Microsoft Defender for Endpoint Reviews

We use this as our antivirus solution.

Within its class I think, it has a high and decent detection rate.

There were a few detections that are not picked up, and then Microsoft picks up on that and they update it. That's just a normal thing you go through based on every antivirus solution. You're always going to have viruses and signatures that are coming out.

So, I wouldn't say it's the perfect solution because if you're looking at next-generation behavioral based things, for example, if you're going to use ATP, that's when you can get more methods out of it. With Defender, if you pay more you can get the ATP component, which is sold separately by Microsoft.

We do have some challenges in the reporting aspect of it. 

There's a lot of manual effort involved to configure what we need.

There are also a few issues with policies.

Defender by itself is not a solution. Defender is basically a functionality.

We have some issues with reporting, but I think it's just the way we've integrated right now, again not using ATP. So, we just use STC MS management. Then it's limited in terms of reporting.

From an operator's perspective, I think there are some policy detection issues where you've got a detection for a signature but how it translates into the FCCM dashboard where it doesn't really categorize that particular model. It picks something up as bad but it's just unknown.

So, I think that's a known issue with this particular thing. Because it doesn't know what it is classified as it doesn't really do anything. For it to do something, the policy has to recognize the category of that number. It could be a trojan horse or whatever it is, but it doesn't really do that. It could be what they call an autonomous detection where the system categorizes it as not recognized and hence it blocks it, but it's not going to let you delete it instantly. Usually, you can say if it's detected you want to block it, that's the first step. The second step is to be able to delete the file or quarantine the file. But it doesn't recognize that, so it doesn't know what it needs to do. Instead, it just blocks it. It only blocks it because it doesn't recognize it as being Malware.

I would rate this product a six out of ten.

We are a government organization, and we use Microsoft Defender for Endpoint Protection.

We also use it for vulnerability scanning and assessment, which is very useful.

Microsoft Defender for Endpoint is a robust platform. The endpoint detection response is quite good.

Some executive reporting is inefficient, and we're looking into ways to improve it.

In the next release, I would like to see better management reporting.

I have been working with Microsoft Defender for Endpoint for two years.

Microsoft Defender for Endpoint is a stable solution.

Microsoft Defender for Endpoint is definitely scalable.

Technical support is quite good.

Previously, we didn't work with anything as sophisticated. We used a pretty old-style endpoint detection response.

On new devices, the initial setup is quite easy, while some of the older devices had some issues unpicking the old EDR product that had nothing to do with Defender.

Pricing can always be lower.

To achieve the best results holistically, consider the total cost of ownership of the Microsoft suite of products.

I would rate Microsoft Defender for Endpoint a seven out of ten.

Our clients use it for antivirus and anti-malware purposes.

It depends on the licensing. Most of the customers have got at least a 365 E3 license, and they can use most of the features of Windows 10 Defender. So, anyone who has got an enterprise license can start using those features. Some of the customers have got E5 licenses, and they can use all advanced features. Customers with E5 licenses use the advanced site protection (ATP) features and web content filtering without going via a proxy, which gives the benefit of replacing the proxy. They can get the benefit of MCAS and integration with Intune and the endpoint manager. It is a kind of single platform for all 365 technologies. It helps customers in managing everything through a unified portal.

Normally, we implement the attack surface reduction (ASR) rules and exploit protections. We also use Microsoft Defender Application Guard and ad blocker. Instead of using the application control list, we use the ad blocker at most of the places.

What I've heard from the customers is that the anti-malware engine is not up to date. So, sometimes, it may not detect such threats. I, however, haven't got any data to show for this.

Its licensing can be better. Currently, customers with the E3 license cannot use many features, and they would like those features to be available. With Windows 10 E5, Microsoft is phasing out all the functionality. They have also made a lot of changes recently where you can also buy add-ons for Defender ATP, but for Office 365, ADT, and other stuff, you still require E5 licensing. If they can improve its licensing, it would definitely be helpful in implementing the features from the security point of view. E5 definitely has more features from the security point of view.

I would like Microsoft to have some kind of direct integration for USB controls. They have GPO and other controls to control the access of the USB drives on devices, but if there is something that can be directly implemented into the portal, it would be good. There should be a way to control via a cloud portal or something like that in a dynamic way. USB control for data exfiltration would be a good feature to implement. Currently, there are ways to do it, but it involves too many different things. You have to implement it via GPOs and other stuff, and then you move or copy those big files via Defender ATP. If there is a simple way of implementing those features, it would be great.

We have been recommending Defender to customers for Windows 10 and helping them in implementing it for two years.

It is okay in terms of stability. I haven't seen any issues. Even if you go for a third-party vendor as your primary anti-malware software, you can get the benefit of Defender in a passive mode. 

I am an Azure engineer, and I work with an architect to design the solutions. I'm not a security person, and I don't know whether it catches all the new malware that comes into the IT world, and how quickly it gets updated because it is not my area of work as I'm not an SEC OP admin. I have read a few articles mentioning that the engine might only be 80% or 90% up to date. Obviously, no engine is 100% up to date, but it is still a little bit behind some of the third-party vendors. 

We haven't used their support much, but one of my colleagues has had some problems, and I think he didn't get good support from Microsoft. So, obviously, it depends on what kind of support engineer you have been assigned. Sometimes, it can be difficult. It is not only applicable to Defender; it could be with any of the products.

While implementing the ASR rules and other things, if you don't put it in the audit mode and don't do proper discovery, then it can definitely break lots of applications. You need to adhere to the implementation guidelines for ASR rules. So, proper analysis definitely needs to be done before implementing those rules because it can affect the business functionality.

Its deployment can take from few weeks to months depending on the size of the organization. In terms of the implementation strategy, we start with the pilot key users, and we deploy those policies. We also deploy ASR rules and other exploit protection rules in the audit mode, instead of directly enabling them. We then monitor the resources in terms of what can be blocked or what can get impacted by those rules. After that, we work with the users to implement it and see whether it breaks anything. If it breaks, then we look at the solutions. After we are happy with all those solutions and we know that enabling it won't break anything on a business side, we just roll it out.

Our clients are definitely seeing an ROI. Some of the clients have already got the licenses, and they can use lots of features of their Defender ATP. They are basically saving the cost of not going with a third-party solution.

Some of the clients who already had another third-party solution are also moving to Defender ATP because they already have the licenses, and they can save the cost on those. One of our clients is using ESET. They have the ESET standard version, so they are not getting any of the other features. They already have an E5 license to use all Defender ATP features. So, obviously, it would be beneficial for them to go with Defender ATP.

We did a little bit of comparison with Sophos. Sophos also offers cloud and network protection, but it would be an extra cost to buy it if you already have a license of Defender ATP. With Sophos, the USB features are a part of the cloud solution. So, you can configure USB restrictions and other things in the Sophos portal. With Defender, you will have to implement the USB security features via GPO or something else.

I would definitely recommend others to go with Defender ATP if they have got the licenses because it can give them a wide range of security controls. It is integrated with Office portals and Microsoft monitoring systems, so they get the sensors from different places. We haven't come across any security threats yet. From the point of view of its theory, implementation, and architecture, Defender ATP and other ATP integrations would definitely help customers in controlling their organization and implementing the best security rules and policies.

It hasn't affected the user experience much for our customers. Customers only see the notification pop up saying that Defender hasn't found anything and things like that.

I would rate Microsoft Defender for Endpoint a seven out of 10.

It is an antivirus. It is like any other antivirus, except it comes with Windows and you don't need to install anything extra.

People will ask you, "My system does not have an antivirus," because it is so hidden and subtle. You don't feel like you have an antivirus. Many users will wonder and come to you, saying, "I don't have an antivirus installed. Is that company policy? Do we need to get it from outside and install it?" So, we have to tell them, "No, there is an antivirus. It is there."

It is so seamless that people don't even feel or see it. It is just protecting everybody. If you are some kind of techie or have some experience with Windows Operating System, only then do you know that this thing is already built-in. If you go into the Task Manager, you can find the antivirus using up a lot of memory and a bit of CPU power, then you will understand that is the antivirus doing this. Normally, many people don't realize this.

It is already integrated with Windows 10, so you don't need to worry about that. 

It is a basic firewall with some additional anti-exploit measures and parental controls already built in.

It is using a large space in your memory all the time. While an antivirus will use some of your memory, if they could reduce the load of the antivirus to some extent that would be good.

We started using it when they started bundling it with Windows 10, which has been around three or four years.

It is very stable.

You do not need to worry about maintenance. It is automatically updated. Sometimes it will show you a red marker to do a system scan. People normally kind of ignore that, but I suggest people do a system scan from time to time. Now, what happens is just a bubble icon showing a red cross sign, but that may not be enough. It should give a pop-up window to remind people to scan the system once a month or quarter. It should be built-in scanning, without asking anybody, once per month or quarter.

It is scalable.

There is no need to get an additional solution because it comes bundled with Windows. 

We are protecting around 60 to 70 endpoints in India. In the entire company, there may be around 400 to 500.

We have used other antiviruses, like McAfee and Avira Antivirus.

The same thing can be viewed as a pro and a con:

Pro: It is more than silent; you do not even realize that it is an antivirus. Any other antivirus third-party will nag you with pop ups for any small threats. They want to show that they are doing something because you pay them money. They are funny, colorful pop-ups, whatever color they use is like an advertisement for them, e.g., "They are doing it wrong, and we pointed it out." Windows Defender does not do that. In a way, this is good for the people who know the threat sender. They do not really need to be nagged by the antivirus every time you open a site or click on a file.

Con: For normal people who do not know anything about the security side, some pop ups should be there. Some pop-ups call people's attention that you are doing it the wrong way. For example, "This is potentially wrong. Don't visit this site. Don't potentially open this link, file, or attachment." This is missing in Windows Defender.

It has a good return on investment, especially since we are used to paying for antivirus. Now, it is part of the Windows purchase.

You don't need to worry about the renewal and purchase of antivirus products. It is bundled with Windows 10, so you don't need to worry about separately purchasing any antiviruses. 

Whenever you purchase an antivirus, there are so many factors to consider, such as, weighing, doing a comparison, studying everything, and analyzing the cost-benefit factors. You don't need to consider any of this with Windows Defender because it all comes with it. So, you don't need to worry about it.

With Windows Defender, Microsoft is protecting their own operating system from hackers, viruses, malware, etc. It is better to use Windows Defender over other third-party providers. Microsoft knows what best is for the solutions.

If your computers or users are limited and you are not worried about using your computers for a lot of other browsing purposes or a lot of communication from the public, then you can depend on Microsoft Defender as your only solution. However, when your company is a lot more public facing, then you get a lot of mail from the public and must interact with the public. Also, if you must connect your computer to other computers not in your company, then I would suggest going for either a top-of-the line antivirus solution or third-party solutions. Totally depending on Microsoft Defender is not going to work for a company who is facing a lot of public interactions with their computer system.

I would rate it as an eight out of 10.

We use this solution for business security protection.

One of the main features is the solution is very light on resources and we do not have any problems with it.

There is room to improve the security of the solution.

We have plans to add an email security solution because this solution does not provide us with what we want.

I have been using this solution for approximately three years.

The solution is stable.

I have found the scalability of the solution good.

We were previously using the Avast security solution.

The installation is very easy, it takes only one day.

We did the implementation ourselves. We have approximately 10 engineers able to do the deployments and maintenance. 

There is not a license required for this particular solution.

I would recommend this solution to others.

I rate Microsoft Defender Antivirus an eight out of ten.

It can reach our applications and PC activities in the cloud.

Notifications are always popping up — I hate that. It could also be easier to use and more robust, overall. 

I have been using Microsoft Defender Antivirus for roughly two years. 

Within our organization, there are roughly 500 employees covered by Microsoft Defender Antivirus.

We have a team of 10 employees that handle all maintenance-related issues. We definitely plan to continue using this solution. 

Microsoft Defender Antivirus could be more scalable. 

I am satisfied with the technical support. 

Microsoft Defender Antivirus is easy to install. Installation takes half an hour, maximum.

Microsoft Defender Antivirus integrates automatically. 

You need a license to use this solution. 

We evaluated McAfee MOVE antivirus. 

Overall, on a scale from one to ten, I would give this solution a rating of seven. If they improved the scalability, I would give it a higher rating.

We are using Microsoft Defender ATP to prevent anti-phishing, malware transportation, and unwanted spam emails.

What I like most is the protection against phishing emails and anti-spam.

The integration of the defense features is something that they are working on but it still needs improvement.

In the next release, I would like to have additional features integrated with DNS security and DNS resolution. It will add to the solution and work more like a firewall.

If they integrate with the EDR then it will benefit this solution. 

I would like ATP to be integrated with the EDR as one single license.

I have been working with Microsoft Defender ATP for three years.

It is stable, but it depends on how you configure the existing ATP and what existing features you need to enable it.

Based on the features that are enabled, it will work perfectly. 60% to 80% will depend on the configuration that is done for the ATP trade products.

Microsoft Defender ATP is scalable at any point of time.

The technical support was good. 

I would rate technical support a four out of five.

The initial setup was not easy but not complex. It was somewhere in between.

There were many things that needed to be integrated with the existing solution, which took some time. It took us a week to deploy this solution.

When compared with other vendors, the pricing is very high.

There are several other features that can be integrated with Microsoft Defender ATP such as EDR. But, it doesn't already come integrated with ATP. It's available at an additional cost.

If you want the EDR feature, you would have to purchase an E-file license. The cost is three times higher to have more productivity with the dashboard.

It's a good solution. I would recommend Microsoft Defender ATP to anyone who is interested in using it.

I would rate Microsoft Defender ATP a seven out of ten.

This is an endpoint security product. It helps detect and prevent attacks and is very good when it comes to vulnerability assessment. It automatically detects attacks. It provides support for all the end devices, whether it is a Mac OS, Windows, mobiles, Android and iOS, it has support for all. I mostly deal with smaller and medium sized companies, I don't deal much with enterprises. I'm a customer of Microsoft and I work as a solution architect.

The product is very good when it comes to vulnerability assessment. It's a Microsoft flagship product and it integrates with Office 365. If my customers are using Office 365 or Azure or a Windows server, it helps to use Defender. Other products like Symantec or McAfee don't have that kind of integration with Microsoft products. In terms of identifying the attacks, it's far superior to Symantec. 

The GUI is very complex, particularly for normal users who work on it. It could be more user friendly. For future improvements, I'd be looking at internet security which we don't have as Microsoft does not distinguish whether a site is malicious or not. Kaspersky is very good at that but not Microsoft. It would be a big advantage for them if they were to include it. 

I've been using this solution for seven months. 

It's a stable product. Microsoft only recently entered this market and nobody believed that Microsoft antivirus would be good. They are now trying to prove everyone wrong in that sense by having a good security product. 

Scaling in or out is very easy. Scalability is really about licensing so you just have to request a registration license.

Ninety-nine percent of the time, I'm able to solve the problem. I do not have access to Microsoft support so if I go to their open support page and try to login a request, it takes up to 24 hours for the support agent to get back to me. It's pretty average. If you have the premium support or if you're a support partner of Microsoft, they respond back in one or two hours, something like that.

I tested the difference between Symantec and Defender by taking a malware from the internet and downloading it. Symantec allowed me to do it, even though it shouldn't have, but Defender, gave me notification and wouldn't allow me to do it. That said, Symantec is a very stable product that's been on the market for a long time. They have more expertise in endpoint protection than Microsoft. Symantec is not a cost-effective product for most customers. It's integrated with third party companies and is good in protecting endpoint. Because my customer base is companies that use Office 365 and Microsoft Azure so Microsoft integration with these products is very good.

The initial setup is very simple, you just have to attach it to the user's email address. Once the user logs in, it automatically downloads and starts working. I do the implementation.  In terms of maintenance, sometimes my engagement with the client is one time but sometimes, I do maintenance as well. This is a subscription-based, cloud-based product. They have to call me every year to renew. 

I would suggest that if you're already using Microsoft products, then I think it makes sense to go with Microsoft Defender over any other product.

I would rate this solution an eight out of 10.