Microsoft Defender for Endpoint Reviews

We use a package of Microsoft security products, including Defender for Endpoint, 365 Defender, Sentinel, and Defender for Identity. You can integrate them with a few clicks. They work together natively, and Sentinel provides advanced monitoring, so you know everything happening in your environment.

It's essential to have one space where you can manage all these solutions together because security can be complicated. It makes it that much more complex to have to navigate to a different portal for identity, email, etc. It's crucial to have a single place to manage all your security operations, so you don't have to move around. 

We started with endpoint protection, where you install an agent on your client with a sensor already built in. Once you have that agent installed, the endpoint can report to the Microsoft security portal. You'll be able to see the device onboarded on the portal using some scripts, and you can monitor most of the vulnerabilities. You can also detect, respond and remedy security vulnerabilities from the portal.

We added email protection by setting policies that will analyze our email. It analyzes our links and attachments to see if there's malware attached. We move ahead to use Defender for Office 365. We also moved forward with Defender for Cloud, and the solution for our workloads, like VM, our network security group, etc. There is another one called Defender for Identity that lets us manage our on-premises and cloud identity from a single portal.

Many of our users are on older operating systems and browsers with vulnerabilities that harm the environment. An attacker can take advantage of those old browsers to access the infrastructure. Defender for Endpoint lets us identify those browsers with vulnerabilities and resolve the issues. We can also find processes that we didn't initiate and stop them right away.

Defender helps us prioritize threats from the security portal. It shows us the dangers that matter the most to our own organization and which threats we should address first to achieve the most significant improvement in our security posture. 

We can manage Defender for Endpoint and Defender for 365 from the same integrated security portal, and it's user-friendly. Microsoft is much more user-friendly than Sophos. 

Microsoft covers every aspect of security and the global challenges we face. The biggest threat today is identity and access management. If someone has access to your identity, they can access much of your technology. They have solid solutions for identity, email, and cloud. I don't think there's anything Microsoft left out. Microsoft has your security environment protected. 

Sentinel enables you to ingest data from your entire ecosystem from on-premise to the cloud. It has single sign-on technology, so you can use your account from your on-prem to sign on to the cloud and vice versa. A user doesn't have to remember a lot of passwords.

Sentinel's data ingestion is essential. Security tasks can be tedious. It's great to have technology that lets you integrate all your data from different sources. You can also incorporate data from other clouds, not just Azure. You can have data from Azure and on-premise. 

So far, Sentinel is one of the most comprehensive SIEMs I've seen. They have even added this XDR. Sentinel doesn't just do SIEM and SOAR. It also covers XDR. The automation is there, so you don't have to do much work. The automation helps you look at the activities behind all this data and correlate them to see the relationships. It gives you information at a glance to see if there is a relationship between these various data sources. 

Defender saves us time. A task takes typically three days and could be accomplished in one day using Microsoft technology. With an on-premise network, you need to switch between portals on all your network devices, but you can achieve that from one portal. You can set policies that will block traffic to your infrastructure, so it saves time. The advanced threat protection using AI has also reduced our detection time. 

We've also saved money. We previously managed the technologies on-premise, so we had to maintain the solutions ourselves. We spend less using Microsoft cloud technology because we don't need to pay for those extra features. We only need to pay for operational expenses. 

We don't have to go to the affected devices when we see a security vulnerability from the portal. We can respond to those issues and resolve them using an endpoint management solution, like Intune. When we resolve a security issue, it takes a week to see the score, but we see the results immediately.

I like the security score that you can see from the portal. You can see the list of the vulnerabilities, and the security score tells you how well your organization is managing those vulnerabilities. It's a strong feature that helps improve your security operations.

Another helpful feature is the recommendations. The portal will guide you on how you can resolve those issues from your own endpoint. This feature is great if you don't have that kind of experience. It will help you understand the technology better and improve your security posture. 

Defender provides useful alerts and groups them. It sends an alert to your portal if it detects any malicious activity, and you can group multiple alerts to form an incident. 

I would like to see Sentinel better integrated with the rest of the security technology within one portal. 

I've been using Defender for more than a year.

I rate Microsoft support seven out of ten. I had some cases a while back and told an agent my issue. When I called the next day, I had to explain everything again to a different person, so I found it annoying to repeat myself all over. 

It would be helpful if they had some coordination between their support, so we don't have to repeat ourselves. They should be able to transfer your details from one agent to another. 

We previously used Sophos.

Defender doesn't cost that much. When you use Microsoft technology, you can start with the free version and see how much the technology helps your organization solve security problems before you use the subscription. They also do this pay-as-you-go model, so you only pay when you use it. 

I rate Defender for Endpoint nine out of ten. It's great. I don't have anything negative to say about those technologies. They are serving their purpose.

It's an antivirus product, so its main use is to protect us.

This is a really good product, it's user-friendly and offers us safety and security. 

The technical support could be improved. 

I've been using this solution for three years. 

The solution is stable. 

In terms of scalability, we went from 10 pilot machines to 35,000 devices.

The technical support isn't too bad but their responsiveness needs to be improved. I'd say it's their biggest issue. 

The initial setup is very easy, probably one of the easiest onboarding processes I've done. Implementation was done in-house and takes a few minutes per device; click it and go. I deal with anything related to antivirus patching and encryption and we have four cyber analysts that look after whatever comes out of ATP or Defender for Endpoint. 

My advice would be to plan carefully and make sure you take notice of what's coming out because it pushes out a lot of very useful information. It's a matter of having sufficient staff because the amount of information it gives you is phenomenal. If a company doesn't have sufficient resources then any other antivirus might work, but this thing produces so much useful information that if you're implementing this solution it's worthwhile having the staff to deal with it. 

I rate this product 10 out of 10. 

The solution is primarily used for antivirus and malware protection.

It definitely improves the organization in terms of security and productivity. We integrate the Defender with the Microsoft Cloud platform as well. It provides us with sandboxing and other functionalities in real time, where we can have the protection we need. 

It's integrated with advanced threat analysis so we can see how the threat is coming into our network, what it is doing, and more. We can see everything step by step if a threat comes, including how this threat impacted the organization, et cetera.

The first thing which I noticed is that it is completely compatible with Windows. It does not make Windows slow, as compared to all of the third part antiviruses.

The stability has been good.

Technical support is helpful and they have a very robust online community as well.

The product can scale very well.

We would like more customization, actually. They're not too customizable. We'd like the flexibility to be able to set some applications on a white list. We need more options. 

I've used the solution for approximately five years. 

The solution is stable and responsive. 

We have the solution deployed to around 350 users across four different locations.

It can scale to the thousands and thousands. I have seen customers here, some have approximately 12,000 devices and they're running that one program and it's going far without any issues. 

Technical support is good. They know things about the solution. The best part is that if anything happens, the Microsoft community is so big that any problem comes up, you can also just Google it and you will get the solution.

We used McAfee and another solution as well and they both are great and amazing, however, they make PCs slow and every time something happens you have to call the vendor and they will help you support. The difference is, with Defender, it doesn't slow things done and you never have to call Microsoft.

The initial setup is very straightforward. IT is actually my default. We actually helped our end-users with system centers, integrated Defender updates, Defender itself, patching, and Defender configuration using the consent and configuration manager. It's simple. It's not complex to set it up or manage.

It's a bulk operation to set it up, therefore, even if you have 100 PCs, it will only take you about an hour and you will be up and running with everyone. You only need one to two percent of your staff to handle the deployment and maintenance tasks. 

We used an integrator during the initial setup. They were quite helpful. Our experience with them was good. 

We have seen an ROI.

The solution is free for end-users. 

While we have the solution set up on our private cloud, you can also use a hybrid setup if that's better for your organization. 

I would advise new users to connect it with an endpoint manager and connect it with the cloud and then let the real magic happen.

I'd rate the solution an eight out of ten.

I am using Microsoft Defender for Endpoint for system alerts of any kind of suspicious items or unusual network traffic. I only use it for personal use.

The solution has shown me different kinds of requests from the websites that were made and cookies that have been created. It has provided me with statistics.

Microsoft Defender for Endpoint's most valuable feature is its ease of use.

Microsoft Defender for Endpoint can improve by providing more and different types of reports.

I used Microsoft Defender for Endpoint within the past 12 months.

Microsoft Defender for Endpoint has been stable. It does not slow down my computer.

The scalability of Microsoft Defender for Endpoint has been fine.

I have not contacted the support from Microsoft.

The initial setup of Microsoft Defender for Endpoint was intuitive, I didn't make any customization, I used what was preset. The installation was done with the Microsoft Windows installation.

The license for Microsoft Windows covers Microsoft Defender for Endpoint. 

I rate Microsoft Defender for Endpoint an eight out of ten.

It is mainly utilized for telemetry collection and correlating specific behaviors or reactions to TTPs, IOCs, or indications of compromise. It is used for getting that level of detail. 

It is good for attack surface reduction, which is how you harden your endpoint so that they're less likely to be infiltrated or compromised if you have an operative in your environment. So, it's mainly used for reducing the opportunity for someone to compromise the system but also for rapid detection when that occurs.

Coming from an organization where the EDR wasn't strong, it has always been a case of basically searching through the information you already have and looking for something. It was basically trying to find the needle in a haystack. What the Defender platform does is that it reduces the size of the haystack, and it'll say that the needle is over here. Minutes matter, and it certainly zeros you in on the events that are concerning. It also simplifies the effort of trying to get some kind of correlation of behaviors or actions you see in the environment and confirming if something is benign or a threat.

Something that is unique to Microsoft is its licensing model. When you go out and you buy McAfee or Symantec, you know what you're getting out of the box, but with Microsoft, often, when you're looking to achieve a certain set of capabilities, those capabilities are spread across different products. You might try to do something you could do with CrowdStrike, but then find out that you also need to purchase Microsoft Defender for Identity or Microsoft Defender for Azure. You realize that when they talk about what they can offer within the Microsoft platform, it's really the suite of investments. So, sometimes, you may find yourself buying Defender for Endpoint thinking that it matches CrowdStrike, but then you find that Microsoft really needs to sell you something else. One plus one will equal three, but when you have a very concise platform, such as CrowdStrike, you know what you're going to get.

The other consideration is that because it's Windows native capability, your capabilities are largely influenced by what version of OS you're running. For a small-medium business, it is not a big deal, but at an enterprise scale, there are always Server 2000, Server 2003, Server 2008, Server 2012, Server 2016, Server 2019, and so on. So, you're talking about having six or seven different versions where your capabilities are not consistent between 2003 and 2019. It's like asking how robust was security in Windows 2000 versus Windows 2010. You'd say that they're not even the same OS from a security perspective, and that's crazy. When you buy CrowdStrike, you're deploying an agent, and so you get a fairly consistent set of capabilities that are agnostic to the OS version, whereas, with Microsoft, the capabilities are largely influenced by the OS version. For an enterprise, being up to date is a very big consideration to be successful with the platform. So, it forces your platform to not lag behind. You can't have the old server versions and expect that you've got a robust EDR. Defender shines on Server 2016 and higher, but if you were to do some type of penetration or red teaming exercise on a 2003 server, you'd be better off with CrowdStrike or pretty much anything else.

We've been piloting it for the last six months, and this is what we have selected to implement.

There are no scalability constraints because it's all in the cloud. It's a SaaS. So, they can take on more PCs than any Fortune 500 would even have. The only constraint is that in terms of scaling, the strength of the platform is highly influenced by the OS version. If you were largely using Windows XP and Server 2003, you would not want to choose Microsoft Defender as your suite.

It is fantastic, but sometimes, it could be challenging to navigate. If you buy something like a Carbon Black or a CrowdStrike, you normally have one sales rep and one sales engineer, and depending on the level of support you pay for, you may get premium or platinum support, which means you have a very concise escalation path. With Microsoft, there are 20 different account reps. There is a productivity suite guy. There is a security guy. There are so many different places, which can create some confusion at times, but there is no lack of resources. If you have an issue, there are so many Microsoft employees and reps who are engaged at the enterprise level that once you figure out who to speak to, you get traction pretty quick. So, in summary, because there are a lot more people, their support is really great, but sometimes, having a lot more people can also create confusion in terms of where to go.

It is easy. It is native. They're literally like checkboxes. There is really nothing to package and deploy. If you're at a current version, it is a policy. You just turn on the policy. You go through the setup of installing McAfee on your home computer with next, next, next, and finish, or Microsoft will say, "Hey, we noticed you don't have an AV. Do you want to enable Microsoft or Windows Defender?" You say yes, and you slide the box from off to on, and you're now protected. It is like that. It couldn't be easier. There are things like firewall rules and network considerations that have to happen, but from an enablement perspective, because it is native, it really reduces the burden of onboarding the platform.

We didn't go through a real comprehensive analysis when we made the selection. We did some light touching, but we really did not do some comprehensive analysis between Microsoft and CrowdStrike. 

At an enterprise level, a lot of the stuff is based on relationships. It's not like you're starting from a green field. You look at who is your strategic vendor and who is not. With Microsoft specifically, you always get bundle deals towards your renewals. It's always like if you buy more Office 365, we can give you a discount on Defender and things like that. If you don't have a relationship with CrowdStrike or someone else, it is hard for their rep to speak to your CEO or your CSO, but Microsoft does. They've already got standing monthly meetings with them. So, we've made a determination to go with Microsoft because:

1. The technology is compelling.
2. It is a strategic fit for us. 

I would rate it a nine out of 10.

Microsoft Defender for Endpoint can be used for system protection. For example, anti-virus, malware, and EDR.

The most valuable feature of Microsoft Defender for Endpoint is that it is embedded into the Windows system. Additionally, the performance is good and simple to maintain.

Microsoft Defender for Endpoint is secure but when it comes to security all solutions could improve security.

I have been using Microsoft Defender for Endpoint for a couple of years.

Microsoft Defender for Endpoint has been stable in our usage.

We have more than 5,000 users using this solution.

We are quite satisfied with the support.

We use many solutions in our company, such as Panda, Trend Micro, McAfee, Microsoft, and FireEye.

There is no installation required.

We have a five-person technical team that supports this solution.

The solutions price could be cheaper.

I recommend this solution to others.

I rate Microsoft Defender for Endpoint an eight out of ten.

We have a dedicated team that handles all security-related aspects of the solution, however, my understanding is that the solution helps guard the endpoints in our organization. 

Along with security, there are certain IT policies in terms of accessibility of different sites, which are there in the organization. With everything put together, there haven't been any instances where I have seen any kind of issues such as malware or other malicious event getting through on my laptop. From that perspective, everything is fine. 

The patch updates and version updates are very good. Those happen on an automated basis whenever I'm connecting to the organization network, either through LAN or through the VPN. I never have to worry about anything being out-of-date.

The solution scales well.

I have found the stability to be good.

From a general user perspective, I don't see any further improvements needed. 

The price, in general, could always be a little bit cheaper.

I've used the solution for two years or so. It's not much more than that.

The stability of the product is good. I have not dealt with bugs or glitches. It doesn't crash or freeze. the performance is good. It's reliable. 

The solution scales well. If a company needs to expand it, it can.

We have 1,000 to 2,000 people on the solution currently.

I've never directly dealt with technical support for issues related to Defender. Many years ago I had reached out to Microsoft support for an issue related to Visio, a different product.

The initial setup is straightforward. There are certain automatic patches as well that keep on updating and those automatically install.

I don't recall how long the product took to deploy. When any new laptop or anything is assigned in an organization, all these things are installed prior to coming to us. Therefore, I wasn't actually a part of the installation process. 

We have a few contractors working with the in-house team. There may be around five to ten people. Any maintenance that is needed would be done by them.

The pricing could be lower. That said, I cannot speak to the exact costs involved as I do not directly deal with that aspect of the product. I'm unsure if the company is set up with a monthly or yearly subscription package. 

I'm just a customer and an end-user.

I'd rate the solution at an eight out of ten. I've been very pleased with how it has worked for me over the last two years. 

I would recommend the solution to others, however, I'm just a passive end-users and not as technically involved as those deploying the solution in our company. However, from my perspective, there has never been an issue on my machine with malware and therefore it seems to be doing what it's designed to do.

Microsoft Defender for Endpoint can be used for protecting personal information and file in my organization.

The solution has saved us time by not having to install separate third-party antivirus solutions.

Microsoft Defender for Endpoint is beneficial because we are using Microsoft Windows and all the core solutions are made by Microsoft, such as the authentic platform, operating system, and antivirus protection. It is a heterogeneous environment. We had to use third-party solutions before and update everything separately. For example, the policy for antivirus. With Microsoft Defender for Endpoint, when Microsoft Windows receives updates it will update with it. This is one main advantage of this solution.

Microsoft Defender for Endpoint can improve by making the reporting faster. It takes some time to reflect back to the administration portal of what has been updated. For example, out of 100 Computers, approximately 90 computers received updates, but when you check the administration portal over one or two days, you will only see 75, even though 90 were updated.

I have been using Microsoft Defender for Endpoint for approximately one year.

The solution is stable.

Microsoft Defender for Endpoint has been scalable.

We have more than 200 users using this solution in my organization.

Previously we used McAfee and Symantec Endpoint. Every five years we change the solution. However, this time we changed to Microsoft Defender for Endpoint because we wanted a unified platform.

When you install Microsoft Windows 10, Microsoft Defender for Endpoint comes with it. There is no installation of the solution other than installing Windows 10. It saves time because you do not have to use any new kind of policy or deployment.

We have a team of three that do the management of the solution.

The solution comes free with Microsoft Windows 10.

I rate Microsoft Defender for Endpoint a ten out of ten.