Microsoft 365 Defender, part of Microsoft’s XDR solution, leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, building a complete picture of each attack in a single dashboard. With this breadth and depth of clarity defenders can now focus on critical threats and hunt for sophisticated breaches, trusting that the powerful automation in Microsoft 365 Defender detects and stops attacks anywhere in the kill chain and returns the organization to a secure state.
The Microsoft 365 Defender has provided numerous benefits and cost savings for organizations. It consolidates necessary security measures into the comprehensive Microsoft 365 license, eliminating the need for separate third-party filtering solutions. This consolidation saves organizations from making additional purchases or managing multiple security solutions. The time it takes to respond to potential threats and detect them has significantly improved. The proactive approach of Microsoft 365 Defender has prevented future issues and associated costs. It has effectively identified and contained threats, saving organizations from extensive investments. The tool has also saved man-hours by automatically sifting through logs and connecting information during investigations. Compared to previous solutions, the return on investment has been positive. There have been no financial losses due to attacks, demonstrating the solution's effectiveness in defending against them. Legacy email gateways and antivirus on-premise solutions have been removed, resulting in ROI in project situations. The solution has also protected organizations from significant financial losses by preventing hacking incidents. The benefits of Microsoft 365 Defender were evident within a few weeks of deployment, although exact metrics are not provided.
The primary use case of Microsoft 365 Defender is for security purposes, including threat detection, email security, endpoint security, and securing the Office package. It is utilized in various environments such as workstations, cloud, hybrid models, and legacy systems. The solution is used to create policies for anti-spam, anti-malware, and anti-phishing, as well as for analyzing and monitoring system behavior. It is also used for securing email, SharePoint, and Teams environments, providing EDR and endpoint protection, and ensuring SOC 2 compliance. Microsoft 365 Defender integrates with other Microsoft products and offers insights and control over devices. Overall, it is recommended as a comprehensive security solution, particularly in cloud-based environments.
The most valuable features of Microsoft 365 Defender, according to the reviews, are the combination of all the capabilities and centralized management. Another valuable feature is the credit-backed simulation, which helps train users to effectively respond to phishing emails. The visibility provided by Microsoft 365 Defender is also highly appreciated, as it offers a comprehensive overview of threats and allows for specific criteria configuration. The ability to customize threat detection is seen as a valuable enhancement. Additionally, the solution's role-based access control and integration with other Microsoft solutions are considered helpful in protecting the organization from intruders and cyberattacks. The monitoring and connectivity across Microsoft and third-party connectors, as well as the advanced threat hunting capabilities, are also mentioned as valuable features. The DLP feature is highly praised for adding an extra layer of data protection, and the visibility into threats provided by the solution is described as amazing. The integration with other Microsoft products, such as Sentinel and Defender for Cloud Apps, is seen as seamless and beneficial.
Improvements needed for Microsoft 365 Defender include:
1. Enhanced support knowledge: The support team should be more knowledgeable to provide better assistance.
2. Improved accuracy and performance: The software may incorrectly flag legitimate emails as spam or have issues accurately classifying certain emails.
3. User-friendliness and simplification: The product is complex and requires a high level of technical expertise, making it challenging for beginners or less experienced individuals. It should be made more user-friendly and simplified.
4. Intrusion detection and prevention: The addition of intrusion detection and prevention capabilities would be beneficial.
5. Real-time feedback and prompt execution: Delays in the execution of actions and their effects, such as improving the secure score, should be minimized for a more timely response.
6. Additional visibility into log analytics: More specific details about the origin of malware, such as its source, would be helpful.
7. Integration with third-party products: Microsoft 365 Defender should provide better control and support for third-party cloud platforms and products.
8. Up-to-date and comprehensive documentation: The documentation on the Microsoft website should be refreshed and provide all necessary information.
9. Automation capabilities: The solution should offer better automation options, particularly when integrating with Microsoft Sentinel.
10. Reduction of complexity: The solution should be less policy-driven and provide more direct and streamlined solutions.
11. Bug fixes and flexibility: Microsoft should address bugs caused by the inclusion of too many features and make the solution more flexible during deployment.
12. Improved dashboard and reporting: The dashboard should be easier to use, and exporting or scheduling reports should be improved.
13. Support for non-Microsoft solutions: The solution should better support non-Microsoft products and offer compatibility with other operating systems.
14. Detailed information for experts: Microsoft should provide more in-depth information and use cases for experts to maximize the solution's usage.
15. More features in smaller licenses: Additional features should be included in smaller licenses to ensure comprehensive security.
16. Aesthetically pleasing dashboard and multi-language support: The dashboard should be visually appealing, and multi-language support should be available for all features.
17. Real-time updates and improved documentation: Changes made within the admin or security portals should be promptly communicated, and feature updates should be accurately reflected in the Knowledge Base.
18. Better information in summary reports: The summary reports should provide more detailed information to help administrators understand and resolve mail flow issues.
19. Integration with additional security features: Integration with features offered by other solutions, such as Malwarebytes, would enhance Microsoft 365 Defender.
20. Consolidated licensing and improved alerts: The licensing options should be consolidated, and alerts and notifications should provide more detailed information.
The initial setup for Microsoft 365 Defender can vary depending on the specific deployment scenario. It can be straightforward in most cases, but there are potential complications when dealing with scenarios like bringing your own device or managed devices. Generally, a pilot is done with the IT organization before deploying to the rest of the organization. The number of staff required for deployment typically ranges from 10 to 20. The deployment process varies from client to client, based on their business requirements and the RFP. An audit is usually performed beforehand to identify missing components or security controls. The deployment timeline depends on the client's chosen Microsoft product. There may be certain restrictions and limitations with Microsoft, and challenges can arise, such as moving mailboxes from on-prem Exchange to Exchange Online. A proper plan of action is followed, including a PoC, pilot, and migration of different departments. The overall deployment timeframe can take several months, with the involvement of a small team. Maintenance for Microsoft 365 Defender is generally handled by Microsoft, and the solution itself does not require much additional maintenance. The solution is considered easy to deploy since it is a cloud-based service. However, there may be challenges specific to the client's environment, such as removing old Symantec signatures or ensuring compatibility with target points. Overall, the initial setup is described as straightforward, easy, and not complex, but it may require time, planning, and the involvement of specific teams for maintenance and monitoring.
The reviews indicate that the scalability of Microsoft 365 Defender is highly commendable and one of its benefits. Users mention that it effortlessly accommodates an increasing number of users and seamlessly scales across them. The solution can be scaled up or down depending on the customer's environment and is suitable for both small and large environments. Licensing enables automatic scaling based on needs, and there are no limitations on the number of agents for Defender. It is used extensively across multiple departments and locations, including organizations with thousands of users. The product's scalability has been good and has not caused any problems for users.
The customer service and support of Microsoft 365 Defender have received mixed reviews. Some users have expressed dissatisfaction with the support, mentioning issues such as a lack of knowledge and difficulty in resolving problems. However, others have praised the technical support, highlighting quick response times and effective resolution of specific incidents. The quality of support seems to vary depending on the engineer handling the ticket, with some users experiencing poor support while others have had positive experiences. There are also mentions of support being redirected to third-party vendors, which some users find less satisfactory.
Based on the reviews, users generally find the stability of Microsoft 365 Defender to be reliable and self-service oriented. There have been occasional instances of false positives and false negatives, but prompt responses from the provider have helped resolve these issues. While there was a recent incident where some URLs were incorrectly tagged, Microsoft quickly corrected the problem. Overall, the solution is considered stable, with low latency and few instances of downtime. Users rate the stability between seven and nine out of ten, with some room for improvement in certain scenarios. Despite a few bugs, they do not significantly impact the reliability or work done by organizations. In summary, Microsoft 365 Defender is regarded as a mature and stable solution.
The implementation of Microsoft 365 Defender has provided significant advantages to the organization. It has enhanced visibility into workstations and the ability to automatically remediate threats, reducing the need for manual intervention. The solution has automated routine tasks and high-value alerts, saving time and improving efficiency. Threat intelligence has helped the organization prepare for potential threats and take proactive steps. It has also helped prioritize threats and increased security across the entire ecosystem. The consolidation of security operations has improved response times and streamlined overall security operations. The solution has saved time and money for the organization. It has improved email security, reduced spam emails, and increased the delivery of trustworthy emails. The automation and consolidation of data have made it easier to detect and respond to threats. The solution has helped identify vulnerabilities, mitigate risks, and improve compliance. It has provided a comprehensive and deep threat protection. The integration with other Microsoft products, such as Defender for Cloud and Sentinel, has facilitated coordinated detection and response. The solution has saved time in detection and response and decreased incident response time.
The Microsoft 365 Defender has provided numerous benefits and cost savings for organizations. It consolidates necessary security measures into the comprehensive Microsoft 365 license, eliminating the need for separate third-party filtering solutions. This consolidation saves organizations from making additional purchases or managing multiple security solutions. The time it takes to respond to potential threats and detect them has significantly improved. The proactive approach of Microsoft 365 Defender has prevented future issues and associated costs. It has effectively identified and contained threats, saving organizations from extensive investments. The tool has also saved man-hours by automatically sifting through logs and connecting information during investigations. Compared to previous solutions, the return on investment has been positive. There have been no financial losses due to attacks, demonstrating the solution's effectiveness in defending against them. Legacy email gateways and antivirus on-premise solutions have been removed, resulting in ROI in project situations. The solution has also protected organizations from significant financial losses by preventing hacking incidents. The benefits of Microsoft 365 Defender were evident within a few weeks of deployment, although exact metrics are not provided.
The primary use case of Microsoft 365 Defender is for security purposes, including threat detection, email security, endpoint security, and securing the Office package. It is utilized in various environments such as workstations, cloud, hybrid models, and legacy systems. The solution is used to create policies for anti-spam, anti-malware, and anti-phishing, as well as for analyzing and monitoring system behavior. It is also used for securing email, SharePoint, and Teams environments, providing EDR and endpoint protection, and ensuring SOC 2 compliance. Microsoft 365 Defender integrates with other Microsoft products and offers insights and control over devices. Overall, it is recommended as a comprehensive security solution, particularly in cloud-based environments.
The most valuable features of Microsoft 365 Defender, according to the reviews, are the combination of all the capabilities and centralized management. Another valuable feature is the credit-backed simulation, which helps train users to effectively respond to phishing emails. The visibility provided by Microsoft 365 Defender is also highly appreciated, as it offers a comprehensive overview of threats and allows for specific criteria configuration. The ability to customize threat detection is seen as a valuable enhancement. Additionally, the solution's role-based access control and integration with other Microsoft solutions are considered helpful in protecting the organization from intruders and cyberattacks. The monitoring and connectivity across Microsoft and third-party connectors, as well as the advanced threat hunting capabilities, are also mentioned as valuable features. The DLP feature is highly praised for adding an extra layer of data protection, and the visibility into threats provided by the solution is described as amazing. The integration with other Microsoft products, such as Sentinel and Defender for Cloud Apps, is seen as seamless and beneficial.
Improvements needed for Microsoft 365 Defender include:
1. Enhanced support knowledge: The support team should be more knowledgeable to provide better assistance.
2. Improved accuracy and performance: The software may incorrectly flag legitimate emails as spam or have issues accurately classifying certain emails.
3. User-friendliness and simplification: The product is complex and requires a high level of technical expertise, making it challenging for beginners or less experienced individuals. It should be made more user-friendly and simplified.
4. Intrusion detection and prevention: The addition of intrusion detection and prevention capabilities would be beneficial.
5. Real-time feedback and prompt execution: Delays in the execution of actions and their effects, such as improving the secure score, should be minimized for a more timely response.
6. Additional visibility into log analytics: More specific details about the origin of malware, such as its source, would be helpful.
7. Integration with third-party products: Microsoft 365 Defender should provide better control and support for third-party cloud platforms and products.
8. Up-to-date and comprehensive documentation: The documentation on the Microsoft website should be refreshed and provide all necessary information.
9. Automation capabilities: The solution should offer better automation options, particularly when integrating with Microsoft Sentinel.
10. Reduction of complexity: The solution should be less policy-driven and provide more direct and streamlined solutions.
11. Bug fixes and flexibility: Microsoft should address bugs caused by the inclusion of too many features and make the solution more flexible during deployment.
12. Improved dashboard and reporting: The dashboard should be easier to use, and exporting or scheduling reports should be improved.
13. Support for non-Microsoft solutions: The solution should better support non-Microsoft products and offer compatibility with other operating systems.
14. Detailed information for experts: Microsoft should provide more in-depth information and use cases for experts to maximize the solution's usage.
15. More features in smaller licenses: Additional features should be included in smaller licenses to ensure comprehensive security.
16. Aesthetically pleasing dashboard and multi-language support: The dashboard should be visually appealing, and multi-language support should be available for all features.
17. Real-time updates and improved documentation: Changes made within the admin or security portals should be promptly communicated, and feature updates should be accurately reflected in the Knowledge Base.
18. Better information in summary reports: The summary reports should provide more detailed information to help administrators understand and resolve mail flow issues.
19. Integration with additional security features: Integration with features offered by other solutions, such as Malwarebytes, would enhance Microsoft 365 Defender.
20. Consolidated licensing and improved alerts: The licensing options should be consolidated, and alerts and notifications should provide more detailed information.
The initial setup for Microsoft 365 Defender can vary depending on the specific deployment scenario. It can be straightforward in most cases, but there are potential complications when dealing with scenarios like bringing your own device or managed devices. Generally, a pilot is done with the IT organization before deploying to the rest of the organization. The number of staff required for deployment typically ranges from 10 to 20. The deployment process varies from client to client, based on their business requirements and the RFP. An audit is usually performed beforehand to identify missing components or security controls. The deployment timeline depends on the client's chosen Microsoft product. There may be certain restrictions and limitations with Microsoft, and challenges can arise, such as moving mailboxes from on-prem Exchange to Exchange Online. A proper plan of action is followed, including a PoC, pilot, and migration of different departments. The overall deployment timeframe can take several months, with the involvement of a small team. Maintenance for Microsoft 365 Defender is generally handled by Microsoft, and the solution itself does not require much additional maintenance. The solution is considered easy to deploy since it is a cloud-based service. However, there may be challenges specific to the client's environment, such as removing old Symantec signatures or ensuring compatibility with target points. Overall, the initial setup is described as straightforward, easy, and not complex, but it may require time, planning, and the involvement of specific teams for maintenance and monitoring.
The reviews indicate that the scalability of Microsoft 365 Defender is highly commendable and one of its benefits. Users mention that it effortlessly accommodates an increasing number of users and seamlessly scales across them. The solution can be scaled up or down depending on the customer's environment and is suitable for both small and large environments. Licensing enables automatic scaling based on needs, and there are no limitations on the number of agents for Defender. It is used extensively across multiple departments and locations, including organizations with thousands of users. The product's scalability has been good and has not caused any problems for users.
The customer service and support of Microsoft 365 Defender have received mixed reviews. Some users have expressed dissatisfaction with the support, mentioning issues such as a lack of knowledge and difficulty in resolving problems. However, others have praised the technical support, highlighting quick response times and effective resolution of specific incidents. The quality of support seems to vary depending on the engineer handling the ticket, with some users experiencing poor support while others have had positive experiences. There are also mentions of support being redirected to third-party vendors, which some users find less satisfactory.
Based on the reviews, users generally find the stability of Microsoft 365 Defender to be reliable and self-service oriented. There have been occasional instances of false positives and false negatives, but prompt responses from the provider have helped resolve these issues. While there was a recent incident where some URLs were incorrectly tagged, Microsoft quickly corrected the problem. Overall, the solution is considered stable, with low latency and few instances of downtime. Users rate the stability between seven and nine out of ten, with some room for improvement in certain scenarios. Despite a few bugs, they do not significantly impact the reliability or work done by organizations. In summary, Microsoft 365 Defender is regarded as a mature and stable solution.
The implementation of Microsoft 365 Defender has provided significant advantages to the organization. It has enhanced visibility into workstations and the ability to automatically remediate threats, reducing the need for manual intervention. The solution has automated routine tasks and high-value alerts, saving time and improving efficiency. Threat intelligence has helped the organization prepare for potential threats and take proactive steps. It has also helped prioritize threats and increased security across the entire ecosystem. The consolidation of security operations has improved response times and streamlined overall security operations. The solution has saved time and money for the organization. It has improved email security, reduced spam emails, and increased the delivery of trustworthy emails. The automation and consolidation of data have made it easier to detect and respond to threats. The solution has helped identify vulnerabilities, mitigate risks, and improve compliance. It has provided a comprehensive and deep threat protection. The integration with other Microsoft products, such as Defender for Cloud and Sentinel, has facilitated coordinated detection and response. The solution has saved time in detection and response and decreased incident response time.
- Reduce signal noise by viewing prioritized incidents in a single dashboard.
- Use the automated investigation capabilities to spend less time on detection and response.
- Take care of routine and complex remediation with Microsoft 365 Defender by auto-healing affected assets.
- Hunt across all your data, leveraging your organizational knowledge with custom queries.
- Develop custom detection and response tools for long-term protection and improved security posture.
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
Microsoft 365 Defender was previously known as Microsoft Threat Protection, MS 365 Defender.
Microsoft 365 Defender is the #1 ranked solution in top Microsoft Security Suite tools, #4 ranked solution in XDR Security products, and #6 ranked solution in EDR tools. PeerSpot users give Microsoft 365 Defender an average rating of 8.4 out of 10. Microsoft 365 Defender is most commonly compared to Microsoft Defender for Cloud: Microsoft 365 Defender vs Microsoft Defender for Cloud. Microsoft 365 Defender is popular among the large enterprise segment, accounting for 59% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.