Microsoft Defender XDR Reviews

Microsoft 365 Defender works together with Exchange Online is my area of specialty.

Microsoft 365 Defender incorporates a capability to identify potentially malicious emails or emails originating from suspicious senders.

Previously, we encountered a significant number of spam emails and suspicious emails, and users were inadvertently interacting with them. However, we have made progress in addressing this issue. We have conducted attack awareness training to educate users on identifying suspicious emails, and Microsoft Defender has played an important role in preventing such emails from reaching our inboxes. As a result, we have noticed a reduction in the volume of spam emails and an increase in the delivery of trustworthy emails. Considering these improvements, I can confidently state that we are in a better position now in terms of email security compared to the past before the implementation of Microsoft 365 Defender.

Within Microsoft 365 Defender, specifically using Advanced Threat Protection, you have the ability to define rules and actions for high-value alerts. 

By using Advanced Threat Protection, you have the capability to conduct thorough investigations and delve deeper into the search for specific threats that you suspect may be present within your organization. 

Within the Microsoft 365 Defender suite, you have access to numerous features that enable you to effectively track and investigate potential threats within your organization.

Automation significantly impacts our security operations in a highly beneficial way. It revolutionizes our approach by providing a centralized IT vendor admin center where we can execute all our search queries and obtain the desired information from a single interface. This unified platform streamlines the entire process by consolidating various components and their respective search processes into one, eliminating the need to navigate through multiple individual interfaces. With Microsoft 365 Defender, we have the convenience of accessing and investigating different areas of interest from a single standpoint. This not only saves us substantial time but also reduces effort and enhances overall efficiency in our security operations.

The consolidation of security operations has had a significant impact on our effectiveness and efficiency. It has resulted in improved response times, enabling us to swiftly pinpoint the potential sources of threats. We have observed a reduction in incident response time, allowing us to address security incidents more promptly. Additionally, the consolidation has enhanced the efficiency of our deployment processes, streamlining our overall security operations. These notable impacts have greatly contributed to our organization's ability to proactively identify and mitigate threats, ultimately bolstering our security posture.

Threat intelligence is an essential component in proactively preparing for potential threats and implementing proactive measures. While I have not personally engaged with this particular feature, it is widely acknowledged that staying informed about current threat intelligence is essential.

Although preventive measures are in place to minimize maintenance issues, there can be instances where threats successfully circumvent those safeguards. However, the capability to detect and identify threats before they cause harm to the system remains a valuable advantage. Anticipating the effects of this specific feature in Microsoft Defender is something I am eager to experience, as it appears to be a fascinating addition to the security measures.

Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment. 

Indeed, the credit-backed simulation feature in Microsoft Defender operates by sending simulated phishing emails to users within the organization based on the configured settings. When a user interacts with the email by clicking on a link or taking any action, they receive a notification informing them that it was a simulated phishing attempt. This simulation serves as a valuable training tool, helping users learn how to detect and respond to phishing emails effectively. By experiencing these simulations, users can enhance their awareness and develop the skills necessary to prevent falling victim to real phishing scenarios in the future. This feature is highly valuable in improving the overall security awareness and resilience of the organization's users.

In terms of visibility, Microsoft 365 Defender offers a comprehensive and detailed overview of threats and potential traces identified within your organization. 

Within Microsoft 365 Defender, you have the ability to configure specific criteria and assign high-risk values to certain indicators. This allows you to align with compliance regulations and establish your organization's threat determination framework. By leveraging Microsoft 365 Defender, you can implement and enforce these criteria to analyze and assess potential threats in your environment. 

I believe that Microsoft has the potential to greatly enhance the efficiency of the application by incorporating advanced capabilities into this feature. By providing users with the ability to customize and tailor threat detection according to their specific needs, Microsoft could significantly improve the overall effectiveness of the application. The addition of advanced capabilities would be a valuable enhancement, complementing the existing features and further strengthening the overall functionality of Microsoft 365 Defender. This would undoubtedly be a welcome and highly beneficial addition to the platform.

Microsoft 365 Defender demonstrates a commendable level of comprehensiveness in its threat protection capabilities. However, it is important to acknowledge that false positives and false negatives can be potential challenges in any security solution.

I primarily focus on using two key features within Microsoft Defender: the attack training simulation and the threat policies integrated with Azure Guard Protection.

The dashboard is one of the features of this application.

Implementing this solution has proven to be time-saving as it enables us to effectively track down suspicious and malicious attachments that may accompany emails. Even if users tend to click on attachments without much thought, we have successfully prevented and significantly reduced security breaches that were prevalent in our past security architecture. The ability to identify and mitigate potential threats has greatly improved our overall security posture, providing us with enhanced protection against breaches and unauthorized access to our systems. By leveraging this solution, we have experienced tangible benefits in terms of minimizing security incidents and safeguarding our organization's sensitive data and resources.

There was a specific incident where an email was received containing an executable file, and unfortunately, like many other users, this particular user was unaware of the potential risks and clicked on it without hesitation. Consequently, the consequences of this action became evident. 

Microsoft 365 Defender has provided us with the capability to pinpoint the specific machine where the application is currently present, as well as track the actions and steps that the application has already taken on that machine. This is just one example of the numerous areas where Microsoft 365 Defender has proven invaluable in our security operations. 

While providing an exact numerical comparison may be challenging, I can confidently say that the improvement in our response capabilities with Microsoft 365 Defender compared to our previous security architecture is indeed significant.

It is fair to acknowledge that Microsoft 365 Defender, like any software product, is not without its imperfections. There are instances where it may incorrectly flag legitimate emails from trusted senders as spam or exhibit inadequate performance in accurately classifying certain emails.

Aside from that, it's a pretty good solution, and that is for the emails.

However, the main point I want to convey is that for someone who is new to it, using Microsoft 365 Defender will demand a significant amount of effort and a willingness to learn about the product in order to maximize its benefits. It deals with technical aspects and encompasses a broad range of features beyond just the mentioned warranty, such as online exchanges. To effectively utilize Microsoft 365 Defender, it is important to have a thorough understanding of its functionalities.

It may be too complex for beginners to grasp.

In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals. 

Breaking it down into smaller components or enhancing its comprehensibility for end users would serve as a valuable advantage. In fact, it would not only impress others but also motivate them to understand the significance of utilizing I Defender in their specific situations.

At the moment, I have limited knowledge about TripAdvisor and its offerings, so I'm unable to provide comprehensive information. However, based on my current understanding, I believe it would greatly benefit from being more user-friendly and simplifying its features. This would enable users to easily navigate the platform and maximize their experience with it.

I have been working with Microsoft 365 Defender for a year.

To the best of my knowledge, I have never encountered a situation where Microsoft 365 Defender experienced significant crashes or unresponsiveness, aside from occasional instances of false positives and false negatives. I have found the platform to be reliable and self-service oriented, with prompt responses from the provider whenever assistance was needed.

We currently have around a hundred users with Office 365 licenses; however, not everyone has the same plan that includes Microsoft 365 Defender. I was hoping to access the admin dashboard to have a closer look at the settings and configurations, but it seems that access is limited to approximately fifty users.

This is managed by Microsoft you don't have to do anything.  All you have to do is understand how to use it to make it work for you.

Similar to other cloud applications, I believe Microsoft 365 Defender demonstrates excellent scalability by seamlessly accommodating an increasing number of users. It effortlessly scales across these users, eliminating the need for extensive efforts to extend security measures to them. The scalability of Microsoft 365 Defender is highly commendable.

In situations where an email that appears to have properties indicative of spam gets delivered instead of being flagged, it is advisable to contact the technical support team directly. 

Engaging with customer support allows you to understand why such potentially harmful content was allowed into your organization. While Microsoft 365 Defender is an advanced solution, there is always room for improvement, and feedback can help drive future enhancements to make it more effective.

By reaching out to customer support, you can address specific concerns and gain insights into how to optimize the system's performance for better security outcomes in the future.

I would rate the technical support an eight out of ten.

I use Exchange Online Protection in conjunction with exchange mailboxes.

They collaborate closely. Collaborating with one is nearly identical to collaborating with the other due to the overlapping features between Microsoft 365 Defender and Exchange Online. Essentially, I consider them to be synonymous since their primary objective is ensuring security.

They lack native integration and instead exhibit interdependence. I believe their collaboration is essential in order to fully utilize their capabilities and optimize the user experience. It is crucial for them to function together in order to achieve maximum benefits and enhance overall performance.

The main differentiating factor is the expanded scope of Microsoft 365 Defender, which is evident as the primary distinction. Our utilization includes Microsoft 365 for cloud applications and Microsoft 365 for Office Microsoft 365 applications. However, when it comes to Exchange Online Protection, its functionality is exclusively focused on email boxes.

Microsoft 365 Defender provides a broader and more extensive coverage compared to Exchange Online Protection, offering a wider reach in terms of wireless accessibility.

In the past, we used Mimecast for email filtering, and before that, we employed Trendmicro as our spam filtering and email filtering solutions.

I was not involved in the deployment process.

Previously, organizations had to invest in separate third-party filtering solutions to effectively address potential threats and breaches. However, the situation has now improved significantly as Microsoft 365 Defender consolidates all these necessary security measures into the comprehensive Microsoft 365 license. This consolidation brings numerous benefits, making it a win-win scenario for organizations. They no longer need to make additional purchases or manage multiple security solutions, as everything is conveniently available with the Microsoft 365 license.

With an eligible and dependable license like Microsoft 365, there is no need to concern yourself with the purchase of an additional third-party solution, which often comes at a higher cost. 

All these functionalities have been consolidated into a single license, eliminating the need to incur additional costs for third-party solutions such as Google Security for email features and similar functionalities.

The time it takes for us to respond has been significantly reduced. Additionally, the time it takes to detect potential threats has also seen significant improvements.

In situations where Microsoft 365 Defender did not successfully mitigate a potential threat or error, it highlights the need to initiate a new process to address the specific scenario. However, with the current setup, we are now able to detect and prevent such incidents in a timely manner. This proactive approach has saved us from potential future issues and the associated costs that may have arisen. Without Microsoft 365 Defender, it would have been challenging to identify and contain these threats, which could have caused widespread problems throughout the environment. The implementation of Microsoft 365 has effectively stopped such incidents from occurring, mitigating the need for extensive investments to resolve the issues. This positive outcome demonstrates a favorable return on investment, provided we fully understand and leverage the capabilities of the product to its maximum potential.

I believe the pricing is fair and acceptable. I consider it to be reasonable and satisfactory.

If you prioritize security, considering the cost should not be a determining factor. If you truly understand the level of protection offered, you wouldn't be concerned about the price. Instead, you would focus on the value provided. From our perspective, the pricing is reasonable considering the significant benefits and value we currently receive.

We recently transitioned away from those solutions and successfully migrated everyone to Microsoft 365 Defender. Since then, we have been exclusively using Microsoft 365 Defender without any changes up to the present time.

We have no motivation or desire to switch to or explore other products, as we are already satisfied with the quality and value we receive from our current investment.

Optimally managing a combination of various security solutions can be time-consuming and overwhelming. Instead, having a single dashboard where you can consolidate and run all your queries proves to be more efficient. While the intention might be to extract the maximum benefits from multiple solutions, dividing your attention among them hinders the ability to fully leverage each one. Therefore, it is advisable to identify a comprehensive solution that meets your requirements and focus on understanding how to maximize its potential and utilization.

Furthermore, using multiple solutions in an environment can lead to compatibility issues and conflicts. When you have multiple applications performing similar functions, it can complicate matters and potentially cause problems in the future. To avoid such complications and maintain a streamlined setup, it is advisable to stick with a single solution and focus on understanding and optimizing its usage. By doing so, you can ensure better control and avoid potential disruptions that may arise from using multiple conflicting applications.

To truly grasp the value of a service like Defender, it may be challenging for someone who hasn't experienced the need for its intervention firsthand. It is essential to engage individuals who have encountered scenarios where Defender played an important role in saving the day. When evaluating the effectiveness of the solution, it is important to involve those with hands-on experience, who have witnessed the capabilities of the product and understand how to maximize its utilization. The hands-on experience becomes paramount when screening and assessing the proficiency of individuals in dealing with this specific solution.

I would give Microsoft 365 Defender a rating of nine out of ten. The only reason I'm not giving it a perfect score of ten is that it can be quite technical for someone who is just starting out. Additionally, there may be occasional false positives and negatives, which is not unique to Defender but is a common occurrence in various software and security applications. However, apart from these minor aspects, I consider Microsoft 365 Defender to be an excellent solution overall.

We use the entire 365 security package. Defender XDR is primarily used for real-time malware scanning. Our company has about 1,500 endpoints. 

Before Defender, we used a different tool but were unhappy with its performance and frustrated with the deployment. Defender offers real-time scanning and alert notifications.

By adopting the Microsoft stack, we have eliminated other security solutions. Defender XDR reduces manual work. Our organization manages more than 1,500 systems, and manual intervention on all these systems would be a huge workload. Cloud solutions are easier to manage and monitor. 

We are a massive Microsoft shop. We see significant savings by getting all of our security from one vendor. There is a considerable drop compared to buying from other vendors. 

Defender XDR enables you to scan a system remotely and get a complete inventory of its assets. You can gather more information from the asset inventory and apply threat intelligence using Office 365 or something. It's a user-friendly, cost-effective, and feature-rich solution. The XDR features offer considerable value because you get more insights from your user systems.

Microsoft Defender XDR stops the movement of advanced attacks by working with the complete 365 package. For example, you can create rules for email filtering to block phishing emails. I can create rules for email filtering. If there are any suspicious links in an email or its attachments, we can quarantine that email. It notifies the admin or the user.  The user can ask the admin to remove the email from the quarantine. We can investigate the email before it reaches the endpoint. Defender also has web content filtering and all the other EDR file features.

Defender's ability to adapt to evolving threats is critical today. The number of attacks today is multiplying, and Defender's adaptability and awareness are amazing.

The initial time spent setting up and configuring Defender XDR is a bit longer than the other solutions. If everything were on one portal, the platforms for managing policies or alerts would be simpler. We must automate and manage policies on Intune rather than the same portal.

I have used Microsoft Defender XDR for nearly 14 months.

I am very satisfied with Defender's stability. It's a reliable solution that improves our confidence in our security.

I rate Microsoft support seven out of 10. I would like Microsoft's support to be a little more robust and technical.

Neutral

Deploying Defender XDR is pretty straightforward. We deployed it in phases with deadlines. It took a couple of months. We met all our deadlines, and it wasn't a very complex solution to implement. 

We prepared and configured the tenant. Next, we created XDR policies and groups and orchestrated our requirements. We tried pushing the policies to see if the endpoints received them and sent the required information back to the admin portal. There was a testing period before we went live. Deployment only required two people. 

Defender doesn't require much maintenance after deployment because it's a cloud-based solution. We only need to tweak and update the policies, then push them out. 

Defender XDR is reasonably priced based on the licenses we need and the solution's capabilities. At the same time, Defender is a little pricier than some of the other solutions. 

We also considered CrowdStrike and Trend Micro. Trend Micro came the closest to meeting our expectations. Ultimately, we decided to use Defender XDR because we already used most of the Microsoft products, so it was a little more cost-effective. 

I rate Microsoft Defender XDR nine out of 10. Before deploying Defender XDR, potential users should be informed about the pricing, support, and the labor required to manage, maintain, and deploy the solutions. 

Microsoft 365 Defender is used for our threat policies, configuration, and security protection.

The current level of threat visibility is good.

Microsoft 365 Defender helps prioritize threats across our enterprise which is important for our organization.

The mail component within our organization is the most critical part and Microsoft 365 Defender plays a big part in protecting that component. 

We have integrated Microsoft 365 Defender with Defender for Cloud, and Sentinel. Integrating the solution with Defender for Cloud is easy. 

The integrated solutions work natively together to deliver a coordinated detection and response across our environment which is important for our organization.

The comprehensiveness of the threat-protection that Microsoft products provide is good.

The bidirectional sync capability of Defender for Cloud is important for our organization.

The bidirectional sync of Defender for Cloud helps us secure our network.

Microsoft Sentinel allows us to investigate data from our entire ecosystem.

The ingestion of data to our security operations is critical and Sentinel does a better job than the other solutions we tried.

Microsoft Sentinel enables us to investigate threats and respond holistically from one place which is important for us.

The built-in UEBA and threat intelligence capabilities are good.

Microsoft 365 Defender helps our organization by detecting false positives.

Our Microsoft security solutions help automated to retain tasks and help automate the finding of high-value alerts.

The automation has helped us with our playbook.

The solution has helped eliminate multiple dashboards by providing one XDR dashboard.

Having one XDR dashboard allows us to react to threats faster.

Microsoft 365 Defender's threat intelligence helps us prepare proactively for potential threats before they hit.

Microsoft 365 Defender has saved us between one and three months of time.

Microsoft 365 Defender has saved us time to detect and respond.

We have saved a significant amount of money with the implementation of Microsoft 365 Defender. Prior to using this solution, we encountered costly incidents.

All of the security components are valuable including, antiphishing, antispam, and stage three antivirus.

Additional visibility into log analytics would be beneficial. For instance, if an attachment was affected by malware, it would be helpful if Microsoft 365 Defender could provide more specific details about the origin of that particular malware, such as where it originated from. Any additional information in this regard would be greatly appreciated.

The integration of Microsoft 365 Defender with Sentinel is a bit complex when integrating custom connectors.

The cost of using Microsoft Sentinel is dependent on the size of the data the solution will ingest. I would like Microsoft to provide proper guidance on the sizing so we know what we will be spending.

Technical support has a lot of room for improvement. The support team is not competent or responsive.

I have been using the solution for one year.

Microsoft 365 Defender is stable.

Microsoft 365 Defender is scalable.

The quality of technical support we receive is poor. We encounter difficulties while dealing with the support team, even for critical incidents. Moreover, we always receive a response from the same engineer. However, they are not cooperative in using Microsoft Teams or joining a call with our clients.

Negative

The initial setup is straightforward. The deployment was completed by two people and required seven to eight days.

The implementation was completed in-house.

The licensing fee for Microsoft 365 Defender is fair.

I give the solution a seven out of ten.

The solution is deployed across multiple locations.

We have 5,000 users.

We have three administrators for the solution.

When an organization is already using other Microsoft solutions it is best to use Microsoft 365 Defender because of the seamless integration.

Microsoft 365 Defender is not difficult to implement and can be utilized by anyone.

I work for a managed security service provider, where a dedicated team at our Security Operations Center manages the entire 365 Security Stack for our clients. This means we're constantly monitoring alerts, prioritizing incidents, and responding actively, leveraging automation features where possible. We also play a crucial role in the onboarding process, setting up and integrating security solutions with our platforms for efficient alert management and incident response. Furthermore, we handle policy configuration and hardening, ensuring effective security controls are in place. We actively maintain these policies, fine-tune them as needed, and adapt them to new features and updates, collaborating closely with clients throughout the process. In essence, we own and manage the security platform for our clients, providing them with comprehensive protection and peace of mind.

Microsoft Defender XDR is working towards a unified identity and access management system. While currently, separate role-based access controls exist for different Defender XDR components, a major challenge is that some solutions remain tenant or subscription-based. However, Microsoft has a migration plan in place to address this. We can currently utilize both centralized and individual RBAC models, though it's important to note that the centralized approach is still under development and may not be as user-friendly as the individual models. Nonetheless, the centralized model offers fine-grained control over access permissions, which can be beneficial for organizations with specific requirements or concerns. For instance, we can grant or deny specific analysts the ability to automate remediation or isolation events or to modify security settings. While the level of detail can be overwhelming for those unfamiliar with granular access control lists, it ultimately provides powerful capabilities for managing access to Defender XDR. Overall, Microsoft is actively working to centralize all IAM under a single portal, demonstrating a commitment to improving user experience and access control.

Microsoft Defender offers two main identity protection solutions. Defender for Identity: This is their on-premise Active Directory security solution. It's essential for organizations with on-premise identities and helps analyze specific events within our local Active Directory. Microsoft has been investing heavily in this product, and it has improved significantly in the past year. The second is Microsoft Entra Identity, formerly Azure Active Directory Identity Protection: This is a cloud-based service ideal for organizations with cloud identities in the Office 365 ecosystem. It's almost a mandatory service if we want strong security controls for our open and centrally accessible platform. It excels with risk-based security settings, conditional access policies, and risk-based situations based on device type, compliance, location, and more. It's one of the best solutions within Microsoft 365 SAC due to its ease of implementation, rapid risk reduction, and extensive security features.

Microsoft Defender for Cloud's security reach extends beyond just Microsoft technologies. It analyzes data from various cloud platforms, including AWS and GCP, not just Microsoft Azure. This data feeds into the centralized 365 XDR dashboard, bringing together telemetry, alerts, and advanced features like AI, machine learning, and KQL query support for hunting threats. Defender for Cloud acts as a gateway to this broader security, integrating with individual solutions like app protection for Zoom, Dropbox, and ShareFile. These protected applications generate alerts and data that also flow into the 365 XDR dashboard, providing a unified view of our security posture.

The effectiveness of detecting lateral movement depends on the specific solutions in place and their proper configuration. I have a background in penetration testing, so I've witnessed this firsthand in various environments. Microsoft Defender for Endpoint, an EDR solution, offers a strong chance of preventing initial access, suspicious commands, and remote code execution. This, in turn, helps hinder lateral movement at its earliest stages. It also detects suspicious activity originating from external sources and even alerts on potentially compromised devices that aren't yet onboarded. Microsoft Defender has made significant advancements, providing both active monitoring and passive detection capabilities. For lateral movement specifically involving domain accounts, Defender for Identity, an Active Directory monitoring solution, is adept at detecting similar attacks. These include extracting golden tickets, keys, DCSync attacks, and more. Notably, recent advancements in October introduced artificial intelligence and machine learning capabilities to detect hands-on keyboard threat attacks. This feature is remarkably effective. In my most recent engagement, I successfully identified a known attacker who had compromised a high-profile account and promptly contained that user account. Containment restricts the account's ability to connect to external services. For instance, if the attacker logs in as that user, they're unable to access file shares, Outlook, or other services. This level of protection is challenging to achieve in today's complex organizational environments, as general detection methods often fall short. Behavioral analysis is crucial, and Microsoft has invested heavily in developing these capabilities within its solutions.

Defender's core strength against attacks lies in its ability to adapt to ever-changing threats. Specifically for endpoints, Defender Endpoint serves as the main defense line. It analyzes a wealth of data, beginning with endpoint detection and response through the Defender for Endpoint solution. This solution identifies suspicious activity, generates alerts, and analyzes them. Certain criteria, undisclosed by Microsoft, trigger incident creation when the likelihood of a real threat is high. Properly configured, these incidents automatically trigger investigations, replicating manual SOC analyst work. Investigation packages are collected, analyzing network connections, files, processes, and real-time entities for suspicious activity. Processes can be automatically executed or terminated, quarantined, and files isolated. Continuous monitoring persists until the investigation concludes and is marked as resolved. Additionally, Microsoft Defender continuously searches for and investigates potentially impacted devices related to the original incident, adapting its response as the situation evolves.

Many organizations are replacing their EDR solutions with Microsoft Defender, or upgrading from paid antivirus solutions. While I won't mention specific vendors, consider a common antivirus platform costing two to ten dollars per month for basic protection. We recommend leveraging the free Windows Defender Antivirus included with supported operating systems and adding an EDR solution. Defender Endpoint works seamlessly with native Windows Defender Antivirus, being embedded in the Windows TCP/IP stack, making it an excellent pairing. However, in most cases, both are still desirable. Generally, Defender for Endpoint catches 90 percent of threats, while antivirus covers specific signatures. Defender has made significant strides in endpoint security, so there's no need to underestimate its capabilities. The built-in Defender Antivirus offers many valuable features, and Defender for EDR further enhances them. Although numerous EDR players exist, and individual assessments are crucial, I find Defender for Endpoint very intuitive with excellent incident management. It also boasts a significantly shorter learning curve compared to other EDR solutions I've used.

I'm not utilizing Microsoft Defender XDR in the traditional sense for my organization. Primarily, it's our clients who are using it. It's a bit of a mixed bag. Some clients choose to use the solution even though it might be more expensive, but they gain enhanced protection for their investment. Others can reduce costs because they were previously overpaying for separate EDR solutions, antivirus platforms, and cloud monitoring tools without enjoying their full benefits. For these clients, leveraging the included features within their licensed package proves advantageous. It's fantastic that organizations with the E5 or E5 Security add-ons have access to these powerful features, often without even realizing it. We help bring them to light and enable clients to get them up and running effectively. So, in that sense, they're gaining significant protection and technically saving money.

The centralized dashboard is a huge time saver for several reasons. Previously, each security solution had its dashboard, making it tedious and time-consuming to jump between them and remember all the different URLs. Onboarding new team members was also a hassle, requiring me to curate a list of all the necessary URLs. Combining everything into a single unified dashboard eliminates these issues. Consolidating alerts into distinct categories (alerts and incidents) is another significant advantage. Simply dumping all alerts into one view is ineffective, as many organizations have discovered. Categorization saves valuable time by making it easier to identify and prioritize critical issues. Furthermore, the automated investigation capabilities of XDR in Defender for Endpoint offer significant time savings from an operational perspective. Features like user containment, device auto-quarantine, and native incident investigation workflows streamline the process of reviewing, analyzing, and responding to alerts. Additionally, the ability to collect investigation packages further expedites the incident response process. 

From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave. This is particularly valuable when dealing with multiple vendors, as fragmentation can make achieving this visibility difficult. Microsoft 365 Defender shines when deployed within organizations heavily invested in the Microsoft ecosystem. For those heavily reliant on Defender products like Defender for Endpoint, Defender for Office, and now even Microsoft Sentinel, 365 Defender provides that coveted single-pane-of-glass view, eliminating the need to jump between different dashboards. This centralized view is the key attraction of 365 XDR for organizations already heavily invested in Microsoft tools.

Overall, the unified dashboard is a great step forward. However, for new users unfamiliar with Microsoft and these products, it can be overwhelming. The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense. While it's great for our technical teams and C-Suite to have access to a centralized risk dashboard, it needs to be simplified for less tech-savvy users. The numerous dashboards and interfaces, despite being unified, can be daunting for new users. Ideally, Microsoft could streamline the interface and consolidate information to improve accessibility. When incidents occur, the action center for response actions can be unclear, especially for users unfamiliar with the platform. It can be difficult to find out where, when, and how remediation actions took place. A more intuitive and transparent action center would be helpful.

I've been using Microsoft Defender XDR for four years now. Microsoft has consistently changed the naming, initially using individual dashboards before centralizing everything.

Microsoft Defender is stable. In the time I have been using 365 Defender, we have had only one major case.

Microsoft Defender scales well, especially when considering the specific solutions we choose. Bringing everything into Unified View makes managing this scalability much easier. We've deployed the 365 Defender suite across clients of all sizes, and it consistently demonstrates strong scalability, thanks in part to its low maintenance requirements. This minimal management overhead also contributes to overall scalability.

The technical support quality depends on our support package. If we have standard support, it isn't always the best, but if we have premier support and we pay for that support, it is a lot better. So, again, it goes into the support package, and who we get on the end, I can say they will assign someone pretty quickly and just depends on when they get back to us, kinda how complex our situation is. I don't have as much issue with Microsoft support, but we have premier support.

Neutral

Microsoft could improve the onboarding process for Defender for Endpoint. While the current approach involves deploying a package, I'd prefer more control from the cloud. Ideally, onboarding and offboarding could be managed directly from the console, eliminating the need for additional policy management solutions. While there's no one-size-fits-all solution, Defender for Endpoint's onboarding isn't entirely straightforward. Implementing strong security practices remains crucial, and leveraging existing OS security features is essential. However, some crucial policy settings must be enabled through local policy group policies or Intune, rather than directly from the Defender console. This lack of centralized management, unlike say Microsoft 365 Defender, creates an inconsistency in policy application.

The deployment requires me and one IT admin.

We are the integrator, so we build and implement Microsoft Defender XDR for our clients.

Microsoft Defender XDR is included in our license.

I would rate Microsoft Defender XDR an eight out of ten. It excels in its core functionalities, although there are some areas for improvement. Overall, it's a robust security stack that stands out among its competitors.

Microsoft 365 Defender is more than just a name, it's a comprehensive suite of security solutions. However, the specific services included depend on the licensed SKU purchased by an organization. From a security perspective, having identity and email security is crucial, but ultimately the decision depends on the organization's risk tolerance and budget. Microsoft 365 XDR, a newer name introduced by Microsoft, isn't a separate product, but rather a high-level dashboard that provides an overview of our organization's deployed Microsoft security solutions.

It's difficult to directly compare 365 Defender, a software suite, to XDR, a unified platform for extended detection and response. While organizations could build their central unified view or even find other vendors offering similar solutions, integrating seamlessly with existing infrastructures would be a significant effort. This puts Microsoft in a strong position to provide a unified view, making XDR stand out in this regard. While platforms like SOAR share some similarities in terms of user integration, they don't quite match the comprehensiveness of Microsoft's XDR platform.

Microsoft Defender primarily consists of Software as a Service offering, meaning cloud-based services with minimal hardware maintenance required. Think of it like an online application we access and use, instead of something we install and maintain on our own. Updates to the Defender engine, specifically the Defender for Endpoint Engine, are seamlessly delivered through Windows updates. The other solutions within Defender also require minimal maintenance. Defender for Identity might occasionally suggest health checks to perform, sometimes generating alerts about outdated sensors or new security recommendations from Microsoft, e.g., disabling TLS 1.1. These alerts might arrive via email and often simply require updating sensors to the latest version. However, the specific maintenance needs depend on the individual solution we're using within the Microsoft 365 Defender suite. Overall, we can expect maintenance to be very minimal.

Before diving into new security solutions, take some time to understand your specific needs. Research what areas require the most protection and prioritize accordingly. If you have existing solutions that need replacing, Microsoft offers several options that can seamlessly integrate. However, if you're simply looking to bolster your security posture, there's no need to go all-in at once. Microsoft makes it easy to gradually expand your service offerings and incorporate new security packages. It's worth checking your current license queue, as you may already have access to some of these solutions under your existing Microsoft cloud subscription. Most organizations have some level of Microsoft presence, so depending on your specific SKU, you might already be eligible for these solutions. So, do your research and focus on the areas that require the most immediate attention. Remember, you don't need to jump into everything at once, as Microsoft offers a comprehensive suite of security solutions accessible through the 365 dashboard.

The primary use case involves using Microsoft Defender XDR as a comprehensive security solution. This includes securing endpoints, user devices, SQL databases, containers, and third-party cloud solutions such as AWS and Google Cloud.

Microsoft Defender XDR is a complete package of different Defender solutions, including Defender for Endpoint, Defender for Office 365, Defender for Cloud, and Sentinel SIEM, among others. With Microsoft threat intelligence information, it detects various types of threats, including insider attacks, malicious content, and data exfiltration.

There is no comprehensive visibility, making it less user-friendly. The visibility of different types of threats should be improved. This aspect is not as developed compared to third-party vendors. Improvements are needed in automated response capabilities.

I have been working with Defender XDR for around two years now.

I would rate the stability of the solution as seven out of ten due to compatibility issues across different devices.

The scalability would also be rated as seven out of ten. It is suitable for enterprise-level deployment but has room for improvement.

For technical support, I would definitely give a rating of nine out of ten.

Positive

The setup process is simple; enabling features just requires the right licenses and is essentially an on-off switch on the portal.

I would rate the pricing as eight out of ten, indicating it is a reasonable cost for the product.

Overall, I would give Defender XDR an eight out of ten. While it is a good enterprise solution, there is room for improvement in different areas.

Microsoft Defender XDR is our antivirus solution.

Microsoft Defender XDR provides a unified identity and access management platform.

It does a good job with identity protection.

Including identity and access management within Defender XDR is valuable because it streamlines our organization's security by consolidating multiple tools into one. This eliminates the need to manage and pay for separate solutions and licenses, simplifying our security posture.

Microsoft Defender XDR has improved our visibility, making us more efficient by providing threat details and remediation steps as well as improving our security posture.

It safeguards our organization by preventing advanced threats like ransomware and business email compromise, along with stopping lateral movement within our network that could enable attackers to spread and gain wider access.

It includes the ability to stop attacks and adapt to evolving threats. This is an important feature for us.

We have been enabled to discontinue using Microsoft Sentinel.

Microsoft Defender XDR helps save costs through the licensing for businesses which is around $20 each and helps save time for our security team.

The ability to isolate and address viruses is the most valuable feature of Microsoft Defender XDR.

Just like in any solution, the price can always be cheaper.

I have been using Microsoft Defender XDR for three months.

Microsoft Defender XDR is stable. It has been running smoothly for us.

The support has been perfect.

Positive

To consolidate our security tools and avoid additional costs for a separate EDR solution, we leveraged our existing Microsoft Sentinel license to migrate to Microsoft Defender XDR, which already includes EDR capabilities.

Our initial deployment of Defender XDR onto machines was simple. Onboarding a machine involves configuring settings within Intune for our tenant, allowing Defender XDR to communicate and collect data. The entire deployment process took only two hours and required just one person.

The implementation was completed in-house.

I would rate Microsoft Defender XDR ten out of ten.

No maintenance is required.

I recommend Microsoft Defender XDR for small businesses like ours.

Microsoft Defender XDR is used as an additional layer of protection we moved to Microsoft 365. It helps protect both our cloud infrastructure and endpoints.

We conduct regular phishing tests and have seen a decline in breaches because our users pay more attention to what's coming into their inboxes. We've seen fewer incidents.

The email protection feature is the most valuable because our risks primarily lie there, and it seems to be the most popular target. 

Sometimes, digging into the information and knowing where to go can be difficult. It would be better if much of that information were immediately visible, especially when looking at endpoints or users.

I have used Microsoft Defender XDR for around four years now.

The stability has been great. I haven't noticed many issues.

Regarding scalability, we're not a very large organization, with about three hundred people worldwide, so it has worked for us so far.

I rate Microsoft customer service seven out of 10. I have been able to get the help I need, but I know other technicians have had difficulty getting support.

Neutral

Previously, we had on-prem solutions and used Cisco Firepower as our main security. The pandemic accelerated our switch to Microsoft Defender XDR in 2020, as Skype for Business was going away, leaving Teams as the only option and leading us to look more to the cloud.

Moving all our mailboxes up to the cloud was pretty seamless. There weren't many hiccups, so I thought it went well.

We worked with Softchoice to initially get the ball rolling. They had someone come in to guide us through the steps.

On my side, it's difficult to speak about the return on investment, but we've improved our security posture.

I rate Microsoft Defender XDR an eight out of 10. It functions well for our needs and has not presented many performance issues. It's easy to take action, and we have not found many pain points.

We have it deployed as part of our security stack for our endpoints.

The technicians working on the issues have a clearer idea of a higher priority issue versus a lower priority. 

I like that Defender is easy to use and the alerts are all in one central location.

Some of our older hardware experienced a slight bump in CPU and memory usage. Although I don't have empirical data to back that up, I would suggest possibly more streamlining in the software.

I have been using Defender XDR for seven months.

We haven't had any issues with it, so I don't have any problems with its stability.

From what I have seen, it's easy to roll out to new onboarded machines and servers.

Microsoft support is not very good. You get stuck in low-level support for way longer than you should, instead of them escalating the issue up the chain. This is kind of the same with all Microsoft support, not just XDR.

Positive

We had BitDefender EDR, which is a pretty similar product, but we switched because we were trying to put everything under the Microsoft umbrella. We got good pricing on it and were happy with the results of the testing we did. Defender XDR officers richer insights into Defender XDR. It's a better overall experience. 

I don't personally crunch those numbers, so I don't know. But I know that we're committed to this for the future, so I would assume that we're doing okay.

Defender XDR is priced comparably to other solutions on the market.

I would rate Defender XDR as an eight or a nine. There is always room for improvement.