Microsoft Defender for Endpoint Reviews

Name: Microsoft Defender for Endpoint
Brand: Microsoft
Rating: 4 (96 reviews)

Vendor: Microsoft

4.1 out of 5

96 reviews

4,029 followers

Post review

What is Microsoft Defender for Endpoint?UNIXBusinessApplication
Price:

Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks.

With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to quickly investigate and respond to security incidents. It provides detailed insights into the attack timeline, enabling security teams to understand the scope and impact of an incident.

Microsoft Defender for Endpoint also offers proactive threat hunting, allowing organizations to proactively search for and identify potential threats within their network. It integrates seamlessly with other Microsoft security solutions, such as Microsoft 365 Defender, to provide a unified and holistic security approach. With its centralized management console, organizations can easily deploy, configure, and monitor the security solution across their entire network.

Microsoft Defender for Endpoint is a robust and scalable security solution that helps organizations protect their endpoints and data from evolving cyber threats.

Get the Microsoft Defender for Endpoint Buyer's Guide and find out what your peers are saying about Microsoft Defender for Endpoint, Intercept X Endpoint, Symantec Endpoint Security and more!

Buyer's Guide

Microsoft Defender for Endpoint

September 2023

Get the report

Helped 734,156 peers since 2012

Featured reviews

SimonThornton

Cyber Security Services Operations Manager at a aerospace/defense firm with 201-500 employees

Jul 17, 2022

The catch with ATP is you have to have the right Microsoft license. The licensing of ATP is linked to the licensing of Office 365. You have to have an E3 or an E5 license. If you have a small office license, it is not possible for you. Another challenge is that it is not a multi-tenant solution. Microsoft's tenant is a licensed tenant. I'm an MSSP. So, I have multiple customers. In Microsoft's world, that means that I can't just buy an E5 license and give that out to all my customers. That won't work because all of the customer data resides within a single tenant in Microsoft's world. Other products—such as SentinelOne, Palo Alto Cortex, CrowdStrike, et cetera—are multi-tenant. So, I can have it at the top of the pyramid for my analyst to look into it and see all the customers, but each customer's data is separate. If the customer wants to look at what we see, they would only see their data, whereas in the Microsoft world, if I've got multiple customers connected to the same Microsoft tenant, they would see everybody else's data, which is a privacy problem in Europe. It is not possible to share the data, and it is a breach of privacy. So, the licensing and the privacy aspect makes it problematic in some situations. It is also very complicated. If you decide to outsource your monitoring through an MSSP, the model for allowing the MSSP to connect to your Defender cloud is very complicated. In Office 365, it is relatively simple, but because of the way it has been done in Defender—because Defender is not part of the same cloud—it is a mess. It is possible, and it is workable, but it is probably one of the most complicated integrations we do. It is still clunky as compared to products like Cisco AMP, SentinelOne, and CrowdStrike. Microsoft took the Defender product, and they bolted on the extra features, but you can see that there are different development teams working on it. Some features are well integrated, and some features are not. They keep on improving it, and it is better than it was. It is better than an unmanaged solution, but it is far from perfect.

Read full review

Daniel_Ndiba

Assistant Manager - Cyber & Cloud Security at a financial services firm with 1,001-5,000 employees

Oct 9, 2022

Automation is one of the areas that need improvement because if you fully automate, then there's a high chance that you're going to be blocking a lot of actual false positives. With the XDR dashboard, when you're doing an investigation and you're drilling down to obtain further details it tends to open many different tabs that take you away from your main tabs. You can end up having 10 tabs open for one investigation. This is another area for improvement because you can end up getting lost in multiple tabs. Therefore, the central console can be improved so that it does not take you to several different pages for each investigation. Microsoft keeps changing the name of the solution, and when we go to senior management to ask for a budget, they think you're asking for a different solution. It would be great if Microsoft could decide that Defender for Endpoint is the name and stick with it.

Read full review

Moe

Infrastructure and Security Manager at a sports company with 11-50 employees

Aug 2, 2022

If you consider our organization, we are a fairly Mac-heavy organization. At the moment, around 80% of our fleet are Mac OSs. We made a conscious decision to roll out Defender for Endpoint against all our endpoints, whether it is Windows or Mac OS. However, one thing that we have noticed is that there is definitely no parity on the platform between the two operating systems. When you are configuring, deploying, and onboarding machines, you can get very granular with your security configuration when you are deploying it to a Windows's endpoint. For Mac OS, it is a lot more straightforward. You don't have the ability to apply as much configuration as you would on Windows. That is definitely something that has room for improvement. I am also not sure how well the EDR functionality works on the Mac OS platform. It just provides an antivirus and the full EDR capability is not there on a Mac OS. The web filtering needs a little bit of work. We are actually in the market at the moment for a third-party web filter or cloud secure web gateway to try and plug that hole since it is a bit of a pain point for us. I don't think we will use the baked in version from Defender for Endpoint. On the Mac OS platform, there is no parity between Windows and Mac OS. The solution is very feature-rich and very well-integrated into Windows, and I guess baked into Windows 10 and Windows 11. Whereas, on the Mac OS platform, there is still some work there to give it a more feature-reach platform.

Read full review

Pricing

The pricing, setup cost, and licensing for Microsoft Defender for Endpoint vary based on different factors. The solution is included with a Microsoft E5 license, making it a cost-effective option when bundled with other Microsoft solutions. However, as a standalone solution, it can be costly.

The licensing costs are generally reasonable, and there is an additional cost for Microsoft Premier support. Some users have found that the solution saved them money compared to other products they were using. The price can be higher for specific markets, such as the Indian market.

Microsoft offers flexible licensing options, including monthly or yearly subscriptions. The solution is available at different price points depending on the configuration and licensing program.

Some users have negotiated pricing, while others have obtained subsidized licensing.

ROI

Using Microsoft Defender for Endpoint has resulted in a positive return on investment for organizations. By consolidating all necessary components into a single solution, it eliminates the need for additional vendors and extra costs. The exact amount of money saved is difficult to measure, as it depends on the occurrence and impact of potential attacks. Over the years, organizations have witnessed a return on investment in terms of improved protection against threats.

Primary Use Case

The primary use case of Microsoft Defender for Endpoint is as an enterprise security solution. It serves as an antivirus and EDR, providing integrated security with the operating system. The product is used to secure customers' networks and offers seamless integration with other Microsoft products, facilitating incident investigation and correlation with other security measures.

The solution is deployed to manage firewalls, provide endpoint security, and protect against virus and malware attacks. It is also used for managing compliance and consolidating security aspects into a centralized portal.

Microsoft Defender for Endpoint is deployed on various devices, including Windows 10 endpoints and servers, and is integrated with other Microsoft security products for coordinated detection and response across the environment. It offers visibility and protection for both on-premises and cloud-based environments, including multi-cloud solutions.

The solution is used for vulnerability scanning, threat prevention, and threat detection, and it provides a centralized console dashboard for monitoring and managing security operations. It is also utilized for endpoint detection and response (EDR), extended detection and response (XDR), and for protecting personal and business information.

Valuable Features

The most valuable features of Microsoft Defender for Endpoint include:

- Automatic investigation of packages and collection of data and information

- Integration with the operating system and access to software inventories and registries

- Advanced hunting and customized detection capabilities

- Real-time detection and cloud-based delivery of detections

- Good visibility into threats and threat intelligence

- Easy to load and runs quietly in the background

- Ability to bring together all data and provide comprehensive information

- Alerting, policies, and threat-hunting capabilities

- File protection and security score

- Interaction with other Microsoft solutions and integration with Azure and other systems

- Monitoring and blocking of threats, proactive threat detection, and prevention - Centralized dashboard for monitoring and management

- Simplified deployment and scalability

- Integration with SIEM tools and other security products

- Vulnerability management and reporting analytics

- User-friendly interface and ease of use - Performance, stability, and reliability

- Seamless integration with Microsoft ecosystem and other Microsoft solutions

Room for Improvement

Improvements for Microsoft Defender for Endpoint mentioned in the reviews include:

- The profiling method for creating antivirus profiles for Linux needs to be more user-friendly and improved.

- Additional features related to device control, such as automatic syncing of devices without dependency on other products like Intune or Azure, are desired.

- The application control feature needs improvement, including a better GUI for configuring policies and more documentation.

- The policy configuration process could be more streamlined and integrated within Microsoft Defender for Endpoint.

- The frequent changes in product names, portal designs, and included features can be confusing and frustrating for users.

- The stability of the solution could be improved.

- More advertising and promotion of the features of Microsoft Defender for Endpoint is desired.

- The solution lacks customization options compared to other products, and a single portal for customization would be beneficial.

- Significant expertise is required to maximize visibility into threats, and the solution could provide better visibility and root cause analysis for threats.

- Integration with third-party tools and systems, such as firewalls and other cloud vendors, needs improvement.

- The amount of data logging and storage can be overwhelming and costly, and there is a need for easier management and storage options.

- The solution's capabilities on different operating systems, such as Mac OS and Linux, need to be more balanced and feature-rich.

- There is a need for better management reporting, granularity in security configuration, and improved UI.

- Integration with other Microsoft security technologies and consolidation of dashboards would be beneficial.

- The solution should provide more customizable reporting options and prioritize security incidents.

- Improvements in automation, user interface, and simplification of the management infrastructure are desired.

- The solution should provide more comprehensive web filtering capabilities.

- The ability to isolate a certain amount of time on the timeline and improve the user experience for investigations is needed.

- The learning curve for using the solution can be steep, and more training resources and refinement of wizards are needed.

- There should be better support for on-premises security and monitoring, especially for Active Directory.

- The solution should have better integration with different platforms and systems, including third-party tools and SIEM solutions.

- The solution's resource usage, CPU strain, and battery consumption need improvement.

- The licensing model could be more transparent and flexible, especially for multi-tenant environments.

- The solution should provide better support for non-Windows products and improve email security integration.

- The solution should offer better GUI customization, automation, and a simplified SIEM for easier management.

- Reporting, patch management, and exception management capabilities need improvement.

- The solution should provide better support for Mac OS and enhance web filtering capabilities.

- The solution's deployment and setup process could be more straightforward and simplified.

- Security effectiveness, reporting speed, and user-friendliness could be improved.

- The solution should be more secure, provide better security features, and prioritize security enhancements.

- Integration with third-party systems and platforms should be improved, and more user-friendly dashboards and features are desired.

- The solution should be more scalable, have a single pane of glass for management, and reduce dependencies on other Microsoft services.

- The solution should improve detection capabilities, reporting, and support for third-party platforms.

- More frequent updates, better reporting, and improved user experience are needed.

- The solution should provide a more holistic approach, collaboration capabilities, and better management reporting.

- The user interface and customization options could be optimized, and the solution should offer more telemetry and automation capabilities.

- The solution should improve security aspects, email security, and the ability to handle non-signature-based attacks.

- The solution should provide more integration, faster reporting, and better management features.

- The solution should be more secure, provide better visibility, and reduce complexity in deployment and management.

- The solution should improve security features, reporting, and customization options.

- The solution should provide better integration, reporting, and management capabilities.

- The solution should improve reporting speed, and management interface, and provide a better UI.

- The solution should improve security and reporting, and prioritize high-risk vulnerabilities.

Initial Setup

The initial setup for Microsoft Defender for Endpoint varies depending on the client's environment. For some, it is straightforward and can be done in a few hours. In these cases, the deployment is done through scripts, GPO packages, or MDM solutions.

For larger organizations with complex networks and systems, the setup can be more complex and time-consuming. It may require the expertise of multiple consultants and take several months to complete.

Scalability

The solution of Microsoft Defender for Endpoint has received positive feedback regarding its scalability. Users have mentioned that it can scale effectively regardless of the size of the environment. It is capable of being used in small and large environments without any issues. The solution can accommodate a growing number of users.

The solution is cloud-based, making it highly scalable and capable of handling large numbers of users and devices.

Customer Service and Support

Customer service and support of Microsoft Defender for Endpoint is mixed. Some customers have praised the technical support team, mentioning their knowledge and ability to escalate issues to higher levels of support. Promptness in transferring tickets to capable representatives and providing seamless resolutions have been appreciated.

However, there have also been instances of delays and tickets being routed to the wrong team, resulting in slower support. The level of support seems to vary depending on the support contract, with the premier support contract being more efficient.

Stability

The stability of Microsoft Defender for Endpoint is highly praised by users. They consistently mention that the solution is stable and reliable, with no bugs or glitches. Users have not experienced crashes or freezing, and the performance has been good. Some users mention occasional internet connection issues, however, overall, they find the solution to be stable. It is also noted that Microsoft has been proactive in addressing stability issues and providing patches when necessary.