Try our new research platform with insights from 80,000+ expert users
Microsoft Defender XDR Logo

Microsoft Defender XDR pros and cons

Vendor: Microsoft
4.2 out of 5
Badge Leader
280 followers
Start review

Pros & Cons summary

Microsoft Defender XDR offers a comprehensive integration with Microsoft products, creating a robust security ecosystem with advanced threat detection, antiphishing, and antivirus features. Enhanced automation aids in efficient threat response, suitable for organizations of various sizes. Challenges include complex licensing, slow technical support, and scalability issues for larger tenants. The absence of patching capabilities and a need for improved threat detection are noted, though its affordability and operational stability remain strengths.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Microsoft Defender XDR offers seamless integration across various Microsoft platforms, enhancing overall cybersecurity efficiency.
It provides comprehensive threat protection and intelligence, which helps in effectively managing and prioritizing enterprise threats.
The advanced threat hunting capabilities, including real-time analysis and event monitoring, significantly improve security response mechanisms.
It includes extensive features such as endpoint protection, email security, and benefits from Microsoft Sentinel integration for increased automation and alert management.
With all-in-one coverage for endpoint security, cloud security, and phishing email analysis, it delivers significant value for enterprise defense.

CONS

Microsoft Defender XDR could improve its pricing model and licensing options to make it more cost-effective and easier to understand.
The support and customer service from Microsoft Defender XDR could be more responsive and knowledgeable.
Integration with third-party applications and seamless operation with non-Microsoft systems could be better enhanced in Microsoft Defender XDR.
Automated response capabilities and threat intelligence could be further developed in Microsoft Defender XDR to improve efficiency.
Microsoft Defender XDR may need to improve its speed, especially regarding backend performance and scanning of attachments, to keep pace with evolving threats.
 

Microsoft Defender XDR Pros review quotes

Eric Mannon - PeerSpot reviewer
Nov 27, 2023
The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def
Read full review
PD
Nov 19, 2024
For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity.
Read full review
Gabor Nyerd - PeerSpot reviewer
May 17, 2023
Microsoft 365 Defender's most valuable feature is the ability to control the shadow IP.
Read full review
Buyer's Guide
Microsoft Defender XDR
April 2025
Free Report: Microsoft Defender XDR Reviews and More
Learn what your peers think about Microsoft Defender XDR. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
DOWNLOAD NOW
850,671 professionals have used our research since 2012.
James-Hinojosa - PeerSpot reviewer
Apr 5, 2023
In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments.
Read full review
reviewer2187066 - PeerSpot reviewer
May 17, 2023
Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment.
Read full review
Siddharth Kumar - PeerSpot reviewer
May 24, 2024
In our company,we have faced multiple attacks over the last few months, but none of them have been successful, and I think Microsoft Defender XDR has played a major role in it.
Read full review
reviewer2186769 - PeerSpot reviewer
May 17, 2023
Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit.
Read full review
Patrick Celano Ciccarino - PeerSpot reviewer
Mar 8, 2024
The integration, visibility, vulnerability management, and device identification are valuable.
Read full review
Michael Wurz - PeerSpot reviewer
Nov 22, 2023
From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave.
Read full review
NitinKumar1 - PeerSpot reviewer
Apr 17, 2024
The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging.
Read full review
Show 10 more reviews (out of 101)
 

Microsoft Defender XDR Cons review quotes

Eric Mannon - PeerSpot reviewer
Nov 27, 2023
From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it.
Read full review
PD
Nov 19, 2024
For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details.
Read full review
Gabor Nyerd - PeerSpot reviewer
May 17, 2023
Sometimes, configurations take much longer than expected.
Read full review
Buyer's Guide
Microsoft Defender XDR
April 2025
Free Report: Microsoft Defender XDR Reviews and More
Learn what your peers think about Microsoft Defender XDR. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
DOWNLOAD NOW
850,671 professionals have used our research since 2012.
James-Hinojosa - PeerSpot reviewer
Apr 5, 2023
At times, there may be delays in the execution of certain actions and their effects.
Read full review
reviewer2187066 - PeerSpot reviewer
May 17, 2023
In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals.
Read full review
Siddharth Kumar - PeerSpot reviewer
May 24, 2024
I do think that maybe having a feature within my organization where there are three different domains within which we have to operate would be helpful, as there is currently no unified view within the domains.
Read full review
reviewer2186769 - PeerSpot reviewer
May 17, 2023
Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful.
Read full review
Patrick Celano Ciccarino - PeerSpot reviewer
Mar 8, 2024
The web filtering solution needs to be improved because currently, it is very simple.
Read full review
Michael Wurz - PeerSpot reviewer
Nov 22, 2023
The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense.
Read full review
NitinKumar1 - PeerSpot reviewer
Apr 17, 2024
The patching capability should be there. Patching is something that you cannot do even though you see the vulnerabilities present in your environment. For patching, you have to depend on another solution.
Read full review
Show 10 more reviews (out of 100)

Product Categories

Product Categories
Extended Detection and Response (XDR)
Endpoint Detection and Response (EDR)
Microsoft Security Suite

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Microsoft Defender XDR Logo
CrowdStrike Falcon vs Microsoft Defender XDR
Microsoft Intune vs Microsoft Defender XDR Logo
Microsoft Intune vs Microsoft Defender XDR
Microsoft Defender for Endpoint vs Microsoft Defender XDR Logo
Microsoft Defender for Endpoint vs Microsoft Defender XDR
Wazuh vs Microsoft Defender XDR Logo
Wazuh vs Microsoft Defender XDR
Fortinet FortiEDR vs Microsoft Defender XDR Logo
Fortinet FortiEDR vs Microsoft Defender XDR
Microsoft Defender for Office 365 vs Microsoft Defender XDR Logo
Microsoft Defender for Office 365 vs Microsoft Defender XDR
Microsoft Sentinel vs Microsoft Defender XDR Logo
Microsoft Sentinel vs Microsoft Defender XDR
Microsoft Entra ID vs Microsoft Defender XDR Logo
Microsoft Entra ID vs Microsoft Defender XDR
Microsoft Defender for Cloud vs Microsoft Defender XDR Logo
Microsoft Defender for Cloud vs Microsoft Defender XDR
SentinelOne Singularity Complete vs Microsoft Defender XDR Logo
SentinelOne Singularity Complete vs Microsoft Defender XDR
Cortex XDR by Palo Alto Networks vs Microsoft Defender XDR Logo
Cortex XDR by Palo Alto Networks vs Microsoft Defender XDR
Microsoft Purview Data Governance vs Microsoft Defender XDR Logo
Microsoft Purview Data Governance vs Microsoft Defender XDR
IBM Security QRadar vs Microsoft Defender XDR Logo
IBM Security QRadar vs Microsoft Defender XDR
Elastic Security vs Microsoft Defender XDR Logo
Elastic Security vs Microsoft Defender XDR
Cisco Secure Endpoint vs Microsoft Defender XDR Logo
Cisco Secure Endpoint vs Microsoft Defender XDR
See all alternatives

Product Categories

Product Categories
Extended Detection and Response (XDR)
Endpoint Detection and Response (EDR)
Microsoft Security Suite

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Microsoft Defender XDR Logo
CrowdStrike Falcon vs Microsoft Defender XDR
Microsoft Intune vs Microsoft Defender XDR Logo
Microsoft Intune vs Microsoft Defender XDR
Microsoft Defender for Endpoint vs Microsoft Defender XDR Logo
Microsoft Defender for Endpoint vs Microsoft Defender XDR
Wazuh vs Microsoft Defender XDR Logo
Wazuh vs Microsoft Defender XDR
Fortinet FortiEDR vs Microsoft Defender XDR Logo
Fortinet FortiEDR vs Microsoft Defender XDR
Microsoft Defender for Office 365 vs Microsoft Defender XDR Logo
Microsoft Defender for Office 365 vs Microsoft Defender XDR
Microsoft Sentinel vs Microsoft Defender XDR Logo
Microsoft Sentinel vs Microsoft Defender XDR
Microsoft Entra ID vs Microsoft Defender XDR Logo
Microsoft Entra ID vs Microsoft Defender XDR
Microsoft Defender for Cloud vs Microsoft Defender XDR Logo
Microsoft Defender for Cloud vs Microsoft Defender XDR
SentinelOne Singularity Complete vs Microsoft Defender XDR Logo
SentinelOne Singularity Complete vs Microsoft Defender XDR
Cortex XDR by Palo Alto Networks vs Microsoft Defender XDR Logo
Cortex XDR by Palo Alto Networks vs Microsoft Defender XDR
Microsoft Purview Data Governance vs Microsoft Defender XDR Logo
Microsoft Purview Data Governance vs Microsoft Defender XDR
IBM Security QRadar vs Microsoft Defender XDR Logo
IBM Security QRadar vs Microsoft Defender XDR
Elastic Security vs Microsoft Defender XDR Logo
Elastic Security vs Microsoft Defender XDR
Cisco Secure Endpoint vs Microsoft Defender XDR Logo
Cisco Secure Endpoint vs Microsoft Defender XDR
See all alternatives
Related questions
  • 77
What is the best EDR or XDR product for a company with 9000 employees?
  • 11
When evaluating Extended Detection and Response (XDR), what aspect do you think is the most important to look for?
  • 335
How do you decide about the alert severity in your Security Operations Center (SOC)?
  • 118
Which is better for Endpoint Security: EDR or XDR solutions?
  • 211
What are the main differences between XDR and SIEM?
  • 251
Why is Extended Detection and Response (XDR) important for companies?
  • 86
How do you use the MITRE ATT&CK framework for improving enterprise security?
  • 49
What tools and solutions do you use for automated incident response in an enterprise in 2022?
  • 36
FortiXDR vs Cortex Pro - which is the best?
  • 1,185
What is Cognitive Cybersecurity and what is it used for?