Microsoft Defender for Endpoint Reviews

It's an antivirus product, so its main use is to protect us.

This is a really good product, it's user-friendly and offers us safety and security. 

The technical support could be improved. 

I've been using this solution for three years. 

The solution is stable. 

In terms of scalability, we went from 10 pilot machines to 35,000 devices.

The technical support isn't too bad but their responsiveness needs to be improved. I'd say it's their biggest issue. 

The initial setup is very easy, probably one of the easiest onboarding processes I've done. Implementation was done in-house and takes a few minutes per device; click it and go. I deal with anything related to antivirus patching and encryption and we have four cyber analysts that look after whatever comes out of ATP or Defender for Endpoint. 

My advice would be to plan carefully and make sure you take notice of what's coming out because it pushes out a lot of very useful information. It's a matter of having sufficient staff because the amount of information it gives you is phenomenal. If a company doesn't have sufficient resources then any other antivirus might work, but this thing produces so much useful information that if you're implementing this solution it's worthwhile having the staff to deal with it. 

I rate this product 10 out of 10. 

It is mainly utilized for telemetry collection and correlating specific behaviors or reactions to TTPs, IOCs, or indications of compromise. It is used for getting that level of detail. 

It is good for attack surface reduction, which is how you harden your endpoint so that they're less likely to be infiltrated or compromised if you have an operative in your environment. So, it's mainly used for reducing the opportunity for someone to compromise the system but also for rapid detection when that occurs.

Coming from an organization where the EDR wasn't strong, it has always been a case of basically searching through the information you already have and looking for something. It was basically trying to find the needle in a haystack. What the Defender platform does is that it reduces the size of the haystack, and it'll say that the needle is over here. Minutes matter, and it certainly zeros you in on the events that are concerning. It also simplifies the effort of trying to get some kind of correlation of behaviors or actions you see in the environment and confirming if something is benign or a threat.

Something that is unique to Microsoft is its licensing model. When you go out and you buy McAfee or Symantec, you know what you're getting out of the box, but with Microsoft, often, when you're looking to achieve a certain set of capabilities, those capabilities are spread across different products. You might try to do something you could do with CrowdStrike, but then find out that you also need to purchase Microsoft Defender for Identity or Microsoft Defender for Azure. You realize that when they talk about what they can offer within the Microsoft platform, it's really the suite of investments. So, sometimes, you may find yourself buying Defender for Endpoint thinking that it matches CrowdStrike, but then you find that Microsoft really needs to sell you something else. One plus one will equal three, but when you have a very concise platform, such as CrowdStrike, you know what you're going to get.

The other consideration is that because it's Windows native capability, your capabilities are largely influenced by what version of OS you're running. For a small-medium business, it is not a big deal, but at an enterprise scale, there are always Server 2000, Server 2003, Server 2008, Server 2012, Server 2016, Server 2019, and so on. So, you're talking about having six or seven different versions where your capabilities are not consistent between 2003 and 2019. It's like asking how robust was security in Windows 2000 versus Windows 2010. You'd say that they're not even the same OS from a security perspective, and that's crazy. When you buy CrowdStrike, you're deploying an agent, and so you get a fairly consistent set of capabilities that are agnostic to the OS version, whereas, with Microsoft, the capabilities are largely influenced by the OS version. For an enterprise, being up to date is a very big consideration to be successful with the platform. So, it forces your platform to not lag behind. You can't have the old server versions and expect that you've got a robust EDR. Defender shines on Server 2016 and higher, but if you were to do some type of penetration or red teaming exercise on a 2003 server, you'd be better off with CrowdStrike or pretty much anything else.

We've been piloting it for the last six months, and this is what we have selected to implement.

There are no scalability constraints because it's all in the cloud. It's a SaaS. So, they can take on more PCs than any Fortune 500 would even have. The only constraint is that in terms of scaling, the strength of the platform is highly influenced by the OS version. If you were largely using Windows XP and Server 2003, you would not want to choose Microsoft Defender as your suite.

It is fantastic, but sometimes, it could be challenging to navigate. If you buy something like a Carbon Black or a CrowdStrike, you normally have one sales rep and one sales engineer, and depending on the level of support you pay for, you may get premium or platinum support, which means you have a very concise escalation path. With Microsoft, there are 20 different account reps. There is a productivity suite guy. There is a security guy. There are so many different places, which can create some confusion at times, but there is no lack of resources. If you have an issue, there are so many Microsoft employees and reps who are engaged at the enterprise level that once you figure out who to speak to, you get traction pretty quick. So, in summary, because there are a lot more people, their support is really great, but sometimes, having a lot more people can also create confusion in terms of where to go.

It is easy. It is native. They're literally like checkboxes. There is really nothing to package and deploy. If you're at a current version, it is a policy. You just turn on the policy. You go through the setup of installing McAfee on your home computer with next, next, next, and finish, or Microsoft will say, "Hey, we noticed you don't have an AV. Do you want to enable Microsoft or Windows Defender?" You say yes, and you slide the box from off to on, and you're now protected. It is like that. It couldn't be easier. There are things like firewall rules and network considerations that have to happen, but from an enablement perspective, because it is native, it really reduces the burden of onboarding the platform.

We didn't go through a real comprehensive analysis when we made the selection. We did some light touching, but we really did not do some comprehensive analysis between Microsoft and CrowdStrike. 

At an enterprise level, a lot of the stuff is based on relationships. It's not like you're starting from a green field. You look at who is your strategic vendor and who is not. With Microsoft specifically, you always get bundle deals towards your renewals. It's always like if you buy more Office 365, we can give you a discount on Defender and things like that. If you don't have a relationship with CrowdStrike or someone else, it is hard for their rep to speak to your CEO or your CSO, but Microsoft does. They've already got standing monthly meetings with them. So, we've made a determination to go with Microsoft because:

1. The technology is compelling.
2. It is a strategic fit for us. 

I would rate it a nine out of 10.

Microsoft Defender for Endpoint can be used for system protection. For example, anti-virus, malware, and EDR.

The most valuable feature of Microsoft Defender for Endpoint is that it is embedded into the Windows system. Additionally, the performance is good and simple to maintain.

Microsoft Defender for Endpoint is secure but when it comes to security all solutions could improve security.

I have been using Microsoft Defender for Endpoint for a couple of years.

Microsoft Defender for Endpoint has been stable in our usage.

We have more than 5,000 users using this solution.

We are quite satisfied with the support.

We use many solutions in our company, such as Panda, Trend Micro, McAfee, Microsoft, and FireEye.

There is no installation required.

We have a five-person technical team that supports this solution.

The solutions price could be cheaper.

I recommend this solution to others.

I rate Microsoft Defender for Endpoint an eight out of ten.

We have a dedicated team that handles all security-related aspects of the solution, however, my understanding is that the solution helps guard the endpoints in our organization. 

Along with security, there are certain IT policies in terms of accessibility of different sites, which are there in the organization. With everything put together, there haven't been any instances where I have seen any kind of issues such as malware or other malicious event getting through on my laptop. From that perspective, everything is fine. 

The patch updates and version updates are very good. Those happen on an automated basis whenever I'm connecting to the organization network, either through LAN or through the VPN. I never have to worry about anything being out-of-date.

The solution scales well.

I have found the stability to be good.

From a general user perspective, I don't see any further improvements needed. 

The price, in general, could always be a little bit cheaper.

I've used the solution for two years or so. It's not much more than that.

The stability of the product is good. I have not dealt with bugs or glitches. It doesn't crash or freeze. the performance is good. It's reliable. 

The solution scales well. If a company needs to expand it, it can.

We have 1,000 to 2,000 people on the solution currently.

I've never directly dealt with technical support for issues related to Defender. Many years ago I had reached out to Microsoft support for an issue related to Visio, a different product.

The initial setup is straightforward. There are certain automatic patches as well that keep on updating and those automatically install.

I don't recall how long the product took to deploy. When any new laptop or anything is assigned in an organization, all these things are installed prior to coming to us. Therefore, I wasn't actually a part of the installation process. 

We have a few contractors working with the in-house team. There may be around five to ten people. Any maintenance that is needed would be done by them.

The pricing could be lower. That said, I cannot speak to the exact costs involved as I do not directly deal with that aspect of the product. I'm unsure if the company is set up with a monthly or yearly subscription package. 

I'm just a customer and an end-user.

I'd rate the solution at an eight out of ten. I've been very pleased with how it has worked for me over the last two years. 

I would recommend the solution to others, however, I'm just a passive end-users and not as technically involved as those deploying the solution in our company. However, from my perspective, there has never been an issue on my machine with malware and therefore it seems to be doing what it's designed to do.

Microsoft Defender for Endpoint can be used for protecting personal information and file in my organization.

The solution has saved us time by not having to install separate third-party antivirus solutions.

Microsoft Defender for Endpoint is beneficial because we are using Microsoft Windows and all the core solutions are made by Microsoft, such as the authentic platform, operating system, and antivirus protection. It is a heterogeneous environment. We had to use third-party solutions before and update everything separately. For example, the policy for antivirus. With Microsoft Defender for Endpoint, when Microsoft Windows receives updates it will update with it. This is one main advantage of this solution.

Microsoft Defender for Endpoint can improve by making the reporting faster. It takes some time to reflect back to the administration portal of what has been updated. For example, out of 100 Computers, approximately 90 computers received updates, but when you check the administration portal over one or two days, you will only see 75, even though 90 were updated.

I have been using Microsoft Defender for Endpoint for approximately one year.

The solution is stable.

Microsoft Defender for Endpoint has been scalable.

We have more than 200 users using this solution in my organization.

Previously we used McAfee and Symantec Endpoint. Every five years we change the solution. However, this time we changed to Microsoft Defender for Endpoint because we wanted a unified platform.

When you install Microsoft Windows 10, Microsoft Defender for Endpoint comes with it. There is no installation of the solution other than installing Windows 10. It saves time because you do not have to use any new kind of policy or deployment.

We have a team of three that do the management of the solution.

The solution comes free with Microsoft Windows 10.

I rate Microsoft Defender for Endpoint a ten out of ten.

The solution is used for endpoint detection and response, however, it also has vulnerability management. I don't use that as much as the endpoint detection and response. I use it in combination with Cloud App Security and Endpoint Manager.

The most valuable feature is the fact that, if you have the M365 E5, it's included and everything is in the bundle. 

It's a very solid security system and the advanced hunting and everything really lets you dive deep into things.

Overall, they're doing a much better job. However, recently, they added the Azure Defender. When you use the Azure Defender licenses, you're already enrolled. 

I prefer that they had the old interface that was not combined with compliance, and still, they've changed that to make it better. I would just like them to have more consistency, and that's a comment that's across the board with Microsoft. They change things a lot.

I probably started diving into Microsoft Defender about two years ago.

Stability-wise, I have not had another product that has been as stable and has had fewer issues. It's amazing.

The solution is scalable. For example, I helped a 12,000-person company put it in and automated it without any issue.

In terms of technical support, I have not had to call them related to anything on Defender for Endpoint. I'm a CSP, so I'm calling and I'm getting different assistance than, say, a home user. That said, at the same time, it really depends on if you're getting level one or level three support.

The initial setup is very straightforward. There's a lot of people putting it in that don't understand it, however. They're not using device groups and auto-remediation settings.

I do a lot of security reviews as well, and what I find is that, although it works well out of the box, there are missing components. Another thing is that people will basically use the product, and yet, not set up the integrations with Cloud App Security and Endpoint Manager. When they do that, they're not getting the full functionality of it. I, on the other hand, know the system, so I see people often having trouble with it. If people are trained or go through training, they would be able to get the full functionality out of it.

I can't give numbers, however, for the price, when you're increasing from an E3 to an E5 license, the amount of features you get eliminates a lot of other systems. Therefore, you do get a pretty good ROI. On top of that, you only have one management system and one reporting system. Overall, the numbers have been quite impressive.

I don't know the standalone costs. It is my understanding that the M365 E5 is $56 a month or something close to that pricing. That would be for the full suite. Just Defender might be $8 a month. I can't say for sure.

I'm a consultant. I primarily work with Microsoft and I do the threat management and check vulnerabilities on the database. I'm looking for something that is not super expensive yet covers vulnerability management and where you can pick the products, and pick alerts, and you get a weekly digest report, just so that we can better manage everything.

I work with pretty much all of the 365 products. I'm pretty widely experienced in Defender. I work for a managed service provider. I'm one of the people that's, besides having my Microsoft Azure architecture, Azure security, Microsoft 365 expert level, plus M365 security knowledge. I focus on Azure and M365 security.

For Microsoft Defender, the product is cloud-based, therefore it is managed and it's updated constantly.

I would advise users to take advantage of Microsoft integrations. I would suggest that they put it all together, so they can use it as a full bundle.

I'd rate the solution at a ten out of ten.

We use it for endpoint security.

When looking at the ecosystem as a whole, security-wise, Microsoft provides a complete solution with the E5 Security suite. Microsoft has a big advantage because Defender knows how to interact with the CASB and all the other security components that you have. Overall, that makes the management of the environment much easier. It's easier to understand what's going on, to become aware of risks, and to take action.

• Defender has very little impact on the end-user.
• The agent works quite well with a minimal impact on the client and server.
• It's very easy to deploy it.

We did a trial of Microsoft Defender for Endpoint for about three months, and now we are in the process of rolling it out.

We have about 4,300 users of Defender and it took two days to have it fully deployed. With Cortex it took some time. With Cortex, we had some 500 clients that we had to investigate because for some reason they did not get the agent immediately and we had to do some tweaking to get it to all the end-users.

We used consultants for the deployment of both Cortex and Defender.

We gave Palo Alto Cortex XDR a try and we are now in the process of removing it and going to Microsoft Defender for Endpoint. I have experience with both of them.

Cortex has quite good management capabilities that give IT organizations quite a good picture of attempted cyber attacks. It has good investigation capabilities, out-of-the-box, in case there is an event that you'd like to investigate. It's quite convenient. Microsoft has those capabilities as well, but you need a bit more training on the product to get the basic information that you can get out-of-the-box with Cortex.

The onboarding process with Defender is much easier. In two days we were able to deploy it to our whole organization. Cortex is much more cumbersome. But the onboarding process is not the issue. A more important difference is that once you have security risks that you would like to mitigate, Cortex more easily gives you information regarding the threats. Microsoft gives you exactly the same information, but you have to know how to dig a bit more and do some manual steps that, with Cortex, are more straightforward.

The main issue that we had with Cortex, and the reason we decided to roll back and go to Defender, is that Cortex has a horrible impact on the performance of the system. For an enterprise-level organization, it kills the system. Users were complaining that when moving between emails in Outlook it would take a lot of time, creating a lot of delays and timeouts. Web browsing and every action on their computers took much more time than usual with Cortex.

I would rate Defender a nine out of 10, while Cortex XDR is a five out of 10.

We are using it as the antivirus as well as the malware protection.

We have not had any attacks, in terms of viruses, worms, or ransomware, in the last three years.

The impact of the solution has been minimal. Employees can work with any interruptions.

The folders and files protection are its most valuable features. These have been valuable because of the increase in ransomware attacks. With these two features, I can ensure that no changes have been made to our system or endpoint folders and files without the user being aware.

I wish they would extend the use of the Security Central portal, even for the free option of Defender. Because, as companies grow, it is labor intensive to manage the AV and detection part of it. For companies already subscribed to Office 365, I think this would be a good enhancement.

I have been using it for three years.

It is quite stable. We have not had any cases, i.e., viruses, that would require a reboot, etc. We have never had a situation where we needed to reinstall the tools as a result of the Defender application or a feature being corrupt.

Four IT support technicians are responsible for administrating Microsoft Defender in our organization. They make sure that upgrades and updates are done in a good timeframe.

Its scalability is good enough. As long as you deploy the OS, you will keep on deploying Microsoft Defender automatically. This is a good option.

We have about 375 endpoints.

I have never used their support.

Before Microsoft Defender, we were using Bitdefender. Before Bitdefender, we were using McAfee Symantec.

We switched to Microsoft Defender because there was a change of ownership for the company in 2017.

We went for Microsoft Defender once we were informed that it would be part of our Office 365 package. So, we combined the licensing for the OS with Office 365. Yeah. We thought it was a good bargain.

The initial setup was straightforward.

The deployment takes a maximum of half an hour.

We have seen ROI. Most of the other competing alternatives will cost up to around $30 per user device. We average 400 devices. Therefore, the amount that we save each year is 400 times $30.

We have been using the free version.

Microsoft Defender is good enough as long as you ensure the environment is well-patched and secure, then even the free option will be sufficient to take care of the entire ground.

We are not looking to increase usage at the moment because of the underlying economic situation.

I would rate this solution as nine out of 10.