Microsoft Defender for Endpoint Reviews

We use a package of Microsoft security products, including Defender for Endpoint, 365 Defender, Sentinel, and Defender for Identity. You can integrate them with a few clicks. They work together natively, and Sentinel provides advanced monitoring, so you know everything happening in your environment.

It's essential to have one space where you can manage all these solutions together because security can be complicated. It makes it that much more complex to have to navigate to a different portal for identity, email, etc. It's crucial to have a single place to manage all your security operations, so you don't have to move around. 

We started with endpoint protection, where you install an agent on your client with a sensor already built in. Once you have that agent installed, the endpoint can report to the Microsoft security portal. You'll be able to see the device onboarded on the portal using some scripts, and you can monitor most of the vulnerabilities. You can also detect, respond and remedy security vulnerabilities from the portal.

We added email protection by setting policies that will analyze our email. It analyzes our links and attachments to see if there's malware attached. We move ahead to use Defender for Office 365. We also moved forward with Defender for Cloud, and the solution for our workloads, like VM, our network security group, etc. There is another one called Defender for Identity that lets us manage our on-premises and cloud identity from a single portal.

Many of our users are on older operating systems and browsers with vulnerabilities that harm the environment. An attacker can take advantage of those old browsers to access the infrastructure. Defender for Endpoint lets us identify those browsers with vulnerabilities and resolve the issues. We can also find processes that we didn't initiate and stop them right away.

Defender helps us prioritize threats from the security portal. It shows us the dangers that matter the most to our own organization and which threats we should address first to achieve the most significant improvement in our security posture. 

We can manage Defender for Endpoint and Defender for 365 from the same integrated security portal, and it's user-friendly. Microsoft is much more user-friendly than Sophos. 

Microsoft covers every aspect of security and the global challenges we face. The biggest threat today is identity and access management. If someone has access to your identity, they can access much of your technology. They have solid solutions for identity, email, and cloud. I don't think there's anything Microsoft left out. Microsoft has your security environment protected. 

Sentinel enables you to ingest data from your entire ecosystem from on-premise to the cloud. It has single sign-on technology, so you can use your account from your on-prem to sign on to the cloud and vice versa. A user doesn't have to remember a lot of passwords.

Sentinel's data ingestion is essential. Security tasks can be tedious. It's great to have technology that lets you integrate all your data from different sources. You can also incorporate data from other clouds, not just Azure. You can have data from Azure and on-premise. 

So far, Sentinel is one of the most comprehensive SIEMs I've seen. They have even added this XDR. Sentinel doesn't just do SIEM and SOAR. It also covers XDR. The automation is there, so you don't have to do much work. The automation helps you look at the activities behind all this data and correlate them to see the relationships. It gives you information at a glance to see if there is a relationship between these various data sources. 

Defender saves us time. A task takes typically three days and could be accomplished in one day using Microsoft technology. With an on-premise network, you need to switch between portals on all your network devices, but you can achieve that from one portal. You can set policies that will block traffic to your infrastructure, so it saves time. The advanced threat protection using AI has also reduced our detection time. 

We've also saved money. We previously managed the technologies on-premise, so we had to maintain the solutions ourselves. We spend less using Microsoft cloud technology because we don't need to pay for those extra features. We only need to pay for operational expenses. 

We don't have to go to the affected devices when we see a security vulnerability from the portal. We can respond to those issues and resolve them using an endpoint management solution, like Intune. When we resolve a security issue, it takes a week to see the score, but we see the results immediately.

I like the security score that you can see from the portal. You can see the list of the vulnerabilities, and the security score tells you how well your organization is managing those vulnerabilities. It's a strong feature that helps improve your security operations.

Another helpful feature is the recommendations. The portal will guide you on how you can resolve those issues from your own endpoint. This feature is great if you don't have that kind of experience. It will help you understand the technology better and improve your security posture. 

Defender provides useful alerts and groups them. It sends an alert to your portal if it detects any malicious activity, and you can group multiple alerts to form an incident. 

I would like to see Sentinel better integrated with the rest of the security technology within one portal. 

I've been using Defender for more than a year.

I rate Microsoft support seven out of ten. I had some cases a while back and told an agent my issue. When I called the next day, I had to explain everything again to a different person, so I found it annoying to repeat myself all over. 

It would be helpful if they had some coordination between their support, so we don't have to repeat ourselves. They should be able to transfer your details from one agent to another. 

We previously used Sophos.

Defender doesn't cost that much. When you use Microsoft technology, you can start with the free version and see how much the technology helps your organization solve security problems before you use the subscription. They also do this pay-as-you-go model, so you only pay when you use it. 

I rate Defender for Endpoint nine out of ten. It's great. I don't have anything negative to say about those technologies. They are serving their purpose.

We're using the solution on our endpoints.

The functionality is very important to us. 

The cloud provisioning is great. 

It's a Microsoft product, therefore, it's easier to deploy this product than other options. It's very important for us to have a simple way to deploy new PCs when we buy the new PCs. We don't want that deployment to be a burden. The easy deployment feature is very helpful.

At the moment we are currently testing it. We are not major users of the product, and therefore we have no idea of what it can and can't do just yet.

At this time we don't have any recommendations concerning the Windows product interface.

It would be helpful if they offered video tutorial guides. 

I've used the solution for three or four months.

We are testing it right now and we didn't get into the production state just yet. Therefore, it's hard to gauge the capabilities in terms of stability. So far, however, it has been stable.

The scalability is okay. 

Support is always okay. I've always had a positive experience dealing with support. 

The deployment is seamless and super simple. It's not complex at all, and that's the main selling point for us. 

We did negotiate on the pricing, however, I can't speak to the exact costs involved. 

We did not really compare this solution to other options. The advantage is that this solution is available on mobile devices, and we needed something that covered everything, from desktops and laptops to mobile. Therefore, we didn't really consider anything else. 

We are Microsoft customers. We don't have a special relationship with the organization. 

We are using the latest version of the solution. 

It's a good product overall. I would rate it an eight out of ten.

We use Microsoft Defender for Endpoint as an antivirus and antimalware solution. We also use it for endpoint management.

What I'd like included in the next release of Microsoft Defender for Endpoint is more integration with different platforms.

We've been using Microsoft Defender for Endpoint for four years.

Microsoft Defender for Endpoint is stable, except for occasional internet connection issues, but it's stable.

We contact the technical support team for this solution whenever we have an issue, and once you open a ticket, they respond as quickly as possible, though it would still depend on the severity level that you define.

The initial setup for Microsoft Defender for Endpoint was straightforward. It wasn't complicated.

We pay for our Microsoft Defender for Endpoint subscription yearly.

We've been working with various Microsoft solutions, e.g. Microsoft Defender for Endpoint, Microsoft Azure, etc.

Microsoft Defender for Endpoint has been awesome, so far.

I wasn't around during the setup of the solution, so I have no idea on how long setting it up took.

We have 6,000 end users of Microsoft Defender for Endpoint within the company, and it's being used on workstations, servers, and mobile devices.

I'm rating Microsoft Defender for Endpoint nine out of ten. I found it to be a good product. It's a fine product.

We use Microsoft Defender for Endpoint for network and endpoint protection.

Microsoft Defender for Endpoint could improve by making the reporting better.

I have been using Microsoft Defender for Endpoint for approximately three years.

Microsoft Defender for Endpoint is stable in my usage.

I have found Microsoft Defender for Endpoint to be scalable.

We have approximately 700 people using this solution and we plan to increase usage.

The technical support from Microsoft is very good. We are part of the Microsoft Suite, and from being part of this we have consistent news regarding Microsoft Defender for Endpoint.

I have previously used ESET.

The initial setup of Microsoft Defender for Endpoint was straightforward. 

We have two engineers that do the implementation and maintenance of Microsoft Defender for Endpoint.

Microsoft Defender for Endpoint has improved a lot over the years and it is a lot better now.

I would recommend this solution to others.

I rate Microsoft Defender for Endpoint an eight out of ten.

Microsoft Defender for Endpoint gives us a second layer of security as well as the third layer of security. One of them is interested in web security and email security. One of them, similar to Cisco, is a Cisco FirePOWER. These are a compilation or a group of devices for security.

We had some issues where phishing and malware were not detected and were allowed to pass unless I mentioned it or we forced the phishing or malware to be blocked, I can't rely on that alone.

Phishing and Malware detection could be better.

Technical support needs improvement.

I have been working with Microsoft Defender for Endpoint for one year.

It is stable for the time being. 

I can't add more layers of security because of my budget and business plan, so I try to choose the best and most preferable option for me and my company.

I would rate the scalability a seven out of ten.

In one company, we have two administrators and 30 employees who use this solution.

On a short-term plan, I will not increase the usage. On a larger scale, we intend to increase the license.

In my opinion, technical support is not as effective as it was before. They take a long time to support and investigate the issue.

It takes a long time for them to support and investigate the issue. I believe they must crush the time in order to provide us with our needs, and our objectives.

There are applications and solutions that we have used for five or more years. We almost used Microsoft Link but have since switched to Microsoft Teams and Skype for business. We almost exclusively use Cisco products such as Cisco EMC, Cisco Web security, and Cisco Meraki.

The installation is straightforward. It's a cloud solution that requires some configuration running on the cloud.

The deployment takes a couple of hours to complete.

It's a different story when it comes to security. It takes a different approach. It requires two an administrator and a manager to maintain this solution.

Sometimes the installation and deployment are done by the technical team, and sometimes it's done by others.

Licensing fees are paid annually through a partner.

If I do recommend it, it will not be solely for security purposes. It is possibly for a first-line security platform, and it is required to build a second, third, and possibly fourth business security layer.

I would rate Microsoft Defender for Endpoint a seven out of ten.

It is an Endpoint Detection and Response system (EDR), and it seems the new term is XDR. We use it for anti-malware protection. It protects from a virus, worm, ransomware, and other similar things. 

It can automatically scan and remediate stuff without an administrator doing anything. We use it for threat and vulnerability management. There are components in there that will tell us about any vulnerable software running on endpoints. There are a whole bunch of other things too.

It's great for investigating what's happening on a machine. They show a whole bunch of machine timeline events that are related to a security incident. They have quite good details on the things related to threat and vulnerability management, such as any weakness that has been disclosed publicly, assets that are exposed, and if there is an exploit active in the wild for that vulnerability. It can provide you with all such information, which is cool. 

It has got some awesome threat hunting capabilities. It can search for malicious activity that could indicate that an asset is being compromised, but it is not something to which you would have necessarily got alerted.

We're fully Microsoft, it integrates with other Microsoft security products very well. Its interface is also fine.

It can get a bit laggy sometimes. Other than that, we don't have any issues. They constantly tweak it and fix it up based on users' feedback. It has improved a lot over the past four years. Defender for Endpoint never really used to be a good endpoint security solution, but over the past couple of years, Microsoft has invested heavily in it. So, it has come a long way in all aspects of endpoint security. If they want to make it better, they should just continue investing in the current path of what they've been doing over the past couple of years.

I have been using this solution for nearly four years.

It can get a little laggy sometimes, but overall, it's fine when investigating events.

It is easy to scale.

There are different levels of technical support that you can purchase from Microsoft. We don't have the top level, but we used to have the top level, and that was good. I would rate them a five out of five. They've got a dedicated team specifically looking at threats for all their customers. 

I was not involved in its setup. I am only a user of the solution, but I'm pretty sure it's pretty straightforward. It's just deployed by Intune or a partial script or something like that.

It was implemented internally. In terms of maintenance, it generally doesn't require any maintenance. There are some policy configuration changes that we can tweak, but the signatures, behavior analysis, and all similar things in the engine are kept up to date by them. We have four people who are dealing with this product.

Licensing models of Microsoft are renowned for being complex. We just purchased the whole E5 stack. With E5 licenses for users, we get access to a bunch of features that are not just related to security. I would rate them a three out of five in terms of pricing.

One of the things that I like to constantly do is assess other vendors in the same space. We get vendor demonstrations, and for the most of it, it seems like Defender is well truly up there with the other best players in the market. I've never done a proof of concept with any other tool, so I can't really compare it with others. Most of the time, vendor demonstrations are all about glitz and glam to sell their product and show how much better they are than competitors.

I would advise doing your due diligence. This is more than just an endpoint security solution, and sometimes, you've got to think of your technology stacks before applying or purchasing certain security solutions and see if they're applicable to your environment. 

I would rate it an eight out of 10. No endpoint solution is ever going to be able to be perfectly good at stopping all types of threats. No endpoint solution would ever get a 10 in my point of view. 

We are using it for protection. We had a request from one of our customers, and we just started to implement it. We don't have any great idea about it. We are in the process of implementing it for the first time.

We are using its latest version. It is on-prem. The problem with going for a cloud version is that most of our customers prefer to work with on-prem solutions. So, we need all the features to be available on-prem as well as on the cloud.

We have just started to implement it. It is useful for protection from malware and ransomware. We are not exactly sure about zero-day, but we are trying to see if it will be effective for everyday antivirus purposes.

Auto recovery is the most important feature that we would need from this solution. For decryption, similar to Malwarebytes, there should be something to be able to recover the data up to the last normal status. Its ability to recover data to the last normal copy must not exceed 5 to 10 minutes.

We just started to use it.

We need to test its functionality in heavy environments.

Their support could be faster through the phone. The support through chat is very unuseful. It takes a lot of time and effort and but does not help in any way. We provide the first line of support to customers, so it is not a big issue for us.

We work on most of the protection products, such as Kaspersky, Malwarebytes. We normally use a lot of them. We had a request from one of our customers, so we started to implement Microsoft Defender for Endpoint.

Its initial setup is straightforward. The solution itself doesn't take more than 15 to 20 minutes, but the configuration duration depends on the environment, such as the number of policies, users, etc. It will vary according to the environment in which you are doing the implementation.

We implement it ourselves. Currently, we have only one customer of this solution.

Its price is fair. It has approximately the same price as the other products such as Kaspersky. It is much cheaper than Malwarebytes.

I would rate Microsoft Defender for Endpoint a seven out of 10.

We use it for our endpoint detection and response capability.

The EDR feature is most valuable.

It is currently more suitable for end-users rather than enterprises with lots of other processes and third-party tools. It needs improvement on that front. We had many issues while integrating it with our enterprise solutions, such as Splunk, and third-party tools. It provides everything via APIs. Other vendors provide integration with third-party tools, but Microsoft doesn't do that.

It is also logging too much and is not serialized from the process aspect. It has all the data, but it is not in a proper format or not properly indexed, which doesn't make it easier for enterprises to use this data.

Other vendors provide troubleshooting information that can be used to troubleshoot issues, but Microsoft doesn't provide anything like that.

I have been using this solution for six months.

It is still a new product, and there are many reported bugs in terms of stability and impact on the endpoints.

We have around 80,000 users.

They are good. They take a little bit of time, but they are good.

It was very complex. We had many issues in integrating it with our enterprise solutions, such as Splunk, and third-party tools.

We have seven or eight engineers for its maintenance.

I would recommend this solution to others if they don't have many third-party tools. It is a very good solution.

I would rate Microsoft Defender for Endpoint a seven out of ten.