Microsoft Defender for Office 365 Reviews

We mainly use Microsoft Defender for Office 365 for people who teach or work remotely. This allows us to effectively control and monitor them.

We have faculty who aren't even near the college. Some of our faculty are in other cities and teach remotely. Microsoft Defender for Office 365 enables us to manage everything through the cloud, so we don't have to ship anything back and forth. We can do updates or address any issues with computers remotely.

Microsoft Defender for Office 365 facilitates efficient management and updates through the cloud. We do not have to worry about incompatibilities. It just works. My team appreciates the threat visibility Defender offers. It ranks the threats and allows us to prioritize those hitting us the hardest, such as email threats. 

I am generally satisfied with how it currently is. If I could improve anything, I would reduce the cost. 

The college has been using Microsoft Defender for Office 365 for more than two years. I have been there for a year.

The stability of Microsoft Defender for Office 365 is fantastic.

The scalability of Microsoft Defender for Office 365 is fantastic, same as its stability.

I rate Microsoft support nine out of 10. Customer service and support have been fantastic. We have direct Microsoft support, which we subscribe to and pay for.

Positive

I don't know which solution was used before since it was in place when I started.

I can't provide specifics since I was not involved before my tenure, but based on my experience, it was seamless.

The implementation was all done in-house, without the use of an integrator, reseller, or consultant.

Defender has reduced the time our security team spends on tasks by 10 to 15 percent, allowing us to focus on other areas. It has also decreased our time to detection and response by about 15 to 20 percent.

I don't have detailed specifics on pricing, setup cost, or licensing.

I don't know about any other solutions that were evaluated before my tenure.

I rate Microsoft Defender for Office 365 a nine out of 10 because it works seamlessly without any incompatibilities.

Over 4,000 employees across my organization use all of the products under Office 365, as it is super pervasive. Everybody uses them every day in my organization. My organization is a manufacturing company, where Office 365 has become a daily necessity.

I am a little biased towards Microsoft Teams because it is what I use and helps me pay my bills. In Microsoft Teams, file-sharing options and ease of collaboration or meetings allow for quick collaborations and chats.

I work in my company's IT department, so I use all of the products under Office 365 daily, including Microsoft Word, Microsoft PowerPoint, Microsoft Teams, and all the other components in the product. My company can't make it through a day or go by without using the products offered under Office 365. Some of our manufacturing workers may use Office 365 a lot less, but it is still necessary for things like Microsoft Outlook and Exchange.

I found Microsoft Teams to be the most valuable feature of the solution, along with all of the products and features offered under Office 365. My organization has remote workers, and we can't run the company without meetings organized with the help of Microsoft Teams.

It seems like Microsoft has begun to roll out products before they are fully baked. Microsoft wants its well-paying customers to finish testing some of its half-baked products, find bugs, and report bugs back to Microsoft's team, which is a little frustrating for those who have to manage it and roll it up to thousands of people across the organization. I would say that Microsoft should release or launch better or fully baked products before going ahead with the GA phase.

I use Office 365 in my company as we have an enterprise contract with Microsoft from 2020 that ends in 2025, but it may get extended.

It is tough to speak about the stability-related area of the solution, especially considering that the newly released Microsoft Teams is not so great. The classic version of Microsoft Teams was relatively stable compared to its new version, but in our company, we faced some challenges with network performance. I don't know if there were any network performance issues at our end, with the ISPs, or at Microsoft's end, making it tough to pin it down.

The product's scalability is good.

Microsoft's support was great during the rollout period, especially since it was the product's operational phase. Microsoft's support team has scaled back, so my company has Microsoft365DSC for Microsoft Teams specifically. My company sometimes struggles with getting direct answers and real insights from Microsoft's support team, especially when we need a higher level of insight while no super technical questions need to be answered, leading to some frustrations.

I rate the technical support a seven out of ten.

Neutral

I was involved in the deployment of Microsoft Teams but not the rest of Office 365. Nowadays, everything is complex, but the deployment of Microsoft Teams was pretty straightforward since my company got a lot of help from Microsoft directly.

My company received direct help from Microsoft during our organization's deployment phase of Microsoft Teams.

I have seen a return on investment from the use of the product. With the product in place, my company no longer needs to rely on paper and pen in many ways, which has helped us save time, energy, effort, and money while ensuring an increase in productivity.

I know that the product is incredibly expensive. I know that my company has high expectations from Microsoft because of the high cost. I also know that Microsoft delivers tremendous value for our company in terms of productivity and collaboration. With Copilot coming along, the value Microsoft provides to my company will be even higher than what it was previously, owing to the productivity gain and the reformulation of how we work because of AI.

I believe that my organization will get ready to start looking into other solutions in the market because our contract with Microsoft will come to an end in 2025. I think that the evaluation process will be something that is on the horizon next year. My company may evaluate all of the available options in the market against Microsoft.

Unfortunately, I can't speak much about the visibility into threats that Microsoft's security solution provides.

I am unsure if the solution helps our organization prioritize threats across our enterprise, but I think it does. I get to leave the security part to be handled by the smart security personnel in my company.

I believe that Microsoft's security solution helps automate routine tasks and routine finding of high-value alerts. It is not my area of expertise, but the security team in my company seems to be pretty happy with the vendor.

I think the solution's threat intelligence helps my company prepare for potential threats before they hit us and helps us take some active steps.

I know that my company's security team is very aware of what Microsoft does, especially with Microsoft Defender and its related products. My company's security team is better equipped to stay at the front of any curve. My company's security team had approached me to speak about Microsoft Teams and asked me to tweak certain settings based on industry standards and the developments Microsoft has been coming forward with lately. The aforementioned aspects explain how threat intelligence affected my company's security operations.

Microsoft's security solution has helped my company save a lot of time, as we believe in being more proactive than cleaning up the mess at a later stage.

I am sure that the product helps my company save money, especially since it aids us in finding threats before they actually become a reality. Probably, my company saves millions in terms of money since we don't have to clean up any mess as the product has already prevented it.

I believe that the solution has helped my organization decrease the time to detect and respond to threats, but I can't explain how or how much.

I would suggest that others who plan to use it just find the right contact within Microsoft, work very closely with them, and lean on them as much as needed.

I rate the overall tool an eight out of ten.

As a specialist in SOC, we work closely with multiple customers to cover their IT assets using Microsoft 365 Defender. They have Microsoft Defender for Endpoint deployment, especially for Microsoft 365. We configure the tool to implement the different policies and requirements to cover the email security part and the cloud apps part with the different strategies available on the platform.

After that, we either work directly on the Microsoft 365 portal or configure the sending of the alerts from this portal to Microsoft Sentinel. This will act as a single pane of glass for us to follow the incidents and advise our customers based on that.

One of the best features of the tool is its capability to aggregate insights from different workloads, basically from the Office 365 and endpoints part. With the integration of Microsoft Defender for Identity and Microsoft Entra ID Protection, we will have insights from the identity part. Finally, with the Microsoft Defender for Cloud Apps, we'll also have insights about our cloud apps, either Microsoft 365 cloud apps or third-party cloud apps.

The aggregation of all of these insights into the tool's incident feature will help us have a global vision of the incidents and find multistage attacks at the first steps of the attacks.

Microsoft Defender for Cloud Apps is a very good solution that allows you to use a single port or tool to control everything happening with your organization's different cloud applications.

Configuring the default strategies and policies in Microsoft Defender for Cloud Apps generates a lot of noise and false positives. Also, the documentation does not have many details about that. The bad configuration and lack of good documentation prevent professionals from taking the most advantage of this tool.

One of the big problems that some customers face is that Microsoft always changes its products' names. For example, four to six months ago, Microsoft Defender for Office 365 was renamed Microsoft Defender XDR. Microsoft comes up with a new name for the tool every one or two years, which sometimes is hard for customers to follow.

Microsoft should improve some integrations in the Microsoft Defender for Cloud Apps sub-category. With a specific configuration to Microsoft Defender for Endpoint, we can get logs and insights from network devices and other workloads on our system.

I have been using Microsoft Defender for Office 365 for two years.

I rate the solution an eight or nine out of ten for stability.

We configure the tool for different clients, and thousands of people work with the solution. The tool scales out very well and can cover and monitor devices and users ranging from a few hundred to thousands without any problem. Our clients for Microsoft Defender for Office 365 are medium and small businesses. Microsoft Defender for Office 365 is a scalable solution. There are no issues with the solution's scalability or latency.

I rate the solution's scalability ten out of ten.

The technical support for the solution is very good, and I didn't face any issues with it.

Positive

I have previously used CrowdStrike Falcon. Microsoft Defender for Office 365 and CrowdStrike Falcon are both great tools. Each has its advantages and disadvantages. In my opinion, CrowdStrike is more mature in the endpoint and classic antivirus parts. On the other hand, Microsoft Defender for Office 365 is more mature regarding identity and Office 365.

For artificial intelligence integration, Microsoft 365 Defender is far ahead of others with the integration of CoPilot within the portal. This feature that helps analysts reduce time to analyze and respond to incidents does not exist in CrowdStrike.

The solution's initial setup is very straightforward. You have to go to the portal and click on the incident icon, and the tool will automatically start configuring itself. After that, the integration of the endpoints depends on your workload. For example, 1,000 devices will take much longer than two or three devices.

Automation tools are available within the platform to help us automatically deploy the sensors on different workloads that we will need to cover with this tool. The solution's initial configuration and deployment are very straightforward. A lot of videos and documentation are available for the same.

The initial configuration and deployment of the tool for a specific tenant takes five to ten minutes. After that, it depends on what you want to do. You can implement specific strategies today. Based on the evolution of threats, you will need to configure different things tomorrow.

We tried to solve a lot of issues by implementing the solution. The solution helps us detect problems related to the endpoints, like the detection of suspicious processes or suspicious installation of suspicious software. We will raise an alert, and it will show us a graph of the different entities included in the incident, including users, computers, or endpoints.

If it is related to email, it will show us the initial email and different insights about the incident. We'll go through those alerts and try to check them manually. Sometimes, the tool detects suspicious emails for some incidents and automatically quarantines them.

After that, we, as analysts, will do the manual review. If we find an action suspicious, we use the tool to blocklist the domain that has sent the email. If we find that it's a false positive, we will reject this automatic action by the XDR, and the email will be delivered to the end user.

Unified identity and access management is a new feature on the Microsoft 365 Defender portal. It's all about having a single pane of glass to give you insights into the different identities available on your tenant. Those identities are either on-premises, cloud-based, or synchronized between the on-premises and cloud-based workloads.

The solution's security covers more than just Microsoft technologies. Microsoft Defender for Endpoint and Microsoft Defender for Cloud Apps have a specific configuration to get insights from third-party cloud applications or from within the Microsoft Defender for Endpoint sensors. We can also get logs and insights from other network devices present in our perimeter, like routers, switches, or firewalls. All those insights will help us gain some visibility into our security posture.

The product has gone through a lot of improvements, especially in the last few moments. It will be like a SOC unified platform with the integration of the Microsoft Sentinel tool within the Microsoft 365 Defender portal. This tool is available to cover all the perimeters. Even third-party solutions and workloads that do not have any security tools from where we can get insights, we can directly use something else to install the low connectors and get visibility about those.

Also, the most significant evolution is the integration of artificial intelligence with Microsoft Copilot for security. This is also a big added value that will help analysts investigate and minimize the meantime needed to respond to advanced threats.

The solution stops the lateral movement of advanced attacks, like ransomware or business email compromise, in a good way. Specific measures and configurations are implemented within the tool that will help us detect advanced attacks in the early stages. We can set configurations for business email compromise.

With the help of artificial intelligence, we'll get insights about emails that may be starting a business email compromise based on specific keywords. It's the same for ransomware and other advanced attacks.

The solution's integration into a company will help it be more resilient to cyber attacks. It will help the company prepare for attacks at an early stage and respond quickly, which will help it be more secure.

Being an XDR, the solution has detection and response capabilities. With adequate configuration, we can configure the required measures to stop or at least quarantine attacks and isolate the assets involved with the attacks in the early stage upon detection. After that, the manual site comes into the picture, and we do the manual review. Based on our review and feedback, the tool will learn from us and behave better in the next similar incident.

I saw a demo about the solution's multi-tenant management feature, and it's a very good feature. It will help big companies with multiple tenants and MSSPs that deal with multiple tenants for users. It will help them to work with multiple tenants by flipping a switch.

I'm a big fan of the solution. Having a Microsoft E5 license will help you to cover all the different types of security, including the identity, the endpoint, the email, and even the cloud. I'm just an engineer and work with whatever tool the client provides me. I noticed that many customers have a Microsoft E5 license, but they don't know a lot about the capabilities that come with it.

They buy or add other tools from third parties when they have that feature or capability included within the E5 license. Microsoft needs to talk to different customers and show them the capabilities that come with these types of licenses, which cover a lot of features.

The integration of Copilot has helped us a lot in concentrating on a single portal to get different insights. This will help a lot to reduce the meantime to respond to incidents by 50%.

The configuration of the Copilot assistant is very straightforward and doesn't take more than 30 minutes. After that, when the tool automatically detects incidents and you go to the analysis page of a specific incident, you will find an initial analysis of the whole incident by the Copilot security assistant.

You may also interact with it using chat, and it will help you if you haven't understood any specific terms from the initial analysis. It can be configured to automatically respond to specific incidents based on workbooks, which will help us automatically apply the measures to respond to specific incidents for remediation.

Microsoft Defender for Office 365 is a cloud-based solution. Since it's a cloud-based solution, Microsoft does all the maintenance for the tool. We are notified via email if there is a shortage or a problem. The SLAs are usually very good, and I have not noticed any problems in the last two years where we could not access the tool.

I would recommend the solution to other users because it's a very good solution and one of the best XDRs in the world right now. If you go through reviews from Gartner or other companies, you will see that Microsoft Defender for Office 365 is a leader in the XDR market. It has the capability to collect and aggregate insights from different sources, either cloud-based or on-premises.

The integration of artificial intelligence will greatly help final users and security practitioners respond to incidents adequately and efficiently.

Overall, I rate the solution an eight out of ten.

Microsoft Defender for Office 365 is used to protect our organization from attacks.

Our deployment is a hybrid model with 80 percent being on the cloud.

The visibility into threats is excellent. A dashboard provides real-time information on emails, blocked emails, blocked files, and blocked URLs.

We integrated Microsoft Sentinel and Microsoft Intune with Microsoft Defender for Office 365. Integrating Intune was a little difficult but we managed.

The solutions work natively together to provide coordinated detection and response across our environment. This is important.

The integrated Microsoft solutions provide comprehensive insights into threat issues through threat analytics.

Microsoft Sentinel allows us to ingest data from our entire ecosystem. This is important because it provides us with a vital security feature that allows our organization to monitor and respond to alerts and threats detected in our enterprise via Sentinel. We have configured custom alerts and triggers in Sentinel, which gives us a better understanding of the threats in our organization.

Microsoft provides a comprehensive view of alerts to help investigate issues and address malicious emails. We can investigate and share feedback in our message tracking log and the threat explorer in Defender to mitigate and resolve the root cause of the issues.

Microsoft Defender for Office 365 saves us time with our investigations.

We now use the cloud to maintain our email as a gateway which has saved us money by not requiring on-prem hardware.

Our time to detect and respond to malicious emails was decreased. The solution provides the CPU resources needed to scan emails for malicious content, and it also makes it easy to track the number of administrative emails sent to users.

Microsoft Defender for Office 365's most valuable features are safe attachments and safe links.

The GUI is sometimes slow to fetch the device report and could be improved.

It would be great if Microsoft Defender for Office 365 were priced at the tenant level, rather than the user level. This is because the feature is used by all users in the tenant, not just individual users.

I have been using Microsoft Defender for Office 365 for two years.

Microsoft Defender for Office 365 is stable.

Microsoft Defender for Office 365 is scalable.

Technical support is often unsatisfactory. When I open a ticket, the initial engineer I speak to often has no hands-on experience and needs to escalate the issue to someone else. This can take a long time, as the engineer needs to check with the internal team before they can provide any assistance. In the end, the issue is eventually resolved.

Neutral

We previously used Barracuda Email Security Gateway, but it did not sandbox emails. After careful consideration, we decided to switch to Microsoft Defender for Office 365.

The initial setup was straightforward. We just follow Microsoft's documentation and fine-tune the default custom policies as well as new days on custom policies for data management and checking. Two people were required for the deployment.

The implementation was completed in-house.

We have seen a return on investment.

The license is expensive because the cost is based on the number of users. The more users there are, the higher the cost.

I give Microsoft Defender for Office 365 a nine out of ten.

We have four people that directly access the solution.

There is no maintenance required from our end.

Before using Microsoft Defender for Office 365, organizations must ensure that the policies are configured correctly to fit their specific needs.

It is better to choose a single vendor with high expertise in a specific area, rather than a best-of-breed strategy.

We use Microsoft Defender for Office 365 to protect our Outlook 365 inboxes. When opening links in emails, Defender's URL defense verifies the legitimacy of the URL, ensuring it's not a spam link. This protection is active whenever clicking on any link within Outlook 365.

Our organization's security has been strengthened with Microsoft Defender for Office 365. Regardless of the specific tools we use for our daily office tasks, our data remains protected.

It provides great visibility into vulnerabilities compared to its competitors. Its insights and timely identification of Common Vulnerabilities and Exposures enable proactive threat mitigation, making it the preferred choice for comprehensive security.

Microsoft Defender for Office 365 is critical for our organization's security and privacy because it helps prioritize enterprise-wide threats and protects our sensitive data. Data breaches pose a significant financial risk, potentially costing millions or even billions of dollars, making Defender's role in safeguarding our data vital.

It automates routine tasks and prioritizes high-value alerts, providing automated insights to our security team. This allows us to proactively block harmful activities like anonymous calls and intrusions, significantly enhancing our overall security automation.

Microsoft Defender for Office 365 provides threat intelligence, enabling proactive threat mitigation. It monitors all network traffic, both incoming and outgoing, allowing us to track data and protect our network perimeter. This comprehensive monitoring includes network calls, enhancing our overall system security.

Microsoft Defender for Office 365 has helped to save us time and money and has reduced our time to detect and respond.

The most valuable feature of Microsoft Defender for Office 365 is its spam filter. This filter effectively reduces wasted time by automatically identifying and blocking spam emails before they reach our inboxes, moving them directly to the spam folder. This prevents the constant need to manually review and delete these unwanted messages.

Microsoft needs to broaden its global support presence by establishing teams of subject-matter experts in all regions.

I have been using Microsoft Defender for Office 365 for six months to one year.

Microsoft Defender for Office 365 is stable.

Microsoft Defender for Office 365 offers excellent scalability, as evidenced by Microsoft's support of nearly all Fortune 10 companies.

The technical support is good, providing a clear channel for submitting requests. Based on the severity level, C1, C2, or C3, they consistently provide appropriate responses within the agreed-upon four-hour service level agreement.

Positive

As a technical user of Microsoft Defender for Office 365, I've seen a positive return on investment in how it helps secure our environment and ecosystem. The insights and intelligence provided have also been invaluable to our security team in securing our enterprise's information.

I would rate Microsoft Defender for Office 365 nine out of ten.

365 Defender is a critical tool for mitigating attacks and preventing threats. We use it for email filtering and blocking phishing attacks throughout the entire enterprise. We have around 1,500 users. 

365 Defender has improved our security across multiple categories. It's effective against advanced attacks like phishing and ransomware. Defender's attack disruption works well if you have a strong policy configuration. It will automatically block threats and filter them in most cases without the need to investigate. It will remedy the threat immediately. 

The automated response reduces the manual work, saving our security team time. I would estimate it saves about six hours per day. 

Defender is a SaaS platform, so it offers more flexibility. Managing the permissions is easier. The solution's automated detection and response features are scalable. It's a unified solution that doesn't just cover Microsoft products. We're a multi-cloud shop, and having that coverage is critical. It also includes the latest IAM features like two-factor and multifactor authentication, giving us the most robust solution.

You should be able to deploy Defender for every subscription without the need to add servers. 

I have used 365 Defender for almost six years

I rate Microsoft 365 Defender nine out of 10 for stability.

I rate Microsoft 365 Defender nine out of 10 for scalability.

I rate Microsoft support nine out of 10. Their support is excellent. 

Positive

We migrated to 365 Defender from a McAfee solution.

365 Defender is a cloud-based solution deployed on Azure. You can set it up in two days with some help from Microsoft support using two people.

365 Defender is worth what we paid for it. 

I rate Microsoft 365 Defender nine out of 10. It's the most economical product you can buy, offering a range of features for safeguarding your enterprise. 

We primarily use Defender for 365 for email protection.

My company receives 100,000 emails daily. We implemented Defender to supplement our Broadcom anti-spam solution. Our Broadcom solution wasn't analyzing the server or the body of the messages. 

Defender for 365 is a comprehensive cloud-based solution. The value of the cloud is that you aren't alone. Threat intelligence and analytics are shared in the cloud. We don't have to find the solution alone. If you face an unknown threat with traditional solutions like Trend Micro and Symantec, you need to open a case and send your information to them to analyze forensically and identify the source of the attack. 

The certification training for Defender for 365 needs to be deeper and incorporate Sentinel. I took all the security courses except one, and Sentinel isn't included. 

I have used Defender for three years.

Defender for 365 is stable. You can subscribe to all the alerts and notifications of every service in the cloud, and it won't affect the stability. Your devices will be seamlessly updated from the cloud automatically with no problems. 

Defender for 365 is scalable because it's in the cloud. It will give you more resources as needed, whereas the scalability of an on-premise solution is determined by your processing power and other hardware limitations. 

Deploying Defender isn't complex. You only need to buy the license and connect your devices to the cloud. 

Defender for 365 is reasonably priced, but it isn't cheap. I think the price per user is $3 or $6, depending on the license.

I rate Microsoft Defender for Office 365 nine out of 10. Before deploying Defender, you can compare its engine with that of Symantec, Trend Micro, and other brands.

Negative