Regarding visibility into threats, Automatic integration enables Microsoft Defender on the level of subscription on the virtual machine. On the level of resources, and OS services, the direct integration between Azure Resources and Microsoft Defender is very smooth. The solution is perfect compared to using third-party software such as antivirus, Symantec, or any other option. We may face some issues in some integrations, but Microsoft Defender for Endpoint integration with Azure Resources is much better than trying to integrate with other solutions.

We use additional Microsoft solutions such as Gateway which is automatically integrated with Microsoft Defender by enabling it from the portal.

The integrated Microsoft products we are using work together to provide a coordinated detection response. The logs are all integrated and sent to a Log at network spaces. Level network spaces and Azure Monitor are already integrated with Microsoft Defender, and if an alert appears in the environment from a firewall, the web, or any other security component, it will automatically generate a security alert on Microsoft Defender. Microsoft Defender becomes the interface or supporter that manages all the security alerts in the environment.

All of our subscriptions are on the Cloud. We don't use anything on-prem. Microsoft Defender is a portal that manages all Endpoint Defender resources in an environment. This includes Defender for Endpoint on virtual machines, Defender for Cloud, Defender for App Service, and any other Defender resource.

We integrated Microsoft Sentinel with Defender Endpoint enabling us to ingest data from our entire ecosystem.

We utilize the interface for our Security Environment. We don't install any other third-party products such as Microscan at the outset, but we are a partner of Microsoft, and we only use Microsoft products.

We act according to the automatic alerts triggered by the Microsoft Center.

Microsoft Defender for Endpoint helps us eliminate the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription and the vulnerability that needs to be remediated for each resource.

Having a consolidated dashboard allows us to address the vulnerabilities that automatically appear on the portal sooner using the recommendations provided by the solution.

Microsoft Defender for Endpoint automatically protects our environment once a virus or malware is detected without any action from our end.

Microsoft Defender for Endpoint has saved us time detecting viruses, but we still have to manually manage any viruses related to the Windows updates batching in order to fix vulnerabilities on a monthly basis.

The solution has decreased our time to detect and respond to threats. Microsoft Defender for Endpoint should secure the environment automatically. We just act when any threat is detected on the back end by the SOC team.

It probably could help me prepare for potential threats before they hit. The nice thing about it is that it has filtering. I can filter on different logs and say, "I'm looking for this user and every place he ever logged into. I can filter on his name and the scope of the machines I'm looking at. If there's a bad actor, a different version of software, I can pull that up. It has simple filtering and advanced filters, which really help out a lot. It does speed things up.

I rely a lot on Defender for Endpoint to find a lot of stuff for me. With Microsoft knowing about a threat in the wild, something that hasn't hit me yet but it's out there and I'm vulnerable to it, it will detect those vulnerable systems for me. I rely on that to patch or update that operating system.

When you install an OS, it could be a year old, it could be brand-new, or it could be five years old and it's not patched and updated. Sometimes there are apps on it, from Google or Adobe for example. This will tell me that my Adobe Acrobat has so many vulnerabilities and that I need to bring it up to this date because I've got 13 vulnerabilities that could be hacked. I rely on it quite a bit to pull those notices together and alert me on what needs to be updated. I don't have to actually hunt for a lot of it. It does the hunting for me automatically.

Our deployment is still a work in progress, but it will enable us to mature and automate our cyber incident response and threat security posture. Defender helps us automate routine tasks and the findings of high-value alerts. That's the SOAR part we hope to achieve with the project reaches maturity.  

Defender simplifies things if you are managing a multi-cloud environment or a hybrid deployment. Instead of having 10 dashboards, you're now down to three. It creates a fabric. Do I have a single pane of glass? No. However, I have three panes instead of ten.

It can give early warning signs. I'd stop short of saying Defender protects, detects, responds, and remediates. It still doesn't do the remediate part. Defender will ultimately save time and money when we've fully implemented it. I'll find more problems, but I think the integration will save me a lot more time on the operations,  incident response, etc. It's all speculative until you're fully deployed and got key metrics to prove it.

Microsoft Defender for Endpoint provides visibility into threats. Using the solution we can see threats easily and address them in order to protect our devices.

The solution provides an overview and we can configure it to have a higher queue, to take action against any risks.

The prioritization of threats is very important to us. With Defender, we can prevent attacks in a number of ways. When we are alerted about a potential threat, it is important to prioritize and take action quickly. We can check the type of incident and confirm the threat level.

We also use Microsoft Sentinel. The solution enables us to investigate threats and respond holistically from one place. Our success is also a result of our four-year investment. I have invested a lot of time in studying Microsoft products and technical subjects such as firewalls.

Microsoft Defender is a good tool. As an anti-virus solution, it helps monitor for any attacks. The solution works similarly to an alarm and is very important. Microsoft Defender is the best protection solution for me, it's safe to use, and I can see the alerts in real-time.

The benefits of Microsoft Defender for Endpoint are immediately clear when implementing it across the enterprise. Within a week the entire enterprise noticed the benefits. The solution communicates with all employees through all devices across the organization. For me, Microsoft Defender for Endpoint is the best.

Microsoft Defender for Endpoint has saved us around two months a year of time.

The solution significantly reduced our detection and response time because it is integrated with all the devices across the enterprise. All the devices are constantly being analyzed and monitored so in the instance there is an anomaly detected we are notified and able to respond quickly.

The solution helps us prioritize threats across the enterprise, which is essential for every organization. If a malicious actor or another type of threat gets into the network, we need to know exactly what's happening, how it happened, who triggered it, lateral movement, etc.  

Defender for Endpoint is a 360° solution that sees and covers all areas. Microsoft also has a zero-day protection framework, so they are thinking ahead.

The product decreased our time to detect and respond to threats.

Its visibility is the most useful part of it, and it also increases the effectiveness of your response. You spend less time asking the users the standard question of what did they click on. To which, they usually say that they didn't click on anything. You can go in ATP, and you can see that they opened an email and then clicked on a link, and the link is this. There is no hiding this. Users do lie.

You can detect threats that are not necessarily known because of a behavior. If you have Internet Explorer opening a command shell, that is not normal. That does not happen unless there is some kind of malicious activity. It is also very good for visibility into what PowerShell scripts do. PowerShell is a double-edged sword. It is very powerful, but in a lot of cases, there is no visibility on what it is doing. With ATP, we generally have that ability.

The solution offers better management of endpoints when it comes to antivirus and malware. It allows us to separate the functionality of managing that security area rather than putting it with the infrastructure team. The infrastructure team handles the monitoring services. At the same time, virus and threat detection can go to the core security team, which takes a load off the infrastructure team and allows the security team to concentrate fully on security.

Defender for Endpoint helps automate routine tasks and the finding of high-value alerts. Once we set our rules, including attack surface reduction (ASR) rules, there's a lot of automation capability. We can apply definitions for all endpoints across our organization.  

The solution helped eliminate having to look at multiple dashboards and gave us one XDR dashboard, which positively affected our security operations. There are four staff in the department, so they appreciate this kind of management. They can see everything from one place, and our security picture is more integrated. They can even carry out basic auditing from the dashboard.  

Defender for Endpoint saves us time because we can quickly go in and search for issues raised by the security department and eliminate the threat. We have 3,000 assets, so it saves the network around half an hour and the infrastructure staff a couple of hours.   

Defender for Endpoint helped to bridge the gap with remote workforce solutions because it protects managed and unmanaged devices. It's also easier to use because Defender for Endpoint is cloud-managed, so it stays maintained and updated. It has a leg up on competing solutions that require more system resources and maintenance. 

The tight integration with Microsoft operating systems is another advantage because it's easier to manage. It also goes beyond Windows OS. Defender for Endpoint supports other platforms and operating systems, such as Linux, iOS, and Android. I like that Microsoft is expanding the product's scope beyond Microsoft operating systems. Microsoft is developing a holistic approach, so you don't need a third-party product to protect these other non-Microsoft platforms.

Defender helps us to prioritize threats across the enterprise. The weighted priorities are based on all the MITRE security standards. Defender products work together to provide comprehensive protection. I agree with the placement of Defender Products on Gartner's Magic Quadrant. Defender is a leader in that area of threat protection. I'm pleased with the outcome of a lot of the investigations. I can protect and harden areas that didn't usually didn't have that level of visibility and granularity. 

Defender integrates with Sentinel, enabling me to ingest data from my entire ecosystem. Sentinel also covers non-Microsoft products with the third-party connectors that are provided. I enjoy that part of the Sentinel functionality and feature set. It has several features for aggregating the log data and analytics for the on-premises environment. Having that visibility is crucial.

Sentinel provides the SIEM and the SOAR capabilities, offering a single pane of glass for all of the security operations centers and providing on-site reliability for many of my clients. Sentinel is Microsoft's answer to competing tools such as Splunk and other log application tools. Sentinel seems to provide more added value from the ease of use and visibility. The licensing is also competitive.

You can set up Sentinel to forward alerts if you want to create a managed Cloud environment solution for Sentinel for a client. There's a way to set that up through Azure Front Door. You're seeing the data reporting and single pane of glass for other tenants and customers. It enables you to offer security as a service to maintain visibility for clients.

I like that it considers the status of a device (whether the device is online or offline, VPN or not, etc.) and provides several options for telemetry, depending on where and how the device is being used. It gives a lot of flexibility with the installations, maintenance, and management of the Endpoint solution. In addition to Defender for Endpoint's feature set, other parts of device management reduce the attack surface and protect those devices.

Defender's automation features have been a significant advantage with many of my clients because the remediation has been automated. Most of the time, it doesn't require any human intervention unless there's something that hasn't been set up. I must demonstrate the automated investigation and remediation to my clients to ensure their environment is automatically protected on weekends and after business hours.

The single pane of glass is vital to us as security consultants and our clients, who need a high level of visibility. You can go into the high-level executive dashboard view and drill into each telemetry graphic to provide you with more granular data. I see how easy it is to see the big picture and effortlessly drill into the details using the side navigation menus and more.

Consolidating things into one dashboard streamlined them significantly. When working with multiple tools and vendors, you typically have to stitch the reporting together to get an overarching view of everything. It's time-consuming. By the time some of these tasks are accomplished, the data starts to get stale, so you need to refresh and create an all-new view again. Having real-time capability in a single pane of glass is essential.

Defender Threat Intelligence helps us develop a forward-looking approach to threats and plans. That's one aspect of the product I find incredibly helpful. It will highlight things that may require intervention, such as turning on conditional access rules or setting up some geofencing for anything that looks like it could be a password spray attack from a known location that we can block. 

There are opportunities to turn off any legacy protocols that may be in use. That's been a common thread with some of my clients who still use legacy protocols for sign-in and authorizations. The ability to do that has been a considerable help proactively.

You don't know what you don't know until you know. The continual flow of real-time data and analytics from Defender products helps create a security roadmap and harden many areas. With improved visibility, we can build a better roadmap to harden those areas by prioritizing and doing things methodically. Previously, we were guessing what to do next or what would be most important based on an educated guess. Now, we have data to guide our security decisions.

Microsoft Defender has saved us hours and hours. It has probably paid for itself many times over. I would agree that it has saved a lot of time and money. I estimate it probably saved us the equivalent of two people working full-time. You typically have at least one person overseeing on-premise resources and another dedicated to cloud resources.

The visibility is great. For example, Microsoft Defender for Endpoint's portal has a section called threat analytics. There's a threat intelligence box. So all new threats and trending threats are visible. If any of our devices in our organization are susceptible to this threat, the solution will let us know because it searches for that specific particular vulnerability, which can be exploited. The Microsoft threat analytics tool gives us that type of visibility into the threats that might affect our organization. For example, the threat analysis updates every half hour to one hour with the top ten latest threats. The scan tries to ensure that these threats don't belong to our organization and if they do, it identifies the infected device. Microsoft Defender for Endpoint makes a lot of security recommendations when we onboard it to quarantine a lot of security recommendations that help to improve the security posture of our environment.

Microsoft Defender for Endpoint assists our organization in prioritizing threats across our enterprise by providing security recommendations based on the weaknesses in our organization. It includes a department that provides management licenses and uses analytics to identify high-priority threats in our environment. This is connected to a common protocol that assigns a priority level of five to devices with vulnerabilities, indicating what actions should be taken. Thus, we have all the necessary information in one place.

Prioritization is crucial because there is a possibility of a high-priority threat entering our environment. This is how the solution determines the priority of threats. For instance, if one of our high-impact business devices is vulnerable to a top-priority security five threat we need to address it first. Alternatively, we may choose to address the sixty computers with a level two or three security threat, which are mostly associated with lower impacts. Therefore, prioritization aids in determining which critical business infrastructure requires immediate attention.

There are several lines with multiple solutions, but Microsoft offers a comprehensive solution with its E5 license. This license includes a wide range of features such as purview information protection, data protection, and other business-related tools. In my previous experience, I have noticed that some organizations utilize multiple Microsoft products, such as Defender for Endpoint, Identity Management, Defender for Cloud Applications, and Defender for IoT. This combination of different products can be quite useful.

Microsoft Defender for Cloud on Azure can be easily integrated with Defender for Endpoint, including on-premise solutions that can be onboarded to Azure with different subscription values. The integration will already onboard it to the device with Defender for Endpoint, along with additional features such as Just-in-Time Access, Defender for Vulnerability Management, and Control Sign-in Monitoring. These features provide robust cloud security monitoring and can be added to Defender for Endpoint. Moreover, Defender for Cloud is integrated with Defender for Endpoint portals, enabling a one-stop shop for onboarding devices with all the cloud posture management required for a single computer or software. This integration is highly beneficial, and other applications can be similarly integrated.

It is easy to integrate Microsoft Defender for Endpoint with other solutions.

These solutions seamlessly integrate to create a zero-trust platform, as offered by Microsoft. This platform ensures protection from various threats such as networks, applications, and infrastructure, with the added benefit of Microsoft Sentinel. The Sentinel tool combines threat analytics from multiple sources into a user-friendly workspace, providing optimal productivity. Additionally, sending logs from any of these products, including Sentinel, to the cloud connector is a simple process.

The integrated Microsoft security products offer comprehensive threat protection, such as Microsoft Defender for Office. With these products, our office is now able to identify and address email threats in a single platform, instead of checking each platform individually for application, identity, vulnerability management, and endpoint security. Moreover, these products can be easily integrated into a single workspace solution. With the help of pre-existing methods in Sentinel, we can efficiently handle a large number of alerts that we receive. Rather than going through each alert individually, we can activate a playbook that provides solutions for common alerts and takes actions in parallel to resolving them. This integration simplifies the process of achieving a complete security solution.

When we transition from on-premise servers to Azure ARC resources and activate Defender for Cloud Applications, it becomes easier to manage our servers from different networks, especially when it comes to security features. For example, we can check the compliance of our devices and organization with PCI DSS or other security protocols. Running compliance checks during the transition while syncing data with a different SL Cloud provides us with a significant amount of data and valuable information, including recommendations for improving compliance. This process involves bi-directional communication between devices, the cloud, Azure, and different network clouds.

Microsoft Sentinel allows us to easily ingest data from our entire ecosystem.

Microsoft Sentinel allows us to investigate threats and respond holistically from a single platform. Sentinel is both a SOAR and SIEM solution, meaning we can perform responses, but we must create a separate playbook for them. The default method may include some pre-built responses. The most important aspect is that if our company uses SentinelOne instead of Defender, we can still easily send logs through our Sentinel Workspace using API calls. This can be accomplished with a few connections, and we can create our own playbooks for different types of alerts. For example, if SentinelOne is not sending data, we can generate alerts of this type and respond accordingly. This significantly reduces user effort.

The security protection offered by Sentinel is extensive. It can be integrated with any Microsoft solutions, including information protection, and can be connected directly to Microsoft's threat intelligence sources and other resources. This allows for comprehensive protection.

Our clients have reported that Sentinel's cost and ease of use, in comparison to other stand-alone SIEM and SOAR solutions, are favorable. They find the user-friendliness of Sentinel to be worth the cost.

Microsoft Defender for Endpoint assists in automating routine tasks and identifying high-value alerts. We can automate actions based on the alert's sensitivity, and in case we are uncertain of how to handle those alerts, we have the option to seek assistance from a Defender expert. This feature is particularly valuable, as it can provide guidance in identifying and investigating such alerts.

Microsoft Defender for Endpoint helps eliminate multiple dashboards by giving us one XDR dashboard.

The solution's threat intelligence helps us detect and respond to threats proactively by identifying suspicious behavior.

Microsoft Defender for Endpoint has been instrumental in saving us time by alerting us about potential threats and automatically guiding us through the necessary steps to eliminate them. The solution logs all the actions taken, saving us from having to spend valuable time retracing the steps.

By detecting threats in advance before they can propagate, Microsoft Defender for Endpoint helps our organization save money. The tool helps to identify potential security risks early, preventing their escalation and the associated costs of mitigation.

Our detection and response time has improved. This is thanks to Microsoft Defender, which has Endpoint Detection and Response capabilities. Before, we used to manually create policies to address security incidents, but now the system can automatically remediate issues without us having to intervene.

It takes automated actions. If a device is found to have a virus, it will automatically remove it, isolate the device, and then notify us to follow up. That way, things are less critical when we get to them. It will stop the spread. We're a worldwide company with very few people on the security staff. It allows us to remove the risk in an immediate fashion without the staff having to jump on it, which just takes time.

It helps us prioritize threats across our enterprise. We have limited resources to deal with the threats. So, this prioritization is critical to us.

We use more than just Defender for Endpoint. We use Defender for Identity, Defender for Office 365, and Cloud App security. We use the whole 365 Defender suite. It is easy to integrate these products. The challenge is having all the features in your environment and obviously making it work within your environment because of your different applications and business processes, but all these solutions work natively together to deliver coordinated detection and response across our environment. This is critical for us because we have limited resources. So, allowing the machines to talk to each other and not having to jump from place to place just makes life a lot easier.

We use Microsoft Defender for Cloud for the hybrid cloud environment. We are not multi-cloud at this point. We use it to identify weaknesses within our environment, both prem and off-prem so that we can prioritize. We do not use Sentinel at this time.

For the most part, it gives me what I need in one spot. I do have to drill down into other dashboards for more defined reports. We go into the Intune dashboard for compliance and things like that.

Its threat intelligence helps prepare us for potential threats before they hit and take proactive steps. We use the secure score to help identify what we need to do to protect against things as they come up. It lets us know about any ransomware out there so we can jump right on those and do protections. We also use it for the compliance piece against NIST, PCI, and things of that nature.

It saves time. If I didn't have the integrated pieces of Microsoft Defender, to do the same amount and be on top of things, I would probably need two FTEs.

It has absolutely decreased our time to detect and time to respond.

It has reduced admin overhead. Because it comes inbuilt with Windows, we don't have to deal with the complication of using a third-party solution. We stopped using Symantec Antivirus three years ago. Previously, we had to find a person who knew how to manage Symantec Antivirus. Now, we don't have that overhead. It is also less taxing on the admins because they don't need to license an extra software every year and then deploy and manage those licenses. Everything is seamlessly managed from a central application.

Our full backup is on OneDrive. We had deployed separate storage area networks to back up important data for off-site users, not on-site users. In the current scenario of work from home, users need to establish a VPN connection to run our backup system. When they are at home, we cannot back up their systems if they don't have good connectivity. We also can't tax their broadband connections. Incorporating OneDrive as a backup solution with Windows Defender and Windows 10 has helped us immensely. We were not prepared for having people working from home because we always worked from the office, and 100% office attendance was required, but due to the pandemic, people moved to their hometowns, and we could no longer manage those systems. It became a headache for us when people used to report that their Windows got corrupted. Because they were working from home and there is a big problem of electricity in India, if electricity is not there, the systems suddenly shut down, and the registry gets corrupted. All these things are difficult to handle when you're at a remote location and you don't have your eyes and hands on that particular location. In such times, Windows Defender became a very big helping hand in managing the recoveries of such systems. The backups managed from OneDrive were very helpful. It has saved hundreds of hours of restoring the system in case something goes wrong. There was an instance where a user opened a spam message, and a ransomware attack was done on that system. Because the backup is managed by OneDrive, within 17 hours, this user's whole laptop was recovered without physically working on that laptop. Because of slow connectivity, it took time, but we were able to recover. This is the best feature of having OneDrive backup on the fly and recovery on the fly. These 17 hours were peanuts as compared to the data that we were able to save. This is the best selling point of having OneDrive as a backup with Windows Defender and Office 365.

This solution definitely increases our security posture. When you are reviewing your existing fleet or endpoints and based on the configuration that you put out of your Defender for Endpoint, you then receive a security score from Microsoft. Depending on what rules you have configured, what policies you have deployed, and what attack surface reduction rules that you have set up and deployed, it is almost gamifying information security in the sense that you are always trying to achieve a higher score. The more hardening you perform on your endpoints, the better score you receive. This generally tends to give you a better peace of mind, but also makes you secure at the same time.

Microsoft Defender for Endpoint offers excellent visibility. We can observe all the details regarding the attack process, such as the type of activity that occurred, including the entire MITRE ATT&CK framework. This enables us to view the initial actions, the device involved, the IP address used, and the extent of the impact on users and devices all through a single interface.

Microsoft Defender for Endpoint definitely assists us in prioritizing threats throughout our enterprise. Based on the signatures, the alert categories are related to high severity, medium severity, and low severity. Therefore, we can determine which alerts require our focus and prioritize them accordingly.

I am currently the Subject Matter Expert for Microsoft within my organization. This encompasses the entire Microsoft security suite. I specialized in working with Microsoft Sentinel. In the past, I was a part of the Microsoft Sentinel team itself, back in 2017 when Sentinel was in its pilot version, known as Azure Security Insights. 

It's very easy to integrate the Microsoft solutions. We have data connectors and APIs readily available. There are no difficulties. If we teach an unfamiliar person for a week how to use Defender for Endpoint and Microsoft Sentinel, they can likely gain insight into the basics of integrating Defender for Endpoint, Microsoft Sentinel, Defender for Identity, or Defender for Cloud Apps.

These solutions work natively together to deliver coordinated detection responses across our environment. When an incident is detected in Microsoft Defender for Endpoint, the same incident will be captured in Microsoft Sentinel within a few minutes. The integration capabilities with both Microsoft and third-party solutions are valuable.

The comprehensiveness of threat protection provided by these Microsoft security solutions is combined into a single interface. We can access all necessary features from one place. The combined solutions offer us User and Entity Behavior Analytics, Endpoint Detection and Response, on-premises, and cloud application security. While no single product can handle everything independently, by implementing basic security practices across all Microsoft products, we achieve a comprehensive threat detection system.

The bi-directional sync capability is a feature that allows us to enable safe devices in both Defender for Cloud and Defender for Endpoint.

Sentinel allows us to ingest data from across our entire ecosystem. If we are utilizing third-party firewalls or other products, we can employ APIs to integrate those solutions with Sentinel.

Sentinel allows us to examine threats and respond comprehensively from a single location. Within this location, we can utilize SOAR playbooks to accomplish different tasks, such as blocking all compromised email sign-in sessions with just one click.

Sentinel is a comprehensive security product, owing to its integrated SOAR, UEBA, and threat intelligence capabilities. UEBA employs built-in machine learning to identify users with high, medium, and low-risk profiles. The user interface also includes a feature that enables us to log out of the user. Threat intelligence has the ability to assimilate all access information from third-party solutions and identify threats originating from the internet. Sentinel consistently operates proactively to prevent compromises. 

I used to utilize Splunk back in 2015, but I have recently transitioned into being a Microsoft security advocate due to the cost optimization benefits. Microsoft Sentinel's pricing is based on the data we ingest. We have the flexibility to choose different models, such as the pay-as-you-go model or the bandwidth model. For instance, if we ingest 500 GB of EPS, we will incur charges for that usage; however, a 20 percent discount is applicable in this scenario. The pricing is directly linked to the amount of data we ingest, which is advantageous. I prefer not to ingest certain security events that are intended for operational purposes. By excluding these events, I can effectively reduce the overall cost of using Microsoft Sentinel. Additionally, being a cloud-native tool eliminates the need for any physical hardware. With just one click, the entire installation process is completed.

There are three ways Microsoft Defender for Endpoint has benefited our organization. The primary advantage is the optimization of our organization's scanning process. We have established a bi-weekly scanning process that runs at midnight, encompassing all machines. This stands as the foremost enhancement. The second advantage revolves around obtaining visibility into vulnerabilities within our environment. Considering our role as an MSSP, responsible for managing over 25 clients, this visibility holds paramount importance. Within Defender, a particularly noteworthy feature is the enabled management. This provides us with the latest information regarding vulnerabilities within Microsoft products as well as third-party software. The third and final advantage pertains to responding to emerging threats. For instance, in the case of a new attack, such as the recent CVE 3688, which targets a Microsoft Office vulnerability, including a zero-day exploit lacking an available solution, our Microsoft-oriented threat intelligence block comes into play. Through custom query languages deployed within Defender, we have the capability to identify anomalous activities. Additionally, this third point ties in with the Application Guard rules. These rules have proven instrumental in proactively preventing ransomware attacks. They operate by automatically obstructing any suspicious processes occurring within the Office environment.

Defender for Endpoint assists in automating routine tasks and identifying high-value alerts. We have APIs established, allowing us to develop our own dashboards using the Defender for Endpoint APIs. For instance, we can utilize Power BI to generate a security report, providing a comprehensive overview of the organization's internal activities.

It has eliminated the necessity for multiple dashboards. This pertains to the MXDR dashboard, which stands for Microsoft Extended Detection Dashboard, as well as the Detection Response Dashboard. Essentially, we have consolidated these into a single comprehensive dashboard, developed entirely by Microsoft. This unified dashboard streamlines the process of accessing organizational insights. As a result, there's no longer a need to access different security products to view their respective dashboards. Within Defender for Endpoint itself, we offer an array of security reports, all conveniently accessible with just one click. For those who may not find the reports relevant, we also provide the option to utilize our in-house developers for Power BI integration. This entails having a centralized dashboard where data from all products is collected and displayed in one location, facilitating a holistic view of security reports.

The integration into a single dashboard has simplified our security operations. Previously, our team had to perform numerous manual tasks for all customers. Therefore, with automation, when we present the report to the customers, they are quite impressed with having everything in one place. 

Microsoft Defender for Endpoints' threat intelligence assists us in preparing for potential threats before they materialize, enabling us to take proactive measures. We identify these proactive threats due to the presence of a threat entry system. If any IOCs are obtained, they are undoubtedly identified by Microsoft Sentinel. Moreover, we have set up indicators ingestion for Defender for Endpoint. This process involves creating steps to acquire data from third-party sources and directly inputting it into Defender for Endpoint. Since Defender for Endpoint has a capacity limit of 15,000 indicators of compromise, we can only ingest data up to this extent. Any surplus data will be automatically removed, provided their IOC scores fall below 60 within a month. Consequently, new IOCs will replace the removed ones.

It has saved our organization around 30 percent of our time in terms of not having to worry about malware. When any malware does get in, it is automatically remediated. Now, the main portion of our time is dedicated to conducting in-depth investigations and identifying other occurrences.

We have cut our organization's costs in half compared to our previous solutions. This is mainly due to the automation of most tasks, which means we now only need ten people to manage 20 customers, a significant reduction from the 30 engineers we needed before.

Microsoft Defender for Endpoint has significantly reduced our time for detection and response. Our Service Level Agreement entails detecting issues within 15 minutes and responding within 30 minutes. Defender for Endpoint has greatly contributed to these time savings. The incidents that we used to address using Splunk required extensive coordination within our team and with our customers, leading to substantial time consumption. Previously, resolving a single incident took around 40 minutes. Presently, this process takes approximately 15 minutes.

Microsoft Defender for Endpoint allows our threat hunting and threat remediation teams to reduce the footprint of viruses when they come on the network.

We have immediate visibility on all endpoints. It is very good at visibility.

For prioritizing threats across our enterprise, the threat-hunting system in Microsoft Defender for Endpoint is not top-notch. We usually integrate it into things like our SIEM or Sentinel or other things to prioritize or our SOAR system to automate.

We can feed the alerts coming out of it into our XSOAR system to immediately act on events versus waiting until people see them and use the ticketing system.

Microsoft Defender for Endpoint has saved us time. It has saved us at least 40 hours a week. We are able to automate and have the ability to handle threats on an enterprise with 50,000 devices.

Microsoft Defender for Endpoint has not saved us costs. It is a Microsoft product.

Microsoft Defender for Endpoint has reduced our time to detect and respond. By going from a manual process to an automated process, depending on the severity, the time reduced has gone from minutes and days to seconds.

We have seen improvement in all our endpoint vulnerabilities, which is very crucial for us. If this had not been implemented, we would be in trouble because our endpoints would be unprotected. It has definitely improved the security posture of our organization.

Also, automated investigation, protection, and alerts have affected our security operations in a positive way. We get to see the vulnerabilities quicker, and we get to see the root cause analysis as well.

Defender for Endpoint has also eliminated having to look at multiple dashboards. The Endpoint portal is sufficient. It is easier for our security operations team to look at the vulnerabilities and reports and plan for remediation actions.

In addition, the moment the solution's threat intelligence provides a suspicious IP or a suspicious URL, we block it right away. We are more secure. It has helped our security operations detect things in advance and preempt any vulnerabilities.

We have seen productivity gains in terms of the mean time to resolve issues, on the order of 20 to 30 percent. We have the unified dashboarding and reporting, the investigation, and automated remediation. Saving 20 percent of our time translates to saving money.

Defender helps us prioritize threats across the organization. When we needed to update the patches on our endpoints, we could look at all the patches and see what still needed to be fixed. We could decide whether it's necessary to address something urgently or deploy it as part of routine monthly maintenance. It's crucial to have the insights and a report that I can show to an executive to demonstrate that we need to act fast. This is less common because most people accept your hotfixes and patches when they come out, especially monthly security updates. However, some older shops might be like, "I'm running Windows 10. No one's touching this." We still need to service and support those machines, too. 

The solution helps us automate routine tasks and alerts. There's a dashboard where I can see the statuses of my machines in the environment. It helps us breathe a little bit easier. We're responding to businesses that had shifting needs during COVID. How can we be more proactive and help them to be more proactive? We shifted from traditional PC antivirus software to stuff that's totally different. I can't say it's "set it and forget it" because that implies a lazy mentality. However, I know I have a level of protection that I can have faith in. 

Defender helps us be more proactive. I find value in the zero-day threats that get fixed from Microsoft bug fixes or security updates. I can read and research about those zero-day threats from Microsoft's public site without digging too deeply into the Defender side of things. 

We've saved some time with Defender for Endpoint because we were doing a lot of unnecessary remediation with the other products. We had a series of servers that our previous product was installed on. It would blue-screen the server at random, and you can't have that. I'm not worried about Defender impacting my system stability. We put a lot of high-performance systems out there, including PCs and backend compute. I want to ensure we won't be overburdened by unnecessary security software that may not be giving me the protection I want.

Defender's reporting saves us four hours to eight hours each month. It has many of the standard reports we need built in, so it's effortless to generate and pull from. The time we save in other areas isn't as easy to quantify. I don't have to worry about the stability of a box or a computer cluster. 

It has decreased my detection time. On Wednesday, I got emails notifying me that new vulnerabilities were detected. They weren't new, but they were newly disclosed because patches came out for them. It has enabled us to react much quicker. 

Microsoft Defender for Endpoint's visibility into threats is good. The solution helps us prioritize threats across our enterprise.

Microsoft Defender for Endpoint has helped our organization by providing continuous protection across our organization without overloading our CPUs by running in the background. We realized the benefits of Microsoft Defender for Endpoint while we were comparing it with other solutions.

Microsoft security solutions help automate routine tasks and identify high-value alerts. I used to work as a System Administrator or Network Administrator, so I understand how useful it is for admins to have their routines automated. I am aware that the solution supports policies and ensures that it is very beneficial.

Automation has enabled the process to be automated, such as protecting certain roles or allowing digital transactions, etc.

Microsoft Defender for Endpoint's threat intelligence helps us prepare for potential threats before they hit and to take proactive steps.

Microsoft Defender for Endpoint saves us time and money.

The solution has helped reduce our time for detection and response.

The ransomware and some of the other features that are built into it give you more telemetry now. From the security side, I don't look at what an endpoint solution does. I look at what it gives me. I need data. I don't want something to just say, "Oh, I stopped it." That's good, but I need to be able to figure out what did it stop. Was it a good thing or a bad thing that it stopped, and what is it doing. I need to be able to break that down and go deeper into that analysis to figure out what is being stopped. Microsoft Defender is doing that now and is giving more telemetry. It doesn't give nearly as much as Bitdefender does, but it is pretty good.

It is built into Windows 10. So, I don't really have to go out and get an extra or a separate endpoint security solution. It stands on its own. I have some clients who are using Microsoft Defender, and it is perfectly fine because my SOC can actually get the telemetry from Microsoft Defender and use that as well. Microsoft Defender does have the telemetry information, and I can get some of that out of it for my SOC. I can use what's built into it to stop and do more of a response layer. I can use Microsoft Defender to stop something right there.

The deployment of Microsoft Defender for Endpoint is a no-brainer when it comes to Windows. When you provision a new laptop for your environment, it comes with it. We use Intune to be seen on the cloud for centralized management. There's actually a console where you can go in and manage it properly, and we use Intune to deliver the onboarding.

The solution provides a high level of visibility into threats and is integrated with other solutions such as Microsoft Defender for Identity. This integration enables the solution to receive signals from Microsoft Defender for Identity, which are then relayed to users who attempt to log in to an infected device. If the threat originates from Microsoft Defender or Office 365, users are alerted and advised not to open any suspicious links or attachments. This integration greatly enhances the investigation experience and is extremely useful in the detection and analysis of potential threats.

Microsoft Defender for Endpoint helps prioritize the threats across our organization.

The automatic investigation response is the key feature of Microsoft Defender for Endpoint. It enables us to concentrate on the critical incidents related to the endpoint or machines. This capability enables the security team to focus on the most significant alerts or incidents related to the device's self-analytics. Prioritizing our investigations and responses with Microsoft Defender for Endpoint is crucial.

The integration with Microsoft solutions is smooth, and integrating with other products can be done with just one click.

In most cases, the solutions work natively together to deliver coordinated detection responses across our environment, which is very helpful.

The comprehensiveness of threat protection offered by Microsoft's solutions is extensive. These solutions can thoroughly investigate all resources in an organization when deployed correctly according to best practices. They can detect any threats related to email, endpoints, and identity attacks, whether on-premises or in the cloud.

Microsoft Defender for Endpoint has been instrumental in enhancing our organization's operations. It detects the majority of threats aimed at our devices, aiding us in our efforts to combat threats. Additionally, it expedites the investigation process by running playbooks on incidents. This saves us time and increases efficiency. Furthermore, the integration capabilities of Microsoft Defender for Endpoint allow us to address the source of the threat by partnering it with other solutions. Microsoft Defender for Endpoint can be integrated with Microsoft Intune, allowing us to provide device signals to the latter. This permits us to grant or deny access to specific sources based on device signals.

The solution assists in automating routine tasks and streamlines the identification of high-value alerts. When used in conjunction with Microsoft Sentinel, which is highly effective in detection and comprehensive investigations, the quality of high-value alerts is excellent.

Microsoft Defender for Endpoint has eliminated the need to access multiple dashboards and provided us with a single XDR dashboard. Instead of logging into five different portals to investigate a threat, we only need to access one portal, Microsoft Defender for Endpoint. This portal collects signals from various solutions and integrates them into a single incident, providing a comprehensive view of the detection from different sources in one place. This improves our visibility and simplifies the threat investigation process.

Having a consolidated dashboard saves us a significant amount of time by eliminating the need to log into multiple portals. This single portal can be used for investigation purposes and can relate to various aspects. It simplifies the process of monitoring a multitude of sources or resources in the environment, making it easier to detect and investigate potential issues. A consolidated dashboard improves collections and visibility, streamlining the investigation process.

The threat intelligence provided by the solution helps us prepare for potential threats and take proactive measures before they occur. Many of Microsoft's security solutions now depend on Microsoft's security intelligence. The ISG collects signals from various products worldwide, providing extensive information on recent global threats targeting different products. Integrating with Microsoft Defender for Endpoint, this information is particularly helpful.

The solution has helped us save time. I suggested that we check Microsoft Defender for Endpoint daily to review the latest incidents that occurred during the process. We can quickly examine the incident and then take action based on the recommendations provided by either Microsoft Defender for Endpoint or Microsoft 365 Defender, as it consolidates the signals.

This solution is cost-effective since we would otherwise have to pay for multiple licenses if we were to use various solutions. Additionally, we prefer not to subscribe to multiple vendors for different services. By integrating these features, we save time, and they are already integrated by default, unlike other vendors who may not offer this feature or integration.

MDE eliminates the need to look at multiple dashboards, given it has only one XDR dashboard. It has a good user interface for looking at campaigns and the big picture as opposed to just one incident. They also have good graphics.

MDE decreased the time it takes to do detection and response. It allows us to quickly look at the timeline and see what caused the alert. In my organization, they wanted to know what caused the alert, not just whether or not it was a false positive. 

If there is malware on a device, they wanted to know how it got there. If there is malware on the device from another device in our environment, that is a huge deal. If someone clicked on something in an email or went to a suspicious website on their own, that is extremely important to determine quickly in our environment. It's very helpful to determine the level of the threat.

From an administrative perspective, Defender provides a single pane of glass for us to look at compliance throughout the company and for the customers we recommended it to. That's probably the most significant piece. The governance and policy features work together for us because we can easily provide the self-attestation that we need for the federal government.

Automation at this point, as I understand, is a lot of one-offs. It depends on the particular console that you're looking at. I'd love to have them integrated. I understand that there's a larger solution for that, but it's challenging to figure out a cost estimate of what it would take to get it up and running. The automations are often tied to the separate Defender products and not always integrated, but we're still shy about buying the larger product and integrating all the logs. 

Defender for Endpoint saves time by making administration more manageable. It's at least four hours per month per administrator. We save money with Defender because it's packaged with other Microsoft solutions. It's $20 to $60 per user annually, depending on the suite you're getting. 

Microsoft Defender for Endpoint collects all system logs, activity logs, and threats. It then sends this data to the Office 365 security portal, where we can view all logs and use various analytics tools to forecast average bandwidth usage, identify programs used by users, and view which apps are running in our environment, including unauthorized apps. All of these insights are easily accessible if we have a complete Microsoft solution.

Microsoft Defender for Endpoint helps us prioritize threats across our enterprise. We have configured the standard settings and are using many Microsoft solutions, so we receive direct support from Microsoft. We have created many policies, including a standard policy for all apps and programs used in our organization. We have a list of these programs, and any that are in the Defender for Endpoint exclusion list, such as DLP software or trusted software, are excluded so that they do not slow down the process. We then prioritize the apps according to standard cybersecurity priorities. For example, if an application is vulnerable and not from a renowned vendor, it should be blocked.

We have integrated Sentinel with Defender for Endpoint. The integration was a few simple clicks.

Our integrated solutions work together seamlessly to provide coordinated detection and response across our environment. We like Microsoft's Advanced Threat Protection solution, which uses EDR and AI to protect endpoints. Recently, a user downloaded an unknown file, and ATP immediately flagged it. ATP then ran an automatic investigation and provided us with the results in the portal. We can then decide whether to quarantine, delete, or report the file to Microsoft Defender for Endpoint.

Microsoft provides comprehensive security products that have fulfilled all of our security needs and assured us that we have enterprise-grade security and do not need any other solutions. We have received positive results.

We use the cloud's bidirectional synchronization capabilities to synchronize our on-premises Sentinel agents with the Azure Monitor agents.

It is our requirement to have bi-directional synchronization between the cloud and on-premises environments because we now have users in both locations. This means that if a user changes their password in the cloud, it will also be updated in the local Active Directory. Additionally, we have some on-premises servers that require our SQL databases in Azure, so they communicate with the cloud bi-directionally.

Microsoft Sentinel enables us to ingest data from our entire ecosystem. The whole point of Sentinel is to collect logs and notify us, showing us our cybersecurity posture and where we stand. It also advises us on the policies we define for our system and whether the system in our environment matches those policies, identifying any applications that are not fulfilling those policies.

Sentinel provides visibility into our environment and we can investigate and respond to threats through Defender.

In the context of user and entity behavior analytics, Sentinel is very effective. It can identify high- and low-risk users by analyzing their daily usage activities, such as the applications they access, the websites they visit, and how they handle data. Sentinel then segregates users into high-risk and low-risk groups based on this analysis. This gives us good visibility into user behavior, which is essential for protecting our organization. While Sentinel has other capabilities, we are currently using it for UEBA.

Microsoft security has helped us save about 30 hours per month, reducing our workload.

Microsoft security has helped us save costs. In our company, we have different Office 365 licenses, including E5, E3, and F5. Some of the security add-ins are free with these subscriptions. For example, the E5 license includes SIEM, Office 365, Defender for Endpoint, and an Active Directory P1 subscription. This means that we do not have to purchase these add-ins separately, as they are included in our licensing.

Defender for Endpoint has reduced our time to detect and respond. Once an incident has occurred the AI automatically takes action and provides us with a detailed report of the investigation. It takes five to ten minutes to resolve an incident.

I haven't really seen anything in the solution that is an improvement over anything else. It's just that as we move to Microsoft cloud, it makes sense to look at some of the other products that sync between onsite and cloud. It's a stretch to say that it has inherently improved things.

Microsoft Defender is totally integrated with Microsoft 365 Azure. For example, years ago a software company that was working on-premises with Microsoft products came to us. They asked us to help them connect to Azure because with Azure, they could, of course, run their core business, but it would also help them create more value in the market. Microsoft Defender is the best way to manage on-premises devices, but also devices on the cloud.

It also helps us to prioritize threats.

In addition, the solution gives us a single dashboard that we can customize. When our security operators start their day, they look at the dashboard information. If there is a big issue, they automatically get the information. They can send an email to the team involved. The dashboard helps the security team, day-to-day, to ensure everything is secure for the client. The dashboard is really important.

And overall, the solution has saved us 50 percent of our time. It also saves us money because it prevents ransomware and web application attacks every day. Currently, with the war in Ukraine, because I work in Europe, hackers are trying to hack into enterprises, and that's another reason it's really important to have this kind of solution.

It may be saving us 30 percent, in terms of money, because once you have the system in place, you can avoid a lot of attacks and keep secret information away from hackers. When we talk about security, we're also talking about the reputation of the company. Using this kind of solution helps our clients not to lose money through a loss of reputation.

In terms of time to respond, someone who is working every day on the security operation team, can respond correctly within five minutes, to be conservative, to a problem they receive from the scanning done by Defender. It has decreased that time by about 20 percent, although keep in mind that I am a security architect and not part of the operations team.

The main improvement is that we have complete integration. For example, there were a couple of projects where I integrated the already managed platform from on-premises using Endpoint Corporation Manager with Defender. The integration between the on-premises Microsoft hybrid environment, Intune, and Defender for Endpoint is secure. It gives me a full picture of the status of the entire organization. That was unimaginable a couple of years ago, but now it's real.

This solution helps us train a lot of customers and their employees to be aware of what they shouldn't do with certain behaviors, mail, and files on their corporate computers. It helps customers to be more aware of behaviors that put the entire company at risk.

We realized these benefits from the beginning of using this solution. It gives us information from different points of view and consoles in a convenient way.

It helps prioritize threats across an enterprise. The reporting shows companies what they need to do to resolve abnormalities and prioritize what needs to be solved in order to improve the security level of the company.

Prioritization is important because it's absolutely necessary to know what has been upgraded and what hasn't. Hackers take advantage of that.

Defender gives us the ability to look at all the dashboards from a single screen. The solution's threat intelligence helps us prepare for potential threats before they hit and take proactive steps by configuring some behaviors.

Microsoft Endpoint saved us from a lot of potential problems. It has absolutely saved us time. From the point of view of our clients, the solution saves money because the main tools that are used by the platform are already integrated into their contracts with Microsoft.

We are able to get quite a lot of details about the laptops that we have across the organization. I would rate it pretty high in terms of visibility into our environment.

We are better able to see or get alerts on things that we might not have been able to see before. With Norton, for example, we didn't have a centrally managed system. All we could see was that a node had some threat on it, and we had to manually log into that node and work with the user to figure out what that threat was. With Defender, we are able to see all of that through the console instead of having to reach out to the user, which speeds up the process of figuring out what type of vulnerability we're looking at, and we are able to run scans and do other things remotely without having to interact with the user anything. It speeds up our process of detecting vulnerabilities and threats.

It has significantly reduced the amount of time to respond to threats and manage threats.

It has definitely improved our security, and it also helped us in reducing management costs.

It is good for attack surface reduction, which is how you harden your endpoint so that they're less likely to be infiltrated or compromised if you have an operative in your environment. So, it's mainly used for reducing the opportunity for someone to compromise the system but also for rapid detection when that occurs.

In the old world, we have Defender in combination with SCCM. It's not as good as Security Center, but you have all the reporting stuff that tells you whether your clients are up-to-date or not. The ATP Security Center is the mercy dispense of antivirus solutions because it is so much more than just antivirus. Microsoft Security Center comes with the ATP license, and it provides a really compact but whole view of your tenant and the vulnerabilities in your tenant. I feel that my administration got more proactive than just reacting. I can see that my Office is not up-to-date, or a client is using the old version of Firefox or Adobe Reader. So, Security Center tells me all this, and I can proactively update these clients and have a look at the bad guys in my environment. That was the part that McAfee never showed. I could see my clients with old signature files or engines, but McAfee Orchestrator didn't show the actual vulnerability of the client, which is the great benefit of Microsoft Security Center.

The endpoint provides good visibility into threats. However, working with Microsoft Defender for Endpoint and its control panel can be challenging, especially when dealing with features such as compliance and cloud app security details. Nevertheless, with enough experience, it becomes a useful tool for threat detection. Although it may be difficult to work with initially, it is an essential instrument for information security.

Microsoft Defender for Endpoint helps us prioritize threats across our enterprise.

The integration of Microsoft Defender for Endpoint with other Microsoft solutions is easy. The integrated Microsoft solutions work natively with each other.

The level of comprehensiveness provided by all of the integrated solutions is satisfactory.

Microsoft Sentinel allows us to investigate and respond to threats from one place.

Microsoft Defender for Endpoint helps automate routine tasks and find high-value alerts. The solution has a powerful advanced query that we can schedule to run automatically.

Microsoft Defender for Endpoint simplifies the use of multiple dashboards by providing a single XDR feature. This is a beneficial feature, but my reliance is on the 50 automated rules that run on a schedule to keep me informed of any incidents.

The automatic rules and policies that we apply using Microsoft Defender for Endpoint save us around four hours per day.

Microsoft Defender for Endpoint has saved our organization money by protecting the environment from threats.

Microsoft Defender for Endpoint has reduced our time to detect and respond to security threats by consolidating all relevant information in a single panel within a web portal. This enables us to quickly review and respond to potential threats, thus improving our ability to mitigate risks effectively.

Microsoft Defender for Endpoint has helped our organization by working to identify threats quickly before they become a problem. 

Microsoft Defender for Endpoint has improved my security score very well. Since it is a fully automated solution, all false positives have been ruled out for me. The investigations provided by the dashboard have compliance functionality and are useful for auditing purposes.

The visibility of threats is excellent. The most difficult aspect of Microsoft Defender for Endpoint, especially for a small MSP, is the amount of information that needs to be filtered through. There is a lot that can be done in the portal, so it requires someone to spend a lot of time going through all the settings and making sure any issues are resolved. This is why we added Huntress to it, as it helps with the identification of other issues.

Microsoft Defender for Endpoint helps prioritize threats across the enterprise. The great thing about the Defender portal is that if there is a new issue, it highlights the issue for us in the portal, enabling us to easily check the CVE report to see which devices are affected, and make the necessary changes.

The major advantage of Microsoft Defender for Endpoint for us is that we receive a great deal of information. Initially, when we encountered the solution, the most difficult thing was that there was a lot more detail to go through, a lot more logs, and settings that we had to configure. However, once we had everything in place, as we are covering so many devices using the same solution, we were able to make a significant impact on our security.

The solution helps automate the high-value alerts to identify the devices that are at high risk of attack, but we still have to remediate ourselves.

We still enjoy jumping between Defender and Huntress' portals. Microsoft has removed the need for a large number of solutions as the Defender portal itself encompasses a great deal. This is both good and bad as they continue to add to the Defender portal. For a small team, it can be quite overwhelming to have to go through the one Defender portal. However, if the team was larger and we had more dedicated staff, it would be great as everything would be in one place.

Microsoft Defender for Endpoint's threat intelligence helps us prepare for potential threats before they occur and take proactive steps based on the CVE reports, which advise us which devices have higher threat issues.

Being aware of the issues is a good thing, and with solutions like Webroot Business Endpoint Protection, we may think everything is fine as long as the antivirus is installed. However, with Microsoft Defender for Endpoint, we are given a lot of information and become more aware of the issues. This helps us strive to reach the 100 mark on the security score.

Microsoft Defender for Endpoint has saved time by preventing attacks from occurring, and I have been able to rely on it. In contrast, when we used Webroot Business Endpoint Protection, we installed it and then largely forgot about it, assuming it would take care of itself. Webroot rarely gave us any warnings, which may have been due to the product not knowing what to do or not having anything to alert us about. On the other hand, Defender is constantly active and provides us with updates about the endpoints. This may take up more time, as it is making us aware of a lot of other things.

Microsoft Defender for Endpoint is more expensive than Webroot Business Endpoint Protection. However, the value is there in terms of the product we are getting. The cost savings with Microsoft Defender for Endpoint come from being aware of the issues and taking steps to prevent them from occurring. The savings come from avoiding the issues.

Microsoft Defender for Endpoints has a quick response time when it detects a threat. From what I've seen, the system is quite fast. It's not instantaneous when changes are made in the portal and sent to the endpoint, but it is still quick.

Defender for Endpoint gives us greater visibility. Cybersecurity professionals always need that because what we don't see can get us into a lot of trouble. We also need visibility to be easily applied across platforms and with an improving ability to gather information from Linux or Mac-based end platforms. AWS and Google Cloud give better visibility, which we need from a security standpoint.

The other Microsoft security products we use are Defender for Cloud Apps, Defender for IoT, and Defender for Cloud.

The integration is pretty straightforward. It depends on a company's licensing and deployment team, and Microsoft makes it simple to integrate multiple solutions. It is easy to integrate into a test environment, though it depends on the infrastructure and networking team because they have to carry it out. Each company has different solutions; whether they are entirely cloud-based, on-prem, or hybrid, there's a lot of flexibility. Depending on the package, Microsoft is usually very helpful and available to assist with implementation and integration.

Coordinated detection and response between the solutions are essential. Depending on the company and its capabilities, it can sometimes be challenging to bring different tool sets to bear. For example, integrating endpoint protection, XDR, theme tools, CASB apps, and security from different companies can be very tricky. What Microsoft is doing in terms of easy integration makes their product an easy sell because it's critical to spend time doing the work of security rather than worrying about and dealing with integration. 

Threat protection is extensive; it covers most of the concerns we face as a company. I have limited experience with the IoT side, although I'll be working with that soon. Microsoft is thinking ahead and looking toward the future of protection, and I think they're on the right path. The comprehensive threat protection is there, and that results in a steep learning curve because an organization may have a whole bag of tools, some of which they may not use or need depending on the size of the enterprise. The extensiveness is impressive, and Microsoft is doing the right thing in attempting to cover all threat avenues. The necessary side effect of trying to cover every threat is not being the best in class at dealing with any one threat; more of a jack of all trades, master of none. It also increases the learning curve for analysts.  

It's the best solution for vulnerabilities. Most updates will be done by group policies in a big organization and everything will be maintained in that way. But with non-group policies, if it's not a hybrid environment, or they are only using cloud, or they're connected to Azure already, or they don't have AD, a lot of updates will be missed. That is a very difficult situation for handling vulnerabilities. In that situation, once we enroll the devices to Defender for Endpoint, all the vulnerabilities will be displayed on the dashboard and we can review them and fix them. In that way, we can stop most cyberattacks and close all the vulnerabilities and loopholes.

Before enrolling devices to Defender for Endpoint, we don't know what vulnerabilities or security loopholes are on those devices. Once we enroll devices we find a lot of vulnerabilities and we have been able to fix a lot of security-related issues. It has helped us a lot.

It is impacting our security score. Before we enrolled our devices to Defender for Endpoint, our security score was 58. When we enrolled 500-plus devices to Defender for Endpoint, our security score went down to about 42 percent. We then understood we need to maintain it above 50 percent, as recommended by Microsoft. We are trying to increase our security score by fixing those issues.

It shows how to fix a given vulnerability or security issue, providing step-by-step guidance. That saves a lot of time because if we didn't know how to fix a vulnerability, we would need to do some research and find the right document. That would take time. It is saving us 10 to 15 hours per month.

Microsoft Defender for Endpoint has good visibility into threats, capturing 95 percent of them.

Microsoft Defender for Endpoint helps us prioritize threats across our organization, which is important.

We have integrated Microsoft Defender and Sentinel. The process of integrating Microsoft Defender for Endpoint and Sentinel was easy.

They work natively together to deliver coordinated detection and response across our environment which is important. Microsoft Defender for Endpoint and Sentinel work together comprehensively to detect and protect against threats. If one solution misses a threat, the other one will pick it up.

Sentinel allows us to gather data from our entire ecosystem, which is crucial for us.

It enables us to investigate threats and respond holistically from one place.

Microsoft Defender for Endpoint is an effective anti-malware solution. Additionally, it offers the capability to isolate a device in case of more significant issues with a workstation or server. Moreover, we can directly connect with the machine through Microsoft Defender itself to access and check files using live response, allowing us to assess the situation accurately.

Microsoft Defender for Endpoint offers a unified XDR dashboard that eliminates the need to view multiple dashboards. However, we are only focusing on incidents and log queries.

The threat intelligence helps us prepare for potential threats before they occur, allowing us to take proactive steps, as long as there are alerts and we have properly configured them.

We were previously using IBM QRadar, but it was not quite effective for generating alerts or for data analytics. Additionally, it created numerous alerts, which only sent us notifications for issues like behavioral concerns. This had a significant impact on the workload for InfoSec Operations. Microsoft Defender for Endpoint has helped to reduce our SecOps team's investigation time.

Once we invest the initial time to create alerts and queries, Microsoft Defender for Endpoint saves us time by sending alerts and logs directly. This eliminates the need to repeatedly create queries to search for specific alerts, incidents, or events.

Microsoft Defender for Endpoint has decreased our time to detection and time to respond.

The solution helps us prioritize threats across our enterprise. If we're talking about projected vulnerabilities, like an outdated web browser, then there's a different priority associated with that. Conversely, if we have an endpoint out of data, like outdated Windows security patches, it will be registered with a different, higher priority. It helps a lot.

Sentinel enables us to natively ingest data from our entire ecosystem. By design, Microsoft ingests data from Office 365 to Sentinel.

This ingestion of data is critical to our security operations. Without data ingestion, nothing is shown in the dashboard or in the security and compliance portal. If it stops, we don't have data to analyze.

Sentinel enables us to investigate threats and respond holistically from one place. There are threat investigations directly in the portal, which depends on the license. This feature is really important for enterprise-class companies that have a huge emphasis on security.

Since using this solution, we have seen a better perception of incoming and active threats. We're able to see weaknesses or misconfigurations in applications and operating systems for devices.

It definitely takes time to realize benefits from the time of deployment. After we deployed the agent for Microsoft Defender for Endpoint, it took about a week to collect data.

Defender for Endpoint doesn't help us automate routine tasks or automate finding high-value alerts. The most valuable feature is attack surface reduction rules, and in this case, we have an automated response. It's a lot like SOAR, which helps to contain security risks in an unmanned way, but it's limited to just that feature.

This solution absolutely eliminated the need to look at multiple dashboards because we have one XDR. It's a worthy capability that helps a lot. Having one dashboard makes our security operations more seamless. To retrieve data, we consult different places within the portal.

The solution's threat intelligence helps us prepare for potential threats before they hit and take proactive steps.

The solution saves us time, but it depends on the point of view. It helps to have a better understanding and outlook on our current situation within our organization and plan proactively for tasks in order to improve our security score.

We saved money by not needing to buy additional pieces of software or deploying additional infrastructure for an on-premises security product.

It also depends on the competitor and the infrastructure required.

Detection and response take minutes because as soon as something is compromised or something happens within our organization, an alert will be triggered within minutes. After we receive an email with an alert, we are likely to start the analysis and remediation if it exceeds or doesn't fall within the scope of the attack surface reduction rules.

Microsoft Defender for Endpoint provides comprehensive threat visibility. It allows for file analysis, checking unsupported files in the system, and accessing the Mission Live console. Unused files can be deleted, and suspicious files are analyzed and checked for viruses on the platform. In cases where a file has numerous detections from different security vendors, it is quarantined, blocking it in the organization. Care is taken to avoid quarantining legitimate files to prevent disruption. Additionally, there are numerous advanced configuration options available.

It helps us prioritize threats across our entire enterprise. We receive notifications for any advanced threats and can also identify if there is an advanced threat within our organization. Additionally, we can view the different priorities, such as high, medium, or low, and understand the severity of the alerts. For high and medium alerts, we can take immediate action, such as isolating the machines from the network.

We also utilize Microsoft Elastic Cloud and EnCase. I believe the integration is straightforward, but I was only responsible for monitoring after the integration had been completed.

Microsoft offers four products that can seamlessly work together and be accessed through one console. These products are Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, and Microsoft CloudApp Security. With the appropriate license, we can subscribe to all four solutions from the Microsoft security website.

Sentinel allows us to collect data from our entire ecosystem and seamlessly integrate the log files with an API.

Microsoft Sentinel allows us to investigate threats and respond swiftly from a centralized platform. We possess the capability to generate customized queries and delve deep into the logs.

Microsoft Sentinel also has built-in SOAR, UEBA, and threat intelligence capabilities. The playbooks make the security analyst's job much easier. If there is unwanted software, we can configure a notification from the playbook to send the user a message or block the IOCs.

Defender for Endpoint aids our organization by enabling us to monitor the antivirus status on devices to ensure they are up-to-date. We can also access vulnerability details that we can share with the vulnerability team to promptly apply necessary patches. Additionally, it allows us to identify any pending configurations, streamlining our security analysis process.

It helped eliminate having to look at multiple dashboards and gave us one XDR dashboard for everything.

Microsoft Defender for Endpoint's threat intelligence assists us in proactively preparing for potential threats before they strike. Any threats detected by Microsoft Defender for Endpoint are automatically blocked, while for those that are not, we have the option to block them manually.

It protects my endpoints from malware and viruses. Those benefits were immediate.

And the automation of routine tasks, such as finding high-value alerts, had an immediate impact because I can see all the threats in a single console, and how they are mitigated.

It has also definitely eliminated having to look at multiple dashboards, giving me one XDR dashboard. It's really effective because it is very tough to handle two different dashboards or environment consoles. The single console gives me a one-shot view of the whole infrastructure, security-wise.

The solution also saves me time because there is no need to install it on all the machines. That is automated. Even the mitigation is sometimes automated, which definitely saves time. It saves me about 90 percent of the time I would otherwise spend on these things.

I have also seen a clear improvement in time to detect and respond. It is instant.

It works well with different solutions from Microsoft. If a company is using Microsoft 365 package, this security addition is easier to implement and manage because it is from the same vendor. You have greater visibility because they are from the same vendor. Microsoft probably also has larger visibility on the endpoint itself because of its own operating system.

It provides good visibility into threats. I would rate it a seven out of ten in terms of visibility.

Its threat intelligence is helpful for preparing for potential threats before they hit and taking proactive steps. We can manage our own images, and we can also inform the client to patch certain things.

The visibility into threats that Defender for Endpoint provides is good because we are using all Microsoft products. 

Microsoft Defender for Endpoint assists us in prioritizing threats throughout our enterprise. This prioritization of threats is crucial for safeguarding end-user devices.

Sentinel allows us to gather data from our entire ecosystem, and the interface is highly impressive. Data ingestion is of utmost importance for our organization, especially concerning the security of our environment.

It allows us to comprehensively investigate threats and respond from a unified platform. This is of great significance to us, as Sentinel plays a pivotal role in our Security Operations Center.

Microsoft Defender for Endpoint assists us in automating the prioritization of critical alerts. I am certified in cybersecurity. Recently, I have begun the process of renewing my certification as it is set to expire next year. I have been reading numerous articles regarding Sentinel, Defender for Cloud, Identity, and Endpoint applications, and there is a multitude of information available. Automation is now fully integrated, which holds significant importance for enterprise-level customers.

The solution assists in eliminating the necessity of using multiple dashboards, providing us with a single XDR dashboard integrated across various Microsoft products.

The threat intelligence assists us in preparing for potential threats before they occur, allowing us to take proactive measures to prevent them. The assessment mechanism analyzes and identifies threats, providing clear instructions before we proceed to the security parameters.

It has saved our clients time, mainly with their SOC operations. 

The main reason it has improved our organization is that it is integrated with the entire Microsoft 365 suite. We get a lot of functionality and a centralized way of operating or controlling all the devices in the environment.

The solution automates routine tasks and the finding of high-value alerts. That helps a lot. I worked with a different product before and, if we wanted to check if a specific application was affecting our organization, we had to get the application details and then search in the EDR console or on the devices for those application details. But with Defender for Endpoint, you can simply put the application details in a query and run it, and that becomes a customized detection. I don't need to check for the same application again and again. I can get an alert whenever it pops up again.

There is integration with all the products, whether Defender for Cloud or Microsoft Purview or Office 365, so we have a centralized console. There is a sync so that you can get all the alerts in different portals on a single portal. That consolidation makes things easier because we don't have to navigate to multiple portals to check for all the information. Before, we used to only get basic details, like the title or the category of a particular alert. But now, since it is also syncing with Sentinel, we don't need to go to the Defender portal. We can view the entire alert story and related devices, or potentially affected devices, and which devices could be the next targets.

Another advantage is that the threat intelligence helps us proactively prepare for potential issues before they strike. There is an option to check for vulnerabilities and that is not only limited to our organization or the license we bought. We have one filter that will show all the potential threats in the market or that other customers might have reported. We can view them and the steps they have followed. There are all the CVD details that are not affecting our organization, things that are still new in the market, and it will give the remediation steps for them as well.

In terms of deployment, management, and manual efforts, it has saved me a lot of time. Previously, I would review each alert. That meant, during a given week, that I would be on alerts for three or four days, and only then would I go on to other things. It has saved me a couple of days a week because of the automation and auto-suppress rules, which are configured to automatically resolve an alert and trigger an email to me that the alert has come up and the action has been taken.

It provides good visibility in terms of the number of devices covered, users covered, and so on. With most people working from home for the past two years as a result of the pandemic, Microsoft has helped us improve our security. Because it's a cloud component, we have been able to have improved coverage for our remote users, which was a challenge when we were using traditional endpoint protection solutions. Microsoft Defender for Endpoint has enabled us to secure devices even when they are off of the organization's premises. It has added value to our organization and has helped improve and mitigate security risks across the organization.

It is a completely integrated platform with advanced threat analysis, SIEM features, updated inventory, and so on. It is an all-in-one solution. Microsoft is taking over lots of companies to provide more and better services to its clients. This is one of the best solutions around at the moment.

It protects our organization from all kinds of attacks, such as ransomware attacks and any malware downloads. It is like an oracle who knows everything about:

• What is around at the moment?
• From where the attacks are coming?
• What is currently going on security-wise?

It knows about all the software that you have installed on the laptop, and whether they are not patched or have security issues. It covers everything you want from your security platform.

In the past, I needed two, three, or four apps to do my job. With Microsoft Defender for Endpoint, I have all the resources on one site. I can check what the threats are and if the computers need to be updated or if they reboot with various apps. It's very helpful for us. For example, I have colleagues who use different versions of a certain programming software. With this tool, I can check whether they need to update the app because an older version might have a lot of bugs. I can check which applications need to be updated or uninstalled.

I have a lot of alerts set up as well. For example, all our users are here in Mexico. If we get someone connecting in the UK or Venezuela or Colombia, we get an alert. I then know I need to change the password and use two-step authentication.

And I get a message when a new threat comes up or I need to do updates to different tools. This is helpful because threats are always working in innovative ways. These are very important messages for us.

Defender for Endpoint saves me a lot of time because I have all the alerts and information in one application. It also saves money because when you lose information due to an attack, you lose a lot of money on the reconfiguration of the sites or the information or on the recovery of a backup or a server. It's very important to have a tool like this. It saves a lot of money. The cost-benefit is very good.

Of course, we integrate Defender with Microsoft Defender Security Center and the Microsoft compliance score. We use these tools to check the maturity and to guide our clients in using the solution better. The result is that we see growth in security maturity.

When we need to create a new server, we follow certain steps. One step is activating the extension from within the server and using that to check and monitor, in a centralized console, the health of the server. Defender also provides additional information about vulnerabilities and opportunities to increase the overall security.

For example, it will tell us if a library being used has any vulnerabilities. This information is very important for us and for our clients. They use this information to go back to their developers and request fixes. Or it may identify a problem with something in a client's application, where they need another version to mitigate it. And again, when they apply the new version, we can check it using Defender to see if the vulnerability has been resolved.

One feature that has proven beneficial is the Threat and Vulnerability Management module of Defender for Endpoint, which provides information on the vulnerability of all the endpoints. We don't have to run active scans via network scanners. It is built-in. That has proven to be helpful, although we're still in the early phases. We have identified vulnerabilities that were in our organization for too long and nobody knew about those machines and the vulnerabilities on them. From a vulnerability remediation point of view, it has been quite helpful to us.

Windows Defender makes it easy to streamline the updates so we don't really worry about managing it.

The solution benefited the company via:

• OS-level/Tool compatibility for endpoints running Windows (since both are Microsoft products and Defender core files are included in Win10 or later delivery).
• Heuristic capability. Consistent usage of MDE indicates that the tools are continuously learning new prevention techniques by pulling real-time up-to-date cloud resources.

• Alert chaining. The solution makes security Incidents, events, and alerts less tedious from a Security Operation Center standpoint. This can result in false negatives or detriment for small to medium-scale firms running no or semi-automated threat response features.

Microsoft Defender for Endpoint provides comprehensive visibility into endpoint security. I've been impressed with its ability to detect and monitor threats without any noticeable gaps in coverage.

We use the entire suite of Microsoft products, which are all integrated. Integrating them is very easy. However, getting them to function as expected after integration was a little more difficult.

The integrated solutions work together to deliver detection and response. However, their behavior may not always align with our expectations.

The implementation of Microsoft Defender for Endpoint has enhanced our organization's security posture by augmenting our visibility, particularly through the integration of MDE, Sentinel, and Defender for Cloud Apps. Additionally, Intune, when utilized in conjunction with these products, provides comprehensive insights into identity and device risks. The deployment began about three years ago before I joined the company. In terms of EDR or just basic visibility, that was achieved within the first year or so. However, we are still working towards a holistic vision of visibility, especially with Defender for Cloud Apps.

Microsoft Defender for Endpoint consolidates multiple dashboards, as all of our security products are Microsoft-based, simplifying our security management.

Microsoft Defender for Endpoint has saved us time compared to our previous solution, which was an on-premises Trellix EDR solution. This is especially evident in the areas of maintenance and operations.

The main purpose of EDR is threat protection, and Microsoft Defender is most impressive when you are factoring in the E3 and E5 security enhancements. It gives all monitoring alerts on a proactive basis. It generates an alert if it finds suspicious traffic, and it also helps to understand where the risks are.

It helps us to prioritize threats across our enterprise. That's one of the key features.

It helps automate routine tasks and the finding of high-value alerts. Because of the automation, you don't need to do anything. You are not required to do anything manually. It automatically detects threats and blocks them. It reduces a lot of manual effort.

It makes the organization much more secure. Microsoft Defender is one of the leading products. It works perfectly. When you are monitoring daily alerts, you can understand what kind of threats your organization is facing or how it is blocking. Based on this analysis, you can secure your organization more. Based on their automation, they are protecting you, and from that analysis, you can understand what threats your organization is facing. So, you can focus more on that area. It helps you to identify and secure those areas so that the same threats don't come in the future.

It has saved us about 20% of the time from an endpoint perspective. It has reduced our time to detect and respond by 50%.

Our customers also use M365 and Microsoft Sentinel. We have integrated all of these products. The base product is Microsoft Sentinel because that is the SIEM. All M365 logs get ingested for the phishing attack checks, and Microsoft Defender logs get integrated with Microsoft Sentinel to check all the endpoint-related activities. These endpoints include Windows servers, laptops, and desktops. On Windows Server also, we have installed Microsoft Defender EDR. From there, the logs go to Microsoft Sentinel, and from there, a centralized monitoring console works. These solutions work natively together to deliver coordinated detection and response across an environment.

Around 90% of our estate is Mac, so we rarely have security alerts, but we get daily reports. The solution lets us proactively advise users about security concerns, especially when downloading files.

It enhances our security posture. It seamlessly integrates with all our systems, particularly across our Microsoft infrastructure. It offers insights into threats, furnishing information about potential security risks within our environment. It effectively sets up alerts to notify us of any suspicious or unusual activities. The prioritization of threats holds significant importance. It concentrates on the most crucial threats rather than overwhelming us with all potential risks. It excels at organizing and highlighting those critical threats, providing a level of efficiency beyond what I've observed elsewhere. It has proven to be a cost-effective solution, saving both time and money, as the adage goes—time is money. Specifically, it has significantly reduced our time to detect and respond to incidents. Its real-time threat detection and blocking capabilities contribute to these improvements.

The visibility into threats that Defender provides is excellent. The logs I receive are quite comprehensive, allowing me to see what is happening on each endpoint, including the running processes and generated alerts. It does a pretty good job of detecting when certain events occur, which helps me stay attentive to potential issues. Overall, it offers significant visibility.

Defender does a good job in helping to prioritize threats across our entire enterprise because it provides me with context by distinguishing between high and medium threats.

We also utilize Azure Sentinel, Defender for Cloud Apps, Defender for Identity, and Office 365. These solutions are integrated together, and whenever one of them receives an alert, it is sent to the main alert queue. I would give the integration an eight out of ten.

Sentinel allows us to collect data from our entire ecosystem. We primarily use it for the network firewall logs, but it can also handle other types of logs.

Sentinel does an excellent job of providing us with comprehensive security protection and visibility into security alerts and incidents. It informs us about policy violations, such as foreign user sign-ins and sign-ins from multiple or different devices, among other things. Therefore, it offers greater visibility beyond just phishing alerts.

Microsoft Defender for Endpoint has significantly improved our organization by identifying the activities of individual users and effectively hunting for any threatening activities they might engage in. For instance, if a user downloads a malicious file or clicks on a malware-infected link, the software can promptly detect and mitigate the issue on the server.

Defender helps to automate routine tasks and the identification of high-value alerts. Sentinel aids in the automation process by allowing me to address the issue of numerous false positives. Specifically, I automated the handling of certain false positives that originated from a particular IP range. This IP range was generating false positives due to a flagged server, even though the server itself was not actually malicious. In such cases, Sentinel proved to be beneficial as it facilitated the automation and removal of unnecessary noise.

Microsoft Defender for Endpoint has helped save us the trouble of looking at multiple dashboards by providing a single XDR dashboard.

Microsoft Defender for Endpoint has been instrumental in saving us time, especially by identifying true positives instead of wasting time on false positives.

The automatic report is very good, and it is easy to see which user or device has a problem. The benefit we were able to realize immediately was protection.

When looking at the ecosystem as a whole, security-wise, Microsoft provides a complete solution with the E5 Security suite. Microsoft has a big advantage because Defender knows how to interact with the CASB and all the other security components that you have. Overall, that makes the management of the environment much easier. It's easier to understand what's going on, to become aware of risks, and to take action.

What the user doesn't see or experience, the user is happy with. Every time our other services go in and put a stop pop-up in front of what they are doing when they want to visit a website, but the browser says, "No," or they are trying to download a link and then says, "Oh, no. This is dangerous," that upsets users because they can't do what they want to do. As long as we don't get any of that, then users are happy. If users don't feel it or know about it, then they are happy. Everything else will make them unhappy.

Our end users expect to be protected and that everything works. When IT doesn't work as they expect, then they get unhappy in some form. We kind of forced this solution upon them, so they don't have a choice. As long as it doesn't meddle with their normal work, they are fine. For example, when GDPR hit us in May of 2018, that was upsetting because they now had to do some of their work a little differently. So, they don't like GDPR because it interferes with their normal workflow. Normally, users come to me if they have issues with anything. However, if everything works as expected, they are happy. In addition, they expect that they are protected.

Microsoft Defender for Endpoint helps prioritize threats across our enterprise. The solution notifies us of new vulnerabilities, including those that have been published, exploited, or are being exploited, and it provides some visibility into these threats.

Microsoft Defender for Endpoint has a significant impact on reducing the number of affected machines. I personally write custom detection rules to analyze the environment and look for specific patterns, such as ransomware. Although some of the pre-built detection rules in Azure on GitHub are useful, they are not as flexible in terms of use cases. Therefore, it makes sense to write custom rules instead of importing the pre-built ones.

Microsoft Defender for Endpoint helps automate routine tasks and helps automate the finding of high-value alerts.

Microsoft Defender for Endpoint improved our security posture and operations by automating some of the mundane tasks, such as analyzing alerts. This allows us to focus on incidents that were created from specific individual alerts.

Microsoft Defender for Endpoint saved us time in terms of operational and C- CERT security. It reduced the amount of time we spend analyzing what happened on a particular endpoint, which processes were started, and which ones were suspicious. For example, it helped us to quickly identify suspicious installation protocols.

Microsoft Defender for Endpoint reduced our time to detect and respond by 25 percent.

We use Defender with Sentinel, so we can see everything from one dashboard. You can also use the 365 security portal to manage all your Microsoft solutions, but Sentinel covers the entire estate. It has automation features, but I am not the one who configured that. A separate team does that for the customer. 

Defender helps us be more proactive about security with suggestions on how to improve. It provides a Microsoft security score for 365 and Azure, both of which are helpful. 

Defender saved us time. I believe it saved the customer some money, but I could not provide exact figures.

For securing access, USB security helps us block our USB ports and that ensures that users do not plug USB drives into their computers.

In addition, our efficiency in the way we handle our processes has been improved because the solution automates routine tasks and helps find high-value alerts.

It has also saved us a good amount of time, something like 15 percent, while decreasing our time to detect and our time to respond, each, by 5 percent.

Automation has had a positive impact. When we have a lot of false-positive alerts, we are able to set up a condition in Microsoft Defender where it will automatically close that as false. I don't create those conditions, that's something our security engineer does, but it makes my job easier.

Also, threat intelligence helps against potential threats before they hit. You can actually block and delete the emails from MDE whenever you detect them, or when they report, "Hey, this is a phishing email or spam email." It's also able to block and detect a bad or phishing URL. It has decreased our time to respond because if it detects a URL, we're able to automatically block and delete it before a user even sees their mailbox the next morning. It's very fast in detecting and we like that.

As a SOC, it has saved us time, on the order of 60 percent of our time.

Microsoft Defender made the work quite easy because we didn't have to rely on multiple tools, and we could look at one thing. It had a specific endpoint-level reporting standard as well where you can see the vulnerable threats and the outdated versions. It was very convenient.

We had certain compliance and usage issues. For example, our company wanted to go with CIS, but we didn't have a proper way of measuring whether the endpoints have the right standards in place or whether they were compliant with CIS. Microsoft Defender was like a one-stop for most things because it gave us the vulnerability and patching scores so that our vulnerability management teams can focus on covering up the vulnerabilities and the patching team can check the vulnerable versions and deploy the right versions. It had multiple advantages for us in terms of patching, vulnerability management, adhering to security standards, and EDR and AV capabilities. 

Microsoft Defender was pretty interesting in terms of visibility. When we compare the solution that we had before with Microsoft Defender, there is almost a night and day difference. Microsoft Defender is pretty advanced with the threats. We used to run, simulate, and see whether we were prone to the latest vulnerabilities. It was a pretty good solution in our experience.

It definitely saved us a lot of time. I don't have the metrics, but because it was a one-stop place, we didn't have to navigate through all the controls and go from one place to another to look for different reports for each section. We had one tool that could do everything in one place. It would have definitely saved us nearly one-fifth or 20% of the time. It would have also saved money because you rely on one single tool for multiple things. When you go with the premium suite, you get other tools as well. There is definitely a cost-saving aspect.

This product has features that improve our security posture including good vulnerability detection, maintaining endpoint devices, and unified management. The management feature allows us to manage all of our devices from a single location.

The advanced techniques used by Microsoft Defender are improving our user experience. Our users used to complain that they didn't need certain features, but this was because the legacy antivirus and other EDR solutions were hampering their usage. Nowadays, vulnerability detection is very effective and they are comfortable with the security, as well as the administration, giving them a better overall experience.

The solution has saved us time by not having to install separate third-party antivirus solutions.

We have not had any attacks, in terms of viruses, worms, or ransomware, in the last three years.

The impact of the solution has been minimal. Employees can work with any interruptions.

We can react to threats faster and stop them from spreading from one machine to another. It protects from suspicious email attachment downloads. It will lock down the SOC and the workstations. 

It definitely improves the organization in terms of security and productivity. We integrate the Defender with the Microsoft Cloud platform as well. It provides us with sandboxing and other functionalities in real time, where we can have the protection we need. 

It's integrated with advanced threat analysis so we can see how the threat is coming into our network, what it is doing, and more. We can see everything step by step if a threat comes, including how this threat impacted the organization, et cetera.

Overall, Defender for Endpoint has created a better security posture, particularly in these COVID times where no one is on-premises anymore and they're working remotely.

Many of our users are on older operating systems and browsers with vulnerabilities that harm the environment. An attacker can take advantage of those old browsers to access the infrastructure. Defender for Endpoint lets us identify those browsers with vulnerabilities and resolve the issues. We can also find processes that we didn't initiate and stop them right away.

Defender helps us prioritize threats from the security portal. It shows us the dangers that matter the most to our own organization and which threats we should address first to achieve the most significant improvement in our security posture. 

We can manage Defender for Endpoint and Defender for 365 from the same integrated security portal, and it's user-friendly. Microsoft is much more user-friendly than Sophos. 

Microsoft covers every aspect of security and the global challenges we face. The biggest threat today is identity and access management. If someone has access to your identity, they can access much of your technology. They have solid solutions for identity, email, and cloud. I don't think there's anything Microsoft left out. Microsoft has your security environment protected. 

Sentinel enables you to ingest data from your entire ecosystem from on-premise to the cloud. It has single sign-on technology, so you can use your account from your on-prem to sign on to the cloud and vice versa. A user doesn't have to remember a lot of passwords.

Sentinel's data ingestion is essential. Security tasks can be tedious. It's great to have technology that lets you integrate all your data from different sources. You can also incorporate data from other clouds, not just Azure. You can have data from Azure and on-premise. 

So far, Sentinel is one of the most comprehensive SIEMs I've seen. They have even added this XDR. Sentinel doesn't just do SIEM and SOAR. It also covers XDR. The automation is there, so you don't have to do much work. The automation helps you look at the activities behind all this data and correlate them to see the relationships. It gives you information at a glance to see if there is a relationship between these various data sources. 

Defender saves us time. A task takes typically three days and could be accomplished in one day using Microsoft technology. With an on-premise network, you need to switch between portals on all your network devices, but you can achieve that from one portal. You can set policies that will block traffic to your infrastructure, so it saves time. The advanced threat protection using AI has also reduced our detection time. 

We've also saved money. We previously managed the technologies on-premise, so we had to maintain the solutions ourselves. We spend less using Microsoft cloud technology because we don't need to pay for those extra features. We only need to pay for operational expenses. 

We don't have to go to the affected devices when we see a security vulnerability from the portal. We can respond to those issues and resolve them using an endpoint management solution, like Intune. When we resolve a security issue, it takes a week to see the score, but we see the results immediately.

It can automatically scan and remediate stuff without an administrator doing anything. We use it for threat and vulnerability management. There are components in there that will tell us about any vulnerable software running on endpoints. There are a whole bunch of other things too.

The main benefits are compliance and protection from threats.

It helps us to avoid disruption in the business. It helps us see if other solutions are causing any slowness to our end-user machines. We can see if there are any service availability issues. Operations-wise, it helps us a lot to maintain the uptime of our business.

It helps us prioritize threats across our enterprise, which is very important and one of our priorities.

We have the Defender for cloud applications. It's very easy to integrate. It's straightforward. These solutions work natively together to deliver coordinated detection and response across our environment, which is very important for us.

We did extensive testing of its functionality, and it's very effective. It covers almost all the new, unknown, and known threats. 

It helps automate routine tasks and the finding of high-value alerts, which is helpful for incident response and SLAs. It has saved us 50% of the time to respond to the incident.

It helps us to be proactive. It can detect unknown threats and alerts us. We're able to identify any malicious sign-ins or logins. 

It has decreased our time to detect and respond. Previously, we were doing it manually. It took one hour to two hours to detect and respond. Now, it takes us minutes.

Within one month of using Microsoft Defender for Endpoint, we could achieve great insights.

Microsoft Defender for Endpoint is a perfect solution. We have used several EDR products, and Microsoft Defender is the best one that I have worked with. It provides great visibility. It is very transparent. We can get so many details about a particular endpoint. It is a great product. I would rate it a five out of five in terms of visibility.

It helps us to identify process-based threats in our environment, not only the signature-based ones. We are able to identify some of the threats that were not detected previously.

We get severity levels from the solution itself. Based on them, we have developed our action plan to act upon any category of incident. It helps to achieve a better SLA to attend to incidents.

I am quite interested in the vulnerability dashboard. It provides vulnerability data according to the CVE database, which helps us to prioritize vulnerabilities in our environment and address them.

Microsoft Defender for Endpoint works with Windows and Linux, so we could cover them all. It is suitable for servers as well, not only for endpoints, so we could implement it on most devices in the organization. It has probably saved us 20% of the time. 

DFE organizational security posture has been a positive experience. We're a Microsoft house. It works. Once it's deployed and once it's configured, it works and our clients tend to be happy with it. I haven't really experienced anyone who has been so unsatisfied with the platform that they wanted to go a couple of different directions, that has never happened to me.

Using this product helps with device inventory. This is not an inventory solution, but it helps you take count of how many workstations you have, as well as what software is installed on each of them. It is important because any software installed on a workstation may be vulnerable to parts of the internet.

Microsoft Defender has features that have helped to add layers to our security posture. The most important of these features is visibility and the provision of detailed alerts. It correlates the data and using this information, I can identify a threat and see if any other workstation in the environment has been affected by it.

Using this product has not negatively affected our user experience. It is just like using Windows 10.

We have not fully considered how this product affects our overall security posture, although this is because we have not yet explored all of the features. Once we have all of our offices connected, it is something that we will be looking into. At this point, it does not affect all of our machines. On a scale from one to five, I would rate our security posture a four.

Microsoft Defender for Endpoint provides excellent visibility into known threats, thanks to their comprehensive database of malware information. 

Microsoft Defender for Endpoint helps us prioritize threats across our enterprise according to our needs. We focus on protecting against malware first, followed by email protection, and URLs.

Microsoft Defender for Endpoint has helped protect our organization against malware.

We rely on this product for endpoint protection in our organization because we have not subscribed to any antivirus, apart from Microsoft Defender. It comes for free with our Windows subscription and it has improved the way our organization functions because there have been no virus attacks to date on our laptops.

It has not negatively affected our end-user experience.

This product tends to detect a lot more issues than the other antivirus solutions. This is because it's essentially tuned to Microsoft. It has some inbuilt intelligence, so they tend to understand the Microsoft environment and we don't need to do as much exclusion. With other antivirus products, we need to exclude certain files from being scanned.

It's always very difficult to measure, however, it integrates very well with the other Microsoft products. It's easy to handle them. That's an important point when you want to achieve a higher security level that it's easy to manage. You can be sure that it's up to date and it's managed and the alarms are taking care of and so on. It's not only the technical capabilities, that are important. How it plays together with the rest of your products is also key.

People will ask you, "My system does not have an antivirus," because it is so hidden and subtle. You don't feel like you have an antivirus. Many users will wonder and come to you, saying, "I don't have an antivirus installed. Is that company policy? Do we need to get it from outside and install it?" So, we have to tell them, "No, there is an antivirus. It is there."

It is so seamless that people don't even feel or see it. It is just protecting everybody. If you are some kind of techie or have some experience with Windows Operating System, only then do you know that this thing is already built-in. If you go into the Task Manager, you can find the antivirus using up a lot of memory and a bit of CPU power, then you will understand that is the antivirus doing this. Normally, many people don't realize this.

Windows Defender has improved my organisation's security in many ways which ensure that my systems are being safeguarded. Since we are mostly online doing our projects and research, we tend to enter into harmful sites that may damage our computers. But Windows Defender does great work in blocking and warning you of those sites. Another advantageous part is that when removable devices are connected to our systems they are scanned for viruses and cleaned immediately. Hence, it ensures no viruses from external devices enter into our systems. It automatically scans and checks for viruses on the hard drive from time to time ensuring good security in our systems.

I have used the solution for more than five years and the solution has greatly influenced my work. It gives good results in protecting my systems and data.

We sell the Microsoft solution for enterprise customers. We recommend to customers that they can use Microsoft Defender Antivirus.

We don't have third party software for EPS. We have started using Windows defender which is inbuilt one with windows to safeguard our systems from malware. It actually works as an anti-spyware program built to fight unauthorized access and protect our Windows computers from unwanted traffic. 

We are no longer buying a separate antivirus with Windows 10 Server Enterprise. We are no longer buying antivirus solutions where there is no compatibility with Windows 10.

Microsoft Defender has indicated problems with some websites that I was able to remove.

A few years ago, when I was using a different product, I was affected by a virus that destroyed everything. Since using Microsoft Defender, I have not had this kind of problem.

It's basically for security implementation, response planning capabilities and other security functions. Obviously, auditing, HR, requirements, legals, auditing, banking, and financial services all require a lot of the data that are generated and reported out of the platform.

I have set Microsoft Windows Defender up to notify me when there is a problem. I open it up and then decide what to do. The interface has all of the important things that I want to be able to do.

I'm working as a private contractor. In this regard, you can say this tool ensures I'm working with a product that gets updated regularly without me having to remember to do it. Since it's a Microsoft product, I'm confident that it requires a low use of system resources. The benefit of that being that my computer isn't constantly being drained.