Microsoft Defender for Endpoint Reviews

Microsoft Defender for Endpoint provides visibility into our workstations at SOC. 

We can react to threats faster and stop them from spreading from one machine to another. It protects from suspicious email attachment downloads. It will lock down the SOC and the workstations. 

It is an EDR product that offers much more information into what's happening at our workstations. 

Microsoft Defender for Endpoint's licensing is confusing. It has conflicting information on the website. We also faced integration issues with other systems. It makes laptops slower than traditional antivirus systems. 

I have been working with the product for a year. 

Microsoft Defender for Endpoint is stable. 

The tool's scalability is good, but we must consider the cost. 

We get good ROI with the product's use. 

The product's threat intelligence prepares us for potential threats and helps us take proactive steps. Its vulnerability management feature is important to us. 

Microsoft Defender for Endpoint has improved our security posture by giving visibility to our endpoints and vulnerabilities. 

The tool helps us save months per year. It also helps us save money in manhours.

 Microsoft Defender for Endpoint has reduced our time to respond and time to detect by a large margin. 

We chose the product because we already use Microsoft products, and it better integrates with them. 

I rate it an eight out of ten. 

Our use case is for financial groups and we use it to control malware, as well as for antivirus. Our focus is on using it as an endpoint solution, but we cover the older servers too.

Of course, we integrate Defender with Microsoft Defender Security Center and the Microsoft compliance score. We use these tools to check the maturity and to guide our clients in using the solution better. The result is that we see growth in security maturity.

When we need to create a new server, we follow certain steps. One step is activating the extension from within the server and using that to check and monitor, in a centralized console, the health of the server. Defender also provides additional information about vulnerabilities and opportunities to increase the overall security.

For example, it will tell us if a library being used has any vulnerabilities. This information is very important for us and for our clients. They use this information to go back to their developers and request fixes. Or it may identify a problem with something in a client's application, where they need another version to mitigate it. And again, when they apply the new version, we can check it using Defender to see if the vulnerability has been resolved.

The anti-malware feature is mandatory for us.

Also, we use policies to mitigate vulnerabilities, but the final compliance score from Microsoft shows us what level the client is at and what level is needed to achieve better results and increase security policy maturity. The integration of Defender, Security Center, and the Microsoft compliance score, is the feature we use most to share the results with our clients and to create a roadmap together.

I would like to see integrations with other products, such as Spunk and other CM solutions. That would create possibilities for me, and for a SOC, to consolidate all events in an older console, not one provided by Microsoft but provided by a third party, and use it to create more insights. Examples of such insights might be the need to create a new policy or the need to mitigate an attack happening now. This type of ability would create a new business case, one that doesn't only use Microsoft solutions.

I've been using Microsoft Defender for Endpoint for two years.

The scalability is amazing. Using Azure, the sky is the limit. You just need to understand the business case.

In some cases our clients have small environments, but in other cases they have big environments. Large clients may have 1,000 agents running. But as a consulting company, we work with many types of businesses and many environments of different sizes.

As I mentioned, if the client requests an integration with some third-party tool, we may need to use another tool or develop something to make this possible. But in most cases, you don't need to do so. You just activate it and check if your policy will apply or has already been applied to the server.

We have no problems with Microsoft's technical support. My team resolves level-one and level-two problems, but when we need to check something directly with Microsoft, when it's a level-three issue, we open a ticket and talk with the engineers.

Positive

It's so easy. All activity is in the cloud, for deploying the agents and policies. It's not complex.

You just click, one-two-three, and it's working. In some cases, the deployment takes minutes. If the client needs a particular window or has a critical application running on their machine, it takes more time because of that machine's situation. But in general, it just takes a few minutes.

The harder part, following this, is you need time, like with other tools, to check the events. The tool will provide some insights, but you need to understand them, and after that, share them with the client or with those responsible for taking action.

In addition to Azure, we have partnerships with AWS and Google. We focus on security and use Kaspersky as well. It's all according to the business case. We take the time to understand the business case and then build a draft solution, check it with the client, and after that, we choose the best tool, given the budget available from the client. We create one, two, or three options and the client selects what is best for them.

The main difference between Defender and Kaspersky is the scalability and the installation and deployment process which, with Defender, is so easy.

My advice regarding Defender is the same for any other security solution: Check what you need, what types of logs and whether you will consolidate these logs in another tool. What type of knowledge will you bring from those tools to create and apply new policies and anticipate security problems?

Always check your needs with the business case. Aligning them will help determine what you need to buy. Check inside Defender to see what you need to activate. Every new feature you activate inside the cloud is billed and you need to understand if you really need each feature.

Defender has some effect on the endpoint itself but it does not change the user's work processes. It is a single tool on the endpoint to monitor the activities that happen there, but it does not affect the end-user.

But you need to understand the limitations. There are some limitations with Defender when it comes to non-Microsoft solutions. But that's not unique to Defender. It's the same with every tool. You need to understand its limitations.

Normally, we use the solution for our workstations.

The solution is quite stable.

You get online privacy. It also protects the machines from malware and trojans.

It's a scalable product.

It is a straightforward setup.

There is always room for improvement. They can improve it on the online protection front since people nowadays are moving online and working from home. That would be a good thing to focus on. 

I've been using the solution for one year. It hasn't been that long just yet.

The product is very stable and quite reliable. There are no bugs or glitches. It doesn't crash or freeze. The performance has been good. 

The product can scale well.

Around 15 people are using it in our organization. 

We may increase it in the future. 

I can't recall ever contacting support.

I'm also familiar with Kaspersky. We were previously using ESET.

The initial setup is quite simple and quite straightforward. It's not overly complex or difficult. 

The deployment is fast. It only takes a minute or so.

You only need one person - an engineer - to manage the product once it is up and running. 

We handled the initial setup on our own. We did not need any consultant or integrator help.

We pay annually for a license. 

I'd rate the solution seven out of ten.

It's an antivirus product, so its main use is to protect us.

This is a really good product, it's user-friendly and offers us safety and security. 

The technical support could be improved. 

I've been using this solution for three years. 

The solution is stable. 

In terms of scalability, we went from 10 pilot machines to 35,000 devices.

The technical support isn't too bad but their responsiveness needs to be improved. I'd say it's their biggest issue. 

The initial setup is very easy, probably one of the easiest onboarding processes I've done. Implementation was done in-house and takes a few minutes per device; click it and go. I deal with anything related to antivirus patching and encryption and we have four cyber analysts that look after whatever comes out of ATP or Defender for Endpoint. 

My advice would be to plan carefully and make sure you take notice of what's coming out because it pushes out a lot of very useful information. It's a matter of having sufficient staff because the amount of information it gives you is phenomenal. If a company doesn't have sufficient resources then any other antivirus might work, but this thing produces so much useful information that if you're implementing this solution it's worthwhile having the staff to deal with it. 

I rate this product 10 out of 10. 

The stability has been good so far. 

If I compare its features to the other solutions in the market, it has some good features. It's comparable to others.

The solution can scale as needed. 

In India at least, it seems to be a bit more expensive than other options. 

I've just recently been introduced to the product. I haven't used it for very long. 

The stability has been fine. There are no bugs or glitches and it doesn't crash or freeze. 

The scalability has been great. If you need to expand, you can.

I have never needed to contact technical support. I can't speak to how helpful or responsive they are. 

The pricing is a bit high for the Indian market.

We are a partner and we consult clients on security solutions. It's one of the solutions we take to our clients.

For companies that are Microsoft shops, I would recommend the product. It saves a lot of integration requirements as compared to other solutions. It's a good product that does what it says it will do. 

I would rate the product a seven out of ten. There are improvement opportunities in terms of the overall tech and commercial aspects of the product. It needs to be more competitive and technical. 

We are using Microsoft Defender for Endpoint with advanced threat production. Microsoft's enterprise mobility and security suite fulfills a large number of security strategy requirements for our organization. We are going to use this solution for identity production and for endpoint security.

It's a hybrid setup. The advanced threat protection only comes from the cloud intelligence engine. That's something of a new experience for us, but the rest of the components will be on-prem. We are using Microsoft's cloud. 

The whole suite of security enhancement doesn't just include Microsoft Defender. It also covers many of the features that come with the Windows Enterprise version. With this option, we are actually upgrading to the Enterprise version as well and unlocking those security features which are not available in Windows Professional. Microsoft Defender is a whole suite, which is simply not comparable with a usual anti-virus, anti-malware product.

In terms of the architecture of the management infrastructure, we found that other technologies are more simple. Microsoft Defender could be simpler too. Plus, Microsoft's philosophy is that they leverage the technology they have already built in Windows or any other services within Windows. So, it is good from that standpoint, but it also becomes a bit cumbersome when it comes to the dependency. Having dependency on many things can be a weakness sometimes because you add up more points of failure to the services. Whereas the other vendors are doing the limited thing, and that's why they're not comparable in prices, but their solutions basically aren't dependent on Microsoft's other services or anything else. They're more dependent on their agent. With Microsoft, it is not just the agent. It is the operating systems that aren't working well. The technology won't give you the desired output.

So, that's something that Microsoft may need to improve: making services more independent wherever possible. That's something of their philosophy. When they build something on their OS layer, they add on technologies, and then there's something for the ISV. That's their strategy, but we keep arguing with them that they have to compare the dependence as other vendors are doing.

From the Microsoft end, the design working depends on the health of other services and other components of the operating system. Whereas if you compare it with the Symantec technology, just the agent health has to be there. That's the case with McAfee as well. They build up their products on developed agents only.

We did the POC around 18 months ago, and then we consolidated our findings. As per the organization procedure, we proposed to the committee and then got the recommendation to move on with the pilot and decide the future roadmap.

Microsoft Defender is just one part of the advanced risk protection and advanced malware protection functionality that comes with the Microsoft product. It came with a lot of security, advisories, reviews, and consultancy during the last couple of years. There was a stack of 15-20 requirements that we had to fulfill, like mobile device management and identity protection. We found that Windows Defender meets most of our requirements.

We have had good experience with tech support so far.

We have a direct support agreement with Microsoft. One of the major reasons for moving from the current endpoint security is the support. The quality is not up to the mark. That's something incomparable with the kind of support Microsoft provides.

I would give Microsoft's support a 5 out of 5.

In terms of the technical aspect, I'm the lead of the area, which actually takes care of endpoint management, and we have been using Symantec products for that purpose. We have evaluated Microsoft Defender and Microsoft security products, and we are going to switch over to that product. We found that  because the endpoint devices are based on Microsoft Windows devices and Windows Defender is integrated with the foundation and the core layer, it makes it more integrated and more agile in terms of responding to any security threats or changes or development, whereas compared to the other vendors who develop anything on top of that platform, they're always lagging behind.

Symantec support is very pathetic. They are very methodical. They're very slow. We seldom find them providing solutions to any incident or issue in a reasonable time. It can take from days to weeks. In the case of Microsoft, their resolution time is reasonably faster than Symantec. Even in the case of VMware and Redhead, Microsoft stands on top of all those vendors.

I wouldn't say the setup is easier than other solutions but it's not bad. It's almost equivalent to what we have been using currently, but the strength comes in what it does and how it secures that part. The setup is similar to the other competitors. For Symantec, we use their endpoint manager deployment and then a deployment across the sites and branches.

We are doing deployment with Microsoft's tech support. But for the implementations and rollout of technologies, we have seldom used Microsoft. We have our own technical team who are trained and who keep on updating on their skills, and we continue to inject new resources to the team as well. When a new technology comes in, then we do a combo, whereby the in-house team actually learns with the local authorized partner.

Microsoft Defender is not comparable to a single endpoint security product, like Trend Micro, Symantec, or McAfee. Because of that, the price is higher than others because it is doing more than what the others are doing.

I would rate this solution 7 out of 10.

The solution is primarily used for antivirus and malware protection.

It definitely improves the organization in terms of security and productivity. We integrate the Defender with the Microsoft Cloud platform as well. It provides us with sandboxing and other functionalities in real time, where we can have the protection we need. 

It's integrated with advanced threat analysis so we can see how the threat is coming into our network, what it is doing, and more. We can see everything step by step if a threat comes, including how this threat impacted the organization, et cetera.

The first thing which I noticed is that it is completely compatible with Windows. It does not make Windows slow, as compared to all of the third part antiviruses.

The stability has been good.

Technical support is helpful and they have a very robust online community as well.

The product can scale very well.

We would like more customization, actually. They're not too customizable. We'd like the flexibility to be able to set some applications on a white list. We need more options. 

I've used the solution for approximately five years. 

The solution is stable and responsive. 

We have the solution deployed to around 350 users across four different locations.

It can scale to the thousands and thousands. I have seen customers here, some have approximately 12,000 devices and they're running that one program and it's going far without any issues. 

Technical support is good. They know things about the solution. The best part is that if anything happens, the Microsoft community is so big that any problem comes up, you can also just Google it and you will get the solution.

We used McAfee and another solution as well and they both are great and amazing, however, they make PCs slow and every time something happens you have to call the vendor and they will help you support. The difference is, with Defender, it doesn't slow things done and you never have to call Microsoft.

The initial setup is very straightforward. IT is actually my default. We actually helped our end-users with system centers, integrated Defender updates, Defender itself, patching, and Defender configuration using the consent and configuration manager. It's simple. It's not complex to set it up or manage.

It's a bulk operation to set it up, therefore, even if you have 100 PCs, it will only take you about an hour and you will be up and running with everyone. You only need one to two percent of your staff to handle the deployment and maintenance tasks. 

We used an integrator during the initial setup. They were quite helpful. Our experience with them was good. 

We have seen an ROI.

The solution is free for end-users. 

While we have the solution set up on our private cloud, you can also use a hybrid setup if that's better for your organization. 

I would advise new users to connect it with an endpoint manager and connect it with the cloud and then let the real magic happen.

I'd rate the solution an eight out of ten.

We use Microsoft Defender for Endpoint as an antivirus and antimalware solution. We also use it for endpoint management.

What I'd like included in the next release of Microsoft Defender for Endpoint is more integration with different platforms.

We've been using Microsoft Defender for Endpoint for four years.

Microsoft Defender for Endpoint is stable, except for occasional internet connection issues, but it's stable.

We contact the technical support team for this solution whenever we have an issue, and once you open a ticket, they respond as quickly as possible, though it would still depend on the severity level that you define.

The initial setup for Microsoft Defender for Endpoint was straightforward. It wasn't complicated.

We pay for our Microsoft Defender for Endpoint subscription yearly.

We've been working with various Microsoft solutions, e.g. Microsoft Defender for Endpoint, Microsoft Azure, etc.

Microsoft Defender for Endpoint has been awesome, so far.

I wasn't around during the setup of the solution, so I have no idea on how long setting it up took.

We have 6,000 end users of Microsoft Defender for Endpoint within the company, and it's being used on workstations, servers, and mobile devices.

I'm rating Microsoft Defender for Endpoint nine out of ten. I found it to be a good product. It's a fine product.