Microsoft Defender Threat Intelligence [EOL] Reviews

The primary use cases for Microsoft Defender Threat Intelligence in my organization involve addressing vulnerabilities we faced in one of our primary services. We had a scare, and that's when we deployed Microsoft Threat Analytics. The preemptiveness really assisted us in dealing with the issue, especially because our on-premise directory was down the whole time, and we didn't understand what was the issue. Microsoft managed to resolve that for us.

The features that I find most valuable in Microsoft Defender Threat Intelligence include the Sentinel part of it. There are several features we've looked at, including Sentinel as well as extended Defender, which is XDR. I've used those two, and that's what I've found quite useful for us, especially in the hardening and analysis part of the whole threat analysis.

We use the real-time threat detection features in Microsoft Defender Threat Intelligence. If it wasn't for that real-time threat detection on the vulnerability, I think we would not have survived the attack.

The integration capabilities of Microsoft Defender Threat Intelligence with other Microsoft security tools have benefited our organization's threat management process by initially being quite a challenge, especially coming from other security tools such as Fortinet and Check Point. However, once you've gotten used to it, it's quite easy and user-friendly. The dashboard, especially the threat analysis dashboard, is quite detailed in terms of providing a view of which areas in our environment need attention, making it quite useful.

In my opinion, the main area of improvement for Microsoft Defender Threat Intelligence is related to how information is conveyed. These tools are mainly for technical individuals, and it would be beneficial for end users to receive alerts in layman's terms regarding threats and security updates. If Microsoft could direct critical messages regarding updates or vulnerabilities affecting users' environments, it would help users understand the importance of security updates, especially in organizations where IT is sometimes viewed as an operational blocker.

I've been working with Microsoft Defender overall for a while. I can't remember exactly, but it has been quite some time.

I would give Microsoft an eight for their technical support. It is a good product, and I believe eight is a fair score from my side.

Positive

I would say absolutely that I've seen return on investment with Microsoft Defender Threat Intelligence. It's a value-for-money product. To have such a suite with the amount of money we pay compared to others, it's definitely a return on investment.

At the moment, I've been dealing with Microsoft Defender for IoT and Defender for Cloud Apps, specifically working on Defender for Business as well as Defender for Endpoint. I deployed Defender for Cloud, and this is the first time we use the cloud version of it.

I am dealing with Microsoft Defender Vulnerability Management and Microsoft Defender Threat Intelligence. We constantly work with Threat Intelligence, as well as the vulnerability assessment and management.

I haven't utilized the customizable data views available in the solution dashboards, as I haven't delved deeper into that level yet. We are busy with the migration at the moment, which I'm leading and managing. Once we are fully migrated to the Azure cloud environment, my next project is to ensure that we achieve at least 60% of compatibility and compliance with Microsoft.

Measuring the effectiveness of how Microsoft Defender Threat Intelligence minimizes time spent on addressing false positives and other problems focuses on alerts to see whether we are getting those alerts. Microsoft managed to prevent issues for us proactively. That's one of the metrics I would use, along with hunting and other metrics that we'll explore once we fully deploy Microsoft.

The impact of automated threat intelligence sharing and collaboration on my organization's collective defense strategies is part of our key information and data security strategy. Our information and data security strategy is centered around Microsoft Threat Intelligence and their automated features from the Defender side or security side. We are not using any other product except for Microsoft, and we rely on that.

I would definitely recommend Microsoft Defender Threat Intelligence to others. It's a feature-rich tool, and it's very important for organizations to have something this comprehensive. The fact that it is inherently embedded in Microsoft systems we fully utilize makes it a core foundation for anyone focusing on hardening their security environment.

Overall rating: 8 out of 10

We have tried Microsoft Defender Threat Intelligence.

I have expertise with Microsoft Defender products.

I am not familiar with Microsoft Defender for IoT because we did not use that in our environment since we had a different solution.

After threat detection, it is absolutely effective for threat detection.

The automation helps in detecting and deleting threats.

Our threat detection is enhanced due to the AI agents in Microsoft Defender Threat Intelligence, which helps in detecting automatically.

We have an organization called Cybersecurity whose primary job responsibility is to protect data and ensure every system is up to date. Microsoft Defender Threat Intelligence helps to make sure that our systems are intact and not vulnerable.

From the telemetry data standpoint, I would prefer Defender data to be more open in future updates.

My overall experience with it is more than 2 years.

It was very easy to deploy Microsoft Defender Threat Intelligence.

It is an absolutely scalable product.

They are very helpful and supportive.

Positive

From this standpoint, we are satisfied and I have not encountered any situation where Threat Analytics impacted our security.

It took 20 to 30 minutes to deploy it.

Maintenance for this solution is done automatically through the Cloud.

Microsoft Defender Threat Intelligence delivers value because we do not need any NC data protection software; it is one and the same.

There are additional costs to consider when purchasing Microsoft Defender Threat Intelligence.

There are additional costs to consider when purchasing Microsoft Defender Threat Intelligence.

If asked to rate the price, I would say it is around five out of 10.

I will recommend Microsoft Defender Threat Intelligence because it is a complete automation solution for threat production detection and an end-to-end solution for client security.

Unfortunately, specific examples cannot be discussed here while using threat protection or looking out for present threats.

I do not have a business relationship with Microsoft.

I rate Microsoft Defender Threat Intelligence nine out of ten.

We are using Microsoft Defender ATP specifically as an email security solution, as well as for our critical servers as a web security solution. We have almost eleven hundred users utilizing it for email security.

One of the best features is that it provides a certain level of customization, allowing us to set our spam confidence levels. It also captures phishing and scam emails and protects the environment at a tenant level. 

The customization, spam confidence level, and email security are robust. The solution can quarantine certain emails using Threat Intelligence and allows users to release emails from quarantine themselves. 

If a new phishing attack is detected, users can report it, enabling the solution to analyze and take corrective actions.

Some of the customization features could be improved by providing a portion of it as open source. This would allow integration with other solutions, enhancing Threat Intelligence. Providing code customization would help keep pace with new vulnerabilities and threats.

In this organization, we have been using it for almost six years.

It is very stable. It provides a high level of security and avoids phishing and scam emails.

If there were some customizations available, I would rate its scalability as nine  out of ten. It gives very good insights from email to endpoints.

The level one support is not very technical and needs improvement, especially considering the criticality of data security. However, level two support is knowledgeable and knows how the product works, which is very good.

Negative

Previously, we used Endgame and Check Point Security. One reason for switching to Microsoft was the integration with our Microsoft tenant, and Defender ATP was less complex and more cost-effective. We also did testing with it for six months and were satisfied with its performance, which led to the switch.

For a technical person, the initial setup was not very difficult. However, for someone new to Microsoft, the initial configuration is a bit complex. Microsoft has recently introduced Copilot for Defender ATP, which helps in the configuration process.

We evaluated Endgame, Check Point Security, and solutions from Elastic before settling on Microsoft Defender ATP. Check Point is a very good solution, but due to technical features and cost, we switched to Microsoft Defender ATP.

I would rate Microsoft Defender ATP as nine out of ten.

In the last five years, it has notified us about attacks and has successfully blocked many. We have never experienced a single breach.

It helps to monitor by providing the best 24/7 monitoring integrated with Sentinel and IBM systems.

It works well when customers also use Azure, an added advantage. Even the cloud is from Microsoft, making it a complete Microsoft ecosystem. Sometimes, the customer has no other choice but to go with Microsoft because everything is integrated with Microsoft products. However, this can disadvantage non-Microsoft products, as they may not integrate as smoothly.

There are weaknesses, and  Microsoft is working on addressing them. Over the past three to four years, the ATP and other components have improved significantly, and the integration has also advanced.

We are using third-party services. While we have Microsoft Threat Intelligence, which leverages Microsoft's facilities, we also utilize additional third-party threat intelligence. As of today, we don't completely rely on Microsoft for certain regions. This is an area where Microsoft needs to improve. Consequently, we use Anomali, a third-party threat intelligence provider. We integrate our product's intelligence with Anomali, from which we obtain threat insights.

Microsoft products offer significant advantages, especially in the realm of threat intelligence. It works very well with Microsoft products. However, you might need additional services if you have non-Microsoft products in your environment. For instance, if you use Apple or Linux, Microsoft's solutions alone might not be sufficient.

If they can work more effectively, especially with zero-day attack speed and other sophisticated threats, it will help us provide our customers with timely newsletters about new attacks. 

I have been using Microsoft Defender Threat Intelligence as a partner and reseller.

Microsoft offers a package with a per-system cost. After discounts, it can be less than two to two and a half dollars.

Customization was not available before, but now there are many options. You can customize various features. However, there is still a long way to go regarding setting and seasons. Currently, the advanced features are perfect for Microsoft code. Defender and Second Agent Services are about integrating your team and security systems. You need to identify threats, zero-day attacks, and other issues before they occur. Your feeds and other tools can actively prevent security incidents.

 We have integration with Anomali and IBM. We use Microsoft, but on top of it, we have some additional pay. We use Microsoft 365 and cloud apps, and they are very strong.

Overall, I rate the solution a seven to eight out of ten.

The solution blocks incoming threats on the local PC or any cloud-based threats. The solution allows us to have information in advance about any upcoming threats. It may be detected on one user but could spread across multiple users.

The solution could be more stable and precise because, at times, the threats detected are not legitimate.

I have been using Microsoft Defender Threat Intelligence for two years.

Microsoft Defender Threat Intelligence is a relatively stable solution, but its stability could be improved.

Around 700 users are extensively using the solution in our organization on a daily basis.

I rate the solution a seven out of ten for scalability.

The solution’s initial setup is simple.

The solution’s deployment took around four weeks.

The solution's pricing is part of the overall Microsoft 365 licensing. The solution's pricing is reasonable and not very expensive. Users have to pay a yearly licensing fee for Microsoft Defender Threat Intelligence.

We have an available agent running on our PCs that sends us notifications. We have a team that looks through the console, identifies the threats, and determines what needs to be done. The solution enables us to be on top of any upcoming threats. The solution also helps us to be proactive before threats impact several users.

Microsoft Defender Threat Intelligence is deployed on the cloud in our organization. I would recommend the solution to other users. They should evaluate other products before choosing Microsoft Defender Threat Intelligence. The solution is good, but there are better products than Microsoft Defender Threat Intelligence.

I rate the solution between seven and eight out of ten for its accuracy and the timeline of the threat intelligence data provided by the solution. The main benefit of using the solution is that it works well with a lot of other Microsoft products we are using.

Overall, I rate the solution a seven or eight out of ten.

Microsoft Defender Threat Intelligence is used by a lot of companies to cover areas like endpoint protection, cloud workloads, and Microsoft Office 365, making it a full-blown product.

The most valuable feature of the solution is that the tool offers not just one but all of its features or tools to the companies where it is used.

The price of the solution is an area of concern where improvements are required. In general, the solution's price needs to be reduced.

I have been using Microsoft Defender Threat Intelligence for almost three years. I use the solution's latest version.

I didn't face any issues with the tool. Stability-wise, I rate the solution a ten out of ten.

The tool's scalability is great as it is a cloud-managed product.

Around 1,200 people in my company use Microsoft Defender Threat Intelligence. In the future, we plan to increase the tool's use, starting with 300 employees initially and increasing the limit as the company grows.

I interacted with Microsoft's technical support a couple of times, especially when we had to develop the product, and some issues cropped up occasionally.

I have experience with other products like Trend Micro, Kaspersky, and a lot of other products in the market. Some companies offer competitive solutions, but I think if you want a one-stop shop for everything, then Microsoft is the best.

There is a difference between Trend Micro, Kaspersky, and Microsoft. Trend Micro or Kaspersky offer more niche products. Microsoft offers products to cover most of the area in the company.

A person needs to have some knowledge to maintain and configure the tool, but a lot of support from the vendors or integrators is available from the market.

The product's deployment phase consists of getting the installation package from the vendor side and then going step by step with the setup process according to the IT environment, making it an easy process.

The solution is deployed on the cloud.

I rate the solution's ROI an eight out of ten. The solution's ability to deal with multiple security issues in our company is something that makes it invaluable for us, as it can cost you millions of dollars if something wrong happens in your environment. The product works for us, and it is good to invest as it offers protection to my company.

The licensing costs of the solution are something that falls under the agreement from Microsoft's end. If you use Microsoft products, it's easy to get the licenses for Microsoft Defender Threat Intelligence. The licensing costs of the solution are balanced, in my opinion, since in some cases, you may need to spend some money, which may not be for the product you want, but for some other products that are more expensive and provide less coverage than what you need. I rate the product's price a six or seven on a scale of one to ten, where one is expensive, and ten is cheap.

I don't have any issues with the tool's price and performance. The tool's  performance is one of its good areas. The tool is managed from the cloud, because of which the maintenance is very low.

I think Microsoft Defender Threat Intelligence is one of the best all-in-one systems presented in the market currently.

Before using the product, one needs to have a good overview plan because many of the product's parts need to be implemented in different areas of the company.

I rate the overall tool a ten out of ten.

From a threat intelligence perspective, we use Microsoft Defender in conjunction with Azure and the cloud for our cloud-based customers. It helps us defend against various types of malicious code, whether it's through email inbounds or uploaded through USB sticks. It offers a wide range of capabilities.

Microsoft Defender is delivered in different components. One of them is the Microsoft community, where they share information about discovered malicious code, and remediation is promptly provided. This collaborative approach ensures that threats found in one country can be quickly addressed in other countries.

The global review and remediation of malicious code is probably the most valuable feature.

It's difficult to provide direct feedback to Microsoft, even as a Microsoft partner. However, the community out there supports and assists each other if that helps.

Microsoft itself is a major target for attacks and threats due to its size and popularity. That could be considered Microsoft's Achilles heel. Being the largest technology provider attracts significant threats. Microsoft is constantly fighting against threat actors trying to breach its technology. So by being the biggest, you attract the biggest threats.

I believe Microsoft could play more nicely with other IT security vendors. Currently, if you want your technology to integrate with Microsoft, you have to go through an extensive testing program to ensure compatibility with Azure. So, even the partnership program could be more efficient, allowing for smoother integration.

I've been working with it since its inception. I've been involved in IT security for over thirty years, so I've seen it evolve.

If I were to rate the stability, I would say it's around an eight. However, there are occasional outages in Microsoft 365. So, stability can vary depending on the region, and there are instances of outages.

I would give it an eight, without a doubt. It's highly scalable. Microsoft Defender can fulfill the needs of both small businesses and enterprise businesses effectively.

Directly contacting Microsoft can be quite challenging. However, there is a community platform where users can find resolutions to specific issues. Microsoft also has an extensive patching program, and Microsoft releases updates to its solutions on the first Tuesday of every month.

Positive

Microsoft Defender is comprehensive. It covers areas such as email security, local firewall, and anti-malware. It's a comprehensive solution with different components within Defender. It also supports the operating system, Windows 11. 

It's not limited to a single function. Defender encompasses various security aspects, like email security, local firewall, and anti-malware. Moreover, it's designed to work seamlessly with Windows 11.

On a scale of one to ten, where one is the most difficult and ten is the easiest, I would say it's around a seven or eight. No software is perfect, including Microsoft.

Most organizations are moving to the cloud now, so the majority of deployments are in the cloud. However, we don't provide extensive support for that. The deployment depends on how the customer wants to set it up. A lot of it is in the private cloud, but it is essentially in public areas. It's a combination of both.

The deployment process can vary, but on average, it can take anywhere from two to twenty-four hours, depending on the tenant and whether it's a single or multiple tenancy setup. So, it depends on the specific circumstances.

Considering Microsoft is constantly changing licensing, I would give it a seven out of ten. It can be difficult to get your head around it, especially for small to medium-sized enterprises (SMEs) like most of my clients. We typically deal with E3 licensing rather than the larger corporate E5 licensing.

So, the pricing is subject to changes, and it can be complex, especially for SMEs. It's traditionally based on E3 licensing for our clients.

I wouldn't always advise my clients to exclusively rely on Microsoft products. However, they should derive maximum benefits from the licensing they pay for. For example, you can't simply purchase Defender on its own because it's bundled with the operating system. So, that question loses some relevance since you already have it regardless of choice. So, the value of Defender is already included with the operating system, and users don't have the option to choose whether to have it or not.

However, you can explore other solutions to enhance the security of Windows 11 or Windows 10, such as cloud-based options. But I would suggest making the most out of Defender. If you encounter any limitations, then you can consider other technologies to fill those gaps. So, it's about maximizing the potential of Defender and, if necessary, supplementing it with additional technologies.

You have the option to bolster the security of your Windows system with other solutions if needed, but Defender should be your primary focus.

Overall, I would rate it an eight out of ten because it is bundled with Windows OS. However, it doesn't cover all threats, and it remains a target for threat actors. So, depending on your business needs and the specific areas where Defender falls short in delivering effective security, you may need to supplement it with other technologies to strengthen your overall security position.

We've used it in many different scenarios, including enterprise and SMB - all kinds of different situations.

It really depends on how people want to receive their threat intel. Most people want to keep it in Microsoft using the Defender console. Some people just ask to fill in Sentinel and integrate it with Azure Sentinel. Some people want those events going into their SIM. We've had all of the above use cases.

One of the most valuable aspects is that Defender is a native Microsoft solution. 

You own your own data. With CrowdStrike and Rapid7, and other products, your log data leaves your tenant, it goes into their system, and they produce the analysis on their technology. Therefore, although you're running the agent instead of giving them the signals, you're really giving up a lot of your data for their own personal gain. Defender's biggest competitive advantage is that your data stays within your tenant, and you own it.

It naturally keeps getting better and better. They have a very transparent roadmap for the product. We don't have any concerns or complaints. Defender exceeds expectations, especially for someone who's flipping from CrowdStrike or Falcon XR. This is night and day.

We have Microsoft bias. We generally don't have any significant negative feedback or improvement points around Defender, EDR and CMDR platforms. It does a good job across the board. 

The price point is something they can improve slightly for those who don't have an M 365 E5. I believe it's a $2.80 cents add-on. In Canadian, that's expensive. If they can drop it to a dollar, for those who don't have M 365 E5, they're going to open up market share and increase affordability for an entire market segment in the medium business category. Other than that, we have no major negative feedback.

We've been a security company since 2007. Since the day Defender was born, we've been dealing with it.

I have not met a more stable product before.

The clients we deal with are big, many with 33,000 to 50,000 endpoints.

It is fantastically scalable. 

We're a premier partner with premier support and we're a Premier Gold Partner. We bought Microsoft Premier Support. We have zero complaints. We pick up the phone a hundred percent of the time and get the help we need.

We've dealt with solutions such as CrowdStrike and Rapid7.

You need to have a partner install it. Microsoft is a partner-to-partner-driven ecosystem. It is complex. You need depth and knowledge of understanding of security, as well as Microsoft technology. It's not something you can right-click, install, and go next, next, next, and it just works. And nor should any security product be that way. If you don't know what you're doing, you shouldn't be installing it.

It requires a proper design, and it requires a proper thought process before you can just roll it out.

You have to have a proper implementation strategy and a backup plan. Typically, we like to use SCCM or Intune to push and manage deployments with proper scripts since we're usually uninstalling a Carbon Black or a McAfee or a Symantec while we're putting in Defender. And we're touching servers and users, so we want to minimize the number of times we touch these things. The more times you touch a server, the chances are you will run into a problem. So we like to group our uninstall and install scripts, reboot all at once, and streamline the installation. 

There's a lot of testing that goes on. In an organization with 50,000 endpoints, we're testing 5,000 devices before rolling anything out. The rollout is scheduled. It's complicated. It happens at night. There's a batch. You do them in batches as you don't want to go straight at it. We will turn it on for 5,000 things at the same time. The average implementation for a 200-user company should take between three to four months.

The beauty of Microsoft, if you have a Microsoft environment, is you just need Microsoft people to maintain it. Your existing IT department can keep the product up to date with Patch Tuesday. There is not an out-of-cycle update required. That's what I keep driving home to people, how many third-party products do you want to maintain, patch, secure, troubleshoot, and bug fix for? Pick one platform, put all your eggs in that basket, and do an outstanding job at securing that basket. That's what Defender helps you do.

From a client perspective,  the return on investment comes by streamlining on one platform like Microsoft. By eliminating third-party platforms, you save about 62% on your technology or your security budget. Then you also broaden the depth of your security intelligence since Microsoft is the only system with 1.3 trillion security signals daily. You're getting a more comprehensive threat intel, plus you're getting it on a single pane of glass.

We're a Microsoft partner and reseller.

I'd rate the product ten out of ten. 

It aligns with the best practice philosophy of proper security organizations. It is cost-effective. It flattens your threat plane to a single pane of glass. It allows you to manage your environment with a standard, generally available skill set in the marketplace. Therefore, you're saving money on staffing your IT team as well. You get those savings of 62% by moving to an all-in-one Microsoft solution.

The solution is used for threat intelligence. The tool enables us to detect potential breaches and react to them proactively. Alerts are sent to our SOC team. Our SOC team investigates whether it's a positive or a negative alert. Depending on the result, a playbook is started.

The product runs so smoothly in the back end that we don't experience a hands-on. There is no performance degradation. It does what it is supposed to do. It detects what it is supposed to detect. We are happy with the tool. We didn't have an active incident for the last couple of years. The tool can proactively detect potential incidents.

The price could be improved.

I have been using the solution for five years. We've always tried to use the latest version, which the vendor recommends.

I rate the tool’s stability a ten out of ten.

I rate the tool’s scalability an eight out of ten. We have more than 10,000 users. Occasionally, we have some complaints about the performance, but those are unique cases. We have a 90% positive experience with the solution. We can manage the security with a global team of less than 30 people.

I am a technical person, and it is simple for me to handle the deployment. It is a major project. We assess the potential impact in the analysis phase. It takes a couple of months since we're a global company. We have to rely on external sources. From analysis to implementation, it took about six months to replace and implement a new security tool fully.

We are proactively detecting attacks. A few of them were real targeted attacks, and we were able to avoid them. The fact that we could deliver it to the business gives value to the product.

The price is reasonable for the quality that the tool provides. Every given product with an ecosystem has a very low price to attract customers. Once people are satisfied, the vendors tend to increase the prices. It's a closed ecosystem, and they benefit from the ecosystem. They tend to mention that the price rise is due to inflation, but we all know it's about revenue.

We evaluate several vendors and products. Microsoft Defender Threat Intelligence’s integrity with our existing ecosystem was a big benefit. We evaluated the tool with a red team/blue team approach. It was the best product evaluated by our teams.

I contact Microsoft when we have to do negotiations or technical improvements. People considering buying security tools must take their time and not rush. They must consider their business requirements and what they want to achieve. They must ensure that they have considered everything that impacts the user experience. Overall, I rate the product an eight out of ten.

I use the solution in my company since, overall, it is a good tool. You get good insights and details with the product. With the tool, you have good visibility over the underlying vulnerabilities in your environment, so you can act within the time for its remediation and align your vulnerability patching based on criticality and exposure.

The most valuable feature of the solution stems from the insight it provides.

Improvement-wise, if it can give the option to patch the updates directly from within the tool, it would be a good thing, which other tools offer currently.

The automation part of the product has certain shortcomings and is an area that needs to be improved. The in-built patching option should be given in the tool so that users don't have to route and export or import the patches and then do it.

The response time and quality of the support needs improvement. It takes time for the support team to understand the issue, and they then respond with a delay at times, which causes a lot of trouble. The support team should be faster and more knowledgeable.

Though the integration capabilities of the product are good, they need to be improved with time.

I have been using Microsoft Defender Threat Intelligence for a year and a half.

Stability-wise, I rate the solution an eight out of ten.

The product is scalable. It scales up with the business. Scalability-wise, I rate the solution an eight to nine out of ten.

The product is used on a daily basis in my company.

There are two to three admins who use the tool. The tool is used throughout my company.

The technical support for the solution is not the best, but it is good.

The product's initial setup phase was neither complex nor easy. There is only a medium level of difficulty with the setup phase, but after that it becomes smooth.

For the product's deployment phase, you should know your environment and make sure that all the devices are onboarded.

The solution is deployed on the cloud.

The solution can be deployed within three months.

The solution is deployed with the help of our company's in-house team.

There is a need to make yearly payments towards the licensing charges attached to the product.

The role of analytics in aiding the incident response process is good. It works completely fine, and our company gets help for it from Microsoft.

Microsoft Defender Threat Intelligence is a good tool others can go ahead with if they want to use it, but they should not expect too much from it in terms of automation, especially when it comes to the patching part. The insights and details are provided in a good manner by the product.

The integration capabilities of the product are good.

In terms of the value derived from the use of the product in my company, I can say that it helps secure the perimeter and other elements of the cybersecurity portion, especially the development areas.

I rate the tool a nine out of ten.