Try our new research platform with insights from 80,000+ expert users

Mandiant Advantage vs Microsoft Defender XDR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 15, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Mandiant Advantage
Ranking in Extended Detection and Response (XDR)
26th
Average Rating
8.4
Reviews Sentiment
7.8
Number of Reviews
6
Ranking in other categories
Attack Surface Management (ASM) (5th)
Microsoft Defender XDR
Ranking in Extended Detection and Response (XDR)
3rd
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
101
Ranking in other categories
Endpoint Detection and Response (EDR) (5th), Microsoft Security Suite (3rd)
 

Mindshare comparison

As of July 2025, in the Extended Detection and Response (XDR) category, the mindshare of Mandiant Advantage is 1.0%, up from 0.7% compared to the previous year. The mindshare of Microsoft Defender XDR is 6.2%, down from 8.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

SameepAgarwal - PeerSpot reviewer
In-depth traffic analysis and proactive support reduce investigation time
The live IOC feed identifies the type, technique, and tactics used. This becomes handy since then I know what to refer to from the playbook. For instance, if I take a use case of someone with Mimikatz installed on their system, knowing the nature beforehand reduces investigation time. I can quickly apply the playbook to resolve incidents in less time.
Gabor Nyerd - PeerSpot reviewer
Includes four services and four products, which can help organizations a lot
We found that sometimes integrations work, but testing them can take some time. Sometimes, configurations take much longer than expected. We have a configuration in place that needs to be synchronized with another server. However, the servers are four hours apart, so this can cause delays. In general, I believe that the time it takes to configure and test a service should be shorter. Sometimes, it can take a couple of hours to test a single configuration setting. Other times, it is only ten or fifteen minutes, which is normal. However, sometimes, even immediate actions can be triggered by configuration changes, and some settings can take up to eight hours to complete. I believe that this time can be improved. Microsoft is making a lot of improvements to its services in a short period of time. This is a good thing, as it means that the services are constantly being updated and improved. However, it can be challenging for customers to keep up with the changes. For example, a customer may read about an update, understand it, and share it with their colleagues and boss. However, it may take days or weeks to test the update and get the necessary approvals. This can be especially challenging for large customers with many users or machines. In some cases, Microsoft may change a service before the customer has had a chance to implement the previous update. This can be frustrating for customers, as it means that they have to constantly learn new things and adjust their workflows. On the one hand, it is important for Microsoft to keep updating and improving its services. This helps to ensure that the services are meeting the customers' needs and that they are staying ahead of the competition. Microsoft should also be mindful of the challenges that these changes can create for customers. One way to address this challenge is to provide customers with more time to implement changes. Microsoft could also provide more information about upcoming changes so that customers can plan ahead. Ultimately, Microsoft needs to strike a balance between keeping its services up-to-date and providing customers with a smooth transition to new features.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The scalability of Mandiant Advantage deserves a ten out of ten."
"The live IOC feed identifies the type, technique, and tactics used."
"The feature I have found most valuable is directory monitoring. We experienced an instance of threat actors trying to ensure a complex and massive attack against our customer's infrastructure on the forum. That is, they were animating people on a formum. The solution alerted us to this two days ahead of the attack, which gave us plenty of time to prepare for it."
"I have never faced stability issues."
"Mandiant Advantage is excellent at providing the full context and all the information, where the information was found, and the full data, including the raw data that was uploaded onto the Internet."
"It is so valuable to have someone performing these functions outside of our business hours when we don't have staff in the building. We've seen a lot of solid metrics on the amount of malware that it's detecting and resolving. We're pleased with it so far."
"The advantage of the solution is being able to go look up threat actors and get a lot of detailed information about different attacks and different tactics and general information about threats."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"Microsoft 365 Defender is a stable solution."
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"Its most significant advantage lies in its affordability."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The summarization of emails is a valuable feature."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
 

Cons

"Collaboration of data in my view becomes a bit clogged, requiring effort to understand visually."
"They could have better support. Now that they've merged, they are moving towards a portal system, which isn't very helpful."
"Mandiant's on-prem client is too processor-intensive, so it's putting a strain on the local device's CPU. When a scan is running on the device, the other processing tasks slow to a crawl. We're still trying to figure out the correct settings for the client."
"Sometimes Mandiant Advantage becomes noisy when dealing with widely recognized companies due to false positives."
"I think that the data query that is used for data cloud language should be improved. It's really hard to query actual data from the platform."
"Sometimes Mandiant Advantage becomes noisy when dealing with widely recognized companies due to false positives."
"I have already given them feedback that their UI needs improvement since sometimes there is a lag. The side-by-side depiction of request response and action clogs the screen."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"It would be beneficial to reduce the number of clicks required to navigate between blades, as the current navigation and breadcrumb system can be a bit confusing. Some inconsistencies exist between blades, which could be improved for a more seamless user and UI experience."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"Advanced attacks could use an improvement."
"The solution could enhance the threat Intelligence feature by making it more relevant to specific industries. Much of the threat intelligence information isn't directly applicable to our environment. It would be beneficial if the threat intelligence were tailored to the industry, such as healthcare or fintech, where the solution is being used."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
 

Pricing and Cost Advice

Information not available
"The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change."
"It is fairly priced because we get complete integrated services with the E5 license."
"Its licensing and pricing are handled by someone else. My role is limited to incidents or issues with the portal, but you get what you pay for. It is worth the cost."
"The bundling of software makes it easier to manage our setup, but Microsoft purposefully obfuscates this through marketing ploys to hide costs."
"The solution is affordable, and we haven't been hit with any hidden costs. The subscription model is straightforward, and it's easy to understand how much additional features cost. If we need to cancel a license or feature, we do that well in advance to avoid being charged for it, but overall, the pricing and licensing are simple and easy."
"On average, we pay around 55 euros per user for the services and features we receive."
"All I can say again is the E5 gives you all the capabilities that it offers. It also gives Office 365 and one terabyte of storage. All in all, the E5 license model makes sense. There are some people who say it's quite costly, but rather than paying different vendors, it makes sense to go all in with Microsoft if you've got that licensing. From that perspective, it's cost-effective, but I can't comment much on that."
"With the little idea I have about the costs, I can say that XDR tools tend to be a bit expensive. If you are using Microsoft Defender XDR, then you need to go for a subscription-based pricing model."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
861,803 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
11%
Manufacturing Company
8%
Government
7%
Computer Software Company
17%
Financial Services Firm
8%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What needs improvement with Mandiant Advantage?
Sometimes Mandiant Advantage becomes noisy when dealing with widely recognized companies due to false positives. More fine-tuning is required to handle famous company names. It also handles alerts ...
What is your primary use case for Mandiant Advantage?
I use it for cyber threat intelligence. I gather information about newly created domains around the Internet that can be related to my managed company. I monitor these domains for any phishing acti...
What advice do you have for others considering Mandiant Advantage?
I would advise exploring multiple functions because there are many different capabilities of Mandiant Advantage. For small organizations, try every feature included in the package. Use known source...
What do you like most about Microsoft 365 Defender?
Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise.
What is your experience regarding pricing and costs for Microsoft 365 Defender?
The pricing for Microsoft Sentinel operates on a pay-as-you-go model based on data ingestion. I recall that Defender XDR pricing is based on the number of endpoints.
What needs improvement with Microsoft 365 Defender?
For Microsoft Defender XDR ( /categories/extended-detection-and-response-xdr ), there is currently no ability to reset passwords for on-premises accounts, which is a key challenge. Incident managem...
 

Also Known As

Mandiant Threat Intelligence
Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
 

Overview

 

Sample Customers

Stater Bros. Markets, Rush Copley, Blackboat, CapWealth
Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
Find out what your peers are saying about Mandiant Advantage vs. Microsoft Defender XDR and other solutions. Updated: June 2025.
861,803 professionals have used our research since 2012.