Microsoft Defender XDR Reviews

I use Microsoft Sentinel for monitoring cybersecurity threats as it is a SIM tool from Microsoft. Additionally, Microsoft Defender XDR provides security across multiple layers, deploying Defender for Endpoint on devices like laptops and desktops, Defender for Identity for Active Directory monitoring, and Defender for Office 365 for email security.

I find Microsoft Sentinel easier to configure since there is no need to manage all underlying components. Microsoft Defender XDR is effective for containment when threats occur, allowing for isolation of the host or account disabling. Although automation capabilities are better with Microsoft Sentinel, Microsoft Defender XDR shows potential. Integration with other Microsoft products is seamless, making it easier to create a unified security posture.

For Microsoft Defender XDR, there is currently no ability to reset passwords for on-premises accounts, which is a key challenge. Incident management can be difficult if third-party ITSM tools are connected with XDR. Initial tech support is slow in understanding problems. Improved integration with third-party ITSM solutions and enhanced automation in XDR would be beneficial.

I have been working with Microsoft Defender XDR for more than five years.

The deployment of Microsoft Defender XDR was not difficult. It is straightforward, and activating it involves just a couple of clicks.

I find Microsoft Defender XDR to be stable now.

Microsoft Defender XDR is definitely scalable.

The initial level of tech support is slow and rated as six out of ten. However, once issues are escalated to the second or third layer, the support is much better.

Neutral

For POC purposes, I have worked with CrowdStrike and Trellix XDR. However, I used Microsoft Defender XDR due to pre-existing Microsoft products in our ecosystem, ensuring seamless integration.

The initial setup of Microsoft Defender XDR is easy. It involves enabling the system with a few clicks and then tuning it as needed. I wanted to leverage Microsoft products across all security areas for better compatibility.

I have seen an ROI in terms of efficiency. Previously, identifying and containing threats took a long time, but now, with Microsoft Defender XDR, it takes just a few minutes.

The pricing for Microsoft Sentinel operates on a pay-as-you-go model based on data ingestion. I recall that Defender XDR pricing is based on the number of endpoints.

I evaluated CrowdStrike and Trellix XDR during the POC stage.

Based on my experience, I rate Microsoft Defender XDR as nine out of ten. If you are utilizing Microsoft in-house products for different security postures, go with Microsoft Defender XDR as it is easier to manage and scalable. It is notably the most compatible option if your organization already uses Microsoft products.

Other

Microsoft 365 Defender has many use cases. It includes four different services: Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Endpoint, and Microsoft Defender for Cloud Apps.

Microsoft Defender for Identity protects on-premises identities and synchronized identities from on-premises to the cloud. It ensures that identities are not compromised and that domain controllers are protected. This service is especially helpful for large enterprise customers who cannot move to the cloud entirely.

Microsoft Defender for Endpoint ensures that endpoints, such as laptops and mobile phones, are managed and protected. It is important that all four Microsoft 365 Defender services are integrated and share signals with each other. This allows for more comprehensive security and threat detection.

Microsoft Defender for Cloud Apps focuses on application-related issues. It allows us to sanction or unsanctioned applications, manage shadow IT and prevent users from uploading documents to external cloud storage or sending emails with unapproved documents.

Microsoft 365 Defender Portal integrates all four Microsoft 365 Defender services into a single portal. This makes it easier for security engineers to view logs, events, and incidents from all four services in one place.

In addition to Microsoft 365 Defender, it is recommended to have a Security Orchestration, Automation, and Response solution. Microsoft's cloud-native SOAR solution is called Sentinel. Sentinel is a powerful tool that can be customized to meet the specific needs of our organization. It is also cost-effective because we only pay for the features we use.

KQL is a powerful tool that can be used to create custom queries for Microsoft 365 Defender. CQL is similar to the PowerShell language, so it is easy to learn for IT professionals who are already familiar with PowerShell.

The visibility into threats is good. We can see all the information we need using the Microsoft 365 portal. There are recommendations that we need to follow, as well as explanations and descriptions of the threats. These descriptions explain what the threats can do, how they can scale, and how to protect our environment against them. I think that Microsoft is doing a very good job of sharing knowledge with customers, even about zero-day activities that are just being discovered by security researchers. I really appreciate Microsoft's openness and willingness to share this knowledge with its customers.

Microsoft 365 Defender helps us prioritize threats across our environment. This is important because if there is a known threat that we can find within the portal, we can see the information that the threat is trying to access, such as domain contrast. Microsoft 365 also provides us with numbers, values, risks, and scores that point to our environment and indicate which threats are vulnerable. For example, if there are ten Windows server machines that need to be patched, Microsoft 365 will tell us. If we do not patch these servers, they will remain vulnerable and we could be in trouble. Microsoft 365 provides us with a lot of information about our environment, which is very useful. This information helps us to identify and prioritize threats, and to take action to mitigate them.

We integrated Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Cloud Applications, and Microsoft 365 Defender.

With a Microsoft E5 license, all the Microsoft 365 Defender suite services are available. Once we purchase those services, we can get the best value by integrating the solution. This is a one-click process that should be the first step for everyone who has the license and is taking the security solution.

The solutions work together seamlessly to provide coordinated detection and response across our environment. This is important because small and medium-sized businesses cannot afford to have thousands of security analysts monitoring their environments for threats. With these integrations and Microsoft cloud-based solutions, SMBs can outsource their security teams to Microsoft. Microsoft's security team is constantly monitoring for new threats, vulnerabilities, and risky activities. They deliver this information to SMBs through email and other channels. This allows SMBs to focus on their core business activities without having to worry about security.

The comprehensiveness of the threat protection provided by these Microsoft security products is important. It is important to understand how they work, how they are configured, and how they share information with each other. It is also important to understand the activities that they perform and to be able to highlight the important aspects of those activities. This includes understanding what happens, why it happens, what could happen, and what mitigation steps are being taken. All of this information is key to understanding how these products can protect our organization from threats.

Microsoft Sentinel enables us to ingest data from our entire ecosystem. Without being able to share data from our different solutions and products into one data storage, we cannot really monitor that data. If we have visibility on one data storage on one product, and we have visibility on a different product that stores data in different storage, we have to control both separately. With Sentinel, we can have Log Analytics. We have a single Log Analytics workspace where we can ingest data from any solutions, products, external third parties, network appliances, cloud-based solutions, or on-premise-based solutions. We can ingest all this data into Log Analytics sources. Within the Linux workspace, something is based on top of that and is capable of monitoring the logs and finding suspicious activities.

Microsoft Sentinel enables us to investigate threats and respond holistically from a single location. This is the most important feature of any cloud-based SIEM solution. We must be able to take action immediately, and with Sentinel, we can do just that.

Given Microsoft Sentinel's built-in SOAR capabilities, UEBA, and threat intelligence, the security protection provided is comprehensive. The integrations and AI-based, machine learning-based features built into Sentinel are the main pillars of the cloud-based security solution. This is how a next-generation security solution should be built. It should help prepare and maintain security by integrating with other services. It is not enough to simply configure Sentinel wisely. Microsoft must also continue to improve the service by adding new features. Thanks to these basic pillars, Microsoft can continuously improve Sentinel.

When we first set up Microsoft Sentinel, we can define which logs we want to ingest and how long we want to keep them. We can configure the retention period for each log type. The retention period determines how long Microsoft Sentinel will store the data before it is deleted. There are three types of logs that we can ingest into Microsoft Sentinel without paying for them, Audit logs, Microsoft 365 change logs, and Microsoft 365 online logs. For all other log types, we will be charged for storing the data after 90 days. If we have a Microsoft 365 subscription and we have integrated Microsoft Sentinel with our environment, we can monitor Exchange service for free for 30 days. This is because we can ingest the data for free and we can store the data for 30 days without being charged. It is important to test our environment and configure the retention periods for our logs so that we can understand how much Microsoft Sentinel will cost us. Microsoft Sentinel provides detailed workbooks that we can use to analyze our costs.

Microsoft 365 Defender includes four services and four products, which can help organizations a lot. We don't need to hire as many security analysts. What we need to work on is making sure that the security engineers who are working with the Microsoft 365 Defender suite are up to date on the technology. We need to allow them to study, keep studying, improve, share knowledge, and gain hands-on experience, not just theoretical knowledge. Thanks to the Microsoft 365 developer tenant, we can set up a tenant for testing purposes for free. This is great, and we can all use these developer tenants to test different business use cases and see how they work. Microsoft Defender can help organizations a lot if they are really paying attention to how it should be configured. They should follow Microsoft guidelines on how to prepare each service and how to prepare the environment. 

Microsoft 365 Defender helps automate routine tasks and the findings of high-value alerts. It has a configuration capability that allows us to automate different tasks, which can be very helpful. Automation is always a key goal when purchasing a new product or service, as it can help to streamline processes and save time. When automating a new product or service, it is important to consider the expected results and how they can be best resolved.

When configured correctly, automation can have a significant impact on our security operations. Automation plays a big part in Microsoft 365 and Sentinel Integration. Once we can access the portal, there are services where we can use more automation than in other services. For example, we can configure Microsoft Defender Cloud Apps to automatically block risky applications with a risk score under five. This can be very useful, as it frees us up from having to manually monitor new applications and manually block risky applications. This automation is one of the main goals of the security department. It can take some time and effort to implement, but it is worth it in the long run. With Microsoft, automation is a cost-effective solution.

Microsoft 365 Defender helped eliminate the need for multiple dashboards by providing a single XDR dashboard. In 2020, there were different portals and different dashboards for each service within Microsoft 365 Defender. These services are now being migrated into a single portal, the Microsoft 365 Defender portal. This allows users to view all of their security data in one place, without having to switch between different portals. The integration process is still ongoing, and some features have been removed from the old portals. However, users can still access all of their data by following the new updates and how they are being integrated into the Microsoft 365 Defender portal. Overall, the new Microsoft 365 Defender portal provides a more unified and user-friendly experience for managing security data.

Microsoft 365 Defender Threat Intelligence helps us prepare for potential threats before they hit. Microsoft shares threat-related information they gather from different sources and vendors. They not only describe the threat, but they also recommend activities within our environment to help us protect ourselves. This is a valuable service because it allows us to take steps to mitigate threats before they impact our organization.

Microsoft 365 Defender saves us time. I used to have to open multiple portals to check for threats, but now I can do everything in one place. This has freed up my time so I can focus on other tasks. In addition, Microsoft 365 Defender has helped us to reduce the number of security analysts we need to hire. This is because the solution is able to detect and respond to threats more effectively than we could on our own. Overall, Microsoft 365 Defender has been a valuable addition to our security team. It has helped us to save time.

Microsoft 365 Defender helps us save costs by providing all the information we need in one place. The ability to monitor and respond from one place is a key element of the entire threat investigation process.

Microsoft 365 Defender's most valuable feature is the ability to control the shadow IP.

We found that sometimes integrations work, but testing them can take some time. Sometimes, configurations take much longer than expected. We have a configuration in place that needs to be synchronized with another server. However, the servers are four hours apart, so this can cause delays. In general, I believe that the time it takes to configure and test a service should be shorter. Sometimes, it can take a couple of hours to test a single configuration setting. Other times, it is only ten or fifteen minutes, which is normal. However, sometimes, even immediate actions can be triggered by configuration changes, and some settings can take up to eight hours to complete. I believe that this time can be improved.

Microsoft is making a lot of improvements to its services in a short period of time. This is a good thing, as it means that the services are constantly being updated and improved. However, it can be challenging for customers to keep up with the changes. For example, a customer may read about an update, understand it, and share it with their colleagues and boss. However, it may take days or weeks to test the update and get the necessary approvals. This can be especially challenging for large customers with many users or machines. In some cases, Microsoft may change a service before the customer has had a chance to implement the previous update. This can be frustrating for customers, as it means that they have to constantly learn new things and adjust their workflows.
On the one hand, it is important for Microsoft to keep updating and improving its services. This helps to ensure that the services are meeting the customers' needs and that they are staying ahead of the competition. Microsoft should also be mindful of the challenges that these changes can create for customers. One way to address this challenge is to provide customers with more time to implement changes. Microsoft could also provide more information about upcoming changes so that customers can plan ahead. Ultimately, Microsoft needs to strike a balance between keeping its services up-to-date and providing customers with a smooth transition to new features.

I have been using Microsoft 365 Defender for six years.

Microsoft 365 Defender is stable.

Microsoft 365 Defender is scalable.

We have users across different areas in Europe. We provide support to multiple companies that use Microsoft 365 Defender, with user counts ranging from 1,000 to 10,000.

The technical support quality varies depending on who responds to our call.

Positive

I previously used Zimperium, which is one of the top three mobile security platforms in the world. Our organization decided to purchase the Microsoft 365 E5 license, which includes Microsoft Defender for Endpoint services that can be used to protect mobile devices against mobile threats. Once our contract with Zimperium was over, we transitioned all of our mobile devices to Microsoft Defender for Endpoint. We moved from the old solution to Microsoft because they provide a great service. They provide a lot of features, and they also provide a very good price.

The cost of Microsoft products depends on several factors, including contract negotiations, the number of licenses needed, the length of the contract, the type of contract, and whether the organization is a long-term partner or a new customer. Microsoft is constantly adding new features, which can cause the price to increase. However, the cost is worth it to protect the environment. Currently, no other company can provide such a complex product at such a competitive price and be as responsive to end-user feedback and continuous improvement.

On average, we pay around 55 euros per user for the services and features we receive. This is a good value for a large company, but it may be too expensive for a small business.

I give Microsoft 365 Defender an eight out of ten.

Microsoft 365 Defender can be complex, the engineers should follow the updates and ensure that they have up-to-date knowledge of the services and products.

I prefer Microsoft Defender for Cloud Apps. It is the most customizable and feature-rich solution of the three. I like that we can fine-tune security controls to specify what applications can do or what users can do within an application. This is possible due to the integration with Microsoft Defender for Endpoint, Microsoft Information Protection, and Intune or Microsoft Endpoint Manager. This allows us to block activities that we do not want to allow in our corporate environment. We can also scope the solution to user applications, document types, classifications, and whether the device is compliant.

Microsoft 365 Defender services are still new to many customers. Some customers do not even have a Microsoft 365 license, so they cannot use these services. Once we purchase a license, we have access to these services. However, these services are new to our environment. We need to ensure that we have a security engineer with experience in these services. We can either hire an engineer or contract with one. We also need to ensure that the engineer shares their knowledge with our existing security engineers. This will ensure that everyone is on the same page and knows how to use the services. We also need to have a design for how we will use these services. We need to have a clear picture of what we want to achieve. This can take months or years, especially for large companies. If we are a large company, we may also need to move away from our current solutions. Our current solutions may not be cloud-based. We may still have contracts with other vendors for one or two more years. We will need to have a plan for how we will migrate our services to Microsoft 365. This can be a lot of time and effort. We need to prioritize the tasks that we want to onboard and decide which services we want to use or configure. This is an issue for a large company. For a small company with only a few users, this can be much easier and go much faster.

The number of people required for Microsoft 365 Defender maintenance is based on the number of users in the organization.

Public Cloud

Microsoft Azure

Our primary use of Microsoft Defender XDR is for threat hunting and monitoring potential threats entering through email and URLs. We use the full suite, including Defender for Endpoint, Defender for Office 365, and Defender for CloudOps, especially now that we have upgraded to M5.

Microsoft Defender XDR has significantly improved our operational security. We've observed a notable decrease in click rates since implementing attack simulations, and the overall response to these campaigns has been positive.

Since activating the M5 feature set, we have observed a decrease in malicious clicks and faster incident alerts.

The Email Explorer feature has proven invaluable, offering a broader perspective than automated alerts and incidents alone. Its comprehensive view has simplified the process of targeting and identifying specific threats, including those initially missed but subsequently flagged, enhancing our overall threat detection capabilities.

Microsoft Defender XDR could be improved in terms of speed, especially backend speed. Additionally, some of the automated workflows in Intune, particularly the zero-hour purge, do not always trigger promptly.

I have been using Microsoft Defender XDR for two years now.

Microsoft Defender XDR has maintained high stability despite various service alerts. These alerts are targeted and informative, clearly indicating any potential functionality issues. The service has remained consistently online, with any issues isolated to specific components, suggesting a well-designed and modular architecture.

Our company has not experienced any scalability issues. As a medium-sized XDR company, scaling has not presented any challenges.

The technical support from Microsoft Defender XDR has been disappointingly slow, to the point that I am considering not renewing my unified support contract. However, I have not yet made a final decision.

Negative

We previously used Mimecast for email and Cylance for endpoints. We did not have any solutions for cloud apps. We switched to Microsoft Defender XDR because we already had the licensing for it, and it did not make sense to pay twice for a similar product.

The initial setup of Microsoft Defender XDR was straightforward, and we have not encountered any deployment issues. It was easy to manage with the bundled features.

We did not use an integrator, reseller, or consultant for the deployment of Microsoft Defender XDR. Most of the deployment was done in-house.

Ever since we turned on the M5 feature set back in June, we have seen a reduced number of potentially malicious clicks and faster alerting when incidents occur. It has improved our security posture.

The bundling of software makes it easier to manage our setup, but Microsoft purposefully obfuscates this through marketing ploys to hide costs. Although this can be challenging, ultimately, it simplifies budgeting.

We evaluated several options before switching to Microsoft Defender XDR, but ultimately chose it due to cost-effectiveness, as its features were already included in our existing license, though previously unused.

I would rate Microsoft Defender XDR an eight out of ten. I believe it is underrated by many, and some companies miss out by not knowing how to configure it properly. Microsoft's pricing makes setups difficult to manage, but the overall value is significant.

Public Cloud

Microsoft Azure

We are a security consulting company that assists clients with their Microsoft 365 and Azure security and workloads. We can help optimize the use of their purchased feature sets and licensing, ensuring they get the most out of their investment for security and other workloads and features within the 365 and Azure environments. As information flows between their 365 and Azure environments, we offer expertise to ensure clients are utilizing all available resources effectively.

The majority of our deployments follow a hybrid model, which is currently the norm. Although there have been instances where organizations have fully migrated to the cloud, many larger enterprise solutions in the industry are still in the process of transitioning from on-premise to cloud-based infrastructure. Consequently, most of these solutions are currently in a hybrid state.

The visibility provided by Azure is multi-dimensional, and one aspect that I appreciate is the Microsoft 365 Defender portal. It not only offers Azure security but also a single-pane-of-glass experience where we can view our SaaS applications, email hygiene, and threats and alerts, all on the same page. The monitoring is exceptional, and the quality and depth of the telemetry are impressive. Clients appreciate the fact that we can access incident or alert details, including the affected entities and the timeline of events. For instance, we can identify where an email was opened, a link was clicked, and how malware or viruses spread across the network, causing damage. Additionally, the portal's ability to provide automated responses is second to none, and we can see how Microsoft's AI technology can isolate or stop these instances from further propagation. In summary, Microsoft 365 Defender is a powerful tool.

Microsoft 365 Defender assists in prioritizing threats within our enterprise by utilizing CVE security, a standard security prioritization method. This means that the product has incorporated industry standards into the Microsoft tenant, providing prioritized threats and best practice remediation. With the help of Defender, we gain insights on how to remediate and prevent future threats from similar malware or incidents.

We utilize several security products to ensure the protection of our data and identity. Our product offerings include Defender for Identity, Defender for Cloud, built-in tools for data governance and data protection, as well as compliance and monitoring through the compliance portal. Typically, clients with E5 or A5 licenses can benefit from these products, which cover a wide range of features for protecting data, and identity, and detecting risky behavior such as risky sign-ins and user behavior analytics. The behavior analytics feature, which is a part of our Defender product, has been particularly crucial for federal governments and other organizations with highly sensitive data. While all of our products are valuable and important, we believe that identity is the most crucial foundation to start with since it feeds into everything else.

The integration of Microsoft products is almost seamless, as long as we have the licensing piece. To enable sharing or maintaining telemetry across different solutions, we turn on Connect and switches for products like SharePoint, OneDrive, Teams, and Exchange. Setting up connectors for SharePoint on-premise or Exchange online may be necessary, but Microsoft provides setup wizards and good documentation on their website, making it easy to implement solutions. Any difficulties usually arise from user error or trying to integrate insecure legacy third-party software. However, most modern authentication and protocol software integrate seamlessly within the Microsoft environment. The Microsoft documentation site is excellent, with built-in training and links to assist with implementation.

The security solutions work together seamlessly to provide coordinated detection and response across our environment. One of the things I appreciate about these products is that the Defender products share telemetry across the board. For instance, if we set up Defender for Identity on our domain controllers, we need to grant permissions for that telemetry to be accessible from Microsoft 365 Defender in the cloud. This means we may have to give permissions to our on-premise domain controllers. While the integration is simple, it is essential to follow the documentation to ensure a seamless and easy-to-maintain setup, monitoring, and management of our Microsoft 365 and Azure ecosystems.

Microsoft covers all current threats that have been identified by various security organizations and standards. These threats are typically integrated into the Microsoft ecosystem, including zero-day detections. Microsoft is plugged into world-class cybersecurity organizations, ensuring that all vulnerabilities and updates are current and available in the Microsoft portals. The comprehensiveness of Microsoft's security coverage is top-notch, with seamless integration with other clouds and on-premise products. While there are other products competing in this space, Microsoft 365 users and organizations should not rely on third parties when Microsoft already has integrated solutions available.

Microsoft Defender for Cloud's bi-directional sync capability is crucial as it enables the transmission of telemetry data regarding SaaS application usage from client systems, on-premise devices, and any other systems that access the Microsoft 365 cloud. This feature ensures that real-time data is accessible for managed systems, providing immediate access to any detection of sanctioned or unsanctioned applications. The bi-directional sync capability offers immediate data feedback, which is essential for prompt action.

Microsoft Sentinel enables us to gather data from our entire ecosystem. However, it is important to note that using Sentinel requires a Microsoft subscription and a storage account. Therefore, it is necessary to consider the cost of data ingestion and aggregation. It is crucial to only ingest data that is relevant and beneficial for our security monitoring and data log aggregation. Simply collecting data without a specific purpose is not advisable. I advise our clients to focus on maintaining a lean monitoring and data log aggregation approach that yields security benefits. We can detect and query threats using the crystal query language that is integrated with Sentinel, making it a key component of our Microsoft security journey with our clients. Sentinel connects with everything and has native connectors and third-party options available. Additionally, Sentinel can be set up as a provider of security operations center capability by connecting it to another cloud.

Microsoft Sentinel allows us to investigate threats and respond to them in a comprehensive manner, all from one platform. What I find particularly impressive about Sentinel is its ability to provide both reporting and analysis through workbooks, and actionable response strategies through playbooks. In addition, Sentinel includes UEBA and threat intelligence capabilities. This raises the question of how we can evaluate the effectiveness of Sentinel's security protection. One advantage of Sentinel is that it not only detects threats but also responds to them using advanced DAI and intelligence technology. This allows us to take proactive measures and set up playbooks and other capabilities that integrate seamlessly with Sentinel. By taking telemetry from different products and environments, Sentinel provides a three-dimensional perspective that other products may lack. This helps us take the right steps toward risk mitigation or remediation by giving us current, broad coverage. With telemetry, we can take a holistic approach to secure entities affected by any type of alert or environmental compromise. Sentinel's ability to bring together reporting, analysis, and actionable response strategies makes it a superior product in terms of security protection.

The cost of Sentinel depends on the amount of data being processed. This is likely true for other similar products as well. Typically, the cost of using these products is associated with ingesting and aggregating data logs. However, I believe Sentinel's cost is competitive and provides an advantage, as it offers more than just a SIEM or SOAR solution. Sentinel includes response capabilities, which is where it excels. Therefore, I believe the cost is reasonable considering the benefits it provides.

After implementing Microsoft 365 Defender, our organization has observed a significant improvement in our security measures. We have noticed a substantial decrease in compromised accounts, access issues, and entry problems resulting from phishing attempts, emails, and other security threats. This improvement can be attributed to the robust exchange of online protection capabilities. The impact has been remarkable and has made a noticeable difference in our overall security. Additionally, addressing insecure applications operating within our environment and managing data governance has been a challenge. Data governance, in particular, can be time-consuming since data is ubiquitous and it takes time to establish the appropriate tools, labels, and policies to protect it. It requires a marathon-like approach rather than a sprint and Microsoft 365 Defender has helped reduce the time.

Our Microsoft security solutions automate routine tasks and aid in detecting high-value alerts. The ranking of these alerts is customizable, allowing us to adjust their priority based on our industry or organization's specific needs. While the default settings are effective, we appreciate the ability to modify them to better suit our purposes. This customization feature is particularly valuable as it allows us to tailor the alerts and detections to our particular use case.

The solution has helped our clients by eliminating the need for multiple dashboards and providing one comprehensive XDR dashboard. This has been the most significant feedback from our clients who prefer to have all information in one place instead of having to navigate through multiple portals. With the integration of Microsoft tools like Power BI, our telemetry can be displayed in different views and graphics, making it easily understandable for all stakeholders and users. Power BI can also import Sentinel queries, allowing for customized dashboards with a unique look and feel. I appreciate the flexibility and versatility of Power BI in creating informative and visually appealing dashboards.

The solution's threat intelligence helps us prepare for potential threats before they strike, allowing us to take proactive measures. I have witnessed some excellent updates that are posted on the Microsoft Defender portal. These updates have enabled us to stay ahead of any potential threats. When there is an attack, Microsoft is quick to disable affected services, such as service principals or services, across many servers and other devices, taking affirmative action ahead of time. I have observed many proactive notifications, including day-one or zero-day notifications, that are promptly released on the Defender side. This approach allows us to get ahead of the potential issues and prevent any significant impact.

The amount of time saved by using automation tools is significant and exceeds our expectations. While we sleep, these tools perform tasks such as deleting phishing and malicious emails and conducting automated investigations. This has resulted in a substantial reduction in the number of man-hours needed for Microsoft security and Defender product tasks, which has more than justified their cost.

Microsoft 365 Defender has saved our organization money.

Microsoft 365 Defender has significantly reduced our detection and response times. The proactive nature of the software alerts us to suspicious activity, such as a user logging in from an unknown location, allowing us to trigger conditional access responses accordingly.

In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments. This is a key advantage for maintaining and monitoring usage, implementing security guardrails, and protecting data integrity and privacy from oversharing. Many clients face challenges in managing guest account access, SharePoint links, and access control. Thus, we recommend starting with access and entry as a foundational principle of security, using tools such as the identity secure score to assess the security journey progress. 

Microsoft 365 security portals cover four pillars: identity, applications, devices, and data, with Defender products geared towards identity protection being the most useful. These products help set up conditional access controls, privilege identity management, and risk mitigation strategies for legacy authentication and protocols. Defender products also provide visibility across third-party services such as AWS cloud, Box, Workforce, and other enterprise tools. Microsoft Sentinel, another useful product, provides a great solution for infrastructure visibility across Azure and on-premise infrastructure, albeit with associated costs for storage and subscriptions.

At times, there may be delays in the execution of certain actions and their effects. These delays are often related to Microsoft tasks that run in the background. For instance, when we perform an improvement action such as improving the secure score, it may take a few days before we see any changes. This delay can be frustrating, but it is still beneficial. We have also encountered issues with the secure score feedback when we set it up to work with third-party tools. We have reported these issues to Microsoft. To improve the situation, we need to fix this aspect of the solution so that we can receive secure score feedback closer to real-time or more promptly. This would be a significant improvement.

I have been using the solution for five years.

Stability has been good overall, but there was a recent incident where some of the most searched URLs were incorrectly tagged. This included URLs for services like Zoom, which caused concern among many of our clients. However, Microsoft has since corrected the issue.

Our licensing for Microsoft 365 Defender enables automatic scaling based on our needs. This means that the software's capacity will increase or decrease depending on our licensed usage.

The technical support we receive is of high quality. They effectively address specific incidents that arise, and their overall response time is satisfactory. We usually receive a response on the same day. In the rare event that an issue requires advanced technical escalation, they are able to provide us with a specialist within a day or two.

Positive

We have previously used CrowdStrike, McAfee, and Norton products but Microsoft 365 Defender is already included in the license we have with Microsoft so there is no need to pay for additional licenses.

The initial setup is usually straightforward, but it can become more complicated when we are dealing with scenarios such as bringing your own device or managed devices. In these cases, deploying can be a bit more challenging. However, I still believe that the process is generally straightforward.

Before deploying we typically do a pilot with the IT organization and once that goes well, we continue with the rest of the organization and their devices. We usually require between 10 and 20 staff for deployment.

The implementation was completed in-house.

The return on investment is significant. We have observed Microsoft 365 Defender's value in terms of saving man-hours that would have been spent sifting through logs and connecting information during investigations. The Microsoft tool provides us with an advantage by performing this task automatically, allowing us to take action on the information it has already gathered during the investigation. 

The cost of the solution appears to be appropriate, and we get what we pay for. Although I am aware that Microsoft has recently introduced licensing adjustments with plan one and plan two options, I have observed that they offer a higher level of benefits and value compared to our current solution. Nevertheless, we are taking steps to make our solution more accessible to various organizations, including educational institutions, by utilizing the licenses we have and pursuing certification for federal cloud services, despite the additional obstacles. Overall, I believe that the pricing of the licensing is fair.

I give the solution a nine out of ten.

We have a cloud environment, and for Microsoft 365 cloud services, our remote workforce is currently working from various locations. However, some resources and applications are still located on-premise and need to be accessed. To accommodate these hybrid environments, we usually use Azure AD sync to synchronize on-premise AD. This process can add some complexity.

Microsoft 365 Defender needs to be fine-tuned for optimal performance. In order to achieve this, adjustments need to be made based on the specific needs of the user. For instance, when tuning for phishing email security, there are different levels of aggressiveness available for the products. Fortunately, maintenance is quite minimal as Microsoft handles virus signatures, updates, and other related tasks. However, tuning is necessary for individual use cases, such as adding specific emails to an exception or whitelist.

Determining the best-of-breed in a given space can be subjective due to varying perceptions. While a best-of-breed strategy is effective in certain cases, it has limitations when compared to integration. For instance, when trying to identify the best tool for different security areas, having disparate solutions that don't communicate with each other can be problematic. Therefore, integration becomes a critical component in this context. Although having the best-of-breed approach is a great strategy, we also need to consider the benefits of integration and having a single pane of glass that provides an overview of all security aspects. This will help us avoid having to navigate multiple best-of-breed solutions in a sporadic manner.

My suggestion is for people to carefully review the documentation provided by Microsoft to gain an understanding of how the product works and how it fits with their particular use case and solution scenario. Negative feedback is often the result of a lack of knowledge or understanding. By taking the time to conduct a proper POC, engaging with the appropriate Microsoft representatives or consulting organizations, and being inquisitive, we can evaluate our current tenant and solution, and conduct a security assessment. This will enable us to make an informed decision about Microsoft products.

Hybrid Cloud

Microsoft Azure

We use Microsoft 365 Defender to provide cybersecurity to our clients. Microsoft 365 Defender provides real-time alerts which I review and analyze for our clients.

We implemented Microsoft 365 Defender to mitigate the cybersecurity threats our clients were facing. 

Microsoft 365 Defender is a valuable tool for our daily security operations. It provides us with a clear picture of security threats through its alert system, which identifies the origin of the attacks and correlates them with the MITRE ATT&CK framework.

It is user-friendly, loaded with features, and priced cheaper than the competitors.

Microsoft 365 Defender thwarts advanced attacks from spreading within our client's networks by utilizing the MITRE ATT&CK framework to recognize and categorize threats, then automatically taking steps to neutralize them.

Microsoft 365 Defender earns a rating of eight out of ten for its effectiveness in stopping attacks, which has demonstrably improved our security operations.

While Microsoft 365 Defender effectively stops attacks and adapts to new threats, human intervention is necessary for entirely new attack patterns. This is because the system relies on machine learning to identify threats based on past data, and completely new attack patterns wouldn't be recognized yet.

Microsoft 365 Defender enabled us to discontinue the use of other security products and helped save our security team time.

The most valuable features are machine learning, AI, and auto-remediation of non-malicious alerts. The onboarding and offboarding of devices are also seamless and the Windows Autopilot is helpful for our users.

Troubleshooting in Microsoft 365 Defender can be inefficient. Onboarding new devices with communication issues, for instance, requires using Veeam for log investigation and contacting Microsoft support, making the process time-consuming.

The current number of indicators of compromise provided by Microsoft is 15,000, but increasing this number would be beneficial for improving detection capabilities.

I have been using Microsoft 365 Defender for one year.

I would rate the stability of Microsoft 365 Defender ten out of ten.

I would rate the scalability of Microsoft 365 Defender ten out of ten.

Microsoft 365 Defender's technical support team is responsive, offering timely solutions to help our clients resolve their security issues.

Positive

In the past, we relied on both McAfee for antivirus protection and Cybereason Endpoint Detection & Response for advanced threat hunting, but we have since streamlined our security posture by consolidating these functions under Microsoft 365 Defender.

Microsoft 365 Defender is more user-friendly and flexible than Cybereason Endpoint Detection & Response.

Deploying Microsoft 365 Defender is a manageable process for our team of three, who handle our roughly eight thousand servers on an ongoing basis.

Microsoft 365 Defender offers competitive pricing. While purchasing an Azure subscription includes it in a bundled model, the standalone subscription cost for cloud storage and Defender itself remains reasonable, making it an affordable option compared to other security services.

I would rate Microsoft 365 Defender nine out of ten.

It takes some time to see the benefits because it is a large tool with many features that keep changing.

Our clients are enterprise-level.

Maintenance is required.

I recommend Microsoft 365 Defender to others.

Public Cloud

Microsoft Azure

Microsoft Defender XDR is our primary solution for security. We have a number of use cases across different environments, allowing us to secure all our use cases comprehensively.

One of the most valuable features of Microsoft Defender XDR is its ability to provide preemptive reports regarding excessive privileged access. This allows us to secure our systems in advance and proactively improve security, rather than waiting for incidents to occur. Additionally, it ensures that we are fully compliant before any audits are conducted, which has potentially saved our reputation. Furthermore, its integration across different environments allows central visibility for different workloads.

There is nothing I can think of at the moment that needs improvement. I am a contractor and finishing up soon, so I haven't encountered any issues requiring enhancements.

I have been working with Microsoft Defender XDR for a few years now, about one and a half to two years.

I was involved in the deployment, and it was very easy to set up and configure. I did not encounter any problem—it took half a day to a full day at most.

There are no complaints regarding the stability of the solution. It seems to do the job well.

The customer service is good, and they supported us well. Although it took some time, we got the required support in the end.

Neutral

The initial setup was straightforward, and I did not have any issues with it.

We used Teams for the deployment, but I could be wrong on that.

Overall, I would rate Microsoft Defender XDR a seven out of ten. It is a useful tool and not necessarily the best solution I've seen, but it is good and I wouldn't object to using it.

Other

We offer an MDR service and use Microsoft Defender XDR with Defender for Endpoint, Defender for Cloud Apps, and Defender for Cloud.

Having Microsoft Defender XDR integrated into our ecosystem has helped provide a single pane of glass for identifying, monitoring, and responding to issues across multiple customers.

From an attack chain perspective, Defender XDR handles phishing and spam emails easily, while Defender for Endpoint manages endpoints effectively. We've drastically improved our user experience. Even though we have Check Point in place, without adding complexity, XDR helps manage a significant baseline, enhancing user productivity by reducing signals significantly. The ability to report phishing is more accessible with the add-on features in Outlook.

It would be beneficial to reduce the number of clicks required to navigate between blades, as the current navigation and breadcrumb system can be a bit confusing. Some inconsistencies exist between blades, which could be improved for a more seamless user and UI experience.

We have used Defender XDR for just over a year now.

The services within our ecosystem have been reliable, meeting their SLAs. However, sometimes the experience feels congested, likely due to increased usage, which indicates high adoption levels.

Microsoft Defender XDR shows tremendous scalability, much more so than on-premises solutions. Microsoft has ensured these capabilities are available for its customers.

Support has gotten better, but there is room for improvement. It's critical to escalate SEV B issues immediately to a domestic engineer. Having a CSAM makes a significant difference.

Positive

I have always worked with Microsoft solutions for the past twenty-five years, expanding my knowledge to include third-party solutions as Microsoft evolves rapidly.

The deployment wasn't intuitive,  but it was simple for me. The documentation helps despite a few gaps when they roll out new features. You need to understand the technology before you implement it. Read up as much as you can before establishing a dev tenant, implementing, testing, and then piloting in production.

I wasn't part of the M&A transition, so I'm unaware if a Microsoft partner was involved. I've served as a consultant with various Microsoft Gold partners, and without those partners, adoption would have been more challenging.

From a support desk perspective, there has been a decrease in support requests and an increase in user productivity. Although I don't have exact statistics, user experience has improved significantly, which is crucial for the company's progress.

Licensing is somewhat confusing, particularly when presenting our pitch decks to stakeholders and leveraging key features in premium SKUs, but we managed with some assistance from Microsoft.

I rate Microsoft Defender XDR 10 out of 10.

Public Cloud

Microsoft 365 Defender works together with Exchange Online is my area of specialty.

Microsoft 365 Defender incorporates a capability to identify potentially malicious emails or emails originating from suspicious senders.

Previously, we encountered a significant number of spam emails and suspicious emails, and users were inadvertently interacting with them. However, we have made progress in addressing this issue. We have conducted attack awareness training to educate users on identifying suspicious emails, and Microsoft Defender has played an important role in preventing such emails from reaching our inboxes. As a result, we have noticed a reduction in the volume of spam emails and an increase in the delivery of trustworthy emails. Considering these improvements, I can confidently state that we are in a better position now in terms of email security compared to the past before the implementation of Microsoft 365 Defender.

Within Microsoft 365 Defender, specifically using Advanced Threat Protection, you have the ability to define rules and actions for high-value alerts. 

By using Advanced Threat Protection, you have the capability to conduct thorough investigations and delve deeper into the search for specific threats that you suspect may be present within your organization. 

Within the Microsoft 365 Defender suite, you have access to numerous features that enable you to effectively track and investigate potential threats within your organization.

Automation significantly impacts our security operations in a highly beneficial way. It revolutionizes our approach by providing a centralized IT vendor admin center where we can execute all our search queries and obtain the desired information from a single interface. This unified platform streamlines the entire process by consolidating various components and their respective search processes into one, eliminating the need to navigate through multiple individual interfaces. With Microsoft 365 Defender, we have the convenience of accessing and investigating different areas of interest from a single standpoint. This not only saves us substantial time but also reduces effort and enhances overall efficiency in our security operations.

The consolidation of security operations has had a significant impact on our effectiveness and efficiency. It has resulted in improved response times, enabling us to swiftly pinpoint the potential sources of threats. We have observed a reduction in incident response time, allowing us to address security incidents more promptly. Additionally, the consolidation has enhanced the efficiency of our deployment processes, streamlining our overall security operations. These notable impacts have greatly contributed to our organization's ability to proactively identify and mitigate threats, ultimately bolstering our security posture.

Threat intelligence is an essential component in proactively preparing for potential threats and implementing proactive measures. While I have not personally engaged with this particular feature, it is widely acknowledged that staying informed about current threat intelligence is essential.

Although preventive measures are in place to minimize maintenance issues, there can be instances where threats successfully circumvent those safeguards. However, the capability to detect and identify threats before they cause harm to the system remains a valuable advantage. Anticipating the effects of this specific feature in Microsoft Defender is something I am eager to experience, as it appears to be a fascinating addition to the security measures.

Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment. 

Indeed, the credit-backed simulation feature in Microsoft Defender operates by sending simulated phishing emails to users within the organization based on the configured settings. When a user interacts with the email by clicking on a link or taking any action, they receive a notification informing them that it was a simulated phishing attempt. This simulation serves as a valuable training tool, helping users learn how to detect and respond to phishing emails effectively. By experiencing these simulations, users can enhance their awareness and develop the skills necessary to prevent falling victim to real phishing scenarios in the future. This feature is highly valuable in improving the overall security awareness and resilience of the organization's users.

In terms of visibility, Microsoft 365 Defender offers a comprehensive and detailed overview of threats and potential traces identified within your organization. 

Within Microsoft 365 Defender, you have the ability to configure specific criteria and assign high-risk values to certain indicators. This allows you to align with compliance regulations and establish your organization's threat determination framework. By leveraging Microsoft 365 Defender, you can implement and enforce these criteria to analyze and assess potential threats in your environment. 

I believe that Microsoft has the potential to greatly enhance the efficiency of the application by incorporating advanced capabilities into this feature. By providing users with the ability to customize and tailor threat detection according to their specific needs, Microsoft could significantly improve the overall effectiveness of the application. The addition of advanced capabilities would be a valuable enhancement, complementing the existing features and further strengthening the overall functionality of Microsoft 365 Defender. This would undoubtedly be a welcome and highly beneficial addition to the platform.

Microsoft 365 Defender demonstrates a commendable level of comprehensiveness in its threat protection capabilities. However, it is important to acknowledge that false positives and false negatives can be potential challenges in any security solution.

I primarily focus on using two key features within Microsoft Defender: the attack training simulation and the threat policies integrated with Azure Guard Protection.

The dashboard is one of the features of this application.

Implementing this solution has proven to be time-saving as it enables us to effectively track down suspicious and malicious attachments that may accompany emails. Even if users tend to click on attachments without much thought, we have successfully prevented and significantly reduced security breaches that were prevalent in our past security architecture. The ability to identify and mitigate potential threats has greatly improved our overall security posture, providing us with enhanced protection against breaches and unauthorized access to our systems. By leveraging this solution, we have experienced tangible benefits in terms of minimizing security incidents and safeguarding our organization's sensitive data and resources.

There was a specific incident where an email was received containing an executable file, and unfortunately, like many other users, this particular user was unaware of the potential risks and clicked on it without hesitation. Consequently, the consequences of this action became evident. 

Microsoft 365 Defender has provided us with the capability to pinpoint the specific machine where the application is currently present, as well as track the actions and steps that the application has already taken on that machine. This is just one example of the numerous areas where Microsoft 365 Defender has proven invaluable in our security operations. 

While providing an exact numerical comparison may be challenging, I can confidently say that the improvement in our response capabilities with Microsoft 365 Defender compared to our previous security architecture is indeed significant.

It is fair to acknowledge that Microsoft 365 Defender, like any software product, is not without its imperfections. There are instances where it may incorrectly flag legitimate emails from trusted senders as spam or exhibit inadequate performance in accurately classifying certain emails.

Aside from that, it's a pretty good solution, and that is for the emails.

However, the main point I want to convey is that for someone who is new to it, using Microsoft 365 Defender will demand a significant amount of effort and a willingness to learn about the product in order to maximize its benefits. It deals with technical aspects and encompasses a broad range of features beyond just the mentioned warranty, such as online exchanges. To effectively utilize Microsoft 365 Defender, it is important to have a thorough understanding of its functionalities.

It may be too complex for beginners to grasp.

In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals. 

Breaking it down into smaller components or enhancing its comprehensibility for end users would serve as a valuable advantage. In fact, it would not only impress others but also motivate them to understand the significance of utilizing I Defender in their specific situations.

At the moment, I have limited knowledge about TripAdvisor and its offerings, so I'm unable to provide comprehensive information. However, based on my current understanding, I believe it would greatly benefit from being more user-friendly and simplifying its features. This would enable users to easily navigate the platform and maximize their experience with it.

I have been working with Microsoft 365 Defender for a year.

To the best of my knowledge, I have never encountered a situation where Microsoft 365 Defender experienced significant crashes or unresponsiveness, aside from occasional instances of false positives and false negatives. I have found the platform to be reliable and self-service oriented, with prompt responses from the provider whenever assistance was needed.

We currently have around a hundred users with Office 365 licenses; however, not everyone has the same plan that includes Microsoft 365 Defender. I was hoping to access the admin dashboard to have a closer look at the settings and configurations, but it seems that access is limited to approximately fifty users.

This is managed by Microsoft you don't have to do anything.  All you have to do is understand how to use it to make it work for you.

Similar to other cloud applications, I believe Microsoft 365 Defender demonstrates excellent scalability by seamlessly accommodating an increasing number of users. It effortlessly scales across these users, eliminating the need for extensive efforts to extend security measures to them. The scalability of Microsoft 365 Defender is highly commendable.

In situations where an email that appears to have properties indicative of spam gets delivered instead of being flagged, it is advisable to contact the technical support team directly. 

Engaging with customer support allows you to understand why such potentially harmful content was allowed into your organization. While Microsoft 365 Defender is an advanced solution, there is always room for improvement, and feedback can help drive future enhancements to make it more effective.

By reaching out to customer support, you can address specific concerns and gain insights into how to optimize the system's performance for better security outcomes in the future.

I would rate the technical support an eight out of ten.

I use Exchange Online Protection in conjunction with exchange mailboxes.

They collaborate closely. Collaborating with one is nearly identical to collaborating with the other due to the overlapping features between Microsoft 365 Defender and Exchange Online. Essentially, I consider them to be synonymous since their primary objective is ensuring security.

They lack native integration and instead exhibit interdependence. I believe their collaboration is essential in order to fully utilize their capabilities and optimize the user experience. It is crucial for them to function together in order to achieve maximum benefits and enhance overall performance.

The main differentiating factor is the expanded scope of Microsoft 365 Defender, which is evident as the primary distinction. Our utilization includes Microsoft 365 for cloud applications and Microsoft 365 for Office Microsoft 365 applications. However, when it comes to Exchange Online Protection, its functionality is exclusively focused on email boxes.

Microsoft 365 Defender provides a broader and more extensive coverage compared to Exchange Online Protection, offering a wider reach in terms of wireless accessibility.

In the past, we used Mimecast for email filtering, and before that, we employed Trendmicro as our spam filtering and email filtering solutions.

I was not involved in the deployment process.

Previously, organizations had to invest in separate third-party filtering solutions to effectively address potential threats and breaches. However, the situation has now improved significantly as Microsoft 365 Defender consolidates all these necessary security measures into the comprehensive Microsoft 365 license. This consolidation brings numerous benefits, making it a win-win scenario for organizations. They no longer need to make additional purchases or manage multiple security solutions, as everything is conveniently available with the Microsoft 365 license.

With an eligible and dependable license like Microsoft 365, there is no need to concern yourself with the purchase of an additional third-party solution, which often comes at a higher cost. 

All these functionalities have been consolidated into a single license, eliminating the need to incur additional costs for third-party solutions such as Google Security for email features and similar functionalities.

The time it takes for us to respond has been significantly reduced. Additionally, the time it takes to detect potential threats has also seen significant improvements.

In situations where Microsoft 365 Defender did not successfully mitigate a potential threat or error, it highlights the need to initiate a new process to address the specific scenario. However, with the current setup, we are now able to detect and prevent such incidents in a timely manner. This proactive approach has saved us from potential future issues and the associated costs that may have arisen. Without Microsoft 365 Defender, it would have been challenging to identify and contain these threats, which could have caused widespread problems throughout the environment. The implementation of Microsoft 365 has effectively stopped such incidents from occurring, mitigating the need for extensive investments to resolve the issues. This positive outcome demonstrates a favorable return on investment, provided we fully understand and leverage the capabilities of the product to its maximum potential.

I believe the pricing is fair and acceptable. I consider it to be reasonable and satisfactory.

If you prioritize security, considering the cost should not be a determining factor. If you truly understand the level of protection offered, you wouldn't be concerned about the price. Instead, you would focus on the value provided. From our perspective, the pricing is reasonable considering the significant benefits and value we currently receive.

We recently transitioned away from those solutions and successfully migrated everyone to Microsoft 365 Defender. Since then, we have been exclusively using Microsoft 365 Defender without any changes up to the present time.

We have no motivation or desire to switch to or explore other products, as we are already satisfied with the quality and value we receive from our current investment.

Optimally managing a combination of various security solutions can be time-consuming and overwhelming. Instead, having a single dashboard where you can consolidate and run all your queries proves to be more efficient. While the intention might be to extract the maximum benefits from multiple solutions, dividing your attention among them hinders the ability to fully leverage each one. Therefore, it is advisable to identify a comprehensive solution that meets your requirements and focus on understanding how to maximize its potential and utilization.

Furthermore, using multiple solutions in an environment can lead to compatibility issues and conflicts. When you have multiple applications performing similar functions, it can complicate matters and potentially cause problems in the future. To avoid such complications and maintain a streamlined setup, it is advisable to stick with a single solution and focus on understanding and optimizing its usage. By doing so, you can ensure better control and avoid potential disruptions that may arise from using multiple conflicting applications.

To truly grasp the value of a service like Defender, it may be challenging for someone who hasn't experienced the need for its intervention firsthand. It is essential to engage individuals who have encountered scenarios where Defender played an important role in saving the day. When evaluating the effectiveness of the solution, it is important to involve those with hands-on experience, who have witnessed the capabilities of the product and understand how to maximize its utilization. The hands-on experience becomes paramount when screening and assessing the proficiency of individuals in dealing with this specific solution.

I would give Microsoft 365 Defender a rating of nine out of ten. The only reason I'm not giving it a perfect score of ten is that it can be quite technical for someone who is just starting out. Additionally, there may be occasional false positives and negatives, which is not unique to Defender but is a common occurrence in various software and security applications. However, apart from these minor aspects, I consider Microsoft 365 Defender to be an excellent solution overall.

Private Cloud

Microsoft Azure