Microsoft Defender XDR vs Microsoft Purview Audit comparison

"I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."

"The biggest return on investment when using Microsoft Defender XDR for me is saving time for the most part."

"You can configure the product very easily."

"Vulnerability assessment and just-in-time access are some valuable features of Defender for server plans."

"Scanning, vulnerability reporting, and the dashboard are the most valuable features."

"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."

"The stability has been great."

"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."

"The overall user experience with Microsoft Purview Audit is of higher quality than when it was branded as Compliance Center, and Microsoft consistently updates and evolves functionalities and the overall experience."

"We're easily saving at least one hour per day using this solution."

"The platform has significantly enhanced our operational insight into the overall Microsoft 365 environment."

"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."

"For Microsoft Defender XDR, there is currently no ability to reset passwords for on-premises accounts, which is a key challenge."

"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."

"Microsoft Defender XDR could be improved in terms of speed, especially backend speed."

"The solution could enhance the threat Intelligence feature by making it more relevant to specific industries. Much of the threat intelligence information isn't directly applicable to our environment. It would be beneficial if the threat intelligence were tailored to the industry, such as healthcare or fintech, where the solution is being used."

"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."

"The automation response being slow is the main concern; when an incident occurs or if I run a remediation, it takes significant time to complete the remediation."

"A simple dashboard without having to use MS Sentinel would be a welcome improvement."

"Areas for product improvement include enhancing customization options and integrating more comprehensive compliance features."

"We are still in the early stages of leveraging Microsoft Purview Audit. Currently, it's primarily used for the audit function."

"We do have a Denial of Access happening."

"The solutions price is fair for what they offer."

"While the standalone price of Defender XDR might seem high, its value becomes clear when considering the ease of implementation and smooth integration with our existing Microsoft infrastructure, especially when bundled with other Microsoft products."

"The pricing of Microsoft 365 Defender is definitely on the costly side, but with the features and services that Microsoft provides, such as the seamless integration of all the Defender tools, while the price is on the higher side, there is no alternative."

"It can be complex to navigate since customers have varying licensing agreements across Microsoft. If they go straightforward with E5 for all users, it's simple, but combinations based on budget constraints can complicate things."

"The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."

"Microsoft Defender XDR is expensive."

"There are no issues with pricing, but sometimes, the clarity in licensing is a concern."

"The product is fairly priced for what we get from it."