Microsoft Defender for Endpoint Pros review quotes

MA
Infrastructure and Security Manager at a sports company with 11-50 employees
Aug 2, 2022
This solution definitely increases our security posture. When you are reviewing your existing fleet or endpoints and based on the configuration that you put out of your Defender for Endpoint, you then receive a security score from Microsoft. Depending on what rules you have configured, what policies you have deployed, and what attack surface reduction rules that you have set up and deployed, it is almost gamifying information security in the sense that you are always trying to achieve a higher score. The more hardening you perform on your endpoints, the better score you receive. This generally tends to give you a better peace of mind, but also makes you secure at the same time.
JH
Sr. Lead Consultant at catapult
Sep 21, 2022
In my opinion, the most valuable aspects are the reporting analytics and integration with Sentinel. Defender does an excellent job of correlating the different entities that comprise threat analysis, analytics data, and log analytics. It helps to piece together investigations into any exploit or malicious activity within a specific tenant. AI and analytics tools are probably the most valuable components.
SimonThornton - PeerSpot reviewer
Cyber Security Services Operations Manager at a aerospace/defense firm with 201-500 employees
Jul 17, 2022
I like the process visibility. This ability to visualize how something was executed is valuable, and the fact that Defender ATP is also linked to the threat intelligence that they have is also valuable. So, even if you have something that doesn't have a conventional signature, the fact that you get this strange execution means that you can detect things that are normally not visible.
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
734,678 professionals have used our research since 2012.
BE
Vice President of IT at a healthcare company
Feb 11, 2023
For threat-hunting, I'll put some threats in a test scenario. I've downloaded known viruses that are out in the public for testing. They're not really a virus but they've got a signature. Defender for Endpoint will automatically find those, quarantine them for me, and alert me to what it did. It gives me "automated eyes."
SM
Head of Security at Mannai Microsoft Solutions
Aug 17, 2023
We can run the virus scan across our entire environment.
FM
Sr Principal Cybersecurity Engineer at a transportation company with 10,001+ employees
Oct 9, 2022
The threat hunting service is very useful for a security professional.
Daniel_Ndiba - PeerSpot reviewer
Assistant Manager - Cyber & Cloud Security at a financial services firm with 1,001-5,000 employees
Oct 9, 2022
It's very easy to scale because it comes built-in with Windows 10, and you just need to enable it. This can be done on scale using group policies or through Endpoint Manager on cloud or Intune.
MC
Senior Consultant - Cloud & Infrastructure Security at Avanade
Apr 6, 2023
The most valuable aspect is information, specifically the automatic investigation of packages.
Harris Koko - PeerSpot reviewer
Security Consultant at Accenture
Jan 17, 2023
There are some competitive products on the market, but the best is Microsoft Defender because it's very easy to integrate. That's one reason a lot of clients want Microsoft Defender. It's also very easy to implement compared to other solutions.
AP
Associate Director-Technology Consultancy at a consultancy with 1,001-5,000 employees
Nov 21, 2022
The most important feature is the way it monitors the threats and blocks them. About 10 days ago, we were implementing SOC for a particular client. The SOC was not yet implemented, but they had Microsoft Defender. That organization was hit by some ransomware, but the hacker could not succeed. Because of the EDR, the hacker could not install the hacking tools. They were trying to do that, but Microsoft Defender completely blocked that. The hacker could log into the system, but they could not install anything.

Microsoft Defender for Endpoint Cons review quotes

MA
Infrastructure and Security Manager at a sports company with 11-50 employees
Aug 2, 2022
On the Mac OS platform, there is no parity between Windows and Mac OS. The solution is very feature-rich and very well-integrated into Windows, and I guess baked into Windows 10 and Windows 11. Whereas, on the Mac OS platform, there is still some work there to give it a more feature-reach platform.
JH
Sr. Lead Consultant at catapult
Sep 21, 2022
Localization is always a challenge, especially with new products you typically want. Solutions are designed to be deployed where the most licenses are being consumed, such as in the United States. They focus on US products, devices, and networks. Specialized deployments for other countries would allow for a smoother experience in transition.
SimonThornton - PeerSpot reviewer
Cyber Security Services Operations Manager at a aerospace/defense firm with 201-500 employees
Jul 17, 2022
A challenge is that it is not a multi-tenant solution. Microsoft's tenant is a licensed tenant. I'm an MSSP. So, I have multiple customers. In Microsoft's world, that means that I can't just buy an E5 license and give that out to all my customers. That won't work because all of the customer data resides within a single tenant in Microsoft's world. Other products—such as SentinelOne, Palo Alto Cortex, CrowdStrike, et cetera—are multi-tenant. So, I can have it at the top of the pyramid for my analyst to look into it and see all the customers, but each customer's data is separate. If the customer wants to look at what we see, they would only see their data, whereas in the Microsoft world, if I've got multiple customers connected to the same Microsoft tenant, they would see everybody else's data, which is a privacy problem in Europe. It is not possible to share the data, and it is a breach of privacy.
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
734,678 professionals have used our research since 2012.
BE
Vice President of IT at a healthcare company
Feb 11, 2023
In active mode, it's great that it gives you so much information, but it does record every keystroke so you have a lot of logs... that amount of data logging started to add up in the cost.
SM
Head of Security at Mannai Microsoft Solutions
Aug 17, 2023
Some of the integrations that Defender should include involve the use of the web app.
FM
Sr Principal Cybersecurity Engineer at a transportation company with 10,001+ employees
Oct 9, 2022
My main issue with the tool is that there are too many menus. This causes a steep learning curve for those without training or unfamiliar with Defender for Endpoint. From an end-user perspective, the solution is there on the machine and does its job; it works seamlessly. However, as a security professional dealing with it behind the scenes, the learning curve can be steep, but not too steep. Still, it has taken some of my analysts up to a month to get familiar with the product.
Daniel_Ndiba - PeerSpot reviewer
Assistant Manager - Cyber & Cloud Security at a financial services firm with 1,001-5,000 employees
Oct 9, 2022
With the XDR dashboard, when you're doing an investigation and you're drilling down to obtain further details it tends to open many different tabs that take you away from your main tabs. You can end up having 10 tabs open for one investigation. This is another area for improvement because you can end up getting lost in the multiple tabs. Therefore, the central console can be improved so that it does not take you to several different pages for each investigation.
MC
Senior Consultant - Cloud & Infrastructure Security at Avanade
Apr 6, 2023
The profiling method currently in use is not very user-friendly and has ample scope for improvement.
Harris Koko - PeerSpot reviewer
Security Consultant at Accenture
Jan 17, 2023
We would like to see more tools for managing on-premises security... Sometimes, we have the tools, like Defender, to manage security in the cloud, but because we are so focused on the cloud, we forget the fact that we need to be sure about the security of the on-premises environment, specifically Active Directory.
AP
Associate Director-Technology Consultancy at a consultancy with 1,001-5,000 employees
Nov 21, 2022
It should support non-Windows products better. Microsoft is now one of the leading vendors in the security area. So, they should be product-independent.