Microsoft Defender for Endpoint Reviews

We are a system integrator and I specialize in practically everything that is security-related. This is a product that we sell as part of Office 365, and rarely as a standalone solution.

Usually, if we have a customer with Office 365 and they need this type of solution then we increase the subscription to a point where it is included.

From the user's point of view, this is classic anti-virus software. From a management point of view, this product gives better control over endpoint devices because some processes can be stopped remotely. If you have a person that is watching over the system then they have a higher level of control over endpoints.

This is a cloud-based product so it is always updated by the end-user.

They have to improve the email scanning where email is coming from somewhere other than our private network. The scanning is slow when it is working with incoming emails. Often, I can see the email but the scanning process is not finished and I cannot open the attachment. In general, the scanning has to be faster.

This solution looks stable. Provided that Windows 10 is updated, everything is okay.

I have not been in contact with technical support in regards to this product. However, technical support for Microsoft products is always of bad quality. In my experience, if you cannot find the solution yourself then you will have a huge problem because it is not an easy task to have them understand and support you.

You can lose a lot of time explaining the problem before you receive something that works.

My advice to is look for a good support library and try to find the solution yourself. This means that you don't need to contact support.

We have worked with many different security solutions. For example, we are selling a Security Operations Center as a service. We implement EDR, Privileged Access Management, Identity Management, anti-fraud solutions, web application firewalls, database security, and more. We are working with practically everything in cybersecurity.

We are working with between 10 and 15 different vendors. Sometimes, this is too many, but it is useful to have information about each product, its quality, and how it compares to others. Two products that we are working with now are Cisco AMP and Carbon Black.

There is a free version of Windows Defender, although the paid version has EDR functionality. We sell this product as part of Office 365 and it is not expensive.

I have never touched this product. I'm just selling it, and I don't recommend it to anybody as a standalone solution.

I would rate this solution a five out of ten.

I use Defender for protection.

The most valuable features are that Defender is user-friendly and part of Microsoft Windows.

Defender's cloud integration could be improved.

Defender is stable, I haven't had any problems with viruses when using it, and it's easy to update.

The initial setup was easy.

I would recommend Defender to anyone thinking of using it, and I rate it as eight out of ten.

I am using Microsoft Defender for Endpoint for system alerts of any kind of suspicious items or unusual network traffic. I only use it for personal use.

The solution has shown me different kinds of requests from the websites that were made and cookies that have been created. It has provided me with statistics.

Microsoft Defender for Endpoint's most valuable feature is its ease of use.

Microsoft Defender for Endpoint can improve by providing more and different types of reports.

I used Microsoft Defender for Endpoint within the past 12 months.

Microsoft Defender for Endpoint has been stable. It does not slow down my computer.

The scalability of Microsoft Defender for Endpoint has been fine.

I have not contacted the support from Microsoft.

The initial setup of Microsoft Defender for Endpoint was intuitive, I didn't make any customization, I used what was preset. The installation was done with the Microsoft Windows installation.

The license for Microsoft Windows covers Microsoft Defender for Endpoint. 

I rate Microsoft Defender for Endpoint an eight out of ten.

We use it at home on some personal machines at home, and there are a few machines inside of the Enterprise that has it.

We use this solution for general antivirus protection.

We like that it has a free version available.

The frequency of the patching, and the frequency of the updates, are not included with the free version. 

The platform I used in the past would check every hour and deploy every two hours down to the client, every patch that came through. 

It was actively looking for updates, the latest threats, which is something that the Microsoft Defender product did not have in the free version.

The Enterprise version that we had, didn't have visibility. If somebody were to uninstall it or turn it off, I'd have trouble seeing that easily. There are tools that I can install, but from a reporting standpoint who has it on and off is included with the Enterprise package that you pay for, or it comes included with Office 365 Enterprise, but not in the free version.

We have been using Microsoft Defender for Endpoint for two and a half years.

We are using the latest version. It is always up-to-date.

We had absolutely no issues with the stability of Microsoft Defender for Endpoint. We did not experience any bugs or glitches.

It is pretty easy to scale. it was basically one click to agree that you wanted to use it.

We did not contact technical support.

Previously, we were using another solution and were forced to uninstall it to patch Windows. It was an annoyance to reinstall it.

The initial setup was straightforward. It was extremely simple.

We are using the free version.

When you are centrally managing it, you can't get there without a much more expensive Microsoft solution to control the rollout and to make sure that it is up-to-date.

We didn't research that, it was a stop-gap measure until we figured out what we're going to do in the long term.

We are looking into a product that gets into the EDR, XDR, the fully managed patching, and everything else, versus just the anti-virus that package includes.

I would rate Microsoft Defender for Endpoint and eight out of ten.

We use Microsoft Defender Antivirus to scan for malicious payloads that may come in files, emails, a USB drive, or another type of external drive. It helps us to identify any malicious load that could compromise the security of any of our systems.

We are in a decentralized environment. We have multiple offices but they are not connected physically. The offices are directly managed from the internet.

We have a mixed environment with Linux and Windows machines.

We operate in the educational sector.

We have not fully considered how this product affects our overall security posture, although this is because we have not yet explored all of the features. Once we have all of our offices connected, it is something that we will be looking into. At this point, it does not affect all of our machines. On a scale from one to five, I would rate our security posture a four.

The most valuable feature is ransomware protection, which can detect malicious activity from IPs or a malicious payload in DLLs, or other things that can corrupt the system.

The performance is good. Usually, end-users complain that whenever background or real-time scanning is done, the effects are felt as there is a slowdown in the system. This is not the case with Microsoft Defender.

The file scanning has room for improvement. Many people use macros within their files, so there should be a mechanism that helps us to scan them for malicious payloads.

If there is a Word file then it is able to scan it, but if there is a malicious payload within its signature then it will not be detected. Deep packet scanning must be used to improve the overall product.

We have been using Microsoft Defender Antivirus since we upgraded to Windows 10 from Windows 8.

This is a stable product. We have been using the standard version for a long time and it hasn't negatively affected our environment. Generally speaking, it is reliable.

Microsoft is actively working on this product and I think that it is becoming more scalable, day by day. For example, prior to Windows 10, there was no ransomware support. Now, it comes with Windows 20S2 and Windows 20H1.

With our decentralized environment, I don't know the exact number of users or devices that we have. However, I can say that there are more than 500 devices being protected by this solution.

Most of the machines in our environment are in areas that don't have internet access. This is because they are stationed in remote areas of the country. This means that we need to use USB drives to update the machines manually. Given the number of devices and that the management is done manually at this time, it is pretty painful for our IT people.

We have not purchased support for this product, although, for most products, we usually do have it. To this point, it hasn't been required.

When we were running older operating systems including Windows XP and Windows Vista, we had a Symantec Endpoint solution. We had that for a long time but we opted out. After that, we used McAfee and other antivirus products. However, since Windows 10 was released, and with Microsoft Defender included by default, we felt that it was the solution for us.

As I recall, we stopped using McAfee and Symantec once we moved to Windows 8.

This product came pre-installed with Windows 10 on the machines that we procured from the vendor. It is straightforward and easy to configure, as well. Once Windows is installed, setting up the antivirus and scheduling scans just involves clicking the Next button several times. It is pretty easy for anyone and if the user is non-technical, we guide them through the process.

It takes a maximum of 10 to 15 minutes to install and configure on a PC. Whenever a new configuration is required, you need to configure it on each individual machine that you have. This is why we are investigating a centralization solution. It will help us out in applying things on a global level. For example, we can apply settings based on what is in Active Directory or other policies.

One person, in-house, is all that is required to set it up.

There is not much maintenance required, as our environment is pretty standard. Also, all of the updates come from the Microsoft update center and they are automatically installed on the machines.

It is difficult to determine ROI at this point. Once all of our PCs are joined together, we will have a better idea.

As we operate in the educational sector, we are eligible for an educational discount.

We are currently looking into other solutions that will give us centralized control over Microsoft Defender. However, we are still strictly in the research phase.

Once we decide on a product and a solution is proposed, it is a long process that involves budgetary considerations. Once a PoC is completed, the budget constraints are considered, and this is part of a very long chain of processes that take place before final adoption.

Since we started using this product, we have not had any breaches. When we were using the products by McAfee and Symantec, there were issues with viruses and malicious payloads. Now, it is better because we haven't had any major issues with the systems.

My advice for anybody who is implementing this product is to let the IT staff manage it, and not allow end-users to configure it or modify their own settings.

I would rate this solution an eight out of ten.

I use Microsoft Defender for Endpoint to protect my computer when downloading files. Whether it's documents from my email or web browser, this is the first thing I use the solution for. It also provides protection against ransomware. Additionally, the monthly report indicates the number of infected files that were blocked during that month.

Microsoft Defender for Endpoint provides excellent visibility into known threats, thanks to their comprehensive database of malware information. 

Microsoft Defender for Endpoint helps us prioritize threats across our enterprise according to our needs. We focus on protecting against malware first, followed by email protection, and URLs.

Microsoft Defender for Endpoint has helped protect our organization against malware.

The ransomware and malware protection is the most valuable feature.

When there is a significant amount of malware, I believe that Microsoft Defender for Endpoint may not be as effective as other firewall solutions. I tested Microsoft Defender for Endpoint and found that it allowed me to download files infected with malware from certain sites, and its protection did not work as expected in that aspect of my work. I suspect this is because I use a GRAPH file with a password, and the solution only detects a file when it's related to clean files or open files. It doesn't seem to recognize encrypted log files that require a password for access.

Microsoft Defender for Endpoint does not assist in automating routine tasks or identifying high-value alerts. Therefore, we had to turn to other solutions like Cortex XDR by Palo Alto Networks. Additionally, Microsoft Defender for Endpoint lacks the capability to upload a list of IPs for blocking.

Microsoft Defender for Endpoint is effective for validating work, but not ideal for investigations. As a result, our experts have to dedicate more time when investigating threats using Microsoft Defender for Endpoint compared to other solutions.

The zero-day detection, as well as the sandboxing for unknown malware and URL detection, needs to be improved. These settings were not functional when we tested the solution.

I have been using Microsoft Defender for Endpoint for one year.

I give the stability an eight out of ten.

I give the scalability a ten out of ten.

The deployment is straightforward.

Microsoft Defender for Endpoint is more affordable compared to some other endpoint solutions.

We evaluated Cortex XDR by Palo Alto Networks and Fortinet. We found that Microsoft Defender for Endpoint was easier to deploy and offered a better price.

I would rate Microsoft Defender for Endpoint a seven out of ten. The solution is stable, easy to deploy, and scalable. However, threat detection could use some improvement.

Our organization is a cybersecurity company, and after using Microsoft Defender for Endpoint for one year, we found that it lacked features such as endpoint detection and response. Additionally, it was weak in certain areas, like detecting a set of malware and providing email protection. As a result, we started exploring other solutions, even though they may be more costly.

We use this product for our endpoint detection and all the remediation.

The solution provides good security features. The key valuable feature for me is that you can view it in the central console.

I'd like to see more integration in the next release and the solution should be file protected.

I've been using this solution for five years.

The solution is scalable. 

I'd like to see a quicker response time from the company's technical support. 

The initial setup was straightforward. It didn't take long and was part of the deployment of our endpoints, and part of the integration. We currently have around 3,000 users and no plans to expand. We have four people involved with maintenance. 

I recommend this solution and rate it eight out of 10. 

It's an XDR (Extended Detection and Response) system.

It's an enterprise solution that provides a centralized console and it supports all the platforms that we use, including Windows, Linux, Mac, iOS, and Android. Microsoft Defender is embedded in Windows and is a basic anti-virus, but Defender for Endpoint is an enterprise-grade XDR system.

Microsoft should improve support for third-party platforms, because not all functionality is available for all of them. It's a good product, but they should just extend the functionality for all platforms.

I have been using Microsoft Defender for Endpoint for about three months.

It's quite stable. Sometimes it can overload the CPU of endpoints, but Microsoft provides ways to solve this problem.

Microsoft Defender for Endpoint is scalable. It's the ground-level service for other Microsoft security services. Microsoft provides a full range of security services and you have the ability to extend it anytime and in a simple way. You can scale the range of security services by just buying the license and implementing some extra service.

We have close to 200 users in our organization, but we plan to deploy this product to the whole company, with a total of nearly 800 people.

We have not had to contact Microsoft's technical support because we get support from our partner.

When it comes to the initial setup, Microsoft is very strong in that area and it is very simple. That's why we use it in our company. Some products are hard to deploy. Another solution was declined because it was not possible to roll it out in a bigger company.

We don't have a dedicated person to maintain the solution. Two people share the role. One is a Layer-1 specialist who maintains a daily routine, and the other is a Layer-2 engineer.

We started to install this product for ourselves, but Microsoft proposed some different kinds of programs in which an integrator helps key customers deploy services and products. We accepted the proposition and we are happy we did so because the partner was very professional with very deep experience with the product.

Microsoft has different plans for buying this product. The price depends on the configuration of the full set of products that you buy and on the licensing program in your contract. Microsoft provides a flexible licensing program and you can choose what you want.

The pros of Microsoft Defender for Endpoint are that it's simple to deploy and has all the required functionality. The drawback is that it lacks some functionality for other platforms, such as Linux.

I would recommend implementing this solution together with a certified partner. That will help to avoid a lot of mistakes and save you money, because licensing is a big part of the project.