Microsoft Defender for Endpoint Reviews

We are a government organization, and we use Microsoft Defender for Endpoint Protection.

We also use it for vulnerability scanning and assessment, which is very useful.

Microsoft Defender for Endpoint is a robust platform. The endpoint detection response is quite good.

Some executive reporting is inefficient, and we're looking into ways to improve it.

In the next release, I would like to see better management reporting.

I have been working with Microsoft Defender for Endpoint for two years.

Microsoft Defender for Endpoint is a stable solution.

Microsoft Defender for Endpoint is definitely scalable.

Technical support is quite good.

Previously, we didn't work with anything as sophisticated. We used a pretty old-style endpoint detection response.

On new devices, the initial setup is quite easy, while some of the older devices had some issues unpicking the old EDR product that had nothing to do with Defender.

Pricing can always be lower.

To achieve the best results holistically, consider the total cost of ownership of the Microsoft suite of products.

I would rate Microsoft Defender for Endpoint a seven out of ten.

Microsoft Defender for Endpoint gives us a second layer of security as well as the third layer of security. One of them is interested in web security and email security. One of them, similar to Cisco, is a Cisco FirePOWER. These are a compilation or a group of devices for security.

We had some issues where phishing and malware were not detected and were allowed to pass unless I mentioned it or we forced the phishing or malware to be blocked, I can't rely on that alone.

Phishing and Malware detection could be better.

Technical support needs improvement.

I have been working with Microsoft Defender for Endpoint for one year.

It is stable for the time being. 

I can't add more layers of security because of my budget and business plan, so I try to choose the best and most preferable option for me and my company.

I would rate the scalability a seven out of ten.

In one company, we have two administrators and 30 employees who use this solution.

On a short-term plan, I will not increase the usage. On a larger scale, we intend to increase the license.

In my opinion, technical support is not as effective as it was before. They take a long time to support and investigate the issue.

It takes a long time for them to support and investigate the issue. I believe they must crush the time in order to provide us with our needs, and our objectives.

There are applications and solutions that we have used for five or more years. We almost used Microsoft Link but have since switched to Microsoft Teams and Skype for business. We almost exclusively use Cisco products such as Cisco EMC, Cisco Web security, and Cisco Meraki.

The installation is straightforward. It's a cloud solution that requires some configuration running on the cloud.

The deployment takes a couple of hours to complete.

It's a different story when it comes to security. It takes a different approach. It requires two an administrator and a manager to maintain this solution.

Sometimes the installation and deployment are done by the technical team, and sometimes it's done by others.

Licensing fees are paid annually through a partner.

If I do recommend it, it will not be solely for security purposes. It is possibly for a first-line security platform, and it is required to build a second, third, and possibly fourth business security layer.

I would rate Microsoft Defender for Endpoint a seven out of ten.

Defender is basically a protective seal that is used to protect your Windows applications. Whenever you enable it your system is safe. You feel safe and your data and your security are verified by Defender and protected by the Defender seal. 

Defender is a part of Windows; you just need to enable it. There is no need to install anything. 

It's quite good for security. We are using Windows 11 and Windows 10. In Windows 11, Defender is very, very strong. They built in good features, good seals. Earlier, ransomware protection was not there. However, now, new ransomware protection is also available in Defender.

The solution is stable.

The solution could always be more secure. 

The solution is very stable. There are no bugs or glitches. It doesn't crash or freeze.

The scalability is totally based on your OS operating system as it's a part of the OS. You can't define it in a different way. If your Windows platform is working fine and is of a certain size, then you can say that it's quite good and it will cover that.

We have 200 to 300 people using the solution. Some of our employees use Windows and have Defender. Others use Mac devices. 

We've used technical support in the past and don't have anything negative to say about their services.

There isn't really an installation process. It's already a part of Windows and just needs to be activated. You can install Windows in home or business devices and have Defender at your fingertips immediately.

While you don't need a technical team to install it per se, every organization has an IT team that likely would be able to install Windows and everything else. We have a 40-plus IT team. Everybody has a defined role. 

We handled the implementation in-house using our IT team.

The solution is included with Microsoft Office 365 subscriptions.

New users who are leveraging Microsoft can decide if they want to use Defender. It's already there - you can either activate it or not, depending on your preference. It's nice that you have a choice. Many companies find Defender is enough for them, however, if you want more security, you may be able to add other firewalls or security features to your existing infrastructure.

I'd rate the solution at a seven out of ten.

It is an Endpoint Detection and Response system (EDR), and it seems the new term is XDR. We use it for anti-malware protection. It protects from a virus, worm, ransomware, and other similar things. 

It can automatically scan and remediate stuff without an administrator doing anything. We use it for threat and vulnerability management. There are components in there that will tell us about any vulnerable software running on endpoints. There are a whole bunch of other things too.

It's great for investigating what's happening on a machine. They show a whole bunch of machine timeline events that are related to a security incident. They have quite good details on the things related to threat and vulnerability management, such as any weakness that has been disclosed publicly, assets that are exposed, and if there is an exploit active in the wild for that vulnerability. It can provide you with all such information, which is cool. 

It has got some awesome threat hunting capabilities. It can search for malicious activity that could indicate that an asset is being compromised, but it is not something to which you would have necessarily got alerted.

We're fully Microsoft, it integrates with other Microsoft security products very well. Its interface is also fine.

It can get a bit laggy sometimes. Other than that, we don't have any issues. They constantly tweak it and fix it up based on users' feedback. It has improved a lot over the past four years. Defender for Endpoint never really used to be a good endpoint security solution, but over the past couple of years, Microsoft has invested heavily in it. So, it has come a long way in all aspects of endpoint security. If they want to make it better, they should just continue investing in the current path of what they've been doing over the past couple of years.

I have been using this solution for nearly four years.

It can get a little laggy sometimes, but overall, it's fine when investigating events.

It is easy to scale.

There are different levels of technical support that you can purchase from Microsoft. We don't have the top level, but we used to have the top level, and that was good. I would rate them a five out of five. They've got a dedicated team specifically looking at threats for all their customers. 

I was not involved in its setup. I am only a user of the solution, but I'm pretty sure it's pretty straightforward. It's just deployed by Intune or a partial script or something like that.

It was implemented internally. In terms of maintenance, it generally doesn't require any maintenance. There are some policy configuration changes that we can tweak, but the signatures, behavior analysis, and all similar things in the engine are kept up to date by them. We have four people who are dealing with this product.

Licensing models of Microsoft are renowned for being complex. We just purchased the whole E5 stack. With E5 licenses for users, we get access to a bunch of features that are not just related to security. I would rate them a three out of five in terms of pricing.

One of the things that I like to constantly do is assess other vendors in the same space. We get vendor demonstrations, and for the most of it, it seems like Defender is well truly up there with the other best players in the market. I've never done a proof of concept with any other tool, so I can't really compare it with others. Most of the time, vendor demonstrations are all about glitz and glam to sell their product and show how much better they are than competitors.

I would advise doing your due diligence. This is more than just an endpoint security solution, and sometimes, you've got to think of your technology stacks before applying or purchasing certain security solutions and see if they're applicable to your environment. 

I would rate it an eight out of 10. No endpoint solution is ever going to be able to be perfectly good at stopping all types of threats. No endpoint solution would ever get a 10 in my point of view. 

It's an XDR (Extended Detection and Response) system.

It's an enterprise solution that provides a centralized console and it supports all the platforms that we use, including Windows, Linux, Mac, iOS, and Android. Microsoft Defender is embedded in Windows and is a basic anti-virus, but Defender for Endpoint is an enterprise-grade XDR system.

Microsoft should improve support for third-party platforms, because not all functionality is available for all of them. It's a good product, but they should just extend the functionality for all platforms.

I have been using Microsoft Defender for Endpoint for about three months.

It's quite stable. Sometimes it can overload the CPU of endpoints, but Microsoft provides ways to solve this problem.

Microsoft Defender for Endpoint is scalable. It's the ground-level service for other Microsoft security services. Microsoft provides a full range of security services and you have the ability to extend it anytime and in a simple way. You can scale the range of security services by just buying the license and implementing some extra service.

We have close to 200 users in our organization, but we plan to deploy this product to the whole company, with a total of nearly 800 people.

We have not had to contact Microsoft's technical support because we get support from our partner.

When it comes to the initial setup, Microsoft is very strong in that area and it is very simple. That's why we use it in our company. Some products are hard to deploy. Another solution was declined because it was not possible to roll it out in a bigger company.

We don't have a dedicated person to maintain the solution. Two people share the role. One is a Layer-1 specialist who maintains a daily routine, and the other is a Layer-2 engineer.

We started to install this product for ourselves, but Microsoft proposed some different kinds of programs in which an integrator helps key customers deploy services and products. We accepted the proposition and we are happy we did so because the partner was very professional with very deep experience with the product.

Microsoft has different plans for buying this product. The price depends on the configuration of the full set of products that you buy and on the licensing program in your contract. Microsoft provides a flexible licensing program and you can choose what you want.

The pros of Microsoft Defender for Endpoint are that it's simple to deploy and has all the required functionality. The drawback is that it lacks some functionality for other platforms, such as Linux.

I would recommend implementing this solution together with a certified partner. That will help to avoid a lot of mistakes and save you money, because licensing is a big part of the project.

The product is useful for projects, finding tech, and finding firewall actions on computers. 

There's no impact on other applications. Most other solutions have more of a possibility of an impact on other applications and due to that, you must make some special configurations to those other applications. The Microsoft Defender impact is very small.

The intelligence mechanisms are good.

The initial setup is easy.

We have found the technical support to be helpful.

The detection of viruses could be a little bit better.

We've used the solution for maybe two years.

Our company is only a small company. We only have 10 people who use the solution. However, we have clients who have a lot of users. 

We likely will increase usage in the future. 

We've been in touch with technical support. Their level of support is fine and they are very fast. We are satisfied with their level of service. 

We had some problem and, after four hours, we had new signatures for the environment by our customers for more than a thousand clients so that we can protect and improve the new setup. It was a very quick turnaround.

The initial setup is not difficult. It's simple. We have just rolled it out to 6,000 clients which have been, by far, more than other customers we've had so far. We have deployed a Microsoft configuration.

In the environment, we needed one or two days to deploy it. In smaller environments, you only need two hours of work.

It can be done by technical personnel in-house. If they have good knowledge of Microsoft environments, and how to use Microsoft tools, then it's easy.

It's always good if you know how to use OutShare. With OutShare, you can make many things extremely effective and extremely easy.

It is possible to handle it in-house if you have a knowledgeable team. We implement the solution for our clients. 

Clients need to pay a yearly licensing fee.

This is an on-premise solution where all connections have a cloud connection.

I would recommend the solution to other companies. I'd rate the solution at a nine out of ten. 

I lead a delivery team. I have a team of about 20 technology specialists and we do the deployment for Microsoft Defender.

Instead of having a third-party antivirus, then you can have a Microsoft ecosystem for your entire endpoint protection. 

This solution has its own sensors, which is its best feature. It senses the behavior of your endpoints, whether it is logged in from a particular location or external of that location. 

It captures data through machine learning, which is built-in on the back-end. It also provides built-in analytics and a threat intelligence feature. It is a one-stop solution that doesn't require an antivirus because it comes prebuilt into Windows 10.

Sometimes, there are different skews. In a basic skew, they should have basic log analysis without the need to integrate with any third-party or SIEM solutions, like Sentinel. This would make it so much easier for users who don't have log collection or log analysis.

We have been using it for a year.

This solution is very much stable.

This solution is scalable. It is a cloud solution.

If you have the Microsoft Azure ecosystem, you can collect logs and view them through Sentinel. You can also onboard your devices within Intune. 

You can integrate Microsoft Defender for Endpoint with different Microsoft solutions, e.g., Defender for Cloud, Sentinel, Endpoint Manager for onboarding of Intune, and Defender for Office 365.

We have a large number of customers.

Premium support is okay. Professional support is not as good because it is free. You must wait because you are not paying.

The initial setup was straightforward. There was nothing rocket science to it. It didn't take much time as we just enrolled the device and assigned the licenses, then it was done.

You just prepare it, doing a license evaluation licensing and some network configuration, then you can onboard your device.

We do the implementation ourselves. We find it easy to deploy. We help customers adopt the solution and get better ROI.

They have to pay for the Defender license. There are different licenses and skews, such as Plan 1, Plan 2, or the trial.

You do not need to pay any additional costs for antivirus and anti-malware solutions for endpoint protection. 

Anyone on Windows 10 Enterprise should choose this solution.

It really depends on the volume. You need one senior architect who can just define the entire thing: the device, network configuration, etc. You will also need some Level 1 engineers who need to keep on monitoring the devices and do onboarding. If they are using the latest version of Windows 10, then you can do the onboarding via Intune, Endpoint, etc. 

My rating for this solution is an eight out of 10.

We call the solution MDATP - Microsoft Defender Advanced Persistent Threat Protection. At the same time, we're using it more from an EDR point of view, as an Endpoint Detection Response. It can detect any threats, malware, or processor, which are illegitimate and being executed by the end-users or malicious actors. When it sees this, it detects and reports to us. 

Not only that, at the same time, it's detection, prevention, and response. Mostly what we were working on is detection. When I refer to detection, I mean that it can, with pinpoint accuracy, detect something and expose the threat. It can also map those threats with a MITRE, which is one of the great things that I love about it, on top of the accuracy and the threat description it provides.

There are a few different use cases. We return with a query language, which is provided by Microsoft. We are able to create some threat hunting queries. We can pinpoint, accurately detect, and run pain testing. When there’s a threat or issue, I am able to find it and track it with great accuracy in MDATP. MDATP is able to tell me that, for example, in my organization, if there was a guy who was doing pain testing, which is black listed, and if there was an attempt to exploit something or install some malicious code or try to hack into the system. I am able to find this and pinpoint its occurrence. Not only that, I’m able to map them onto a MITRE framework and tell which stage of the attack it was, where the attacker came from, et cetera. I can see if it was something that was planned in the organization. 

I can both detect internally and externally. I have full faith that the MDATP will detect behaviors and warn us of issues.

When you go to do a deep-dive or investigation as a SOC analyst or any security analyst, it gives three structures or processes, as well as the execution that it performs. I am able to perform a very deep-level investigation with MDATP - more than I can with any other tool.

It did increase our security posture. While we had an antivirus before, it would only detect or prevent certain types of attacks. However, based on that capability, you cannot respond to the threat directly. For example, if there was ransomware on a system, the antivirus will be able to identify, detect, and mitigate it. However, at the same time, even if the antivirus detects that and tries to prevent it, you need to contain that machine, or you need to isolate that machine from the network. You don't want that machine to be talking to anybody in the network. Antivirus solutions can’t exactly do that.

With respect to prevention, it has an auto-remediation feature, which is a good feature that I love with respect to prevention. It does auto-remediation as well as manual remediation, which is pretty good.

With respect to response, we were able to contain, block, and respond to threats faster with MDATP. When we analyze the incidents or the threats it gives us a very good view of everything.

With this product, before containing or responding, we get the information and can see what exactly is happening and when that malicious file was installed. After that, we have an event timeline. The visibility is not that much when you only have an antivirus. Now, we see the full picture. When we adopted this tool, we got the detect, prevent, and response functionalities. Overall, our security posture looks much better and our attack surfaces are limited. Endpoints are also most vulnerable today and we can efficiently protect them now. Since we have reduced the attack surface our security posture has improved dramatically. On top of that, we have the capability to respond and to go deeper on a forensic level.

The product doesn’t affect our end-users. I do not see any major issues. There are exceptions where approvals may be necessary. However, the user acceptance is good. This is something that organizations pre-plan and there is nothing the user really has to worry about or act on.

Defender’s GUI can be optimized. The console needs to be more refined. After you have been using it for some time, you get used to it, and it is manageable. However, it should be a little bit more refined.

They should come up with pre-built inner workflows. I would really like to see this. There need to be workflows with respect to notifications, remediations, or any actions that people want to take. They should come up with predefined or prebuilt hunting capabilities. Right now, we have to manually write queries. I would prefer if they could come up with something more automated.

This is with respect to a SOC analyst perspective. Other users, other administrators, other different roles might have different issues. For me, there are no major concerns. It is a good tool, out of the box.

I've used the solution for about a year and a half, and have also done training on it.

The stability is good. It's a stable platform. I don't see any issues right now. However, I did see something in the past. I can't quite remember the exact situation. It's resolved and right now there are no issues. 

The solution is highly scalable.

You can onboard as many end systems as you want. If you bring more, for example, 100 users or 100 endpoints, you can integrate them with no issue. It's not a problem with MDATP.

We have somewhere around 2,000 to 3,000 users who are using it. We have an endpoint team and they manage the antiviruses and security tools and all those things. We manage the product partially from a policies perspective, and the endpoint team manages the platform and maintenance of it, including any upgrades, as necessary.

I've dealt with technical support in the past. It's good, not excellent. That said, it's okay.

Before using this solution, the company mostly dealt with antivirus solutions.

We moved to this solution to strengthen and report, detect and prevent, et cetera, which antivirus solutions don't offer. We wanted forensics and capabilities that were missing. Antiviruses simply cannot protect you from advanced persistent threats, and they cannot protect you from ransomware and they don't respond to things faster. Response capabilities were something that was missing. Basically, we just needed more.

I'm usually not part of the entire setup, however, I do manage it. We have to do certain policies within our organization. However, from what I've seen, it's not a complex setup. It is pretty straightforward.

In terms of how long the deployment takes, I don't remember the length of time. If you have a CCM centralized, you can push the policies within hours. 

The licensing is something that management decides on. I don't deal with the pricing or licensing.

We didn't really evaluate other options. We provided support for one of our clients, and it was a decision they made. 

We're a consulting company. We are not partners with Microsoft.

We use the solution as a SaaS.

I'd advise other companies to use this solution. It's an ideal choice, however, I'm not sure about the pricing. Maybe it's on the higher end of other competitors' pricing. That said, if you have an opportunity to use it, it will solve a lot of problems with respect to pain point detecting and doing investigations. At the same time, with Microsoft, if 80% of your organization is using Windows systems, it's going to be compatible. Specifically, with its platform, Microsoft understands what is right and what is wrong. Therefore, if the money is not a concern, or the budget is not a concern, opt for this. At the same time, as a generic statement, if not this solution, go for an EDR tool that suits your organization's needs best.

I'd rate the solution at a seven out of ten simply due to the fact that I have not fully optimized it. 

We have a dedicated team that handles all security-related aspects of the solution, however, my understanding is that the solution helps guard the endpoints in our organization. 

Along with security, there are certain IT policies in terms of accessibility of different sites, which are there in the organization. With everything put together, there haven't been any instances where I have seen any kind of issues such as malware or other malicious event getting through on my laptop. From that perspective, everything is fine. 

The patch updates and version updates are very good. Those happen on an automated basis whenever I'm connecting to the organization network, either through LAN or through the VPN. I never have to worry about anything being out-of-date.

The solution scales well.

I have found the stability to be good.

From a general user perspective, I don't see any further improvements needed. 

The price, in general, could always be a little bit cheaper.

I've used the solution for two years or so. It's not much more than that.

The stability of the product is good. I have not dealt with bugs or glitches. It doesn't crash or freeze. the performance is good. It's reliable. 

The solution scales well. If a company needs to expand it, it can.

We have 1,000 to 2,000 people on the solution currently.

I've never directly dealt with technical support for issues related to Defender. Many years ago I had reached out to Microsoft support for an issue related to Visio, a different product.

The initial setup is straightforward. There are certain automatic patches as well that keep on updating and those automatically install.

I don't recall how long the product took to deploy. When any new laptop or anything is assigned in an organization, all these things are installed prior to coming to us. Therefore, I wasn't actually a part of the installation process. 

We have a few contractors working with the in-house team. There may be around five to ten people. Any maintenance that is needed would be done by them.

The pricing could be lower. That said, I cannot speak to the exact costs involved as I do not directly deal with that aspect of the product. I'm unsure if the company is set up with a monthly or yearly subscription package. 

I'm just a customer and an end-user.

I'd rate the solution at an eight out of ten. I've been very pleased with how it has worked for me over the last two years. 

I would recommend the solution to others, however, I'm just a passive end-users and not as technically involved as those deploying the solution in our company. However, from my perspective, there has never been an issue on my machine with malware and therefore it seems to be doing what it's designed to do.

I use it mostly to detect threats or viruses. I am using its latest version.

It is stable and easy to use. Everything is okay, and there are no performance issues.

Its detection is not as quick. There should also be more frequent updates.

I have been using this solution for maybe five years.

It is stable.

We have about 20 users.

I have not contacted Microsoft's technical support.

I didn't use or evaluate other solutions.

Its installation is very easy. It came with Windows.

I can install it myself. We have three teams for deployment and maintenance.

It came with Windows.

I would recommend this solution. I would rate it a seven out of 10.