Microsoft Defender for Office 365 Reviews

My use case for Microsoft Defender for Office 365 is for email protection, safe links, protection of links, documents, protecting my documents, and protecting attachments. I also use it to conduct phishing email campaign training.

I appreciate the attack simulation feature whereby I get to train users and educate them on how to identify phishing emails and spam emails, as well as the anti-spam protection.

It gives me visibility into my threat environment and threat landscape to ensure that I am one step ahead of any likelihood of threats within my environment. I get to detect it and respond, so the threat intelligence is very effective.

Microsoft security solutions save my time.

It saves money because once I protect my environment, I don't lose money.

It has decreased my detection time and my time to respond.

The inbuilt analysis of false positives can be faster. It's not slow, but it can be faster.

I have been working with Microsoft Defender for Office 365 for five years.

I would rate the stability of Microsoft Defender for Office 365 as 10 over 10 because it's highly available, it works, and it does the job it is meant to do.

The scalability of Microsoft Defender for Office 365 is not applicable because it is dependent on Microsoft for scale.

I would give technical support from Microsoft a 10 over 10 because they provide support 24/7 and there is help from the Microsoft community.

Positive

The deployment process for Microsoft Defender for Office 365 is very simple.

When you say visibility, the meaning is not entirely clear to me.

Microsoft Defender for Office 365 helps me prioritize threats across my enterprise.

I am satisfied with how useful it is.

AI has been embedded in Microsoft Defender for Office 365 and it means admin automation in Defender now.

I bought Microsoft Defender for Office 365 through a partner.

The user interface of Microsoft Defender for Office 365, which I have been using for five years, is easy, so nothing comes to mind regarding documentation improvements.

I am satisfied with the update processes.

I cannot think of any main competitor for Microsoft Defender for Office 365.

The system gives me the option to report an email that was a false positive, and it helps me analyze it, so it's difficult for me to say that emails are false positives because the system analyzes it and lets me know why it was quarantined.

My final rating for Microsoft Defender for Office 365 is 10 over 10.

We are an IT service company, so we do a lot of consultation and have deployed Microsoft Defender for Office 365 for retail and for sure segments, like oil refineries and financial segments.

The insights provided with Microsoft Defender for Office 365 are helpful because it comes with the E5 license, and by default, we can use a lot of capabilities. The insight it gives is good.

Threat intelligence with Microsoft Defender for Office 365 does help prepare for potential threats before they hit, but some are paid features, which hampers investigations because we have to enable it and it might cost; there might be some costs involved.

If you look at other products, such as Wiz or Palo Alto's cloud, because they also have similar components in terms of how they protect cloud infrastructure or enable cloud security, Microsoft Defender for Office 365 is not up to that extent. It is not up to the mark in comparison with Wiz or Palo Alto.

Microsoft Defender for Office 365 can definitely be improved.

I have five years or ten years of experience, or less or more with Microsoft Defender for Office 365.

More than 5,000 employees use Microsoft Defender for Office 365 in our company.

Microsoft traditionally gives good support, which goes with the licensing model that we have. It all depends on the licensing model. If an enterprise is E5, there might be a dedicated TAM who would support us. If not, we will have to depend on the subscription.

If we have paid for the subscription, the support for Microsoft Defender for Office 365 is going to be good. Otherwise, we can expect delays.

With a subscription for Microsoft Defender for Office 365, it is an eight. Without it, it is a six.

Neutral

Considering that Microsoft offers a whole suite of products, and if it is competitive, Microsoft Defender for Office 365 will definitely help save money in the long run.

Microsoft Defender for Office 365 is a little expensive.

We do have experience with Microsoft products, but I am just trying to understand why this is for what. We do have experience with Microsoft products, and I am trying to understand the purpose. I would also to know if there is experience with Microsoft Defender for IoT or Microsoft Defender for Office 365 and what the support options are. My overall rating for this product is six.

Our primary use cases include email protection through Safe Links and Safe Attachments, phishing detection and simulation, message quarantine and investigation workflows, and email authentication controls such as DMARC and DKIM. As a managed service provider, we use the platform both internally and across our customer environments, and we fully leverage the available features wherever licensing allows.

Microsoft Defender for Office 365 has significantly reduced the volume of email-related incidents reaching our service desk while strengthening our overall security posture. We’ve seen improved protection against phishing and malicious links, better visibility into potential threats, and faster response times for investigation and remediation.

The most valuable features are the email protection capabilities, particularly Safe Links and Safe Attachments. These features prevent users from inadvertently clicking on malicious links or opening harmful files by detecting and blocking threats in real time before they can cause any damage.

From a business perspective, this has directly reduced the number of security-related tickets to our service desk. From a security standpoint, it significantly lowers our risk exposure to phishing, malware, and credential theft, both internally and across our customer environments. As a national managed service provider, anything that reduces reactive workload while strengthening protection is a major benefit.

One area for improvement would be broader access to Security Copilot and tighter integration with Defender for Office 365. While recent licensing changes are a step in the right direction, consumption-based pricing and limited security compute units are still a barrier for many smaller organizations.

Expanding availability, lowering cost thresholds, and continuing to enhance AI-driven investigation and response capabilities would make these features more accessible and valuable to a wider range of customers. Increased availability of security-focused agents and automation would further strengthen productivity and threat response maturity for organizations of all sizes.

I’ve been using Microsoft Defender for Office 365 for several years, effectively since it became a core part of Microsoft’s security stack.

Microsoft Defender for Office 365 has been highly stable and reliable in our experience. We rarely encounter service interruptions, and availability has been consistently strong across both our internal environment and customer deployments. When issues do occur, they are typically limited in scope and resolved quickly, which has allowed us to maintain trust in the platform as a core security service.

Microsoft Defender for Office 365 scales very well with the growth of our organization and our customers’ environments. As we have expanded, the platform has continued to meet our needs without requiring significant investment in third-party tools. Most of the functionality we need is available within the Defender ecosystem, which simplifies management and integration.

In a few cases, we supplement with external tools, primarily for security awareness training, where a specialized solution is more cost effective. However, Defender remains the foundational security platform across our environments.

The primary limitation for some customers is access to advanced features that are tied to E5 licensing. While E5 delivers significant value, it is not always feasible for smaller organizations. For many businesses, E3 provides more than enough capability to build a strong security foundation while still allowing room to grow into higher licensing tiers over time.

Overall, Microsoft’s customer service and technical support are solid. The support teams are knowledgeable and typically provide helpful guidance once engaged.

That said, response times can occasionally be slower than expected, particularly for higher-tier escalations, and replies sometimes arrive outside of normal business hours, which can extend resolution timelines. While not a major issue, improving consistency in response times and communication would further strengthen the support experience.

Positive

The initial setup for Microsoft Defender for Office 365 was largely straightforward. Most core features, including policy configuration and general administration, are easy to deploy using the graphical interface, which reduces the need for PowerShell and custom scripting.

Email authentication technologies such as DKIM and DMARC require more planning and coordination with external vendors and DNS providers, but that complexity is expected and not unique to Microsoft. Once configured, however, they are reliable and low-maintenance.

Overall, the deployment experience is user-friendly, and the platform is well-designed from an administrative standpoint. Documentation and ongoing management are also simple to maintain, which helps with long-term operations and governance.

The primary ROI we’ve seen from Microsoft Defender for Office 365 is in time savings and operational efficiency. Automation, threat prioritization, and streamlined investigation workflows have reduced the amount of manual effort required to investigate and remediate incidents. This allows our team to focus on higher-value security initiatives rather than day-to-day triage.

While it’s difficult to assign a precise dollar figure, the cumulative time savings and reduced incident impact translate directly into improved productivity and lower operational risk across both our organization and customer environments.

Overall, the pricing and licensing model for Microsoft Defender for Office 365 is fair and competitive. For organizations on Business Premium and E3, the value aligns well with the cost, particularly given the depth of protection provided.

While E5 represents a higher investment, it also includes a broader set of security and compliance capabilities beyond Defender for Office 365 alone. For larger organizations, the overall value generally justifies the cost, whereas smaller organizations may find the lower-tier licensing options more appropriately scaled to their needs.

Overall Rating I'd give is a 8.5 / 10

Microsoft Defender for Office 365 has had a measurable positive impact on our security operations. It has shifted our team from being largely reactive to operating more strategically through automation, machine-learning-driven detection, and integrated investigation workflows.

The platform does an excellent job of helping us prioritize threats across the enterprise. Defender’s threat intelligence capabilities give us valuable insight into emerging risks, enabling us to prepare in advance and take proactive action rather than responding after an incident occurs. This prioritization also helps our leadership team assign work more effectively, routing critical incidents to senior analysts while allowing lower-risk items to be handled by junior staff or the service desk, which supports team development and operational maturity.

In terms of efficiency, the solution has saved us several hours per week through automation and improved alert correlation. Our time-to-detect and time-to-respond have improved significantly, with faster response times by at least an hour in many cases. This has helped prevent larger incidents such as phishing campaigns, malware spread, and email-based attacks from escalating into larger business impacts.

From a financial perspective, while it’s difficult to quantify exact savings, Defender has clearly reduced risk and prevented more costly security incidents for both our organization and our customers.

Microsoft support is solid but has room for improvement; we would rate it around 7 out of 10, primarily due to delays in communication during emerging incidents when faster proactive notification would be helpful.

Advice to others: If you operate primarily in the Microsoft ecosystem, Defender for Office 365 offers a strong, integrated security platform that covers the majority of most organizations’ needs. While some third-party products may excel in niche areas, Microsoft delivers a well-rounded solution that continues to improve rapidly. For many businesses, sticking with the Microsoft security stack delivers excellent value and operational efficiency without the complexity of managing multiple vendors.

My main use cases with Microsoft Defender for Office 365 are for the email gateway and anti-phishing.

The feature I appreciate the most in Microsoft Defender for Office 365 is anti-impersonation.

I find anti-impersonation to be a smart technology that uses AI and detects anti-impersonation emails.

I also appreciate the threat tracker, which gives good insight into the threats and allows for exploring them.

My impression of the visibility into threats that Microsoft security solution provides is that they are working on it, getting better at it, and showing more and more visibility, which is positive.

I think there can be improvement in prediction, specifically more prediction capabilities.

Prediction features where the AI and the LLMs would be much more improved is what I am looking for, which they are already doing. They are working on it.

I have been working in my current field for fifteen years.

I assess the stability and reliability of the solution as seven out of ten.

I did not experience any downtime and crashes.

I considered other solutions like Proofpoint before starting with this; it is siloed and different. If you get Microsoft 365 E5, you already have Microsoft Defender for Office 365, so you do not have to double license and double pay.

I have seen a return on investment from it; it is absolutely a great return on investment because I am saving money and time.

We sell Microsoft Defender for Office 365 a lot because it is a good feature within the Microsoft suite that protects emails, the Microsoft 365 ecosystem, SharePoint, OneDrive, and everything.

The solution does help me automate routine tasks.

An example of automation in Microsoft Defender for Office 365 is the automated investigation and response feature, which is where it gets automated and then can take action on my behalf. This is pure automation.

The solution helps me prioritize threats across the enterprise.

Threat intelligence does help me prepare for a potential threat before it hits.

Microsoft Defender for Office 365 saves me time; it does save a lot of time, especially with the automation.

For example, if a threat came in at three in the morning, I do not have to wake up and work on it; it will automate and do the job on my behalf using all the AI capabilities.

It also saves money because it consolidates multiple security features into one. Instead of having multiple platforms and multiple siloed vendors, I have one that helps save money as well.

It helps save time for detection and time for response.

I would say it saves about forty to forty-five percent of time.

I do not deploy Microsoft Defender for Office 365; I just design.

I rate this solution an eight out of ten.

My main use case for Microsoft Defender for Office 365 is as an end user on my machine. It protects my machine through virus scans and ensures from a company perspective that I am not running any unauthorized programs. It also allows me to quickly scan files or things to give me peace of mind.

The feature I like the most about Microsoft Defender for Office 365 is that it typically runs in the background. You do not know it is there until you need to access it. Although, if it is doing a deep scan or an intensive check of your machine, that can impact what you are doing at the time. From an organization perspective, it allows my organization to manage it centrally, set policies, and push them down. Everyone has a unified layer of security, effectively.

Microsoft Defender for Office 365 helps automate some routine tasks by automating keeping my machine safe, effectively. It just runs in the background. Once it is set up and configured centrally, it does what it should do.

There are some improvements that can be made to Microsoft Defender for Office 365 because there is a push and pull between what end users need from their machine and what they need to do. Different people in an organization need different things from the machine. From a development point of view, if I wanted to do development on my actual machine where Defender is, the organization can set certain policies or Defender makes that prohibitive. You need admin access to overstep, and then it becomes opening back doors. Apart from that, for a typical end user, it is fine. It does what it needs to do.

I have been using Microsoft Defender for Office 365 for a good few years. I am not sure in total, but more than two.

I have never experienced downtime or crashes with Microsoft Defender for Office 365. If it is doing a really deep scan, it is going to impact RAM and CPU at times, but it is pretty easy to understand why it is doing it and make sure it is scheduled outside of when you are doing intensive work. That is the only other thing. I have never seen a crash.

Microsoft Defender for Office 365 prioritizes threats well. I do not know too much about the inner workings of it, but it is obviously up-to-date. It is managed through the cloud, so it is always up-to-date with vulnerabilities and different attack vectors. From a Windows perspective, there are typical attack approaches and it has them all covered.

I have seen some kind of return on investment from Microsoft Defender for Office 365 because as an organization, having multiple security wrappers around everything we do is incredibly important because everyone is obviously a target. What we do has different threat vectors that we need to be careful about. Also, from an auditing point of view and just being super safe in terms of what we do and interacting with customers, it is really important to be safe. It is one of the tools we use to do that.

Microsoft Defender for Office 365 threat intelligence does help me prepare for potential threats because it is never going to give you complete peace of mind, and there are other tools that we use for protection, especially for phishing attacks and other ways that you can be compromised. From an end user point of view, they are so far abstracted from all of that. They just want to get on with their job. I think it does a fairly good job of doing what it is supposed to do.

Microsoft Defender for Office 365 saves me time in how it is less about time and more about when it is running and doing its thing. Is it getting in the way? Are you getting lockups? Is it taking down the performance of your machine? For the most part, it is pretty good. It schedules fairly well when it is going to be running deep scans. I know where to find it. It is super easy to get hold of if I need to quickly scan something. It is built into context menus, which is really helpful. You do not have to go looking for it.

Microsoft Defender for Office 365 is pretty good overall. I have used many different tools in the past, and in terms of that world, it is pretty good. I would give it a rating of eight out of ten.

My main use cases for Microsoft Defender for Office 365 include email hygiene.

What I like the most about Microsoft Defender for Office 365 is the way it integrates with Exchange.

These features benefit my organization by allowing for anti-phishing, anti-spoofing capabilities, and a product that helps remove the noise and unwanted emails for us.

I think Microsoft Defender for Office 365 can be improved by creating more educational pieces about not just looking for malware. We are seeing a lot more malware-less emails that Defender for Office 365 has to tackle. It takes time, but getting to the point where it can identify and report on those would be the next step that would help.

I have been using Microsoft Defender for Office 365 for eight years.

I assess the stability and reliability of Microsoft Defender for Office 365 as quite an intelligent tool, since there are many threat detection points, which leads me to believe it is the product that does what it says it will do.

I haven't experienced any downtime, crashes, or performance issues.

Microsoft Defender for Office 365 scales very well with the growing needs of my organization. When I add licenses or users, I can update the licenses and the policies get filtered down.

Prior to adopting Microsoft Defender for Office 365, I was using Proofpoint.

My experience with deployment was straightforward. Intune was set up, so it was very straightforward to put the policies in, and there were no issues on the deployment side.

I have seen a return on investment by not getting hacked, which is always a savings.

My experience with pricing, setup, and licensing is that it's actually quite reasonable even on the licensing side as a standalone product. It's very competitive compared to what competitors are charging.

Before I switched over, Proofpoint was the other solution I considered before selecting Microsoft Defender for Office 365.

Microsoft Defender for Office 365 allows me to prioritize threats across my enterprise. It allows us to report emails that we want our IT to be aware of, so other users can be made aware of those threats and can be treated accordingly.

Microsoft Defender for Office 365's threat intelligence helps prepare me for potential threats before they hit and allows us to take proactive steps. From an email hygiene perspective, if we see what kind of emails or phishing attacks come in, it allows us to prepare for what's out there, including zero-day attacks.

This threat intelligence has affected my security operations by reducing the time it takes to investigate emails because of the automation. We also get the threat intelligence from Microsoft because many other users are using the same product.

Microsoft Defender for Office 365 helps automate routine tasks and helps identify high-value alerts. Automation is key because it allows us to be fast and enables us to push those policies across the company without using individual machines.

Microsoft Defender for Office 365 has saved me time overall. It's difficult to quantify how much time I save per week or per month because of the automation and the way the system is designed, but I would estimate it has saved about ten to fifteen percent of my IT staff's day with automation, as the system allows our IT folks not to analyze every email.

I cannot know the exact dollar figure or amount of money it has saved, but if I quantify that based on the time it has saved, I would draw a parallel between those two compared to just the straight product cost.

Microsoft Defender for Office 365 has decreased my time to detection and time to respond by one hundred percent.

I would rate Microsoft Defender for Office 365 as a seven to eight on a scale of one to ten. My advice to other organizations is to invest in Microsoft technologies and use the single pane of glass.

My main use case is to showcase Microsoft Defender for Office 365 to help demonstrate the product so we can assist Microsoft in selling it to other companies.

The coolest feature of Microsoft Defender for Office 365 is its ability to look for phishing emails. That has been one of the biggest problems I have seen in my previous companies—detecting phishing emails and identifying bad actors who are trying to steal information, whether they are posing as managers to subordinates or even as our clients. Microsoft Defender for Office 365 stops that in its tracks.

Microsoft Defender for Office 365 works really well. It gets better each year as the technology develops. It saves us time—I would say it saves us 50% less time instead of having to manually look at emails in Outlook.

I use Microsoft Defender for Office 365 to automate tasks. You can use the AI agents to automate the tasks and then they can do it for you. That is where the time savings come in.

Microsoft Defender for Office 365 saves us time and money. Time is money, and money is time.

I think if Microsoft Defender for Office 365 could provide a report at the end of each month showing how many emails it has stopped and how well our systems are working, along with suggestions on ways we can improve our own systems and other products we could use that work better with it, that would be helpful. I do not see that functionality right now while we are developing this.

Our company designs these products to showcase Microsoft Defender for Office 365, so I have been using it since I started two or three years ago.

I have not noticed any downtime or crashes with Microsoft Defender for Office 365.

Microsoft Defender for Office 365 scales with time. We try a lot of Microsoft products because they are our biggest client.

Microsoft Defender for Office 365 works pretty. Sometimes I have to recategorize things when it takes the wrong step and I do not want it to classify something as suspicious. But most of the time it works when you play with the tool and make it work for you in a better way.

For the most part, Microsoft Defender for Office 365 prioritizes threats by making sure, especially in Office 365, that people do not click on links and things of that nature. If it detects a threat, I can go in and double check those emails to determine if it is correct or wrong. I think it does a pretty good job at that. But once in a while it goes the wrong way and I have to recategorize it.

Mostly the important threats are getting detected by Microsoft Defender for Office 365.

For us to design Microsoft Defender for Office 365 for Microsoft, we deployed it in our own email systems to see how it works and to figure out how many emails it stops. Once we know how the program functions, we can present it so Microsoft can sell it more effectively. I would rate this product a ten out of ten.

We have expanded usage by migrating everyone to Intune-managed devices so they are on Microsoft Defender for Office 365, which was one of our big projects this year to move off our old system.

Positive

I use Microsoft Defender for Office 365 on my personal computer, and it's easier here because I don't use the internet to visit inappropriate pages or download anything suspicious from rare sites.

I use Microsoft Defender for Office 365 only on-premises, not cloud, because for cloud services, I use my Gmail account.

Microsoft Defender for Office 365 meets my security needs, as it helps me monitor how my computer is performing. Although I am a cybersecurity specialist and have other tools, I use Microsoft Defender for Office 365 to check my computer and those of my parents or friends.

I am using Microsoft Defender for Office 365, as well as Microsoft Process Explorer, but not much else yet because I work everything in virtual machines.

Microsoft Defender for Office 365 is always active on Windows; I didn't need to configure anything, and if there's something different or suspicious, it alerts me immediately. It's very easy to use. I know that it's a very simple defense, but I use my computer very carefully.

What I appreciate about Microsoft Defender for Office 365 is that it's free and comes as an on-premise product by default, so no additional setup is required. It comes by default and gives the client a safety sensation, allowing people to be careful and more relaxed with their computer.

I have seen benefits from using Microsoft Defender for Office 365, as it gives users a relaxed feeling of being protected. I don't usually experience any alerts unless I am playing in Hack The Box and using a virtual machine.

The integration of Microsoft Defender for Office 365 with other Microsoft products enhances my security, as I don't have any problems with the whole Microsoft product suite.

I think that Microsoft Defender for Office 365 could be improved if it could use VirusTotal to compare the programs or anything that I download. VirusTotal helps to identify viruses, malware, trojans, and worms. For example, if I download software to edit videos, if it could scan it through VirusTotal before I execute the installation, it would tell me if the software has anything suspicious.

I have been using Microsoft Defender for Office 365 for approximately two years.

I rate technical support from Microsoft a 10 because when I have a problem with my computer, they have always been very good.

Positive

At this moment, I'm not using any solutions because I was only making a market study of Proofpoint and Perception Point.

The threat investigation tools in Microsoft Defender for Office 365 don't influence my security response times too much because now I am not working with it, but I am very careful with my computer since I know how the field is.

I am not using any artificial intelligence with Microsoft Defender for Office 365; I only use ChatGPT for my personal use.

I haven't recommended Microsoft Defender for Office 365 yet, but if I have a situation where I need to recommend it, I would do so.

I rate Microsoft Defender for Office 365 a nine out of ten.

My current use cases for Microsoft Defender for Office 365 are email security, device security, and identity security. Those are the main three ways we use it.

The anti-spoofing technology has helped protect our executives. 

The most valuable feature I have found in Microsoft Defender for Office 365 is email security, which is pretty valuable. They've come a long way from when I started looking at them a couple of years ago, and they've gotten a lot better in detecting phishing and spoofing attempts.

An example of how Microsoft Defender for Office 365 features have helped improve my company is that the anti-spoofing technology is effective in preventing executives from being victims of display name spoofing. It has helped prevent many such incidents within our organization.

Microsoft Defender for Office 365 solution helps prioritize threats across my enterprise.

The prioritization provided by Microsoft Defender for Office 365 is very important because email is probably one of the most common attack vectors for us, and it helps us justify the cost associated with and the need for such a tool.

The threat intelligence from Microsoft Defender for Office 365 helps prepare us for potential threats before they hit and enables us to make proactive steps, as it gives us IOCs and helps us make more informed decisions.

The threat intelligence from Microsoft Defender for Office 365 has not really affected my security operations.

Overall, the solution has saved me time, approximately a month.

It has saved me money, as it has prevented common attacks that we've seen in the past before we had Microsoft Defender for Office 365. We just haven't realized it because it's been pretty effective.

The security has significantly decreased my time to detection and response.

In the areas of improvement for Microsoft Defender for Office 365, the console is the biggest challenge for me. There is a different console for different things; I just want one consolidated console.

I have been using Microsoft Defender for Office 365 for approximately seven years.

I would assess the stability and reliability of Microsoft Defender for Office 365 as very stable, with barely any issues. The false positive rate is very good as well.

The scalability is seamless. 

My experience with customer support and technical support for Microsoft Defender for Office 365 has been excellent.

Positive

Prior to adopting Microsoft Defender for Office 365, I used other solutions such as McAfee and Proofpoint, among others. We've tried them all.

We switched to reduce costs and based on its out-of-the-box simplicity of use. 

The initial setup is simple, however, you do need to get well-versed in the different consoles. We use different clouds and they all integrate well. 

It is challenging to quantify with Microsoft Defender for Office 365, however, we have seen a return on investment.  

In terms of the areas where I saw that return on investment with Microsoft Defender for Office 365, it is related to the risk to our environment, specifically regarding users being scammed or phished. We've seen a significant reduction there.

It's likely saved us money. We likely haven't realized it since the security has deflected threats. 

I did consider other products before switching to Microsoft Defender for Office 365.

What made me ultimately choose Microsoft Defender for Office 365 was the cost reduction and the ability to turn it on and let it go without a lot of customization.

Microsoft Defender doesn't automate routine tasks; we do it more manually, and we also have our MSSP. We don't use a lot of the built-in technology for that. 

The automation in Microsoft would have made it more streamlined. Since we outsource it, we rely entirely on MSSP for that. We do it manually and don't use much of the automation aspect. 

On a scale of one to ten, I would rate Microsoft Defender for Office 365 a nine.