We performed a comparison between Cortex XDR by Palo Alto Networks and Microsoft 365 Defender based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Cortex XDR offers an intuitive interface, advanced identification of risks, expandability, and compatibility with various other solutions. Microsoft 365 Defender offers effortless integration with other Microsoft solutions. Users praised its flexibility and comprehensive protection against multiple threat types. Cortex XDR could use enhancements in hard disk encryption, security integration, and customer education. Microsoft 365 Defender could upgrade its machine learning and AI capabilities. Some users suggested adopting Zero Trust features.
Service and Support: Some customers were impressed with Palo Alto's support, while others reported mixed experiences. Some of our reviewers were satisfied with Microsoft's support, but others complained about slow responses and lackluster problem-solving capabilities.
Ease of Deployment: Some users thought Cortex XDR’s deployment was fast and straightforward, while others consider it to be a complex and time-consuming task that requires thorough planning. Setting up Microsoft 365 Defender is potentially complex and may involve integrating with existing policies. Some users reported longer deployment times.
Pricing: Some reviewers said Cortex XDR is expensive, but others said it was reasonable for the robust feature set Cortex offers. Some users say that Microsoft 365 Defender is good value, but other users perceive it as more expensive than similar competing products.
ROI: Cortex XDR creates value by ensuring system and data security rather than a financial return on investment. Microsoft 365 Defender offers savings, attack prevention, consolidation of security measures, and proactive threat detection.
Comparison Results: Our users prefer Cortex XDR over Microsoft 365 Defender. Cortex XDR offers a comprehensive platform with excellent visibility, protection, and control over network endpoints. Users appreciate the simplicity and efficiency of Cortex XDR's initial setup, as well as its ease of maintenance and updates. Microsoft 365 Defender receives mixed reviews about its initial setup, pricing, and customer support.
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"It is stable and scalable."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"The price is low and quite competitive with others."
"We have FortiEDR installed on all our systems. This protects them from any threats."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"NGAV and EDR features are outstanding."
"This is stable and scalable."
"The initial setup is pretty easy."
"They have a new GUI which is just fantastic."
"The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
"If there are multiple alerts, the app will automatically create and rate an event instead of going through each one."
"The product has an intuitive dashboard."
"WildFire AI is the best option for this product."
"The interface is easy to use and it is more up to date than our previous solution."
"Palo Alto is constantly adding new features."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"The threat intelligence is excellent."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"FortiEDR can be improved by providing more detailed reporting."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"The solution is not stable."
"The dashboard isn't easy to access and manage."
"We'd like to see more one-to-one product presentations for the distribution channels."
"The support needs improvement."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"It should support more mobile operating systems. That is one of the cons of their infrastructure right now."
"The connection to the internet has not performed as expected."
"The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."
"Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."
"Impact on system performance is horrible, adding a lot of delays for users."
"Cortex XDR could be improved with more GUI features."
"The solution should force customers to integrate with network traffic to see the full benefits of XDR."
"In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are the big company, so they can improve the UI a little bit. The UI, the reports, the log system can all be improved."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"The solution does not offer a unified response and standard data."
"The support could be more knowledgable to improve their offering."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 3rd in Extended Detection and Response (XDR) with 80 reviews while Microsoft Defender XDR is ranked 6th in Extended Detection and Response (XDR) with 76 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Microsoft Defender XDR is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "It provides a whole new level of visibility and integrates with most other vendors". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and SentinelOne Singularity Complete, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Secureworks Taegis XDR. See our Cortex XDR by Palo Alto Networks vs. Microsoft Defender XDR report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.