We performed a comparison between Microsoft 365 Defender and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison results: Based on the parameters we compared, CrowdStrike Falcon comes out ahead of Microsoft 365 Defender. While both offer threat-hunting and response features, 365 Defender’s inflexible third-party integration, as well as its lack of support at times leave room for improvement.
"The product's initial setup phase is very easy."
"Fortinet is very user-friendly for customers."
"The price is low and quite competitive with others."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"The stability is very good."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and keep our systems up."
"Overall, what I found most valuable in CrowdStrike Falcon is its good mechanism. It also has a good reporting feature. CrowdStrike Falcon is an invaluable tool because, through it, you can take quick action, for example, when an OS is missing specific patches."
"The most valuable feature is that we don't need to re-image machines as much as we had to."
"The OverWatch is the most valuable feature to me. It's a 24x7 monitoring service, and when they see anything suspicious in my environment, they will investigate."
"Among CrowdStrike Falcon's most valuable capabilities are its UEBA and SOAR functionalities, along with its seamless integration with any other SIEM solution."
"I like the detection rates of mobile threats."
"The initial setup is a very fast process."
"It provides very good protection and the ability to crosscheck environments."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"I have found the ability to delete unwanted threats beneficial."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"Microsoft 365 Defender's most valuable feature is the ability to control the shadow IP."
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"ZTNA can improve latency."
"We find the solution to be a bit expensive."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"It takes about two business days for initial support, which is too slow in urgent situations."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"The overall cost of CrowdStrike Falcon could be reduced."
"It would be nice if they did have some sort of Active Directory tie-in, whether that be Azure or on-prem. Sometimes, it is difficult for us to determine if we are missing any endpoints or servers in CrowdStrike. We honestly don't have a great inventory, but it would be nice if CrowdStrike had a way to say this is everything in your environment, Active Directory-wise, and this is what doesn't have sensors. They try to do that now with a function that they have built-in, but I have been unsuccessful in having it help us identify what needs a sensor. So, better visibility of what doesn't have a sensor in our environment would be helpful."
"For CrowdStrike to work, all the machines need to have an internet connection. This makes it challenging to assist customers without an internet connection. We would like to have a mechanism or relay to make this possible."
"The biggest issue with Falcon as a standalone product is it doesn't have very much reporting."
"We can do a threat analysis of any machine at any time, but that threat analysis is very limited."
"I would like to see the machine learning feature enhanced."
"The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ."
"CrowdStrike Falcon needs to improve their host management system."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"In the Microsoft Azure Portal, in Active Directory, if there is anything on the user it will provide you with the information, but you still have to go through it a bit. And sometimes, I have experienced difficulties in understanding the information, especially because the synchronization between Microsoft Intune and the devices that are connected to the user in Azure Active Directory takes a lot of time."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
Protect your organization from all threats - not just malware - even when computers and servers aren’t connected to the internet. Start your free trial and deploy CrowdStrike Falcon within minutes to start receiving full threat protection.
CrowdStrike Falcon is ranked 3rd in EDR (Endpoint Detection and Response) with 101 reviews while Microsoft Defender XDR is ranked 8th in EDR (Endpoint Detection and Response) with 74 reviews. CrowdStrike Falcon is rated 8.6, while Microsoft Defender XDR is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Trend Vision One, whereas Microsoft Defender XDR is most compared with Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh, Microsoft Sentinel and Trend Vision One. See our CrowdStrike Falcon vs. Microsoft Defender XDR report.
See our list of best EDR (Endpoint Detection and Response) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all EDR (Endpoint Detection and Response) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.