Microsoft Defender for Endpoint Reviews

It comes inbuilt with Windows Server and Windows 10, so we are using its latest version. It is deployed centrally on all the platforms, whether it is a virtual environment, a BYOD device, or an office device. It is deployed everywhere. 

All of our users are on Office 365. By default, every user is getting Office 365, and we are also incorporating this into data leak prevention. We have also enabled Azure Active Directory, so policies are deployed directly from our active directory. 

It has reduced admin overhead. Because it comes inbuilt with Windows, we don't have to deal with the complication of using a third-party solution. We stopped using Symantec Antivirus three years ago. Previously, we had to find a person who knew how to manage Symantec Antivirus. Now, we don't have that overhead. It is also less taxing on the admins because they don't need to license an extra software every year and then deploy and manage those licenses. Everything is seamlessly managed from a central application.

Our full backup is on OneDrive. We had deployed separate storage area networks to back up important data for off-site users, not on-site users. In the current scenario of work from home, users need to establish a VPN connection to run our backup system. When they are at home, we cannot back up their systems if they don't have good connectivity. We also can't tax their broadband connections. Incorporating OneDrive as a backup solution with Windows Defender and Windows 10 has helped us immensely. We were not prepared for having people working from home because we always worked from the office, and 100% office attendance was required, but due to the pandemic, people moved to their hometowns, and we could no longer manage those systems. It became a headache for us when people used to report that their Windows got corrupted. Because they were working from home and there is a big problem of electricity in India, if electricity is not there, the systems suddenly shut down, and the registry gets corrupted. All these things are difficult to handle when you're at a remote location and you don't have your eyes and hands on that particular location. In such times, Windows Defender became a very big helping hand in managing the recoveries of such systems. The backups managed from OneDrive were very helpful. It has saved hundreds of hours of restoring the system in case something goes wrong. There was an instance where a user opened a spam message, and a ransomware attack was done on that system. Because the backup is managed by OneDrive, within 17 hours, this user's whole laptop was recovered without physically working on that laptop. Because of slow connectivity, it took time, but we were able to recover. This is the best feature of having OneDrive backup on the fly and recovery on the fly. These 17 hours were peanuts as compared to the data that we were able to save. This is the best selling point of having OneDrive as a backup with Windows Defender and Office 365.

The best part is that it is built into Windows, whether it is a server base or a desktop base, which gives more control over the operating system. Because Defender, the operating system, and the Office solution are by Microsoft, everything is working like hand-in-glove. Its administrative overhead is less because a desktop user has already got some experience of how to handle a Microsoft Defender notification or administer it. While working on Windows 10, every now and then, users might have seen it popping up, and they know how to do certain things. So, it is not too taxing from an administration point of view where we have to tell users what to do. 

Centralizing policies and rolling everything out is done only from one console. We are able to provide restrictions based on what we want to filter, such as certain apps should not run and certain things should run. Because we are also into website development and code development, sometimes, users need to run certain software or their own build application, which is not possible to specify with an antivirus solution. With Defender, we can centrally deploy a policy where certain parts are excluded, and they can run their code in those particular parts. This is a very nice feature where we don't have to micromanage developers' PCs or exceptions.

Data leak prevention is something that our company requires, and it is incorporated in this solution. Because we are using Microsoft OneDrive, and it is easy to take the backup to OneDrive via Microsoft Defender.

It has helped in improving our security posture.

Its user interface (UI) can be improved. Currently, in the console, you have to dig down for certain things. They've got many different layers to get to things instead of having it all on the surface. You have to go three folds lower to get to specific functionality or click a particular option. It would be good if we can manage the console through menus and instead of three clicks, we can do things in one click. They need to change the UI and work on it in terms of a better user experience. For example, user management should be in one menu, license management should be in one menu, and backup management should be in one menu. Currently, if you click on a user, you will get some devices there, and some devices will be on the other menu. Its UI is complicated. In terms of functionality, everything is okay. We don't want anything to be changed in it.

We have been using this solution for three years.

It is highly stable. We don't even have to look into it to see if it has stopped working, or whether it is doing its job well or not. We have around 500 devices in our organization, and all devices do the regular login with the logs. It is immensely stable.

Its scalability is immense. There is no device, user, or policy limit. You install a device, and it is automatically configured because the policy is deployed from the centralized policy server or active directory.

We have around 500 devices in our organization, and all devices are using it. We have all kinds of devices such as laptops, desktops, notebooks, surface devices, etc. We also have in-house virtual servers on the AWS cloud and in-house physical servers. We also recommend enabling it for our client servers, and we configure policies for them.

Every person in our organization is using this solution. We have approximately 380 users. Its users include everyone from a new joiner to our management president. Last year, our strength was 260, and this year we have 380 users. We are growing, and by 2022, we should have more than 600 users. We are growing in a very good manner, and a group target is there. We are definitely going to grow.

We have been using Microsoft products since the commencement of Windows 95. We have rarely used their support because they make their products in a way that makes them easy to use. Sometimes, there are flaws and issues, and because we are also a Microsoft Partner, we get support on priority. They take a case at the level where they think it will be resolved, and if someone is not able to resolve it, it automatically gets escalated. 

We mostly use our in-house support. In the past 20 years, we have used their support twice. When I used their support last time around four to five years ago, they were really very helpful. They were good and very professional. I cannot comment on how their support is now with the current pandemic and people not working from the office. 

We were using Symantec Antivirus three years ago. When we were using Symantec Antivirus, users used to report that certain popups are there, and what should they do with them. They used to ask, "Is my system infected?" They used to panic on seeing those pop-ups. Most of them were unnecessary and would say that they need to have admin access or a particular software is trying to open a port. Because we are into development, it is a requirement of a developer to open certain ports and to make that application listen on certain ports. Such requirements were very difficult to configure in Symantec. It was difficult to make it understand that these ports are going to be used by developers, and they are going to be opened, and it is not a virus activity. Sometimes, the temporary folder of users used to get infected, and it used to give hundreds and hundreds of pop-ups. We didn't know how to close all those pop-ups in one go because they were not in a group. Imagine sitting and closing a hundred pop-ups. We had to click the Close button on each and every pop-up.

With Microsoft Defender, we can control notifications. We can tell which notifications should go to the users and which shouldn't go to the users and should be forwarded to the admin central console. In terms of user experience, users are happier with less annoyance of pop-ups that they used to get with Symantec Antivirus. They do not need to know each and everything that is going at the backend. Only the admins need to know certain things, and they should know them. With Microsoft Defender, users don't even get to know that they have an antivirus solution on their system because they never get any irritating pop-ups or notifications or slowness of the system. We configure everything from the backend, and we are managing their systems from one console, which is the biggest plus point of Microsoft Defender.

Its initial setup is very easy. It took us just a couple of hours to deploy it on remote devices.

Our implementation strategy was to deploy group policies and manage the DLP policies from the central console.

We did our own research, and because it was a lockdown, we had resources on our hands. We asked one of our system admins to look into the options and the policies that we need to deploy and what we need to do. He went over it for a month and trained the rest of the team. Within one and a half months, it was fully operational on each device, and my whole team was trained on it.

The whole job of its deployment was done by one person, and for maintenance, we have got a five-person team because we have 380 users across the clock and across the globe.

We have very much seen an ROI.

Licenses depend upon what you are looking for and what kind of security do you want to implement. There are costs in addition to the standard licensing fees.

When we used to buy Symantec, we used to spend on 100 licenses. We used to spend approximately $2,700 for those many licenses, and they came in packs. To add one more license, I had to buy a pack with a minimum of 10 licenses. I had to spend on nine extra licenses because I can't get a single license, whereas when we go for Microsoft, we can get as many licenses as we want.

If I have 100 users today, and tomorrow, I have 90 users, I can release my 10 licenses next month. With any other software vendor, you buy licenses for one year, and you have to stick with that. If today you have 100 licenses, and tomorrow, you have 50, you have already paid for one year's license. You can't go back and tell them that I don't require these 50 licenses because I have lost my 50 users, but with Microsoft Defender, licensing is on a monthly basis. It gives you both options. You can go yearly and save on it, or you can go monthly. You will, again, save on it. It is very fair everywhere.

My advice is, "Try it, and you will love it." If you go for any other product, you will have to manage everything separately, which becomes an overhead. You will have a separate console, separate licensing, and a separate vendor. You will also get a piece of software that is going to have a layer in between the operating system and your applications, whereas Defender incorporates itself onto the layer where the operating system is sitting. So, you don't tax your resources to manage a product that is already incorporated into all systems. Everybody knows how to use Windows and Defender, so the learning curve is also not there. It is very easy, and it offloads a lot of things such as tech requirements, separate licensing requirements, and separate vendor management. 

I am not advising you to go ahead and discard whatever you are using. You should implement it in a test environment and see what your requirements are because the requirements will definitely impact the licensing. If your requirements are met, and then compare the time required to manage Defender versus the current solution that you are using. You should compare how many hours are you putting in managing both solutions with a different skill set. Only after such evaluation, you should deploy it. 

The biggest lesson that I have learned from using this solution is to always keep it simple. Don't complicate.

I would rate Microsoft Defender Antivirus a nine out of 10. If they can make the UI more systematic, I can give it a 10 out of 10.

We use Defender for endpoint security, firewall administration, and antivirus. 

From an administrative perspective, Defender provides a single pane of glass for us to look at compliance throughout the company and for the customers we recommended it to. That's probably the most significant piece. The governance and policy features work together for us because we can easily provide the self-attestation that we need for the federal government.

Automation at this point, as I understand, is a lot of one-offs. It depends on the particular console that you're looking at. I'd love to have them integrated. I understand that there's a larger solution for that, but it's challenging to figure out a cost estimate of what it would take to get it up and running. The automations are often tied to the separate Defender products and not always integrated, but we're still shy about buying the larger product and integrating all the logs. 

Defender for Endpoint saves time by making administration more manageable. It's at least four hours per month per administrator. We save money with Defender because it's packaged with other Microsoft solutions. It's $20 to $60 per user annually, depending on the suite you're getting. 

I like that Defender is integrated and doesn't have a third-party payload trying to advertise subscription renewal. I don't get spam because of it. Regarding visibility, no one has their finger in as many operating systems as Microsoft. No one has the platform or deployment profile that Microsoft has. Microsoft can outshine any third-party vendor when it comes to visibility.

The interface isn't necessarily intuitive to a nontechnical person. You can get stuck in the little endpoint security portal. Sometimes, if you uninstall a competitive product, the end user doesn't always know if it's running or if they're protected even though it's silently running. There could be a notification, widget, or something that's resident on the screen for at least a bit, especially if you're doing remote support. You want to talk them through it, but sometimes, we're not allowed to look at the PCs we support.

I'd like them to improve visualizations for people higher up the reporting chain, such as potential purchasers, directors, VPs, and CEOs. They have little time. They want to see red, green, and yellow lights or some other type of visualization. It would be great to have this functionality out of the box without a lot of custom development.

We're learning about the AI Security Co-pilot. I'm unsure how it integrates, but I'd like to see it integrated. I'm an administrator, so I don't look at the logs constantly, but patching is critical. I would love to see the percentage of PCs patched in a given period. Reporting and alerts are crucial issues. When an alert needs to be triggered, we'd love to see some events flush up.

We often have to wait for and do a report until we find what we're looking for. It would be nice to sort of set it and forget it or have a community board of plugins that we could download and say, "Here's the meantime to resolution for x, y, or z policy or some policies that we could potentially integrate.

I have used Defender for Endpoint for seven years. 

I can't think of any ongoing issues that we have other than our own internal minor configuration. I don't know if this is in there, but I would love the ability to see how we're deployed and get recommendations.

Defender is scalable. The solution covers multiple locations and departments. We have about 100,000 end users. The departments vary in size. 

I rate Microsoft support six out of 10. They're responsive and willing to help. I have no problems with their customer service. However, it's sometimes difficult to find a technician that understands your issue. Sometimes, when you try to do self-service with Microsoft, it refers you to a third-party website for support ideas and stuff. That's absolutely bizarre. Why would I trust a third party linked from the Microsoft community forums and things?

Neutral

We were using Norton Antivirus, but we switched because we were familiar with Defender. We had Defender running on our home machines, and we had positive experiences because it didn't noticeably slow our machines. It was fairly intelligent at what it did. Sometimes, you feel a little restricted by a few of the things that it may not have. But in the end, I don't think that we're missing anything that we didn't already have in the product.

Defender is typically bundled with 365 packages that the customers are already buying. We haven't done an in-depth ROI for right. Often, we leave the customer to make those decisions even though we can point to tools like that on the web or allow an analyst tool to do that type of work. 

We looked at Norton, McAfee, and another one that I can't recall. Ultimately, our decision primarily came down to integration into the system. If it's integrated, it isn't overwritten by the security patch, and it doesn't add to the payload we're already sending down to manage the PC. We wouldn't use it if the quality wasn't there, but all else being equal, it's always easier to use an integrated solution from a single vendor.

I rate Microsoft Defender for Endpoint nine out of 10. 

We use it as an Enterprise Detection and Response (EDR) solution. We use it for compliance purposes, and we are starting to use it for DLP purposes.

Microsoft Defender for Endpoint allows our threat hunting and threat remediation teams to reduce the footprint of viruses when they come on the network.

We have immediate visibility on all endpoints. It is very good at visibility.

For prioritizing threats across our enterprise, the threat-hunting system in Microsoft Defender for Endpoint is not top-notch. We usually integrate it into things like our SIEM or Sentinel or other things to prioritize or our SOAR system to automate.

We can feed the alerts coming out of it into our XSOAR system to immediately act on events versus waiting until people see them and use the ticketing system.

Microsoft Defender for Endpoint has saved us time. It has saved us at least 40 hours a week. We are able to automate and have the ability to handle threats on an enterprise with 50,000 devices.

Microsoft Defender for Endpoint has not saved us costs. It is a Microsoft product.

Microsoft Defender for Endpoint has reduced our time to detect and respond. By going from a manual process to an automated process, depending on the severity, the time reduced has gone from minutes and days to seconds.

The endpoint detection of threats is valuable. The initial detection of things like ransomware and viruses and being able to shut down machines immediately and stop a threat is valuable. We can stop a threat at a source versus allow it to propagate it across the network.

The product itself does not necessarily need improvement, but the support and implementation of the product are the disaster cases. Instead of being able to go back to Microsoft and ask how to do something, we have to work with a vendor who does not exactly know how to do that and has to go to Microsoft to say, "How do we do this?" so that they can answer our questions. There are a lot of things in relation to various compliance standards such as CIS. The primary levels of support of Microsoft do not know or cannot implement that. Working through vendors is time-consuming. It is a painful process to get back to them to get the answers.

I have been using Microsoft Defender for Endpoint for three years.

We have never seen any downtime in it, so it is incredibly stable.

It is incredibly scalable. However, its ability to bind things into the groups on its dashboard is limited. You can see your 50,000 machines empire, but dividing it into regions, and dividing it into subgroups and management areas is very limited.

It is deployed across the world. There are 250 sites worldwide with 50,000 devices.

I would rate their support poorly. I would rate them a two out of ten.

Negative

The history would be a Symantec product, but I do not remember what it was. Then we went up through Azure ATP to Microsoft EDR. 

I was involved in its deployment and initial setup, but I was not a part of PoC at the time. The deployment was very easy. We pushed it out with SCCM.

Our implementation strategy was PoC, small user groups, and then wide or regional deployments.

We have on-premises and cloud deployments. It is an endpoint protection platform. It goes on any endpoint that we have or that we have running. It could be an endpoint that is sitting in the cloud. It could be an endpoint that is sitting on-prem. We use Azure, GCP, and AWS. There is also some limited rack space from IBM.

We used CDW.

We have reduced man hours using the product. We have definitely been able to leverage automation with it more than other products that we have used previously and other products that we are using.

I recently switched from education to private business, and all I can say is that private business licensing from Microsoft is not cheap until you hit certain quantities or scale. That does not mean that it is not comparable to other industries. It is similar pricing, but it is still crazy to me how much you pay for a client. I feel it is high, but it is in line with other vendors.

We evaluated Cortex XDR, Carbon Black, and QRadar or whatever that solution was from IBM.

The Microsoft ecosystem is the main difference. Everything under the umbrella of the Microsoft security toolkit makes life easier when all the systems talk together nicely.

To those evaluating this solution, I would advise first figuring out what your needs are. Figure out what levels of granularity you need in the system to see if it will support your needs. For example, if you have something like department-level control over devices, you might want to look at another system versus a central security solution that controls all devices. Beyond that, make sure your machines have the resources necessary to support the features you turn on in the environment. A lot of the resources in Microsoft Defender for Endpoint can be shut down for slower machines and older machines.

I would rate Microsoft Defender for Endpoint a solid nine out of ten.

We use Microsoft Defender for Endpoint to manage the firewall and provide endpoint security, such as antivirus protection, on the endpoint.

The visibility of threats is excellent. The most difficult aspect of Microsoft Defender for Endpoint, especially for a small MSP, is the amount of information that needs to be filtered through. There is a lot that can be done in the portal, so it requires someone to spend a lot of time going through all the settings and making sure any issues are resolved. This is why we added Huntress to it, as it helps with the identification of other issues.

Microsoft Defender for Endpoint helps prioritize threats across the enterprise. The great thing about the Defender portal is that if there is a new issue, it highlights the issue for us in the portal, enabling us to easily check the CVE report to see which devices are affected, and make the necessary changes.

The major advantage of Microsoft Defender for Endpoint for us is that we receive a great deal of information. Initially, when we encountered the solution, the most difficult thing was that there was a lot more detail to go through, a lot more logs, and settings that we had to configure. However, once we had everything in place, as we are covering so many devices using the same solution, we were able to make a significant impact on our security.

The solution helps automate the high-value alerts to identify the devices that are at high risk of attack, but we still have to remediate ourselves.

We still enjoy jumping between Defender and Huntress' portals. Microsoft has removed the need for a large number of solutions as the Defender portal itself encompasses a great deal. This is both good and bad as they continue to add to the Defender portal. For a small team, it can be quite overwhelming to have to go through the one Defender portal. However, if the team was larger and we had more dedicated staff, it would be great as everything would be in one place.

Microsoft Defender for Endpoint's threat intelligence helps us prepare for potential threats before they occur and take proactive steps based on the CVE reports, which advise us which devices have higher threat issues.

Being aware of the issues is a good thing, and with solutions like Webroot Business Endpoint Protection, we may think everything is fine as long as the antivirus is installed. However, with Microsoft Defender for Endpoint, we are given a lot of information and become more aware of the issues. This helps us strive to reach the 100 mark on the security score.

Microsoft Defender for Endpoint has saved time by preventing attacks from occurring, and I have been able to rely on it. In contrast, when we used Webroot Business Endpoint Protection, we installed it and then largely forgot about it, assuming it would take care of itself. Webroot rarely gave us any warnings, which may have been due to the product not knowing what to do or not having anything to alert us about. On the other hand, Defender is constantly active and provides us with updates about the endpoints. This may take up more time, as it is making us aware of a lot of other things.

Microsoft Defender for Endpoint is more expensive than Webroot Business Endpoint Protection. However, the value is there in terms of the product we are getting. The cost savings with Microsoft Defender for Endpoint come from being aware of the issues and taking steps to prevent them from occurring. The savings come from avoiding the issues.

Microsoft Defender for Endpoints has a quick response time when it detects a threat. From what I've seen, the system is quite fast. It's not instantaneous when changes are made in the portal and sent to the endpoint, but it is still quick.

The most valuable feature of Microsoft Defender for Endpoint is its ability to bring together all the data, providing more information than just antivirus hits. Additionally, it has a useful security score that is tied into the Defender platform, giving us a better understanding of what is happening at the endpoint.

Microsoft often changes the names of its products, the design of its portals, and what is included in them. This can be confusing for people who are not using them regularly. There is a lot of information to take in, and the portals tend to change quickly due to the fast-paced nature of the industry. This can be frustrating when something that was there one day is gone the next.

I would like to see when NDR solutions become more widespread in other regions. It would be amazing to observe how that progresses. It is something that we are considering, having Microsoft do part of the work using the dependent portal instead of having engineers from our own company do it. Therefore, I am eager to see where that goes.

The stability has room for improvement.

I have been using the solution for over one year.

When testing to see if the antivirus solution is working properly with a lot of different events occurring on the device, we found that the Defender interface can become cluttered. The solution does not always give us a real-time view of what is happening, making it difficult to navigate the user interface. Therefore, there is potential for improvement in terms of stability.

We've deployed the solution in small environments and larger ones. So we haven't had any issues going between the two. Microsoft Defender for Endpoint is scalable.

We have encountered two technical issues in the past. The support team was very competent, and when I contacted Microsoft support, they were extremely helpful.

Positive

We had previously used Webroot Business Endpoint Protection, Bitdefender GravityZone, CrowdStrike Falcon, and Cortex XDR by Palo Alto Networks. Microsoft Defender for Endpoint is now included in our licenses, making it an easy addition for many of our clients since some of them already had the licenses that included the solution. Moreover, since many of us already use Microsoft products and portals daily, we were comfortable with Microsoft and the solution did not require a lot of retraining. Additionally, the price was another factor that made the solution attractive; CrowdStrike and the requirements associated with it are too costly for some of our clients.

The initial setup is not complex. It is more cumbersome than Huntress because it is not just an installer. We have a package that needs to be deployed to a few machines. We can run a script, or use a GPO package to distribute it. Although it is not as easy as some of the other smaller solutions, it is still quite simple. We can roll out a group policy. The deployment didn't take long at all. We had already set people up with licenses to access a Hive with Microsoft, so the deployment solution was straightforward. Most of our clients also have directories managed through Azure, which made the rollout easy.

The deployment process requiring engineering numbers or similar is very minimal as it can be done through a single group policy.

The implementations are completed in-house for our clients.

The licensing costs for Microsoft Defender for Endpoint are reasonable.

I give the solution an eight out of ten. When discussing Microsoft Defender with other engineers, we agree that it can be challenging to become accustomed to and comprehend the UI at first. Once we have a grasp on the UI, it is excellent; however, initially, it is difficult to learn.

Microsoft Defender for Endpoint is deployed in systems located in data centers and on-premises, providing a wide range of devices. Approximately two thousand endpoint devices are in use.

Since the solution is a Windows subsystem, it is not difficult to maintain. We utilize a management solution to run many of those updates regularly, ensuring that they are completed regularly.

No single solution or vendor has all the answers, and it can be risky to rely on just one source. If an attack occurs and we are only using one form of security, if it is breached, the attackers will have unfettered access. Therefore, I believe it is beneficial to have a multi-layered approach, utilizing multiple solutions and vendors with different technologies that can work together.

I suggest people do some Microsoft training regarding the Defender platform to become comfortable with it before deploying it to understand exactly what is necessary to make it work.

It is the end defense against anything coming into our computers and through other channels, e.g., we have some other measures. A lot of our users use Microsoft Remote Desktop Services, so all our servers are locked down. The solution handles what nothing else finds along the way. It is a standard endpoint for computers, servers, and tablets.

What the user doesn't see or experience, the user is happy with. Every time our other services go in and put a stop pop-up in front of what they are doing when they want to visit a website, but the browser says, "No," or they are trying to download a link and then says, "Oh, no. This is dangerous," that upsets users because they can't do what they want to do. As long as we don't get any of that, then users are happy. If users don't feel it or know about it, then they are happy. Everything else will make them unhappy.

Our end users expect to be protected and that everything works. When IT doesn't work as they expect, then they get unhappy in some form. We kind of forced this solution upon them, so they don't have a choice. As long as it doesn't meddle with their normal work, they are fine. For example, when GDPR hit us in May of 2018, that was upsetting because they now had to do some of their work a little differently. So, they don't like GDPR because it interferes with their normal workflow. Normally, users come to me if they have issues with anything. However, if everything works as expected, they are happy. In addition, they expect that they are protected.

When you have something fail and you have three or four different vendors where the fail might be located, everyone just says, "Well, it's awful." Then, you have to go and find out where the fault is. That is really annoying and can cost the business money. For that reason, if I can have one single point of contact when I have a problem to help me out, and say, "Let's find the solution." That is much better instead of having me contact multiple companies to track errors down.

The protection will always need improvement:

• From a technical standpoint, I would like better artificial intelligence on how it does its stuff in the background. It will always be behind. However, at some point, it would be nice if it could get better. It is not bad, but it could always be better.
• From an audit point of view, our auditors would like to have more reports on how things are used, if things go wrong, and how they went wrong. For example, if something got a warning, "Why?" So, we would like more versatility for tracing and reporting. That would improve the product, as long as the user interface doesn't get bogged down.

I have been using the current solution since 2014.

We haven't had any issues. I haven't had any bad experiences. I expect it to work, and it works. It is just there. For example, when you have Word or the whole Office package, as long as it works, people are happy. You just have it, and you don't have to say, "Oh, this version is really..." It is just Microsoft. For most users, Microsoft is Windows, Defender, and the Office package. As long as you just use that, then people will say, "Okay, we're just basically using Windows." They don't care about one thing or another, as long as IT works.

As long as things are slowly upgraded, it works, and we don't have any issues, then I am happy.

I let my outsource company handle scalability. I only get involved if there are issues.

We have 50-plus servers with around 125 to 150 endpoints.

Our consultancy has a deal with Microsoft where they can get access to Microsoft directly. We are part of that deal. When we have issues that need some type of Microsoft input, we can get it. However, I will let the consultancy do that. I wouldn't do that myself.

We use different email solutions and web solutions to handle incoming and outgoing traffic. However, we have not previously used another endpoint protection solution.

In 2014, we upgraded from Windows 7. It was a completely new deployment of everything. Every server, every endpoint, and even the old laptops and desktops were upgraded. So, it wasn't just Defender. Microsoft Defender wasn't really the issue, as it worked. We had a lot of other IT that was annoying, but I don't remember that we had any struggles with Defender.

Microsoft Defender is always running. It is doing its job, so it is fine. I don't have any issues with the way it was implemented or how we are running it. We have been upgrading IT throughout the years, but there have been no issues.

We had a migration deadline set by our mother company. We had to stop using Windows 7 and server 2003 by 15th of June, and we started in April. So, it was done in just under two months right before June 1st.

We are part of the aircraft industry. We have been going downhill for some time, and now we are sort of going up again. At the time of purchase, we simply bought the outsourcing with the solution, meaning we would get this many machines and servers using these services. They kind of supplied everything.

We outsourced the deployment to another company at that point in time, who put up all the consultants and stuff. Before that, we had everything internally and on-premises. At that point, we moved it out still on-premises, but not in our own house. So, we built a separate system, then moved users over.

We didn't have Microsoft in to specifically help us.

The administration of this solution is outsourced. We use a consultancy who has 50-plus employees/consultants. They take care of nearly all services: Defender, Teams, SQL, etc. I then only have to talk to one or two people who are specialized in what needs to be done.

I have been very happy with our current IT services provider. We have had them for about a year. They took over from the old consultancy who installed our IT in 2014. Our current consultancy took over in 2020 because I wasn't so happy with the old guys.

It provides peace of mind with really good pricing. It won't be upsetting my budgets or anything like that.

Our outsourcer handled the decision that we were to use Defender, Remote Desktop Services, etc. They just said, "If you choose us, this will be your solution." It came as a package. Unfortunately, that company was bought by another IT services company, who bogged everything up. The service went downhill and stuff didn't get upgraded. So, we switched to another Danish supplier with whom we currently are happy.

Go for it. It is a standard solution. If you use Windows, you might as well go for Defender. With this solution, you have your normal dependencies within Microsoft. This means that you don't have to talk to another company; you talk directly to Microsoft. Some people might go for something else, and that is fine too. However, depending on how big your company is, if you are a small or medium business, you may want to have as many eggs in one basket to have fewer points of contacts.

It is a good endpoint. All the administration is handed over to our outsource partner. So far, it has been good. We have been using it for years, so it is the de facto standard for us right now.

As far as I know, its capabilities are okay. It is up there with the rest of them. Sometimes, this is what Gartner says is the best, the next best, the 10th best, etc. That will always change. As long as we don't get hit, we are fine. If we get hit, then there are questions around what we can expect from it, what we can get out of it, what help did we get, etc., but I would let my outsource partner deal with that. Directly, I don't have my hands on it.

I would rate this solution as an eight out of 10.

I use Defender for Endpoint every day, for example, when a user downloads an unwanted application, we get an alert. Sometimes we have suspicious processes in an endpoint, and we receive an alert for those activities.

Microsoft Defender for Endpoint helps in detecting different alerts and potential threats by providing alerts and timelines with detailed explanations, which is useful to understand and close or address the issues.

In Microsoft Defender, there is a security portal that allows advanced hunting. You can query and access useful information from logs and events, which is powerful and efficient. Additionally, the timeline feature helps in understanding which process launched what and identifying errors.

Sometimes, there are difficulties in downloading a file considered as malicious. We encounter a bug that requires several attempts to download, which is a bit of a challenge.

I have been working with Microsoft Defender for Endpoint since February, which is approximately eight months.

The stability of the solution is rated an eight out of ten. It is quite stable.

The scalability of the solution is rated as eight, suggesting it is reasonably scalable.

I contacted Microsoft support for personal use of Defender, and they were very nice, providing solutions quickly. This was a positive experience.

Positive

Before using Defender for Endpoint, I used SentinelOne. Defender is easier to use than SentinelOne.

For the initial setup, I’d give it an eight out of ten, suggesting it’s quite straightforward.

The price for Microsoft Defender for Endpoint is about three euros, which is considered reasonably priced. I'd rate it seven out of ten for cost.

I have previously evaluated SentinelOne before using Microsoft Defender for Endpoint.

I'd advise others to use Microsoft Defender for Endpoint because it's a good solution with many experts behind it. Additionally, it's compatible and easy to use with Windows environments.

I'd rate the solution eight out of ten.

We use it for threat protection.

It protects my endpoints from malware and viruses. Those benefits were immediate.

And the automation of routine tasks, such as finding high-value alerts, had an immediate impact because I can see all the threats in a single console, and how they are mitigated.

It has also definitely eliminated having to look at multiple dashboards, giving me one XDR dashboard. It's really effective because it is very tough to handle two different dashboards or environment consoles. The single console gives me a one-shot view of the whole infrastructure, security-wise.

The solution also saves me time because there is no need to install it on all the machines. That is automated. Even the mitigation is sometimes automated, which definitely saves time. It saves me about 90 percent of the time I would otherwise spend on these things.

I have also seen a clear improvement in time to detect and respond. It is instant.

The solution's threat protection is mostly AI and machine-learning based. That is the most important feature of the product. It also offers centralized management so I can remotely manage devices.

In terms of visibility, it gives me all the threats. They are showcased in the management portal. I check there and it's nice.

We also use Microsoft Intune and Azure Information Protection and have them integrated with Defender For Endpoint. The integration was moderately difficult, slightly confusing, but it can be done. But the solutions work natively together to deliver coordinated detection and response. That is very important. Integration is one of the main things I look at. The fact that they work together is the best thing. The threat protection these solutions provide is very comprehensive and very detailed. They cover different aspects and layers of security and that's why it's very important to have them integrated.

The automation could be simpler on the mitigation side. It has a learning curve. Otherwise, it's pretty easy.

I have been using Microsoft Defender for Endpoint for one and a half years.

It is a stable solution.

It's also scalable.

If I have any issues I can relate them to support. But they are quite slow in responding.

Neutral

We used Sophos and we switched because of integration. 

It's deployed on the cloud and the setup is quite fast. I just needed to add the machines and the deployment happened quickly. Within a day, we were up and running. It was straightforward and involved two people.

There is not much maintenance required.

We have definitely seen ROI, due to the fact that I only have one dashboard and one solution. Our ROI is around 20 percent.

The cost is high, compared to other products in the market, if you look at it as a separate product. If you look at the cost where it is part of a bundle, the cost is okay.

Defender for Endpoint doesn't really help to prioritize threats across the enterprise. It's more of a basic threat protection solution. It's more of a reactive approach, once something hits.

With a single vendor, it's much easier to detect alerts and threats beforehand. Having a single vendor helps.

I would recommend Defender For Endpoint. If you are using other Microsoft products, together, this is a better security solution.

We provide solutions to our customers based on their requirements. We started working with Microsoft products because we saw people getting more inclined toward Microsoft security products. For example, previously, for SOC, we saw more organizations working with Splunk or QRadar. However, over the last six months, we have seen a lot of customers migrating to Microsoft Sentinel because they already have Microsoft products in their environment, and it works better with other Microsoft products.

The main purpose of EDR is threat protection, and Microsoft Defender is most impressive when you are factoring in the E3 and E5 security enhancements. It gives all monitoring alerts on a proactive basis. It generates an alert if it finds suspicious traffic, and it also helps to understand where the risks are.

It helps us to prioritize threats across our enterprise. That's one of the key features.

It helps automate routine tasks and the finding of high-value alerts. Because of the automation, you don't need to do anything. You are not required to do anything manually. It automatically detects threats and blocks them. It reduces a lot of manual effort.

It makes the organization much more secure. Microsoft Defender is one of the leading products. It works perfectly. When you are monitoring daily alerts, you can understand what kind of threats your organization is facing or how it is blocking. Based on this analysis, you can secure your organization more. Based on their automation, they are protecting you, and from that analysis, you can understand what threats your organization is facing. So, you can focus more on that area. It helps you to identify and secure those areas so that the same threats don't come in the future.

It has saved us about 20% of the time from an endpoint perspective. It has reduced our time to detect and respond by 50%.

Our customers also use M365 and Microsoft Sentinel. We have integrated all of these products. The base product is Microsoft Sentinel because that is the SIEM. All M365 logs get ingested for the phishing attack checks, and Microsoft Defender logs get integrated with Microsoft Sentinel to check all the endpoint-related activities. These endpoints include Windows servers, laptops, and desktops. On Windows Server also, we have installed Microsoft Defender EDR. From there, the logs go to Microsoft Sentinel, and from there, a centralized monitoring console works. These solutions work natively together to deliver coordinated detection and response across an environment.

The most important feature is the way it monitors the threats and blocks them. About 10 days ago, we were implementing SOC for a particular client. The SOC was not yet implemented, but they had Microsoft Defender. That organization was hit by some ransomware, but the hacker could not succeed. Because of the EDR, the hacker could not install the hacking tools. They were trying to do that, but Microsoft Defender completely blocked that. The hacker could log into the system, but they could not install anything. 

Microsoft Defender is a lot proactive, and it can also analyze the threats on the latest technologies. In the case of the attack that happened just 10 days ago, we immediately logged in and saw various challenges because we didn't have any other logs. SOC was not ready, and we only had EDR logs. From there, we could identify that the hacker couldn't succeed because Microsoft Defender was proactively working. It prevented the complete attack.

It is proficient and proactive in monitoring threats. It can seamlessly monitor all the individual assets in real time. Another thing is that after installing the Microsoft Defender agent, your computer doesn't slow down even though real-time scanning is going on in the background.

It should support non-Windows products better. Microsoft is now one of the leading vendors in the security area. So, they should be product-independent.

I have been using it for the last year.

It is stable.

It is scalable.

I have not faced any issues with their technical support. Our client has a tie-up with Microsoft, and the Microsoft team has provided them with good support, but I'm not sure how they will be in the case of small customers. 

We are working with multiple vendors for our clients. We are using CrowdStrike for some of the other organizations. Microsoft Defender has grown in a very big way in a very short period, but CrowdStrike Falcon is ahead of it in terms of protection.

Microsoft doesn't give everything in a single dashboard, whereas with Mandiant or Secureworks, from a single dashboard, you can manage everything, such as your EDR threats, vulnerability detection and response, and network detection and response. Microsoft has not grown up in that way.

It is much easier to deploy for the Windows platform. One of the customers had 3,000 or 4,000 endpoints, and we could do the deployment in two months.

There was a team of 10 members. They were working on multiple things. They were not fully dedicated to it. We had SCCM, and we had to push everything through SCCM. That helped a lot to automatically push to multiple endpoints at the same time.

If it is on the cloud, you don't require any separate maintenance, but when their patch is coming, you have to do the patch upgrade. You can make that automated. It is easy.

It is hard to measure the amount of money saved from using this solution because it depends on if you had any attack, and if an attack happens, how much your organization would lose based on the threat. It was published that in the last year, companies have lost millions of dollars because of ransomware and multiple attacks.

They are now doing it on an endpoint basis. It is based on the number of endpoints, which is good.

We made multiple comparisons between tools. We had not only Microsoft Defender but also CrowdStrike and Tanium. I was working on some of the requirements for one of our clients, and based on that, we started evaluating these three products. We started working with Microsoft Defender based on the endpoints or hosts available on the Windows platform. We saw that most of the organizations are still on the Windows platform. They have Windows laptops as well as Windows servers. 

One of the reasons why the client agreed to go with Microsoft Defender was that it was easy to deploy. We didn't need to spend a lot of time implementing it. It is much simpler compared to other competitive products.

During the PoC, we found Microsoft Defender to be easy to implement. It was able to detect a lot of things, but in a few areas, we found CrowdStrike much ahead of Microsoft Defender. Another difference is that CrowdStrike is product-independent, whereas Microsoft Defender is limited to Microsoft products. Also, if you have any other EDR running on your system and if you implement Microsoft Defender, it'll immediately disable others. In this tenure, if something happens, there is always a risk.

To a security colleague who says it’s better to go with a best-of-breed strategy rather than a single vendor’s security suite, I would agree. I prefer multiple vendors. I am not in favor of implementing Microsoft products in all areas because, in every domain, there are some specialty products. You should focus on that and see how to make your organization much safer. Every organization claims that it has all the products, but all the products are not good. That's why you have to find out the best one and put it there.

I would recommend comparing it with other products and defining what are the most important needs for your organization. You may not require all the features. Microsoft Defender includes a lot of things. Microsoft Defender has its own MCAS solution. It also supports DLP, which is not yet mature. You should see what is required for your organization and then do a testing or PoC on that.

Microsoft Defender works well with Microsoft products. You can implement or install it on the Windows platform, but you will have to find another way to track non-Windows platforms, such as Linux platforms or Unix platforms.

Similarly, Microsoft Sentinel does the analysis for Microsoft products in a better way, but they are yet to catch up when it comes to non-Windows products. It lacks when it comes to analyzing non-Windows products. It isn't able to identify all the threats properly. The number of false positives is much more compared to other products, but still, Microsoft Sentinel is one of the leading products in the market. It has developed a lot as compared to what we saw one year ago. It enables you to ingest data from your Microsoft environment, but I am not sure about the non-Microsoft environment. This data ingestion is very important. Without ingesting all the logs to your SIEM, you can't monitor the threats. When it comes to security products, they need to be product-independent. In terms of cost, it is almost similar to other products, but it is a little bit cheaper than Splunk. In terms of ease of use, on the Windows platform, it is very easy to use, but it is not so easy for non-Windows platforms.

Overall, I would rate Microsoft Defender an eight out of ten.