Microsoft Defender for Office 365 Reviews

This solution is a cloud-based email filtering service. It scans our inbound and outbound emails and attachments, and protects our Office 365 from unknown malwares and viruses. It is very effective at analyzing advance attacks such as phishing and zero-day malwares, so it gives us the flexibility to know more about what kind of attacks we're at an increased risk for. The solution helps us to prioritize threats, and it gives us real-time analytic reports about the latest security threats in cyberspace.

Office 365 is our daily driver for Word, MS PowerPoint, Excel, and Outlook. We have confidential attachments and share URLs within emails, so we worry about our data. Defender helps us to track and scan every inbound and outbound email, so that they can't be read by third parties.

Threat Explorer is one of the features that I very much like because it is a real-time report that allows you to identify, analyze, and trace security attacks.

The Attack Simulator feature is built into Defender and runs real-time attack scenarios to identify any security vulnerabilities, phishing attacks, or ransomware attacks.

The automated incident responses, AIRs, have capabilities that save time and effort.

There is room for improvement with the UI.

The company should focus on adding threats that the solution is currently unable to detect. Sometimes it misses threats and viruses across the whole solution that are not covered under the current scanning. For example, if there are a hundred viruses that could be threatening us, sometimes Defender will only be able to scan for 95 out of 100.

We have to pay for storage for the solution. The storage cost should not be included in the subscription.

The notification rates are very high. It even notifies us for some small, low-priority viruses. My recommendation is that it should only notify us for high-level security threats that could highly affect our applications.

We deployed Defender about two years ago.

Every product has some challenges and limitations. Sometimes it skips possible viruses while it is scanning, but apart from that, I would give this solution a nine out of ten for stability.

We have had contact with the support team, and it is fine. I would rate them as a nine out of ten because nobody is perfect and sometimes we have to wait for responses.

Every solution developed by Microsoft, especially in Azure, is very easy to deploy. The deployment is not complex. It doesn't require much technical knowledge because most things are taken care of by their consulting and solution architect team.

It can be implemented in-house. You just need to share your requirements so that they can be set up by Azure, and then you enable the services over the Azure portal. Then you configure your application endpoints and you're done. All of the updates and upgrades are managed by Microsoft.

Some emails are very confidential, and sometimes Office itself blocks some attachments or blocks some users from sending those emails. Defender helps us to scan the emails first, and then send them to clients and other users. It saves time as well as human efforts to diagnose which emails were sent, which ones were bounced, and which ones are in the outbox. It's a subscription-based service, so we have to procure licenses for the entire user base, but it saves money so we have seen a return on investment.

Overall, it is a very good solution. We estimate that we have a 30-35% time savings thanks to this solution.

My primary focus is the compatibility with Microsoft 365. If a solution is compatible and gives good results, then it's fine with me. I've been unable to find a solution, apart from Defender, that gives us flexibility for end-to-end security and is compatible with Office 365. 

I would rate this solution as a nine out of ten.

The benefit that stands out to me is the ability for multiple individuals to collaborate simultaneously within the same document. Additionally, there is the option to save the document directly in the integrated OneDrive or SharePoint. 

Microsoft Defender for Office 365 should improve the troubleshooting tools. It's unclear whether the device is blocked at the firewall level or at the device itself. The granularity needed for troubleshooting is currently lacking.

From my perspective, Microsoft should address this issue to benefit many users who likely share the same sentiment.

I have been using the product for three years. 

Microsoft Defender for Office 365 is stable. 

You can scale up as you pay. 

Evaluating Microsoft support can be a bit mixed. Sometimes, it's good, but not so much. The initial contact is typically with the help desk. When I call, I usually need someone at a higher level, maybe level three, to assist with more complex problems. The challenge is that it can take up to two weeks to resolve issues, and my main complaint is the waiting times and the basic nature of level-one support. Getting to the expert who can fix the problem often takes a couple of weeks.

Neutral

My clients used Norton and McAfee before Microsoft Defender for Office 365. It makes sense in the long term, especially when many clients already have Microsoft 365 in their licenses. Paying more to get the security features with Microsoft instead of additional licensing costs with a different company is a practical choice. It seems to be mainly about saving money.

The tool's deployment is not straightforward. However, it has good documentation. 

The solution is good but not cheap. It offers a big ecosystem where you can manage everything from one place. 

Integrating identity and access management into Microsoft 365 Defender is important for my customers and me. The ability to centrally manage these aspects within the platform is highly valuable. Rather than navigating through numerous consoles to verify various aspects, having almost everything in a single location saves time. This integrated approach streamlines operations and reduces the complexity of learning and managing different products.

Nowadays, everyone uses not just Microsoft products but also third-party ones. It would be good if Microsoft could make its security tools work with all kinds of software. Nowadays, there are so many cyber attacks and security threats. Having one product that can handle and manage all these threats across the board is beneficial.

We have stopped using Trend Micro in a couple of places. I am not sure if it was due to cost or pricing. 

The product is more convenient to manage, and it saves time. Instead of navigating through different controls, having everything in one place allows the security team to take action on threats or issues.

I rate the product a nine out of ten. I have used it for security and compliance. In my experience, they're doing quite well; it's a good product. If people are considering Microsoft products, I would say, why not? It's just that support during implementation could be better sometimes. However, it's a good product with frequent updates. 

Our primary use case is for features like mail protection and preventing impersonation. It has extended the protection for the user.

What I don't like about Microsoft Defender for Office 365 is that many of the features should be default. They should be included, not optional, like other vendors provide.

I have been working with Defender for Office since the beginning. It's been evolving all the time.

I would rate the stability an eight out of ten. We noticed that from time to time, Microsoft does have problems. Sometimes the service goes up and down. Sometimes they change without prior notice. 

It is a scalable solution. Our organization has around a thousand users using Microsoft Defender for Office 365. 

Sometimes it's good. Sometimes it's bad. It's up and down.

The initial setup is straightforward. You just add the license, click it, and then you can set up the rules. It is quite simple. 

You can set it up in-house. 

The pricing has become expensive. 

Some customers want to use a monthly payment, but Microsoft recently changed its license policies. So we are encouraging most users to pay annually.

Overall, I would rate the solution a nine out of ten. I would definitely recommend using the solution. 

It allows us to effectively detect and manage malicious URLs within emails. This proactive approach allows your team to identify and resolve security incidents promptly. We optimize our security by incorporating Microsoft's IOCs into both Defender for Office 365 and endpoint protection. This integration prevents our devices from accessing known threats, saving significant time weekly. Centralized management of threat indicators proves highly efficient, potentially saving hours. This comprehensive strategy enhances our proactive security measures across our systems.

When dealing with a large volume of emails, whether received or sent by users, Defender solutions, particularly Threat Explorer, prove to be highly effective. In instances where users may have inadvertently interacted with potentially harmful emails, it enables me to isolate and analyze these emails by placing them in a secure sandbox environment. This insight is crucial for addressing incidents promptly and collaboratively, fostering a cooperative approach to resolving potential security issues within the organization. In Defender 365, we've implemented a dual-pronged approach for automating tasks and managing security incidents. When alerts like a user clicking on a malicious URL occur, data is directed to Sentinel or Log Analytics. A logic app is then employed to analyze the user's actions using Defender for Endpoint, tracking device activities, and making informed decisions. This integrated system enables us to swiftly identify, analyze, and respond to security incidents, enhancing our ability to manage and mitigate potential threats effectively. It has significantly reduced our time to detect and respond to security incidents. While I don't have an exact figure, the impact has been substantial. By consolidating multiple solutions into logic apps and gaining visibility, we can now respond much more efficiently than before. Without this integrated approach, lacking visibility hampers our ability to identify and address potential threats promptly.

Threat Explorer is an invaluable tool for me, and it plays a crucial role in helping me discern the origins of various email campaigns, pinpointing where they emanate from, and identifying the individuals within our organization who are affected. The convenience of having a centralized location for extracting comprehensive data is particularly noteworthy. With Threat Explorer, I can efficiently manage and mitigate the impact of these campaigns by removing problematic emails from mailboxes, all in one centralized location, eliminating the need to navigate through multiple areas. Effectively prioritizing threats across our enterprise is crucial for us, given that the primary avenue of attack is often through phishing emails. By having robust protection in place, we're able to significantly mitigate this prevalent threat, essentially clearing a major portion of the cybersecurity landscape.

There's room for improvement regarding the time frame for retrieving emails. Currently, the limitation allows users to go back only thirty days when pulling emails or conducting related actions. Enhancing this capability to extend the timeframe, perhaps to sixty or ninety days, would be beneficial.

I have been working with it for three years.

It has been reliable. I haven't encountered any instances of downtime or significant bugs; occasionally, signing out and back in resolves minor issues.

In terms of scalability, our institution has expanded with more students and staff, and we haven't experienced any performance issues with Defender for Office 365. It has proven to be effective and adaptable to the growth of our organization. We currently have approximately four thousand staff members.

The support team, not only for Defender for Office 365 but for any issues I've encountered, has been exceptional. Whether reaching out through email or submitting a support ticket, I typically receive a callback within hours. I've never personally faced any challenges in contacting Microsoft support—they've consistently been prompt and responsive. The account managers, or whatever they're officially called, have been quick to answer and address any inquiries, making the support experience highly satisfactory. I would rate it ten out of ten.

Positive

I would highly recommend it as it offers numerous features that can significantly enhance your security posture. Overall, I would rate it ten out of ten.

We use Microsoft Defender for Office 365 for protection. 

Microsoft Defender for Office 365 has improved my organization's security. It makes it easier to manage the infrastructure without the help of third-party applications. 

The product helped us maintain collaboration and communication during the pandemic with the help of Teams. 

Microsoft Defender for Office 365 must improve the overall management style, including the GUI. It also needs to change the filters so that it is easy to whitelist and blacklist data. 

I have been using the product for six years. 

The product is stable. I rate it a ten out of ten. 

Microsoft Defender for Office 365 is scalable. I rate it a ten out of ten. 

The tool's support is good. 

Positive

Microsoft Defender for Office 365 is expensive but does what it says. 

Microsoft Defender for Office 365 is efficient and picks up threats before they pass on to the systems. 

The tool's automation has made us more efficient in our daily tasks. 

The solution saves much time since you don't have to reimage the computer after an attack. 

We have started using Defender on our endpoints, together with the basic Defender for email. We placed Defender on our endpoints through our XDR solution. It's connected to our SOC and the SIEM.

The fact that it's easy to integrate and implement has helped us to move forward with our project.

Also, on the clients, we have implemented automated identification and blocking, and these help our SOC team avoid doing manual work.

It gives us visibility into threats and, for endpoints, it helps us to prioritize threats. We used to have a lack of visibility, but now our time to detect and respond has decreased.

Also, in the beginning, Microsoft Defender for Office 365 saved us time because we had started a completely new company. Now that we are more established, we need another, more advanced solution with more machine learning and artificial intelligence related functionality.

About eight months ago, we started to measure the quantity of phishing and spam that we have been receiving, and it has been increasing a lot. That means that protection for our email is not as good as we were expecting.

Now that we have more visibility into threats, our orientation is to have a more top-market solution to give us more visibility and easier ways to respond to the threats that we find and also to identify threats better.

It is not really straightforward to get a lot of information from Microsoft Defender, so we have had to use Microsoft Graph to create some custom views to export custom information.

I have been using Microsoft Defender for Office 365 for four years.

The stability is really good. We have never had any problems related to Defender.

The scalability is also very good. It's easy to increase usage, but that's expected.

We are a multinational company, so we have multiple locations, including Brazil and several countries in Europe. We have about 470 end-users.

The technical support is really good. 

Positive

We used Symantec when we were part of a big company. We decided to use Microsoft because it is a fully integrated solution and was embedded in our licenses. We did not take into consideration all the features.

Our company was sold by that big company that we used to be part of and we then consolidated and created a new company about four years ago. We wanted to move forward, as fast as possible, with as much security as possible.

It was really straightforward to set up. We implemented it on our endpoint devices, and then we configured a lot of policies to manage and avoid threats, as well as policies for phishing and the cloud.

The maintenance is mostly related to fine-tuning phishing and other issues and is handled by one or two engineers, but it's not needed frequently.

It was done in-house, with two or three of our resources.

It is much more expensive than using another solution because we have had to include some options and upgrade our license. Be aware of the licensing model, because for certain features you need a different level of licensing.

We did not look at other options. The main reason we went with Microsoft was because of the complete integration.

If I were asked whether to go with a single vendor or multiple vendors for security, I would say use multiple vendors. We are using Microsoft for collaboration, email, chat, and security. It's like having the wolf secure your house. Having different vendors would help give you different visibility and data and different people managing different solutions.

We use Defender for Office for its five core features: anti-phishing, malware, link scanning, attachment scanning, and anti-spam.

We switched from Mimecast to Defender, and it's been a massive difference. Mimecast is convoluted, obtuse, and frustrating. That's not the case for Microsoft 365. Mimecast has more false positives, and the link-scanning feature requires you to authenticate devices every time you use the solution, which is untenable if you're on your phone. It's just not possible. 

If you're trying to look up a PDF that somebody sent, and a safe link is embedded in that, Mimecast and Microsoft write it into the "send" box. However, Microsoft is much better because you are already authenticated, so you don't need to re-authenticate again. Mimecast makes you reauthenticate every time.

It gives us one admin portal to see the things we need, which has made life for my admin team easier. I estimate it saves us about an hour or two a week. It saves the clients money because my team spends fewer hours doing tasks each week. 

The most valuable feature is protection against malicious links, fishing, and impersonation. You can train people to be aware of these threats, but they're not always careful. When they're using their phones between meetings, they click on a link, and it's game over. 

Impersonation detection is also crucial because attackers are increasingly advanced. They keep changing their tactics and adapting. People are getting emails with display names that look like people from their organization. SDF records, DMARC, and all that stuff don't always work because people often ignore email addresses. We have also used the phishing simulation component. That's pretty good.

The only thing they should improve is the licensing model. They should stop changing it. A year ago, the five features I mentioned were included in one product. Now, three of them are bundled into one product, and you have to pay extra for the other two. I don't mind paying extra, but I don't want them to change it every year or every six months. I need to know what I'm looking at and not worry about it next year.

I've used Defender in production for about a year.

Defender is stable. 

The number of users isn't significant, so I'm not worried about scalability.

Deploying Defender is a two-person job. You don't have to do much to maintain it per se. You occasionally get tickets from users who expected an email that got quarantined. You need to pay attention to that. You'll get access when you get a false positive, and you need one help desk person to look into it. There's no maintenance outside of that. 

Defender is cheaper than Mimecast in the long run, so there are savings, if not a return. It's like proving a negative. We haven't been hacked, so I don't know if that's worth anything.

The price is reasonable. 

I rate Defender for Office 365 a nine out of ten. If you could find a better solution than Defender, I would take a look. I originally went with Mimecast because they seemed to have a better product, but that's no longer true. Microsoft Defender is better than Mimecast. I used Mimecast for four years before switching. It used to be better, but now it isn't. You go with the best. Diversifying it is not helpful. Microsoft is finally doing a good job doing this email protection, they didn't do well in the past, but now they are.

We're an MSP, and we deploy security solutions to our clients based in the UAE. We are currently implementing the product ourselves and developing the capacity to deploy it to our clients. We have around 200 total end users. 

In addition to Defender for Office 365, we also use Defender for Cloud and Microsoft Sentinel. The products are integrated.    

The integration was straightforward, as most of our clients and we operate an Azure environment, so integration is usually as simple as a few clicks.

Defender for Office 365 helps automate routine tasks and find high-value alerts, which we can do using Azure Logic Apps. We can create operations, automate them, and make a workflow using automation. One of our clients didn't have the budget to invest in a SOC team, but we deployed the solution for them, and they now run a SOC with only one analyst. They can achieve this kind of maturity through the product's automation.   

The solution's threat intelligence helps prepare us for potential threats before they hit and take proactive steps. Sentinel also features robust threat hunting, which provides indicators of possible attacks and is beneficial information to have.   

Defender for Office 365 saved us time, we have seen many improvements to the product, and Microsoft regularly brings out new features. The tool is at a good point right now and is on the path to improvement. Time saved is in the region of 30-40%.  

It decreased our time for detection and response, especially with its SOAR capabilities. We can activate automated runbooks in a few clicks and block a malicious or unauthorized user in a single click. We rapidly receive alerts, which reduces our response time such that what once took at least an hour can now be resolved in minutes.   

The email protection is excellent, especially in terms of anti-phishing policies. 

The solution's information protection around sensitive labels and compliance-related security features are also very valuable.

Defender for Office 365 provides excellent visibility into threats; we can see the attacks and phishing campaigns running against our users from the portal.  

The product helps us prioritize threats across the enterprise, which is essential because most of our clients come to us with alert fatigue. They have so many alerts they often need help determining which ones to work on, and the solution's threat prioritization helps us narrow that down.  

The comprehensiveness of the threat protection provided by Microsoft security products is excellent; we wouldn't use any other third-party security solutions, and it all comes packaged with Azure or an E5 license.    

Microsoft Sentinel enables us to ingest data from our entire ecosystem, which is vital because when we deliver security products for clients, one of their primary requirements is to collect all the on-prem logs and put them in the cloud. Sentinel is capable of this and requires some expertise to operate in this way. 

Sentinel allows us to investigate threats and respond holistically from one place; that's what it's built for. We work offsite as we aren't in the same region as our clients, so the ability to respond remotely is essential to us.  

Several simulation options are available within 365, and the phishing simulation could be better.

I want to see improvements that will make the tool easier to operate. 

We've been using the solution for one year. 

The product is stable. 

Defender for Office 365 is scalable. 

We never had to contact technical support. When we encounter an issue, we can search for a solution on the internet or YouTube, for example, for specific configurations. There's excellent community support available.

We didn't previously use a different solution. When I joined the company, we were and remained Microsoft Gold Partners, so we don't have any other third-party tools.

I wasn't involved in the initial setup, and the solution is lightweight in terms of maintenance. A yearly configuration review is sufficient. 

Defender for 365 comes in various plans and licenses, along with other Microsoft security solutions. Purchasing this kind of package or security bundle gives good value for money, and that's what I recommend.

To a colleague who says it's better to go with a best-of-breed strategy rather than a single vendor's security suite, in terms of pricing, it's better to get a good package for security solutions from one vendor rather than multiple vendors.  

I rate the solution eight out of ten.

Multiple integrated Microsoft solutions work natively together to deliver coordinated detection and response across our environment, and we Microsoft Sentinel to our clients. It's a SIEM tool, and once we configure Defender, we can push alerts to Sentinel, which is valuable.   

We leverage Sentinel's SOAR capabilities with the help of Logic Apps, and many libraries are available to make automation easier. However, some complexity is involved in developing Logic Apps, so it requires some expertise.