Microsoft Defender Threat Intelligence [EOL] Reviews

From a threat intelligence perspective, we use Microsoft Defender in conjunction with Azure and the cloud for our cloud-based customers. It helps us defend against various types of malicious code, whether it's through email inbounds or uploaded through USB sticks. It offers a wide range of capabilities.

Microsoft Defender is delivered in different components. One of them is the Microsoft community, where they share information about discovered malicious code, and remediation is promptly provided. This collaborative approach ensures that threats found in one country can be quickly addressed in other countries.

The global review and remediation of malicious code is probably the most valuable feature.

It's difficult to provide direct feedback to Microsoft, even as a Microsoft partner. However, the community out there supports and assists each other if that helps.

Microsoft itself is a major target for attacks and threats due to its size and popularity. That could be considered Microsoft's Achilles heel. Being the largest technology provider attracts significant threats. Microsoft is constantly fighting against threat actors trying to breach its technology. So by being the biggest, you attract the biggest threats.

I believe Microsoft could play more nicely with other IT security vendors. Currently, if you want your technology to integrate with Microsoft, you have to go through an extensive testing program to ensure compatibility with Azure. So, even the partnership program could be more efficient, allowing for smoother integration.

I've been working with it since its inception. I've been involved in IT security for over thirty years, so I've seen it evolve.

If I were to rate the stability, I would say it's around an eight. However, there are occasional outages in Microsoft 365. So, stability can vary depending on the region, and there are instances of outages.

I would give it an eight, without a doubt. It's highly scalable. Microsoft Defender can fulfill the needs of both small businesses and enterprise businesses effectively.

Directly contacting Microsoft can be quite challenging. However, there is a community platform where users can find resolutions to specific issues. Microsoft also has an extensive patching program, and Microsoft releases updates to its solutions on the first Tuesday of every month.

Positive

Microsoft Defender is comprehensive. It covers areas such as email security, local firewall, and anti-malware. It's a comprehensive solution with different components within Defender. It also supports the operating system, Windows 11. 

It's not limited to a single function. Defender encompasses various security aspects, like email security, local firewall, and anti-malware. Moreover, it's designed to work seamlessly with Windows 11.

On a scale of one to ten, where one is the most difficult and ten is the easiest, I would say it's around a seven or eight. No software is perfect, including Microsoft.

Most organizations are moving to the cloud now, so the majority of deployments are in the cloud. However, we don't provide extensive support for that. The deployment depends on how the customer wants to set it up. A lot of it is in the private cloud, but it is essentially in public areas. It's a combination of both.

The deployment process can vary, but on average, it can take anywhere from two to twenty-four hours, depending on the tenant and whether it's a single or multiple tenancy setup. So, it depends on the specific circumstances.

Considering Microsoft is constantly changing licensing, I would give it a seven out of ten. It can be difficult to get your head around it, especially for small to medium-sized enterprises (SMEs) like most of my clients. We typically deal with E3 licensing rather than the larger corporate E5 licensing.

So, the pricing is subject to changes, and it can be complex, especially for SMEs. It's traditionally based on E3 licensing for our clients.

I wouldn't always advise my clients to exclusively rely on Microsoft products. However, they should derive maximum benefits from the licensing they pay for. For example, you can't simply purchase Defender on its own because it's bundled with the operating system. So, that question loses some relevance since you already have it regardless of choice. So, the value of Defender is already included with the operating system, and users don't have the option to choose whether to have it or not.

However, you can explore other solutions to enhance the security of Windows 11 or Windows 10, such as cloud-based options. But I would suggest making the most out of Defender. If you encounter any limitations, then you can consider other technologies to fill those gaps. So, it's about maximizing the potential of Defender and, if necessary, supplementing it with additional technologies.

You have the option to bolster the security of your Windows system with other solutions if needed, but Defender should be your primary focus.

Overall, I would rate it an eight out of ten because it is bundled with Windows OS. However, it doesn't cover all threats, and it remains a target for threat actors. So, depending on your business needs and the specific areas where Defender falls short in delivering effective security, you may need to supplement it with other technologies to strengthen your overall security position.

We've used it in many different scenarios, including enterprise and SMB - all kinds of different situations.

It really depends on how people want to receive their threat intel. Most people want to keep it in Microsoft using the Defender console. Some people just ask to fill in Sentinel and integrate it with Azure Sentinel. Some people want those events going into their SIM. We've had all of the above use cases.

One of the most valuable aspects is that Defender is a native Microsoft solution. 

You own your own data. With CrowdStrike and Rapid7, and other products, your log data leaves your tenant, it goes into their system, and they produce the analysis on their technology. Therefore, although you're running the agent instead of giving them the signals, you're really giving up a lot of your data for their own personal gain. Defender's biggest competitive advantage is that your data stays within your tenant, and you own it.

It naturally keeps getting better and better. They have a very transparent roadmap for the product. We don't have any concerns or complaints. Defender exceeds expectations, especially for someone who's flipping from CrowdStrike or Falcon XR. This is night and day.

We have Microsoft bias. We generally don't have any significant negative feedback or improvement points around Defender, EDR and CMDR platforms. It does a good job across the board. 

The price point is something they can improve slightly for those who don't have an M 365 E5. I believe it's a $2.80 cents add-on. In Canadian, that's expensive. If they can drop it to a dollar, for those who don't have M 365 E5, they're going to open up market share and increase affordability for an entire market segment in the medium business category. Other than that, we have no major negative feedback.

We've been a security company since 2007. Since the day Defender was born, we've been dealing with it.

I have not met a more stable product before.

The clients we deal with are big, many with 33,000 to 50,000 endpoints.

It is fantastically scalable. 

We're a premier partner with premier support and we're a Premier Gold Partner. We bought Microsoft Premier Support. We have zero complaints. We pick up the phone a hundred percent of the time and get the help we need.

We've dealt with solutions such as CrowdStrike and Rapid7.

You need to have a partner install it. Microsoft is a partner-to-partner-driven ecosystem. It is complex. You need depth and knowledge of understanding of security, as well as Microsoft technology. It's not something you can right-click, install, and go next, next, next, and it just works. And nor should any security product be that way. If you don't know what you're doing, you shouldn't be installing it.

It requires a proper design, and it requires a proper thought process before you can just roll it out.

You have to have a proper implementation strategy and a backup plan. Typically, we like to use SCCM or Intune to push and manage deployments with proper scripts since we're usually uninstalling a Carbon Black or a McAfee or a Symantec while we're putting in Defender. And we're touching servers and users, so we want to minimize the number of times we touch these things. The more times you touch a server, the chances are you will run into a problem. So we like to group our uninstall and install scripts, reboot all at once, and streamline the installation. 

There's a lot of testing that goes on. In an organization with 50,000 endpoints, we're testing 5,000 devices before rolling anything out. The rollout is scheduled. It's complicated. It happens at night. There's a batch. You do them in batches as you don't want to go straight at it. We will turn it on for 5,000 things at the same time. The average implementation for a 200-user company should take between three to four months.

The beauty of Microsoft, if you have a Microsoft environment, is you just need Microsoft people to maintain it. Your existing IT department can keep the product up to date with Patch Tuesday. There is not an out-of-cycle update required. That's what I keep driving home to people, how many third-party products do you want to maintain, patch, secure, troubleshoot, and bug fix for? Pick one platform, put all your eggs in that basket, and do an outstanding job at securing that basket. That's what Defender helps you do.

From a client perspective,  the return on investment comes by streamlining on one platform like Microsoft. By eliminating third-party platforms, you save about 62% on your technology or your security budget. Then you also broaden the depth of your security intelligence since Microsoft is the only system with 1.3 trillion security signals daily. You're getting a more comprehensive threat intel, plus you're getting it on a single pane of glass.

We're a Microsoft partner and reseller.

I'd rate the product ten out of ten. 

It aligns with the best practice philosophy of proper security organizations. It is cost-effective. It flattens your threat plane to a single pane of glass. It allows you to manage your environment with a standard, generally available skill set in the marketplace. Therefore, you're saving money on staffing your IT team as well. You get those savings of 62% by moving to an all-in-one Microsoft solution.

The product helps us monitor business devices for authentication and response on all endpoints, servers, passwords, and plans.

The primary value is enhanced security and efficient incident response. The integration with Microsoft infrastructure provides a seamless experience.

The product's ease of deployment is a major advantage, as it integrates seamlessly with our existing systems. The dashboard and backend profile provide comprehensive visibility into user activities and potential threats. Additionally, the product offers valuable security insights and advice on areas for improvement.

There could be a better notification system. Currently, the user sees an icon, but it would be beneficial to have messages prompting them to contact IT immediately or take their device offline if necessary.

I would like to see more system automation actions, such as user-initiated tests or more proactive alerts.

I have been using Microsoft Threat Intelligence for a few years now. 

The product is stable. 

Scalability is quite flexible and depends on purchasing the appropriate licenses for the company.

The setup is straightforward, typically taking about 15 minutes to an hour. The system allows for smooth switching between devices, whether online or offline.

The product is a part of my Microsoft 365 subscription, so there is no additional cost. It is cost-effective.

Unless you have very complex requirements, if you are already paying for a Microsoft subscription, you should take advantage of Microsoft Defender.

I rate it a nine out of ten. 

We employ this solution within our Office 365 environment, focusing primarily on email security through features like application guard, safe attachments, and safe URLs. This setup significantly aids our cybersecurity operations, helping us mitigate various threats. The team is designing a couple of policies and will revise the usage depending on the threat.

The solution has notably improved our IT operations by facilitating seamless integration with other Microsoft tools like Intune and Azure. This integration simplifies our IT management process and enhances our overall cybersecurity framework.

The most valuable aspects are its integration capabilities with other Microsoft products like Intune, Office 365, and Azure cloud applications. The intuitive user interface and reporting are also positive features of the solution. These features provide a unified experience, making it easier for our IT team to manage and navigate between screens efficiently.

While the current setup meets our needs, Microsoft can constantly improve customization and adaptability to rapidly evolving cybersecurity threats. 

The stability of the solution also requires some improvement. 

Future releases could benefit from enhanced predictive analytics tools and deeper AI integration to better predict and mitigate potential threats.

I have been using Microsoft Defender Threat Intelligence for six months. My company has a partnership with Microsoft, giving us access to their latest security enhancements.

The solution is stable, scoring an eight out of ten, indicating a reliable performance with room for minor improvements.

Due to limited endpoints, scalability is not our primary concern currently. But as of now, the endpoints and the infrastructure we have are covered with the tools we already have. The existing setup adequately supports our needs without requiring significant scaling. Regularly, two hundred and fifty users use the solution.

We already have competent engineers on our team. While we rarely need external support or have raised a ticket, our interactions with Microsoft's customer service have generally been satisfactory, fulfilling most of our technical needs, if not all and the answers that we were seeking.

Positive

The setup was straightforward, aligning with our move towards cloud-based operations and authentication of our users and policies, thus simplifying the overall deployment process.

The solution is relatively expensive; however, our status as a gold partner provides us with several complimentary licenses, which offsets the cost.

Currently, we are only using Office 365 and Defender for Endpoint 32-bit. Previously, one from our management was a part of the trial, but not anymore. As we have layers of policies placed, they cover everything. 

Microsoft is very dynamic, and when it comes to their products, sometimes they change the licensing cost or the features. So, I think the product should have a license model. Since we read about Micorosft daily as users, we should be aware of the changes they bring. 

I rate the overall solution an eight out of ten. 

The solution is used for threat intelligence. The tool enables us to detect potential breaches and react to them proactively. Alerts are sent to our SOC team. Our SOC team investigates whether it's a positive or a negative alert. Depending on the result, a playbook is started.

The product runs so smoothly in the back end that we don't experience a hands-on. There is no performance degradation. It does what it is supposed to do. It detects what it is supposed to detect. We are happy with the tool. We didn't have an active incident for the last couple of years. The tool can proactively detect potential incidents.

The price could be improved.

I have been using the solution for five years. We've always tried to use the latest version, which the vendor recommends.

I rate the tool’s stability a ten out of ten.

I rate the tool’s scalability an eight out of ten. We have more than 10,000 users. Occasionally, we have some complaints about the performance, but those are unique cases. We have a 90% positive experience with the solution. We can manage the security with a global team of less than 30 people.

I am a technical person, and it is simple for me to handle the deployment. It is a major project. We assess the potential impact in the analysis phase. It takes a couple of months since we're a global company. We have to rely on external sources. From analysis to implementation, it took about six months to replace and implement a new security tool fully.

We are proactively detecting attacks. A few of them were real targeted attacks, and we were able to avoid them. The fact that we could deliver it to the business gives value to the product.

The price is reasonable for the quality that the tool provides. Every given product with an ecosystem has a very low price to attract customers. Once people are satisfied, the vendors tend to increase the prices. It's a closed ecosystem, and they benefit from the ecosystem. They tend to mention that the price rise is due to inflation, but we all know it's about revenue.

We evaluate several vendors and products. Microsoft Defender Threat Intelligence’s integrity with our existing ecosystem was a big benefit. We evaluated the tool with a red team/blue team approach. It was the best product evaluated by our teams.

I contact Microsoft when we have to do negotiations or technical improvements. People considering buying security tools must take their time and not rush. They must consider their business requirements and what they want to achieve. They must ensure that they have considered everything that impacts the user experience. Overall, I rate the product an eight out of ten.

At our company, we use Microsoft Defender Threat Intelligence for vulnerability management. The solution's infrastructure and overall software are improving. 

A new valuable feature from the solution allows an user to close all tickets from a single console. At our company, we are also working on the CM side to analyze the solution's behavior and we have noticed that our customers prefer to use a single console. 

A stable licensing model is absent with Microsoft Defender Threat Intelligence. Implementation of the product can be difficult if the team on the customer's end is not willing to work on pilots. 

I have been using the solution for five years. 

I am satisfied with the technical support provided for the solution. I would rate technical support an eight out of ten. 

Positive

I find the Sentinel solution, its Hunting feature, automation rules, and customization rules valuable. Our company sometimes recommends Carbon Black, CrowdStrike, and Fidelis instead of Microsoft Defender Threat Intelligence because there have been fewer security incidents. 

The product can be easily implemented for customers who are already using Microsoft Cloud. For hybrid or on-prem customers of our organization, deployment is difficult. 

With Microsoft, at our company, we have one or three-year TCO, and we have to renew the license for this solution two times per year. I am looking to integrate a CRM product from Microsoft with the solution so that the pricing is more reasonable and transparent.

At our company, we are willing to integrate multiple Microsoft solutions: EDR for infrastructure and server end, another for vulnerability, and Microsoft Defender Threat Intelligence for endpoint security, and we offer the same to our customers.

The implementation cost versus the license cost needs to be analyzed for Microsoft Defender Threat Intelligence. When some of our company's customers are not comfortable with Microsoft products, we provide them with a different option. 

Real-time threat detection usage of the solution depends upon the varying strategies and maturity of our organization's customers. At our company, we are implementing the mesh as well as cybersecurity laws. Our company is focusing on implementing observations instead of threat hunting with Microsoft Defender Threat Intelligence.  

At our company, we are offering Sentinel solutions to Tier-1 customers. The integration capabilities of the solution have improved the security posture of our customers but it also depends upon the maturity. Few of the customers of our company are using an in-house solution so they are aware of the posture and the rating. Our organization offers solutions to the customers, but often, they develop their own road map for expansion. 

The actionable insights of the solution have aided in incident response by mitigating major attacks. Our company rarely utilizes customization options for the solution, as customers can start using the product comfortably in the default configuration. For vulnerability management with Microsoft Defender Threat Intelligence, our company needs to adapt and apply the processes followed by the customer's organization; there are limited opportunities for customization.

I would recommend the product to others. But as part of our company offerings, a pilot can also be provided to the customers for comparison on the KPIs. I am satisfied with the product as it meets all the expectations on the infrastructure and security aspects. A user should choose between Microsoft Defender Threat Intelligence and other competitive products after verifying the feature expectations. 

I would overall rate the product an eight out of ten. The product can be effortlessly integrated with the existing system of cloud based customers. 

We use the product for endpoint security of machines. It includes threat detection, defining compliance rules, and governance policies. It helps us with extracting reports as well.

The platform ensures that the environment is fully protected. Its operational excellence helps us reduce resource costs. We do not need a large team to manage security. The subscription models provide monthly and short-term -plans. We can the number of items scale according to the requirements, and dynamically adjust resources during lean periods. It doesn’t require us to purchase long-term licensing plans.

The product’s most valuable feature is the ability to provide threat detection and protection simultaneously. It doesn’t require additional power for processing similar to other products.

One area where Microsoft Defender could be improved is in its support for non-Microsoft products, particularly for systems running Linux or other open-source platforms across ecosystems.

We have been using Microsoft Defender Threat Intelligence for five years.

We have 7000 Microsoft Defender Threat Intelligence users. It scales automatically depending on the requirements. It is a highly available application.

The technical support team responds immediately to the queries.

Positive

The initial setup is straightforward. It has a good amount of documentation available to refer to the steps. It is a cloud-based application and thus, easy to implement compared to an out-of-the-box version. It can be deployed on endpoint devices as well.

The product has multiple subscription models. The pricing is expensive, but it is justifiable considering the amount of threat-related information it provides.

The platform is built for threat detection and protection. It saves the environment from zero-day attacks. It offers an intermittent mechanism for new operating system updates. It can be integrated with many enterprise-grade solutions. We can build APIs and explore the logs as well.

Microsoft Defender has played a crucial role in addressing security incidents related to auditing and compliance within our organization. During audits, a common requirement is to ensure that the environment is fully patched, updated, and compliant with all necessary security measures. With Defender in place, it allows auditors direct access to relevant reports, and verify them.

I advise others to use the product if they are planning to move to a cloud environment. It gives a sufficient amount of information or threat intelligence data.

I rate it a nine out of ten.

I use Microsoft Defender Threat Intelligence at my home for its threat prevention and blocking capabilities.

I can't comment on the valuable features offered by Microsoft Defender Threat Intelligence as the PC at my home is currently used by my family while I use my office laptop.

In Microsoft Defender Threat Intelligence, automatic threat blocking and in-memory attacks are areas of concern where improvements are required.

The stability of the product is an area of concern where improvements are required.

I have been using Microsoft Defender Threat Intelligence for a couple of years. I am a user of the product.

It is a stable solution. I rate the product's stability a six out of ten.

It is not a scalable solution since I use it on a PC at home, so per PC, a license amount is paid.

Only one person uses the solution at my home.

The product's initial setup phase was straightforward.

The product's installation phase just requires me to enable it on my system, as Microsoft Defender Threat Intelligence is a product that came along when I purchased my laptop.

The product is deployed based on the product's licenses, so it doesn't matter whether it is deployed on an on-premises model or on the cloud.

The basic requirements offered by the product are good enough for home-based PCs.

I use the product's default version, which is a free one and not the licensed version.

I rate the overall product a six to seven out of ten.