Microsoft Defender for Endpoint Reviews

Our primary use case is anti-malware and virus protection for our machines. We don't operate a network as such; our setup is almost entirely in the cloud.

We use the solution across multiple departments and teams, with about 400 total end users.

Around 90% of our estate is Mac, so we rarely have security alerts, but we get daily reports. The solution lets us proactively advise users about security concerns, especially when downloading files.

The solution is a Microsoft built-in tool, so it's very straightforward to use and monitor from the admin center, it's intuitive. 

As with all antivirus software, the benefits of using it far outweigh the risks of not having it. Protecting our estate, machines, and users is essential. We can take action quickly, for example, when a user downloads something suspicious and step in before the threat escalates. As an organization, we have encrypted files and data it is vital for us to protect.

Defender for Endpoint is a robust solution that works well out of the box. 

We can monitor and manage our security picture from one dashboard, and that's one of the primary reasons we use the solution. Our machines are enrolled on Microsoft Intune, which further simplifies management. With the E5 license, everything is in the same place; that makes our job easier and allows us to be more proactive when confronting threats. Not having to log in and out of different systems to manage devices is an excellent improvement to our operation.

The solution's threat intelligence helps us prepare for potential threats and makes us more proactive. We have the information required to warn our users of threats, including malicious links and phishing emails. The product gives us an accurate picture of the threat landscape, enabling us to adapt our strategy to protect our most sensitive and vital data.

There is a difficult balance working in IT, as we don't want to put all our eggs in one basket; if one system goes down, we are compromised. We want the flexibility and reliability offered by different specialized solutions, but that complicates management. With Defender for Endpoint, we don't need to worry about machines slipping through the gaps and remaining unprotected because the product is connected to the user account and pushed by the tenant. There is no agent, and the solution isn't intrusive; the user doesn't even know it's there. Other vendors I dealt with in the past required clients to be installed and updated, with potential problems coming in if the client isn't up to date. This isn't an issue we have with Defender. 

Our team's knowledge of the solution needs to be improved, and Microsoft could do a better job conveying the necessary information to users. We could proactively use the tool more and explore capabilities we are not yet utilizing.

We have been using the solution for about six months.

The solution is stable; Microsoft goes down very rarely. It happened just a few times over my career. If it does go down, the impact is significant.

The solution is very scalable. Microsoft makes that easy, and we plan to increase our Defender for Endpoint usage.

I've only contacted Microsoft support a few times, and they were always helpful. I don't have any issues with the support; they're good.

Positive

We previously used Symantec Endpoint Security. It was somewhat clunky. The engineers found it too intrusive as it required a client to be installed, dramatically slowing down the machines. We switched to Defender for Endpoint because it's part of the Microsoft suite, and we can use it across platforms for Windows and Mac.

The initial setup is straightforward. Initially, we didn't use the E5 licensing, so it was a basic cloud setup with a license per user. Now we have our own tenants, and we're deploying E5 licenses, and Defender for Endpoint comes as part of the license. A user activates the app in the Office 365 tenant, and that's the setup.

The initial deployment didn't take very long; it was just a tick box exercise. We are moving tenants, so we're giving everyone a new E5 license when they move over. It's quick and easy to assign licenses via a tool we have, which provides users with access to the entire Microsoft suite, including Defender for Endpoint.

Five people were involved in the deployment, all of them IT staff.

I'm not directly involved in taking care of the solution, but it seems lightweight in terms of maintenance. Most of the updating is end-user-driven; users are prompted to restart their machines to stay up to date with security patches.

As we have only been using the solution for six months, I don't think we've seen an ROI yet. I imagine in another two years, we will see a return.

AV solutions are pretty expensive because they are necessary, not just for protection, but many businesses need them to comply with regulatory bodies and receive accreditation. We recently purchased an E5 license, which gives us access to the entire Microsoft suite. I would say the pricing is competitive; most tools of this kind are similarly priced. There are minor differences between the competitors, but they aren't spectacularly different. Defender for Endpoint makes sense because all our solutions are in the same place, paid for with a single license. The subscription price is around £50 per user per month, though it may have increased slightly.

We evaluated Sophos Intercept X and Kaspersky Endpoint Security for Business.

I would rate the solution an eight out of ten. 

Defender for Endpoint helps us automate routine tasks, but I don't specifically know what kind of automation it does or what we use it for, as the InfoSec team is responsible for that. 

No solution is completely foolproof, but the configuration has a large part to play in the quality of the protection. 

We have been in business for two years, so we're a relatively small and young company. Nevertheless, it's vital to have protection against malicious actors. The threat landscape we face today is complex and diverse, so our threat protection needs to be up to par. That's the benefit of using the product; we need to protect our data, and having a tool that informs us of potential threats is excellent.

As an end user, the solution didn't personally save me time, but I imagine it did for the InfoSec team who deal with it directly. The security reporting will all be in one place, and we don't have to go to the marketplace to look for separate tools to fulfill different functions.

It is a comprehensive monitoring solution for all user activities and their associated details within our tenant. All data flows seamlessly through Sentinel, streamlining the process and ensuring thorough oversight of our environment.

It enhances our security posture. It seamlessly integrates with all our systems, particularly across our Microsoft infrastructure. It offers insights into threats, furnishing information about potential security risks within our environment. It effectively sets up alerts to notify us of any suspicious or unusual activities. The prioritization of threats holds significant importance. It concentrates on the most crucial threats rather than overwhelming us with all potential risks. It excels at organizing and highlighting those critical threats, providing a level of efficiency beyond what I've observed elsewhere. It has proven to be a cost-effective solution, saving both time and money, as the adage goes—time is money. Specifically, it has significantly reduced our time to detect and respond to incidents. Its real-time threat detection and blocking capabilities contribute to these improvements.

The most valuable aspect lies in its automation capabilities, particularly within security automation. It contributes to more efficient time management for us and it provides an efficient way to keep track of user actions and maintain a secure and well-monitored system.

In terms of improvements for their technical support, a focus on enhancing response times could be beneficial.

I have been using it for approximately five years.

The stability is excellent and I've never encountered any issues; it has consistently performed well.

The scalability is impressive, especially since we use it in the cloud. It works seamlessly without any issues.

Microsoft's technical support is commendable. I would rate it eight out of ten.

Positive

Overall, I would rate it nine out of ten.

I am a SOC analyst and I use Microsoft Defender for Endpoint to investigate endpoints in our environment and malicious activity.

The visibility into threats that Defender provides is excellent. The logs I receive are quite comprehensive, allowing me to see what is happening on each endpoint, including the running processes and generated alerts. It does a pretty good job of detecting when certain events occur, which helps me stay attentive to potential issues. Overall, it offers significant visibility.

Defender does a good job in helping to prioritize threats across our entire enterprise because it provides me with context by distinguishing between high and medium threats.

We also utilize Azure Sentinel, Defender for Cloud Apps, Defender for Identity, and Office 365. These solutions are integrated together, and whenever one of them receives an alert, it is sent to the main alert queue. I would give the integration an eight out of ten.

Sentinel allows us to collect data from our entire ecosystem. We primarily use it for the network firewall logs, but it can also handle other types of logs.

Sentinel does an excellent job of providing us with comprehensive security protection and visibility into security alerts and incidents. It informs us about policy violations, such as foreign user sign-ins and sign-ins from multiple or different devices, among other things. Therefore, it offers greater visibility beyond just phishing alerts.

Microsoft Defender for Endpoint has significantly improved our organization by identifying the activities of individual users and effectively hunting for any threatening activities they might engage in. For instance, if a user downloads a malicious file or clicks on a malware-infected link, the software can promptly detect and mitigate the issue on the server.

Defender helps to automate routine tasks and the identification of high-value alerts. Sentinel aids in the automation process by allowing me to address the issue of numerous false positives. Specifically, I automated the handling of certain false positives that originated from a particular IP range. This IP range was generating false positives due to a flagged server, even though the server itself was not actually malicious. In such cases, Sentinel proved to be beneficial as it facilitated the automation and removal of unnecessary noise.

Microsoft Defender for Endpoint has helped save us the trouble of looking at multiple dashboards by providing a single XDR dashboard.

Microsoft Defender for Endpoint has been instrumental in saving us time, especially by identifying true positives instead of wasting time on false positives.

I enjoy using the live response feature, which allows me to remotely access different endpoints and investigate malicious files, such as malware that people may have downloaded, and other related issues.

Threat intelligence has the potential for improvement, particularly by integrating more sources. This will enable us to accurately identify when a domain or an IP is malicious. If we could obtain information from external sources, it would reduce the need to use different open source tools to verify whether a domain or IP is malicious or not.

I have been using Microsoft Defender for Endpoint for a year and a half.

Microsoft Defender for Endpoint is stable. I have only experienced one crash.

Microsoft Defender for Endpoint proved to be scalable in our environment, supporting over 500 endpoints.

I have also used Splunk. Splunk is more modular and portable, allowing us to integrate it with a wide range of different tools. In contrast, features of Defender and Sentinel, such as those provided by Microsoft, do not integrate well with as many other options.

I would rate Microsoft Defender for Endpoint a nine out of ten. It provides me with greater certainty regarding malicious activity compared to Splunk, which demands much more analysis. Defender for Endpoint performs a significant amount of work in terms of identifying and validating malicious elements. This saves us from having to read and interpret a large number of logs. It takes care of the interpretation and conducts about half of the log analysis on our behalf.

I still have to conduct threat intelligence on my own, such as open-source intelligence. I don't automatically search VirusTotal for things, but I still end up doing my own source searching.

We use it to prevent malware attacks.

The automatic report is very good, and it is easy to see which user or device has a problem. The benefit we were able to realize immediately was protection.

I like the simplicity of the portal and the integration with Microsoft Intune. Microsoft Defender for Endpoint is easy to use and implement.

It has helped automate routine tasks and the finding of high-value alerts. However, we have a small IT team, and we have not automated many tasks.

It has also helped us save a little time, but we have saved more time with email protection. We have saved money as well because of ransomware protection.

Microsoft Defender for Endpoint's threat intelligence has helped us prepare for potential threats before they hit and take proactive steps. We have a scoreboard of each device and can quickly see which device needs an upgrade.

This solution has made our threat detection and response time faster by a few hours.

Right now, there's a portal for Azure, portals for Microsoft Office, and portals for endpoints. It would be good to have only one portal and integrate everything.

I've been using this solution for five years.

Because it is in the cloud, the stability is good.

It is easy to scale and increase capacity.

We are at one location with multiple departments such as IT, marketing, sales, invoicing, etc. We are a small company and have 53 users of Microsoft Defender for Endpoint.

I have contacted Microsoft technical support a few times a year, and they have responded quickly. I'd give them a rating of nine out of ten.

Positive

We used a different solution and switched to Microsoft Defender for Endpoint because the integration and alignment with Microsoft was great. The previous solution was heavy, and it took a long time to update. 

The initial deployment was easy and took a few hours.

It is deployed to the cloud, and I don't have to spend time on maintenance.

I deployed it myself.

The ROI is very difficult to calculate, but it may be 20% ROI. We don't have any problems with ransomware or malware.

It is an expensive solution. It would be nice if it could be included with the Microsoft Office package.

In theory, the best-of-breed strategy is not secure, and practically, a single vendor's suite is better because there is only one contact.

I would recommend trying Microsoft Defender for Endpoint and would give it an overall rating of nine on a scale from one to ten.

It's an antivirus product, so its main use is to protect us.

This is a really good product, it's user-friendly and offers us safety and security. 

The technical support could be improved. 

I've been using this solution for three years. 

The solution is stable. 

In terms of scalability, we went from 10 pilot machines to 35,000 devices.

The technical support isn't too bad but their responsiveness needs to be improved. I'd say it's their biggest issue. 

The initial setup is very easy, probably one of the easiest onboarding processes I've done. Implementation was done in-house and takes a few minutes per device; click it and go. I deal with anything related to antivirus patching and encryption and we have four cyber analysts that look after whatever comes out of ATP or Defender for Endpoint. 

My advice would be to plan carefully and make sure you take notice of what's coming out because it pushes out a lot of very useful information. It's a matter of having sufficient staff because the amount of information it gives you is phenomenal. If a company doesn't have sufficient resources then any other antivirus might work, but this thing produces so much useful information that if you're implementing this solution it's worthwhile having the staff to deal with it. 

I rate this product 10 out of 10. 

The stability has been good so far. 

If I compare its features to the other solutions in the market, it has some good features. It's comparable to others.

The solution can scale as needed. 

In India at least, it seems to be a bit more expensive than other options. 

I've just recently been introduced to the product. I haven't used it for very long. 

The stability has been fine. There are no bugs or glitches and it doesn't crash or freeze. 

The scalability has been great. If you need to expand, you can.

I have never needed to contact technical support. I can't speak to how helpful or responsive they are. 

The pricing is a bit high for the Indian market.

We are a partner and we consult clients on security solutions. It's one of the solutions we take to our clients.

For companies that are Microsoft shops, I would recommend the product. It saves a lot of integration requirements as compared to other solutions. It's a good product that does what it says it will do. 

I would rate the product a seven out of ten. There are improvement opportunities in terms of the overall tech and commercial aspects of the product. It needs to be more competitive and technical. 

We have a dedicated team that handles all security-related aspects of the solution, however, my understanding is that the solution helps guard the endpoints in our organization. 

Along with security, there are certain IT policies in terms of accessibility of different sites, which are there in the organization. With everything put together, there haven't been any instances where I have seen any kind of issues such as malware or other malicious event getting through on my laptop. From that perspective, everything is fine. 

The patch updates and version updates are very good. Those happen on an automated basis whenever I'm connecting to the organization network, either through LAN or through the VPN. I never have to worry about anything being out-of-date.

The solution scales well.

I have found the stability to be good.

From a general user perspective, I don't see any further improvements needed. 

The price, in general, could always be a little bit cheaper.

I've used the solution for two years or so. It's not much more than that.

The stability of the product is good. I have not dealt with bugs or glitches. It doesn't crash or freeze. the performance is good. It's reliable. 

The solution scales well. If a company needs to expand it, it can.

We have 1,000 to 2,000 people on the solution currently.

I've never directly dealt with technical support for issues related to Defender. Many years ago I had reached out to Microsoft support for an issue related to Visio, a different product.

The initial setup is straightforward. There are certain automatic patches as well that keep on updating and those automatically install.

I don't recall how long the product took to deploy. When any new laptop or anything is assigned in an organization, all these things are installed prior to coming to us. Therefore, I wasn't actually a part of the installation process. 

We have a few contractors working with the in-house team. There may be around five to ten people. Any maintenance that is needed would be done by them.

The pricing could be lower. That said, I cannot speak to the exact costs involved as I do not directly deal with that aspect of the product. I'm unsure if the company is set up with a monthly or yearly subscription package. 

I'm just a customer and an end-user.

I'd rate the solution at an eight out of ten. I've been very pleased with how it has worked for me over the last two years. 

I would recommend the solution to others, however, I'm just a passive end-users and not as technically involved as those deploying the solution in our company. However, from my perspective, there has never been an issue on my machine with malware and therefore it seems to be doing what it's designed to do.

The solution is used for endpoint detection and response, however, it also has vulnerability management. I don't use that as much as the endpoint detection and response. I use it in combination with Cloud App Security and Endpoint Manager.

The most valuable feature is the fact that, if you have the M365 E5, it's included and everything is in the bundle. 

It's a very solid security system and the advanced hunting and everything really lets you dive deep into things.

Overall, they're doing a much better job. However, recently, they added the Azure Defender. When you use the Azure Defender licenses, you're already enrolled. 

I prefer that they had the old interface that was not combined with compliance, and still, they've changed that to make it better. I would just like them to have more consistency, and that's a comment that's across the board with Microsoft. They change things a lot.

I probably started diving into Microsoft Defender about two years ago.

Stability-wise, I have not had another product that has been as stable and has had fewer issues. It's amazing.

The solution is scalable. For example, I helped a 12,000-person company put it in and automated it without any issue.

In terms of technical support, I have not had to call them related to anything on Defender for Endpoint. I'm a CSP, so I'm calling and I'm getting different assistance than, say, a home user. That said, at the same time, it really depends on if you're getting level one or level three support.

The initial setup is very straightforward. There's a lot of people putting it in that don't understand it, however. They're not using device groups and auto-remediation settings.

I do a lot of security reviews as well, and what I find is that, although it works well out of the box, there are missing components. Another thing is that people will basically use the product, and yet, not set up the integrations with Cloud App Security and Endpoint Manager. When they do that, they're not getting the full functionality of it. I, on the other hand, know the system, so I see people often having trouble with it. If people are trained or go through training, they would be able to get the full functionality out of it.

I can't give numbers, however, for the price, when you're increasing from an E3 to an E5 license, the amount of features you get eliminates a lot of other systems. Therefore, you do get a pretty good ROI. On top of that, you only have one management system and one reporting system. Overall, the numbers have been quite impressive.

I don't know the standalone costs. It is my understanding that the M365 E5 is $56 a month or something close to that pricing. That would be for the full suite. Just Defender might be $8 a month. I can't say for sure.

I'm a consultant. I primarily work with Microsoft and I do the threat management and check vulnerabilities on the database. I'm looking for something that is not super expensive yet covers vulnerability management and where you can pick the products, and pick alerts, and you get a weekly digest report, just so that we can better manage everything.

I work with pretty much all of the 365 products. I'm pretty widely experienced in Defender. I work for a managed service provider. I'm one of the people that's, besides having my Microsoft Azure architecture, Azure security, Microsoft 365 expert level, plus M365 security knowledge. I focus on Azure and M365 security.

For Microsoft Defender, the product is cloud-based, therefore it is managed and it's updated constantly.

I would advise users to take advantage of Microsoft integrations. I would suggest that they put it all together, so they can use it as a full bundle.

I'd rate the solution at a ten out of ten.