Microsoft Defender for Endpoint Reviews

The area that I focus on the most is Endpoint Protection. We use Intune to build custom devices and configurations, to push out group policies, and do quite a bit with Azure Log Analytics.  

I'm writing a script from a multi-home deployment of the MMA Agent. The use case varies a lot, depending on the clients' needs. Our clients tend to be pretty big companies. The smallest client I have is about 600 people. Our biggest client is about 50,000.

DFE organizational security posture has been a positive experience. We're a Microsoft house. It works. Once it's deployed and once it's configured, it works and our clients tend to be happy with it. I haven't really experienced anyone who has been so unsatisfied with the platform that they wanted to go a couple of different directions, that has never happened to me.

It's Microsoft native. Microsoft is the corporate default, so it makes sense to use security platforms that are baked into the Microsoft platform. That's probably the most valuable aspect of it.

It has specific features that improve our customer's security posture. It makes the monitoring a lot easier and minimizes on-prem administration. A lot of the administrative stuff is all folded into Azure. It makes things easier.

The platform just makes things easier compared to on-prem or hybrid solutions because if you start working in an on-prem solution, most of the time it's going to be a battlefield. 

DFE affects the end-user experience when it's deployed. The more freedom a user has on the device, the more they're used to doing things their own way. By locking things down, by having device configurations, you disrupt the workflow. You need a lot of user education where you have to explain why you're doing these things. I'm a part of security. It's twofold, in that users have to get used to the new configurations. And the reason why we might take a little bit longer with pilot phases is that we have to identify how it'll affect the users and how the differences of different business units will be affected. Developers need a more open environment than other solutions.

Everything can always be improved. Improvements would depend on the client. 

Monitoring can always be better, onboarding can be a little bit faster, log collection could be easier, they could streamline the dashboard. They could maybe split it up into different workspaces and have the ability to segment groups a little bit more.

I have been using Microsoft Defender for Endpoint on and off for about three or four years. 

It's only the last two and a half years that it's been a big part of my job.

Microsoft has some creative accounting when they promise an SLA of 99.99%. But it is generally good. There's always going to be a problem with the cloud. If it works 99% of the time, that's great.

The frustrating thing is, you're not sure if there's a problem with your configuration or if the service itself is down because Microsoft tends to only report that the service is down much later than when you started experiencing things. So sometimes I have to jump onto a private forum or a Slack channel and ask other consultants if they experienced something similar. But when it works, it works. There's never going to be a cloud solution that has 100% uptime.

Scalability is fine. I mainly work with implementation, so I haven't really had to mess around with the scalability. I'm responsible for setting up security policies, and then if they want to do scalability, that's another team. I sit in security.

I haven't worked with support. I generally don't use Microsoft Support.

We were Microsoft partners last year. We're gold partners where we won security partners of the year, so we have an account manager. If it really hits the fan, then I would just talk to him. 

I've been an IaaS specialist since I began my career. I've done Apple MDM solutions and I've done Google Workspace, but when it comes to actual IaaS, I can't really compare. Because we're a Microsoft house, we generally don't use third parties or competitors.

The complexity of the setup depends on the environment. If it's Greenfield, it's super easy. I've been doing this for two to three years now. Most of the time it's easy. The larger companies have more complex networks and systems. The smaller the company, the easier it is to deploy.

The beginning of the project, like scoping, implementation, the entire process, or just the actual deployment depends on the size of the company. For smaller companies, we'll push some policies out. We'll do a week or two of a pilot phase where we identify different stakeholders and different business units. We collect feedback from them, keep an eye out on the audit logs and if that goes well, then we go into phase two, which takes another week or two where we slowly push out, if it's an accounting department with 60 people, then we'll do batches of 20. We'll have a pilot group of five and then we'll push it out to 20 people at a time.

The project managers worry about the licenses. I get my scope, I know the limitations I have to work with, and then I just make a solution based on that. I'm a very technical consultant and I don't really care about licenses, that doesn't really have anything to do with me.

My advice would be to start small, don't start a project thinking that it's the best solution, and bowl it out straight away. Take your time. Don't think that you'll be able to incorporate the platform within a month, although that would depend on the size of your business. Take your time, there's no rush, be patient. Because there will always be some problems.

I would rate it an eight out of ten. 

We combine Microsoft Defender with Advanced Threat Protection to manage, isolate, and scan our laptops and workstations for security threats. We have a dashboard that is embedded into Office 365 and it allows us to remotely scan for viruses and malware, so we don’t have to have the laptop present.

Using this product helps with device inventory. This is not an inventory solution, but it helps you take count of how many workstations you have, as well as what software is installed on each of them. It is important because any software installed on a workstation may be vulnerable to parts of the internet.

Microsoft Defender has features that have helped to add layers to our security posture. The most important of these features is visibility and the provision of detailed alerts. It correlates the data and using this information, I can identify a threat and see if any other workstation in the environment has been affected by it.

Using this product has not negatively affected our user experience. It is just like using Windows 10.

The GUI is very nice.

The reporting capabilities are fantastic.

In the future, I would like to have the ability to patch using this product. Specifically, in an enterprise environment, it would be very good if you could patch the workstations remotely.

The alerting is something that needs to be improved. Alerts need to be sent immediately because as it is now, you see some of them without delay and others arrive perhaps 30 minutes later, and it leaves important gaps in terms of information gathering.

I have been working with Microsoft Defender Antivirus since it first came out, at least seven or eight years ago.

With respect to the stability of the product line, Microsoft has many products that do almost the same thing. The question becomes which one you want to use. This is a good product but at the same time, after a while, you don't know if it is the next one that Microsoft is going to stop releasing because of other products that practically do the same thing.

Microsoft Defender is very scalable and there is a lot of room to expand and add extra layers. We have 2,500 endpoints and we plan to expand; however, we are thinking about using the Microsoft Endpoint Manager in place of it.

Once the decision is made to stay with this product or instead adopt Endpoint Manager, we will expand to cover 6,000 endpoints.

I have not been in contact with technical support.

Prior to Microsoft Defender, we tried quite a few different products from vendors such as Kaspersky and McAfee. One of the major reasons that we adopted Defender is because of the advantage that Microsoft owns the platform, Windows 10. As they have developed the operating system, it is believed that they understand how to guard it much better against a third party. An attacker has to learn a lot about Windows 10.

Another reason we selected Defender is the frequency of updates. Every other time that Windows is updated, Defender is updated. Again, this is because it is owned by Microsoft and exists on its platform.

We also use Microsoft ATP and we are currently looking at Microsoft Endpoint Manager.

The initial setup is straightforward. Basically, once you have the competency with the product, it is straightforward and there are no surprises. It is not rocket science.

This product is built into the Windows 10 image that we install. As you roll out Windows 10, it is already set up and pre-configured, so there is no additional work required.

We saw a return on our investment within the first two years.

If I quantify the effort used for the setup and compare it with the pricing of the previous solution, value for the money was realized during the second year.

We have an enterprise agreement so from my perspective, this is a product that ships with Windows and it is not priced standalone. It comes together with the other Microsoft products that we buy.

When we evaluated Kaspersky and McAfee, we found the scalability was better for Microsoft. You can do in-place upgrades of the endpoints with Defender but for the others, you would have to re-install the upgraded agents on the workstation. This takes a lot of time and it is not productive.

We are currently evaluating Microsoft Endpoint Manager by comparing the differences between it and Microsoft Defender. This is being done in advance of expanding our usage.

My advice for anybody who is implementing this product is to first analyze their critical assets to have an understanding of what they are. Then, decide if they want a scalable solution. New threats are coming in every month and the way this is going, Microsoft is learning lessons from networks that have been compromised. With this information, they give updates and patches to everybody. In support of this product, you have to consider the patching, consider the visibility that it gives, and then consider the critical assets it is protecting.

I would rate this solution a seven out of ten.

We are a system integrator and I specialize in practically everything that is security-related. This is a product that we sell as part of Office 365, and rarely as a standalone solution.

Usually, if we have a customer with Office 365 and they need this type of solution then we increase the subscription to a point where it is included.

From the user's point of view, this is classic anti-virus software. From a management point of view, this product gives better control over endpoint devices because some processes can be stopped remotely. If you have a person that is watching over the system then they have a higher level of control over endpoints.

This is a cloud-based product so it is always updated by the end-user.

They have to improve the email scanning where email is coming from somewhere other than our private network. The scanning is slow when it is working with incoming emails. Often, I can see the email but the scanning process is not finished and I cannot open the attachment. In general, the scanning has to be faster.

This solution looks stable. Provided that Windows 10 is updated, everything is okay.

I have not been in contact with technical support in regards to this product. However, technical support for Microsoft products is always of bad quality. In my experience, if you cannot find the solution yourself then you will have a huge problem because it is not an easy task to have them understand and support you.

You can lose a lot of time explaining the problem before you receive something that works.

My advice to is look for a good support library and try to find the solution yourself. This means that you don't need to contact support.

We have worked with many different security solutions. For example, we are selling a Security Operations Center as a service. We implement EDR, Privileged Access Management, Identity Management, anti-fraud solutions, web application firewalls, database security, and more. We are working with practically everything in cybersecurity.

We are working with between 10 and 15 different vendors. Sometimes, this is too many, but it is useful to have information about each product, its quality, and how it compares to others. Two products that we are working with now are Cisco AMP and Carbon Black.

There is a free version of Windows Defender, although the paid version has EDR functionality. We sell this product as part of Office 365 and it is not expensive.

I have never touched this product. I'm just selling it, and I don't recommend it to anybody as a standalone solution.

I would rate this solution a five out of ten.

I use Defender for protection.

The most valuable features are that Defender is user-friendly and part of Microsoft Windows.

Defender's cloud integration could be improved.

Defender is stable, I haven't had any problems with viruses when using it, and it's easy to update.

The initial setup was easy.

I would recommend Defender to anyone thinking of using it, and I rate it as eight out of ten.

I am using Microsoft Defender for Endpoint for system alerts of any kind of suspicious items or unusual network traffic. I only use it for personal use.

The solution has shown me different kinds of requests from the websites that were made and cookies that have been created. It has provided me with statistics.

Microsoft Defender for Endpoint's most valuable feature is its ease of use.

Microsoft Defender for Endpoint can improve by providing more and different types of reports.

I used Microsoft Defender for Endpoint within the past 12 months.

Microsoft Defender for Endpoint has been stable. It does not slow down my computer.

The scalability of Microsoft Defender for Endpoint has been fine.

I have not contacted the support from Microsoft.

The initial setup of Microsoft Defender for Endpoint was intuitive, I didn't make any customization, I used what was preset. The installation was done with the Microsoft Windows installation.

The license for Microsoft Windows covers Microsoft Defender for Endpoint. 

I rate Microsoft Defender for Endpoint an eight out of ten.

We use it at home on some personal machines at home, and there are a few machines inside of the Enterprise that has it.

We use this solution for general antivirus protection.

We like that it has a free version available.

The frequency of the patching, and the frequency of the updates, are not included with the free version. 

The platform I used in the past would check every hour and deploy every two hours down to the client, every patch that came through. 

It was actively looking for updates, the latest threats, which is something that the Microsoft Defender product did not have in the free version.

The Enterprise version that we had, didn't have visibility. If somebody were to uninstall it or turn it off, I'd have trouble seeing that easily. There are tools that I can install, but from a reporting standpoint who has it on and off is included with the Enterprise package that you pay for, or it comes included with Office 365 Enterprise, but not in the free version.

We have been using Microsoft Defender for Endpoint for two and a half years.

We are using the latest version. It is always up-to-date.

We had absolutely no issues with the stability of Microsoft Defender for Endpoint. We did not experience any bugs or glitches.

It is pretty easy to scale. it was basically one click to agree that you wanted to use it.

We did not contact technical support.

Previously, we were using another solution and were forced to uninstall it to patch Windows. It was an annoyance to reinstall it.

The initial setup was straightforward. It was extremely simple.

We are using the free version.

When you are centrally managing it, you can't get there without a much more expensive Microsoft solution to control the rollout and to make sure that it is up-to-date.

We didn't research that, it was a stop-gap measure until we figured out what we're going to do in the long term.

We are looking into a product that gets into the EDR, XDR, the fully managed patching, and everything else, versus just the anti-virus that package includes.

I would rate Microsoft Defender for Endpoint and eight out of ten.

We use Microsoft Defender Antivirus to scan for malicious payloads that may come in files, emails, a USB drive, or another type of external drive. It helps us to identify any malicious load that could compromise the security of any of our systems.

We are in a decentralized environment. We have multiple offices but they are not connected physically. The offices are directly managed from the internet.

We have a mixed environment with Linux and Windows machines.

We operate in the educational sector.

We have not fully considered how this product affects our overall security posture, although this is because we have not yet explored all of the features. Once we have all of our offices connected, it is something that we will be looking into. At this point, it does not affect all of our machines. On a scale from one to five, I would rate our security posture a four.

The most valuable feature is ransomware protection, which can detect malicious activity from IPs or a malicious payload in DLLs, or other things that can corrupt the system.

The performance is good. Usually, end-users complain that whenever background or real-time scanning is done, the effects are felt as there is a slowdown in the system. This is not the case with Microsoft Defender.

The file scanning has room for improvement. Many people use macros within their files, so there should be a mechanism that helps us to scan them for malicious payloads.

If there is a Word file then it is able to scan it, but if there is a malicious payload within its signature then it will not be detected. Deep packet scanning must be used to improve the overall product.

We have been using Microsoft Defender Antivirus since we upgraded to Windows 10 from Windows 8.

This is a stable product. We have been using the standard version for a long time and it hasn't negatively affected our environment. Generally speaking, it is reliable.

Microsoft is actively working on this product and I think that it is becoming more scalable, day by day. For example, prior to Windows 10, there was no ransomware support. Now, it comes with Windows 20S2 and Windows 20H1.

With our decentralized environment, I don't know the exact number of users or devices that we have. However, I can say that there are more than 500 devices being protected by this solution.

Most of the machines in our environment are in areas that don't have internet access. This is because they are stationed in remote areas of the country. This means that we need to use USB drives to update the machines manually. Given the number of devices and that the management is done manually at this time, it is pretty painful for our IT people.

We have not purchased support for this product, although, for most products, we usually do have it. To this point, it hasn't been required.

When we were running older operating systems including Windows XP and Windows Vista, we had a Symantec Endpoint solution. We had that for a long time but we opted out. After that, we used McAfee and other antivirus products. However, since Windows 10 was released, and with Microsoft Defender included by default, we felt that it was the solution for us.

As I recall, we stopped using McAfee and Symantec once we moved to Windows 8.

This product came pre-installed with Windows 10 on the machines that we procured from the vendor. It is straightforward and easy to configure, as well. Once Windows is installed, setting up the antivirus and scheduling scans just involves clicking the Next button several times. It is pretty easy for anyone and if the user is non-technical, we guide them through the process.

It takes a maximum of 10 to 15 minutes to install and configure on a PC. Whenever a new configuration is required, you need to configure it on each individual machine that you have. This is why we are investigating a centralization solution. It will help us out in applying things on a global level. For example, we can apply settings based on what is in Active Directory or other policies.

One person, in-house, is all that is required to set it up.

There is not much maintenance required, as our environment is pretty standard. Also, all of the updates come from the Microsoft update center and they are automatically installed on the machines.

It is difficult to determine ROI at this point. Once all of our PCs are joined together, we will have a better idea.

As we operate in the educational sector, we are eligible for an educational discount.

We are currently looking into other solutions that will give us centralized control over Microsoft Defender. However, we are still strictly in the research phase.

Once we decide on a product and a solution is proposed, it is a long process that involves budgetary considerations. Once a PoC is completed, the budget constraints are considered, and this is part of a very long chain of processes that take place before final adoption.

Since we started using this product, we have not had any breaches. When we were using the products by McAfee and Symantec, there were issues with viruses and malicious payloads. Now, it is better because we haven't had any major issues with the systems.

My advice for anybody who is implementing this product is to let the IT staff manage it, and not allow end-users to configure it or modify their own settings.

I would rate this solution an eight out of ten.

I use Microsoft Defender for Endpoint to protect my computer when downloading files. Whether it's documents from my email or web browser, this is the first thing I use the solution for. It also provides protection against ransomware. Additionally, the monthly report indicates the number of infected files that were blocked during that month.

Microsoft Defender for Endpoint provides excellent visibility into known threats, thanks to their comprehensive database of malware information. 

Microsoft Defender for Endpoint helps us prioritize threats across our enterprise according to our needs. We focus on protecting against malware first, followed by email protection, and URLs.

Microsoft Defender for Endpoint has helped protect our organization against malware.

The ransomware and malware protection is the most valuable feature.

When there is a significant amount of malware, I believe that Microsoft Defender for Endpoint may not be as effective as other firewall solutions. I tested Microsoft Defender for Endpoint and found that it allowed me to download files infected with malware from certain sites, and its protection did not work as expected in that aspect of my work. I suspect this is because I use a GRAPH file with a password, and the solution only detects a file when it's related to clean files or open files. It doesn't seem to recognize encrypted log files that require a password for access.

Microsoft Defender for Endpoint does not assist in automating routine tasks or identifying high-value alerts. Therefore, we had to turn to other solutions like Cortex XDR by Palo Alto Networks. Additionally, Microsoft Defender for Endpoint lacks the capability to upload a list of IPs for blocking.

Microsoft Defender for Endpoint is effective for validating work, but not ideal for investigations. As a result, our experts have to dedicate more time when investigating threats using Microsoft Defender for Endpoint compared to other solutions.

The zero-day detection, as well as the sandboxing for unknown malware and URL detection, needs to be improved. These settings were not functional when we tested the solution.

I have been using Microsoft Defender for Endpoint for one year.

I give the stability an eight out of ten.

I give the scalability a ten out of ten.

The deployment is straightforward.

Microsoft Defender for Endpoint is more affordable compared to some other endpoint solutions.

We evaluated Cortex XDR by Palo Alto Networks and Fortinet. We found that Microsoft Defender for Endpoint was easier to deploy and offered a better price.

I would rate Microsoft Defender for Endpoint a seven out of ten. The solution is stable, easy to deploy, and scalable. However, threat detection could use some improvement.

Our organization is a cybersecurity company, and after using Microsoft Defender for Endpoint for one year, we found that it lacked features such as endpoint detection and response. Additionally, it was weak in certain areas, like detecting a set of malware and providing email protection. As a result, we started exploring other solutions, even though they may be more costly.