Microsoft Defender XDR Reviews

My main use case for Microsoft Defender XDR is security operations.

The feature I like the most in Microsoft Defender XDR is called attack disruption; it's an automatic feature of the tool that stops attacks automatically.

Microsoft Defender XDR is very comprehensive, covering a lot of the services, tools, and applications that we use, so it's very efficient, and it works out of the box.

Microsoft Defender XDR has improved the efficiency of my SOC team significantly; it saves them time, and it simplifies the messaging, resulting in consistent messaging.

Microsoft Defender XDR can be improved as a solution because it's still quite costly; it's part of E5, E5 security, so the cost is still quite high, especially considering SME and C customers, or SMB customers. The cost to get to full XDR is sometimes still prohibitive.

I have been using Microsoft Defender XDR for the last two years, and it's a fairly new product.

I have used customer service support at some point; it's very challenging, sometimes rating four, sometimes an eight, so perhaps a six. You have to work through many contacts before you get to a decent level of technical capability.

I would describe the deploying experience of Microsoft Defender XDR as seamless, taking days to hours, not weeks to months; it's very quick, and the onboarding is quite straightforward and easy.

I have seen a return on investment from Microsoft Defender XDR; certainly, consolidation from third-party tools provides a good return on investment, absolutely.

Before adopting Microsoft Defender XDR, I considered other third-party solutions such as CrowdStrike, Proofpoint, and Mimecast, as examples.

I chose Microsoft because of the skills to support it, the return on investment we have discussed, and its simplicity, as well as trust in Microsoft's vision and capability; if you consider the Gartner Quadrant, Microsoft is a leader in that space.

With Microsoft Defender XDR, I protect against identity threats, email threats, and endpoint threats, so it's a threat protection tool for us.

The process of using Microsoft Defender XDR to prioritize incidents in my security is done automatically by the tool.

Microsoft Defender XDR is excellent; it saves time, especially for my team that deals with hundreds of incidents.

I perceive the integration of security and identity access management as key; it's absolutely key for us. We need that integration because identity is the control plane, so that integration for us is key.

I assess the AI integration in Microsoft Defender XDR as working; it's still developing, new technology, but I would rather have the AI capability than not.

I am not familiar with the impact of predictive shielding on my proactive security measures.

I assess the stability and reliability of Microsoft Defender XDR as very good; it's five nines, isn't it? The reliability is generally very, very good.

I would rate this review a 9.

As an MSSP, we work with customers who have Microsoft Defender XDR. We manage it for them 24/7 and 365 days, acting as an extension of their team. We leverage what they've got in their licensing, often E5 or E3 with the security add-on, to get the best information for our analysts to improve investigations, triage, and respond on their behalf, as the XDR stack allows us to do this extremely well.

We do this for a lot of different customers. We've got customers all across the country. Some of them have global distribution, so it's pretty significant.

The incident-level visibility across the cyber attack chain when using Microsoft Defender XDR is great. The biggest advantage is having a more integrated platform. What we've seen by working with customers who have disparate technologies is that those are rarely implemented properly. They don't have good configurations or the right configurations turned on, and then they do not get the value out of those products, and those products aren't working together. Technologies that aren't implemented properly or lack good configurations fail to deliver value. When we implement Microsoft Defender XDR, we see a more integrated experience with better telemetry, giving us clearer insights into their environment as compared to using disparate products.

Due to this integrated approach, the impact of using Microsoft Defender XDR on our SecOps team's effectiveness in handling cybersecurity incidents is fantastic. We've worked with other products in the past that weren't as powerful or robust. Since making the switch, our customers are benefiting more from these products working together, providing a full picture rather than just a piece of the pie.

Microsoft Defender XDR's capability to automatically disrupt advanced cyber attacks is awesome. The automations in play are fantastic, although we often opt for manual investigation to ensure that the automated actions taken were the correct responses. From a first-level response perspective, it's extremely powerful.

We use Microsoft Defender XDR to manage and secure hybrid identities. In terms of access management, it gives a lot more provisional access, where we can make sure that we've got the right access for the right level of employee. As they change profiles or leave, we can go and change pretty easily, so that all this access is not floating around in the customer's environment.

The feature of Microsoft Defender XDR that I preferred the most traditionally was its focus on endpoint protection, but now identity is right up there with endpoint security. Identity is important because different compromises start at the identity level. This allows us to understand what actions are being taken, who is doing them, and whether it is actually them. It provides better information for us to assess the situation, decide if it's real, and determine if further investigation is needed.

Microsoft Defender XDR can be improved with continued development of automations and automated playbooks, but overall, we've been really happy with it, and I don't have a long list of changes I would make.

The customer support aspect can be better because it's the biggest complaint I hear about Microsoft. They can improve the ease of support and licensing processes.

I have been using Microsoft Defender XDR for about a year and a half or two years. We use it for our customers. We manage it for them.

The stability and reliability of Microsoft Defender XDR is fantastic.

Microsoft Defender XDR scales extremely well with our company's growing needs, especially if Intune is in place. As we build out operations, such as during M&A, having everything set up allows us to migrate customers seamlessly.

We do a lot of troubleshooting ourselves, so we don't utilize their support frequently. I have heard from customers that it's not the easiest, and sometimes, it can be complex to reach the right person for specific needs, which is an area we prefer to handle ourselves.

Positive

The factors that made us change from other solutions to Microsoft Defender XDR include the issues with disparate tools that promise much but fail to deliver. Once we saw how Microsoft Defender XDR is purpose-built to work together seamlessly, it became clear that we could deploy it. We could witness how it functions as one cohesive platform instead of troubleshooting multiple products.

It's pretty easy, especially if Intune is in place. Otherwise, it can be a little bit complex. That's another area that we lean into. We're trying to get Intune fully deployed. We're working with customers who don't have Intune. We strongly encourage it, or we help them get it. If they don't, we'll get some workarounds, but we'll ultimately try and get them to Intune so that it makes that experience much easier as they continue to add employees. They may go through M&A or bring on a new system.

The biggest return on investment for us is that by being on the platform, we can sunset many legacy tools. Many customers don't realize what they can access through the stack. It enables them to cut out old tools with redundant functionalities, freeing up the budget for their security programs elsewhere.

It can be complex to navigate since customers have varying licensing agreements across Microsoft. If they go straightforward with E5 for all users, it's simple, but combinations based on budget constraints can complicate things.

There are certainly savings when using Microsoft Defender XDR, which can range from 30%, 40%, and even up to 50%. However, outcomes depend on the specific environment and the tools previously purchased that can be replaced.

I did consider other solutions before choosing Microsoft Defender XDR, but it was a quick decision because many of our customers were already moving in that direction. Some of the names I remember include SentinelOne, Cylance back in the day, Sophos, and Symantec. These were among the traditional EDR products we looked at before switching to Microsoft.

Microsoft ranks at the very top among the platforms we considered. We frequently tell customers that if they aren't considering it, they should be, because everyone is using Microsoft in some capacity already. We see better security outcomes. Gartner rates them in the top right quadrant, and consistently, it's recognized at the highest level.

I would rate Microsoft Defender XDR overall as a nine out of ten, as I rarely give a ten.

Microsoft 365 Defender has many use cases. It includes four different services: Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Endpoint, and Microsoft Defender for Cloud Apps.

Microsoft Defender for Identity protects on-premises identities and synchronized identities from on-premises to the cloud. It ensures that identities are not compromised and that domain controllers are protected. This service is especially helpful for large enterprise customers who cannot move to the cloud entirely.

Microsoft Defender for Endpoint ensures that endpoints, such as laptops and mobile phones, are managed and protected. It is important that all four Microsoft 365 Defender services are integrated and share signals with each other. This allows for more comprehensive security and threat detection.

Microsoft Defender for Cloud Apps focuses on application-related issues. It allows us to sanction or unsanctioned applications, manage shadow IT and prevent users from uploading documents to external cloud storage or sending emails with unapproved documents.

Microsoft 365 Defender Portal integrates all four Microsoft 365 Defender services into a single portal. This makes it easier for security engineers to view logs, events, and incidents from all four services in one place.

In addition to Microsoft 365 Defender, it is recommended to have a Security Orchestration, Automation, and Response solution. Microsoft's cloud-native SOAR solution is called Sentinel. Sentinel is a powerful tool that can be customized to meet the specific needs of our organization. It is also cost-effective because we only pay for the features we use.

KQL is a powerful tool that can be used to create custom queries for Microsoft 365 Defender. CQL is similar to the PowerShell language, so it is easy to learn for IT professionals who are already familiar with PowerShell.

The visibility into threats is good. We can see all the information we need using the Microsoft 365 portal. There are recommendations that we need to follow, as well as explanations and descriptions of the threats. These descriptions explain what the threats can do, how they can scale, and how to protect our environment against them. I think that Microsoft is doing a very good job of sharing knowledge with customers, even about zero-day activities that are just being discovered by security researchers. I really appreciate Microsoft's openness and willingness to share this knowledge with its customers.

Microsoft 365 Defender helps us prioritize threats across our environment. This is important because if there is a known threat that we can find within the portal, we can see the information that the threat is trying to access, such as domain contrast. Microsoft 365 also provides us with numbers, values, risks, and scores that point to our environment and indicate which threats are vulnerable. For example, if there are ten Windows server machines that need to be patched, Microsoft 365 will tell us. If we do not patch these servers, they will remain vulnerable and we could be in trouble. Microsoft 365 provides us with a lot of information about our environment, which is very useful. This information helps us to identify and prioritize threats, and to take action to mitigate them.

We integrated Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Cloud Applications, and Microsoft 365 Defender.

With a Microsoft E5 license, all the Microsoft 365 Defender suite services are available. Once we purchase those services, we can get the best value by integrating the solution. This is a one-click process that should be the first step for everyone who has the license and is taking the security solution.

The solutions work together seamlessly to provide coordinated detection and response across our environment. This is important because small and medium-sized businesses cannot afford to have thousands of security analysts monitoring their environments for threats. With these integrations and Microsoft cloud-based solutions, SMBs can outsource their security teams to Microsoft. Microsoft's security team is constantly monitoring for new threats, vulnerabilities, and risky activities. They deliver this information to SMBs through email and other channels. This allows SMBs to focus on their core business activities without having to worry about security.

The comprehensiveness of the threat protection provided by these Microsoft security products is important. It is important to understand how they work, how they are configured, and how they share information with each other. It is also important to understand the activities that they perform and to be able to highlight the important aspects of those activities. This includes understanding what happens, why it happens, what could happen, and what mitigation steps are being taken. All of this information is key to understanding how these products can protect our organization from threats.

Microsoft Sentinel enables us to ingest data from our entire ecosystem. Without being able to share data from our different solutions and products into one data storage, we cannot really monitor that data. If we have visibility on one data storage on one product, and we have visibility on a different product that stores data in different storage, we have to control both separately. With Sentinel, we can have Log Analytics. We have a single Log Analytics workspace where we can ingest data from any solutions, products, external third parties, network appliances, cloud-based solutions, or on-premise-based solutions. We can ingest all this data into Log Analytics sources. Within the Linux workspace, something is based on top of that and is capable of monitoring the logs and finding suspicious activities.

Microsoft Sentinel enables us to investigate threats and respond holistically from a single location. This is the most important feature of any cloud-based SIEM solution. We must be able to take action immediately, and with Sentinel, we can do just that.

Given Microsoft Sentinel's built-in SOAR capabilities, UEBA, and threat intelligence, the security protection provided is comprehensive. The integrations and AI-based, machine learning-based features built into Sentinel are the main pillars of the cloud-based security solution. This is how a next-generation security solution should be built. It should help prepare and maintain security by integrating with other services. It is not enough to simply configure Sentinel wisely. Microsoft must also continue to improve the service by adding new features. Thanks to these basic pillars, Microsoft can continuously improve Sentinel.

When we first set up Microsoft Sentinel, we can define which logs we want to ingest and how long we want to keep them. We can configure the retention period for each log type. The retention period determines how long Microsoft Sentinel will store the data before it is deleted. There are three types of logs that we can ingest into Microsoft Sentinel without paying for them, Audit logs, Microsoft 365 change logs, and Microsoft 365 online logs. For all other log types, we will be charged for storing the data after 90 days. If we have a Microsoft 365 subscription and we have integrated Microsoft Sentinel with our environment, we can monitor Exchange service for free for 30 days. This is because we can ingest the data for free and we can store the data for 30 days without being charged. It is important to test our environment and configure the retention periods for our logs so that we can understand how much Microsoft Sentinel will cost us. Microsoft Sentinel provides detailed workbooks that we can use to analyze our costs.

Microsoft 365 Defender includes four services and four products, which can help organizations a lot. We don't need to hire as many security analysts. What we need to work on is making sure that the security engineers who are working with the Microsoft 365 Defender suite are up to date on the technology. We need to allow them to study, keep studying, improve, share knowledge, and gain hands-on experience, not just theoretical knowledge. Thanks to the Microsoft 365 developer tenant, we can set up a tenant for testing purposes for free. This is great, and we can all use these developer tenants to test different business use cases and see how they work. Microsoft Defender can help organizations a lot if they are really paying attention to how it should be configured. They should follow Microsoft guidelines on how to prepare each service and how to prepare the environment. 

Microsoft 365 Defender helps automate routine tasks and the findings of high-value alerts. It has a configuration capability that allows us to automate different tasks, which can be very helpful. Automation is always a key goal when purchasing a new product or service, as it can help to streamline processes and save time. When automating a new product or service, it is important to consider the expected results and how they can be best resolved.

When configured correctly, automation can have a significant impact on our security operations. Automation plays a big part in Microsoft 365 and Sentinel Integration. Once we can access the portal, there are services where we can use more automation than in other services. For example, we can configure Microsoft Defender Cloud Apps to automatically block risky applications with a risk score under five. This can be very useful, as it frees us up from having to manually monitor new applications and manually block risky applications. This automation is one of the main goals of the security department. It can take some time and effort to implement, but it is worth it in the long run. With Microsoft, automation is a cost-effective solution.

Microsoft 365 Defender helped eliminate the need for multiple dashboards by providing a single XDR dashboard. In 2020, there were different portals and different dashboards for each service within Microsoft 365 Defender. These services are now being migrated into a single portal, the Microsoft 365 Defender portal. This allows users to view all of their security data in one place, without having to switch between different portals. The integration process is still ongoing, and some features have been removed from the old portals. However, users can still access all of their data by following the new updates and how they are being integrated into the Microsoft 365 Defender portal. Overall, the new Microsoft 365 Defender portal provides a more unified and user-friendly experience for managing security data.

Microsoft 365 Defender Threat Intelligence helps us prepare for potential threats before they hit. Microsoft shares threat-related information they gather from different sources and vendors. They not only describe the threat, but they also recommend activities within our environment to help us protect ourselves. This is a valuable service because it allows us to take steps to mitigate threats before they impact our organization.

Microsoft 365 Defender saves us time. I used to have to open multiple portals to check for threats, but now I can do everything in one place. This has freed up my time so I can focus on other tasks. In addition, Microsoft 365 Defender has helped us to reduce the number of security analysts we need to hire. This is because the solution is able to detect and respond to threats more effectively than we could on our own. Overall, Microsoft 365 Defender has been a valuable addition to our security team. It has helped us to save time.

Microsoft 365 Defender helps us save costs by providing all the information we need in one place. The ability to monitor and respond from one place is a key element of the entire threat investigation process.

Microsoft 365 Defender's most valuable feature is the ability to control the shadow IP.

We found that sometimes integrations work, but testing them can take some time. Sometimes, configurations take much longer than expected. We have a configuration in place that needs to be synchronized with another server. However, the servers are four hours apart, so this can cause delays. In general, I believe that the time it takes to configure and test a service should be shorter. Sometimes, it can take a couple of hours to test a single configuration setting. Other times, it is only ten or fifteen minutes, which is normal. However, sometimes, even immediate actions can be triggered by configuration changes, and some settings can take up to eight hours to complete. I believe that this time can be improved.

Microsoft is making a lot of improvements to its services in a short period of time. This is a good thing, as it means that the services are constantly being updated and improved. However, it can be challenging for customers to keep up with the changes. For example, a customer may read about an update, understand it, and share it with their colleagues and boss. However, it may take days or weeks to test the update and get the necessary approvals. This can be especially challenging for large customers with many users or machines. In some cases, Microsoft may change a service before the customer has had a chance to implement the previous update. This can be frustrating for customers, as it means that they have to constantly learn new things and adjust their workflows.
On the one hand, it is important for Microsoft to keep updating and improving its services. This helps to ensure that the services are meeting the customers' needs and that they are staying ahead of the competition. Microsoft should also be mindful of the challenges that these changes can create for customers. One way to address this challenge is to provide customers with more time to implement changes. Microsoft could also provide more information about upcoming changes so that customers can plan ahead. Ultimately, Microsoft needs to strike a balance between keeping its services up-to-date and providing customers with a smooth transition to new features.

I have been using Microsoft 365 Defender for six years.

Microsoft 365 Defender is stable.

Microsoft 365 Defender is scalable.

We have users across different areas in Europe. We provide support to multiple companies that use Microsoft 365 Defender, with user counts ranging from 1,000 to 10,000.

The technical support quality varies depending on who responds to our call.

Positive

I previously used Zimperium, which is one of the top three mobile security platforms in the world. Our organization decided to purchase the Microsoft 365 E5 license, which includes Microsoft Defender for Endpoint services that can be used to protect mobile devices against mobile threats. Once our contract with Zimperium was over, we transitioned all of our mobile devices to Microsoft Defender for Endpoint. We moved from the old solution to Microsoft because they provide a great service. They provide a lot of features, and they also provide a very good price.

The cost of Microsoft products depends on several factors, including contract negotiations, the number of licenses needed, the length of the contract, the type of contract, and whether the organization is a long-term partner or a new customer. Microsoft is constantly adding new features, which can cause the price to increase. However, the cost is worth it to protect the environment. Currently, no other company can provide such a complex product at such a competitive price and be as responsive to end-user feedback and continuous improvement.

On average, we pay around 55 euros per user for the services and features we receive. This is a good value for a large company, but it may be too expensive for a small business.

I give Microsoft 365 Defender an eight out of ten.

Microsoft 365 Defender can be complex, the engineers should follow the updates and ensure that they have up-to-date knowledge of the services and products.

I prefer Microsoft Defender for Cloud Apps. It is the most customizable and feature-rich solution of the three. I like that we can fine-tune security controls to specify what applications can do or what users can do within an application. This is possible due to the integration with Microsoft Defender for Endpoint, Microsoft Information Protection, and Intune or Microsoft Endpoint Manager. This allows us to block activities that we do not want to allow in our corporate environment. We can also scope the solution to user applications, document types, classifications, and whether the device is compliant.

Microsoft 365 Defender services are still new to many customers. Some customers do not even have a Microsoft 365 license, so they cannot use these services. Once we purchase a license, we have access to these services. However, these services are new to our environment. We need to ensure that we have a security engineer with experience in these services. We can either hire an engineer or contract with one. We also need to ensure that the engineer shares their knowledge with our existing security engineers. This will ensure that everyone is on the same page and knows how to use the services. We also need to have a design for how we will use these services. We need to have a clear picture of what we want to achieve. This can take months or years, especially for large companies. If we are a large company, we may also need to move away from our current solutions. Our current solutions may not be cloud-based. We may still have contracts with other vendors for one or two more years. We will need to have a plan for how we will migrate our services to Microsoft 365. This can be a lot of time and effort. We need to prioritize the tasks that we want to onboard and decide which services we want to use or configure. This is an issue for a large company. For a small company with only a few users, this can be much easier and go much faster.

The number of people required for Microsoft 365 Defender maintenance is based on the number of users in the organization.

We use Microsoft Defender XDR on our Tier Zero and Tier One data center systems. We also push it onto our endpoints, so we have full coverage.

We are using Microsoft Defender XDR to manage secure hybrid identities; we are still in a hybrid scenario.

One of the key security principles is to block closest to the source; Microsoft Defender XDR really operates closest to the source. It follows that foundational principle, because if you can't secure your local endpoint, then why wait for it to cross the WAN, the LAN?

We have Microsoft Defender XDR across the whole enterprise, with the exception of Linux systems. It's pretty much pushed across the whole enterprise. We also have it on macOS systems, so it's on both Windows and Macs. Microsoft Defender XDR has been pretty stable across all those environments. I don't have any issues.

In terms of visibility, we feed data to a different SIEM product. For our SIEM product, we use a completely different vendor, but it works flawlessly.

Microsoft Defender XDR's capability to automatically disrupt advanced cyber attacks is very effective. We can tune it accordingly, and it can prevent attacks.

For effective handling of cyber attacks, it's all automation at this point. We have correlation rules and automation playbooks in place. Our SOC team only gets involved if it's a VIP user or requires a white glove service, but other than that, it's automated. It is pretty much set-it-and-forget-it.

There are so many features, and it's rich. It's the best agent for Windows devices, though I would say it's not the best for Linux systems. We have a completely different XDR solution for Linux systems, only because it only provides telemetry on the Linux side and doesn't have root access, but on the Windows side, it is pretty solid.

On the Windows side, Microsoft Defender XDR is definitely integrated into the operating system. Once we have it on the security dashboard, we can see a real-time storyline. It's one of the pivotal things that I have seen from the native Microsoft product versus other solutions. With the storyline, we're able to see and click on certain red alerts or signals that are high in fidelity and very concerning. With other products, although you can feed them into a SIEM, you don't have that timeline, which is very valuable.

The improvements to Microsoft Defender XDR would probably go on the Linux side. There's still some more work to be done there. 

Additionally, the limited terminal live access an analyst has is very restricted. If they could expand the commands that an analyst can perform remotely to triage and handle incidents more effectively, that would be beneficial.

I have been using Microsoft Defender XDR for over five years.

Having Microsoft Defender XDR across all those environments has been pretty stable; I don't have any issues. It provides high-fidelity signals. I don't see a lot of false positives. That has to do a little bit more with tuning of our dashboard, but overall, it provides high-fidelity signals for sure.

Microsoft Defender XDR scales pretty well. We have a big network with two data centers, and it performs as required.

I have never actually had to open a case for Microsoft Defender XDR.

Positive

Prior to adopting Microsoft Defender XDR, we were using a legacy antivirus solution.

We made the switch because Microsoft Defender XDR represents next-generation level security. We were depending on signatures and definitions, which is the old model.

We have used AWS, Azure, and GCP clouds for deployments.  It is easy and flawless. It's built into our image, and we also use Intune. It's a set-and-forget type of scenario.

We have seen a return on investment with Microsoft Defender XDR. Previously, it took us hours and even days to locate an infected endpoint on the network. We are able to receive real-time alerting. We can quarantine and isolate a device within minutes. It is a big transformation.

We evaluated other solutions prior to switching to Microsoft Defender XDR. We went through the whole RFP process, scoring a minimum of five different solutions and ultimately choosing this product as a winner.

I would rate Microsoft Defender XDR a nine out of ten.

Our primary use of Microsoft Defender XDR is for threat hunting and monitoring potential threats entering through email and URLs. We use the full suite, including Defender for Endpoint, Defender for Office 365, and Defender for CloudOps, especially now that we have upgraded to M5.

Microsoft Defender XDR has significantly improved our operational security. We've observed a notable decrease in click rates since implementing attack simulations, and the overall response to these campaigns has been positive.

Since activating the M5 feature set, we have observed a decrease in malicious clicks and faster incident alerts.

The Email Explorer feature has proven invaluable, offering a broader perspective than automated alerts and incidents alone. Its comprehensive view has simplified the process of targeting and identifying specific threats, including those initially missed but subsequently flagged, enhancing our overall threat detection capabilities.

Microsoft Defender XDR could be improved in terms of speed, especially backend speed. Additionally, some of the automated workflows in Intune, particularly the zero-hour purge, do not always trigger promptly.

I have been using Microsoft Defender XDR for two years now.

Microsoft Defender XDR has maintained high stability despite various service alerts. These alerts are targeted and informative, clearly indicating any potential functionality issues. The service has remained consistently online, with any issues isolated to specific components, suggesting a well-designed and modular architecture.

Our company has not experienced any scalability issues. As a medium-sized XDR company, scaling has not presented any challenges.

The technical support from Microsoft Defender XDR has been disappointingly slow, to the point that I am considering not renewing my unified support contract. However, I have not yet made a final decision.

Negative

We previously used Mimecast for email and Cylance for endpoints. We did not have any solutions for cloud apps. We switched to Microsoft Defender XDR because we already had the licensing for it, and it did not make sense to pay twice for a similar product.

The initial setup of Microsoft Defender XDR was straightforward, and we have not encountered any deployment issues. It was easy to manage with the bundled features.

We did not use an integrator, reseller, or consultant for the deployment of Microsoft Defender XDR. Most of the deployment was done in-house.

Ever since we turned on the M5 feature set back in June, we have seen a reduced number of potentially malicious clicks and faster alerting when incidents occur. It has improved our security posture.

The bundling of software makes it easier to manage our setup, but Microsoft purposefully obfuscates this through marketing ploys to hide costs. Although this can be challenging, ultimately, it simplifies budgeting.

We evaluated several options before switching to Microsoft Defender XDR, but ultimately chose it due to cost-effectiveness, as its features were already included in our existing license, though previously unused.

I would rate Microsoft Defender XDR an eight out of ten. I believe it is underrated by many, and some companies miss out by not knowing how to configure it properly. Microsoft's pricing makes setups difficult to manage, but the overall value is significant.

We use Microsoft 365 Defender to provide cybersecurity to our clients. Microsoft 365 Defender provides real-time alerts which I review and analyze for our clients.

We implemented Microsoft 365 Defender to mitigate the cybersecurity threats our clients were facing. 

Microsoft 365 Defender is a valuable tool for our daily security operations. It provides us with a clear picture of security threats through its alert system, which identifies the origin of the attacks and correlates them with the MITRE ATT&CK framework.

It is user-friendly, loaded with features, and priced cheaper than the competitors.

Microsoft 365 Defender thwarts advanced attacks from spreading within our client's networks by utilizing the MITRE ATT&CK framework to recognize and categorize threats, then automatically taking steps to neutralize them.

Microsoft 365 Defender earns a rating of eight out of ten for its effectiveness in stopping attacks, which has demonstrably improved our security operations.

While Microsoft 365 Defender effectively stops attacks and adapts to new threats, human intervention is necessary for entirely new attack patterns. This is because the system relies on machine learning to identify threats based on past data, and completely new attack patterns wouldn't be recognized yet.

Microsoft 365 Defender enabled us to discontinue the use of other security products and helped save our security team time.

The most valuable features are machine learning, AI, and auto-remediation of non-malicious alerts. The onboarding and offboarding of devices are also seamless and the Windows Autopilot is helpful for our users.

Troubleshooting in Microsoft 365 Defender can be inefficient. Onboarding new devices with communication issues, for instance, requires using Veeam for log investigation and contacting Microsoft support, making the process time-consuming.

The current number of indicators of compromise provided by Microsoft is 15,000, but increasing this number would be beneficial for improving detection capabilities.

I have been using Microsoft 365 Defender for one year.

I would rate the stability of Microsoft 365 Defender ten out of ten.

I would rate the scalability of Microsoft 365 Defender ten out of ten.

Microsoft 365 Defender's technical support team is responsive, offering timely solutions to help our clients resolve their security issues.

Positive

In the past, we relied on both McAfee for antivirus protection and Cybereason Endpoint Detection & Response for advanced threat hunting, but we have since streamlined our security posture by consolidating these functions under Microsoft 365 Defender.

Microsoft 365 Defender is more user-friendly and flexible than Cybereason Endpoint Detection & Response.

Deploying Microsoft 365 Defender is a manageable process for our team of three, who handle our roughly eight thousand servers on an ongoing basis.

Microsoft 365 Defender offers competitive pricing. While purchasing an Azure subscription includes it in a bundled model, the standalone subscription cost for cloud storage and Defender itself remains reasonable, making it an affordable option compared to other security services.

I would rate Microsoft 365 Defender nine out of ten.

It takes some time to see the benefits because it is a large tool with many features that keep changing.

Our clients are enterprise-level.

Maintenance is required.

I recommend Microsoft 365 Defender to others.

We offer an MDR service and use Microsoft Defender XDR with Defender for Endpoint, Defender for Cloud Apps, and Defender for Cloud.

Having Microsoft Defender XDR integrated into our ecosystem has helped provide a single pane of glass for identifying, monitoring, and responding to issues across multiple customers.

From an attack chain perspective, Defender XDR handles phishing and spam emails easily, while Defender for Endpoint manages endpoints effectively. We've drastically improved our user experience. Even though we have Check Point in place, without adding complexity, XDR helps manage a significant baseline, enhancing user productivity by reducing signals significantly. The ability to report phishing is more accessible with the add-on features in Outlook.

It would be beneficial to reduce the number of clicks required to navigate between blades, as the current navigation and breadcrumb system can be a bit confusing. Some inconsistencies exist between blades, which could be improved for a more seamless user and UI experience.

We have used Defender XDR for just over a year now.

The services within our ecosystem have been reliable, meeting their SLAs. However, sometimes the experience feels congested, likely due to increased usage, which indicates high adoption levels.

Microsoft Defender XDR shows tremendous scalability, much more so than on-premises solutions. Microsoft has ensured these capabilities are available for its customers.

Support has gotten better, but there is room for improvement. It's critical to escalate SEV B issues immediately to a domestic engineer. Having a CSAM makes a significant difference.

Positive

I have always worked with Microsoft solutions for the past twenty-five years, expanding my knowledge to include third-party solutions as Microsoft evolves rapidly.

The deployment wasn't intuitive,  but it was simple for me. The documentation helps despite a few gaps when they roll out new features. You need to understand the technology before you implement it. Read up as much as you can before establishing a dev tenant, implementing, testing, and then piloting in production.

I wasn't part of the M&A transition, so I'm unaware if a Microsoft partner was involved. I've served as a consultant with various Microsoft Gold partners, and without those partners, adoption would have been more challenging.

From a support desk perspective, there has been a decrease in support requests and an increase in user productivity. Although I don't have exact statistics, user experience has improved significantly, which is crucial for the company's progress.

Licensing is somewhat confusing, particularly when presenting our pitch decks to stakeholders and leveraging key features in premium SKUs, but we managed with some assistance from Microsoft.

I rate Microsoft Defender XDR 10 out of 10.

Microsoft 365 Defender works together with Exchange Online is my area of specialty.

Microsoft 365 Defender incorporates a capability to identify potentially malicious emails or emails originating from suspicious senders.

Previously, we encountered a significant number of spam emails and suspicious emails, and users were inadvertently interacting with them. However, we have made progress in addressing this issue. We have conducted attack awareness training to educate users on identifying suspicious emails, and Microsoft Defender has played an important role in preventing such emails from reaching our inboxes. As a result, we have noticed a reduction in the volume of spam emails and an increase in the delivery of trustworthy emails. Considering these improvements, I can confidently state that we are in a better position now in terms of email security compared to the past before the implementation of Microsoft 365 Defender.

Within Microsoft 365 Defender, specifically using Advanced Threat Protection, you have the ability to define rules and actions for high-value alerts. 

By using Advanced Threat Protection, you have the capability to conduct thorough investigations and delve deeper into the search for specific threats that you suspect may be present within your organization. 

Within the Microsoft 365 Defender suite, you have access to numerous features that enable you to effectively track and investigate potential threats within your organization.

Automation significantly impacts our security operations in a highly beneficial way. It revolutionizes our approach by providing a centralized IT vendor admin center where we can execute all our search queries and obtain the desired information from a single interface. This unified platform streamlines the entire process by consolidating various components and their respective search processes into one, eliminating the need to navigate through multiple individual interfaces. With Microsoft 365 Defender, we have the convenience of accessing and investigating different areas of interest from a single standpoint. This not only saves us substantial time but also reduces effort and enhances overall efficiency in our security operations.

The consolidation of security operations has had a significant impact on our effectiveness and efficiency. It has resulted in improved response times, enabling us to swiftly pinpoint the potential sources of threats. We have observed a reduction in incident response time, allowing us to address security incidents more promptly. Additionally, the consolidation has enhanced the efficiency of our deployment processes, streamlining our overall security operations. These notable impacts have greatly contributed to our organization's ability to proactively identify and mitigate threats, ultimately bolstering our security posture.

Threat intelligence is an essential component in proactively preparing for potential threats and implementing proactive measures. While I have not personally engaged with this particular feature, it is widely acknowledged that staying informed about current threat intelligence is essential.

Although preventive measures are in place to minimize maintenance issues, there can be instances where threats successfully circumvent those safeguards. However, the capability to detect and identify threats before they cause harm to the system remains a valuable advantage. Anticipating the effects of this specific feature in Microsoft Defender is something I am eager to experience, as it appears to be a fascinating addition to the security measures.

Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment. 

Indeed, the credit-backed simulation feature in Microsoft Defender operates by sending simulated phishing emails to users within the organization based on the configured settings. When a user interacts with the email by clicking on a link or taking any action, they receive a notification informing them that it was a simulated phishing attempt. This simulation serves as a valuable training tool, helping users learn how to detect and respond to phishing emails effectively. By experiencing these simulations, users can enhance their awareness and develop the skills necessary to prevent falling victim to real phishing scenarios in the future. This feature is highly valuable in improving the overall security awareness and resilience of the organization's users.

In terms of visibility, Microsoft 365 Defender offers a comprehensive and detailed overview of threats and potential traces identified within your organization. 

Within Microsoft 365 Defender, you have the ability to configure specific criteria and assign high-risk values to certain indicators. This allows you to align with compliance regulations and establish your organization's threat determination framework. By leveraging Microsoft 365 Defender, you can implement and enforce these criteria to analyze and assess potential threats in your environment. 

I believe that Microsoft has the potential to greatly enhance the efficiency of the application by incorporating advanced capabilities into this feature. By providing users with the ability to customize and tailor threat detection according to their specific needs, Microsoft could significantly improve the overall effectiveness of the application. The addition of advanced capabilities would be a valuable enhancement, complementing the existing features and further strengthening the overall functionality of Microsoft 365 Defender. This would undoubtedly be a welcome and highly beneficial addition to the platform.

Microsoft 365 Defender demonstrates a commendable level of comprehensiveness in its threat protection capabilities. However, it is important to acknowledge that false positives and false negatives can be potential challenges in any security solution.

I primarily focus on using two key features within Microsoft Defender: the attack training simulation and the threat policies integrated with Azure Guard Protection.

The dashboard is one of the features of this application.

Implementing this solution has proven to be time-saving as it enables us to effectively track down suspicious and malicious attachments that may accompany emails. Even if users tend to click on attachments without much thought, we have successfully prevented and significantly reduced security breaches that were prevalent in our past security architecture. The ability to identify and mitigate potential threats has greatly improved our overall security posture, providing us with enhanced protection against breaches and unauthorized access to our systems. By leveraging this solution, we have experienced tangible benefits in terms of minimizing security incidents and safeguarding our organization's sensitive data and resources.

There was a specific incident where an email was received containing an executable file, and unfortunately, like many other users, this particular user was unaware of the potential risks and clicked on it without hesitation. Consequently, the consequences of this action became evident. 

Microsoft 365 Defender has provided us with the capability to pinpoint the specific machine where the application is currently present, as well as track the actions and steps that the application has already taken on that machine. This is just one example of the numerous areas where Microsoft 365 Defender has proven invaluable in our security operations. 

While providing an exact numerical comparison may be challenging, I can confidently say that the improvement in our response capabilities with Microsoft 365 Defender compared to our previous security architecture is indeed significant.

It is fair to acknowledge that Microsoft 365 Defender, like any software product, is not without its imperfections. There are instances where it may incorrectly flag legitimate emails from trusted senders as spam or exhibit inadequate performance in accurately classifying certain emails.

Aside from that, it's a pretty good solution, and that is for the emails.

However, the main point I want to convey is that for someone who is new to it, using Microsoft 365 Defender will demand a significant amount of effort and a willingness to learn about the product in order to maximize its benefits. It deals with technical aspects and encompasses a broad range of features beyond just the mentioned warranty, such as online exchanges. To effectively utilize Microsoft 365 Defender, it is important to have a thorough understanding of its functionalities.

It may be too complex for beginners to grasp.

In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals. 

Breaking it down into smaller components or enhancing its comprehensibility for end users would serve as a valuable advantage. In fact, it would not only impress others but also motivate them to understand the significance of utilizing I Defender in their specific situations.

At the moment, I have limited knowledge about TripAdvisor and its offerings, so I'm unable to provide comprehensive information. However, based on my current understanding, I believe it would greatly benefit from being more user-friendly and simplifying its features. This would enable users to easily navigate the platform and maximize their experience with it.

I have been working with Microsoft 365 Defender for a year.

To the best of my knowledge, I have never encountered a situation where Microsoft 365 Defender experienced significant crashes or unresponsiveness, aside from occasional instances of false positives and false negatives. I have found the platform to be reliable and self-service oriented, with prompt responses from the provider whenever assistance was needed.

We currently have around a hundred users with Office 365 licenses; however, not everyone has the same plan that includes Microsoft 365 Defender. I was hoping to access the admin dashboard to have a closer look at the settings and configurations, but it seems that access is limited to approximately fifty users.

This is managed by Microsoft you don't have to do anything.  All you have to do is understand how to use it to make it work for you.

Similar to other cloud applications, I believe Microsoft 365 Defender demonstrates excellent scalability by seamlessly accommodating an increasing number of users. It effortlessly scales across these users, eliminating the need for extensive efforts to extend security measures to them. The scalability of Microsoft 365 Defender is highly commendable.

In situations where an email that appears to have properties indicative of spam gets delivered instead of being flagged, it is advisable to contact the technical support team directly. 

Engaging with customer support allows you to understand why such potentially harmful content was allowed into your organization. While Microsoft 365 Defender is an advanced solution, there is always room for improvement, and feedback can help drive future enhancements to make it more effective.

By reaching out to customer support, you can address specific concerns and gain insights into how to optimize the system's performance for better security outcomes in the future.

I would rate the technical support an eight out of ten.

I use Exchange Online Protection in conjunction with exchange mailboxes.

They collaborate closely. Collaborating with one is nearly identical to collaborating with the other due to the overlapping features between Microsoft 365 Defender and Exchange Online. Essentially, I consider them to be synonymous since their primary objective is ensuring security.

They lack native integration and instead exhibit interdependence. I believe their collaboration is essential in order to fully utilize their capabilities and optimize the user experience. It is crucial for them to function together in order to achieve maximum benefits and enhance overall performance.

The main differentiating factor is the expanded scope of Microsoft 365 Defender, which is evident as the primary distinction. Our utilization includes Microsoft 365 for cloud applications and Microsoft 365 for Office Microsoft 365 applications. However, when it comes to Exchange Online Protection, its functionality is exclusively focused on email boxes.

Microsoft 365 Defender provides a broader and more extensive coverage compared to Exchange Online Protection, offering a wider reach in terms of wireless accessibility.

In the past, we used Mimecast for email filtering, and before that, we employed Trendmicro as our spam filtering and email filtering solutions.

I was not involved in the deployment process.

Previously, organizations had to invest in separate third-party filtering solutions to effectively address potential threats and breaches. However, the situation has now improved significantly as Microsoft 365 Defender consolidates all these necessary security measures into the comprehensive Microsoft 365 license. This consolidation brings numerous benefits, making it a win-win scenario for organizations. They no longer need to make additional purchases or manage multiple security solutions, as everything is conveniently available with the Microsoft 365 license.

With an eligible and dependable license like Microsoft 365, there is no need to concern yourself with the purchase of an additional third-party solution, which often comes at a higher cost. 

All these functionalities have been consolidated into a single license, eliminating the need to incur additional costs for third-party solutions such as Google Security for email features and similar functionalities.

The time it takes for us to respond has been significantly reduced. Additionally, the time it takes to detect potential threats has also seen significant improvements.

In situations where Microsoft 365 Defender did not successfully mitigate a potential threat or error, it highlights the need to initiate a new process to address the specific scenario. However, with the current setup, we are now able to detect and prevent such incidents in a timely manner. This proactive approach has saved us from potential future issues and the associated costs that may have arisen. Without Microsoft 365 Defender, it would have been challenging to identify and contain these threats, which could have caused widespread problems throughout the environment. The implementation of Microsoft 365 has effectively stopped such incidents from occurring, mitigating the need for extensive investments to resolve the issues. This positive outcome demonstrates a favorable return on investment, provided we fully understand and leverage the capabilities of the product to its maximum potential.

I believe the pricing is fair and acceptable. I consider it to be reasonable and satisfactory.

If you prioritize security, considering the cost should not be a determining factor. If you truly understand the level of protection offered, you wouldn't be concerned about the price. Instead, you would focus on the value provided. From our perspective, the pricing is reasonable considering the significant benefits and value we currently receive.

We recently transitioned away from those solutions and successfully migrated everyone to Microsoft 365 Defender. Since then, we have been exclusively using Microsoft 365 Defender without any changes up to the present time.

We have no motivation or desire to switch to or explore other products, as we are already satisfied with the quality and value we receive from our current investment.

Optimally managing a combination of various security solutions can be time-consuming and overwhelming. Instead, having a single dashboard where you can consolidate and run all your queries proves to be more efficient. While the intention might be to extract the maximum benefits from multiple solutions, dividing your attention among them hinders the ability to fully leverage each one. Therefore, it is advisable to identify a comprehensive solution that meets your requirements and focus on understanding how to maximize its potential and utilization.

Furthermore, using multiple solutions in an environment can lead to compatibility issues and conflicts. When you have multiple applications performing similar functions, it can complicate matters and potentially cause problems in the future. To avoid such complications and maintain a streamlined setup, it is advisable to stick with a single solution and focus on understanding and optimizing its usage. By doing so, you can ensure better control and avoid potential disruptions that may arise from using multiple conflicting applications.

To truly grasp the value of a service like Defender, it may be challenging for someone who hasn't experienced the need for its intervention firsthand. It is essential to engage individuals who have encountered scenarios where Defender played an important role in saving the day. When evaluating the effectiveness of the solution, it is important to involve those with hands-on experience, who have witnessed the capabilities of the product and understand how to maximize its utilization. The hands-on experience becomes paramount when screening and assessing the proficiency of individuals in dealing with this specific solution.

I would give Microsoft 365 Defender a rating of nine out of ten. The only reason I'm not giving it a perfect score of ten is that it can be quite technical for someone who is just starting out. Additionally, there may be occasional false positives and negatives, which is not unique to Defender but is a common occurrence in various software and security applications. However, apart from these minor aspects, I consider Microsoft 365 Defender to be an excellent solution overall.