Microsoft Defender for Endpoint Reviews

We use it for security purposes. It provides important security for some critical systems, such as network devices.

For securing access, USB security helps us block our USB ports and that ensures that users do not plug USB drives into their computers.

In addition, our efficiency in the way we handle our processes has been improved because the solution automates routine tasks and helps find high-value alerts.

It has also saved us a good amount of time, something like 15 percent, while decreasing our time to detect and our time to respond, each, by 5 percent.

It automatically detects intrusion and malware.

It's also easy to use. The interface is user-friendly and the navigation is 
not difficult. It is very easy to move from one hyperlink to another, to move from one solution within the platform to another solution.

And in terms of categorizing the info and the actions that need to be done, it helps you to prioritize threats. That is very important.

The time it takes to restore the application could be improved. It has a lot of dependencies. It's not like the Microsoft security that comes with the OS. Updating through the command prompt, most of the time, it takes some time to download some of these dependencies. They need to make the download of the dependencies more efficient.

I have been using Microsoft Defender for Endpoint for more than five years.

The stability is okay.

It is scalable. We use it for multiple departments, teams, and locations. We have over 5,000 users.

I would rate Microsoft's technical support at seven out of 10, because of the time it takes them to respond. But when they finally respond, they give us complete attention and things are resolved within the SLA.

Neutral

Before Microsoft Defender for Endpoint, we were using McAfee.

We constantly get updates from Microsoft that are light and they don't really affect us while we're working. The updates have been very helpful.

I would recommend Microsoft Defender for Endpoint.

We use a package of Microsoft security products, including Defender for Endpoint, 365 Defender, Sentinel, and Defender for Identity. You can integrate them with a few clicks. They work together natively, and Sentinel provides advanced monitoring, so you know everything happening in your environment.

It's essential to have one space where you can manage all these solutions together because security can be complicated. It makes it that much more complex to have to navigate to a different portal for identity, email, etc. It's crucial to have a single place to manage all your security operations, so you don't have to move around. 

We started with endpoint protection, where you install an agent on your client with a sensor already built in. Once you have that agent installed, the endpoint can report to the Microsoft security portal. You'll be able to see the device onboarded on the portal using some scripts, and you can monitor most of the vulnerabilities. You can also detect, respond and remedy security vulnerabilities from the portal.

We added email protection by setting policies that will analyze our email. It analyzes our links and attachments to see if there's malware attached. We move ahead to use Defender for Office 365. We also moved forward with Defender for Cloud, and the solution for our workloads, like VM, our network security group, etc. There is another one called Defender for Identity that lets us manage our on-premises and cloud identity from a single portal.

Many of our users are on older operating systems and browsers with vulnerabilities that harm the environment. An attacker can take advantage of those old browsers to access the infrastructure. Defender for Endpoint lets us identify those browsers with vulnerabilities and resolve the issues. We can also find processes that we didn't initiate and stop them right away.

Defender helps us prioritize threats from the security portal. It shows us the dangers that matter the most to our own organization and which threats we should address first to achieve the most significant improvement in our security posture. 

We can manage Defender for Endpoint and Defender for 365 from the same integrated security portal, and it's user-friendly. Microsoft is much more user-friendly than Sophos. 

Microsoft covers every aspect of security and the global challenges we face. The biggest threat today is identity and access management. If someone has access to your identity, they can access much of your technology. They have solid solutions for identity, email, and cloud. I don't think there's anything Microsoft left out. Microsoft has your security environment protected. 

Sentinel enables you to ingest data from your entire ecosystem from on-premise to the cloud. It has single sign-on technology, so you can use your account from your on-prem to sign on to the cloud and vice versa. A user doesn't have to remember a lot of passwords.

Sentinel's data ingestion is essential. Security tasks can be tedious. It's great to have technology that lets you integrate all your data from different sources. You can also incorporate data from other clouds, not just Azure. You can have data from Azure and on-premise. 

So far, Sentinel is one of the most comprehensive SIEMs I've seen. They have even added this XDR. Sentinel doesn't just do SIEM and SOAR. It also covers XDR. The automation is there, so you don't have to do much work. The automation helps you look at the activities behind all this data and correlate them to see the relationships. It gives you information at a glance to see if there is a relationship between these various data sources. 

Defender saves us time. A task takes typically three days and could be accomplished in one day using Microsoft technology. With an on-premise network, you need to switch between portals on all your network devices, but you can achieve that from one portal. You can set policies that will block traffic to your infrastructure, so it saves time. The advanced threat protection using AI has also reduced our detection time. 

We've also saved money. We previously managed the technologies on-premise, so we had to maintain the solutions ourselves. We spend less using Microsoft cloud technology because we don't need to pay for those extra features. We only need to pay for operational expenses. 

We don't have to go to the affected devices when we see a security vulnerability from the portal. We can respond to those issues and resolve them using an endpoint management solution, like Intune. When we resolve a security issue, it takes a week to see the score, but we see the results immediately.

I like the security score that you can see from the portal. You can see the list of the vulnerabilities, and the security score tells you how well your organization is managing those vulnerabilities. It's a strong feature that helps improve your security operations.

Another helpful feature is the recommendations. The portal will guide you on how you can resolve those issues from your own endpoint. This feature is great if you don't have that kind of experience. It will help you understand the technology better and improve your security posture. 

Defender provides useful alerts and groups them. It sends an alert to your portal if it detects any malicious activity, and you can group multiple alerts to form an incident. 

I would like to see Sentinel better integrated with the rest of the security technology within one portal. 

I've been using Defender for more than a year.

I rate Microsoft support seven out of ten. I had some cases a while back and told an agent my issue. When I called the next day, I had to explain everything again to a different person, so I found it annoying to repeat myself all over. 

It would be helpful if they had some coordination between their support, so we don't have to repeat ourselves. They should be able to transfer your details from one agent to another. 

We previously used Sophos.

Defender doesn't cost that much. When you use Microsoft technology, you can start with the free version and see how much the technology helps your organization solve security problems before you use the subscription. They also do this pay-as-you-go model, so you only pay when you use it. 

I rate Defender for Endpoint nine out of ten. It's great. I don't have anything negative to say about those technologies. They are serving their purpose.

Our use case is for financial groups and we use it to control malware, as well as for antivirus. Our focus is on using it as an endpoint solution, but we cover the older servers too.

Of course, we integrate Defender with Microsoft Defender Security Center and the Microsoft compliance score. We use these tools to check the maturity and to guide our clients in using the solution better. The result is that we see growth in security maturity.

When we need to create a new server, we follow certain steps. One step is activating the extension from within the server and using that to check and monitor, in a centralized console, the health of the server. Defender also provides additional information about vulnerabilities and opportunities to increase the overall security.

For example, it will tell us if a library being used has any vulnerabilities. This information is very important for us and for our clients. They use this information to go back to their developers and request fixes. Or it may identify a problem with something in a client's application, where they need another version to mitigate it. And again, when they apply the new version, we can check it using Defender to see if the vulnerability has been resolved.

The anti-malware feature is mandatory for us.

Also, we use policies to mitigate vulnerabilities, but the final compliance score from Microsoft shows us what level the client is at and what level is needed to achieve better results and increase security policy maturity. The integration of Defender, Security Center, and the Microsoft compliance score, is the feature we use most to share the results with our clients and to create a roadmap together.

I would like to see integrations with other products, such as Spunk and other CM solutions. That would create possibilities for me, and for a SOC, to consolidate all events in an older console, not one provided by Microsoft but provided by a third party, and use it to create more insights. Examples of such insights might be the need to create a new policy or the need to mitigate an attack happening now. This type of ability would create a new business case, one that doesn't only use Microsoft solutions.

I've been using Microsoft Defender for Endpoint for two years.

The scalability is amazing. Using Azure, the sky is the limit. You just need to understand the business case.

In some cases our clients have small environments, but in other cases they have big environments. Large clients may have 1,000 agents running. But as a consulting company, we work with many types of businesses and many environments of different sizes.

As I mentioned, if the client requests an integration with some third-party tool, we may need to use another tool or develop something to make this possible. But in most cases, you don't need to do so. You just activate it and check if your policy will apply or has already been applied to the server.

We have no problems with Microsoft's technical support. My team resolves level-one and level-two problems, but when we need to check something directly with Microsoft, when it's a level-three issue, we open a ticket and talk with the engineers.

Positive

It's so easy. All activity is in the cloud, for deploying the agents and policies. It's not complex.

You just click, one-two-three, and it's working. In some cases, the deployment takes minutes. If the client needs a particular window or has a critical application running on their machine, it takes more time because of that machine's situation. But in general, it just takes a few minutes.

The harder part, following this, is you need time, like with other tools, to check the events. The tool will provide some insights, but you need to understand them, and after that, share them with the client or with those responsible for taking action.

In addition to Azure, we have partnerships with AWS and Google. We focus on security and use Kaspersky as well. It's all according to the business case. We take the time to understand the business case and then build a draft solution, check it with the client, and after that, we choose the best tool, given the budget available from the client. We create one, two, or three options and the client selects what is best for them.

The main difference between Defender and Kaspersky is the scalability and the installation and deployment process which, with Defender, is so easy.

My advice regarding Defender is the same for any other security solution: Check what you need, what types of logs and whether you will consolidate these logs in another tool. What type of knowledge will you bring from those tools to create and apply new policies and anticipate security problems?

Always check your needs with the business case. Aligning them will help determine what you need to buy. Check inside Defender to see what you need to activate. Every new feature you activate inside the cloud is billed and you need to understand if you really need each feature.

Defender has some effect on the endpoint itself but it does not change the user's work processes. It is a single tool on the endpoint to monitor the activities that happen there, but it does not affect the end-user.

But you need to understand the limitations. There are some limitations with Defender when it comes to non-Microsoft solutions. But that's not unique to Defender. It's the same with every tool. You need to understand its limitations.

What I found most valuable in Microsoft Defender for Endpoint is that it's out-of-the-box, which brings more value to the customer. The technical support for the product is also one of the best parts, because it's good, in terms of the product knowledge of the technical engineers.

In Microsoft Defender for Endpoint, the devices still need to mature a little more when compared to other AV solutions. Microsoft Defender for Endpoint is not as robust, and you cannot customize it much, so that's a challenge. These are the rooms for improvement in the product.

Microsoft Defender for Endpoint is still being improved. I would say it's still in the development stage. Daily, Microsoft is getting feedback from the customers, so they are modifying the product based on the feedback and requirements of the customers. It's an ongoing process, and as a consultant, I'm in a much better shape, from a consultant point of view, in terms of speaking with customers.

What I'd like to see in the next release of Microsoft Defender for Endpoint is a single console where you can manage all the policies, Intune, and the EDR capability that can be managed through Intune. There should be a single portal for that to make it more convenient for the security consultant engineer to work with. Right now, I have to hop between different controls. Even the tenant attach feature needs to become more mature in Microsoft Defender for Endpoint because it's just very basic. The concept is good, but it's very basic, so it requires more effort for the engineer to configure.

I've been dealing with Microsoft Defender for Endpoint since 2018.

Microsoft Defender for Endpoint is a stable product.

Microsoft Defender for Endpoint is a cloud solution, so it's always scalable.

Technical support for Microsoft Defender for Endpoint is good, and it's the best part. Microsoft knows that the product needs some development, so they're working on improvements, but all the technical engineers I've worked with so far are very technically sound and they know the product.

The initial setup for Microsoft Defender for Endpoint is straightforward, if you are aware or have knowledge of it. For example, it's easy if you have gone through all the phases of setting up Microsoft Defender for Endpoint when it started as a manual deployment, manual configuration, then it came through GTO, then SSCM, then Intune, and now SMM. If you have gone through all the phases of deployment, then you know where you need to go and where to change the settings.

If you just started with Intune, or you're dealing with a combination of Intune and a firewall, the initial setup won't be as easy. It could be challenging for a newcomer, because you do not have much experience with Microsoft Defender for Endpoint, but they'll give you good support, and they'll try to resolve the challenges that come up when setting up the solution.

Pricing for Microsoft Defender for Endpoint is competitive. Out of the bundle, you will get a lot of security, if I talk about Microsoft E5, for example, and get a lot of benefits. If the customer goes and purchases a different solution, it will cost more, so pricing for Microsoft Defender for Endpoint is quite reasonable at the moment. There isn't any challenge in terms of pricing, for example, I didn't see a customer who pulled back because of the price. Some prices could be negotiable, and sometimes, as a sales point, the two become negotiable, but they don't bill one and pull back because of the pricing. If you have an E5 license, you get everything.

Customers don't worry about the prices too much, because what they're a little bit worried about is the complete capability of Microsoft Defender for Endpoint in the endpoint security space when compared to other legacy solutions such as McAfee Endpoint Security and Symantec End-User Endpoint Security that are quite mature enough in this market, as seen on Gartner. Sometimes the customer is reluctant to move to Microsoft Defender for Endpoint, but not because of its price. I didn't have customers who questioned the pricing for the solution.

I'm currently working with all these solutions: McAfee Endpoint Security, Symantec End-User Endpoint Security, and Microsoft Defender for Endpoint, because I'm a consultant. I'm not a customer. I do use it, and the organization I'm in uses it, but I'm a consultant to the customer. I do pre-sales and look into any of the technical aspects of Microsoft Defender for Endpoint.

In terms of comparing Symantec End-User Endpoint Security with Microsoft Defender for Endpoint, they both work, but in different ways and they have different approaches. Microsoft Defender for Endpoint doesn't have HIPS, while Symantec End-User Endpoint Security has HIPS. Microsoft Defender for Endpoint has ASR rules which are compulsory, but there are some activities that Microsoft Defender for Endpoint can't do in an environment, particularly if it is an air-gapped network. In an air-gapped network, which is very secure, my team can't open the internet, and Microsoft Defender for Endpoint fails in that, despite being an EDR solution, because it's cloud-based and it doesn't work there. Microsoft still doesn't have any solution for mitigating the air-gapped network.

My advice to people looking into implementing Microsoft Defender for Endpoint is to do it very fast because the tool is changing very rapidly, so if you are a novice and you are just learning, what you learn might get changed in the next quarter. Some of the functionality might get changed, so you need to keep up with the changes, and you need to learn quickly and implement Microsoft Defender for Endpoint fast.

My rating for Microsoft Defender for Endpoint is seven out of ten.

Normally, we use the solution for our workstations.

The solution is quite stable.

You get online privacy. It also protects the machines from malware and trojans.

It's a scalable product.

It is a straightforward setup.

There is always room for improvement. They can improve it on the online protection front since people nowadays are moving online and working from home. That would be a good thing to focus on. 

I've been using the solution for one year. It hasn't been that long just yet.

The product is very stable and quite reliable. There are no bugs or glitches. It doesn't crash or freeze. The performance has been good. 

The product can scale well.

Around 15 people are using it in our organization. 

We may increase it in the future. 

I can't recall ever contacting support.

I'm also familiar with Kaspersky. We were previously using ESET.

The initial setup is quite simple and quite straightforward. It's not overly complex or difficult. 

The deployment is fast. It only takes a minute or so.

You only need one person - an engineer - to manage the product once it is up and running. 

We handled the initial setup on our own. We did not need any consultant or integrator help.

We pay annually for a license. 

I'd rate the solution seven out of ten.

It's an antivirus product, so its main use is to protect us.

This is a really good product, it's user-friendly and offers us safety and security. 

The technical support could be improved. 

I've been using this solution for three years. 

The solution is stable. 

In terms of scalability, we went from 10 pilot machines to 35,000 devices.

The technical support isn't too bad but their responsiveness needs to be improved. I'd say it's their biggest issue. 

The initial setup is very easy, probably one of the easiest onboarding processes I've done. Implementation was done in-house and takes a few minutes per device; click it and go. I deal with anything related to antivirus patching and encryption and we have four cyber analysts that look after whatever comes out of ATP or Defender for Endpoint. 

My advice would be to plan carefully and make sure you take notice of what's coming out because it pushes out a lot of very useful information. It's a matter of having sufficient staff because the amount of information it gives you is phenomenal. If a company doesn't have sufficient resources then any other antivirus might work, but this thing produces so much useful information that if you're implementing this solution it's worthwhile having the staff to deal with it. 

I rate this product 10 out of 10. 

The stability has been good so far. 

If I compare its features to the other solutions in the market, it has some good features. It's comparable to others.

The solution can scale as needed. 

In India at least, it seems to be a bit more expensive than other options. 

I've just recently been introduced to the product. I haven't used it for very long. 

The stability has been fine. There are no bugs or glitches and it doesn't crash or freeze. 

The scalability has been great. If you need to expand, you can.

I have never needed to contact technical support. I can't speak to how helpful or responsive they are. 

The pricing is a bit high for the Indian market.

We are a partner and we consult clients on security solutions. It's one of the solutions we take to our clients.

For companies that are Microsoft shops, I would recommend the product. It saves a lot of integration requirements as compared to other solutions. It's a good product that does what it says it will do. 

I would rate the product a seven out of ten. There are improvement opportunities in terms of the overall tech and commercial aspects of the product. It needs to be more competitive and technical. 

We are using Microsoft Defender for Endpoint with advanced threat production. Microsoft's enterprise mobility and security suite fulfills a large number of security strategy requirements for our organization. We are going to use this solution for identity production and for endpoint security.

It's a hybrid setup. The advanced threat protection only comes from the cloud intelligence engine. That's something of a new experience for us, but the rest of the components will be on-prem. We are using Microsoft's cloud. 

The whole suite of security enhancement doesn't just include Microsoft Defender. It also covers many of the features that come with the Windows Enterprise version. With this option, we are actually upgrading to the Enterprise version as well and unlocking those security features which are not available in Windows Professional. Microsoft Defender is a whole suite, which is simply not comparable with a usual anti-virus, anti-malware product.

In terms of the architecture of the management infrastructure, we found that other technologies are more simple. Microsoft Defender could be simpler too. Plus, Microsoft's philosophy is that they leverage the technology they have already built in Windows or any other services within Windows. So, it is good from that standpoint, but it also becomes a bit cumbersome when it comes to the dependency. Having dependency on many things can be a weakness sometimes because you add up more points of failure to the services. Whereas the other vendors are doing the limited thing, and that's why they're not comparable in prices, but their solutions basically aren't dependent on Microsoft's other services or anything else. They're more dependent on their agent. With Microsoft, it is not just the agent. It is the operating systems that aren't working well. The technology won't give you the desired output.

So, that's something that Microsoft may need to improve: making services more independent wherever possible. That's something of their philosophy. When they build something on their OS layer, they add on technologies, and then there's something for the ISV. That's their strategy, but we keep arguing with them that they have to compare the dependence as other vendors are doing.

From the Microsoft end, the design working depends on the health of other services and other components of the operating system. Whereas if you compare it with the Symantec technology, just the agent health has to be there. That's the case with McAfee as well. They build up their products on developed agents only.

We did the POC around 18 months ago, and then we consolidated our findings. As per the organization procedure, we proposed to the committee and then got the recommendation to move on with the pilot and decide the future roadmap.

Microsoft Defender is just one part of the advanced risk protection and advanced malware protection functionality that comes with the Microsoft product. It came with a lot of security, advisories, reviews, and consultancy during the last couple of years. There was a stack of 15-20 requirements that we had to fulfill, like mobile device management and identity protection. We found that Windows Defender meets most of our requirements.

We have had good experience with tech support so far.

We have a direct support agreement with Microsoft. One of the major reasons for moving from the current endpoint security is the support. The quality is not up to the mark. That's something incomparable with the kind of support Microsoft provides.

I would give Microsoft's support a 5 out of 5.

In terms of the technical aspect, I'm the lead of the area, which actually takes care of endpoint management, and we have been using Symantec products for that purpose. We have evaluated Microsoft Defender and Microsoft security products, and we are going to switch over to that product. We found that  because the endpoint devices are based on Microsoft Windows devices and Windows Defender is integrated with the foundation and the core layer, it makes it more integrated and more agile in terms of responding to any security threats or changes or development, whereas compared to the other vendors who develop anything on top of that platform, they're always lagging behind.

Symantec support is very pathetic. They are very methodical. They're very slow. We seldom find them providing solutions to any incident or issue in a reasonable time. It can take from days to weeks. In the case of Microsoft, their resolution time is reasonably faster than Symantec. Even in the case of VMware and Redhead, Microsoft stands on top of all those vendors.

I wouldn't say the setup is easier than other solutions but it's not bad. It's almost equivalent to what we have been using currently, but the strength comes in what it does and how it secures that part. The setup is similar to the other competitors. For Symantec, we use their endpoint manager deployment and then a deployment across the sites and branches.

We are doing deployment with Microsoft's tech support. But for the implementations and rollout of technologies, we have seldom used Microsoft. We have our own technical team who are trained and who keep on updating on their skills, and we continue to inject new resources to the team as well. When a new technology comes in, then we do a combo, whereby the in-house team actually learns with the local authorized partner.

Microsoft Defender is not comparable to a single endpoint security product, like Trend Micro, Symantec, or McAfee. Because of that, the price is higher than others because it is doing more than what the others are doing.

I would rate this solution 7 out of 10.