Microsoft Defender for Endpoint Reviews

My main use case for Microsoft Defender for Endpoint is endpoint protection generally right now, but we're branching into cloud.

I really appreciate that Microsoft Defender for Endpoint is available everywhere with hooks in all the right places.

The features of Microsoft Defender for Endpoint benefit my organization by providing basic protection and having it available everywhere from day zero when we deploy the hardware.

You'd have to ask the daily drivers on Microsoft Defender for Endpoint for improvements. More hooks and more reporting would be beneficial. More proactive reporting would be ideal.

I have been using Microsoft Defender for Endpoint for about five years.

I have not been made aware of any downtime, crashes, or performance issues.

Microsoft Defender for Endpoint scales very well with the growing needs of my organization.

As the organization grows, all of our endpoints are covered, and the process has been easy because it's already there. We already have policies in place that scale well.

When we've engaged customer service and technical support, they've been responsive.

On a scale from one to ten, I rate customer service and technical support an eight. The questions we come to them with are somewhat unusual, so it's probably not entirely fair. I give them an eight because it's high and good, but sometimes getting bounced around between the time zones is frustrating.

Prior to adopting Microsoft Defender for Endpoint, I was using another solution to address similar needs.

The previous solution was Symantec endpoint protection, and the tech overhead and management overhead were the factors that led me to consider a change.

I was not involved in the pricing, setup costs, and licensing experience.

What worked well was that it all worked pretty well. Getting our heads wrapped around it initially was probably because we didn't involve Microsoft when we had questions. We're stubborn, so we wanted to figure it out ourselves. I can't think of anything that really stands out as difficult.

As far as man-hours, I've seen return on investment with Microsoft Defender for Endpoint. I can't speak to pricing or licensing, but in terms of man-hours and ease of manipulation, the ROI is there.

I was not involved in the pricing, setup costs, and licensing experience.

I considered several solutions before selecting Microsoft Defender for Endpoint whose names I can't recall, but Symantec again comes to mind. We looked at another Symantec product or the newer Symantec products, and several others including Carbon Black.

I don't have any experience with the automatic attack disruption feature in Microsoft Defender for Endpoint.

I have not integrated some or all of these products.

I am not aware of using the security exposure management feature to help optimize our security configurations, but our cybersecurity department might be.

Microsoft Defender for Endpoint has helped free up my SOC team to work on other projects and tasks.

The automated reporting and dashboarding has saved them a lot of time, amounting to several man-hours.

Microsoft Defender for Endpoint has helped reduce Mean Time to Remediate.

In terms of man-hours, tens and hundreds of man-hours have been saved because of the automated reporting and alerting.

My experience with deploying Microsoft Defender for Endpoint is very straightforward. It's already there, and policies are very easy to manipulate and deploy.

I evaluate the stability and reliability of Microsoft Defender for Endpoint as good. It's been great.

My advice to other organizations considering Microsoft Defender for Endpoint is to go with it. Stop fighting it and move forward. You're wasting time otherwise. I gave this review a rating of ten.

The main use case for Microsoft Defender for Endpoint is that today, most everything needs to be secure, and endpoint security is very critical because we work on there. Most of our customers use Microsoft Defender for Endpoint to protect their endpoints and avoid any cyber threat and cyber attack.

One of the best features of Microsoft Defender for Endpoint is called Threat and Vulnerability Management, TVM, which provides real-time visibility of vulnerabilities and misconfiguration at our endpoint level and helps prioritize and remediate based on risk information.

The rest of the features such as automatic investigation, remediation, and attack surface reduction, along with cloud security analysis, are also quite good. The best part about Microsoft Defender for Endpoint is that we don't need to install any agent as with other EPP products. Microsoft Defender for Endpoint is very good because the agent is already onboarded at the Windows OS level, eliminating the need for additional agent configuration.

Microsoft Defender for Endpoint is very good, but one suggestion is that in some products, we may need to configure security-related settings, whereas Microsoft Defender for Endpoint works completely differently, providing automatic recommendations and actions that we may need to perform ourselves.

Regarding the pricing of Microsoft Defender for Endpoint, during the last three years, we set up the product and sold it, but we faced difficulties because Microsoft pricing is always the same. For example, whether I purchase Microsoft Defender for Endpoint for one year or for the next three years, the pricing remains constant with no discounts available. In contrast, competing products offer reduced pricing for long-term commitments, which makes it difficult for us in that environment. Microsoft should consider this option to remain competitive, but otherwise, everything else is fine.

In my working experience with Microsoft Defender for Endpoint, it's around more than three years, and during this time, we are using Microsoft Defender for Endpoint for our customers.

The stability of Microsoft Defender for Endpoint is generally good; however, in my region of Myanmar, which is a developing country, many organizations cannot afford licensed software and sometimes use cracked versions. This can lead to difficulties when installing Microsoft Defender for Endpoint, as it may terminate those cracked applications, but that aligns with Microsoft compliance which mandates that everything should be licensed.

Overall, the product is stable, but there are challenges for small companies that aren't compliant. For customers who are compliant, everything works fine.

In terms of scalability, since Microsoft Defender for Endpoint is also a cloud product, its scalability is very good, and we never face any issues regarding scalability. Therefore, we can confidently say that it is scalable.

My experience with customer support from Microsoft is very good because we are Microsoft partners, and whenever we face problems, we contact Microsoft who tries to help us. Generally, customer support is good, but sometimes we encounter engineers who don't sufficiently address our problems. When that happens, we request to transfer the case to another engineer, which typically resolves our issues. Overall, I would give customer support a rating of nine out of ten.

Positive

The initial setup of Microsoft Defender for Endpoint is very straightforward, with nothing too complex. Based on my experience, we onboard all devices first, see the recommendations from Microsoft Defender for Endpoint, and then continuously improve, which allows us to manage security services for our customers. The implementation and continuous improvement actions are not too difficult; it is very straightforward.

We use a Zero Trust approach according to Microsoft best practices, so we follow the Zero Trust approach of never trust and always verify. I rate Microsoft Defender for Endpoint a ten out of ten.

On-premises

Microsoft Azure

My main use of Microsoft Defender for Endpoint is to manage a lock service for our clients in Germany, where we triage alerts, work on incidents, and conduct incident response. We use a significant portion of the capabilities, although unfortunately not all of them, but I'm working toward that goal.

The most likable feature of Microsoft Defender for Endpoint is the sheer number of features and data it provides. I believe there's nothing I can't find with the telemetry it has, and I've never had an issue when analyzing an alert where I was missing data from the data source. It's simply a lot of data, a lot of features, and a lot of possibilities for what you can do, and I appreciate the variety and possibilities that Microsoft Defender for Endpoint offers. 

Microsoft Defender for Endpoint has benefited my organization through alert aggregation in incidents and its great coverage, especially since we also work with some other EDR tools which are not as effective in the identity sense with identity attacks. Microsoft Defender for Endpoint has really great coverage, allowing us to catch many incidents with our customers where users were compromised, CEOs were compromised, and where we were able to act swiftly to remove the attacker just a few minutes after it happened. 

My experience managing the unified endpoint settings in Microsoft Defender for Endpoint is progressing, as it's continuously improving, although there are still some things where I think they don't quite match up or are a bit hard to find or understand. I think it's getting much better, and I appreciate it a lot, although I still believe there are some things that could be improved, and I hope they will be on the roadmap someday so I can be extremely happy. 

I think Microsoft Defender for Endpoint is a great product that can be even better. I believe if Microsoft makes some changes or progresses further on the roadmap, there will be no product that can challenge Microsoft Defender for Endpoint, particularly because of its integration with Entra ID and the Microsoft ecosystem. I hope they reach that point and take one more step to make the perfect product, as right now it's a really good product.

I have been using Microsoft Defender for Endpoint daily for two and a half years without interruption.

I used Microsoft customer service in the past where I opened tickets, and those were most of the time resolved incredibly quickly, although I also had some instances with back and forth due to lack of communication, but most of the time it worked and the issue got fixed.

Neutral

I have considered other solutions in the service with our customers, and we have some internal disagreement because there are people who prefer Palo Alto Cortex. I'm trying to find new ways to demonstrate that Microsoft Defender for Endpoint is the superior product because I discuss this with my colleagues every day.

Microsoft Defender for Endpoint has helped us immensely, especially with attack disruption, as it has made us faster. The possibilities of tuning alerts, whitelisting alerts, and doing automations have helped us greatly in bringing the number of false positives down, allowing us to focus more on the true positives. Microsoft Defender for Endpoint has great capabilities to automate tasks and enable us to do more with our time. 

For Microsoft Defender for Endpoint as a solution, I would rate it an eight point five, a strong eight point five, as I think there are still things that can be improved. If I have to round the rating for Microsoft Defender for Endpoint, I would give it a nine, but only because I'm a true advocate and really appreciate it, as I see the potential. I gave it a nine because they only receive full marks if they build the features that I want them to implement. My overall review rating for Microsoft Defender for Endpoint is nine out of ten.

Microsoft Defender for Endpoint is used for Windows PC security.

The features I like the most about Microsoft Defender for Endpoint are the scanning capabilities.

Microsoft Defender for Endpoint has helped free up the SOC team to work on other projects and tasks.

The end user can whitelist some applications, and it goes to the system admin to approve. I believe this is how Microsoft Defender for Endpoint can be improved in the new release.

I'm not sure if we are using the security exposure management feature to optimize our security configurations.

We have had reports where users experience slowness on their PCs when files are being scanned regarding the stability and reliability of Microsoft Defender for Endpoint. Apart from that, there is nothing else.

I have not experienced any downtime, crashes, or performance issues.

I think there is good potential and capability for Microsoft Defender for Endpoint to scale with the growing needs of my organization.

We have expanded usage, and the process of expansion was easy.

Average describes my evaluation of customer service and technical support.

On a scale from one being the worst and ten being the best, I would rate customer service and technical support a five.

I give it a five because even though the questions are answered, sometimes it takes a lot of time. It's not that quick, and sometimes they'll say they don't know the answer and need to escalate it to the next level.

Neutral

Prior to adopting Microsoft Defender for Endpoint, we were using Symantec antivirus to address our needs.

We have moved away from other third-party antivirus because these features have provided us with a cost benefit.

Easy describes my experience with deploying Microsoft Defender for Endpoint.

I did not face any challenges.

Because it comes with the E5 license, I don't think we have many concerns about the pricing, setup cost, and licensing.

I considered Symantec and Microsoft Defender for Endpoint before selecting Microsoft Defender.

Positive aspects stood out in my evaluation process when comparing my options.

Good describes my experience of managing unified endpoint settings across both security and IT teams with Microsoft Defender for Endpoint.

I have no idea how much time was saved.

I cannot quantify if Microsoft Defender for Endpoint has helped reduce mean time to remediation, or MTTR.

Cost is the factor that led me to consider a change.

My advice to another organization that's considering Microsoft Defender for Endpoint is to go for it. I give this product an overall rating of eight.

Public Cloud

Microsoft Azure

I mostly work with a cloud solution when it comes to Microsoft Defender for Endpoint. My customers choose a hybrid cloud when it comes to their implementation of Microsoft Defender for Endpoint.

It is straightforward for me to implement Microsoft Defender for Endpoint. Deployment time for Microsoft Defender for Endpoint depends on how accessible the system is from remote; for implementing and testing, most of the time is finding out which group policy has to be deactivated from the customer side to allow real-time processing and so on, and implementing is about five to ten minutes per system.

I find Microsoft Defender for Endpoint easier to implement because it is in other Microsoft products, so we can implement it in Intune, and we have a better overview of all the systems, in which state they are, if they are compliant or not, and so on. Because it is a Microsoft product, and on the customer side, we also use Sentinel for this, so it is integrated in all solutions.

I think Microsoft Defender for Endpoint is a solution which needs a little bit more resources on the CPU side, as we detected that on some virtual machines in Azure, with the activation of Defender, the CPU utilization increases about ten percent.

In regard to Microsoft Defender for Endpoint visibility into my organization's attack surface, we have configured it so that we would see them if we find them; if Defender would find them, and it is all integrated in our solutions.

Microsoft Defender has helped me reduce mean time to remediation. I see that Microsoft Defender for Endpoint is best combined with other Microsoft tools like Intune, Sentinel, and so on, and we have an overview on our Entra ID admin page and Intune admin page, and on Sentinel, we see what would be vulnerabilities and what would be compliance issues and so on; it is integrated in all the systems.

I have been familiar with Microsoft Defender for Endpoint and providing services for it for about a year.

Microsoft support is responsive and helpful.

Positive

We are using Microsoft Defender for our customer, and the customer switched from Trend Micro to Defender for Endpoint.

Hybrid Cloud

Microsoft Azure

My main use cases for Microsoft Defender for Endpoint are protecting our endpoints and ensuring our endpoints are secure.

The feature I like the most about Microsoft Defender for Endpoint is that it's built into Microsoft; the ASR rules have really secured our endpoints.An example of how Microsoft Defender for Endpoint has benefited our organization is that we had a lot of people running unsanctioned apps that we weren't aware of, so this really limited that a lot. That is probably our biggest benefit so far.

I think the overall portal of Microsoft Defender for Endpoint could be improved; sometimes there's moving around to different spots and it's a little hard to navigate, so getting used to that was perhaps the biggest hurdle.

I have been using Microsoft Defender for Endpoint for about six months.

I would assess the stability and reliability of Microsoft Defender for Endpoint as having no issues so far.

I think Microsoft Defender for Endpoint scales with our growing needs in the company; it's easy to deploy.

We did use customer service for Microsoft Defender for Endpoint to reach out for support on certain things we couldn't figure out.I would describe their help as being able to answer all of our questions pretty quickly, so we had no complaints there.If I had to rate the customer service of Microsoft Defender for Endpoint from one to ten, I would rate it an eight.

Positive

Before Microsoft Defender for Endpoint, we did use SentinelOne as our previous solution.

For the deployment of Microsoft Defender for Endpoint, we just did a slow roll to certain departments in our company, onboarding them slowly over a couple-month period, and then we're slowly integrating each feature to a small test group, so it ended up taking a few months to roll out throughout the whole company for all the features.

I would say I've seen a return on investment since we have Microsoft Defender for Endpoint; I think it's made our jobs easier and it's secured our endpoints better than what we had prior.

I'm not too familiar with the pricing, setup costs, and licensing for Microsoft Defender for Endpoint; it wasn't something I dealt with, but from what I heard, it wasn't too bad of a process.

When we switched to Microsoft Defender for Endpoint, we didn't consider something else; we saw Defender and we knew we already used a lot of Microsoft products, so we knew that was what we wanted to use. We probably looked at other products prior to going to SentinelOne and just chose SentinelOne at that time, but we didn't really consider too many other products.

Regarding the automatic attack feature, I don't believe we've really utilized that yet.I believe we've pretty much utilized all the features of Microsoft Defender for Endpoint that were available to us.I don't believe we are using the Security Exposure Management feature of Microsoft Defender for Endpoint.I think Microsoft Defender for Endpoint has helped free up our SOC team to work on other projects or tasks; the portal and the alerts give us a lot of good information that we can act upon very quickly, so we can usually get things diagnosed in about fifteen minutes.I believe Microsoft Defender for Endpoint has helped reduce the mean time to remediation, MTTR; before, we were able to solve it within fifteen minutes or less.Sometimes with deploying some of the rules in Microsoft Defender for Endpoint, that would affect some end users not being able to do certain tasks, so we would have to work with them to make exceptions, mainly around the ASR rules.I would rate this review an eight overall.

Public Cloud

Microsoft Azure

We have two phases with Defender for Endpoint because we have been using it on mobile since 2019, and we started this year changing out our Carbon Black Symantec deployment with Defender for Endpoint on our computers. Currently, the Defender for Endpoint deployment on computers like clients is mainly just a one-to-one takeover from Symantec. In the long run, we are exploring possibilities to use it for more advanced functions as it can work as a sensor and comply with the policies in Defender for Cloud apps and DLP policies.

From a security point of view, our mobile clients allow us to sleep at night. The current implementation on our client is economical because we have the E5 license, which we have anyway. In the long run, it would mean a more secure information security posture for our company, but we need to implement it first and then start the second phase.

It was quite important to have extra security on our mobile platform because of geopolitical situations, as we are located close to some countries that represent a concern. Defender for Endpoint allows us automatic resolutions if a unit is compromised or if a user clicks a malicious link. Importantly, the experience of an automatic attack disruption is quite positive for the end users. They don't feel supervised, which is essential for mobile phones since they are more private than work computers.

The auto-deployed anti-deception techniques are excellent because we have a large fleet on the Norwegian scale. We deployed it for 10,000 clients and about 5,000 servers in three months. 

Defender for Endpoint's coverage across different platforms in our environment is pretty good. We have devices running Linux, Mac OS, Windows, iOS, and Android. It covers all of them. 

The major area for improvement is the integration with a managed service provider. We use Microsoft partners to help govern the platform, and as part of an alliance, we want to gather data from each tenant and combine them for a complete view. This process has been complicated, though it has gotten better.

We see the possibilities in terms of visibility into our attack surface, but we haven't been able to enforce all the insights we can get from it. We have multiple endpoints, and we want to look for signals across tenants. 

We have been using it on mobile since 2019 and just started transitioning from Carbon Black Symantec to Defender for Endpoint on our computers this year.

I rate Defender 10 out of 10 for stability. We haven't had any issues with it.

We managed to scale it out in a short amount of time, with two months of planning and three months of implementation on 10,000 computers. It is a scalable platform.

I rate Microsoft support 10 out of 10. We have a unified support agreement with Microsoft involving biweekly or more frequent contact. We are supported by both Microsoft and our customer success manager. 

Positive

We previously used Carbon Black and Symantec for endpoint protection but transitioned to Defender for Endpoint as it was included in our license. Our ultimate goal was achieving a complete security posture, not just endpoint protection.

The initial setup and the deployment process have been easy, especially since we are using it with Azure.

We are working with a Microsoft partner called Supercellus as we transition to them from our previous managed service provider.

We are aiming to fully utilize the E5 license, using more of its features than before. However, the return on investment is not fully realized yet, as we are still implementing.

Given our extensive Microsoft licensing, transitioning to Defender for Endpoint did not affect licensing costs.

We did not evaluate other solutions, primarily because we were satisfied with our existing one. Still, when the license agreement with the other parts expired, we took the opportunity to switch.

I rate Microsoft Defender for Endpoint eight out of 10. While I think highly of it, there are issues with sharing data across tenants, which is a particular request but still affects our satisfaction.

Hybrid Cloud

I'm working with Azure and Microsoft Defender for Endpoint, which is used for threat hunting. This tool is installed in environments to monitor network activity, detect potential intrusions, and identify hacking attempts. I perform threat intelligence by running KQL commands to analyze activities and follow Microsoft's best practices to reduce system intrusion risks. Additionally, I work with Azure cloud platform, which offers various services including virtual environments. For instance, if a small SME requests assistance in reducing costs and setting up IT infrastructure across five different sites, instead of extensive spending, I advise them to deploy a virtual desktop. This saves money since all necessary network infrastructures are set up in the cloud, allowing them to use what they pay for at specific times.

It took considerable time to understand and utilize Microsoft Defender for Endpoint, especially learning KQL. Despite my knowledge of SQL, I believe new users would benefit from additional video guidance on usage and running their own threat hunting.

There are numerous tools available, but for organizations already using Microsoft, such as Office 365, Microsoft Defender for Endpoint focuses on securing environments and monitoring activities. Every environment faces different threats, whether from insider threats or countries attempting to steal data or assets. Microsoft Defender for Endpoint detects anomalies and provides best practices for resolving or mitigating specific risks.

One of the best features of Microsoft Defender for Endpoint is its database for identifying zero-day attacks or malware attacks. The service runs continuously, even when users are offline. This enables me to receive notifications about irregularities, conduct investigations, and resolve issues, ultimately creating policies or procedures to prevent similar incidents.

The solution offers real-time updates on ongoing attacks affecting assets or companies. It provides automatic detection of ransomware, spyware, or phishing attacks, which is crucial for preventing ransomware infiltration. It protects the cloud environment using AI and machine learning, enhancing speed. The built-in cost feature is important as expenses increase with additional features.

The solution is sufficiently effective, making my life easier in terms of setup, analysis, and monitoring.

It took considerable time to understand and utilize Microsoft Defender for Endpoint, especially learning KQL. Despite my knowledge of SQL, I believe new users would benefit from additional video guidance on usage and running their own threat hunting.

I have been using this solution for about three to four years.

Following Microsoft's recommended best practices for setup, I haven't encountered any issues during the implementation process from start to finish.

I have not encountered any limitations or scalability issues; it has always performed effectively.

I have not encountered any limitations or scalability issues; it has always performed effectively.

In past situations where I escalated issues, they were quite responsive and provided prompt guidance on necessary actions.

Positive

Following Microsoft's recommended best practices for setup, I haven't encountered any issues during the implementation process from start to finish.

There are significant cost benefits since Microsoft Defender for Endpoint provides real-time threat protection. Consider the cost benefits of saving a company from a ransomware attack. Without detection and protection measures, organizations would face substantial payments and reputational damage, including the necessity to inform customers about data breaches, potentially leading to loss of business. It's important to measure costs and understand potential threat impacts, but Microsoft Defender for Endpoint and other companies have reached reasonable pricing levels.

For trend analysis and issue isolation/resolution, it typically takes 10 to 15 minutes because I know exactly how to use particular statements, what to investigate, and where to look, whether isolating a device or identifying attack sources, then writing policies or procedures to prevent recurrence.

We are working with Microsoft Defender for Endpoint, which is connected to Azure VMs and online services.

I recommend Microsoft Defender for Endpoint to others and advise watching informational videos about its benefits. It is particularly beneficial for businesses using Defender for Endpoint and Cloud, especially customers with Office 365 and those using Windows, MacOS, or Linux.

Microsoft Defender for Endpoint has significantly impacted our security posture. From my experience, it has improved system performance, reduced attacks, and offers enhanced incident response capabilities. I have been using it with different companies and will continue recommending it to customers.

This product is recommended for clients because it complies with various standards including ISO, GDPR, and other frameworks for American companies. It enables faster responses, reduces manual work, and facilitates audits.

The solution covers all operating systems including Windows, Linux, and Macs, securing them effectively. Once agents are installed, monitoring becomes easier and provides real-time data about asset and network environment activities.

Rating: 8 out of 10

Public Cloud

Microsoft Azure

My current use cases for Microsoft Defender for Endpoint include primary Defender MDE, Endpoint Detection Response EDR. I also use it mainly for attack simulator, which is for phishing deployments.

Microsoft Defender for Endpoint has changed significantly for the better. I appreciate that it has MD integrated with it. The cloud app feature is beneficial. The attack surface feature where phishing simulations can be performed is quite neat. I definitely appreciate the vulnerability assessment capability. These are significant key features that I find valuable.

It would be helpful if Microsoft could integrate a sandbox with Microsoft Defender for Endpoint. This is critical and important, especially when conducting phishing attacks since it has a simulator. This is particularly notable as competitor CrowdStrike has a robust sandbox, while Defender does not.

The vulnerability management feature in Microsoft Defender for Endpoint needs enhancement to make it more robust. The naming convention should be changed to M365 Defender instead of just Defender, as there is confusion between Defender, Defender 365, and Defender XDR. This creates uncertainty about whether we're discussing XDR, EDR, or M365 Defender.

The vulnerability management modules could be improved to be more user-friendly and accurate compared to other vulnerability management solutions such as Tenable, Rapid7, and Titanium. Currently, the vulnerability management in Microsoft Defender for Endpoint is not as accurate as the BMS information from Tenable or Rapid7.

I have been using Microsoft Defender for Endpoint for a couple of months now. Prior to this, I used Defender when it was known as ATP for two to three years. Technically, I have been using the solution since 2020.

The solution is pretty stable.

I don't think it's scalable at this moment. It is doing what it's supposed to do, but Microsoft Defender for Endpoint isn't there yet.

I would definitely recommend having professional services from Microsoft help with deploying Microsoft Defender for Endpoint, not a third-party vendor. This is critically important because you want a Microsoft expert who knows the system thoroughly. Vendors often lack knowledge of Microsoft bending, rebranding, and the underlying engine systems that a Microsoft security engineer would possess.

The pricing is pretty decent. We have a unified platform with a dark package and G5 GCC. I am satisfied with it as the company covers the cost.

I am planning to conduct an assessment in July. Based on my experience, I would rate Microsoft Defender for Endpoint an 8 out of 10.

We have used Microsoft Defender for Endpoint for various purposes, from tracking different vulnerabilities to monitoring potential issues with attacks.

Defender for Endpoint has significantly improved our security posture. We run two MDRs, and Defender catches more threats than the other. We've benefited from fewer attacks, reduced risk, and less exposure. We passed our recent physical penetration test audit with excellent results, partially due to Microsoft Defender.

Because of the notification and reporting, our mean time to resolution has drastically reduced. It's easier to find the issue by clicking through the notifications. Our SOC team has saved a lot of time, allowing them to focus on audits and other tasks. 

The notification and reporting features are most valuable because we are part of a compliance project, and maintaining SOC 2 compliance is critical. The reporting, dashboards, and automatic notifications of potential issues greatly improve visibility. Luckily, we haven't had to use automatic attack disruption, but we are happy it's there.

The only issue is that our mobile endpoints do not have Defender installed for part of them. An additional feature that could be included in the next release is free Copilot.

I have been using Microsoft Defender for Endpoint for at least two years now.

Defender for Endpoint is extremely stable. I haven't seen anything that would give me any cause to doubt it.

Defender's scalability is phenomenal, and it's going to be one of the keys to resolving issues for the SOC.

We haven't had much need to use customer service and technical support. Due to our size, we don't have access to direct technical support, but the knowledge base, Microsoft Learn, and the articles available are really good.

Positive

We use both Microsoft Defender and SentinelOne for extra coverage. We evaluated CrowdStrike and other options, but Microsoft Defender makes logical sense as part of our E5 license.

Deploying Defender was extremely easy. We built a package and rolled out everything without our end users noticing.

We did the deployment ourselves in-house. We're that good.

The return on investment is primarily in time savings and better observability of what's happening. Although I don't know the exact numbers associated with the time savings, it has definitely improved efficiency.

The pricing, setup, and licensing were very easy and simple. I've really enjoyed it.

We looked at CrowdStrike and several other options, but Microsoft's integration, communication, and Copilot make it the better product. Other solutions lacked integration and visibility across the entire estate.

I'd rate Microsoft Defender for Endpoint nine out of 10. I don't give anything a 10, and it's about as good as a nine can get.

Hybrid Cloud