Microsoft Defender for Endpoint Reviews

The solution is primarily used for antivirus and malware protection.

It definitely improves the organization in terms of security and productivity. We integrate the Defender with the Microsoft Cloud platform as well. It provides us with sandboxing and other functionalities in real time, where we can have the protection we need. 

It's integrated with advanced threat analysis so we can see how the threat is coming into our network, what it is doing, and more. We can see everything step by step if a threat comes, including how this threat impacted the organization, et cetera.

The first thing which I noticed is that it is completely compatible with Windows. It does not make Windows slow, as compared to all of the third part antiviruses.

The stability has been good.

Technical support is helpful and they have a very robust online community as well.

The product can scale very well.

We would like more customization, actually. They're not too customizable. We'd like the flexibility to be able to set some applications on a white list. We need more options. 

I've used the solution for approximately five years. 

The solution is stable and responsive. 

We have the solution deployed to around 350 users across four different locations.

It can scale to the thousands and thousands. I have seen customers here, some have approximately 12,000 devices and they're running that one program and it's going far without any issues. 

Technical support is good. They know things about the solution. The best part is that if anything happens, the Microsoft community is so big that any problem comes up, you can also just Google it and you will get the solution.

We used McAfee and another solution as well and they both are great and amazing, however, they make PCs slow and every time something happens you have to call the vendor and they will help you support. The difference is, with Defender, it doesn't slow things done and you never have to call Microsoft.

The initial setup is very straightforward. IT is actually my default. We actually helped our end-users with system centers, integrated Defender updates, Defender itself, patching, and Defender configuration using the consent and configuration manager. It's simple. It's not complex to set it up or manage.

It's a bulk operation to set it up, therefore, even if you have 100 PCs, it will only take you about an hour and you will be up and running with everyone. You only need one to two percent of your staff to handle the deployment and maintenance tasks. 

We used an integrator during the initial setup. They were quite helpful. Our experience with them was good. 

We have seen an ROI.

The solution is free for end-users. 

While we have the solution set up on our private cloud, you can also use a hybrid setup if that's better for your organization. 

I would advise new users to connect it with an endpoint manager and connect it with the cloud and then let the real magic happen.

I'd rate the solution an eight out of ten.

We use Microsoft Defender for Endpoint as an antivirus and antimalware solution. We also use it for endpoint management.

What I'd like included in the next release of Microsoft Defender for Endpoint is more integration with different platforms.

We've been using Microsoft Defender for Endpoint for four years.

Microsoft Defender for Endpoint is stable, except for occasional internet connection issues, but it's stable.

We contact the technical support team for this solution whenever we have an issue, and once you open a ticket, they respond as quickly as possible, though it would still depend on the severity level that you define.

The initial setup for Microsoft Defender for Endpoint was straightforward. It wasn't complicated.

We pay for our Microsoft Defender for Endpoint subscription yearly.

We've been working with various Microsoft solutions, e.g. Microsoft Defender for Endpoint, Microsoft Azure, etc.

Microsoft Defender for Endpoint has been awesome, so far.

I wasn't around during the setup of the solution, so I have no idea on how long setting it up took.

We have 6,000 end users of Microsoft Defender for Endpoint within the company, and it's being used on workstations, servers, and mobile devices.

I'm rating Microsoft Defender for Endpoint nine out of ten. I found it to be a good product. It's a fine product.

We use Microsoft Defender for Endpoint for network and endpoint protection.

Microsoft Defender for Endpoint could improve by making the reporting better.

I have been using Microsoft Defender for Endpoint for approximately three years.

Microsoft Defender for Endpoint is stable in my usage.

I have found Microsoft Defender for Endpoint to be scalable.

We have approximately 700 people using this solution and we plan to increase usage.

The technical support from Microsoft is very good. We are part of the Microsoft Suite, and from being part of this we have consistent news regarding Microsoft Defender for Endpoint.

I have previously used ESET.

The initial setup of Microsoft Defender for Endpoint was straightforward. 

We have two engineers that do the implementation and maintenance of Microsoft Defender for Endpoint.

Microsoft Defender for Endpoint has improved a lot over the years and it is a lot better now.

I would recommend this solution to others.

I rate Microsoft Defender for Endpoint an eight out of ten.

Defender is basically a protective seal that is used to protect your Windows applications. Whenever you enable it your system is safe. You feel safe and your data and your security are verified by Defender and protected by the Defender seal. 

Defender is a part of Windows; you just need to enable it. There is no need to install anything. 

It's quite good for security. We are using Windows 11 and Windows 10. In Windows 11, Defender is very, very strong. They built in good features, good seals. Earlier, ransomware protection was not there. However, now, new ransomware protection is also available in Defender.

The solution is stable.

The solution could always be more secure. 

The solution is very stable. There are no bugs or glitches. It doesn't crash or freeze.

The scalability is totally based on your OS operating system as it's a part of the OS. You can't define it in a different way. If your Windows platform is working fine and is of a certain size, then you can say that it's quite good and it will cover that.

We have 200 to 300 people using the solution. Some of our employees use Windows and have Defender. Others use Mac devices. 

We've used technical support in the past and don't have anything negative to say about their services.

There isn't really an installation process. It's already a part of Windows and just needs to be activated. You can install Windows in home or business devices and have Defender at your fingertips immediately.

While you don't need a technical team to install it per se, every organization has an IT team that likely would be able to install Windows and everything else. We have a 40-plus IT team. Everybody has a defined role. 

We handled the implementation in-house using our IT team.

The solution is included with Microsoft Office 365 subscriptions.

New users who are leveraging Microsoft can decide if they want to use Defender. It's already there - you can either activate it or not, depending on your preference. It's nice that you have a choice. Many companies find Defender is enough for them, however, if you want more security, you may be able to add other firewalls or security features to your existing infrastructure.

I'd rate the solution at a seven out of ten.

It is an Endpoint Detection and Response system (EDR), and it seems the new term is XDR. We use it for anti-malware protection. It protects from a virus, worm, ransomware, and other similar things. 

It can automatically scan and remediate stuff without an administrator doing anything. We use it for threat and vulnerability management. There are components in there that will tell us about any vulnerable software running on endpoints. There are a whole bunch of other things too.

It's great for investigating what's happening on a machine. They show a whole bunch of machine timeline events that are related to a security incident. They have quite good details on the things related to threat and vulnerability management, such as any weakness that has been disclosed publicly, assets that are exposed, and if there is an exploit active in the wild for that vulnerability. It can provide you with all such information, which is cool. 

It has got some awesome threat hunting capabilities. It can search for malicious activity that could indicate that an asset is being compromised, but it is not something to which you would have necessarily got alerted.

We're fully Microsoft, it integrates with other Microsoft security products very well. Its interface is also fine.

It can get a bit laggy sometimes. Other than that, we don't have any issues. They constantly tweak it and fix it up based on users' feedback. It has improved a lot over the past four years. Defender for Endpoint never really used to be a good endpoint security solution, but over the past couple of years, Microsoft has invested heavily in it. So, it has come a long way in all aspects of endpoint security. If they want to make it better, they should just continue investing in the current path of what they've been doing over the past couple of years.

I have been using this solution for nearly four years.

It can get a little laggy sometimes, but overall, it's fine when investigating events.

It is easy to scale.

There are different levels of technical support that you can purchase from Microsoft. We don't have the top level, but we used to have the top level, and that was good. I would rate them a five out of five. They've got a dedicated team specifically looking at threats for all their customers. 

I was not involved in its setup. I am only a user of the solution, but I'm pretty sure it's pretty straightforward. It's just deployed by Intune or a partial script or something like that.

It was implemented internally. In terms of maintenance, it generally doesn't require any maintenance. There are some policy configuration changes that we can tweak, but the signatures, behavior analysis, and all similar things in the engine are kept up to date by them. We have four people who are dealing with this product.

Licensing models of Microsoft are renowned for being complex. We just purchased the whole E5 stack. With E5 licenses for users, we get access to a bunch of features that are not just related to security. I would rate them a three out of five in terms of pricing.

One of the things that I like to constantly do is assess other vendors in the same space. We get vendor demonstrations, and for the most of it, it seems like Defender is well truly up there with the other best players in the market. I've never done a proof of concept with any other tool, so I can't really compare it with others. Most of the time, vendor demonstrations are all about glitz and glam to sell their product and show how much better they are than competitors.

I would advise doing your due diligence. This is more than just an endpoint security solution, and sometimes, you've got to think of your technology stacks before applying or purchasing certain security solutions and see if they're applicable to your environment. 

I would rate it an eight out of 10. No endpoint solution is ever going to be able to be perfectly good at stopping all types of threats. No endpoint solution would ever get a 10 in my point of view. 

It's an XDR (Extended Detection and Response) system.

It's an enterprise solution that provides a centralized console and it supports all the platforms that we use, including Windows, Linux, Mac, iOS, and Android. Microsoft Defender is embedded in Windows and is a basic anti-virus, but Defender for Endpoint is an enterprise-grade XDR system.

Microsoft should improve support for third-party platforms, because not all functionality is available for all of them. It's a good product, but they should just extend the functionality for all platforms.

I have been using Microsoft Defender for Endpoint for about three months.

It's quite stable. Sometimes it can overload the CPU of endpoints, but Microsoft provides ways to solve this problem.

Microsoft Defender for Endpoint is scalable. It's the ground-level service for other Microsoft security services. Microsoft provides a full range of security services and you have the ability to extend it anytime and in a simple way. You can scale the range of security services by just buying the license and implementing some extra service.

We have close to 200 users in our organization, but we plan to deploy this product to the whole company, with a total of nearly 800 people.

We have not had to contact Microsoft's technical support because we get support from our partner.

When it comes to the initial setup, Microsoft is very strong in that area and it is very simple. That's why we use it in our company. Some products are hard to deploy. Another solution was declined because it was not possible to roll it out in a bigger company.

We don't have a dedicated person to maintain the solution. Two people share the role. One is a Layer-1 specialist who maintains a daily routine, and the other is a Layer-2 engineer.

We started to install this product for ourselves, but Microsoft proposed some different kinds of programs in which an integrator helps key customers deploy services and products. We accepted the proposition and we are happy we did so because the partner was very professional with very deep experience with the product.

Microsoft has different plans for buying this product. The price depends on the configuration of the full set of products that you buy and on the licensing program in your contract. Microsoft provides a flexible licensing program and you can choose what you want.

The pros of Microsoft Defender for Endpoint are that it's simple to deploy and has all the required functionality. The drawback is that it lacks some functionality for other platforms, such as Linux.

I would recommend implementing this solution together with a certified partner. That will help to avoid a lot of mistakes and save you money, because licensing is a big part of the project.

I lead a delivery team. I have a team of about 20 technology specialists and we do the deployment for Microsoft Defender.

Instead of having a third-party antivirus, then you can have a Microsoft ecosystem for your entire endpoint protection. 

This solution has its own sensors, which is its best feature. It senses the behavior of your endpoints, whether it is logged in from a particular location or external of that location. 

It captures data through machine learning, which is built-in on the back-end. It also provides built-in analytics and a threat intelligence feature. It is a one-stop solution that doesn't require an antivirus because it comes prebuilt into Windows 10.

Sometimes, there are different skews. In a basic skew, they should have basic log analysis without the need to integrate with any third-party or SIEM solutions, like Sentinel. This would make it so much easier for users who don't have log collection or log analysis.

We have been using it for a year.

This solution is very much stable.

This solution is scalable. It is a cloud solution.

If you have the Microsoft Azure ecosystem, you can collect logs and view them through Sentinel. You can also onboard your devices within Intune. 

You can integrate Microsoft Defender for Endpoint with different Microsoft solutions, e.g., Defender for Cloud, Sentinel, Endpoint Manager for onboarding of Intune, and Defender for Office 365.

We have a large number of customers.

Premium support is okay. Professional support is not as good because it is free. You must wait because you are not paying.

The initial setup was straightforward. There was nothing rocket science to it. It didn't take much time as we just enrolled the device and assigned the licenses, then it was done.

You just prepare it, doing a license evaluation licensing and some network configuration, then you can onboard your device.

We do the implementation ourselves. We find it easy to deploy. We help customers adopt the solution and get better ROI.

They have to pay for the Defender license. There are different licenses and skews, such as Plan 1, Plan 2, or the trial.

You do not need to pay any additional costs for antivirus and anti-malware solutions for endpoint protection. 

Anyone on Windows 10 Enterprise should choose this solution.

It really depends on the volume. You need one senior architect who can just define the entire thing: the device, network configuration, etc. You will also need some Level 1 engineers who need to keep on monitoring the devices and do onboarding. If they are using the latest version of Windows 10, then you can do the onboarding via Intune, Endpoint, etc. 

My rating for this solution is an eight out of 10.

We call the solution MDATP - Microsoft Defender Advanced Persistent Threat Protection. At the same time, we're using it more from an EDR point of view, as an Endpoint Detection Response. It can detect any threats, malware, or processor, which are illegitimate and being executed by the end-users or malicious actors. When it sees this, it detects and reports to us. 

Not only that, at the same time, it's detection, prevention, and response. Mostly what we were working on is detection. When I refer to detection, I mean that it can, with pinpoint accuracy, detect something and expose the threat. It can also map those threats with a MITRE, which is one of the great things that I love about it, on top of the accuracy and the threat description it provides.

There are a few different use cases. We return with a query language, which is provided by Microsoft. We are able to create some threat hunting queries. We can pinpoint, accurately detect, and run pain testing. When there’s a threat or issue, I am able to find it and track it with great accuracy in MDATP. MDATP is able to tell me that, for example, in my organization, if there was a guy who was doing pain testing, which is black listed, and if there was an attempt to exploit something or install some malicious code or try to hack into the system. I am able to find this and pinpoint its occurrence. Not only that, I’m able to map them onto a MITRE framework and tell which stage of the attack it was, where the attacker came from, et cetera. I can see if it was something that was planned in the organization. 

I can both detect internally and externally. I have full faith that the MDATP will detect behaviors and warn us of issues.

When you go to do a deep-dive or investigation as a SOC analyst or any security analyst, it gives three structures or processes, as well as the execution that it performs. I am able to perform a very deep-level investigation with MDATP - more than I can with any other tool.

It did increase our security posture. While we had an antivirus before, it would only detect or prevent certain types of attacks. However, based on that capability, you cannot respond to the threat directly. For example, if there was ransomware on a system, the antivirus will be able to identify, detect, and mitigate it. However, at the same time, even if the antivirus detects that and tries to prevent it, you need to contain that machine, or you need to isolate that machine from the network. You don't want that machine to be talking to anybody in the network. Antivirus solutions can’t exactly do that.

With respect to prevention, it has an auto-remediation feature, which is a good feature that I love with respect to prevention. It does auto-remediation as well as manual remediation, which is pretty good.

With respect to response, we were able to contain, block, and respond to threats faster with MDATP. When we analyze the incidents or the threats it gives us a very good view of everything.

With this product, before containing or responding, we get the information and can see what exactly is happening and when that malicious file was installed. After that, we have an event timeline. The visibility is not that much when you only have an antivirus. Now, we see the full picture. When we adopted this tool, we got the detect, prevent, and response functionalities. Overall, our security posture looks much better and our attack surfaces are limited. Endpoints are also most vulnerable today and we can efficiently protect them now. Since we have reduced the attack surface our security posture has improved dramatically. On top of that, we have the capability to respond and to go deeper on a forensic level.

The product doesn’t affect our end-users. I do not see any major issues. There are exceptions where approvals may be necessary. However, the user acceptance is good. This is something that organizations pre-plan and there is nothing the user really has to worry about or act on.

Defender’s GUI can be optimized. The console needs to be more refined. After you have been using it for some time, you get used to it, and it is manageable. However, it should be a little bit more refined.

They should come up with pre-built inner workflows. I would really like to see this. There need to be workflows with respect to notifications, remediations, or any actions that people want to take. They should come up with predefined or prebuilt hunting capabilities. Right now, we have to manually write queries. I would prefer if they could come up with something more automated.

This is with respect to a SOC analyst perspective. Other users, other administrators, other different roles might have different issues. For me, there are no major concerns. It is a good tool, out of the box.

I've used the solution for about a year and a half, and have also done training on it.

The stability is good. It's a stable platform. I don't see any issues right now. However, I did see something in the past. I can't quite remember the exact situation. It's resolved and right now there are no issues. 

The solution is highly scalable.

You can onboard as many end systems as you want. If you bring more, for example, 100 users or 100 endpoints, you can integrate them with no issue. It's not a problem with MDATP.

We have somewhere around 2,000 to 3,000 users who are using it. We have an endpoint team and they manage the antiviruses and security tools and all those things. We manage the product partially from a policies perspective, and the endpoint team manages the platform and maintenance of it, including any upgrades, as necessary.

I've dealt with technical support in the past. It's good, not excellent. That said, it's okay.

Before using this solution, the company mostly dealt with antivirus solutions.

We moved to this solution to strengthen and report, detect and prevent, et cetera, which antivirus solutions don't offer. We wanted forensics and capabilities that were missing. Antiviruses simply cannot protect you from advanced persistent threats, and they cannot protect you from ransomware and they don't respond to things faster. Response capabilities were something that was missing. Basically, we just needed more.

I'm usually not part of the entire setup, however, I do manage it. We have to do certain policies within our organization. However, from what I've seen, it's not a complex setup. It is pretty straightforward.

In terms of how long the deployment takes, I don't remember the length of time. If you have a CCM centralized, you can push the policies within hours. 

The licensing is something that management decides on. I don't deal with the pricing or licensing.

We didn't really evaluate other options. We provided support for one of our clients, and it was a decision they made. 

We're a consulting company. We are not partners with Microsoft.

We use the solution as a SaaS.

I'd advise other companies to use this solution. It's an ideal choice, however, I'm not sure about the pricing. Maybe it's on the higher end of other competitors' pricing. That said, if you have an opportunity to use it, it will solve a lot of problems with respect to pain point detecting and doing investigations. At the same time, with Microsoft, if 80% of your organization is using Windows systems, it's going to be compatible. Specifically, with its platform, Microsoft understands what is right and what is wrong. Therefore, if the money is not a concern, or the budget is not a concern, opt for this. At the same time, as a generic statement, if not this solution, go for an EDR tool that suits your organization's needs best.

I'd rate the solution at a seven out of ten simply due to the fact that I have not fully optimized it.