Microsoft Defender for Office 365 Reviews

We use it to monitor user behavior and activity. It also gives us analytics to protect the user identities and extensions stored in Active Directory. For one of the instances that we are managing, we have to sync it with Active Directory and protect user identity.

It is a basic SecOps tool. It has not increased or improved anything specifically for our organization, but I see it as a must-have for security ops.

It can help automate routine tasks and finding of high-value alerts. Our security operations are not very high-volume, but from the angle of process efficiency, it is definitely a very beneficial product.

Defender for Office 365 has helped eliminate having to look at multiple dashboards and that is the aspect I like most about it. It is simpler, effective, and convenient. The users like the process efficiency.

And there are a couple of aspects, time-wise. One is that the documentation makes everything so easy that we were able to understand it without much external support. The second is how it automates the process and gives everything in one console. It is helping us with process efficiency. I would estimate it is saving us 10 to 15 man-hours per month. But it is more an issue of process efficiency and having the right process in place. It is not for time-savings, primarily.

And it is likely to help us with our time to detect and respond, although we haven't faced one threat yet.

It's a little early to tell which features are most valuable, but by default, it gives analytics on user behavior. We have not been able to leverage it fully, but that is one of the interesting features. It's also very simple to use. The documentation has made it quite easy to implement and our team has been able to understand it.

And while we haven't had even one threat incident yet, functionality-wise, Defender for Office 365 can proactively detect threats and prevent them. It is not just a reactive mechanism.

One area for improvement is integration. For example, when it comes to external SaaS platforms, we were not able to get a lot of information on integrations with such apps for security and authentication. The awareness of ecosystem information that is provided needs to be better.

We implemented Microsoft Defender for Office 365 over the last month.

The stability of Defender for Office 365 is competitive.

It is very scalable. I've seen implementations in organizations with thousands of employees.

For us, it is being used across endpoints for all the users in our organization, and it is multi-geographic as well. We are a small organization with only 10 users.

Microsoft technical support is very good. For this particular product we have not reached out to them, but otherwise, we find Microsoft support to be quite good. 

The product itself is so good that we rarely have to raise a support ticket. The product and documentation are self-explanatory and we are able to troubleshoot things ourselves.

If we had compared it with other vendors, then I would have more to say about the cost, but we didn't. However, standalone, the cost is convenient.

We did not explore other vendors. This was a default choice for us.

We have not faced any incidents so we are not able to comment on how well it handles them. But in our organization, we are using basic antivirus software and that aspect is covered in that solution as well. It also has functionality for prioritizing threats but we have not implemented it.

The solution does not require much maintenance. There is the setup and it is mainly a matter of monitoring after that.

When you consider a best-of-breed strategy versus a single vendor's security suite, I prefer a single vendor because of the failure points. If there are interconnected failure points, there is a single vendor to work with to fix them and identify the gaps. And when it is within the same ecosystem, the product releases are compatible with each other and, together, give us more value. While a multi-vendor strategy has its benefits, if we stick to a single vendor for the entire stack, it is a better scenario in which to manage and monitor.

If you're using Office 365, Defender for Office 365 is the default primary choice. There are no shortcomings in it, that I have seen, that should make someone look for an alternate solution. It is the default choice for this particular use case and it serves its purpose.

We are using Microsoft Defender for Office 365 to defend against computer threats.

The most valuable feature of Microsoft Defender for Office 365 is the ease of use.

Microsoft Defender for Office 365 could improve by giving customers information on techniques to prevent threats. For example, information about best practices on how to protect their own devices against hackers and scammers, such as educational information or training. This would help others have a better understanding of cyber security. Additionally, there can be more security features added.

I have been using Microsoft Defender for Office 365 for approximately five years.

Microsoft Defender for Office 365 is a stable solution.

The solution is scalable in my usage.

I have not used the technical support from Microsoft. I managed to fix any issues I had myself.

The implementation is simple and Microsoft Defender for Office 365 because it comes with Microsoft Windows, works as soon as the computer is on. 

Microsoft Defender for Office 365 comes with Microsoft Windows. It is free with the operating system.

I rate Microsoft Defender for Office 365 a seven out of ten.

We use Microsoft Defender for Office 365 for email security. We are partners of Microsoft and I'm the company's chief operation security officer. 

The deployment capability is a great feature. We're able to activate this feature throughout France with a click.

I'd like to see fewer false positives and potentially have an accurate capability to detect malicious SharePoint sites. There could also be an improvement in some of the features related to training. In a phishing test campaign, for example, it should be more user-friendly and include the capability to evaluate and assess users' understanding of the content provided. 

I've been using this solution for several years. 

The customer support could be more advanced at the technical level and more responsive. There should also be more communication on updates.

We previously had some reinforced email security features with Microsoft; this is just an improvement on what we had.

This is quite an expensive solution and understanding the pricing model and features is quite complicated and it can, in fact, be a nightmare when dealing with Microsoft.

We reviewed several on-premise solutions such as Forcepoint that could be integrated with other components within our infrastructure. The reason we didn't go with them is that we have to respond quickly to threats and at an international level. Given the complexity of our situation in terms of architecture, we decided to go with a ready-to-use solution.

We haven't had a review recently, so I can't say that this is the best solution on the market. Things are evolving all the time with new features constantly being added to all solutions. For now, I would rate this solution seven out of 10. 

We are using Defender to protect different kinds of attachments, emails, and safe links, and things like that.

The basic features are okay and I'm satisfied with the Defender.

The initial setup is pretty simple. It's easy to configure.

Microsoft products are always easy to use.

The solution has been stable and reliable. 

I was looking for some advanced features, like if I would receive an email that contains a legitimate file type, but the content is malicious, how I can protect against that? Normally, we are dealing with so many phishing and spam emails. I'd like some additional features any product can give me to protect our environment in a better way. 

There is always a chance to continue to improve the product in some way.

We've been using the solution since 2015. It's been a few years now. 

Microsoft so far and been good. We haven't faced any kind of disruption or anything else. It's a good product and good platform, I must say. Overall, it's a good product and good service and we haven't dealt with bugs or glitches.

It's scalable. It's software as a service, so it's always scalable. You have to just purchase the additional licenses and you can increase your database. It's nothing that would be considered too difficult.

They offer different kinds of support levels. If you have the Premier Support contract with Microsoft you're good. If you have purchased a good support level agreement with Microsoft, then their support is very fantastic. We never faced any kind of issue. The engineer is always available when we create the ticket and the support is good. Due to the fact that we are a big organization, we have a support level agreement with the Microsoft.

Earlier, we were using the on-prem solution of Exchange, then we migrated to the cloud, so we cannot just compare the feature set and the price of Defender with any other security software, email security software.

The initial implementation is not very difficult. Microsoft products are always very easy to configure and use. It's not a big deal. It's the philosophy of Microsoft to make it easy for the users. That's why they always attract the users and users happily migrate to them as compared to using any other product or any other service.

I haven't actually evaluated the cost against other products. For example, it's bundled with the licenses that we have procured, so everything is included in that. We haven't purchased the Defender separately. 

We cannot just say that it's a product which is costly as compared to the other products available in the market or not, as it's a bundled offer. We can calculate the price of one license or an Office 365 license with any other cloud service partner's license cost, however, we cannot just compare the price of any specific feature with the services available in the market.

We are not using any other product, so we are not actually in a position to compare it with other security products.

While the deployment is a hybrid model, we have migrated all the mailboxes to Office 365. We are completely running the services from the cloud.

I'd rate the solution at a seven out of ten. there's always room for improvement. 

It's a bundled offer. When we procured the licenses of Office 365, it came up under those licenses. We are not using any other product, so I cannot say or I'm not in a position to say that any other product is good or Defender is not good, as I am not using any other product. 

Our primary use case of Defender is to protect customers' emails. We use this solution for the servers being hosted on Azure. We use it mostly for the emails of Office 365 users, to secure their emails. Some customers already have other email security, complementing Office 365, but smaller customers prefer using a single solution to protect their emails. 

This solution is cloud-based. 

The most valuable feature is the integration. It's a single console, so we don't have to switch around between multiple products. Another valuable feature is the ease of operations and maintenance. 

This product's effectiveness could be improved, in terms of detecting unwanted spam or even malware between the emails, compared to other products. 

We have been using this solution for almost a year, just in 2021. 

The technical support's response is very good. If you have Premier Support, they can respond within 15 minutes. In terms of their technical team, it's very good as well. 

The installation is a key feature, since it's a single product within Microsoft. It's integrated with Office 365, so it's very easy to install. You only need one person for deployment and maintenance—the administrator, which is usually either from the security team or email administrator team. 

We implemented this solution ourselves. 

For licensing, it's usually a yearly package for customers who are subscribed to Office 365, but they can also pay on a monthly basis. 

Some of our customers have IronPort or Trend Micro and prefer to use these solutions, complementing Office 365. 

I rate Defender a seven out of ten because it's easy to operate and maintain, but it could be improved by spam and phishing detection. 

Safe attachments, safe links, policies, and the ability to protect from zero-day threats are the most valuable features.

In some situations, it has not been able to pick impersonated emails having no attachments. Technical support definitely has a scope for improvement.

I have been using this solution for the last one year. I have its latest version.

It is stable. We didn't find any issues with that.

It is highly scalable. We have deployed for around 7,000 accounts.  Performance is not impacted.

Their technical support can definitely be improved. They can avoid using templatized response.

We had basic Exchange Online Protection. 

It was easy to configure and with one/two skilled the ongoing maintenance can be handled. 

It has a simple interface to configure and manage. From the pricing point of view, like any other product in the market, there is scope for negotiation. 

Before we chose to settle with this product, we experimented with Cisco, Forcepoint, etc.

I would advise others to do a proof of concept for at least a month before taking a decision.

I would rate Microsoft Defender for Office 365 a eight out of ten.

This solution is a mixed product. It can be used for email security and for information protection which is basically data loss prevention. Many people do this type of setup for DLP, but it is under Microsoft's naming convention, they call it Microsoft Information Protection(MIP).

It definitely is a must for email protection and O365 app DLP.  Combined with Microsoft Defender for Endpoint, Microsoft Defender for Identity, and MCAS, it provides a holistic solution for threat protection, email protection, O365 apps protection, and DLP for both internal and external risks.

Some of the valuable features on the email side are anti-phishing, anti-malware, and Safe Links. Anything that has the word "safe" in it is essentially made to defend against the common email vulnerabilities that you would see in similar products. Without these features, it does not have nearly the capabilities. 

On the information protection side, the best features are probably the data loss prevention policies that cover the whole suite of Office 365 applications. I will explain it a little more, from an information protection standpoint, Defender for Office 365, does strictly apply to the Office apps, but that is where it can get confusing because it can do more. It works with MIP, and MIP can be part of a SKU in the M365, particularly the E5 SKU or equivalent. It can protect and prevent data loss of data wherever it operates. It does not matter where it operates, it can be in a different cloud service, on-premises, in Office, a SaaS application, or even It could be your own applications that you have developed. Defender for Office 365 helps with the loss prevention for Office 365 applications.

There needs to be an improvement in having the product work across multiple operating systems and have better support for non-Microsoft file types.

Defender for Office 365 handles the Microsoft supported file types, but MIP is limited. This solution does what it needs to do, but it does not go to the depth of if it was working with MIP, a holistic information protection system. It does not support all the file types an organization might use. For example, AutoCAD B1 for manufacturing or defence-oriented companies, they have to add a third-party add-on, or you would have to create the extensibility.

In an upcoming release, there should be business continuity features added. Proofpoint solution addresses what happens if you have an outage. If your tenant or your SaaS application is not available, there is no continuity right now with this solution. 

I have been using the solution for approximately 6 months.

Generally, it is stable with a good SLA.  Still there can be outages in either O365 or Azure AD but they are rare.  That is where Proofpoint adds a BC/DR feature that is lacking with O365 Exchange Online.

It is a scalable solution. We have deployed it to several hundred thousand people, and it scaled fine. There are different considerations that need to be made before the solution can scale properly. For example, If I am in a hybrid environment, my connection to the cloud is 100 MB, and I have got 100,000 users, that connection bandwidth is not going to work. As long as people know that there are certain adjustments that are needed to scale, then it will scale properly.

Another example, if it is a Multi-GEO spread across the globe, you are only as good as your network backbone or what you pay for your network backbone, this is the case in many clouds. If you are using a hybrid setup, it is the same situation, you need to figure out how to regionalize things and then have adequate bandwidth. There are techniques to use that makes sure you are using the shortest path to the cloud from each region. If you do not pay attention to all of these considerations when attempting to scale the product you are not going to have a good experience.

Microsoft does a very good job of having information available for customers such as documentation and online videos. The problem is wading into every consideration that you have to have, such as, is the network sufficient, or evaluating the different setup scenario types where it could get really complicated. For example, having a Multi-GEO setup, what is the impact of a network on the performance. There are scenarios where it can get difficult, where a company acquires another company and they both are in separate Active Directory force and a lot of them at times, they do not know the order of how to do things. The complication of supported models between how you do identity and some of them do not even know how to do enterprise architecture or the difference between enterprise architecture and solution architecture. You could run into best practices not being followed and have to re-engineer everything, I have run into all kinds of scenarios.

Generally, the only problem with the documentation is it is hard for people to put all the information together, there can be a lot of information. Microsoft support is only as good as their documentation, and their documentation is currently behind. Since Ignite 2020, all the announcements came out of that and the documentation still has not caught up. We are now at Ignite 2021. 

A lot of these technical support agents just read a script. However, it depends on which level you are talking about. If you get entry-level support and then you are moving up the ladder, it could take time to get the information you are seeking for a resolution. If you get the right support person then you are good, but if not then you could be going around in circles for a while before you are able to resolve your issue.

At GuidePoint Security we are paid consultant therefore work within the requirements of customers.  Some customers understand the holistic Microsoft XDR and information protection solutions and how they integrate together to send signals to a SIEM/SOAR product for incident discovery and remediation.  Others use a mixed bag of products from CrowdStrike, Symantec, etc. on endpoints, may use a third-party CASB product i.e. Netskope which combined with Netskope's Secure Web Proxy forms their SASE solution.

The installation can be easy in SMB but there can be some difficult challenges in large enterprises.  Typically it is companies going through mergers, etc.

Full deployment can have challenges, but it is all depending on your organization's usage. For example, organizations that have to be in the government cloud and where they have both US and non-US citizens. In the government cloud, friendly nations can participate in the government cloud and there are some that definitely cannot. There could be many that cannot be allowed. For example, If there were two that could not be allowed, those two clouds have to be separated completely. They cannot communicate with each other whatsoever. That is a little bit of a problem for some organizations. What if I have a subsidiary in Australia that says, "No, I do not want to be in the government cloud." how are you going to handle the fact that all your US subsidiaries have agreed to go into the government cloud and the Australian one is sitting out saying "no". You then now have to treat these separately like they are two separate organizations.

We have received a good return on investment with this solution, it does what it is supposed to do. Particularly from the email and information protection perspective, it does a very good job, but it could be better.

Microsoft licensing should include Microsoft Defender for O365 in their E3 and E5 licenses.  Currently it is all or nothing unless you purchase an add-on which we advise enterprise customers to do.

I have evaluated Proofpoint in the past which has continuity features that this solution is lacking.

The solution is really good, but not perfect, nothing is. They have done a very good job, they just have a little ways to go. The way their documentation is constructed, connecting the dots holistically is something people find hard and that is the reason they call people like me because I know how to connect the dots.

I rate Microsoft Defender for Office 365 a nine out of ten.

We are always looking for others tools to increase automation on tasks. There can be better integration with other solutions, such as PowerPoint and email.

I have been using Microsoft Defender for Office 365 for approximately five years.

Microsoft Defender for Office 365 is a stable solution.

We have approximately 10 people using the solution.

We might increase usage of the solution depending on the market.

We only have had one or two problems over the past two years.

The initial setup was not complicated.

There was no need for help for the implementation, we did it ourselves.

I rate Microsoft Defender for Office 365 a nine out of ten.