Microsoft Defender XDR Reviews

I am a consultant responsible for deploying and providing customer support for Microsoft products. We use Defender XDR for endpoint protection. It helps them secure endpoints with an advanced XDR solution that conducts behavior analysis and things like that.

Defender XDR provides more visibility into all the connected services, including the security stack and all the productivity software. They're all integrated. It's much less maintenance and has fewer headaches during integration and setup. Implementing the solution and getting the customer fully protected takes very little time. According to Gartner, it's one of the best solutions on the market,  and it requires a limited amount of time and resources to get it fully operational.

By adopting Defender XDR, our customers have discontinued other security products. The solution can replace products like Kaspersky, McAfee, Trend Micro, and even CrowdStrike. 

It has affected customers' security operations by simplifying permissions and reducing the total cost ownership if we discontinue all the security products that the customers used before. Customers usually save around 20 percent, but it's more than simply replacing one component with another. It replaces several security solutions like email and cloud application protection. If you compare the total cost of ownership of on-prem solutions versus Microsoft, it is better to go with Microsoft. You also get lifetime upgrades for the systems and features that you implement.

Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing. Customers like that the platform provides a single pane of glass for all the security services. Many of them do not have the capacity to support complex systems, so it's better for them to have most of the tools integrated into one platform. 

You can integrate XDR with Microsoft's identity solution Entra ID if you have a premium license. Those tools are fully integrated, but you need to purchase a separate solution called Defender for Identity to get tools to protect identities and connect the Enterprise Data Center with Defender.

Defender XDR's coverage isn't limited to Microsoft products. You can use almost any solution and achieve the same single point of control. For example, you can integrate Microsoft Defender for Cloud Applications, which covers all the cloud service providers. It isn't limited to only Microsoft infrastructure.

Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team.

I have used Microsoft Defender XDR for five years. 

Defender XDR is almost 100 percent stable.

Defender XDR is infinitely scalable. 

I rate Microsoft standard support six out of 10 and premium support eight out of 10. The response times for basic Microsoft support leave much to be desired. It can take up to two weeks to resolve issues if you don't have a support contract. 

Neutral

Deploying Defender XDR is relatively straightforward, but it depends on whether the customer has already integrated its on-premise infrastructure with the Microsoft cloud.

Deployment requires one or two engineers on our side. We determine the scope of the work and the deployment before rolling out the clients to the endpoints. The biggest question is whether the customer already has the network infrastructure prepared for that service based on the Microsoft documentation. For example, we must determine if the endpoints connect directly to the Microsoft cloud or through a proxy server, firewalls, etc.

Defender includes four or five products different products. The most useful is Defender for Endpoint, which typically takes up to two weeks to deploy, while Defender for Office and Defender for Identity take one week to deploy. Defender for Cloud Applications can be deployed in a few days. It also depends on how the customer will use it. If it's being used for compliance, the customer's requirements may be totally different. 

The number of maintenance and administrative personnel depends on the organization's size and the number of solutions deployed. It's hard to calculate how people would be necessary for that particular part of the security ecosystem. However, Defender XDR takes up to three people to manage. 

Defender XDR is expensive, but the cost is justified. Defender is included in an E3 or E5 license. If you don't have a premium Microsoft license and you purchase Defender separately, the whole model will be different. You can also pay extra for premium support. 

I rate Microsoft Defender XDR nine out of 10. I recommend starting it as soon as possible, but you must also plan for any future on-premise solutions that you might bring into the system. Consider any prerequisites you need if you decide to go with the product. The biggest issue is that your network infrastructure needs to be set up according to the Microsoft documentation.

We're using it for our email filtering to check incoming emails and URLs. We're also using it for vulnerability management to see the status of our assets that are registered on the system. We also check it to see what kinds of threats and campaigns are currently being launched via emails.

It provides us with better insight into what's going on across our platform. It has also given us a very easy way to respond when threats or alerts come through. And when looking for someone in particular, it helps with that. It hugely improved our insight into what's going on inside the company's premises and environments.

365 Defender also helps find high-value alerts, but we haven't used it for complete automation. It has some automation features where it can try to block or quarantine things, but beyond the default automation configuration, we haven't explored deeper into using automation. The default settings work well.

And while we've always used one or two dashboards, this system has made it easier to have a quick overview on a single platform.

In addition, the threat intelligence helps prepare you for potential threats, to a certain limit, because it gives you insights into where your shortcomings are, your vulnerabilities. It also gives you some security recommendations to make improvements.

And the solution has decreased our time to respond because on high alerts you can get a quick response. The system will notify you very quickly if it detects something at a certain thread level or a custom threat level that you set.

Microsoft 365 Defender has a very great interface to help protect registered devices when it comes to web protection, which is very handy.

We also use the alert systems often. It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done, including websites accessed, et cetera. And if something was on the machine, we can see what it was trying to do.

I use the alert system on a daily basis. It gives you a very good analysis of where something was found, which employee or which device. And it often gives you a good history on that. The alerts help me to monitor and check what is going on. That's a very valuable system to have.

We've also tried the attack simulation, which sends out phishing emails internally as a test to see how the users respond. We get feedback and use the training simulation as a result. We've only done that once, and it's something we want to work on a little more.

In addition, we're using the assets on the system as well as the inventory functionality. It checks all the machines to see what software is installed on them.

We've used a lot of the features on the cloud, although not everything to its full potential, but we've used 70 to 80 percent of all the features on the cloud.

In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things.

The information it provides is great, but for a newcomer, it is quite tedious and takes a long time to load. Here in South Africa, when you click, oftentimes you have to wait quite some time before you get to the next page. It's not necessarily internet-related. I think it's just that the service is a bit slow.

Also, while the solution does help to prioritize threats, unfortunately, it doesn't do so for the entire environment. The reason is that it only supports full integration from Windows 10 and up. It provides you certain information from your server environment, but when you start going with legacy services, it is a bit lacking.

Another issue that is sometimes a headache is that they constantly make changes. Things will be merged, they will get different names, or be moved around. Things will be added and other things go somewhere else. They do a lot of development to make the product better, but it's very frustrating having to search for stuff after they've moved it, because you don't always know that they have moved things. They might have little banners, but if you're just working and don't read them, you don't know where things have gone. 

I would also really like to see better integration with the server platforms for managing your server environment. That's something it currently doesn't do. For all the server environments, you either need to make use of group policies or SCCM to manage that independently. It can provide you information on the system, but it doesn't have control over your server line.

Also, I make use of 365 Defender on a business level and on a personal level. On the personal level, there is a lot less functionality. Something that would be very nice is that, for the level you are on, you would only see the product you are subscribed to. For instance, if you log on via the business, you have all your action areas, anything you can do and see, on the left. Because you're using it at a corporate level, you can see and do everything. On the personal level, or in a small business where you're only using some of the features, you still have all the same options, but when you click on them, it tells you that you need to upgrade or subscribe. They should only show you what you have access to, and not all the tabs and then say, "You need to subscribe to get access to this." It just clutters the whole area.

We have been using Microsoft 365 Defender for about two years.

Overall, it has 95 percent stability. We don't have any issues with it. It works well. Microsoft does provide frequent information when there are issues or delays. But the stability is very good.

We're still learning a lot about its capabilities. It's more capable than what we use it for. That is due to a restriction on our resources and availability to get to know the system even better.

We have contacted Microsoft tech support multiple times. They are quick to respond to the original request. Sometimes I have been quite surprised because they have replied within 15 minutes. Some of the questions we had were resolved quickly, on the order of 60 minutes. I had one that took almost two years to get resolved. But in general, they are quick to respond. Their support is very good and quick.

Positive

Before 365 Defender, we made use of Avast as our antivirus, which had its own web console. For malware protection, we used an on-prem Cisco IronPort system that was scanning all our emails. And most of our SIEM logging information was done manually. We had much less insight into what was going on in the company.

Because it was a new solution for us, we had a company that works with Microsoft assist us, to make sure that all the configurations were standard. But since then, we've maintained most of it ourselves. On our side there were no more than five people involved.

It's a very expensive product, but for any threat it has definitely stopped or protected us from, in that sense, it has saved money and time, by preventing things that could have happened. But is it affordable? No, it's expensive.

If you look at everything that the solution entails, and the big cost to companies, especially medium-sized companies, one would like to have a bit of a price decrease due to economic circumstances. The functionality is fantastic, but for medium and small-sized companies it's overpriced. It would be better if it were a little bit cheaper.

We did look at other solutions. In the end, we decided on 365 Defender because it was all integrated. It worked to our advantage because all the products that we needed were already on the machines. All the products that you get from the Defender area are part of the built-in Windows 10 features. It gave us a better way of controlling and managing things. Overall, it made more sense to have one central place to manage and control and be alerted.

My advice is don't be frightened when you start getting into the solution. If you are not used to the environment, it is a mouthful, and it can really scare your socks off. There's just so much to it that you won't really know where to start.

The best thing I can recommend to anybody who is starting is to get somebody who knows the system to give you a walkthrough. Also, look at the tutorials to see what the functionalities are. It will be beneficial for any person to get a good overview of what's going on in 365 Defender, the capabilities and how it looks. But getting in contact with somebody who has some experience already in using it will help you to ask where to find things. "Where do I go from here? Show me how you're set up, so I can at least see some of the functionalities."

My very first impression of 365 Defender was that I was looking for something, but I didn't even know where to start. It was too overwhelming. As I spoke to other people who knew about the system, they gave me an overview and that made it easier for me to understand and to know where to go.

365 Defender is our main deployment, but we've got the endpoints also connected on Intune. They work together to deliver coordinated detection and response in our environment. Our complete suite is pretty much all Microsoft. Our environment is a 50/50 hybrid. We use Intune for certain policy changes and some of the deployments. But because our environment has a lot of legacy systems, we make use of the normal, on-prem deployment services as well.

Sentinel is linked to our on-premises Active Directory. It helps identify things that are happening on-prem. For example, when a user's account instance gets locked out, it will show you, on Defender, from which local machine it was locked out. Or if certain things are accessed, it will show that information on the on-prem Active Directory. It works well. For investigating and responding to threats, it definitely helps by dumping the information in a centralized location with the alerts to identify a bit more flow pattern. If something happens that's not on the cloud area, but it's on-prem, it helps track and identify movement. The information from Sentinel is an added bonus.

Overall, Defender 365 has saved us time, compared to the old ways of doing things, but at the same time, I wish the site was faster. Sometimes it can be very slow.

Best-of-breed solutions versus a single vendor's suite comes down to personal experience. With best-of-breed, at least you know that they have been tested in the industry and have a lot of history behind them. Also, the redundancy would be a lot better. Going with a single vendor sometimes makes it a little bit difficult, especially if they are only focusing on one area. It's a difficult question. It might come down to the way someone was "brought up" in the security industry or the way that they trust these companies.

I give Microsoft 365 Defender a nine out of 10. Once you get to know the system, it's really awesome. It provides a lot of insights.

Microsoft Defender XDR is our antivirus solution.

Microsoft Defender XDR provides a unified identity and access management platform.

It does a good job with identity protection.

Including identity and access management within Defender XDR is valuable because it streamlines our organization's security by consolidating multiple tools into one. This eliminates the need to manage and pay for separate solutions and licenses, simplifying our security posture.

Microsoft Defender XDR has improved our visibility, making us more efficient by providing threat details and remediation steps as well as improving our security posture.

It safeguards our organization by preventing advanced threats like ransomware and business email compromise, along with stopping lateral movement within our network that could enable attackers to spread and gain wider access.

It includes the ability to stop attacks and adapt to evolving threats. This is an important feature for us.

We have been enabled to discontinue using Microsoft Sentinel.

Microsoft Defender XDR helps save costs through the licensing for businesses which is around $20 each and helps save time for our security team.

The ability to isolate and address viruses is the most valuable feature of Microsoft Defender XDR.

Just like in any solution, the price can always be cheaper.

I have been using Microsoft Defender XDR for three months.

Microsoft Defender XDR is stable. It has been running smoothly for us.

The support has been perfect.

Positive

To consolidate our security tools and avoid additional costs for a separate EDR solution, we leveraged our existing Microsoft Sentinel license to migrate to Microsoft Defender XDR, which already includes EDR capabilities.

Our initial deployment of Defender XDR onto machines was simple. Onboarding a machine involves configuring settings within Intune for our tenant, allowing Defender XDR to communicate and collect data. The entire deployment process took only two hours and required just one person.

The implementation was completed in-house.

I would rate Microsoft Defender XDR ten out of ten.

No maintenance is required.

I recommend Microsoft Defender XDR for small businesses like ours.

My company operates as a service provider, so we use Microsoft Defender XDR in our office to provide our customers with security services.

I won't say that the product helped improve how my organization operates, but there is a need to build trust between the user and the product. Microsoft Defender XDR has been used in my organization since we purchased Windows 10 or 11, after which a user does not need to install any products from Microsoft separately. Some of my company's customers insist they want to install antivirus software separately in their environment due to trust issues.

The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products. Some other vendors of security products provide great features or capabilities of detection, but the best feature of Microsoft is its integration capability.

One important point about the solution that is an area of concern where improvements are required is related to the control center it provides. Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides.

I have been using Microsoft Defender XDR for three years. My company has a partnership with Microsoft. My company is also a reseller of Microsoft products.

As a part of Microsoft's attempt to reduce costs, there has been a direct cut down of the local technical support team. Sometimes, you have to use the technical support offered by Microsoft from other countries, but at times, we speak different languages, just like how people speak in Chinese or Mandarin, but there are still some differences between them. The front-line support from Microsoft has only limited technical abilities or access to their internal system. Sometimes, my company cannot even escalate an issue to Microsoft's senior team members.

The support team of Microsoft is nice as they attempt to solve the problems together with you, but I believe that due to some cost-related issues, they don't have enough permissions. Sometimes, users might feel blocked when trying to connect with the support team.

I rate the technical support a seven out of ten.

Neutral

My company started with Microsoft Defender XDR when we partnered with Microsoft. Some of our company's customers prefer CrowdStrike, Fortinet, and FortiSIEM.

You don't need to indulge in troubleshooting, making the initial setup phase an easy process because you could just use a GPO on your server to deploy everything. When there comes a problem to onboard some specific devices, and you need to indulge in troubleshooting, sometimes Microsoft Defender XDR's team says it is a problem with the devices a user is trying to onboard, and it's really hard for our company as service providers since we cannot always ask customers to reinstall their server.

Microsoft purposely makes its license combinations complex and includes combinations like Microsoft 365 E3 and Microsoft 365 E5, Office 365 E3, Office 365 E5, and Office 365 E1, so you get confused. Microsoft tries to sell you a bundle of a lot of things together. The licensing model of the product should be made more understandable.

There are other good products in the market, and it is difficult to state which one is better since all of them have micro differences in terms of pricing. There may be components like the user interface or maybe some other elements to judge other products, but when it comes to Microsoft, the most important factor stems from the fact that most people use Windows, so it's all integrated.

The product provides unified identity and access management as long as I use all of the products offered by Microsoft.

It is important for me that identity and access management are included within Microsoft Defender XDR because everything is controlled by your identity in the digital world, making it look like a user's government ID in the digital world. My company has tried a lot to talk to and educate our customers since some try not to use a complex password or MFA, which is the most important thing to protect your identity.

Some integration functions in Azure portal allow users to integrate their third-party applications. With the solution, it is not easy to track third-party applications. For transactions recognized by your credentials, it is not easy to track as they would stop, after which we are informed there is a problem. In my organization, we only know how some third-party applications ask to check the credentials, but we don't know what Microsoft Defender XDR does with it, so the product's security doesn't extend beyond just Microsoft technologies.

The product does stop lateral movement and advanced attacks like ransomware or business email compromise. The product blocks a lot of ransomware, which is good. It is considered to be a strict product, so if some of our customers use some local mail service, they have been blocked because Microsoft considers it to be not secure. Microsoft puts a lot of effort into security.

Microsoft Defender XDR's ability to stop attacks covers the product's ability to adapt to evolving threats. It is better to use it as a cloud-based solution that keeps adapting to changes and providing new features.

The product must adapt and evolve to manage threats since there is a new zero-day vulnerability every day, and there is no way to get protection from it. You cannot rely on the users or the admin to upgrade the features daily, so it's better to adopt it automatically with a cloud-based solution like Microsoft Defender XDR.

There were some problems when my organization tried to discontinue other products during the implementation phase of Microsoft Defender XDR since Microsoft tried to integrate all the products in our organization's environment together. If you have used Microsoft Defender XDR, you have to use an antivirus from Microsoft along with Microsoft Identity Platform Endpoint to get the best results. Sometimes, some customers may try to install some third-party antivirus in their environment other than the one provided by Microsoft, which gets blocked. Sometimes, antivirus software from a vendor goes into passive mode. When an antivirus software is in passive mode, some of its advanced features are not usable, causing some problems the user needs to deal with when using it.

The product's ability to save costs depends on how a user looks at a problem while using the solution. I worked as a part of the security team, and we always used to talk to our company's customers. The solution is sometimes like insurance, especially if you want to avoid some bigger problems and you need to spend some money to protect your environment. In some other IT teams or from some other client's point of view, Microsoft Defender XDR costs a lot of money, and they don't see anything. In the security world, no news is good news. You don't want to have to see everything happen and get plenty of alerts trying to prove the product's worth. The product has to control the attack surface so that you won't be attacked that much, or if there are any attacks, it can reduce the impact.

The product definitely saves time for my organization and our company's client teams, especially considering that it is not possible to manually go through the logs every day. The product did help pop up the abnormal activities so that my organization could just review the important things or abnormal activities.

It is hard to say how much time the product saves since it depends on factors like whether you are using some other products or using Microsoft Defender XDR alone. I guess that the product can save over 60 percent of my organization's time. When you use Microsoft Defender XDR in your IT infrastructure, and it works for you, then you just put it in there, and you will come to know when there are some abnormal activities or when you are attacked. With Microsoft Defender XDR, you can get some signs if you are being attacked.

Microsoft Defender XDR is a nice solution and can be combined with other solutions from Microsoft, but they offer limited flexibility. I want the product to be a high surveillance solution for me and not just an information-oriented tool, but nowadays, Microsoft doesn't provide any options to help choose the users' preferences.

I rate the overall product a seven out of ten.

We use 365 Defender to manage organization-level devices and vendor security compliance. We are a retail-focused organization that offers cloud services through Azure, GCP, and AWS, but we manage all the security through 365 Defender. Some of our users are based in other countries, and everything is centralized. We operate in multiple regions. 

We can easily track any other malicious activities or additional applications that will prevent it. We can get it here. It will be a helpful tool once we create policies for DLP and third-party programs. 

365 Defender stops the lateral movement of advanced attacks. It prevents something that happens on the device level from affecting us on the organization level. The solution enables us to track all the details, like the IPs and the device types. 

365 Defender helps us deal with unknown threats by creating custom policies, which enable us to block access by specific unknown sources and unsafe links. 365 Defender has multi-tenant capabilities, and we have multiple tenants, but I'm only involved in the retail part, so I don't have authority over other tenants. 

We were able to discontinue some of our other security products when we implemented 365 Defender, but there are some exceptions. We can use non-Microsoft solutions when the customer requires it. Mostly, we use cloud solutions. We've saved some costs on the security side at the organizational level by reducing equipment costs. Using 365 Defender's automation capabilities, we can cut our vulnerability management time by about 40-50 percent. 

I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications. 

The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform.

I have used 365 Defender for more than two years. 

365 Defender can have some performance issues during enrollment. It can take a while at times, but sometimes it's duplicated immediately. That's an issue with some other cloud-based programs like Intune and Azure products. 

I rate Microsoft 365 Defender support nine out of 10. Their support representatives provide solutions based on priorities. They prefer to follow the proper SLA part. 

Positive

The deployment is quick, straightforward, and involves only two people. 

Sometimes 365 Defender is expensive, but it can be moderate, depending on the organization's size and the license type. We're satisfied with the cost because it gives us a product that protects our entire environment with DLP. To compromise some cost, of course, we are to complete the most secure environment. 

I rate 365 Defender nine out of 10. 

Microsoft Defender XDR is used as an additional layer of protection we moved to Microsoft 365. It helps protect both our cloud infrastructure and endpoints.

We conduct regular phishing tests and have seen a decline in breaches because our users pay more attention to what's coming into their inboxes. We've seen fewer incidents.

The email protection feature is the most valuable because our risks primarily lie there, and it seems to be the most popular target. 

Sometimes, digging into the information and knowing where to go can be difficult. It would be better if much of that information were immediately visible, especially when looking at endpoints or users.

I have used Microsoft Defender XDR for around four years now.

The stability has been great. I haven't noticed many issues.

Regarding scalability, we're not a very large organization, with about three hundred people worldwide, so it has worked for us so far.

I rate Microsoft customer service seven out of 10. I have been able to get the help I need, but I know other technicians have had difficulty getting support.

Neutral

Previously, we had on-prem solutions and used Cisco Firepower as our main security. The pandemic accelerated our switch to Microsoft Defender XDR in 2020, as Skype for Business was going away, leaving Teams as the only option and leading us to look more to the cloud.

Moving all our mailboxes up to the cloud was pretty seamless. There weren't many hiccups, so I thought it went well.

We worked with Softchoice to initially get the ball rolling. They had someone come in to guide us through the steps.

On my side, it's difficult to speak about the return on investment, but we've improved our security posture.

I rate Microsoft Defender XDR an eight out of 10. It functions well for our needs and has not presented many performance issues. It's easy to take action, and we have not found many pain points.

We use Defender XDR to assign roles and monitor based on the analytics report from Microsoft. 

Defender XDR has improved the organization's confidentiality. If there's a DLP violation, such as someone sharing documents inappropriately, a notification will automatically trigger. Defender stops the movement of advanced attacks. We first need to set up some independent indicators of compromise. The IOCs are connected to some attack surface reduction rules.

We get alerts if someone tries installing something on the system or adding an external hard drive. We get security recommendations from Microsoft, but our security implements them on their own. We don't use the AI feature. We see significant time savings from the alerts based on the indicators of compromise. It saves us about 10 to 15 percent.

The best feature is probably the alert generation. When I do a security reset, the other session triggers instantly from the Defender console, and I can work on it. The policies are three times, but they are also ready to install it.

The identity management feature is something we need for our use case. It wraps up the access management and XDR components, so it's not just Defender. It works well with Azure AD for access management. I didn't think I needed identity and access management in the past, but it's nice to have if you're performing a significant migration on a tight schedule. 

Defender XDR's coverage extends beyond Microsoft technologies. It covers all the endpoints of users in the organization. I can manage access to any application and system within the organization. 

Defender XDR could provide recommendations for threat-hunting queries. Some people do not know how to write an advanced threat query, so we need to spend time training them. 

We have used Defender XDR for about 15 months.

I rate Defender XDR 10 out of 10 for stability. It's a stable solution. We've had no outages. 

The scalability depends on the number of licenses you can purchase. If I want to add more endpoints or solutions from Microsoft XDR, I have to pay more. The scale depends on the pricing. 

I rate Microsoft support eight out of 10. Some cases are easy fixes, so they don't take much time, whereas some of our more complex tickets take some time.

Positive

I've also worked with Trellix. Microsoft provides better recommendations for protecting our tools, devices, and files. Trellix has XDR capabilities, too, but Microsoft's recommendations are more robust. 

Defender XDR is a SaaS solution. The deployment is ongoing because we're constantly onboarding and retiring endpoints. Microsoft handles most of the maintenance for it. It rarely requires maintenance from our end. 

Defender XDR is fairly priced and cost-effective. 

I rate Microsoft Defender XDR eight out of 10. If you want to implement this product, you should have a team who understands the product well. It's SaaS-based, so the Microsoft team is delivering everything to you. However, you still need to know the product.

We use Microsoft Defender XDR to protect our endpoints, computers, mobile devices, and emails.

In part, Microsoft Defender XDR provides unified identity and access management.

Microsoft Defender XDR can protect 98 percent of devices.

With Microsoft Defender XDR we can now manage all of our non-critical computers from one console. The management level and implementation level are easy. Microsoft Defender XDR is also cost-effective.

We have been using Microsoft solutions for over 25 years so it didn't take much convincing to start using Microsoft Defender XDR.

Microsoft Defender XDR has enabled us to discontinue the use of Kaspersky in our safe computers.

Being able to reduce the number of solutions used has been helpful to our security team's operations. The discontinued use of other security products has reduced manual correlation. Using Microsoft has a lot of advantages, especially in management. The reduction in manual correlation is important for our organization.

Microsoft Defender XDR saves our security team around three hours a day.

The most valuable features are spam filtering, attachment filtering, and antivirus protection.

Microsoft Defender XDR is not a full-fledged EDR or XDR. Any true XDR should be more powerful than what Microsoft is currently providing. For some public-facing companies, computers, and endpoint computers, we need additional security from CrowdStrike or other third-party XDR.

Microsoft Defender XDR does not stop 100 percent of the lateral movement or advanced attacks. Our machines use both Microsoft Defender XDR and Crowdstrike and we have had instances where attacks were missed by Microsoft Defender XDR but caught by Crowdstrike.

I have been using Microsoft Defender XDR for four years.

Microsoft Defender XDR is stable.

Microsoft Defender XDR is scalable.

We previously used Kaspersky, Norton, and CrowdStrike. We switched to Microsoft Defender XDR because of its streamlined management capabilities.

The initial deployment was straightforward. We pushed Microsoft Defender XDR remotely across our system consisting of 300 computers. We are a team of seven people and each of us was involved in the deployment process.

The implementation was done in-house.

Microsoft Defender XDR is expensive.

We did not evaluate other security solutions because I have extensive knowledge of most products, their strengths and weaknesses, and their overall capabilities. Additionally, considering all our products are on Microsoft 365, a cloud-based platform, and we already utilize its various components like mail, documents, and more, integrating Microsoft Defender for threat detection and management was a natural choice due to existing ecosystem compatibility and streamlined administration.

I would rate Microsoft Defender XDR an eight out of ten.

Microsoft Defender XDR is deployed across multiple locations and departments.

Minimal maintenance is required for patching.