CrowdStrike Falcon and Microsoft Defender XDR are both Extended Detection and Response (XDR) solutions that offer endpoint protection and threat detection capabilities. CrowdStrike Falcon is a standalone platform, whereas Defender XDR integrates seamlessly with Microsoft security products. CrowdStrike Falcon offers customizable alert settings and machine-learning algorithms for proactive threat hunting. Microsoft Defender is highlighted for its efficient incident response system. Both products have flexible pricing options, with users noting positive ROI from both solutions.
The summary above is based on 207 interviews we conducted recently with CrowdStrike Falcon and Microsoft 365 Defender users. To access the review's full transcripts, download our report.
"The product's initial setup phase is very easy."
"The price is low and quite competitive with others."
"It is stable and scalable."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"Easy to use, intelligent, and stable threat detection software."
"The feature that I find to be the most valuable, is being able to look at the system analysis and being able to baseline what is installed on the system."
"There are two things which customers really like about CrowdStrike. If they buy managed services from CrowdStrike, it offers them detection of security issues in one minute. If you buy their professional services, they offer insurance where you can claim up to $5 million if there's a breach. This is a huge upsell for customers."
"The UI is simple and self-explanatory. Everything is easy to understand."
"The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence."
"We are now able to find the root cause analysis on any threat. We can figure out where the issue came in versus just dealing with where it is at the moment."
"It seems to do a pretty good job of protecting the host. It offers good insights that it gives you when it has a detection. It's pretty incredible."
"The stability is good; we haven't experienced any glitches or bugs."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"Microsoft 365 Defender's most valuable feature is the ability to control the shadow IP."
"Advanced hunting is good. I like that. We can drill down to lots of details."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"Microsoft 365 Defender is a good solution and easy to use."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"ZTNA can improve latency."
"The dashboard isn't easy to access and manage."
"It takes about two business days for initial support, which is too slow in urgent situations."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"Detections could be improved."
"If we have a dashboard capability to uninstall agents, I think that would be great."
"For CrowdStrike to work, all the machines need to have an internet connection. This makes it challenging to assist customers without an internet connection. We would like to have a mechanism or relay to make this possible."
"If CrowdStrike can further expand its support for XDR compatibility, that would give it an edge over all the other competing new products."
"CrowdStrike Falcon sometimes wrongly flags things as malicious. Let's say a user is active on Chrome only. Sometimes, our cross-segmenting will fetch from the backend data and show that it is malicious because of memory or CPU utilization."
"The console is not user-friendly or visually appealing and has room for improvement."
"I would rate it an eight out of ten. It does what it needs to do but there's always room for improvement."
"CrowdStrike should add support for ransomware protection."
"The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool."
"There could be a way to proactively monitor unusual activity ."
"At times, there may be delays in the execution of certain actions and their effects."
"The management and automation of the cloud apps have room for improvement."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"Improving scalability, especially for very large tenants, could be beneficial for Microsoft Defender XDR."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews. CrowdStrike Falcon is rated 8.8, while Microsoft Defender XDR is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and VMware Carbon Black Endpoint, whereas Microsoft Defender XDR is most compared with Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh, Trend Vision One and Microsoft Entra ID. See our CrowdStrike Falcon vs. Microsoft Defender XDR report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.