Microsoft Defender for Endpoint Reviews

We are a government organization, and we use Microsoft Defender for Endpoint Protection.

We also use it for vulnerability scanning and assessment, which is very useful.

Microsoft Defender for Endpoint is a robust platform. The endpoint detection response is quite good.

Some executive reporting is inefficient, and we're looking into ways to improve it.

In the next release, I would like to see better management reporting.

I have been working with Microsoft Defender for Endpoint for two years.

Microsoft Defender for Endpoint is a stable solution.

Microsoft Defender for Endpoint is definitely scalable.

Technical support is quite good.

Previously, we didn't work with anything as sophisticated. We used a pretty old-style endpoint detection response.

On new devices, the initial setup is quite easy, while some of the older devices had some issues unpicking the old EDR product that had nothing to do with Defender.

Pricing can always be lower.

To achieve the best results holistically, consider the total cost of ownership of the Microsoft suite of products.

I would rate Microsoft Defender for Endpoint a seven out of ten.

Microsoft Defender for Endpoint gives us a second layer of security as well as the third layer of security. One of them is interested in web security and email security. One of them, similar to Cisco, is a Cisco FirePOWER. These are a compilation or a group of devices for security.

We had some issues where phishing and malware were not detected and were allowed to pass unless I mentioned it or we forced the phishing or malware to be blocked, I can't rely on that alone.

Phishing and Malware detection could be better.

Technical support needs improvement.

I have been working with Microsoft Defender for Endpoint for one year.

It is stable for the time being. 

I can't add more layers of security because of my budget and business plan, so I try to choose the best and most preferable option for me and my company.

I would rate the scalability a seven out of ten.

In one company, we have two administrators and 30 employees who use this solution.

On a short-term plan, I will not increase the usage. On a larger scale, we intend to increase the license.

In my opinion, technical support is not as effective as it was before. They take a long time to support and investigate the issue.

It takes a long time for them to support and investigate the issue. I believe they must crush the time in order to provide us with our needs, and our objectives.

There are applications and solutions that we have used for five or more years. We almost used Microsoft Link but have since switched to Microsoft Teams and Skype for business. We almost exclusively use Cisco products such as Cisco EMC, Cisco Web security, and Cisco Meraki.

The installation is straightforward. It's a cloud solution that requires some configuration running on the cloud.

The deployment takes a couple of hours to complete.

It's a different story when it comes to security. It takes a different approach. It requires two an administrator and a manager to maintain this solution.

Sometimes the installation and deployment are done by the technical team, and sometimes it's done by others.

Licensing fees are paid annually through a partner.

If I do recommend it, it will not be solely for security purposes. It is possibly for a first-line security platform, and it is required to build a second, third, and possibly fourth business security layer.

I would rate Microsoft Defender for Endpoint a seven out of ten.

The product is useful for projects, finding tech, and finding firewall actions on computers. 

There's no impact on other applications. Most other solutions have more of a possibility of an impact on other applications and due to that, you must make some special configurations to those other applications. The Microsoft Defender impact is very small.

The intelligence mechanisms are good.

The initial setup is easy.

We have found the technical support to be helpful.

The detection of viruses could be a little bit better.

We've used the solution for maybe two years.

Our company is only a small company. We only have 10 people who use the solution. However, we have clients who have a lot of users. 

We likely will increase usage in the future. 

We've been in touch with technical support. Their level of support is fine and they are very fast. We are satisfied with their level of service. 

We had some problem and, after four hours, we had new signatures for the environment by our customers for more than a thousand clients so that we can protect and improve the new setup. It was a very quick turnaround.

The initial setup is not difficult. It's simple. We have just rolled it out to 6,000 clients which have been, by far, more than other customers we've had so far. We have deployed a Microsoft configuration.

In the environment, we needed one or two days to deploy it. In smaller environments, you only need two hours of work.

It can be done by technical personnel in-house. If they have good knowledge of Microsoft environments, and how to use Microsoft tools, then it's easy.

It's always good if you know how to use OutShare. With OutShare, you can make many things extremely effective and extremely easy.

It is possible to handle it in-house if you have a knowledgeable team. We implement the solution for our clients. 

Clients need to pay a yearly licensing fee.

This is an on-premise solution where all connections have a cloud connection.

I would recommend the solution to other companies. I'd rate the solution at a nine out of ten. 

Microsoft Defender for Endpoint is integrated into Microsoft Windows and is used for system protection.

Microsoft Defender for Endpoint has been secure and there is zero maintenance required because it updates with Microsoft Windows.

The solution can be more user-friendly.

I have been using Microsoft Defender for Endpoint for a few years.

Microsoft Defender for Endpoint is stable.

The solution is scalable.

We have 30 users using the solution in my organization.

The solution has no installation as it comes with Microsoft Windows.

I do not have to purchase antivirus solutions anymore because Microsoft Defender for Endpoint is integrated into Windows and comes free.

I would recommend this solution to others.

I rate Microsoft Defender for Endpoint a ten out of ten.

Defender's endpoint protection is good.

I've been using Defender for less than one year. Defender is free for one year. Once that year is over, we will switch to Kaspersky.

Defender is stable. The performance is good.

In terms of scalability, I rate Defender 10 out of 10. 

I haven't dealt with Microsoft support for this product.

It's easy. Defender came pre-loaded on our computers.

I rate Microsoft Defender for Endpoint eight out 10. I would recommend it to others.

It's used to protect endpoints and, for some customers, it is used to deploy Microsoft 365 suite features. Most of our clients are medium-sized businesses.

The most important and the most relevant features of Defender for Endpoint are the malware and ransomware protection.

I would like to see the next generation of the tool improved to work with other operating systems, like Linux.

I have had about a year's worth of experience with Microsoft Defender for Endpoint. I am a subject matter expert for a Microsoft partner in Colombia. We develop portfolios and solutions for our customers that need Microsoft products in their infrastructure. My role deals with the architecture of solutions.

I don't recall any issues with the solution.

It scales easily.

I haven't had to use technical support for the solution.

The setup depends on the customer, but it is generally simple.

Some customers have the licensing of the suite and have all infrastructure prepared for the installation and deployment. But in some cases, when customers haven't deployed the solution and don't have licenses, it can be expensive to start from scratch.

Customers haven't given us any feedback about difficulties with the solution. With its intelligence and tools over cloud infrastructure, it's a good product. We are developing some use cases and projects for customers with Microsoft Defender for Endpoint. It is good for us.

We primarily used the solution as Endpoint Detection and protection (EDR, EPP) with secondary benefits of threats and vulnerability management, security incident response, automated query and real-time device monitoring, and with the capability of email security, identity management (DFI), and task automation (Power automate). We used respective licenses where required.

The solution was also used for an endpoint antivirus for workstations in a multi-OS environment, including Windows and Mac OS. We had file, device, and user trajectory monitoring for the security operations team.

The solution benefited the company via:

• OS-level/Tool compatibility for endpoints running Windows (since both are Microsoft products and Defender core files are included in Win10 or later delivery).
• Heuristic capability. Consistent usage of MDE indicates that the tools are continuously learning new prevention techniques by pulling real-time up-to-date cloud resources.

• Alert chaining. The solution makes security Incidents, events, and alerts less tedious from a Security Operation Center standpoint. This can result in false negatives or detriment for small to medium-scale firms running no or semi-automated threat response features.

The most valuable aspects of the solution include:

• Advanced hunting. The product offers flexibility, visibility, and automation capability using a user-friendly query language (KQL).
• Reporting. Clear and concisely plotted graphics show real-time data representation - which is valuable to upper management.

• Scalability/API. We are able to productively integrate with existing on-prem, hybrid, or cloud applications. 
• Great OOB features. The solution comes with SIEM-ingestion-ready features for extensive visibility, automation, and integration, including advanced hunting, threats and vulnerability management, embedded simulation for end-to-end testing, ransomware prevention (Controlled Folder Access), and Attack Surface Reduction (ASR) rules.

Improvements could be made via:

• Clicks. There's a poor user experience with lots of optimizable opportunities of user interface particularly on the newly improved portal (https://security.microsoft.com/). Features like device inventory continue to lack essential workstation drill-downs showing the entire device information with the least effort.

• De-centralized console features. Discrepancies with enabling core features at the click of a button within the MDE portal is mostly due to prerequisites that are tied to the functionality or partial enforcement requirements from other Microsoft tools (Group policy, Azure, Sentinel, SCCM, Intune). EDR in block mode requires Intune security baselines and tamper protection requires MAPS enabled. Web content filtering also has security baseline dependencies

• No single pane of glass. There are too many loose ends with tiny bits and pieces to enforce essential security policies compared to other EDR solutions within the same caliber. A typical example is having to create exclusions in different locations for entirely different functionalities, such as: automation folder exclusion, group policy exclusions (per tenant), Controlled Folder Access (ASR) Allowed application, and Attack Surface Reduction (ASR).

• Service Requests. Noncritical cases with MDE technical support teams tend to be queued for over a week before the first customer engagement. Most of these tickets also end up in the hands of temporary or contracted non-Microsoft employees who are scripted and offer little attention to unique incidents.

Suggested additional features that should be included in the next release include:

• Digestible interface/filter for crown-jewel capabilities like ASR, CFA and Exploit mitigation occurrences.
• Restoration of an always visible search bar from the previous console view (https://securitycenter.windows.com).
• A definitive action plan for Secure Score recommendations and deduplicate of controls.

We were using Microsoft Defender for Endpoint prior to its change of name from Defender ATP. We experienced a plethora of GA changes including, but not limited to, IOS/multiple OS support, device discovery, web content filtering, API updates, and continuous integrations with existing security tools.

Usually, the solution is used in relation to keys management. We implemented a program for it, for the lifecycle of the keys. We've also used it for certificate management.

The initial setup is very straightforward.

The stability is very good.

Technical support is good.

The solution is in good condition and offers good functionality.

There are likely some technical improvements or features that could be added, however, I cannot say, off the top of my head, what they would be.

I used the solution in relation to scoping a project. I was doing business analysis.

The solution was very stable.

The solution is scalable.

The technical support for Microsoft is very good.

The initial setup is not difficult or complex. It's very simple and straightforward. 

I do not know how much it costs per month. I cannot say how it compares against the rates of the competition.

We are a Microsoft Customer.

I'm not sure if I would recommend the solution to others. It depends on their requirements. It needs to fit a company's use cases.

I would rate the solution at an eight out of ten.