Microsoft Defender for Endpoint Reviews

It is the end defense against anything coming into our computers and through other channels, e.g., we have some other measures. A lot of our users use Microsoft Remote Desktop Services, so all our servers are locked down. The solution handles what nothing else finds along the way. It is a standard endpoint for computers, servers, and tablets.

What the user doesn't see or experience, the user is happy with. Every time our other services go in and put a stop pop-up in front of what they are doing when they want to visit a website, but the browser says, "No," or they are trying to download a link and then says, "Oh, no. This is dangerous," that upsets users because they can't do what they want to do. As long as we don't get any of that, then users are happy. If users don't feel it or know about it, then they are happy. Everything else will make them unhappy.

Our end users expect to be protected and that everything works. When IT doesn't work as they expect, then they get unhappy in some form. We kind of forced this solution upon them, so they don't have a choice. As long as it doesn't meddle with their normal work, they are fine. For example, when GDPR hit us in May of 2018, that was upsetting because they now had to do some of their work a little differently. So, they don't like GDPR because it interferes with their normal workflow. Normally, users come to me if they have issues with anything. However, if everything works as expected, they are happy. In addition, they expect that they are protected.

When you have something fail and you have three or four different vendors where the fail might be located, everyone just says, "Well, it's awful." Then, you have to go and find out where the fault is. That is really annoying and can cost the business money. For that reason, if I can have one single point of contact when I have a problem to help me out, and say, "Let's find the solution." That is much better instead of having me contact multiple companies to track errors down.

The protection will always need improvement:

• From a technical standpoint, I would like better artificial intelligence on how it does its stuff in the background. It will always be behind. However, at some point, it would be nice if it could get better. It is not bad, but it could always be better.
• From an audit point of view, our auditors would like to have more reports on how things are used, if things go wrong, and how they went wrong. For example, if something got a warning, "Why?" So, we would like more versatility for tracing and reporting. That would improve the product, as long as the user interface doesn't get bogged down.

I have been using the current solution since 2014.

We haven't had any issues. I haven't had any bad experiences. I expect it to work, and it works. It is just there. For example, when you have Word or the whole Office package, as long as it works, people are happy. You just have it, and you don't have to say, "Oh, this version is really..." It is just Microsoft. For most users, Microsoft is Windows, Defender, and the Office package. As long as you just use that, then people will say, "Okay, we're just basically using Windows." They don't care about one thing or another, as long as IT works.

As long as things are slowly upgraded, it works, and we don't have any issues, then I am happy.

I let my outsource company handle scalability. I only get involved if there are issues.

We have 50-plus servers with around 125 to 150 endpoints.

Our consultancy has a deal with Microsoft where they can get access to Microsoft directly. We are part of that deal. When we have issues that need some type of Microsoft input, we can get it. However, I will let the consultancy do that. I wouldn't do that myself.

We use different email solutions and web solutions to handle incoming and outgoing traffic. However, we have not previously used another endpoint protection solution.

In 2014, we upgraded from Windows 7. It was a completely new deployment of everything. Every server, every endpoint, and even the old laptops and desktops were upgraded. So, it wasn't just Defender. Microsoft Defender wasn't really the issue, as it worked. We had a lot of other IT that was annoying, but I don't remember that we had any struggles with Defender.

Microsoft Defender is always running. It is doing its job, so it is fine. I don't have any issues with the way it was implemented or how we are running it. We have been upgrading IT throughout the years, but there have been no issues.

We had a migration deadline set by our mother company. We had to stop using Windows 7 and server 2003 by 15th of June, and we started in April. So, it was done in just under two months right before June 1st.

We are part of the aircraft industry. We have been going downhill for some time, and now we are sort of going up again. At the time of purchase, we simply bought the outsourcing with the solution, meaning we would get this many machines and servers using these services. They kind of supplied everything.

We outsourced the deployment to another company at that point in time, who put up all the consultants and stuff. Before that, we had everything internally and on-premises. At that point, we moved it out still on-premises, but not in our own house. So, we built a separate system, then moved users over.

We didn't have Microsoft in to specifically help us.

The administration of this solution is outsourced. We use a consultancy who has 50-plus employees/consultants. They take care of nearly all services: Defender, Teams, SQL, etc. I then only have to talk to one or two people who are specialized in what needs to be done.

I have been very happy with our current IT services provider. We have had them for about a year. They took over from the old consultancy who installed our IT in 2014. Our current consultancy took over in 2020 because I wasn't so happy with the old guys.

It provides peace of mind with really good pricing. It won't be upsetting my budgets or anything like that.

Our outsourcer handled the decision that we were to use Defender, Remote Desktop Services, etc. They just said, "If you choose us, this will be your solution." It came as a package. Unfortunately, that company was bought by another IT services company, who bogged everything up. The service went downhill and stuff didn't get upgraded. So, we switched to another Danish supplier with whom we currently are happy.

Go for it. It is a standard solution. If you use Windows, you might as well go for Defender. With this solution, you have your normal dependencies within Microsoft. This means that you don't have to talk to another company; you talk directly to Microsoft. Some people might go for something else, and that is fine too. However, depending on how big your company is, if you are a small or medium business, you may want to have as many eggs in one basket to have fewer points of contacts.

It is a good endpoint. All the administration is handed over to our outsource partner. So far, it has been good. We have been using it for years, so it is the de facto standard for us right now.

As far as I know, its capabilities are okay. It is up there with the rest of them. Sometimes, this is what Gartner says is the best, the next best, the 10th best, etc. That will always change. As long as we don't get hit, we are fine. If we get hit, then there are questions around what we can expect from it, what we can get out of it, what help did we get, etc., but I would let my outsource partner deal with that. Directly, I don't have my hands on it.

I would rate this solution as an eight out of 10.

We use it for endpoint detection and response.

The agent is installed on the endpoint, on the laptop or desktop, but it's a SaaS solution.

One feature that has proven beneficial is the Threat and Vulnerability Management module of Defender for Endpoint, which provides information on the vulnerability of all the endpoints. We don't have to run active scans via network scanners. It is built-in. That has proven to be helpful, although we're still in the early phases. We have identified vulnerabilities that were in our organization for too long and nobody knew about those machines and the vulnerabilities on them. From a vulnerability remediation point of view, it has been quite helpful to us.

One of the features which differentiates it from other EDR providers is the Automated Investigation and Response, which reduces the workload of SOC analysts or engineers. They don't have to manually investigate each and every alert on the endpoint, since it does so automatically. And you can automate the investigation part.

In addition, there are several features that have helped to improve our security posture at the prevention level, such as the attack surface reduction controls and the exploit prevention control. The attack surface reduction comes with the solution, out-of-the-box. There is Application Control as well, which is kind of difficult to implement, but once you are through the pain of designing and implementing it, it is one of the very good features to have. These tools are some of the things that are missing from other vendors' products, as I have worked with McAfee, Symantec and Carbon Black.

One area for improvement is that, because it comes out-of-the-box, it does not interact well with many applications we have developed in-house. There is no way to exclude them because it interacts with everything on the endpoint. One of the issues is lagging: the in-house-developed applications suffer from this and they become slow. For a big enterprise, it is important that they include a feature so that we can exclude these applications.

Another area where it could be improved is that, while it collects a lot of data, it misses some data, which is important, such as the hardware version of the endpoint and the AV signature version. I think this improvement is in the Microsoft pipeline already but it is not in the solution yet.

I have been using Microsoft Defender for Endpoint for around one and a half years.

It has been quite stable up until now. It does not break. Microsoft is developing on it quite frequently and more and more features are coming in, but overall it is quite stable. It does not break that often.

As we have moved away from Microsoft Defender Antivirus and to the EDR solution, we have seen very few issues so far that users have faced with this. There have been very occasional performance issues for some users, but they have been very rare.

Scalability is one thing which, I think, Microsoft is working on, because it is not yet very scalable. What it provides out-of-the-box is all it has. Any big organization needs customization, but the customization of it and running customized things on top of it are areas where it is lagging. That something Microsoft needs to work on. Examples include running custom playbooks or customizing the events which it is collecting.

We are protecting 100,000 endpoints with this solution. We may increase usage, but there is no plan for that as of yet.

Microsoft technical support is good.

Before Microsoft Defender for Endpoint we had Carbon Black. But when I came onboard, Defender for Endpoint had already been chosen.

The setup process is not very complex, but it is also not very straightforward. It depends what solutions you have. If you have everything set up, which is usually the case for big organizations, then it is pretty smooth. But if there are some things that are not set up properly in the organization, like certain parts of the infra or the cloud onboarding, then it becomes cumbersome, not the installation part, but in setting up the backend which it needs.

Our implementation strategy was that we started with a few pilot machines, to onboard Defender for Endpoint. We noticed that we had around 70 to 80 percent failures. It was a learning phase and we identified the root cause of those failures. There are some settings in Defender AV that need tweaking when you want to onboard Defender for Endpoint. We struggled to tweak those settings, but once that was done, it went pretty smoothly for the next couple of pilots. Then we encountered another roadblock which was related to an OS version dependency.

Overall, it took us about one month to onboard the solution, but we are weak in infra.

We had our consultant from Microsoft for the implementation. The engagement went on for three to four months. But one thing we noticed from this project was that it did not need a consultant. It was not that difficult to do. Maybe we did not get an expert consultant because, for solving issues, he also took time.

In addition to doing onboarding, we wanted our third-party integrations, but that was something they could not do because they were Microsoft. We had to do that ourselves. Over that three or four months, we realized that we didn't need them.

Microsoft consultancy is good and bad. If you get good consultants, they are really good. But sometimes you get consultants who are not expert enough in their domains and you don't get enough from them.

We have not seen ROI yet, but we are hopeful that in the future it will provide that.

One of the differences between other solutions I have used and Microsoft Defender for Endpoint is that the latter is not yet enterprise-ready to the same extent that the other vendors are. Other vendors provide a lot of customization when it comes to integration, which every big organization requires. No big organization depends on one particular tool. Defender lacks that at this point.

Defender for Endpoint is marketed as an endpoint detection and response tool, but for others who are looking at onboarding it, they should take it as a holistic tool that provides AV, EDR, and vulnerability management all in one. However, it does not provide very good integration with third parties.

We are a consulting company and we use this product for endpoint protection across the company, as well as for our clients.

Windows Defender makes it easy to streamline the updates so we don't really worry about managing it.

The patch management is very easy, as it can be done automatically or added to a schedule. This will update all of the virus signatures.

We have a hook from our on-premises application to the cloud services for advanced threat protection, so the management is in the cloud. Centralized management allows us to schedule malware scans.

When you hook it up to the cloud's advanced threat protection, it gives you more than protection from ransomware. It covers different types of malware and allows you to see what malicious software is being executed on the machine.

The product allows you to manage your machine through it, similarly to the way SCCM does.

I would like to see better integration with their other security products to give better visibility from a higher level. Integrating with email, Azure, identity management, and other security applications, putting them all together, would be very good.

The first level of technical support is not very useful and it sometimes takes time to escalate to somebody more knowledgeable.

We have been using Microsoft Windows Defender for years.

This product is pretty stable.

We have had no issues with scalability. We deploy it anywhere from a small environment with a hundred users, to a large environment with 15,000 to 20,000 endpoints. The majority of our clients are small to medium-sized, with 3,000 to 4,000 users in the mid-range.

I would rate Microsoft's technical support an eight out of ten. At the first level, the support is very limited. You have to escalate it to the more senior team to get good value.

Some of our clients have used different products from vendors such as Symantec and McAfee, and they were not happy with them. We steered them towards Windows Defender and they switched because of the ATP hook to the cloud.

With other products, you have a management console, so you have to push the signature updates. We still do that now, but it's all in the cloud.

Both Symantec and McAfee come at an additional charge because they are not included in the operating system.

The initial setup is very straightforward.

We are using the version that is included with Windows 10. If you don't purchase the advanced threat protection then there is no additional charge.

My advice for anybody who is implementing Windows Defender is to purchase the ATP, which is in addition to the version that comes with Windows 10. This will allow you to really get the benefits and manage your organization's endpoints as a whole. This requires a presence in the Microsoft environment, such as a subscription to Office 365 or Azure.

I think that people should explore Windows Defender before looking at third-party products. While they are not a pioneer in anti-malware and anti-virus software, they are attacking it and they have a good budget. The advanced threat protection has a large cloud presence in Azure that we can take advantage of, and they update their product frequently. As soon as there is a new threat, they act on it right away.

I would rate this solution a nine out of ten.

We use this product for our endpoint detection and all the remediation.

The solution provides good security features. The key valuable feature for me is that you can view it in the central console.

I'd like to see more integration in the next release and the solution should be file protected.

I've been using this solution for five years.

The solution is scalable. 

I'd like to see a quicker response time from the company's technical support. 

The initial setup was straightforward. It didn't take long and was part of the deployment of our endpoints, and part of the integration. We currently have around 3,000 users and no plans to expand. We have four people involved with maintenance. 

I recommend this solution and rate it eight out of 10. 

The most valuable feature is its ability to effectively detect threats. It has the EDR feature, endpoint detection and response, and that is very good.

The management console is something that can be improved.

I have been using Microsoft Defender for Endpoint for about two years.

It is stable.

It is scalable.

The initial setup is quite simple because it is built into the operating system.

Microsoft Defender has more granular capabilities because of the native operating system that it is built into. It is better integrated into the operating system because both the product and the OS are from Microsoft. That is an advantage.

I use Defender for protection.

The most valuable features are that Defender is user-friendly and part of Microsoft Windows.

Defender's cloud integration could be improved.

Defender is stable, I haven't had any problems with viruses when using it, and it's easy to update.

The initial setup was easy.

I would recommend Defender to anyone thinking of using it, and I rate it as eight out of ten.

We're using the solution on our endpoints.

The functionality is very important to us. 

The cloud provisioning is great. 

It's a Microsoft product, therefore, it's easier to deploy this product than other options. It's very important for us to have a simple way to deploy new PCs when we buy the new PCs. We don't want that deployment to be a burden. The easy deployment feature is very helpful.

At the moment we are currently testing it. We are not major users of the product, and therefore we have no idea of what it can and can't do just yet.

At this time we don't have any recommendations concerning the Windows product interface.

It would be helpful if they offered video tutorial guides. 

I've used the solution for three or four months.

We are testing it right now and we didn't get into the production state just yet. Therefore, it's hard to gauge the capabilities in terms of stability. So far, however, it has been stable.

The scalability is okay. 

Support is always okay. I've always had a positive experience dealing with support. 

The deployment is seamless and super simple. It's not complex at all, and that's the main selling point for us. 

We did negotiate on the pricing, however, I can't speak to the exact costs involved. 

We did not really compare this solution to other options. The advantage is that this solution is available on mobile devices, and we needed something that covered everything, from desktops and laptops to mobile. Therefore, we didn't really consider anything else. 

We are Microsoft customers. We don't have a special relationship with the organization. 

We are using the latest version of the solution. 

It's a good product overall. I would rate it an eight out of ten.

I am using Microsoft Defender for Endpoint for system alerts of any kind of suspicious items or unusual network traffic. I only use it for personal use.

The solution has shown me different kinds of requests from the websites that were made and cookies that have been created. It has provided me with statistics.

Microsoft Defender for Endpoint's most valuable feature is its ease of use.

Microsoft Defender for Endpoint can improve by providing more and different types of reports.

I used Microsoft Defender for Endpoint within the past 12 months.

Microsoft Defender for Endpoint has been stable. It does not slow down my computer.

The scalability of Microsoft Defender for Endpoint has been fine.

I have not contacted the support from Microsoft.

The initial setup of Microsoft Defender for Endpoint was intuitive, I didn't make any customization, I used what was preset. The installation was done with the Microsoft Windows installation.

The license for Microsoft Windows covers Microsoft Defender for Endpoint. 

I rate Microsoft Defender for Endpoint an eight out of ten.