Microsoft Defender for Endpoint Reviews

The area that I focus on the most is Endpoint Protection. We use Intune to build custom devices and configurations, to push out group policies, and do quite a bit with Azure Log Analytics.  

I'm writing a script from a multi-home deployment of the MMA Agent. The use case varies a lot, depending on the clients' needs. Our clients tend to be pretty big companies. The smallest client I have is about 600 people. Our biggest client is about 50,000.

DFE organizational security posture has been a positive experience. We're a Microsoft house. It works. Once it's deployed and once it's configured, it works and our clients tend to be happy with it. I haven't really experienced anyone who has been so unsatisfied with the platform that they wanted to go a couple of different directions, that has never happened to me.

It's Microsoft native. Microsoft is the corporate default, so it makes sense to use security platforms that are baked into the Microsoft platform. That's probably the most valuable aspect of it.

It has specific features that improve our customer's security posture. It makes the monitoring a lot easier and minimizes on-prem administration. A lot of the administrative stuff is all folded into Azure. It makes things easier.

The platform just makes things easier compared to on-prem or hybrid solutions because if you start working in an on-prem solution, most of the time it's going to be a battlefield. 

DFE affects the end-user experience when it's deployed. The more freedom a user has on the device, the more they're used to doing things their own way. By locking things down, by having device configurations, you disrupt the workflow. You need a lot of user education where you have to explain why you're doing these things. I'm a part of security. It's twofold, in that users have to get used to the new configurations. And the reason why we might take a little bit longer with pilot phases is that we have to identify how it'll affect the users and how the differences of different business units will be affected. Developers need a more open environment than other solutions.

Everything can always be improved. Improvements would depend on the client. 

Monitoring can always be better, onboarding can be a little bit faster, log collection could be easier, they could streamline the dashboard. They could maybe split it up into different workspaces and have the ability to segment groups a little bit more.

I have been using Microsoft Defender for Endpoint on and off for about three or four years. 

It's only the last two and a half years that it's been a big part of my job.

Microsoft has some creative accounting when they promise an SLA of 99.99%. But it is generally good. There's always going to be a problem with the cloud. If it works 99% of the time, that's great.

The frustrating thing is, you're not sure if there's a problem with your configuration or if the service itself is down because Microsoft tends to only report that the service is down much later than when you started experiencing things. So sometimes I have to jump onto a private forum or a Slack channel and ask other consultants if they experienced something similar. But when it works, it works. There's never going to be a cloud solution that has 100% uptime.

Scalability is fine. I mainly work with implementation, so I haven't really had to mess around with the scalability. I'm responsible for setting up security policies, and then if they want to do scalability, that's another team. I sit in security.

I haven't worked with support. I generally don't use Microsoft Support.

We were Microsoft partners last year. We're gold partners where we won security partners of the year, so we have an account manager. If it really hits the fan, then I would just talk to him. 

I've been an IaaS specialist since I began my career. I've done Apple MDM solutions and I've done Google Workspace, but when it comes to actual IaaS, I can't really compare. Because we're a Microsoft house, we generally don't use third parties or competitors.

The complexity of the setup depends on the environment. If it's Greenfield, it's super easy. I've been doing this for two to three years now. Most of the time it's easy. The larger companies have more complex networks and systems. The smaller the company, the easier it is to deploy.

The beginning of the project, like scoping, implementation, the entire process, or just the actual deployment depends on the size of the company. For smaller companies, we'll push some policies out. We'll do a week or two of a pilot phase where we identify different stakeholders and different business units. We collect feedback from them, keep an eye out on the audit logs and if that goes well, then we go into phase two, which takes another week or two where we slowly push out, if it's an accounting department with 60 people, then we'll do batches of 20. We'll have a pilot group of five and then we'll push it out to 20 people at a time.

The project managers worry about the licenses. I get my scope, I know the limitations I have to work with, and then I just make a solution based on that. I'm a very technical consultant and I don't really care about licenses, that doesn't really have anything to do with me.

My advice would be to start small, don't start a project thinking that it's the best solution, and bowl it out straight away. Take your time. Don't think that you'll be able to incorporate the platform within a month, although that would depend on the size of your business. Take your time, there's no rush, be patient. Because there will always be some problems.

I would rate it an eight out of ten. 

I use Microsoft Defender for Endpoint protection on my personal computer.

The solution has an easy-to-use interface, is always updated, and is user-friendly.

The solution could improve by providing more integration.

I have been using Microsoft Defender for Endpoint for approximately one year.

The solution is stable and secure.

I have found the scalability quite good.

The installation is simple.

I did the implementation of the solution.

The solution is free and comes with Windows.

I rate Microsoft Defender for Endpoint a ten out of ten.

We are using it for protection. We had a request from one of our customers, and we just started to implement it. We don't have any great idea about it. We are in the process of implementing it for the first time.

We are using its latest version. It is on-prem. The problem with going for a cloud version is that most of our customers prefer to work with on-prem solutions. So, we need all the features to be available on-prem as well as on the cloud.

We have just started to implement it. It is useful for protection from malware and ransomware. We are not exactly sure about zero-day, but we are trying to see if it will be effective for everyday antivirus purposes.

Auto recovery is the most important feature that we would need from this solution. For decryption, similar to Malwarebytes, there should be something to be able to recover the data up to the last normal status. Its ability to recover data to the last normal copy must not exceed 5 to 10 minutes.

We just started to use it.

We need to test its functionality in heavy environments.

Their support could be faster through the phone. The support through chat is very unuseful. It takes a lot of time and effort and but does not help in any way. We provide the first line of support to customers, so it is not a big issue for us.

We work on most of the protection products, such as Kaspersky, Malwarebytes. We normally use a lot of them. We had a request from one of our customers, so we started to implement Microsoft Defender for Endpoint.

Its initial setup is straightforward. The solution itself doesn't take more than 15 to 20 minutes, but the configuration duration depends on the environment, such as the number of policies, users, etc. It will vary according to the environment in which you are doing the implementation.

We implement it ourselves. Currently, we have only one customer of this solution.

Its price is fair. It has approximately the same price as the other products such as Kaspersky. It is much cheaper than Malwarebytes.

I would rate Microsoft Defender for Endpoint a seven out of 10.

We combine Microsoft Defender with Advanced Threat Protection to manage, isolate, and scan our laptops and workstations for security threats. We have a dashboard that is embedded into Office 365 and it allows us to remotely scan for viruses and malware, so we don’t have to have the laptop present.

Using this product helps with device inventory. This is not an inventory solution, but it helps you take count of how many workstations you have, as well as what software is installed on each of them. It is important because any software installed on a workstation may be vulnerable to parts of the internet.

Microsoft Defender has features that have helped to add layers to our security posture. The most important of these features is visibility and the provision of detailed alerts. It correlates the data and using this information, I can identify a threat and see if any other workstation in the environment has been affected by it.

Using this product has not negatively affected our user experience. It is just like using Windows 10.

The GUI is very nice.

The reporting capabilities are fantastic.

In the future, I would like to have the ability to patch using this product. Specifically, in an enterprise environment, it would be very good if you could patch the workstations remotely.

The alerting is something that needs to be improved. Alerts need to be sent immediately because as it is now, you see some of them without delay and others arrive perhaps 30 minutes later, and it leaves important gaps in terms of information gathering.

I have been working with Microsoft Defender Antivirus since it first came out, at least seven or eight years ago.

With respect to the stability of the product line, Microsoft has many products that do almost the same thing. The question becomes which one you want to use. This is a good product but at the same time, after a while, you don't know if it is the next one that Microsoft is going to stop releasing because of other products that practically do the same thing.

Microsoft Defender is very scalable and there is a lot of room to expand and add extra layers. We have 2,500 endpoints and we plan to expand; however, we are thinking about using the Microsoft Endpoint Manager in place of it.

Once the decision is made to stay with this product or instead adopt Endpoint Manager, we will expand to cover 6,000 endpoints.

I have not been in contact with technical support.

Prior to Microsoft Defender, we tried quite a few different products from vendors such as Kaspersky and McAfee. One of the major reasons that we adopted Defender is because of the advantage that Microsoft owns the platform, Windows 10. As they have developed the operating system, it is believed that they understand how to guard it much better against a third party. An attacker has to learn a lot about Windows 10.

Another reason we selected Defender is the frequency of updates. Every other time that Windows is updated, Defender is updated. Again, this is because it is owned by Microsoft and exists on its platform.

We also use Microsoft ATP and we are currently looking at Microsoft Endpoint Manager.

The initial setup is straightforward. Basically, once you have the competency with the product, it is straightforward and there are no surprises. It is not rocket science.

This product is built into the Windows 10 image that we install. As you roll out Windows 10, it is already set up and pre-configured, so there is no additional work required.

We saw a return on our investment within the first two years.

If I quantify the effort used for the setup and compare it with the pricing of the previous solution, value for the money was realized during the second year.

We have an enterprise agreement so from my perspective, this is a product that ships with Windows and it is not priced standalone. It comes together with the other Microsoft products that we buy.

When we evaluated Kaspersky and McAfee, we found the scalability was better for Microsoft. You can do in-place upgrades of the endpoints with Defender but for the others, you would have to re-install the upgraded agents on the workstation. This takes a lot of time and it is not productive.

We are currently evaluating Microsoft Endpoint Manager by comparing the differences between it and Microsoft Defender. This is being done in advance of expanding our usage.

My advice for anybody who is implementing this product is to first analyze their critical assets to have an understanding of what they are. Then, decide if they want a scalable solution. New threats are coming in every month and the way this is going, Microsoft is learning lessons from networks that have been compromised. With this information, they give updates and patches to everybody. In support of this product, you have to consider the patching, consider the visibility that it gives, and then consider the critical assets it is protecting.

I would rate this solution a seven out of ten.

It is an antivirus. It is like any other antivirus, except it comes with Windows and you don't need to install anything extra.

People will ask you, "My system does not have an antivirus," because it is so hidden and subtle. You don't feel like you have an antivirus. Many users will wonder and come to you, saying, "I don't have an antivirus installed. Is that company policy? Do we need to get it from outside and install it?" So, we have to tell them, "No, there is an antivirus. It is there."

It is so seamless that people don't even feel or see it. It is just protecting everybody. If you are some kind of techie or have some experience with Windows Operating System, only then do you know that this thing is already built-in. If you go into the Task Manager, you can find the antivirus using up a lot of memory and a bit of CPU power, then you will understand that is the antivirus doing this. Normally, many people don't realize this.

It is already integrated with Windows 10, so you don't need to worry about that. 

It is a basic firewall with some additional anti-exploit measures and parental controls already built in.

It is using a large space in your memory all the time. While an antivirus will use some of your memory, if they could reduce the load of the antivirus to some extent that would be good.

We started using it when they started bundling it with Windows 10, which has been around three or four years.

It is very stable.

You do not need to worry about maintenance. It is automatically updated. Sometimes it will show you a red marker to do a system scan. People normally kind of ignore that, but I suggest people do a system scan from time to time. Now, what happens is just a bubble icon showing a red cross sign, but that may not be enough. It should give a pop-up window to remind people to scan the system once a month or quarter. It should be built-in scanning, without asking anybody, once per month or quarter.

It is scalable.

There is no need to get an additional solution because it comes bundled with Windows. 

We are protecting around 60 to 70 endpoints in India. In the entire company, there may be around 400 to 500.

We have used other antiviruses, like McAfee and Avira Antivirus.

The same thing can be viewed as a pro and a con:

Pro: It is more than silent; you do not even realize that it is an antivirus. Any other antivirus third-party will nag you with pop ups for any small threats. They want to show that they are doing something because you pay them money. They are funny, colorful pop-ups, whatever color they use is like an advertisement for them, e.g., "They are doing it wrong, and we pointed it out." Windows Defender does not do that. In a way, this is good for the people who know the threat sender. They do not really need to be nagged by the antivirus every time you open a site or click on a file.

Con: For normal people who do not know anything about the security side, some pop ups should be there. Some pop-ups call people's attention that you are doing it the wrong way. For example, "This is potentially wrong. Don't visit this site. Don't potentially open this link, file, or attachment." This is missing in Windows Defender.

It has a good return on investment, especially since we are used to paying for antivirus. Now, it is part of the Windows purchase.

You don't need to worry about the renewal and purchase of antivirus products. It is bundled with Windows 10, so you don't need to worry about separately purchasing any antiviruses. 

Whenever you purchase an antivirus, there are so many factors to consider, such as, weighing, doing a comparison, studying everything, and analyzing the cost-benefit factors. You don't need to consider any of this with Windows Defender because it all comes with it. So, you don't need to worry about it.

With Windows Defender, Microsoft is protecting their own operating system from hackers, viruses, malware, etc. It is better to use Windows Defender over other third-party providers. Microsoft knows what best is for the solutions.

If your computers or users are limited and you are not worried about using your computers for a lot of other browsing purposes or a lot of communication from the public, then you can depend on Microsoft Defender as your only solution. However, when your company is a lot more public facing, then you get a lot of mail from the public and must interact with the public. Also, if you must connect your computer to other computers not in your company, then I would suggest going for either a top-of-the line antivirus solution or third-party solutions. Totally depending on Microsoft Defender is not going to work for a company who is facing a lot of public interactions with their computer system.

I would rate it as an eight out of 10.

I haven't experienced any problems.

They could improve the information about how they are dealing with people who could attack minors. This is my main concern. 

Another concern is ransomware, whether people can penetrate and encrypt my data or steal my credit card/banking information. 

I have been using it since 2019.

It performs well. The stability is seamless.

Scalability is not a problem because we don't have servers. We don't do anything more with the computers than use them for studies, reading papers and books, watching movies, and communicating with our family. So, we don't need to scale up.

If they could send me more information, then I could evaluate, read more, and give them opinions. For example, if someone tells me about a problem, then I can give solutions and also write to Microsoft regarding this information.

From the beginning of the pandemic, we received another kind of software when we had to be at home, but it caused us problems with the performance. So, I decided to quit the other software. Then, I installed Windows Defender on all my computers, including my grandchildren's computers.

I was using Sophos previously, but it was causing problems with the performance. For example, when my grandchildren were trying to assume a session, they opened Excel or Word with a 4 GB computer using Windows 10 and then they always lost the connection or the continuities because the computer slowed down. However, when we decided to quit using Sophos and install all the features of Windows Defender, then those problems were resolved.

The initial setup is very easy and straightforward.

My deployment process: I put some checks in the questions that they have. It was very easy. I read about it in the tutorial. I installed it on my entire family's computers (six computers) in less than half an hour.

It is free.

We are totally satisfied with performance and price. However, there is still the question, "Is it safe and secure enough for home, primary-school-age children, and minors?" Despite having a Masters degree in Computer Sciences and Mathematics, I have not been able to say if Microsoft is doing bad or good things.

Many companies may say that they have the best product, but I recommend always watching the news about what a company is doing. Stay informed. Don't be complacent. 

The solution is a nine out of 10.

We use Microsoft Defender Antivirus for antivirus protection as part of our endpoint security solution. It protects our systems against attacks from any virus, malware, or trojan. 

We rely on this product for endpoint protection in our organization because we have not subscribed to any antivirus, apart from Microsoft Defender. It comes for free with our Windows subscription and it has improved the way our organization functions because there have been no virus attacks to date on our laptops.

It has not negatively affected our end-user experience.

This solution takes care of most of the infections that are found in the system, and it comes included with Windows. These are the two main advantages of using it.

The most valuable features are the Windows Firewall and the regular virus definition updates. These features are very helpful and have helped to improve our security.

Microsoft Defender protects the computer by using virus definitions that we download through regular updates but nowadays, cybersecurity attacks have become more intelligent. This solution needs to move beyond relying on virus definitions alone and protect the system using behavioral analysis of the processes that are running. These can be vulnerable points and if a process causes a glitch in the system, it should be quarantined. Moreover, enhancements of this type should not detract from system performance. There should be no slowdown on the laptop, for example.

I have been using Microsoft Defender Antivirus since I started using Windows 7, more than eight years ago.

Stability-wise, it is good, and it performs very nicely.

The scalability is fine. We had more than 300 devices that are being protected.

I have never had an opportunity to speak with technical support because everything has always worked very smoothly. As we have experienced no issues at all, we never contacted support.

Prior to using Microsoft Defender, we used McAfee and Avast Antivirus.

One of the main reasons that we switched away from McAfee is that it required purchasing a subscription. With Microsoft Defender, it is included with Windows. When we install the operating system, it is already there and we don't have to purchase an additional antivirus product.

For security, aside from a traditional antivirus, we have purchased the SentinelOne Endpoint Security solution. This product is more enhanced when compared to an antivirus product. It is modern and has better threat intelligence than other products. I don't know SentinelOne very well yet, as we have just purchased the subscription, but I know that the difference between products is not based on virus definitions.

SentinelOne has intelligence on the cloud and many other security features including the blocking of domain names, and the blocking of USB drives that users plug into their laptops. Although it has many more features than legacy antivirus software, I have no complaints about the performance of Microsoft Defender.

One of the reasons we are more heavily relying on endpoint security is that everybody is working from home and using the internet for work. This transition was made within the last two or three months. When people were working in the office, the firewall afforded them protection. However, as it is now, the endpoints are more vulnerable to attack. This is why we now rely more heavily on SentinelOne.

Microsoft Defender comes preinstalled with the Windows operating system, so we do not have to deploy it separately.

The subscription is part of Windows, so we don't have to pay anything extra for this product.

This is definitely a product that I recommend people use because first of all, you do not have to pay anything extra to use it. The performance is very smooth and it protects your system, which is very much needed. All in all, I would say that this is a good antivirus solution.

I would rate Microsoft Defender Antivirus an eight out of ten.

We use it for antivirus. You can use it for malware and Zero Trust. Some people use it for fact-checking too. I can also use it with Intune, which is good. 

We deploy Microsoft Defender on all kinds of devices, including Microsoft, iOS, and Mac.

Auto-remediation: When the product sees malware, it resolves the issue immediately. This protects the machine.

I like the tamper protection. For example, if I buy a notebook with Windows 10 and put Microsoft Defender on it, then I can activate the tamper protection. This keeps people from entering the machine, encrypting it, and changing passwords.

Microsoft Defender is fully integrated with Azure Sentinel. In addition, GPO can be connected with Microsoft Defender and Azure AD.

It needs to improve the cybersecurity for lateral movements. For example, when a hacker tries to enter a machine, they try to get the password by doing a lateral movement. 

With Windows 10, version 18.0.3, I couldn't see the documentation to open the ports. If you don't open the ports, then the machine can't communicate with the console.

I like its stability a lot.

You push out all the devices that you want. There is no limitation beyond money and licenses.

In the past, I have used McAfee and Kaspersky. 

I only work with Microsoft products right now. It integrates well with other products. I also work with Microsoft Defender for Identity.

The deployment process is not difficult because Microsoft Defender comes with Windows 10. You just right click, then it connects you with Azure. 

There are other processes that can be connected, e.g., Microsoft Download Center.

I implement Microsoft Defender for Endpoint. It takes me one or two days to design Microsoft Defender for Endpoint. It is easy to do this, and the more you implement, the easier it gets over time.

Sometimes, when I change the configuration, I have to wait six to eight hours.

It is so expensive. It isn't cheaper than McAfee or other solutions.

I prefer Microsoft Defender for Endpoint instead of McAfee, Kaspersky, and other products.

I would rate this solution as 10 out of 10.