protected by the Defender seal. 

Our use cases, and the way we deploy it, depend on the different situations we encounter.

There may be a company that is already using the Endpoint Protection solution and we have to do a migration.

Another scenario is that a company may be migrating away from another endpoint threat protection solution.

And there are some companies that are already using SCCM, and we may have to go through one of two scenarios. One is to co-manage with what they call Microsoft Endpoint Manager and Configuration Manager. If they are already using SCCM, and only SCCM, we will typically have to go through a process where we integrate SCCM into Endpoint Manager and then they'll usually bring some endpoints into Intune and they'll do a PLC. They have to Azure AD-join or register a device into that so it can be managed through Intune. They may even co-manage it for a while until they fully onboard into Intune only. A lot of people are looking to get away from co-management and managing through Endpoint Manager. But there are some prerequisites to accomplish that.

The endgame for most companies is they want to manage things from Intune only. There are different paths to get there, depending on what they already have in place.

We use a package of Microsoft security products, including Defender for Endpoint, 365 Defender, Sentinel, and Defender for Identity. You can integrate them with a few clicks. They work together natively, and Sentinel provides advanced monitoring, so you know everything happening in your environment.

It's essential to have one space where you can manage all these solutions together because security can be complicated. It makes it that much more complex to have to navigate to a different portal for identity, email, etc. It's crucial to have a single place to manage all your security operations, so you don't have to move around. 

We started with endpoint protection, where you install an agent on your client with a sensor already built in. Once you have that agent installed, the endpoint can report to the Microsoft security portal. You'll be able to see the device onboarded on the portal using some scripts, and you can monitor most of the vulnerabilities. You can also detect, respond and remedy security vulnerabilities from the portal.

We added email protection by setting policies that will analyze our email. It analyzes our links and attachments to see if there's malware attached. We move ahead to use Defender for Office 365. We also moved forward with Defender for Cloud, and the solution for our workloads, like VM, our network security group, etc. There is another one called Defender for Identity that lets us manage our on-premises and cloud identity from a single portal.

We're using the solution on our endpoints.

We use Microsoft Defender for Endpoint as an antivirus and antimalware solution. We also use it for endpoint management.

We use Microsoft Defender for Endpoint for network and endpoint protection.

Microsoft Defender for Endpoint gives us a second layer of security as well as the third layer of security. One of them is interested in web security and email security. One of them, similar to Cisco, is a Cisco FirePOWER. These are a compilation or a group of devices for security.

It is an Endpoint Detection and Response system (EDR), and it seems the new term is XDR. We use it for anti-malware protection. It protects from a virus, worm, ransomware, and other similar things. 

We are using it for protection. We had a request from one of our customers, and we just started to implement it. We don't have any great idea about it. We are in the process of implementing it for the first time.

We are using its latest version. It is on-prem. The problem with going for a cloud version is that most of our customers prefer to work with on-prem solutions. So, we need all the features to be available on-prem as well as on the cloud.

We use it for our endpoint detection and response capability.

This product is our antivirus for Windows 10 machines, Windows Server 2016, and in our Azure environment. In addition to this, we have a project for an oil company that is implemented in Azure, and we had to migrate the majority of their systems to that platform. Once the migration was complete, we configured Windows Defender as its antivirus.

We are using Microsoft Windows Defender for Windows services because it is the default antivirus and protection solution with Windows Server 2016 and 2019. We are using it for Windows servers, file servers, and active directory.

I have tried so many antiviruses personally, but this one is integrated with the operating system. That's one of the main reasons for considering this.

We are using Microsoft Defender for Endpoint with advanced threat production. Microsoft's enterprise mobility and security suite fulfills a large number of security strategy requirements for our organization. We are going to use this solution for identity production and for endpoint security.

It's a hybrid setup. The advanced threat protection only comes from the cloud intelligence engine. That's something of a new experience for us, but the rest of the components will be on-prem. We are using Microsoft's cloud. 

The whole suite of security enhancement doesn't just include Microsoft Defender. It also covers many of the features that come with the Windows Enterprise version. With this option, we are actually upgrading to the Enterprise version as well and unlocking those security features which are not available in Windows Professional. Microsoft Defender is a whole suite, which is simply not comparable with a usual anti-virus, anti-malware product.

Microsoft Defender for Endpoint is used for securing endpoints from threats.

We were using the basic endpoint from Sophos without Intercept X and the EDR model, and currently, we are in the selection process of a new platform that has EDR embedded. We are using Microsoft Defender Antivirus for the time being till we get the new platform.

There are endpoints that are not in our organization's network but are connected directly to the web. We use Microsoft Defender for the antivirus.

We are not dealing with this solution daily, just when there is an issue from time to time.

We are using it only for EDR, but we have a plan to extend it to Microsoft email as well as to the cloud.

The area that I focus on the most is Endpoint Protection. We use Intune to build custom devices and configurations, to push out group policies, and do quite a bit with Azure Log Analytics.  

I'm writing a script from a multi-home deployment of the MMA Agent. The use case varies a lot, depending on the clients' needs. Our clients tend to be pretty big companies. The smallest client I have is about 600 people. Our biggest client is about 50,000.

We combine Microsoft Defender with Advanced Threat Protection to manage, isolate, and scan our laptops and workstations for security threats. We have a dashboard that is embedded into Office 365 and it allows us to remotely scan for viruses and malware, so we don’t have to have the laptop present.

We are a system integrator and I specialize in practically everything that is security-related. This is a product that we sell as part of Office 365, and rarely as a standalone solution.

Usually, if we have a customer with Office 365 and they need this type of solution then we increase the subscription to a point where it is included.

From the user's point of view, this is classic anti-virus software. From a management point of view, this product gives better control over endpoint devices because some processes can be stopped remotely. If you have a person that is watching over the system then they have a higher level of control over endpoints.

I use Defender for protection.

I am using Microsoft Defender for Endpoint for system alerts of any kind of suspicious items or unusual network traffic. I only use it for personal use.

The solution has shown me different kinds of requests from the websites that were made and cookies that have been created. It has provided me with statistics.

We use it at home on some personal machines at home, and there are a few machines inside of the Enterprise that has it.

We use this solution for general antivirus protection.

We use Microsoft Defender Antivirus to scan for malicious payloads that may come in files, emails, a USB drive, or another type of external drive. It helps us to identify any malicious load that could compromise the security of any of our systems.

We are in a decentralized environment. We have multiple offices but they are not connected physically. The offices are directly managed from the internet.

We have a mixed environment with Linux and Windows machines.

We operate in the educational sector.

I use Microsoft Defender for Endpoint to protect my computer when downloading files. Whether it's documents from my email or web browser, this is the first thing I use the solution for. It also provides protection against ransomware. Additionally, the monthly report indicates the number of infected files that were blocked during that month.

We use this product for our endpoint detection and all the remediation.

It's an XDR (Extended Detection and Response) system.

The product is useful for projects, finding tech, and finding firewall actions on computers. 

We call the solution MDATP - Microsoft Defender Advanced Persistent Threat Protection. At the same time, we're using it more from an EDR point of view, as an Endpoint Detection Response. It can detect any threats, malware, or processor, which are illegitimate and being executed by the end-users or malicious actors. When it sees this, it detects and reports to us. 

Not only that, at the same time, it's detection, prevention, and response. Mostly what we were working on is detection. When I refer to detection, I mean that it can, with pinpoint accuracy, detect something and expose the threat. It can also map those threats with a MITRE, which is one of the great things that I love about it, on top of the accuracy and the threat description it provides.

There are a few different use cases. We return with a query language, which is provided by Microsoft. We are able to create some threat hunting queries. We can pinpoint, accurately detect, and run pain testing. When there’s a threat or issue, I am able to find it and track it with great accuracy in MDATP. MDATP is able to tell me that, for example, in my organization, if there was a guy who was doing pain testing, which is black listed, and if there was an attempt to exploit something or install some malicious code or try to hack into the system. I am able to find this and pinpoint its occurrence. Not only that, I’m able to map them onto a MITRE framework and tell which stage of the attack it was, where the attacker came from, et cetera. I can see if it was something that was planned in the organization. 

I can both detect internally and externally. I have full faith that the MDATP will detect behaviors and warn us of issues.

We use Microsoft Defender Antivirus for antivirus protection as part of our endpoint security solution. It protects our systems against attacks from any virus, malware, or trojan. 

We primarily use this product to get antivirus protection in a cost-effective way.

We use the most up-to-date version. 

Our primary use case is for basic EDRs for simple interfaces.

We are using this solution for threat detection.

We're using it in the backend, just for securing our environment. We're not an end-user, we are a Microsoft partner and we are using it as a B2B solution. It's more for customers. From the software side, we provide solutions that are mainly Microsoft-based. 

It's used to protect endpoints and, for some customers, it is used to deploy Microsoft 365 suite features. Most of our clients are medium-sized businesses.

Usually, the solution is used in relation to keys management. We implemented a program for it, for the lifecycle of the keys. We've also used it for certificate management.

The primary use of this solution is for the detection of malware and to stop phishing. 

I use Microsoft Defender for Endpoint protection on my personal computer.

The solution is used to protect the endpoint. Also, there's an antivirus and then advanced threat protection. It's also detecting threats and sending that to the cloud and correlating that without the events from other parts of the EMS suites. That's primarily what we are using it for. It is also capable of doing some attack surface reduction that you can configure on the endpoint. It's basic protection plus surveillance. It's also an EDR, however, we are not using that.

We use this as our antivirus solution.

We are a government organization, and we use Microsoft Defender for Endpoint Protection.

We also use it for vulnerability scanning and assessment, which is very useful.

Our clients use it for antivirus and anti-malware purposes.

It is an antivirus. It is like any other antivirus, except it comes with Windows and you don't need to install anything extra.

We use this solution for business security protection.

We are using Microsoft Defender ATP to prevent anti-phishing, malware transportation, and unwanted spam emails.

This is an endpoint security product. It helps detect and prevent attacks and is very good when it comes to vulnerability assessment. It automatically detects attacks. It provides support for all the end devices, whether it is a Mac OS, Windows, mobiles, Android and iOS, it has support for all. I mostly deal with smaller and medium sized companies, I don't deal much with enterprises. I'm a customer of Microsoft and I work as a solution architect.

I have used Windows Defender to protect my computer from viruses or harmful websites on either flash drives and other removable devices when I am online which tend to attack my computer and corrupt it causing inefficiencies in my computer working processes. 

I usually check from time to time if the hard disks of my computer has been infected and remove the files that are harmful to my systems. Another purpose of this tool is blocking and filtering sites that are harmful or appear threatening to my system.

Our primary use case of this solution is to defend from viruses. 

I lead a delivery team. I have a team of about 20 technology specialists and we do the deployment for Microsoft Defender.

Instead of having a third-party antivirus, then you can have a Microsoft ecosystem for your entire endpoint protection. 

I use it mostly to detect threats or viruses. I am using its latest version.

I am a Taiwan sole company reseller. We sell commercial software to enterprise customers.

I use the Microsoft Defender for scanning the antivirus or some hacker tools.

Our primary use case of this solution is to protect our endpoints from malware.

A lot of our work involves exchanging files with clients, both via the internet, by email and by USB. Therefore, we are susceptible to malware and ransomware attacks. We are using this solution to protect against these attacks.

Windows Security Essentials is available on Windows 7 and Windows 10. I'm using Windows Defender, and the agent is deployed on-premises on my laptop. I don't know if it has some background cloud services.

I use it for flash memories, portable memories, real-time scanning, threat protection, and capturing the data downloaded from the internet.

I installed Windows Defender for personal use for my protection of my personal PC. I use it as an antivirus system so that I do not have any exposure to viruses on my PC. Obviously, I do not want to leave my PC open to virus threats. I have only used it on my personal PCs with the license I got for Office 365. I keep my patches and descriptions updated on my PC.  

Defender is installed only one one of my laptops. I am sure I will continue using it there as long as the licensing is valid.  

We use Microsoft Defender for Endpoint for threat protection.

We use Defendor for endpoint monitoring. It alerts us when a machine has issues, and we take the necessary steps to resolve them.

Defender is an antivirus solution deployed on all Microsoft PCs. Thousands of employees at my company use it. 

Most of my clients use Microsoft Defender for Endpoint for attack and threat prevention. I always look at the alert page to get alert details. This solution is also used for EDR (endpoint detection and response). We also use it for web content filtering and for completely automated investigations.

Microsoft Defender for Endpoint is a basic endpoint protection solution. If you do not combine it with another solution then you will leave yourself open to vulnerabilities. I used Microsoft Defender for Endpoint in conjunction with other solutions, such as Cylance.

Microsoft Defender for Endpoint is useful for the protection of your business information and threat prevention.

Just as the name states, we use this solution to defend endpoints. 

We're actually in the process of moving away from this solution. We are beginning to use SentinelOne.

We primarily use the solution for MDM, MAM, and Find Point.

What we did is we replaced our antivirus with Microsoft Defender. There are three products that we implemented, including the Endpoint Defender, which is deployed to all of our end points.

We have this security solution activated on 10 different Windows PCs, and we have it for Office 365 products as well.

We use MWD for detecting malware, viruses and protect from Ransomware.

We use Microsoft Windows Defender for normal internet security. We use it to detect viruses. We have about 100 users.

We use this solution for threat management and pallet management.

Microsoft Defender for Endpoint is integrated into Microsoft Windows and is used for system protection.

We use it for antivirus. You can use it for malware and Zero Trust. Some people use it for fact-checking too. I can also use it with Intune, which is good. 

We deploy Microsoft Defender on all kinds of devices, including Microsoft, iOS, and Mac.

Within our company, there are roughly 400-500 users of this solution.

We replaced our antivirus with Microsoft Defender, and we are implementing three products. We have Microsoft Defender for Endpoint, which is deployed on all our endpoints. We also have Microsoft Defender for Office, which works very well to protect Office documents. 

We are using this solution for MDM and MAM for the endpoints. We are using its latest version.

Our primary use case for Windows Defender is to prevent malware and viruses. Security is the main purpose that it is used for by our organization.

I use Microsoft Defender for Endpoint for an antivirus solution.

I'm using Defender at home for antivirus protection.

Microsoft Defender for Endpoint is used for system security.

We primarily use the solution for cloud security. It was used for threat detection and endpoint to endpoint.

The product can be used for organizations that use Microsoft as their primary security defender and need zero-day threat protection. It's good for companies that want to make sure there are no threats or attacks on their information.

We use this solution to protect and blocks any threats. We use it for protection.

I'm a consultant and I don't use these solutions. We sell them and we do research for sales purposes.

I don't use it explicitly. Rather, it's there on my laptop filtering viruses. It's there to protect my laptop.

We use this solution and we also implement it for customers. We mainly use it for its anti-malware and threat protection capabilities. If a client comes to us who uses Office 365, then we suggest this solution.

At the moment we have between 10 to 50 customers.

We definitely plan to keep using this solution. We're currently just pushing out all other solutions because they're not integrated and they have additional deployment costs. The only thing which is a bit peculiar is that you need to convince the customer that you're not talking about an antivirus solution. If we do, then they end up comparing things that are incomparable.

I primarily use Defender for web protection.

I primarily use this solution for the safety of my PC. It protects me against ransomware and other types of viruses.

I am using the solution for personal data protection.

Our primary use for the solution is threat detection and response.

Microsoft Defender for Endpoint is used for protection against threats.

We use Microsoft Defender Antivirus as part of our security solution.

Our primary use case of this solution is endpoint protection. In general, we use it to protect our devices, rather than using third-party software. 

This solution is deployed on-prem. 

I primarily use it for myself and my businesses as a protection solution.

Our primary use case centers around blocking viruses on my personal laptop.

My primary use case is as an end-user solution. It helps protect the computer against viruses and malware. It has a firewall option and offers basic protection for an end-user and a home user. If you are a home user, it's a very good solution for you.

Microsoft Windows Defender is used to protect against malware.

We use this solution mainly for safeguarding online use of laptops. 

We primarily use it due to the fact that it comes with the Windows 10 bundle and is free. We use it for security purposes. It scans for viruses and malware for us.

Our primary use is for protection against malware.

The solution is basically an antivirus and is used to protect users from a number of things. Mainly, the solution protects against cyber-attacks and defends a user from viruses so that files are protected. Of course, it will be very important to have a big antivirus in place so that companies are protected from big attacks. Windows Defender does not really do that.

It is installed on my personal computer. I use it to protect my personal computer.

We primarily use the solution to save our data from getting lost in the case of network attacks or viruses.