Microsoft Defender for Endpoint Reviews

Our main use case for Microsoft Defender for Endpoint is endpoint security.

The features of Microsoft Defender for Endpoint that I like the most are that it is not a very intrusive product, so it is not using up a lot of compute.

We have an AI practice that uses quite a bit of compute, and the security product that we were using before Microsoft Defender for Endpoint was taking up quite a bit of compute for them, impeding them from helping our clients. We found a new solution with Microsoft Defender for Endpoint to bring that compute down so they could easily help our clients, speeding things up.

I like managing the unified endpoint settings across both security IT teams with Microsoft Defender for Endpoint; it is super easy. With Defender, it is all in that single pane of glass, whereas before I was using several different products, but now it is all underneath the Microsoft stack.

Microsoft Defender for Endpoint has helped free up my SOC team to work on other projects or tasks.

At least ten percent per week has been saved due to the efficiency gained with Microsoft Defender for Endpoint.

I do not have anything that I can think of regarding how Microsoft Defender for Endpoint can be improved or any additional features that should be included in the next release.

Currently, I have not expanded usage of Microsoft Defender for Endpoint; we are still using it as we started with.

I assess the stability and reliability of Microsoft Defender for Endpoint as being quite good; so far, we have not had any issues with it.

I have not experienced any downtime, crashes, or performance issues with Microsoft Defender for Endpoint.

Microsoft Defender for Endpoint scales very easily with the growing needs of my organization; it is easy enough to purchase new licenses as we grow.

I evaluate my customer service and technical support experience as what I expected from Microsoft; sometimes it is a little lacking, but for the most part, they are able to provide exactly what I need.

On a scale from one being the worst and ten being the best, I would rate my customer service and technical support an eight because I have always thought a little more improvement from Microsoft could come, especially from tier-one support where I have had to re-go through everything I have already troubleshot. Getting that escalation would improve things if they understood where I was coming from.

Positive

Prior to adopting Microsoft Defender for Endpoint, we were using another solution to address similar needs.

In the past, we were using Sophos for endpoint, and the factors that led me to consider change were performance, cost, support, and scalability. As we have not seen them really grow with the rest of the security field over the last five years, they were not improving anything, and their support was lacking.

My experience while deploying Microsoft Defender for Endpoint was extremely easy.

There were no challenges faced while deploying; it was a simple product to deploy, with the only issue being removing the old software.

We have seen a return on investment with Microsoft Defender for Endpoint.

In terms of return on investment, we are paying quite a bit less for Microsoft Defender for Endpoint, enabling us to use that saved budget for other products, and it is performing better than we had previously thought it would.

My experience with the pricing, setup cost, and licensing of Microsoft Defender for Endpoint is that it required one hundred licenses, which was fine, but I was hoping that I could use a little less for the demo. Other than that, the price point was quite a bit lower than competitors.

I considered several other solutions before selecting Microsoft Defender for Endpoint, but off the top of my head, I would not be able to name them.

Price point stood out as a major factor in my evaluation process, and as we are a Microsoft partner, continuing to work with Microsoft made the decision quite a bit easier.

I would advise another organization considering Microsoft Defender for Endpoint to take a look at it, especially for the cost point if they are already working inside of the Microsoft stack; it is seamless to deploy it, and it works with the other tools. I would rate this product a nine out of ten.

My current use cases for Microsoft Defender for Endpoint include primary Defender MDE, Endpoint Detection Response EDR. I also use it mainly for attack simulator, which is for phishing deployments.

Microsoft Defender for Endpoint has changed significantly for the better. I appreciate that it has MD integrated with it. The cloud app feature is beneficial. The attack surface feature where phishing simulations can be performed is quite neat. I definitely appreciate the vulnerability assessment capability. These are significant key features that I find valuable.

It would be helpful if Microsoft could integrate a sandbox with Microsoft Defender for Endpoint. This is critical and important, especially when conducting phishing attacks since it has a simulator. This is particularly notable as competitor CrowdStrike has a robust sandbox, while Defender does not.

The vulnerability management feature in Microsoft Defender for Endpoint needs enhancement to make it more robust. The naming convention should be changed to M365 Defender instead of just Defender, as there is confusion between Defender, Defender 365, and Defender XDR. This creates uncertainty about whether we're discussing XDR, EDR, or M365 Defender.

The vulnerability management modules could be improved to be more user-friendly and accurate compared to other vulnerability management solutions such as Tenable, Rapid7, and Titanium. Currently, the vulnerability management in Microsoft Defender for Endpoint is not as accurate as the BMS information from Tenable or Rapid7.

I have been using Microsoft Defender for Endpoint for a couple of months now. Prior to this, I used Defender when it was known as ATP for two to three years. Technically, I have been using the solution since 2020.

The solution is pretty stable.

I don't think it's scalable at this moment. It is doing what it's supposed to do, but Microsoft Defender for Endpoint isn't there yet.

I would definitely recommend having professional services from Microsoft help with deploying Microsoft Defender for Endpoint, not a third-party vendor. This is critically important because you want a Microsoft expert who knows the system thoroughly. Vendors often lack knowledge of Microsoft bending, rebranding, and the underlying engine systems that a Microsoft security engineer would possess.

The pricing is pretty decent. We have a unified platform with a dark package and G5 GCC. I am satisfied with it as the company covers the cost.

I am planning to conduct an assessment in July. Based on my experience, I would rate Microsoft Defender for Endpoint an 8 out of 10.

My main use cases for Microsoft Defender for Endpoint are mostly for end-user system protections, as well as a server environment.

The feature I appreciate most about Microsoft Defender for Endpoint is the portal, being able to see everything rolling up into the portal for a total overview of how the organization looks for all the managed endpoints.

A specific example of Microsoft Defender for Endpoint in use is that there will be a status on some of the devices that will report whether they are in a healthy state, need attention, or whether there is any critical alerting on it. Having that high-level visibility across a large organization is very beneficial.

One of the things that I think can be improved or added to a future release of Microsoft Defender for Endpoint is the timing, specifically the delivery of updates for Microsoft Defender for Endpoint, not just a product update, but also the signatures and so on within itself. The actual product updates have caused a little bit of disruption that could be avoided, so I think that customers need to have more granular controls as to when updates can be deployed versus more done from a top-down deployment perspective.

I have been using Microsoft Defender for Endpoint for four years.

I do have experience with Microsoft support already.

I would describe Microsoft support as good, but we also pay a lot; we have a very large investment with Microsoft on all of the products that we use. It is not just the security suite itself, so having that gives us some leverage for getting support as needed.

Positive

Before adopting Microsoft Defender for Endpoint, we used third-party products, specifically a lot of Trend Micro before switching to Microsoft.

What made us switch to Microsoft Defender for Endpoint was the support, as it was not as good as it should be with Trend Micro.

The return on investment for Microsoft Defender for Endpoint has definitely been a more productive, secure environment for us, but from a financial perspective, I cannot tell you if there has been an actual return on it.

My experience managing unified endpoint settings across both security and IT teams with Microsoft Defender for Endpoint involves using role-based access, where the Information Security group has a different view of the environment, separate from the actual local IT teams that are supporting the end-users. This helps both of them, one from an overall management perspective, but also from a local regional perspective, to know the health of the environment in those two different forms.

My experience with Automatic Attack Disruption in Microsoft Defender for Endpoint has been pretty good for us, as we have been able to stave off some issues and it has brought them to our attention. It has worked quite well.

We have tried to integrate every single thing within Microsoft Defender for Endpoint, but it takes a lot of time and planning because you do not want to just apply the security settings by default. You want to go through a test process; otherwise, you may introduce incidents.

I would say that testing it on Microsoft Defender for Endpoint is not difficult; it just requires proper planning when you do a rollout so that you do not cause issues of your own. The integration process has actually been quite good for us.

We do use the Security Exposure Management feature in Microsoft Defender for Endpoint.

The impact of using the Security Exposure Management feature is that Information Security says, 'You have some items to clean up,' and they assign a lot more work.

I would not say it helped free up the SOC team to work on other projects, but it gave them an area of focus to do their jobs better.

I would say that Microsoft Defender for Endpoint did reduce mean time to remediation.

The licensing for Microsoft Defender for Endpoint has been fine, but I do not know about the pricing that was handled at more of an executive level, so I do not know if that was good or not. I would rate my overall experience with this product as a nine out of ten.

We have used Microsoft Defender for Endpoint for various purposes, from tracking different vulnerabilities to monitoring potential issues with attacks.

Defender for Endpoint has significantly improved our security posture. We run two MDRs, and Defender catches more threats than the other. We've benefited from fewer attacks, reduced risk, and less exposure. We passed our recent physical penetration test audit with excellent results, partially due to Microsoft Defender.

Because of the notification and reporting, our mean time to resolution has drastically reduced. It's easier to find the issue by clicking through the notifications. Our SOC team has saved a lot of time, allowing them to focus on audits and other tasks. 

The notification and reporting features are most valuable because we are part of a compliance project, and maintaining SOC 2 compliance is critical. The reporting, dashboards, and automatic notifications of potential issues greatly improve visibility. Luckily, we haven't had to use automatic attack disruption, but we are happy it's there.

The only issue is that our mobile endpoints do not have Defender installed for part of them. An additional feature that could be included in the next release is free Copilot.

I have been using Microsoft Defender for Endpoint for at least two years now.

Defender for Endpoint is extremely stable. I haven't seen anything that would give me any cause to doubt it.

Defender's scalability is phenomenal, and it's going to be one of the keys to resolving issues for the SOC.

We haven't had much need to use customer service and technical support. Due to our size, we don't have access to direct technical support, but the knowledge base, Microsoft Learn, and the articles available are really good.

Positive

We use both Microsoft Defender and SentinelOne for extra coverage. We evaluated CrowdStrike and other options, but Microsoft Defender makes logical sense as part of our E5 license.

Deploying Defender was extremely easy. We built a package and rolled out everything without our end users noticing.

We did the deployment ourselves in-house. We're that good.

The return on investment is primarily in time savings and better observability of what's happening. Although I don't know the exact numbers associated with the time savings, it has definitely improved efficiency.

The pricing, setup, and licensing were very easy and simple. I've really enjoyed it.

We looked at CrowdStrike and several other options, but Microsoft's integration, communication, and Copilot make it the better product. Other solutions lacked integration and visibility across the entire estate.

I'd rate Microsoft Defender for Endpoint nine out of 10. I don't give anything a 10, and it's about as good as a nine can get.

Microsoft Defender for Endpoint is used for Windows PC security.

The features I like the most about Microsoft Defender for Endpoint are the scanning capabilities.

Microsoft Defender for Endpoint has helped free up the SOC team to work on other projects and tasks.

The end user can whitelist some applications, and it goes to the system admin to approve. I believe this is how Microsoft Defender for Endpoint can be improved in the new release.

I'm not sure if we are using the security exposure management feature to optimize our security configurations.

We have had reports where users experience slowness on their PCs when files are being scanned regarding the stability and reliability of Microsoft Defender for Endpoint. Apart from that, there is nothing else.

I have not experienced any downtime, crashes, or performance issues.

I think there is good potential and capability for Microsoft Defender for Endpoint to scale with the growing needs of my organization.

We have expanded usage, and the process of expansion was easy.

Average describes my evaluation of customer service and technical support.

On a scale from one being the worst and ten being the best, I would rate customer service and technical support a five.

I give it a five because even though the questions are answered, sometimes it takes a lot of time. It's not that quick, and sometimes they'll say they don't know the answer and need to escalate it to the next level.

Neutral

Prior to adopting Microsoft Defender for Endpoint, we were using Symantec antivirus to address our needs.

We have moved away from other third-party antivirus because these features have provided us with a cost benefit.

Easy describes my experience with deploying Microsoft Defender for Endpoint.

I did not face any challenges.

Because it comes with the E5 license, I don't think we have many concerns about the pricing, setup cost, and licensing.

I considered Symantec and Microsoft Defender for Endpoint before selecting Microsoft Defender.

Positive aspects stood out in my evaluation process when comparing my options.

Good describes my experience of managing unified endpoint settings across both security and IT teams with Microsoft Defender for Endpoint.

I have no idea how much time was saved.

I cannot quantify if Microsoft Defender for Endpoint has helped reduce mean time to remediation, or MTTR.

Cost is the factor that led me to consider a change.

My advice to another organization that's considering Microsoft Defender for Endpoint is to go for it. I give this product an overall rating of eight.

We use Microsoft Defender for Endpoint as an Endpoint Detection and Response (EDR) tool, as well as for vulnerability management.

I appreciate how easily Microsoft Defender for Endpoint integrates with our environment and the wide variety of logs it provides compared to other EDR tools. The policies provided are quite effective and easy to implement, which simplifies the onboarding of newcomers. We continually test new policies, making threat detection and response efficient. Automation capabilities have allowed us to create workflows that automate detecting true or false positives.

I believe that vulnerability management could be improved by making it easier to pull reports and providing more detailed information on how Microsoft Defender for Endpoint detects vulnerabilities. Our partner vendor mentioned that these updates might get more granular in the future.

I have been using Microsoft Defender for Endpoint for the past couple of years.

Initially, I experienced performance issues that hampered our servers. However, after setting appropriate exclusions, everything seemed to work fine.

Microsoft Defender for Endpoint is scalable. I did not encounter any limitations in terms of scalability.

When I had performance issues and needed clarity regarding certain legitimate applications being blocked, I raised a few tickets with Microsoft. Their responses have been adequate. Overall, I would rate them eight out of ten.

Positive

I used Symantec and Trend Micro before Microsoft Defender for Endpoint. Symantec was an on-premises solution, and we needed a cloud-based solution. After our company merged with a client, we switched from Trend Micro to match the client's tools, including their use of Microsoft Defender for Endpoint.

The initial setup was straightforward as we had ample experience in multiple migrations and deployments. We did not face any significant challenges in implementing Microsoft Defender for Endpoint in our environment.

Our implementation strategy was to install Microsoft Defender for Endpoint as a dummy software initially. With the help of our qualitative system engineering team, we deployed it on all machines, enabled monitoring mode, and compared it with current antivirus software. Eventually, we completed the deployment, disabled the previous antivirus, and made Microsoft Defender for Endpoint our primary. The process went smoothly without any outages or escalations.

Overall, I recommend Microsoft Defender for Endpoint due to its features and capabilities, which cover more loopholes than other EDR solutions. I rate the solution nine out of ten.

The main use case for Microsoft Defender for Endpoint is that today, most everything needs to be secure, and endpoint security is very critical because we work on there. Most of our customers use Microsoft Defender for Endpoint to protect their endpoints and avoid any cyber threat and cyber attack.

One of the best features of Microsoft Defender for Endpoint is called Threat and Vulnerability Management, TVM, which provides real-time visibility of vulnerabilities and misconfiguration at our endpoint level and helps prioritize and remediate based on risk information.

The rest of the features such as automatic investigation, remediation, and attack surface reduction, along with cloud security analysis, are also quite good. The best part about Microsoft Defender for Endpoint is that we don't need to install any agent as with other EPP products. Microsoft Defender for Endpoint is very good because the agent is already onboarded at the Windows OS level, eliminating the need for additional agent configuration.

Microsoft Defender for Endpoint is very good, but one suggestion is that in some products, we may need to configure security-related settings, whereas Microsoft Defender for Endpoint works completely differently, providing automatic recommendations and actions that we may need to perform ourselves.

Regarding the pricing of Microsoft Defender for Endpoint, during the last three years, we set up the product and sold it, but we faced difficulties because Microsoft pricing is always the same. For example, whether I purchase Microsoft Defender for Endpoint for one year or for the next three years, the pricing remains constant with no discounts available. In contrast, competing products offer reduced pricing for long-term commitments, which makes it difficult for us in that environment. Microsoft should consider this option to remain competitive, but otherwise, everything else is fine.

In my working experience with Microsoft Defender for Endpoint, it's around more than three years, and during this time, we are using Microsoft Defender for Endpoint for our customers.

The stability of Microsoft Defender for Endpoint is generally good; however, in my region of Myanmar, which is a developing country, many organizations cannot afford licensed software and sometimes use cracked versions. This can lead to difficulties when installing Microsoft Defender for Endpoint, as it may terminate those cracked applications, but that aligns with Microsoft compliance which mandates that everything should be licensed.

Overall, the product is stable, but there are challenges for small companies that aren't compliant. For customers who are compliant, everything works fine.

In terms of scalability, since Microsoft Defender for Endpoint is also a cloud product, its scalability is very good, and we never face any issues regarding scalability. Therefore, we can confidently say that it is scalable.

My experience with customer support from Microsoft is very good because we are Microsoft partners, and whenever we face problems, we contact Microsoft who tries to help us. Generally, customer support is good, but sometimes we encounter engineers who don't sufficiently address our problems. When that happens, we request to transfer the case to another engineer, which typically resolves our issues. Overall, I would give customer support a rating of nine out of ten.

Positive

The initial setup of Microsoft Defender for Endpoint is very straightforward, with nothing too complex. Based on my experience, we onboard all devices first, see the recommendations from Microsoft Defender for Endpoint, and then continuously improve, which allows us to manage security services for our customers. The implementation and continuous improvement actions are not too difficult; it is very straightforward.

We use a Zero Trust approach according to Microsoft best practices, so we follow the Zero Trust approach of never trust and always verify. I rate Microsoft Defender for Endpoint a ten out of ten.

Our main use case for Microsoft Defender for Endpoint is as a safety plan because we're in hospitality.

Microsoft Defender for Endpoint benefits my company by saving on labor costs since we don't have to put in extra effort to maintain it. It's self-sufficient.

Microsoft Defender for Endpoint gives us information about attacks and security, and easy access to data, similar to a spreadsheet. It gives us the information we need. It helps provide quick responses.

Microsoft Defender for Endpoint seems safe, which is the main thing we were looking for, and it works reliably in catching the things we used to catch. We see many random hacking attempts and fake emails, and it cuts them off before anything happens.

Microsoft Defender for Endpoint works mainly behind the scenes. We know we are safe and feel we can relay accurate information to customers.

Microsoft Defender for Endpoint's coverage across different platforms in our environment has no issues. Microsoft seems to have it covered, unlike other software that isn't compatible.

I have tried integrating Microsoft Defender for Endpoint with other software products, and it seems compatible with all of them.

Microsoft Defender for Endpoint has helped reduce our mean time to remediation significantly. It is doing all the work for us, so we don't have to spend our own time on it. It has reduced our mean time to remediation by about 75% to 80%.

Microsoft Defender for Endpoint has helped free our SOC team to work on other projects since we don't have to waste time, as this solution does the work for us. We have saved about 70% to 80% of time because we don't have to focus on certain tasks, allowing Microsoft to handle it for us.

It's pretty easy to use, works with compliance issues, and is reliable.

It sends us data, which is clear-cut. We don't have to do anything extra.

Microsoft Defender for Endpoint can have more options and more AI capabilities in the future, because everything keeps changing.

I have been using Microsoft Defender for Endpoint for about six to seven years.

I have no complaints about the stability and reliability of Microsoft Defender for Endpoint; it feels solid.

There is plenty of room to expand, which is not a problem since we have been bringing in different brands over the years. Compatibility is its main feature. 

The technical support for Microsoft Defender for Endpoint is available around the clock, and that's not an issue at all.

Positive

I was using another solution six to seven years ago to address similar needs. It has been a long time, and I'm struggling to remember which one it was.

We have seen a return on investment when using Microsoft Defender for Endpoint, as it saves labor by reducing the need for staff to focus on it.

It isn't cheap, but it's reasonable and fair.

I considered a few other solutions before choosing Microsoft Defender for Endpoint, but that was quite a while ago, and I don't even know if they exist anymore.

I would rate Microsoft Defender for Endpoint a ten out of ten.