We just raised a $30M Series A: Read our story

Microsoft Defender for Office 365 OverviewUNIXBusinessApplication

Microsoft Defender for Office 365 is the #4 ranked solution in our list of top Advanced Threat Protection (ATP) tools. It is most often compared to Proofpoint Email Protection: Microsoft Defender for Office 365 vs Proofpoint Email Protection

What is Microsoft Defender for Office 365?

Microsoft Defender for Office 365 protects all of Office 365 against advanced threats like business email compromise and credential phishing, and automatically investigates and remediates attacks. With Defender for O365 you get Integrated threat protection for all of Office 365 that gives you:

- Native protection for Office 365 with built-in protection that simplifies administration, lowers total cost of ownership, and boosts productivity.

- Unparalleled scale and effectiveness with powerful automated workflows to improve SecOps efficiency.

- A complete solution for collaboration that protects you from attacks across the kill chain.

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security and Compliance Community.

Microsoft Defender for Office 365 is also known as MS Defender for Office 365.

Microsoft Defender for Office 365 Buyer's Guide

Download the Microsoft Defender for Office 365 Buyer's Guide including reviews and more. Updated: October 2021

Microsoft Defender for Office 365 Customers

Microsoft Defender for Office 365 is trusted by companies such as Ithaca College.

Microsoft Defender for Office 365 Video

Pricing Advice

What users are saying about Microsoft Defender for Office 365 pricing:
  • "Defender is a little bit more expensive as compared to others. We are in the manufacturing environment. So, we don't have a high budget for all of our endpoint devices. Its cost is a major concern for us."
  • "It's a user-base subscription."
  • "From the pricing point of view, like any other product in the market, there is scope for negotiation."

Microsoft Defender for Office 365 Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
GH
Principal Consultant at a tech services company with 201-500 employees
Real User
Top 5Leaderboard
Essential security capabilities, plenty of email protection, and enhanced data loss prevention

Pros and Cons

  • "Some of the valuable features on the email side are anti-phishing, anti-malware, and Safe Links."
  • "There needs to be an improvement in integrating the product to work across multiple operating systems, and to have better support for non-Microsoft file types."

What is our primary use case?

This solution is a mixed product. It can be used for email security and for information protection which is basically data loss prevention. Many people do this type of setup for DLP, but it is under Microsoft's naming convention, they call it Microsoft Information Protection(MIP).

How has it helped my organization?

It definitely is a must for email protection and O365 app DLP.  Combined with Microsoft Defender for Endpoint, Microsoft Defender for Identity, and MCAS, it provides a holistic solution for threat protection, email protection, O365 apps protection, and DLP for both internal and external risks.

What is most valuable?

Some of the valuable features on the email side are anti-phishing, anti-malware, and Safe Links. Anything that has the word "safe" in it is essentially made to defend against the common email vulnerabilities that you would see in similar products. Without these features, it does not have nearly the capabilities. 

On the information protection side, the best features are probably the data loss prevention policies that cover the whole suite of Office 365 applications. I will explain it a little more, from an information protection standpoint, Defender for Office 365, does strictly apply to the Office apps, but that is where it can get confusing because it can do more. It works with MIP, and MIP can be part of a SKU in the M365, particularly the E5 SKU or equivalent. It can protect and prevent data loss of data wherever it operates. It does not matter where it operates, it can be in a different cloud service, on-premises, in Office, a SaaS application, or even It could be your own applications that you have developed. Defender for Office 365 helps with the loss prevention for Office 365 applications.

What needs improvement?

There needs to be an improvement in having the product work across multiple operating systems and have better support for non-Microsoft file types.

Defender for Office 365 handles the Microsoft supported file types, but MIP is limited. This solution does what it needs to do, but it does not go to the depth of if it was working with MIP, a holistic information protection system. It does not support all the file types an organization might use. For example, AutoCAD B1 for manufacturing or defence-oriented companies, they have to add a third-party add-on, or you would have to create the extensibility.

In an upcoming release, there should be business continuity features added. Proofpoint solution addresses what happens if you have an outage. If your tenant or your SaaS application is not available, there is no continuity right now with this solution. 

For how long have I used the solution?

I have been using the solution for approximately 6 months.

What do I think about the stability of the solution?

Generally, it is stable with a good SLA.  Still there can be outages in either O365 or Azure AD but they are rare.  That is where Proofpoint adds a BC/DR feature that is lacking with O365 Exchange Online.

What do I think about the scalability of the solution?

It is a scalable solution. We have deployed it to several hundred thousand people, and it scaled fine. There are different considerations that need to be made before the solution can scale properly. For example, If I am in a hybrid environment, my connection to the cloud is 100 MB, and I have got 100,000 users, that connection bandwidth is not going to work. As long as people know that there are certain adjustments that are needed to scale, then it will scale properly.

Another example, if it is a Multi-GEO spread across the globe, you are only as good as your network backbone or what you pay for your network backbone, this is the case in many clouds. If you are using a hybrid setup, it is the same situation, you need to figure out how to regionalize things and then have adequate bandwidth. There are techniques to use that makes sure you are using the shortest path to the cloud from each region. If you do not pay attention to all of these considerations when attempting to scale the product you are not going to have a good experience.

How are customer service and technical support?

Microsoft does a very good job of having information available for customers such as documentation and online videos. The problem is wading into every consideration that you have to have, such as, is the network sufficient, or evaluating the different setup scenario types where it could get really complicated. For example, having a Multi-GEO setup, what is the impact of a network on the performance. There are scenarios where it can get difficult, where a company acquires another company and they both are in separate Active Directory force and a lot of them at times, they do not know the order of how to do things. The complication of supported models between how you do identity and some of them do not even know how to do enterprise architecture or the difference between enterprise architecture and solution architecture. You could run into best practices not being followed and have to re-engineer everything, I have run into all kinds of scenarios.

Generally, the only problem with the documentation is it is hard for people to put all the information together, there can be a lot of information. Microsoft support is only as good as their documentation, and their documentation is currently behind. Since Ignite 2020, all the announcements came out of that and the documentation still has not caught up. We are now at Ignite 2021. 

A lot of these technical support agents just read a script. However, it depends on which level you are talking about. If you get entry-level support and then you are moving up the ladder, it could take time to get the information you are seeking for a resolution. If you get the right support person then you are good, but if not then you could be going around in circles for a while before you are able to resolve your issue.

Which solution did I use previously and why did I switch?

At GuidePoint Security we are paid consultant therefore work within the requirements of customers.  Some customers understand the holistic Microsoft XDR and information protection solutions and how they integrate together to send signals to a SIEM/SOAR product for incident discovery and remediation.  Others use a mixed bag of products from CrowdStrike, Symantec, etc. on endpoints, may use a third-party CASB product i.e. Netskope which combined with Netskope's Secure Web Proxy forms their SASE solution.

How was the initial setup?

The installation can be easy in SMB but there can be some difficult challenges in large enterprises.  Typically it is companies going through mergers, etc.

What about the implementation team?

Full deployment can have challenges, but it is all depending on your organization's usage. For example, organizations that have to be in the government cloud and where they have both US and non-US citizens. In the government cloud, friendly nations can participate in the government cloud and there are some that definitely cannot. There could be many that cannot be allowed. For example, If there were two that could not be allowed, those two clouds have to be separated completely. They cannot communicate with each other whatsoever. That is a little bit of a problem for some organizations. What if I have a subsidiary in Australia that says, "No, I do not want to be in the government cloud." how are you going to handle the fact that all your US subsidiaries have agreed to go into the government cloud and the Australian one is sitting out saying "no". You then now have to treat these separately like they are two separate organizations.

What was our ROI?

We have received a good return on investment with this solution, it does what it is supposed to do. Particularly from the email and information protection perspective, it does a very good job, but it could be better.

What's my experience with pricing, setup cost, and licensing?

Microsoft licensing should include Microsoft Defender for O365 in their E3 and E5 licenses.  Currently it is all or nothing unless you purchase an add-on which we advise enterprise customers to do.

Which other solutions did I evaluate?

I have evaluated Proofpoint in the past which has continuity features that this solution is lacking.

What other advice do I have?

The solution is really good, but not perfect, nothing is. They have done a very good job, they just have a little ways to go. The way their documentation is constructed, connecting the dots holistically is something people find hard and that is the reason they call people like me because I know how to connect the dots.

I rate Microsoft Defender for Office 365 a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Vishnu-Reddy
IT Manager at SSEL
Real User
Top 20
Easy to set up and configure and scales very easily

Pros and Cons

  • "I would say that 90% of the spam and phishing attack emails get blocked right off the bat."
  • "The custom alerts have to improve a lot."

What is our primary use case?

We primarily use the solution for security purposes. 

How has it helped my organization?

Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect our organization against unknown malware and viruses by providing robust zero-day protection and includes features to safeguard our organization from harmful links in real-time. Defender for Office 365 has rich reporting and URL trace capabilities that give us (administrators) insight into the kind of attacks happening in our organization. We can discover how Defender for Office 365 can help in define protection policies, analyze threats to our organization, and respond to attacks.

What is most valuable?

Defender for Office 365 can help your organization configure policies, analyze threats to your organization and respond to attacks.  It is important to note that there are different levels of protection and capabilities depending upon which version of Office365 license you have. The best features we found most valuable are Forwarding Report, Safe Attachment Files Types, Treat Protection Status, Malware Detected in Email, URL Threat Protection and many more.

What needs improvement?

The custom alerts have to improve a lot. Though the system is very good, we have to go and check inside the admin panel to look at all kinds of reports. We won't get any mail alerts that highlight for us, for example, "today this many of spam attacks have happened". Or "these many emails have been blocked." We have to manually go into the admin panel and have to check it out. It would be nice if there are custom email notifications/alerts.

Right now, there are additional features such as mobile device management and data loss prevention, or eDiscovery (where the admin scans through the inboxes and see all your mail and notes any deviation) that are only currently available under the E5 license. You can't get these services as part of a base plan. In the future, it would be nice if they were added as part of the base plan as well.  

For how long have I used the solution?

We've been using the solution for two years at this point. 

What do I think about the scalability of the solution?

In terms of Scalability, Microsoft has heavily invested in scalability and security of its Microsoft 365 platform in the last few years.

Since it is a cloud based solution, at any point of time we can upgrade the number of users without any hassle and there is no user cap limit.

Currently, we have 350 users at this time.

How are customer service and technical support?

The technical support is good. However, for us, personally, we didn't had any serious issues to contact with the technical support team as most of the errors or issues we faced we easily resolved from documentation from Microsoft website. 

Which solution did I use previously and why did I switch?

We have been using Fortinet Mail however, later on, we went with the Office 365 Email Protection Plan. The main reason for switching is before we were using G-Suite from google for emailing solution and later on we shifted to Office 365 and the Defender is an inbuilt feature provided by microsoft.

How was the initial setup?

The initial setup is so easy and the Microsoft Help Center is available to assist as necessary. In our case, we just went through the documentation which was provided on the Microsoft website and based on the document, we were able to easily configure it.

What about the implementation team?

We implemented it in-house and no support was taken from vendor. Everything is in the documentation of Microsoft Website.

What's my experience with pricing, setup cost, and licensing?

The pricing is pretty good and was a major factor in choosing it. The pricing is reasonable when compared with Cisco or some other products.

If it is an IT company, the budget allocation will be more and focused on the IT part. However, when it comes to a manufacturing company, the budget focus will be more on manufacturing and the budget allocation will be very low in terms of IT. 

For us Office 365 was better in terms of Pricing.

Which other solutions did I evaluate?

Before choosing this solution, we had evaluated Cisco. I just visited your site and I just downloaded that datasheet. I compared it to Office 365 Mail Protection. Both are good, however, in terms of the pricing part, Office 365 was better choice.

What other advice do I have?

No matter what ever solution we take be it Google/ Cisco/ Microsoft, every one provided the same security. However there would be some features differ based on the plan/license we take.

With my personal experience, If you don't have any budget constraints go for Google or Cisco.
If you are on a low budget and if you want a solution that needs to be suitable for your business, then you can go for Microsoft.

I'd rate the solution at an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Microsoft Defender for Office 365. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
541,708 professionals have used our research since 2012.
ITCS user
Supervisor of IT Infrastructure & Cybersecurity at a tech consulting company with 51-200 employees
Reseller
Top 5Leaderboard
Thorough examination of email and URLs for malicious content; great real-time updates

Pros and Cons

  • "Does a thorough job of examining email and URLs for malicious content."
  • "Configuration requires going to a lot of places rather than just accessing one tab."

What is our primary use case?

We are resellers of this solution and Microsoft partners. 

What is most valuable?

The solution does a thorough job of examining email for malicious content and examines the URLs and potential malicious content in emails. It offers peace of mind with more real-time updates as far as what they're looking for as opposed to a signature-based solution. It's probably the most valuable feature to my mind. I've deployed it for a couple of clients in a 365 environment and it seems to be a pretty solid solution. 

What needs improvement?

This is not really a defined product. You have to go to a lot of different places to enable things so it would be nice if you could go to one tab that says 365 Defender for Office 365 or something similar. You would be able to make all the settings and changes there, rather than having to go to lots of different places in the admin center to get it configured.

For how long have I used the solution?

I've been using this solution for six months. 

What do I think about the stability of the solution?

This is a stable solution. 

What do I think about the scalability of the solution?

Defender is very scalable, it sits on the 365 environment so however big your 365 environment is, is how much you can expand, so I would say it's very scalable. We've probably set up 300 or 400 users so far. There's no maintenance and you don't have to deploy updates. It's all taken care of in the background by Microsoft so it's pretty much set and forget it once you get here.

How are customer service and support?

The support is mostly responsive, but I've had instances going for longer than a week that shouldn't have taken that long.

Which solution did I use previously and why did I switch?

There's no specific solution I would relate to, Microsoft just seems like a cleaner solution as opposed to having a third party. We've used some other solutions in the past where you have to send the mail to that solution and then forward it from there to Microsoft. In this case, it all takes place in the Microsoft environment. No extra modifications are required. 

How was the initial setup?

Like most Microsoft products it's not the easiest thing to get installed, but it seems to work once you have deployed. You can easily do it in half a day, especially once you get familiar with it, but it's not particularly time-consuming. It's best to start out with more lenient definitions so you're not working on every mail, but we can tune it after that. Our in-house IT department deals with deployment. 

What was our ROI?

We haven't done any sort of analysis with regard to ROI, but in my mind, if you can stop one piece of ransomware or malware from getting onto your network, it's priceless.

What's my experience with pricing, setup cost, and licensing?

The solution is not too expensive. 

What other advice do I have?

I'd highly recommend reading the documentation. It was pretty helpful in getting the solution set up.

I rate the solution eight out of 10. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
BCOng
Corporate IT Infrastructure Manager at a manufacturing company with 10,001+ employees
Real User
Top 10
Improves security awareness and security posture and blocks known threats immediately

Pros and Cons

  • "The risk level notifications are most valuable. We get to know what kind of intrusion or attack is there, and we can fix a problem on time."
  • "The visibility for the weaknesses in the system and unauthorized access can be improved."

What is our primary use case?

We use it for detecting any kind of breach or intrusion. It is not enabled for everyone because we have our own antivirus.

How has it helped my organization?

It has helped us in improving our security posture. It detects any kind of attack or abnormal behavior in accessing the system and sends an alert to the administrator who can check, understand, and review on time to ensure that all activities are legit.

It blocks all known threats immediately and sends alerts to follow up. It is not used on all devices. On the devices on which it is being used, it has improved the security by 80%.

It has improved our security awareness. It helped us in understanding the weaknesses in our configuration that needed to be fixed to avoid any kind of breach. It has increased our security level and mitigated the risk of being compromised.

What is most valuable?

The risk level notifications are most valuable. We get to know what kind of intrusion or attack is there, and we can fix a problem on time.

What needs improvement?

The visibility for the weaknesses in the system and unauthorized access can be improved.

Its price should be improved. Its cost is a major concern for us.

For how long have I used the solution?

We started using it in 2019.

What do I think about the stability of the solution?

Its stability is good.

What do I think about the scalability of the solution?

Its scalability is good. It is able to leverage more and more functions, which is essential because cybersecurity threats are increasing nowadays.

Initially, we had only 10 users, and currently, most of the users are switching to another platform. We only have one user, and only the system administrator is managing it.

How are customer service and technical support?

I didn't need any tech support because the documentation and the procedures are simple and easy to understand.

Which solution did I use previously and why did I switch?

We have Symantec Endpoint Protection, and we also use Sophos. We are using Defender only on our Azure system because it is a suitable tool for the Microsoft environment.

How was the initial setup?

Its initial setup is straightforward. Because it is cloud-based, when we assign the license for Office 365, it can be automatically deployed from the console. Because the number was small, we manually installed it on each device one by one. Its deployment requires minimal staff. Depending on the connectivity, it can take about 30 minutes for each device.

What was our ROI?

We have not seen an ROI yet.

What's my experience with pricing, setup cost, and licensing?

Defender is a little bit more expensive as compared to others. We are in the manufacturing environment. So, we don't have a high budget for all of our endpoint devices. Its cost is a major concern for us.

What other advice do I have?

It is a good product, but its price is the most critical point for consideration. In terms of technology and capability, I would rate Microsoft Defender an eight out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
FL
Information Technology Manager at a performing arts with 51-200 employees
Real User
Top 5
Easy to set up with no configuration required, and the support is good

Pros and Cons

  • "The good part is that you don't have to configure it, which is very convenient."
  • "We need a separate license and we don't know how to get the license that is required."

What is our primary use case?

We are using it with Laptops that go directly to the end-user. We used the Defender because it was already there.

What is most valuable?

The good part is that you don't have to configure it, which is very convenient.

What needs improvement?

We are waiting for better software to block viruses. The feedback that we receive is that it is weaker when compared with other products such as Cisco and Palo Alto.

The only concern that we have is that this product is user-based, but we have requirements to run separate PCs or servers that are not on the same subscription. We need a separate license and we don't know how to get the license that is required.

We also wonder if it can prevent attacks from new types of viruses such as Widefire.

For how long have I used the solution?

We started using Microsoft Defender for Office 365 after the pandemic started. 

How are customer service and technical support?

Technical support is very good. They are knowledgeable and respond quickly. 

We have had other issues with Word, but we have not had any issues with the Defender product.

Which solution did I use previously and why did I switch?

Previously, we used Symantec Endpoint Protection. They seemed to have some sort of software issue where you couldn't renew your license.

How was the initial setup?

The initial setup was quite straightforward. There was nothing complex for both IT and the user.

There is no installation, you just enable it on the cloud to have it work automatically.

It's very convenient for remote support or remote installation.

What's my experience with pricing, setup cost, and licensing?

It's a user-base subscription.

Licensing is on a monthly basis. It's part of Office 365, so you really can't tell how much it costs. It's part of the bundle.

It's difficult to compare prices with other companies.

What other advice do I have?

I feel Defender is a product that is good enough, especially for small to medium-size businesses.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
OR
General Manager IT at a logistics company with 10,001+ employees
Real User
Top 20
Protects from zero-day threats and ensures that attachments and links are safe, but has a lot of false positives and should have only one plan that takes care of everything

Pros and Cons

  • "Safe attachments, safe links, policies, and the ability to protect from zero-day threats are the most valuable features."
  • "In some situations, it has not been able to pick impersonated emails having no attachments. Technical support definitely has a scope for improvement."

What is most valuable?

Safe attachments, safe links, policies, and the ability to protect from zero-day threats are the most valuable features.

What needs improvement?

In some situations, it has not been able to pick impersonated emails having no attachments. Technical support definitely has a scope for improvement.

For how long have I used the solution?

I have been using this solution for the last one year. I have its latest version.

What do I think about the stability of the solution?

It is stable. We didn't find any issues with that.

What do I think about the scalability of the solution?

It is highly scalable. We have deployed for around 7,000 accounts.  Performance is not impacted.

How are customer service and technical support?

Their technical support can definitely be improved. They can avoid using templatized response.

Which solution did I use previously and why did I switch?

We had basic Exchange Online Protection. 

How was the initial setup?

It was easy to configure and with one/two skilled the ongoing maintenance can be handled. 

What's my experience with pricing, setup cost, and licensing?

It has a simple interface to configure and manage. From the pricing point of view, like any other product in the market, there is scope for negotiation. 

Which other solutions did I evaluate?

Before we chose to settle with this product, we experimented with Cisco, Forcepoint, etc.

What other advice do I have?

I would advise others to do a proof of concept for at least a month before taking a decision.

I would rate Microsoft Defender for Office 365 a eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
RB
Senior Network Analyst at a financial services firm with 1,001-5,000 employees
Real User
Top 20
A stable, scalable, and resilient security solution

What is our primary use case?

In general, we use it for OneDrive and Office tools.

What is most valuable?

At the moment we are satisfied with this product. It's a stable, scalable, and resilient solution for us.

What needs improvement?

It would be better if it were more scalable. It depends on the architecture, but we would like to make it more scalable for both data centers. 

For how long have I used the solution?

I have been working with Microsoft Defender for Office 365 for almost seven years.

What do I think about the stability of the solution?

Microsoft Defender for Office 365 is very stable.

What do I think about the scalability of the solution?

Microsoft Defender for Office 365 is very scalable. Because we have our issues on principle access, we can be scalable…

What is our primary use case?

In general, we use it for OneDrive and Office tools.

What is most valuable?

At the moment we are satisfied with this product. It's a stable, scalable, and resilient solution for us.

What needs improvement?

It would be better if it were more scalable. It depends on the architecture, but we would like to make it more scalable for both data centers. 

For how long have I used the solution?

I have been working with Microsoft Defender for Office 365 for almost seven years.

What do I think about the stability of the solution?

Microsoft Defender for Office 365 is very stable.

What do I think about the scalability of the solution?

Microsoft Defender for Office 365 is very scalable. Because we have our issues on principle access, we can be scalable and resilient.

How are customer service and technical support?

Technical support is excellent and very helpful. 

What other advice do I have?

I would recommend the solution because it's very helpful as a scalable and resilient solution. It's useful for our users here every day.

On a scale from one to ten, I would give Microsoft Defender for Office 365 a nine.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Buyer's Guide
Download our free Microsoft Defender for Office 365 Report and get advice and tips from experienced pros sharing their opinions.