Microsoft Defender for Office 365 Reviews

I use it for email security and to scan for phishing attempts. I use it for endpoint security as well and scan for any malicious activities, such as viruses, malware, or possible ransomware; to prevent any kind of malicious activity. I also use it to investigate and respond to malicious activity.

So far, it has helped with how we organize data flow within our IT department and has given us increased visibility.

The solution has also eliminated having to look at multiple dashboards. Reconnaissance, or data gathering, is very important, and the speed at which we gather data is very important when responding to a threat.

It saves me time because I don't have to go from one tool to the next, or one dashboard to the next to get similar information. Now, I just log in one time to my Azure portal and I can get everything I need from there. It also assists with email alerts because they are consolidated and very simplified. We don't have different tools sending alerts. It's just one tool sending them and they differentiate based on what is going on. That has really been awesome.

The threat intelligence also helps prepare us for potential threats before we encounter them. We see recommendations and predictions from their SIEM.

The anti-phishing component and the investigation consoles that Microsoft gives you with this product are the most valuable features. The consoles are very detailed and mostly accurate. There are fewer false positives than in other products that I've used.

It also gives me good visibility because, with Defender, I'm using a Microsoft product to defend Microsoft products. The integration was really seamless and I have wide visibility because it picks up almost everything. Literally, I can see almost every activity that happens, from the email to the workstation itself. It's a really awesome product in terms of giving me visibility into what's happening with the endpoints in my corporate environment.

On the investigation console, it shows the form of attack vectors that I may be exposed to and it prioritizes things based on the risk factor. I know what to give priority to when it comes to remediation and prevention.

In addition to Microsoft Defender for Office 365, we use Sentinel and ATP. They are all integrated. I wouldn't be the best person to speak about the integration process itself because I had huge assistance with that aspect. But I'm assuming it was not too tough because that part of the project was pretty quick. It's all license-based, so it's not that difficult.

These products work together, natively, to deliver detection and response in a coordinated way. Whatever is reflected in one of them can be seen through evidence in the other tools. For example, if there's an email threat in an attachment and it is downloaded, Defender continues to pick up the trail from there and resolves the threat.

One aspect of Sentinel that is very important is that it enables us to ingest data from our entire ecosystem. Sentinel is like having built-in AI that analyzes everything that goes on in the environment. The feedback from Sentinel is very important, so it's very important that it has 100% visibility into the environment. It helps us to make a lot of logical decisions.

Sentinel also helps us to investigate threats and respond in an integrated way from one spot. That is important because the speed at which you respond to a threat is very important. The longer you take, the harder the threat will be to dissolve. The quicker the response, the better it is when it comes to remediating the attack or undoing the damage, and keeping downtime to a minimum.

And the AI technology of Sentinel has helped to automate finding high-risk alerts. The alerts are prioritized based on the risk factor.

We recently implemented Microsoft Defender for Office 365 and have been using it for about two months.

It's pretty stable. There's nothing on-prem except for the agents. They are the only thing you have to worry about. Everything else is in the cloud, so you don't have the responsibility of downtime when it comes to security.

One area for improvement is support, in terms of being able to reach them and, especially, technical support for configuration.

Neutral

The solution could be better by simplifying the business model of their licensing. It was hard to figure out how to get the licensing done for the environment, initially. That was the only hiccup we had when we enrolled with Microsoft for security.

We tried Cybereason and SimplySecure. We also tried SentinelOne and it was really good. The reason we chose to go with Microsoft was the added features for securing our email tenant.

Sentinel is pretty cost-effective compared to other solutions because, with Microsoft, we get multiple products for a holistic, cheaper subscription price. The things we would have to purchase from different vendors are the things that Microsoft gives us all in one. Instead of paying Splunk for a SIEM, and paying Fortinet for EDR, we can have a subscription-based solution at a cheaper rate from Microsoft, which is an all-in-one solution.

They really keep up to date with the definitions and upcoming threats that are out there and are doing a pretty good job of defending us, in comparison to other products. They're really catching on. Before, I wasn't a Microsoft person, but I'm slowly getting there because these products have really assisted me of late. They have given me a lot of perspectives on security in general.

It's a good solution for enrolling all your devices. You can have Mac, Windows, and Linux in your console for security visibility. Once your alerts are configured correctly, you shouldn't be missing anything. It's really good for getting alerts to you about anything anomalous.

We mainly use it to identify software vulnerabilities. It reports all the software vulnerabilities installed in our web stations and servers.

With Defender for Office 365, we have been able to increase the security posture across our organization. Within the first month of using this product, we realized that benefit.

When it comes to software vulnerabilities, we can target them and update the software as soon as we see that there is a vulnerability. And then we can make sure that they are updated and check that the update process was successful within a different department. That has really helped us improve our productivity.

The solution saves us time because we don't have to go here and there to identify things. It's a single portal that has all the details we need. Their support is also good. These features have, again, helped us improve our productivity a lot. It saves us about 25 percent of our time.

It has also saved us money because we don't have to pay for other security products like Nessus. This solution has almost everything we got from other products, so we don't have to go for an additional solution. It's saving us about 50 percent, cost-wise.

Our time to detect threats has decreased. With products like Nessus, until their scan runs, we are not aware whether a threat is fixed or not. But with Defender, within one to two hours that information is reflected. With Nessus, sometimes we had to wait a day to see that information reflected in the portal. Because we are aware of issues earlier, we can act on them sooner.

The most valuable feature is the score. By looking at the score, you can identify if you are at risk or not.

It also gives the vulnerability status according to the versions you have selected. Let's say you have Google Chrome. It mentions the versions it has, and it updates. Within two hours of an update, it is reflected in the dashboard. That's really nice to have.

It gives me everything I need, visibility-wise. It also helps prioritize threats across our enterprise and that's very important. That means we can identify the critical vulnerabilities first and keep an eye on other vulnerabilities. By looking at the dashboard, I immediately get an idea of how critical an issue is and we can fix vulnerabilities before they result in an attack.

It has also helped eliminate looking at multiple dashboards, giving us one XDR dashboard, which has made our security operations really easy. We can also create internal tickets within the portal itself. We can assign them to people and see how long it took them to close the tickets. That makes things really easy.

In one of the reports, I can get the exact place where a vulnerable file resides. But for that, I need to explicitly go into the device and check. If they could include that file part in the report, without my having to go to the device itself, that would help.

I have been using Microsoft Defender for Office 365 for about two years.

It is stable.

There are bugs here and there, but they have been able to rectify them.

It's scalable. It discovers almost all of the workstations and servers across our organization. We have about 3,000 endpoints.

Whenever we ask a question, they provide us with a solution. I'm happy with their technical support.

Positive

We previously used Nessus. We switched mainly because of the cost and the integration. With Nessus, we had to install an agent, but with Defender, since we were already using it, we could just turn it on with the cloud portal and deploy it very easily.

I wasn't involved in the initial setup, but in terms of maintenance, we push it through Windows Update so we don't have to explicitly do any updates.

I would recommend Microsoft Defender for Office 365. 

If you already have a deployment method, like CCM or something similar, it will be easy. Even if not, there are several other deployment methods that could support any scenario.

We already had an Office subscription, so we just started a trial and we were happy with it and we went with it.

In terms of a best-of-breed strategy rather than a single vendor security suite, a single vendor security suite is good when it comes to deployment and manageability. It's easy.

I use it for investigating incidents.

It has helped eliminate looking at multiple dashboards, which is very useful. During the investigation of incidents, it helps in making reports.

It has saved me time and my nerves. It has also likely saved us money by blocking unexpected threats. It has also definitely decreased our time to detection and time to respond. 

I like its investigation capabilities, as that is what is most important to me. It is fairly simple with a user-friendly interface. 

Also, all Microsoft products can be used with each other, as opposed to other vendors' products that cannot be used with each other.

They have moved features from one console to another. Things have been moved around in the interface and it takes me time to find where certain features are. 

I've been working with Microsoft 365 for two years.

It's a stable solution. I have only had one serious incident, a few months ago, when Microsoft wrote that there were some difficulties with networking.

It's scalable and this is important. I have had clients with 10 to 20 users and others with a few thousand.

Unfortunately, support has become difficult. Very often I get a hyperlink from Microsoft as an answer, but I only submit requests after I have read all the information that is available. My questions are not simple. In the past, I would have rated their support a nine or 10 out of 10, but now it's a seven.

Neutral

I used ESET and Fortinet at my previous companies. 

Our deployments are on private cloud, hybrid, and on-premises. Deployment time depends on the tasks involved. Some are done in a few days and others can take six weeks.

The initial setup can be straightforward or complex. For one client, due to authentication methods, some users couldn't access their old clients.

One problem is its pricing because I was working in the government and it was too expensive for us to use our Microsoft products.

For protection, I like Microsoft Defender for Office 365 and ESET in this price range.

We use Microsoft Defender for Office 365 for email security. We are partners of Microsoft and I'm the company's chief operation security officer. 

The deployment capability is a great feature. We're able to activate this feature throughout France with a click.

I'd like to see fewer false positives and potentially have an accurate capability to detect malicious SharePoint sites. There could also be an improvement in some of the features related to training. In a phishing test campaign, for example, it should be more user-friendly and include the capability to evaluate and assess users' understanding of the content provided. 

I've been using this solution for several years. 

The customer support could be more advanced at the technical level and more responsive. There should also be more communication on updates.

We previously had some reinforced email security features with Microsoft; this is just an improvement on what we had.

This is quite an expensive solution and understanding the pricing model and features is quite complicated and it can, in fact, be a nightmare when dealing with Microsoft.

We reviewed several on-premise solutions such as Forcepoint that could be integrated with other components within our infrastructure. The reason we didn't go with them is that we have to respond quickly to threats and at an international level. Given the complexity of our situation in terms of architecture, we decided to go with a ready-to-use solution.

We haven't had a review recently, so I can't say that this is the best solution on the market. Things are evolving all the time with new features constantly being added to all solutions. For now, I would rate this solution seven out of 10. 

We use it for detecting any kind of breach or intrusion. It is not enabled for everyone because we have our own antivirus.

It has helped us in improving our security posture. It detects any kind of attack or abnormal behavior in accessing the system and sends an alert to the administrator who can check, understand, and review on time to ensure that all activities are legit.

It blocks all known threats immediately and sends alerts to follow up. It is not used on all devices. On the devices on which it is being used, it has improved the security by 80%.

It has improved our security awareness. It helped us in understanding the weaknesses in our configuration that needed to be fixed to avoid any kind of breach. It has increased our security level and mitigated the risk of being compromised.

The risk level notifications are most valuable. We get to know what kind of intrusion or attack is there, and we can fix a problem on time.

The visibility for the weaknesses in the system and unauthorized access can be improved.

Its price should be improved. Its cost is a major concern for us.

We started using it in 2019.

Its stability is good.

Its scalability is good. It is able to leverage more and more functions, which is essential because cybersecurity threats are increasing nowadays.

Initially, we had only 10 users, and currently, most of the users are switching to another platform. We only have one user, and only the system administrator is managing it.

I didn't need any tech support because the documentation and the procedures are simple and easy to understand.

We have Symantec Endpoint Protection, and we also use Sophos. We are using Defender only on our Azure system because it is a suitable tool for the Microsoft environment.

Its initial setup is straightforward. Because it is cloud-based, when we assign the license for Office 365, it can be automatically deployed from the console. Because the number was small, we manually installed it on each device one by one. Its deployment requires minimal staff. Depending on the connectivity, it can take about 30 minutes for each device.

We have not seen an ROI yet.

Defender is a little bit more expensive as compared to others. We are in the manufacturing environment. So, we don't have a high budget for all of our endpoint devices. Its cost is a major concern for us.

It is a good product, but its price is the most critical point for consideration. In terms of technology and capability, I would rate Microsoft Defender an eight out of 10.

We primarily use the solution for security purposes. 

Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect our organization against unknown malware and viruses by providing robust zero-day protection and includes features to safeguard our organization from harmful links in real-time. Defender for Office 365 has rich reporting and URL trace capabilities that give us (administrators) insight into the kind of attacks happening in our organization. We can discover how Defender for Office 365 can help in define protection policies, analyze threats to our organization, and respond to attacks.

Defender for Office 365 can help your organization configure policies, analyze threats to your organization and respond to attacks.  It is important to note that there are different levels of protection and capabilities depending upon which version of Office365 license you have. The best features we found most valuable are Forwarding Report, Safe Attachment Files Types, Treat Protection Status, Malware Detected in Email, URL Threat Protection and many more.

The custom alerts have to improve a lot. Though the system is very good, we have to go and check inside the admin panel to look at all kinds of reports. We won't get any mail alerts that highlight for us, for example, "today this many of spam attacks have happened". Or "these many emails have been blocked." We have to manually go into the admin panel and have to check it out. It would be nice if there are custom email notifications/alerts.

Right now, there are additional features such as mobile device management and data loss prevention, or eDiscovery (where the admin scans through the inboxes and see all your mail and notes any deviation) that are only currently available under the E5 license. You can't get these services as part of a base plan. In the future, it would be nice if they were added as part of the base plan as well.  

We've been using the solution for two years at this point. 

In terms of Scalability, Microsoft has heavily invested in scalability and security of its Microsoft 365 platform in the last few years.

Since it is a cloud based solution, at any point of time we can upgrade the number of users without any hassle and there is no user cap limit.

Currently, we have 350 users at this time.

The technical support is good. However, for us, personally, we didn't had any serious issues to contact with the technical support team as most of the errors or issues we faced we easily resolved from documentation from Microsoft website. 

We have been using Fortinet Mail however, later on, we went with the Office 365 Email Protection Plan. The main reason for switching is before we were using G-Suite from google for emailing solution and later on we shifted to Office 365 and the Defender is an inbuilt feature provided by microsoft.

The initial setup is so easy and the Microsoft Help Center is available to assist as necessary. In our case, we just went through the documentation which was provided on the Microsoft website and based on the document, we were able to easily configure it.

We implemented it in-house and no support was taken from vendor. Everything is in the documentation of Microsoft Website.

The pricing is pretty good and was a major factor in choosing it. The pricing is reasonable when compared with Cisco or some other products.

If it is an IT company, the budget allocation will be more and focused on the IT part. However, when it comes to a manufacturing company, the budget focus will be more on manufacturing and the budget allocation will be very low in terms of IT. 

For us Office 365 was better in terms of Pricing.

Before choosing this solution, we had evaluated Cisco. I just visited your site and I just downloaded that datasheet. I compared it to Office 365 Mail Protection. Both are good, however, in terms of the pricing part, Office 365 was better choice.

No matter what ever solution we take be it Google/ Cisco/ Microsoft, every one provided the same security. However there would be some features differ based on the plan/license we take.

With my personal experience, If you don't have any budget constraints go for Google or Cisco.
If you are on a low budget and if you want a solution that needs to be suitable for your business, then you can go for Microsoft.

I'd rate the solution at an eight out of ten.

This solution is a mixed product. It can be used for email security and for information protection which is basically data loss prevention. Many people do this type of setup for DLP, but it is under Microsoft's naming convention, they call it Microsoft Information Protection(MIP).

It definitely is a must for email protection and O365 app DLP.  Combined with Microsoft Defender for Endpoint, Microsoft Defender for Identity, and MCAS, it provides a holistic solution for threat protection, email protection, O365 apps protection, and DLP for both internal and external risks.

Some of the valuable features on the email side are anti-phishing, anti-malware, and Safe Links. Anything that has the word "safe" in it is essentially made to defend against the common email vulnerabilities that you would see in similar products. Without these features, it does not have nearly the capabilities. 

On the information protection side, the best features are probably the data loss prevention policies that cover the whole suite of Office 365 applications. I will explain it a little more, from an information protection standpoint, Defender for Office 365, does strictly apply to the Office apps, but that is where it can get confusing because it can do more. It works with MIP, and MIP can be part of a SKU in the M365, particularly the E5 SKU or equivalent. It can protect and prevent data loss of data wherever it operates. It does not matter where it operates, it can be in a different cloud service, on-premises, in Office, a SaaS application, or even It could be your own applications that you have developed. Defender for Office 365 helps with the loss prevention for Office 365 applications.

There needs to be an improvement in having the product work across multiple operating systems and have better support for non-Microsoft file types.

Defender for Office 365 handles the Microsoft supported file types, but MIP is limited. This solution does what it needs to do, but it does not go to the depth of if it was working with MIP, a holistic information protection system. It does not support all the file types an organization might use. For example, AutoCAD B1 for manufacturing or defence-oriented companies, they have to add a third-party add-on, or you would have to create the extensibility.

In an upcoming release, there should be business continuity features added. Proofpoint solution addresses what happens if you have an outage. If your tenant or your SaaS application is not available, there is no continuity right now with this solution. 

I have been using the solution for approximately 6 months.

Generally, it is stable with a good SLA.  Still there can be outages in either O365 or Azure AD but they are rare.  That is where Proofpoint adds a BC/DR feature that is lacking with O365 Exchange Online.

It is a scalable solution. We have deployed it to several hundred thousand people, and it scaled fine. There are different considerations that need to be made before the solution can scale properly. For example, If I am in a hybrid environment, my connection to the cloud is 100 MB, and I have got 100,000 users, that connection bandwidth is not going to work. As long as people know that there are certain adjustments that are needed to scale, then it will scale properly.

Another example, if it is a Multi-GEO spread across the globe, you are only as good as your network backbone or what you pay for your network backbone, this is the case in many clouds. If you are using a hybrid setup, it is the same situation, you need to figure out how to regionalize things and then have adequate bandwidth. There are techniques to use that makes sure you are using the shortest path to the cloud from each region. If you do not pay attention to all of these considerations when attempting to scale the product you are not going to have a good experience.

Microsoft does a very good job of having information available for customers such as documentation and online videos. The problem is wading into every consideration that you have to have, such as, is the network sufficient, or evaluating the different setup scenario types where it could get really complicated. For example, having a Multi-GEO setup, what is the impact of a network on the performance. There are scenarios where it can get difficult, where a company acquires another company and they both are in separate Active Directory force and a lot of them at times, they do not know the order of how to do things. The complication of supported models between how you do identity and some of them do not even know how to do enterprise architecture or the difference between enterprise architecture and solution architecture. You could run into best practices not being followed and have to re-engineer everything, I have run into all kinds of scenarios.

Generally, the only problem with the documentation is it is hard for people to put all the information together, there can be a lot of information. Microsoft support is only as good as their documentation, and their documentation is currently behind. Since Ignite 2020, all the announcements came out of that and the documentation still has not caught up. We are now at Ignite 2021. 

A lot of these technical support agents just read a script. However, it depends on which level you are talking about. If you get entry-level support and then you are moving up the ladder, it could take time to get the information you are seeking for a resolution. If you get the right support person then you are good, but if not then you could be going around in circles for a while before you are able to resolve your issue.

At GuidePoint Security we are paid consultant therefore work within the requirements of customers.  Some customers understand the holistic Microsoft XDR and information protection solutions and how they integrate together to send signals to a SIEM/SOAR product for incident discovery and remediation.  Others use a mixed bag of products from CrowdStrike, Symantec, etc. on endpoints, may use a third-party CASB product i.e. Netskope which combined with Netskope's Secure Web Proxy forms their SASE solution.

The installation can be easy in SMB but there can be some difficult challenges in large enterprises.  Typically it is companies going through mergers, etc.

Full deployment can have challenges, but it is all depending on your organization's usage. For example, organizations that have to be in the government cloud and where they have both US and non-US citizens. In the government cloud, friendly nations can participate in the government cloud and there are some that definitely cannot. There could be many that cannot be allowed. For example, If there were two that could not be allowed, those two clouds have to be separated completely. They cannot communicate with each other whatsoever. That is a little bit of a problem for some organizations. What if I have a subsidiary in Australia that says, "No, I do not want to be in the government cloud." how are you going to handle the fact that all your US subsidiaries have agreed to go into the government cloud and the Australian one is sitting out saying "no". You then now have to treat these separately like they are two separate organizations.

We have received a good return on investment with this solution, it does what it is supposed to do. Particularly from the email and information protection perspective, it does a very good job, but it could be better.

Microsoft licensing should include Microsoft Defender for O365 in their E3 and E5 licenses.  Currently it is all or nothing unless you purchase an add-on which we advise enterprise customers to do.

I have evaluated Proofpoint in the past which has continuity features that this solution is lacking.

The solution is really good, but not perfect, nothing is. They have done a very good job, they just have a little ways to go. The way their documentation is constructed, connecting the dots holistically is something people find hard and that is the reason they call people like me because I know how to connect the dots.

I rate Microsoft Defender for Office 365 a nine out of ten.

We use Microsoft Defender for Office 365 for our external developers. 

The tool offers the best experience to meet international contractors. 

Microsoft Defender for Office 365 helps people to work remotely. It is a secure solution. We don't need to use our company's computers or get VPN connections to the networks. I can control how they share screens and what they send to the devices. It keeps our organizations confidential and sensitive information safe. 

Microsoft Defender for Office 365 is scalable. 

Microsoft Defender for Office 365's deployment is straightforward. 

The product is expensive. 

The flexible tool helps hide windows from people trying to control the PC's remote. I rate it a seven out of ten.