Microsoft Defender for Endpoint Reviews

It's used to improve the security score for the whole system, even if it is the cloud or on-premises version.

The security is very useful.

Its stability is okay.

The solution can scale. 

Technical support has been great.

There's no setup process; a user simply needs to enable it to get started.

We'd like the stability to be better.

I've been using the solution for about two years. 

The solution is stable. There are no bugs or glitches and it doesn't crash or freeze. It's reliable and the performance is good.

The product can scale if a company needs it to.

There's a big number of users on the solution in our company. It's likely more than 400 users. 

We've dealt with support in the past and found them to be very helpful. We're quite satisfied with the level of service. 

I'm also familiar with Trend Micro, which is similar. However, Defender is specific to Microsoft.

The company does use more than one solution as well. 

There's not really an installation process. A user simply needs to enable it. That's all.

We pay a yearly licensing fee.

I'd rate the solution eight out of ten.

Microsoft Defender for Endpoint can be used for system protection. For example, anti-virus, malware, and EDR.

The most valuable feature of Microsoft Defender for Endpoint is that it is embedded into the Windows system. Additionally, the performance is good and simple to maintain.

Microsoft Defender for Endpoint is secure but when it comes to security all solutions could improve security.

I have been using Microsoft Defender for Endpoint for a couple of years.

Microsoft Defender for Endpoint has been stable in our usage.

We have more than 5,000 users using this solution.

We are quite satisfied with the support.

We use many solutions in our company, such as Panda, Trend Micro, McAfee, Microsoft, and FireEye.

There is no installation required.

We have a five-person technical team that supports this solution.

The solutions price could be cheaper.

I recommend this solution to others.

I rate Microsoft Defender for Endpoint an eight out of ten.

We are using it as the antivirus as well as the malware protection.

We have not had any attacks, in terms of viruses, worms, or ransomware, in the last three years.

The impact of the solution has been minimal. Employees can work with any interruptions.

The folders and files protection are its most valuable features. These have been valuable because of the increase in ransomware attacks. With these two features, I can ensure that no changes have been made to our system or endpoint folders and files without the user being aware.

I wish they would extend the use of the Security Central portal, even for the free option of Defender. Because, as companies grow, it is labor intensive to manage the AV and detection part of it. For companies already subscribed to Office 365, I think this would be a good enhancement.

I have been using it for three years.

It is quite stable. We have not had any cases, i.e., viruses, that would require a reboot, etc. We have never had a situation where we needed to reinstall the tools as a result of the Defender application or a feature being corrupt.

Four IT support technicians are responsible for administrating Microsoft Defender in our organization. They make sure that upgrades and updates are done in a good timeframe.

Its scalability is good enough. As long as you deploy the OS, you will keep on deploying Microsoft Defender automatically. This is a good option.

We have about 375 endpoints.

I have never used their support.

Before Microsoft Defender, we were using Bitdefender. Before Bitdefender, we were using McAfee Symantec.

We switched to Microsoft Defender because there was a change of ownership for the company in 2017.

We went for Microsoft Defender once we were informed that it would be part of our Office 365 package. So, we combined the licensing for the OS with Office 365. Yeah. We thought it was a good bargain.

The initial setup was straightforward.

The deployment takes a maximum of half an hour.

We have seen ROI. Most of the other competing alternatives will cost up to around $30 per user device. We average 400 devices. Therefore, the amount that we save each year is 400 times $30.

We have been using the free version.

Microsoft Defender is good enough as long as you ensure the environment is well-patched and secure, then even the free option will be sufficient to take care of the entire ground.

We are not looking to increase usage at the moment because of the underlying economic situation.

I would rate this solution as nine out of 10.

We are using this product as part of our EDR solution, and we use it in conjunction with CrowdStrike. We are a solution provider and this is one of the products that we deploy for our clients.

This product has features that improve our security posture including good vulnerability detection, maintaining endpoint devices, and unified management. The management feature allows us to manage all of our devices from a single location.

The advanced techniques used by Microsoft Defender are improving our user experience. Our users used to complain that they didn't need certain features, but this was because the legacy antivirus and other EDR solutions were hampering their usage. Nowadays, vulnerability detection is very effective and they are comfortable with the security, as well as the administration, giving them a better overall experience.

The most valuable feature is threat detection. We have been notified of viruses and threats of problems such as ransomware attacks.

The Cloud App Security features are useful.

We apply the DLP policies across a range of endpoints and it is very accurate when reporting vulnerabilities, including those in email attachments.

Microsoft Defender integrates well with Office 365.

Especially these days, with the COVID situation, this product helps us to better reach our users and solve problems. For example, we no longer need to ask them to bring in their laptop to check for and address issues. We can apply policy, automatically define rules, and remedy problems using the central management features. 

It would be helpful if they included XDR features, on top of the EDR functionality. It would improve the capabilities, as XDR solutions are doing better.

I have been working with Microsoft Defender for Endpoint for almost a year, with the E5 licenses.

Stability-wise, it is responsive and I don't see any drawbacks. They have additional features that make it a little more robust.

Scalability-wise, considering the integration that they have, it's good. For example, it can be integrated with Azure Sentinel. We have two or three people who work with managing and deploying this product.

We deploy across Qatar and currently have about 68,000 endpoints protected with Defender. Our usage will increase based on the number of clients we have that buy the product. Ultimately, it depends on the licensing model.

Prior to working with Microsoft Defender, we used CrowdStrike and SentinelOne. We switched because these other products are standalone, and require that we install and maintain them manually. Microsoft Defender is unified and comes as part of Microsoft 365, which makes it easier to set up and manage.

The advantage that these other products have is the XDR features.

The initial setup is straightforward. We deploy this product using Microsoft Intune, which is very helpful. It took us one month to deploy approximately 5,000 users. We had a specific plan that we followed for the implementation. 

I completed the deployment.

This product offers cost-effective threat protection, which integrates with Office 365 and has unified endpoint management features.

We currently use the enterprise-level, E5 licensing scheme. It is a complete bundle that includes the Microsoft 365 products, the Zero Trust solution, and Microsoft Defender.

The E5 license is the one that I recommend because it comes with Cloud App Security, which is a good thing to have on top of Microsoft Defender. It means that you can monitor any threats, sign-in attempts, and other resources whether on the cloud or on-premises.

I would rate this solution an eight out of ten.

We use it to protect computers or endpoints from any malicious software, malware, and other viruses. You have to use this one as part of your overall protection plan.

The deployment of Microsoft Defender for Endpoint is a no-brainer when it comes to Windows. When you provision a new laptop for your environment, it comes with it. We use Intune to be seen on the cloud for centralized management. There's actually a console where you can go in and manage it properly, and we use Intune to deliver the onboarding.

I like that it's easy to deploy because it already comes with Windows 10. Overall, it has all the features that we need. Easy to deploy, comes with updates, and comes with Windows updates. You don't have to really manage or update the signature.

Integration with third-party vendors could be better. It would be better if it integrates with other protection solutions or other products outside of Microsoft. Nowadays, anti-virus protection doesn't really have to be planned as overall protection for your environment in terms of security. There are really different avenues that bad actors can take to wreak havoc on your machine. 

We don't just use anti-virus. That's really like a traditional way of doing it. We have different kinds of protections. We have our advanced threat protection for email, and we have advanced threats analytics for domain controllers for servers. We use all those. 

I have been using Microsoft Defender for Endpoint for three or four years.

It's very reliable and very dependable. I don't see any issues with it. In fact, it's the best product I have used because it's integrated with Windows 10. It doesn't eat up resources while running like other products. It's a really well-thought product.

It can scale as much as you want. It installs a very low footprint on your laptop, but the management is cloud-based.

Technical support is average. We call technical support very rarely for this particular product, but it's actually hit or miss with Microsoft. Sometimes you get a good person on the other line. Sometimes you get someone that's slow in providing support.

I've used many products in the past, and I liked this one because I can't really find that many issues with it. I used McAfee, Symantec, CrowdStrike, and different anti-malware and anti-virus programs, but this seems to be good.

We switched because we're Microsoft partners, and we're actually kind of biased about it. We also implement other products because some of our clients use them. It's very hard to convince them to go with another product. Sometimes because of the existing subscriptions, they are unable to make the switch.

The initial setup is straightforward.

We are a Microsoft partner and consultants. We implement these solutions.

Microsoft Defender for Endpoint comes with Windows 10, and it's free. But for you to be able to manage it in the cloud and use the console, you need to have either an Office 365 E5 subscription or a Microsoft M365 subscription. You need to buy an extra license.

If you're looking for anti-virus software, use the one that comes with Windows 10, and save your money.

On a scale from one to ten, I would give Microsoft Defender for Endpoint a ten.

We use Microsoft Defender for Endpoint to secure our workstations, laptops, and servers. It helps us to do virus scanning and malware protection. 

Microsoft Defender for Endpoint is free and part of the licensing stack of other Microsoft products. 

The product should reduce updates since it is hard to keep up. 

I have been using the product for three to four years. 

The tool's deployment was simple. It took about a month to complete since we have over 5000 servers across various platforms. 

Microsoft Defender for Endpoint helps us save time since we don't have to keep a separate semantic console. 

We can see the threats as soon as they come in. Our security team gets notifications. 

I rate it an eight out of ten. 

We used it as an EPP and EDR solution. 

Microsoft Defender made the work quite easy because we didn't have to rely on multiple tools, and we could look at one thing. It had a specific endpoint-level reporting standard as well where you can see the vulnerable threats and the outdated versions. It was very convenient.

We had certain compliance and usage issues. For example, our company wanted to go with CIS, but we didn't have a proper way of measuring whether the endpoints have the right standards in place or whether they were compliant with CIS. Microsoft Defender was like a one-stop for most things because it gave us the vulnerability and patching scores so that our vulnerability management teams can focus on covering up the vulnerabilities and the patching team can check the vulnerable versions and deploy the right versions. It had multiple advantages for us in terms of patching, vulnerability management, adhering to security standards, and EDR and AV capabilities. 

Microsoft Defender was pretty interesting in terms of visibility. When we compare the solution that we had before with Microsoft Defender, there is almost a night and day difference. Microsoft Defender is pretty advanced with the threats. We used to run, simulate, and see whether we were prone to the latest vulnerabilities. It was a pretty good solution in our experience.

It definitely saved us a lot of time. I don't have the metrics, but because it was a one-stop place, we didn't have to navigate through all the controls and go from one place to another to look for different reports for each section. We had one tool that could do everything in one place. It would have definitely saved us nearly one-fifth or 20% of the time. It would have also saved money because you rely on one single tool for multiple things. When you go with the premium suite, you get other tools as well. There is definitely a cost-saving aspect.

It came in a suite. There were multiple other products that were included with it as well in the premium suite. Another factor was that you don't have to invest in two products, and you can get both components, the EPP and the EDR, in one. You can also do simple vulnerability management, CIS hardening, and things like that from Microsoft Defender. Those were the main reasons for considering it back then.

I haven't used the product in nearly eight months. I use it on my device, but I haven't used it at an administrative level. Previously, with Microsoft Defender, we used to have certain problems with the Mac machines, but later on, they came up with various ways so that we could use the MDM solution to do the job. They provided pretty good support. Their engineers came and tried to figure out the solution.

I'm not too sure of its current capabilities, but I'm pretty sure they are doing a good job on Windows and Mac. However, I'm not sure whether they covered Linux. If I remember correctly, Microsoft Defender didn't have anything proper on Linux back then, but if they have improved it from that aspect, it would already be ticking all the boxes.

I have used Microsoft Defender for eight months to one year in my previous organization.

In comparison to the other solutions that I've had experience with, Microsoft Defender was very good.

It was definitely scalable. In my previous organization, we enrolled more than 20,000 endpoints.

It was pretty good. At that time, Microsoft Defender was very new. When they released it for Mac, that's when we got hold of them. There was a time when their support engineers learned certain things from me about it, and I also did learn something from them. It was a win-win situation for both of us.

I would rate their support a seven out of them. The level of support depends on the complexity of the issue. If an issue is small, anyone can solve it, and it wouldn't take much time, but when you run into a complex problem, you need proper people coming in quickly and giving you some support after looking into the issue. Ideally, if they are very well-trained at all levels, that would be good.

Neutral

We had other products for antivirus and EDR. We removed those two products and replaced them with Microsoft Defender. They both were pretty good solutions in the market back then. One of them is a pretty good solution even now.

We found Microsoft Defender pretty good when we did the PoC as compared to the rest of the tools. Some of the solutions were only antivirus, and some of them were only EDR, whereas this particular tool had a lot of features built into it. So, one agent could do many things. Another reason for going for this solution was that the company I used to work with was a bit biased toward Microsoft. They were a Microsoft customer, and they were comfortable with Microsoft. 

The reliability of support was one of the reasons why we chose Microsoft. When it comes to tools, there are always requirements related to budget, level of support, and other things. When you go for a PoC and look at the demo, you might think a product is stable, but when you run into a problem, the support could be weak. In such instances, what's the use of the product if you don't have good support or if they take at least two to three days to solve a small issue?

I handled the Mac machine part of it. Initially, setting up policies and getting all the configuration profiles in place was a bit of a challenge because they didn't have proper documentation at first. During the PoC, there were not many documents or support articles, but when we were in the deployment phase, they had everything, even specific to particular MDMs, which made it very smooth. We ran into a couple of small problems, but that's pretty common in every deployment. Other than that, it was pretty smooth. 

From Microsoft's side, there is a pretty good deployment strategy in place, but different companies have different objectives and different ways of working. There are situations where certain users and groups might need something specific but other users or groups don't. There could be multiple groups of users with different expectations. So, it is pretty straightforward, but like with any security tool, there could be internal user-level challenges. However, for a company that does not have a very complex environment, it should be a piece of cake. It should be pretty easy.

In terms of our implementation strategy, we first targeted the least impacted devices because we didn't want high-end or critical users complaining about having issues. So, we selected the low-priority users and implemented it for them, and then we tested it out. After that, we implemented it for users with higher priorities. We gradually moved based on the severity.

In terms of maintenance, agent updates are required, which we scheduled automatically. It didn't seem to need much attention. If the product is in a non-complex environment, it won't have many issues, but in a complex environment, there will be some because of VLAN restrictions, network connectivity limitations, etc. We also had issues where agents were not communicating, but it was not because of an issue with the tool. It was mainly because of the complexity of the environment in terms of networking and architecture.

Microsoft Defender decreased our time to detect and time to respond. However, we didn't completely rely on one solution. We had other means as well. We used to have another EDR solution as well, and we used to run both together.

I would definitely agree with a security colleague who says that it’s better to go with a best-of-breed strategy rather than a single vendor’s security suite. For example, if you are a one-vendor customer, the day the vendor gets hit with zero-day or any huge attack, none of your tools or software would work. Your data and other things are also at risk. So, having multiple vendors is good because you'll be covered by different products. 

Microsoft Defender's threat intelligence helps to prepare for potential threats before they hit and take practice steps, but there was another team that was using the threat intelligence and reporting capabilities to see whether the organization was ready. In my previous organization, we had overall IT support, which was then divided into nearly 20 different teams. We had one team specifically to do one specific job. 

For prioritization of threats, if I'm not wrong, Microsoft Defender gives you a severity value. I haven't been in the admin part for long, but it gives you a severity value. Based on that, you can prioritize your threats.

I would rate Microsoft Defender an eight out of ten. 

We use a package of Microsoft security products, including Defender for Endpoint, 365 Defender, Sentinel, and Defender for Identity. You can integrate them with a few clicks. They work together natively, and Sentinel provides advanced monitoring, so you know everything happening in your environment.

It's essential to have one space where you can manage all these solutions together because security can be complicated. It makes it that much more complex to have to navigate to a different portal for identity, email, etc. It's crucial to have a single place to manage all your security operations, so you don't have to move around. 

We started with endpoint protection, where you install an agent on your client with a sensor already built in. Once you have that agent installed, the endpoint can report to the Microsoft security portal. You'll be able to see the device onboarded on the portal using some scripts, and you can monitor most of the vulnerabilities. You can also detect, respond and remedy security vulnerabilities from the portal.

We added email protection by setting policies that will analyze our email. It analyzes our links and attachments to see if there's malware attached. We move ahead to use Defender for Office 365. We also moved forward with Defender for Cloud, and the solution for our workloads, like VM, our network security group, etc. There is another one called Defender for Identity that lets us manage our on-premises and cloud identity from a single portal.

Many of our users are on older operating systems and browsers with vulnerabilities that harm the environment. An attacker can take advantage of those old browsers to access the infrastructure. Defender for Endpoint lets us identify those browsers with vulnerabilities and resolve the issues. We can also find processes that we didn't initiate and stop them right away.

Defender helps us prioritize threats from the security portal. It shows us the dangers that matter the most to our own organization and which threats we should address first to achieve the most significant improvement in our security posture. 

We can manage Defender for Endpoint and Defender for 365 from the same integrated security portal, and it's user-friendly. Microsoft is much more user-friendly than Sophos. 

Microsoft covers every aspect of security and the global challenges we face. The biggest threat today is identity and access management. If someone has access to your identity, they can access much of your technology. They have solid solutions for identity, email, and cloud. I don't think there's anything Microsoft left out. Microsoft has your security environment protected. 

Sentinel enables you to ingest data from your entire ecosystem from on-premise to the cloud. It has single sign-on technology, so you can use your account from your on-prem to sign on to the cloud and vice versa. A user doesn't have to remember a lot of passwords.

Sentinel's data ingestion is essential. Security tasks can be tedious. It's great to have technology that lets you integrate all your data from different sources. You can also incorporate data from other clouds, not just Azure. You can have data from Azure and on-premise. 

So far, Sentinel is one of the most comprehensive SIEMs I've seen. They have even added this XDR. Sentinel doesn't just do SIEM and SOAR. It also covers XDR. The automation is there, so you don't have to do much work. The automation helps you look at the activities behind all this data and correlate them to see the relationships. It gives you information at a glance to see if there is a relationship between these various data sources. 

Defender saves us time. A task takes typically three days and could be accomplished in one day using Microsoft technology. With an on-premise network, you need to switch between portals on all your network devices, but you can achieve that from one portal. You can set policies that will block traffic to your infrastructure, so it saves time. The advanced threat protection using AI has also reduced our detection time. 

We've also saved money. We previously managed the technologies on-premise, so we had to maintain the solutions ourselves. We spend less using Microsoft cloud technology because we don't need to pay for those extra features. We only need to pay for operational expenses. 

We don't have to go to the affected devices when we see a security vulnerability from the portal. We can respond to those issues and resolve them using an endpoint management solution, like Intune. When we resolve a security issue, it takes a week to see the score, but we see the results immediately.

I like the security score that you can see from the portal. You can see the list of the vulnerabilities, and the security score tells you how well your organization is managing those vulnerabilities. It's a strong feature that helps improve your security operations.

Another helpful feature is the recommendations. The portal will guide you on how you can resolve those issues from your own endpoint. This feature is great if you don't have that kind of experience. It will help you understand the technology better and improve your security posture. 

Defender provides useful alerts and groups them. It sends an alert to your portal if it detects any malicious activity, and you can group multiple alerts to form an incident. 

I would like to see Sentinel better integrated with the rest of the security technology within one portal. 

I've been using Defender for more than a year.

I rate Microsoft support seven out of ten. I had some cases a while back and told an agent my issue. When I called the next day, I had to explain everything again to a different person, so I found it annoying to repeat myself all over. 

It would be helpful if they had some coordination between their support, so we don't have to repeat ourselves. They should be able to transfer your details from one agent to another. 

We previously used Sophos.

Defender doesn't cost that much. When you use Microsoft technology, you can start with the free version and see how much the technology helps your organization solve security problems before you use the subscription. They also do this pay-as-you-go model, so you only pay when you use it. 

I rate Defender for Endpoint nine out of ten. It's great. I don't have anything negative to say about those technologies. They are serving their purpose.