Microsoft Defender for Endpoint Reviews

We call the solution MDATP - Microsoft Defender Advanced Persistent Threat Protection. At the same time, we're using it more from an EDR point of view, as an Endpoint Detection Response. It can detect any threats, malware, or processor, which are illegitimate and being executed by the end-users or malicious actors. When it sees this, it detects and reports to us. 

Not only that, at the same time, it's detection, prevention, and response. Mostly what we were working on is detection. When I refer to detection, I mean that it can, with pinpoint accuracy, detect something and expose the threat. It can also map those threats with a MITRE, which is one of the great things that I love about it, on top of the accuracy and the threat description it provides.

There are a few different use cases. We return with a query language, which is provided by Microsoft. We are able to create some threat hunting queries. We can pinpoint, accurately detect, and run pain testing. When there’s a threat or issue, I am able to find it and track it with great accuracy in MDATP. MDATP is able to tell me that, for example, in my organization, if there was a guy who was doing pain testing, which is black listed, and if there was an attempt to exploit something or install some malicious code or try to hack into the system. I am able to find this and pinpoint its occurrence. Not only that, I’m able to map them onto a MITRE framework and tell which stage of the attack it was, where the attacker came from, et cetera. I can see if it was something that was planned in the organization. 

I can both detect internally and externally. I have full faith that the MDATP will detect behaviors and warn us of issues.

When you go to do a deep-dive or investigation as a SOC analyst or any security analyst, it gives three structures or processes, as well as the execution that it performs. I am able to perform a very deep-level investigation with MDATP - more than I can with any other tool.

It did increase our security posture. While we had an antivirus before, it would only detect or prevent certain types of attacks. However, based on that capability, you cannot respond to the threat directly. For example, if there was ransomware on a system, the antivirus will be able to identify, detect, and mitigate it. However, at the same time, even if the antivirus detects that and tries to prevent it, you need to contain that machine, or you need to isolate that machine from the network. You don't want that machine to be talking to anybody in the network. Antivirus solutions can’t exactly do that.

With respect to prevention, it has an auto-remediation feature, which is a good feature that I love with respect to prevention. It does auto-remediation as well as manual remediation, which is pretty good.

With respect to response, we were able to contain, block, and respond to threats faster with MDATP. When we analyze the incidents or the threats it gives us a very good view of everything.

With this product, before containing or responding, we get the information and can see what exactly is happening and when that malicious file was installed. After that, we have an event timeline. The visibility is not that much when you only have an antivirus. Now, we see the full picture. When we adopted this tool, we got the detect, prevent, and response functionalities. Overall, our security posture looks much better and our attack surfaces are limited. Endpoints are also most vulnerable today and we can efficiently protect them now. Since we have reduced the attack surface our security posture has improved dramatically. On top of that, we have the capability to respond and to go deeper on a forensic level.

The product doesn’t affect our end-users. I do not see any major issues. There are exceptions where approvals may be necessary. However, the user acceptance is good. This is something that organizations pre-plan and there is nothing the user really has to worry about or act on.

Defender’s GUI can be optimized. The console needs to be more refined. After you have been using it for some time, you get used to it, and it is manageable. However, it should be a little bit more refined.

They should come up with pre-built inner workflows. I would really like to see this. There need to be workflows with respect to notifications, remediations, or any actions that people want to take. They should come up with predefined or prebuilt hunting capabilities. Right now, we have to manually write queries. I would prefer if they could come up with something more automated.

This is with respect to a SOC analyst perspective. Other users, other administrators, other different roles might have different issues. For me, there are no major concerns. It is a good tool, out of the box.

I've used the solution for about a year and a half, and have also done training on it.

The stability is good. It's a stable platform. I don't see any issues right now. However, I did see something in the past. I can't quite remember the exact situation. It's resolved and right now there are no issues. 

The solution is highly scalable.

You can onboard as many end systems as you want. If you bring more, for example, 100 users or 100 endpoints, you can integrate them with no issue. It's not a problem with MDATP.

We have somewhere around 2,000 to 3,000 users who are using it. We have an endpoint team and they manage the antiviruses and security tools and all those things. We manage the product partially from a policies perspective, and the endpoint team manages the platform and maintenance of it, including any upgrades, as necessary.

I've dealt with technical support in the past. It's good, not excellent. That said, it's okay.

Before using this solution, the company mostly dealt with antivirus solutions.

We moved to this solution to strengthen and report, detect and prevent, et cetera, which antivirus solutions don't offer. We wanted forensics and capabilities that were missing. Antiviruses simply cannot protect you from advanced persistent threats, and they cannot protect you from ransomware and they don't respond to things faster. Response capabilities were something that was missing. Basically, we just needed more.

I'm usually not part of the entire setup, however, I do manage it. We have to do certain policies within our organization. However, from what I've seen, it's not a complex setup. It is pretty straightforward.

In terms of how long the deployment takes, I don't remember the length of time. If you have a CCM centralized, you can push the policies within hours. 

The licensing is something that management decides on. I don't deal with the pricing or licensing.

We didn't really evaluate other options. We provided support for one of our clients, and it was a decision they made. 

We're a consulting company. We are not partners with Microsoft.

We use the solution as a SaaS.

I'd advise other companies to use this solution. It's an ideal choice, however, I'm not sure about the pricing. Maybe it's on the higher end of other competitors' pricing. That said, if you have an opportunity to use it, it will solve a lot of problems with respect to pain point detecting and doing investigations. At the same time, with Microsoft, if 80% of your organization is using Windows systems, it's going to be compatible. Specifically, with its platform, Microsoft understands what is right and what is wrong. Therefore, if the money is not a concern, or the budget is not a concern, opt for this. At the same time, as a generic statement, if not this solution, go for an EDR tool that suits your organization's needs best.

I'd rate the solution at a seven out of ten simply due to the fact that I have not fully optimized it. 

We use Microsoft Defender Antivirus for antivirus protection as part of our endpoint security solution. It protects our systems against attacks from any virus, malware, or trojan. 

We rely on this product for endpoint protection in our organization because we have not subscribed to any antivirus, apart from Microsoft Defender. It comes for free with our Windows subscription and it has improved the way our organization functions because there have been no virus attacks to date on our laptops.

It has not negatively affected our end-user experience.

This solution takes care of most of the infections that are found in the system, and it comes included with Windows. These are the two main advantages of using it.

The most valuable features are the Windows Firewall and the regular virus definition updates. These features are very helpful and have helped to improve our security.

Microsoft Defender protects the computer by using virus definitions that we download through regular updates but nowadays, cybersecurity attacks have become more intelligent. This solution needs to move beyond relying on virus definitions alone and protect the system using behavioral analysis of the processes that are running. These can be vulnerable points and if a process causes a glitch in the system, it should be quarantined. Moreover, enhancements of this type should not detract from system performance. There should be no slowdown on the laptop, for example.

I have been using Microsoft Defender Antivirus since I started using Windows 7, more than eight years ago.

Stability-wise, it is good, and it performs very nicely.

The scalability is fine. We had more than 300 devices that are being protected.

I have never had an opportunity to speak with technical support because everything has always worked very smoothly. As we have experienced no issues at all, we never contacted support.

Prior to using Microsoft Defender, we used McAfee and Avast Antivirus.

One of the main reasons that we switched away from McAfee is that it required purchasing a subscription. With Microsoft Defender, it is included with Windows. When we install the operating system, it is already there and we don't have to purchase an additional antivirus product.

For security, aside from a traditional antivirus, we have purchased the SentinelOne Endpoint Security solution. This product is more enhanced when compared to an antivirus product. It is modern and has better threat intelligence than other products. I don't know SentinelOne very well yet, as we have just purchased the subscription, but I know that the difference between products is not based on virus definitions.

SentinelOne has intelligence on the cloud and many other security features including the blocking of domain names, and the blocking of USB drives that users plug into their laptops. Although it has many more features than legacy antivirus software, I have no complaints about the performance of Microsoft Defender.

One of the reasons we are more heavily relying on endpoint security is that everybody is working from home and using the internet for work. This transition was made within the last two or three months. When people were working in the office, the firewall afforded them protection. However, as it is now, the endpoints are more vulnerable to attack. This is why we now rely more heavily on SentinelOne.

Microsoft Defender comes preinstalled with the Windows operating system, so we do not have to deploy it separately.

The subscription is part of Windows, so we don't have to pay anything extra for this product.

This is definitely a product that I recommend people use because first of all, you do not have to pay anything extra to use it. The performance is very smooth and it protects your system, which is very much needed. All in all, I would say that this is a good antivirus solution.

I would rate Microsoft Defender Antivirus an eight out of ten.

We primarily use this product to get antivirus protection in a cost-effective way.

This product tends to detect a lot more issues than the other antivirus solutions. This is because it's essentially tuned to Microsoft. It has some inbuilt intelligence, so they tend to understand the Microsoft environment and we don't need to do as much exclusion. With other antivirus products, we need to exclude certain files from being scanned.

The malware detection feature is very good.

At times, the other antivirus products are now doing AI, in terms of understanding the behavior of the system and determining when there's an anomaly. This is something that Defender can improve on.

I have been working with Microsoft Defender Antivirus for between two and three years.

This is a stable solution that has matured over the years.

We have approximately 7,000 machines and we have not needed to scale beyond our original implementation.

Microsoft's technical support is fantastic.

We subscribe to the Microsoft Premier Support Package and they tend to respond to our queries very fast. When our engineers contact them, they respond in a very short time.

We currently use Cylance, in addition to Microsoft Defender. I'm not sure what the impact is of using two solutions, whether it is a good thing, or not. We do plan on narrowing this down to one solution in the future.

This product was included with Windows 10, so we did not have to deploy it separately.

Once this product is set up, this solution requires very little maintenance.

We already use Microsoft solutions and I found it cheaper to purchase the bundle, which includes Defender. By including the antivirus in the bundle, it makes it a little cheaper for us. If you purchase it outside of the bundle, it is a little bit expensive.

When you want the central administration functionality, it tends to be more expensive. The normal, standalone model is not expensive, but the enterprise model that includes the bundle with email and some web protection, is a bit more expensive.

When we initially implemented Windows Defender, we were pessimistic about whether it would be good enough. However, it is a pretty mature product now.

My advice for anybody who is considering this product is that it's good, and it gets results early.

I would rate this solution an eight out of ten. 

We use the most up-to-date version. 

Our primary use case is for basic EDRs for simple interfaces.

In terms of improvement, they update the platform it seems quite a bit. Every month something is in a new spot or something changed somewhere. There should be less of that.

I have been using Microsoft Defender for Endpoint for a couple of months. 

It seems stable.

It's pretty easy to scale.

A handful of people with each in charge of different areas are involved in the maintenance of the solution. It's people in system admin.

I have dealt with tech support a couple of times. They're usually pretty responsive. The first person might not know what the deal is, but they usually are able to get us to the right person, get a resolution for us, and answer our questions pretty quickly.

We used CrowdStrike but we switched to Microsoft because of the price. It's cheaper. There were other major differences. 

The initial setup was pretty complex in the way the various tools integrate. Trying to figure out permissions and getting access to certain things is complex. 

Global admin uses the tool, but then you have to get additional roles for the data loss stuff.

Make sure you read the documentation and understand what else is required before you get started.

I would rate it a seven out of ten. 

I don't think that another tool is doing anything better, or this one doesn't. It's just about using it and seeing where to find the stuff.

We are using this solution for threat detection.

It shows us the risky sign-ins, and if a user's password has been compromised.

While have been using this solution for two years, I am not completely knowledgable. 

Due to license restrictions, we cannot use all of the features that are offered.

I am not sure if I will be using this product in the future because of the price.

I would like to see better pricing for this solution in the future.

I have been working with Microsoft Defender ATP for two years.

We are always using the latest version because it's on the cloud.

With what we have seen, it's a stable solution.

We are not using it widely because of the licensing limits.

We have three users only for Defender ATP, and if we are using the Microsoft ATA it applies to 500 users.

Technical support is good.

We did not use another solution previous to Microsoft Defender ATP.

The initial setup is straightforward. It's included with the Windows 10 Operating System.

There is no time taken for deployment as it is included with the operating system.

We completed the installation ourselves.

We have 15 administrators to deploy and maintain this solution.

Microsoft Defender ATP is expensive.

Because of my lack of knowledge or experience with the solutions full capacity, I cannot recommend this solution or offer any advice.

I would rate this solution a five out of ten.

We're using it in the backend, just for securing our environment. We're not an end-user, we are a Microsoft partner and we are using it as a B2B solution. It's more for customers. From the software side, we provide solutions that are mainly Microsoft-based. 

It's a solution that can exist in the cloud, which makes it very scalable.

The stability keeps getting better and better.

Sometimes it's complicated. It's not intuitive in terms of installation and deployment. When we are making some POCs for customers before engaging and we are testing all the Microsoft security solutions for our customers. We've found it hard so far.

It's not quite a mature solution just yet. It needs more time to grow and develop.

The setup can be a bit difficult. This is expected. We sometimes deal with difficult environments. 

I've been using the solution for two years now. It hasn't been too long. 

The stability is great. It just keeps getting more and more stable. As it matures, it's going to be very good.

The scalability in general is quite good. If a company needs to expand it, it can do so.

Today, we have dozens of clients using the solution and we're expecting to add more. This is our target - to increase the number of customers using the solution.

So far, technical support is okay. We have no complaints. 

The initial setup can be a bit difficult. I have had some feedback from engineers that say sometimes they are struggling and it's not as easy as we would hope. That said, we are dealing with quite complicated solutions, and it's normal to not be as easy. This is not a plug-and-play product. You need to configure it and to add and change parameters and you have to adapt it to the different environments.

How big your technical team needs to be varies according to each deployment. It depends on what is expected and what needs to be done. 

We tend to implement the solution for our clients. 

Clients do need to pay for a license. They vary. Some are charged monthly, others, yearly. There are various options. 

While I cannot speak to the exact version number, we are likely on the latest version. We have an administrative team that makes sure it is updated and takes care of everything for us. 

I would recommend the solution to others. So far, it has been a good product.

I'd rate it overall at an eight out of ten.

It's used to protect endpoints and, for some customers, it is used to deploy Microsoft 365 suite features. Most of our clients are medium-sized businesses.

The most important and the most relevant features of Defender for Endpoint are the malware and ransomware protection.

I would like to see the next generation of the tool improved to work with other operating systems, like Linux.

I have had about a year's worth of experience with Microsoft Defender for Endpoint. I am a subject matter expert for a Microsoft partner in Colombia. We develop portfolios and solutions for our customers that need Microsoft products in their infrastructure. My role deals with the architecture of solutions.

I don't recall any issues with the solution.

It scales easily.

I haven't had to use technical support for the solution.

The setup depends on the customer, but it is generally simple.

Some customers have the licensing of the suite and have all infrastructure prepared for the installation and deployment. But in some cases, when customers haven't deployed the solution and don't have licenses, it can be expensive to start from scratch.

Customers haven't given us any feedback about difficulties with the solution. With its intelligence and tools over cloud infrastructure, it's a good product. We are developing some use cases and projects for customers with Microsoft Defender for Endpoint. It is good for us.

Usually, the solution is used in relation to keys management. We implemented a program for it, for the lifecycle of the keys. We've also used it for certificate management.

The initial setup is very straightforward.

The stability is very good.

Technical support is good.

The solution is in good condition and offers good functionality.

There are likely some technical improvements or features that could be added, however, I cannot say, off the top of my head, what they would be.

I used the solution in relation to scoping a project. I was doing business analysis.

The solution was very stable.

The solution is scalable.

The technical support for Microsoft is very good.

The initial setup is not difficult or complex. It's very simple and straightforward. 

I do not know how much it costs per month. I cannot say how it compares against the rates of the competition.

We are a Microsoft Customer.

I'm not sure if I would recommend the solution to others. It depends on their requirements. It needs to fit a company's use cases.

I would rate the solution at an eight out of ten.