Microsoft Defender for Business Reviews

Microsoft Defender for Business provides end-to-end coverage starting from identity to cloud to data, helping us to position it effectively to mid-market and enterprise customers.

The best features of Microsoft Defender for Business include it coming as an XDR solution which provides automated investigations, remediations, and endpoint detection and response. Moreover, it can be tightly integrated with vulnerability management or detecting vulnerabilities and pushing them to the SIEM solution.

I utilize the advanced threat hunting feature of Microsoft Defender for Business and find it helpful; it's good and improving with every update.

Microsoft Defender for Business integrates effectively with the Microsoft ecosystem as with Azure Sentinel, and it has a two-way natural integration. Apart from that, it also integrates with industry SIEM solutions such as Splunk.

Microsoft Defender for Business could be improved by making the advanced threat hunting available to all plans, as currently, it is only available to one of their plans which is not encouraging. It should be open to all plans because the primary perspective is to secure your environment.

The security data retention is currently quite limited, so it should match up to the industry compliance durations to avoid the need for finding different alternatives to store the data.

My experience with Microsoft Defender for Business spans the last two years.

Microsoft Defender for Business is stable as it is an Azure cloud-native solution. I haven't checked with the non-Azure environment, but in the context of Defender for Business, its cloud-native nature contributes to stability.

The scalability of Microsoft Defender for Business is subjective. While it is linked to the plan being purchased, plan one and plan two are designed for enterprises, the SMB plan is limited to 300 users because the umbrella plan itself is for 300 users.

I would rate technical support for Microsoft Defender for Business as positive since I haven't had a situation where I had to reach out to support, which is a good indication.

Positive

The initial setup of Microsoft Defender for Business is quite straightforward for someone who is aware of the Microsoft 365 ecosystem, making it easy for them to adapt to the implementation.

It takes longer to get a return on investment with Microsoft Defender for Business compared to the competitors.

The pricing of Microsoft Defender for Business has a long way to go since people are still preferring solutions such as CrowdStrike and Palo Alto. The price is obviously on the higher side compared to their competitors, so pricing is not advantageous unless the client wants to completely go with the Microsoft stack.

My advice for people considering Microsoft Defender for Business is that if you are a small and medium-sized organization, I would recommend this solution. However, if you are looking at enterprises, they should consider other enterprise-grade solutions for security for XDR.

On a scale of one to ten, I rate Microsoft Defender for Business an eight.

The primary use cases for Microsoft Defender for Business involve end-to-end protection, including EDR for endpoint detection and response, email security, CASB for cloud security assistant broker, identity security, and Microsoft Entra for identity protection.

I also utilize Microsoft Defender for Cloud for overall cloud security and use all Microsoft security solutions across my digital estate.

I utilize the advanced threat hunting feature. With advanced threat detection, I have a platform to analyze and dig into my logs. Recently, the innovation around advanced threat hunting is the introduction of AI called Security Copilot, which streamlines threat hunting and analysis. Previously, I had to use the query language KQL to analyze logs, but now, I can interact naturally with the AI, and it will write the query for me. Once the AI writes the query, I can run it, saving time for threat hunting and developing junior analyst skills in writing Kusto Query Language.

Because Microsoft Defender for Business is a native solution to Microsoft 365, it has contributed to my organization's proactive defense strategies by saving time on integration. If I were to use a different security solution from another vendor, I would have to manage the integration costs. The integration also helps avoid siloed tools; using different security solutions would require a unified platform, which is not necessary with Microsoft. With the Microsoft XDR platform, I have endpoint security, cloud security, identity security, and email security all in one place, including Microsoft SIEM, which is now part of the Microsoft XDR platform. They introduce AI across these tools, reducing the hours analysts need to spend on detecting and responding to security threats.

I assess the usefulness of built-in threat analytics in enhancing my cybersecurity strategies by considering the attack disruption feature in Microsoft Defender. It automatically neutralizes active alerts and incidents. If an attacker successfully penetrates my organization and moves laterally, the threat analytics can disrupt this attack. It looks at compromised entities and can revoke sessions, enforce password resets, disable compromised accounts, or isolate identities automatically based on the active threat analysis. During a recent penetration test, we utilized an automated tool and compromised certain accounts, and Microsoft Defender identified the lateral movement and neutralized the compromised accounts.

Customizable security policies in Microsoft Defender for Business help me tailor protections to my needs by allowing me to write custom detection rules within the platform. I understand my organization better, including business processes and risks, which helps me build hypotheses about what to look for in my environment. By using KQL, I can execute those custom detection rules for better security detection. Even those who don't understand query language can still build custom detection rules and automation to respond to security threats quickly. Building automation playbooks allows me to execute specific actions swiftly before the analyst reviews everything, saving time in threat response.

I see room for improvement in Microsoft Defender for Business, particularly regarding the consolidation of all security solutions in one place and the integration of AI and data security into the same platform. I want to see more organized asset inventory, including identities, cloud resources, and various network devices. While there has been innovation from Microsoft, I am concerned about the lack of risk quantification across all major security solutions, including Microsoft's. Risk quantification is essential for CISOs to assess, communicate, and translate security risks into financial impacts, which is a challenge for many security leaders today.

I would like to see a clear path for prioritization of risks within Microsoft Defender for Business, especially around vulnerability management. Even though there are features to prioritize remediation of risks based on exploitability, it could be more organized. A clearer structure for prioritizing remediation of risks would help manage them more effectively, as it is impractical to address all risks simultaneously.

I am still working with Microsoft Defender for Business.

I would rate this product an eight out of ten.

I use Microsoft Defender for Business to protect our company assets.

Regarding use cases, there are not so many I have, but two months ago, I had one case where Microsoft Defender for Business detected a cyber attack from the log file. Each Linux system keeps track of logging failed activity on their server, and Microsoft Defender for Business detected that cyber attack and stopped that activity, which is a very good thing.

What I appreciate about Microsoft Defender for Business is that it is from a trusted vendor, Microsoft.

Using Microsoft Defender for Business is beneficial for my company. Although security itself is tough to calculate in terms of cost savings and return on investment, we basically spend money to keep the security.

There are many aspects I do not appreciate about Microsoft Defender for Business. One important thing is that Microsoft is a Windows vendor, and they're a bit far from Linux, which mainly uses Red Hat. Microsoft is not good at managing the Linux platform.

I find Microsoft Defender for Business not stable.

I have been using Microsoft Defender for Business for almost half a year.

I find Microsoft Defender for Business not stable.

I would rate the stability of Microsoft Defender for Business with a three out of ten, where one is very bad.

In terms of scalability, I would rate Microsoft Defender for Business a ten, as I tell customers that Microsoft Defender for Business is already running on their Linux boxes.

The technical support from Microsoft is very poor. I would rate it a one, as their technical staff are very junior and take a long time to respond to simple questions.

Negative

Installing Microsoft Defender for Business itself is very easy.

It took less than 10 minutes to install Microsoft Defender for Business. It was very quick.

Installing Microsoft Defender for Business is very easy, so myself and another technical person are able to handle it.

Using Microsoft Defender for Business is beneficial for my company. Although security itself is tough to calculate in terms of cost savings and return on investment, we basically spend money to keep the security.

I don't handle the pricing of Microsoft Defender for Business as a technical person. However, we manage the costs of updating, installing, and managing Microsoft Defender for Business.

Aside from Microsoft, I am focusing on security and using another security product from Proofpoint.

I would recommend Microsoft Defender for Business to companies that use Microsoft products. However, for companies focused on technology, I recommend CrowdStrike, which is in very high demand and has a strong technology preview.

I am doing maintenance for Microsoft Defender for Business, and I'm currently working with it.

We don't need to use the latest version of Microsoft Defender for Business. We still use the latest virus definition file that Microsoft Defender for Business has automatically updated. We implement a basic update mechanism.

Our compliance division manages how many servers and PCs we have and whether those servers have antivirus solutions.

I am not certain about how Microsoft Defender for Business helps with AI-driven security strategies. I just use it normally and don't know if it uses AI technology.

I rate Microsoft Defender for Business a six out of ten.

Positive

As a reseller of Microsoft solutions, I use Microsoft Defender for Business primarily for endpoint protection across both laptops and desktops. Additionally, the solution is implemented for virtual desktop infrastructure (VDI) and Windows 365 services. I use the solution extensively for enterprise-level protection.

The solution provides a comprehensive dashboard for Microsoft 365, allowing me to view everything from a single interface. Due to its effective vulnerability management and risk protection services, it simplifies operations for my customers and enables them to manage issues efficiently without relying on additional defender solutions.

Microsoft Defender for Business includes both Endpoint Protection Pone and Ptwo features, offering a medium feature set. Its vulnerability management is regarded as one of the best in the industry. 

The solution includes attack-savvy service and risk protection, part of data center management, and offers an effective single-dashboard view with Microsoft 365. It's also appreciated by clients for its cost-effectiveness and ease of implementation.

Microsoft should provide batch management solutions with the application, integrating pass management with roles. 

Right now, Intune has limitations. Additionally, the pricing policy poses a challenge, particularly in multi-year contracts, where other solutions like Trend Micro offer more affordable options.

I have used the solution for about one and a half years.

Over the last two years of use, the solution has proven to be stable, with no customer complaints about its functionality or reliability.

The cloud-based nature of the solution ensures high scalability, earning it a rating of ten out of ten.

Microsoft's technical support is highly regarded. My experience with their technical support has been positive, and it is rated ten out of ten for its quality and assistance.

Positive

The initial setup process is easy. On a scale, it is rated a ten out of ten for ease of setup. The solution is predominantly used on-premises.

The pricing of Microsoft Defender for Business is competitive compared to its peers, though some competitors offer more favorable terms on multi-year contracts. However, single-year pricing remains good.

I would recommend Microsoft Defender for Business to others. The solution is effective, continuously improving, and highly regarded, especially with Microsoft's leadership in the industry. 

I give the overall rating a ten out of ten.

As the Chief Information Security Officer, I am utilizing Microsoft Defender for Business as part of our cybersecurity tool kit. I focused on integrating it with our existing security solutions to enhance protection across our environments.

It elevated by identifying the known threats and help to triage it proactively

Microsoft Defender for Business works well with the Microsoft Azure Security ecosystem, including Defender for Endpoint and Office 365 Cloud. It provides good intelligence by identifying alerts with Sentinel. 

Also, while the Extended Detection and Response capabilities are still evolving, they offer a growing level of maturity.

The threat detection capabilities require significant customization for multistage threat detection. These should be provided as standard features without needing additional customization. Specifically, features related to Advanced Persistent Threat detection vectors and cyber kill chain integrations are not available out-of-the-box.

I have been working with Microsoft Defender for Business for close to one year.

Threat detection capabilities could be improved as there are some issues noticed, although they are covered by other technologies.

I am not satisfied with Microsoft's technical support. There are challenges with the knowledge and experience of the support staff, frequent redirection between departments, and slow response times.

Negative

In the past, I have used solutions like CrowdStrike and Carbon Black for endpoint detection and response. However, CrowdStrike offers superior EDR capabilities compared to Microsoft Defender.

The setup of Microsoft Defender for Business was straightforward and I am pleased with it.

The implementation was straightforward and I managed it well with my team.

The pricing of Microsoft Defender for Business is reasonable and manageable. Although the cost can be slightly higher, it expedites deployment, which is beneficial, especially for startups.

I have considered solutions like CrowdStrike, Carbon Black, McAfee, and Symantec. CrowdStrike and Carbon Black are notably better in terms of EDR capabilities.

I recommend Microsoft Defender for Business to startup organizations looking for a plug-and-play solution. They should be prepared to pay a premium but can effectively utilize the features to optimize their cybersecurity strategy. 

Overall, I would rate Microsoft Defender for Business at eight out of ten.

I use Microsoft Defender for Business in terms of endpoint security.

Integration capabilities enhance the overall security by enabling easy integration with other Microsoft tools.

The most effective features of Microsoft Defender for Business include its threat detection and response capabilities in managing vulnerabilities and ransomware attacks. 

The predictive analysis feature powered by AI is also very useful for security. The integration capabilities are excellent and allow for seamless use with other Microsoft products, enhancing overall security.

Threat protection could be improved even though it is already a built-in feature. Technical support could be faster to respond.

I have been using Microsoft Defender for Business for five years.

The overall stability of Microsoft Defender for Business is rated as nine out of ten, suggesting it is very stable.

The scalability of Microsoft Defender for Business is rated as ten, indicating it is very scalable.

The technical support is responsive, however, there is room for improvement in their response speed. Overall, I rate technical support as eight out of ten.

Positive

I only use Microsoft products.

Initial setup was straightforward, requiring around one and a half hours.

There is a separate engineering team responsible for implementation comprising 22 to 24 engineers.

Using Microsoft Defender for Business results in cost reductions as it consolidates various features under one product, saving around 20% to 30% of the budget.

The pricing is quite affordable at the enterprise level with no extra expenses noted. I rate the price as eight out of ten.

I did not evaluate other solutions before choosing Microsoft.

I would recommend Microsoft Defender for Business to others, rating it as ten out of ten.

I use Defender as an Endpoint Detection and Response (EDR) and as enrichment for investigations. It mainly serves as the EDR and the source of information for Microsoft Sentinel.

Defender's main strength is its integration with Microsoft Sentinel, offering valuable insights. The embedded threat intelligence is helpful, and the tool's ease of use contributes significantly to its value. 

The integration and collaboration between Microsoft Sentinel and Defender enable quick mitigation through connected identifications. This leads to security improvements and reduced time for investigations, offering time-saving benefits.

Pricing could be lowered as it is expensive and not suitable for low-budget organizations. The full suite is on the pricier side. 

Additionally, the completion of the integration within Microsoft Sentinel is awaited and expected to bring more value.

I have been working with both Defender and Microsoft Sentinel together for the past year and a half.

The support from Microsoft is very good, very fast, and intuitive. They are committed to ensuring complete integration and proper product usage. The onboarding support is exceptional, ensuring seamless integration and implementation, and the ongoing support is fast and friendly.

Positive

We considered CrowdStrike, which is excellent. However, we chose Microsoft Defender because of its completeness and the partnership with Microsoft, along with the integration with Sentinel.

The initial setup was straightforward but took a couple of weeks due to our distributed structure. It did not cause many collisions with other applications.

We provide support for Microsoft in general, yet not specifically for Defender or Sentinel.

Definitely security improvements and definitely time saving.

The pricing is very expensive and not for low-budget organizations. The full suite is quite pricey.

I did evaluate CrowdStrike.

I rate Microsoft Defender eight out of ten.

In our hybrid enterprise environment, which consists of on-prem AD and cloud AD, Azure AD, I use Microsoft Defender for Business since we've got the Business Basic License.

Some of the use cases with Microsoft Defender for Business involve monitoring the machines, updating the machines, and troubleshooting threats and things of that nature.

The security features in Microsoft Defender for Business that have been most effective for our company include the way it's built-in and intertwined into all the operating systems, giving us a good opportunity to holistically block things for the organization using that tenant.

The threat detection and response capability in Microsoft Defender for Business has helped improve our security posture, and I primarily use it intertwined with the quarantine feature to pull messages back and utilize threat intelligence for investigatory and response purposes.

Microsoft Defender for Business could improve by offering more of their offerings available in the basic tenants since not everyone has a budget for higher-level licenses, but everyone needs security in their environments.

I didn't configure Microsoft Defender for Business, but I know it's pretty straightforward. I've configured it in a couple of other environments.

For an SMB use case, it would probably take two or three of us to deploy Microsoft Defender for Business, and it wouldn't take much since we have less than 300 users.

I haven't used technical support for Microsoft Defender for Business. I have an open case for close to two months with no responses or updates, except for an email response, and I've made four or five phone calls regarding the Microsoft Interconnect for AD and cloud tenant.

Positive

We haven't seen a significant return on investment with Microsoft Defender for Business yet, as we have been using third-party products to fill the gaps and are awaiting some funding from the federal government to add a few more tools to our security stack.

Our thoughts on the pricing for Microsoft Defender for Business are that we wish it could be better. If the pricing was a little better, we would definitely increase what we currently have.

There are no issues with integrating those third-party products within the Microsoft suite or security, as they're pretty separate. I use command line tools and security scorecard to check for vulnerabilities that aren't cloud-based.

My experience is more with Microsoft Defender for Business products than Purview products. I work in local government while using Microsoft Defender for Business products.

I would recommend Microsoft Defender for Business to other SMBs because it's a good one-stop offering if you have primarily Microsoft products in your environment, providing good cloud sources, flexibility, and compatibility with a lot of common third-party vendor products.

On a scale of one to ten, I rate Microsoft Defender for Business a nine.