Microsoft Defender for Endpoint Reviews

Our main use case for Microsoft Defender for Endpoint is as a safety plan because we're in hospitality.

Microsoft Defender for Endpoint benefits my company by saving on labor costs since we don't have to put in extra effort to maintain it. It's self-sufficient.

Microsoft Defender for Endpoint gives us information about attacks and security, and easy access to data, similar to a spreadsheet. It gives us the information we need. It helps provide quick responses.

Microsoft Defender for Endpoint seems safe, which is the main thing we were looking for, and it works reliably in catching the things we used to catch. We see many random hacking attempts and fake emails, and it cuts them off before anything happens.

Microsoft Defender for Endpoint works mainly behind the scenes. We know we are safe and feel we can relay accurate information to customers.

Microsoft Defender for Endpoint's coverage across different platforms in our environment has no issues. Microsoft seems to have it covered, unlike other software that isn't compatible.

I have tried integrating Microsoft Defender for Endpoint with other software products, and it seems compatible with all of them.

Microsoft Defender for Endpoint has helped reduce our mean time to remediation significantly. It is doing all the work for us, so we don't have to spend our own time on it. It has reduced our mean time to remediation by about 75% to 80%.

Microsoft Defender for Endpoint has helped free our SOC team to work on other projects since we don't have to waste time, as this solution does the work for us. We have saved about 70% to 80% of time because we don't have to focus on certain tasks, allowing Microsoft to handle it for us.

It's pretty easy to use, works with compliance issues, and is reliable.

It sends us data, which is clear-cut. We don't have to do anything extra.

Microsoft Defender for Endpoint can have more options and more AI capabilities in the future, because everything keeps changing.

I have been using Microsoft Defender for Endpoint for about six to seven years.

I have no complaints about the stability and reliability of Microsoft Defender for Endpoint; it feels solid.

There is plenty of room to expand, which is not a problem since we have been bringing in different brands over the years. Compatibility is its main feature. 

The technical support for Microsoft Defender for Endpoint is available around the clock, and that's not an issue at all.

I was using another solution six to seven years ago to address similar needs. It has been a long time, and I'm struggling to remember which one it was.

We have seen a return on investment when using Microsoft Defender for Endpoint, as it saves labor by reducing the need for staff to focus on it.

It isn't cheap, but it's reasonable and fair.

I considered a few other solutions before choosing Microsoft Defender for Endpoint, but that was quite a while ago, and I don't even know if they exist anymore.

I would rate Microsoft Defender for Endpoint a ten out of ten.

Public Cloud

We use Microsoft Defender for Endpoint as an Endpoint Detection and Response (EDR) tool, as well as for vulnerability management.

I appreciate how easily Microsoft Defender for Endpoint integrates with our environment and the wide variety of logs it provides compared to other EDR tools. The policies provided are quite effective and easy to implement, which simplifies the onboarding of newcomers. We continually test new policies, making threat detection and response efficient. Automation capabilities have allowed us to create workflows that automate detecting true or false positives.

I believe that vulnerability management could be improved by making it easier to pull reports and providing more detailed information on how Microsoft Defender for Endpoint detects vulnerabilities. Our partner vendor mentioned that these updates might get more granular in the future.

I have been using Microsoft Defender for Endpoint for the past couple of years.

Initially, I experienced performance issues that hampered our servers. However, after setting appropriate exclusions, everything seemed to work fine.

Microsoft Defender for Endpoint is scalable. I did not encounter any limitations in terms of scalability.

When I had performance issues and needed clarity regarding certain legitimate applications being blocked, I raised a few tickets with Microsoft. Their responses have been adequate. Overall, I would rate them eight out of ten.

Positive

I used Symantec and Trend Micro before Microsoft Defender for Endpoint. Symantec was an on-premises solution, and we needed a cloud-based solution. After our company merged with a client, we switched from Trend Micro to match the client's tools, including their use of Microsoft Defender for Endpoint.

The initial setup was straightforward as we had ample experience in multiple migrations and deployments. We did not face any significant challenges in implementing Microsoft Defender for Endpoint in our environment.

Our implementation strategy was to install Microsoft Defender for Endpoint as a dummy software initially. With the help of our qualitative system engineering team, we deployed it on all machines, enabled monitoring mode, and compared it with current antivirus software. Eventually, we completed the deployment, disabled the previous antivirus, and made Microsoft Defender for Endpoint our primary. The process went smoothly without any outages or escalations.

Overall, I recommend Microsoft Defender for Endpoint due to its features and capabilities, which cover more loopholes than other EDR solutions. I rate the solution nine out of ten.

Public Cloud

Other

We are an MSP. We've got a lot of clients that use Microsoft Defender for Endpoint as their EDR system. We support that.

A lot of the use cases for Microsoft Defender for Endpoint check the boxes for the EDR solution for that client. We use the endpoint portals to work through any alerts. Mostly, we feed all of the Azure Office 365 security logs into our SIEM and then take those alerts if we have to do more work, and see if we can get more details from that.

The automatic attack disruption feature in Microsoft Defender for Endpoint works great. Microsoft Defender for Endpoint's auto-deployed deception techniques also work great. It hasn't bothered me, so it just does its thing, which helps a lot because we have many things to deal with.

The visibility into the company's attack surface provided by Microsoft Defender for Endpoint is good. It's all in one place, which is great. I can see where things are going and make sure that it's deployed on all the machines that we work on.

Microsoft Defender for Endpoint has affected the security posture of our clients' organizations. It does its job fine. For some clients, we don't have to worry too much. Even if we're not getting tons of alerts from it, it's at least there, doing its job.

Microsoft Defender for Endpoint's coverage in client environments is comprehensive. Every device we support is a Microsoft Windows device. It covers pretty much all the endpoints and workstations for those clients.

Microsoft Defender for Endpoint has helped reduce our mean time to remediation. A lot of the reduction is due to the automatic disruption, so we don't have to sit there. It also gives us another data point to look at where the vulnerability might have been.

It has helped me free our SOC team to work on other projects or tasks. It has saved 5% to 10% of our time.

The features of Microsoft Defender for Endpoint that I prefer most are the detections. It just works. Malware getting on a machine and running is a big deal, so we can trust it to sit there and scan and have real-time protections.

The log searches for Microsoft Defender for Endpoint are pretty difficult to navigate. It needs a better UI or more intuitive search and filter mechanisms to make it easy to get through and filter through all the data logs.

At the company, we've been using it for a long time. I've been here for about three months.

The stability of Microsoft Defender for Endpoint is good. I've never had it be unavailable. It's always available when I need it to be.

It has been able to fulfill our needs. Everyone we work with is pretty small, so it's not usually an issue.

I have never interacted with the customer service of Microsoft Defender for Endpoint, as it just does what I need it to. Based on my other experiences with Microsoft technical support, I would rate them an eight out of ten.

Positive

We use Microsoft Defender for Endpoint along with some other products. Some of our clients choose to stick with Microsoft. There are other EDR products that we support as well.

I've deployed it for a client. It was pretty smooth and simple. They're small shops, so there wasn't a whole lot of craziness to do with it.

The biggest return on investment for me when using Microsoft Defender for Endpoint is the time saving. It's an easy recommendation. If I have clients wanting to dive into more security products for their environments and are hesitant about going with an endpoint solution or a different software vendor, it's an easy recommendation.

It's all pretty easy. For some clients, it's an easier sell because it's just an add-on to their existing Microsoft licensing and Office 365 licensing.

I would rate Microsoft Defender for Endpoint a nine out of ten. The log search features are difficult. If I don't have visibility into another product, the log search functions of Microsoft Defender for Endpoint are pretty difficult to navigate.

On-premises

My main use cases for Microsoft Defender for Endpoint are protecting our endpoints and ensuring our endpoints are secure.

The feature I like the most about Microsoft Defender for Endpoint is that it's built into Microsoft; the ASR rules have really secured our endpoints.An example of how Microsoft Defender for Endpoint has benefited our organization is that we had a lot of people running unsanctioned apps that we weren't aware of, so this really limited that a lot. That is probably our biggest benefit so far.

I think the overall portal of Microsoft Defender for Endpoint could be improved; sometimes there's moving around to different spots and it's a little hard to navigate, so getting used to that was perhaps the biggest hurdle.

I have been using Microsoft Defender for Endpoint for about six months.

I would assess the stability and reliability of Microsoft Defender for Endpoint as having no issues so far.

I think Microsoft Defender for Endpoint scales with our growing needs in the company; it's easy to deploy.

We did use customer service for Microsoft Defender for Endpoint to reach out for support on certain things we couldn't figure out.I would describe their help as being able to answer all of our questions pretty quickly, so we had no complaints there.If I had to rate the customer service of Microsoft Defender for Endpoint from one to ten, I would rate it an eight.

Positive

Before Microsoft Defender for Endpoint, we did use SentinelOne as our previous solution.

For the deployment of Microsoft Defender for Endpoint, we just did a slow roll to certain departments in our company, onboarding them slowly over a couple-month period, and then we're slowly integrating each feature to a small test group, so it ended up taking a few months to roll out throughout the whole company for all the features.

I would say I've seen a return on investment since we have Microsoft Defender for Endpoint; I think it's made our jobs easier and it's secured our endpoints better than what we had prior.

I'm not too familiar with the pricing, setup costs, and licensing for Microsoft Defender for Endpoint; it wasn't something I dealt with, but from what I heard, it wasn't too bad of a process.

When we switched to Microsoft Defender for Endpoint, we didn't consider something else; we saw Defender and we knew we already used a lot of Microsoft products, so we knew that was what we wanted to use. We probably looked at other products prior to going to SentinelOne and just chose SentinelOne at that time, but we didn't really consider too many other products.

Regarding the automatic attack feature, I don't believe we've really utilized that yet.I believe we've pretty much utilized all the features of Microsoft Defender for Endpoint that were available to us.I don't believe we are using the Security Exposure Management feature of Microsoft Defender for Endpoint.I think Microsoft Defender for Endpoint has helped free up our SOC team to work on other projects or tasks; the portal and the alerts give us a lot of good information that we can act upon very quickly, so we can usually get things diagnosed in about fifteen minutes.I believe Microsoft Defender for Endpoint has helped reduce the mean time to remediation, MTTR; before, we were able to solve it within fifteen minutes or less.Sometimes with deploying some of the rules in Microsoft Defender for Endpoint, that would affect some end users not being able to do certain tasks, so we would have to work with them to make exceptions, mainly around the ASR rules.I would rate this review an eight overall.

Public Cloud

Microsoft Azure

My use cases for Microsoft Defender for Cloud Apps include email security.

My use cases for Microsoft Defender for Endpoint most likely involve scenarios where the endpoint has malware, as it shows the process of the malware detonation and that it was blocked.

The feature I find most valuable in Microsoft Defender for Endpoint is that it blocks the process and keeps the endpoint from getting infected with malware.

These features have benefited my organization as they help reduce the risk of the endpoint and show us what we are getting, so we know what they attempt to do, such as anything that came with official email.

My experience with the visibility into my organization's attack surface provided by Microsoft Defender for Endpoint is that the user interface gives us a lot of visibility.

Microsoft Defender for Endpoint helps protect our endpoint and also gives us visibility with the endpoint data.

I have been using Microsoft Defender for Cloud Apps for a couple of years.

Microsoft Defender for Endpoint scales very well with the growing needs of my organization because we have a lot of endpoints.

Prior to adopting Microsoft Defender for Endpoint, I don't think we had anything in place to address similar needs.

I was not part of the implementation process; I am just using it.

I have seen a return on investment, even though I don't know what the budget for that is.

I have seen a return on investment because it provides us with protection, which is the best investment we had.

I have seen a return on investment from that.

Before choosing Microsoft Defender for Endpoint, they might have considered other options, but I was not involved in that evaluation.

My experience with the automatic attack disruption feature is that it is already incorporated into the blocking process of the malware.

It helped reduce my mean time to remediation from the start to process, from a couple of hours to less than an hour.

Microsoft Defender for Endpoint does not free up our SOC team's job, but it makes our job easier.

I don't know about the pricing, setup costs, and licensing because I'm just a user.

I prefer to remain anonymous when publishing the review.

I want to remain anonymous in terms of the company name as well.

On a scale of 1-10, I rate Microsoft Defender for Endpoint an 8.

Hybrid Cloud

We have two phases with Defender for Endpoint because we have been using it on mobile since 2019, and we started this year changing out our Carbon Black Symantec deployment with Defender for Endpoint on our computers. Currently, the Defender for Endpoint deployment on computers like clients is mainly just a one-to-one takeover from Symantec. In the long run, we are exploring possibilities to use it for more advanced functions as it can work as a sensor and comply with the policies in Defender for Cloud apps and DLP policies.

From a security point of view, our mobile clients allow us to sleep at night. The current implementation on our client is economical because we have the E5 license, which we have anyway. In the long run, it would mean a more secure information security posture for our company, but we need to implement it first and then start the second phase.

It was quite important to have extra security on our mobile platform because of geopolitical situations, as we are located close to some countries that represent a concern. Defender for Endpoint allows us automatic resolutions if a unit is compromised or if a user clicks a malicious link. Importantly, the experience of an automatic attack disruption is quite positive for the end users. They don't feel supervised, which is essential for mobile phones since they are more private than work computers.

The auto-deployed anti-deception techniques are excellent because we have a large fleet on the Norwegian scale. We deployed it for 10,000 clients and about 5,000 servers in three months. 

Defender for Endpoint's coverage across different platforms in our environment is pretty good. We have devices running Linux, Mac OS, Windows, iOS, and Android. It covers all of them. 

The major area for improvement is the integration with a managed service provider. We use Microsoft partners to help govern the platform, and as part of an alliance, we want to gather data from each tenant and combine them for a complete view. This process has been complicated, though it has gotten better.

We see the possibilities in terms of visibility into our attack surface, but we haven't been able to enforce all the insights we can get from it. We have multiple endpoints, and we want to look for signals across tenants. 

We have been using it on mobile since 2019 and just started transitioning from Carbon Black Symantec to Defender for Endpoint on our computers this year.

I rate Defender 10 out of 10 for stability. We haven't had any issues with it.

We managed to scale it out in a short amount of time, with two months of planning and three months of implementation on 10,000 computers. It is a scalable platform.

I rate Microsoft support 10 out of 10. We have a unified support agreement with Microsoft involving biweekly or more frequent contact. We are supported by both Microsoft and our customer success manager. 

Positive

We previously used Carbon Black and Symantec for endpoint protection but transitioned to Defender for Endpoint as it was included in our license. Our ultimate goal was achieving a complete security posture, not just endpoint protection.

The initial setup and the deployment process have been easy, especially since we are using it with Azure.

We are working with a Microsoft partner called Supercellus as we transition to them from our previous managed service provider.

We are aiming to fully utilize the E5 license, using more of its features than before. However, the return on investment is not fully realized yet, as we are still implementing.

Given our extensive Microsoft licensing, transitioning to Defender for Endpoint did not affect licensing costs.

We did not evaluate other solutions, primarily because we were satisfied with our existing one. Still, when the license agreement with the other parts expired, we took the opportunity to switch.

I rate Microsoft Defender for Endpoint eight out of 10. While I think highly of it, there are issues with sharing data across tenants, which is a particular request but still affects our satisfaction.

Hybrid Cloud

I mostly work with a cloud solution when it comes to Microsoft Defender for Endpoint. My customers choose a hybrid cloud when it comes to their implementation of Microsoft Defender for Endpoint.

It is straightforward for me to implement Microsoft Defender for Endpoint. Deployment time for Microsoft Defender for Endpoint depends on how accessible the system is from remote; for implementing and testing, most of the time is finding out which group policy has to be deactivated from the customer side to allow real-time processing and so on, and implementing is about five to ten minutes per system.

I find Microsoft Defender for Endpoint easier to implement because it is in other Microsoft products, so we can implement it in Intune, and we have a better overview of all the systems, in which state they are, if they are compliant or not, and so on. Because it is a Microsoft product, and on the customer side, we also use Sentinel for this, so it is integrated in all solutions.

I think Microsoft Defender for Endpoint is a solution which needs a little bit more resources on the CPU side, as we detected that on some virtual machines in Azure, with the activation of Defender, the CPU utilization increases about ten percent.

In regard to Microsoft Defender for Endpoint visibility into my organization's attack surface, we have configured it so that we would see them if we find them; if Defender would find them, and it is all integrated in our solutions.

Microsoft Defender has helped me reduce mean time to remediation. I see that Microsoft Defender for Endpoint is best combined with other Microsoft tools like Intune, Sentinel, and so on, and we have an overview on our Entra ID admin page and Intune admin page, and on Sentinel, we see what would be vulnerabilities and what would be compliance issues and so on; it is integrated in all the systems.

I have been familiar with Microsoft Defender for Endpoint and providing services for it for about a year.

Microsoft support is responsive and helpful.

Positive

We are using Microsoft Defender for our customer, and the customer switched from Trend Micro to Defender for Endpoint.

Hybrid Cloud

Microsoft Azure

We have used Microsoft Defender for Endpoint for various purposes, from tracking different vulnerabilities to monitoring potential issues with attacks.

Defender for Endpoint has significantly improved our security posture. We run two MDRs, and Defender catches more threats than the other. We've benefited from fewer attacks, reduced risk, and less exposure. We passed our recent physical penetration test audit with excellent results, partially due to Microsoft Defender.

Because of the notification and reporting, our mean time to resolution has drastically reduced. It's easier to find the issue by clicking through the notifications. Our SOC team has saved a lot of time, allowing them to focus on audits and other tasks. 

The notification and reporting features are most valuable because we are part of a compliance project, and maintaining SOC 2 compliance is critical. The reporting, dashboards, and automatic notifications of potential issues greatly improve visibility. Luckily, we haven't had to use automatic attack disruption, but we are happy it's there.

The only issue is that our mobile endpoints do not have Defender installed for part of them. An additional feature that could be included in the next release is free Copilot.

I have been using Microsoft Defender for Endpoint for at least two years now.

Defender for Endpoint is extremely stable. I haven't seen anything that would give me any cause to doubt it.

Defender's scalability is phenomenal, and it's going to be one of the keys to resolving issues for the SOC.

We haven't had much need to use customer service and technical support. Due to our size, we don't have access to direct technical support, but the knowledge base, Microsoft Learn, and the articles available are really good.

Positive

We use both Microsoft Defender and SentinelOne for extra coverage. We evaluated CrowdStrike and other options, but Microsoft Defender makes logical sense as part of our E5 license.

Deploying Defender was extremely easy. We built a package and rolled out everything without our end users noticing.

We did the deployment ourselves in-house. We're that good.

The return on investment is primarily in time savings and better observability of what's happening. Although I don't know the exact numbers associated with the time savings, it has definitely improved efficiency.

The pricing, setup, and licensing were very easy and simple. I've really enjoyed it.

We looked at CrowdStrike and several other options, but Microsoft's integration, communication, and Copilot make it the better product. Other solutions lacked integration and visibility across the entire estate.

I'd rate Microsoft Defender for Endpoint nine out of 10. I don't give anything a 10, and it's about as good as a nine can get.

Hybrid Cloud