The area that I focus on the most is Endpoint Protection. We use Intune to build custom devices and configurations, to push out group policies, and do quite a bit with Azure Log Analytics.
I'm writing a script from a multi-home deployment of the MMA Agent. The use case varies a lot, depending on the clients' needs. Our clients tend to be pretty big companies. The smallest client I have is about 600 people. Our biggest client is about 50,000.
DFE organizational security posture has been a positive experience. We're a Microsoft house. It works. Once it's deployed and once it's configured, it works and our clients tend to be happy with it. I haven't really experienced anyone who has been so unsatisfied with the platform that they wanted to go a couple of different directions, that has never happened to me.
It's Microsoft native. Microsoft is the corporate default, so it makes sense to use security platforms that are baked into the Microsoft platform. That's probably the most valuable aspect of it.
It has specific features that improve our customer's security posture. It makes the monitoring a lot easier and minimizes on-prem administration. A lot of the administrative stuff is all folded into Azure. It makes things easier.
The platform just makes things easier compared to on-prem or hybrid solutions because if you start working in an on-prem solution, most of the time it's going to be a battlefield.
DFE affects the end-user experience when it's deployed. The more freedom a user has on the device, the more they're used to doing things their own way. By locking things down, by having device configurations, you disrupt the workflow. You need a lot of user education where you have to explain why you're doing these things. I'm a part of security. It's twofold, in that users have to get used to the new configurations. And the reason why we might take a little bit longer with pilot phases is that we have to identify how it'll affect the users and how the differences of different business units will be affected. Developers need a more open environment than other solutions.
Everything can always be improved. Improvements would depend on the client.
Monitoring can always be better, onboarding can be a little bit faster, log collection could be easier, they could streamline the dashboard. They could maybe split it up into different workspaces and have the ability to segment groups a little bit more.
I have been using Microsoft Defender for Endpoint on and off for about three or four years.
It's only the last two and a half years that it's been a big part of my job.
Microsoft has some creative accounting when they promise an SLA of 99.99%. But it is generally good. There's always going to be a problem with the cloud. If it works 99% of the time, that's great.
The frustrating thing is, you're not sure if there's a problem with your configuration or if the service itself is down because Microsoft tends to only report that the service is down much later than when you started experiencing things. So sometimes I have to jump onto a private forum or a Slack channel and ask other consultants if they experienced something similar. But when it works, it works. There's never going to be a cloud solution that has 100% uptime.
Scalability is fine. I mainly work with implementation, so I haven't really had to mess around with the scalability. I'm responsible for setting up security policies, and then if they want to do scalability, that's another team. I sit in security.
I haven't worked with support. I generally don't use Microsoft Support.
We were Microsoft partners last year. We're gold partners where we won security partners of the year, so we have an account manager. If it really hits the fan, then I would just talk to him.
I've been an IaaS specialist since I began my career. I've done Apple MDM solutions and I've done Google Workspace, but when it comes to actual IaaS, I can't really compare. Because we're a Microsoft house, we generally don't use third parties or competitors.
The complexity of the setup depends on the environment. If it's Greenfield, it's super easy. I've been doing this for two to three years now. Most of the time it's easy. The larger companies have more complex networks and systems. The smaller the company, the easier it is to deploy.
The beginning of the project, like scoping, implementation, the entire process, or just the actual deployment depends on the size of the company. For smaller companies, we'll push some policies out. We'll do a week or two of a pilot phase where we identify different stakeholders and different business units. We collect feedback from them, keep an eye out on the audit logs and if that goes well, then we go into phase two, which takes another week or two where we slowly push out, if it's an accounting department with 60 people, then we'll do batches of 20. We'll have a pilot group of five and then we'll push it out to 20 people at a time.
The project managers worry about the licenses. I get my scope, I know the limitations I have to work with, and then I just make a solution based on that. I'm a very technical consultant and I don't really care about licenses, that doesn't really have anything to do with me.
My advice would be to start small, don't start a project thinking that it's the best solution, and bowl it out straight away. Take your time. Don't think that you'll be able to incorporate the platform within a month, although that would depend on the size of your business. Take your time, there's no rush, be patient. Because there will always be some problems.
I would rate it an eight out of ten.
We use Microsoft Defender Antivirus to scan for malicious payloads that may come in files, emails, a USB drive, or another type of external drive. It helps us to identify any malicious load that could compromise the security of any of our systems.
We are in a decentralized environment. We have multiple offices but they are not connected physically. The offices are directly managed from the internet.
We have a mixed environment with Linux and Windows machines.
We operate in the educational sector.
We have not fully considered how this product affects our overall security posture, although this is because we have not yet explored all of the features. Once we have all of our offices connected, it is something that we will be looking into. At this point, it does not affect all of our machines. On a scale from one to five, I would rate our security posture a four.
The most valuable feature is ransomware protection, which can detect malicious activity from IPs or a malicious payload in DLLs, or other things that can corrupt the system.
The performance is good. Usually, end-users complain that whenever background or real-time scanning is done, the effects are felt as there is a slowdown in the system. This is not the case with Microsoft Defender.
The file scanning has room for improvement. Many people use macros within their files, so there should be a mechanism that helps us to scan them for malicious payloads.
If there is a Word file then it is able to scan it, but if there is a malicious payload within its signature then it will not be detected. Deep packet scanning must be used to improve the overall product.
We have been using Microsoft Defender Antivirus since we upgraded to Windows 10 from Windows 8.
This is a stable product. We have been using the standard version for a long time and it hasn't negatively affected our environment. Generally speaking, it is reliable.
Microsoft is actively working on this product and I think that it is becoming more scalable, day by day. For example, prior to Windows 10, there was no ransomware support. Now, it comes with Windows 20S2 and Windows 20H1.
With our decentralized environment, I don't know the exact number of users or devices that we have. However, I can say that there are more than 500 devices being protected by this solution.
Most of the machines in our environment are in areas that don't have internet access. This is because they are stationed in remote areas of the country. This means that we need to use USB drives to update the machines manually. Given the number of devices and that the management is done manually at this time, it is pretty painful for our IT people.
We have not purchased support for this product, although, for most products, we usually do have it. To this point, it hasn't been required.
When we were running older operating systems including Windows XP and Windows Vista, we had a Symantec Endpoint solution. We had that for a long time but we opted out. After that, we used McAfee and other antivirus products. However, since Windows 10 was released, and with Microsoft Defender included by default, we felt that it was the solution for us.
As I recall, we stopped using McAfee and Symantec once we moved to Windows 8.
This product came pre-installed with Windows 10 on the machines that we procured from the vendor. It is straightforward and easy to configure, as well. Once Windows is installed, setting up the antivirus and scheduling scans just involves clicking the Next button several times. It is pretty easy for anyone and if the user is non-technical, we guide them through the process.
It takes a maximum of 10 to 15 minutes to install and configure on a PC. Whenever a new configuration is required, you need to configure it on each individual machine that you have. This is why we are investigating a centralization solution. It will help us out in applying things on a global level. For example, we can apply settings based on what is in Active Directory or other policies.
One person, in-house, is all that is required to set it up.
There is not much maintenance required, as our environment is pretty standard. Also, all of the updates come from the Microsoft update center and they are automatically installed on the machines.
It is difficult to determine ROI at this point. Once all of our PCs are joined together, we will have a better idea.
As we operate in the educational sector, we are eligible for an educational discount.
We are currently looking into other solutions that will give us centralized control over Microsoft Defender. However, we are still strictly in the research phase.
Once we decide on a product and a solution is proposed, it is a long process that involves budgetary considerations. Once a PoC is completed, the budget constraints are considered, and this is part of a very long chain of processes that take place before final adoption.
Since we started using this product, we have not had any breaches. When we were using the products by McAfee and Symantec, there were issues with viruses and malicious payloads. Now, it is better because we haven't had any major issues with the systems.
My advice for anybody who is implementing this product is to let the IT staff manage it, and not allow end-users to configure it or modify their own settings.
I would rate this solution an eight out of ten.
It is an antivirus. It is like any other antivirus, except it comes with Windows and you don't need to install anything extra.
People will ask you, "My system does not have an antivirus," because it is so hidden and subtle. You don't feel like you have an antivirus. Many users will wonder and come to you, saying, "I don't have an antivirus installed. Is that company policy? Do we need to get it from outside and install it?" So, we have to tell them, "No, there is an antivirus. It is there."
It is so seamless that people don't even feel or see it. It is just protecting everybody. If you are some kind of techie or have some experience with Windows Operating System, only then do you know that this thing is already built-in. If you go into the Task Manager, you can find the antivirus using up a lot of memory and a bit of CPU power, then you will understand that is the antivirus doing this. Normally, many people don't realize this.
It is already integrated with Windows 10, so you don't need to worry about that.
It is a basic firewall with some additional anti-exploit measures and parental controls already built in.
It is using a large space in your memory all the time. While an antivirus will use some of your memory, if they could reduce the load of the antivirus to some extent that would be good.
We started using it when they started bundling it with Windows 10, which has been around three or four years.
It is very stable.
You do not need to worry about maintenance. It is automatically updated. Sometimes it will show you a red marker to do a system scan. People normally kind of ignore that, but I suggest people do a system scan from time to time. Now, what happens is just a bubble icon showing a red cross sign, but that may not be enough. It should give a pop-up window to remind people to scan the system once a month or quarter. It should be built-in scanning, without asking anybody, once per month or quarter.
It is scalable.
There is no need to get an additional solution because it comes bundled with Windows.
We are protecting around 60 to 70 endpoints in India. In the entire company, there may be around 400 to 500.
We have used other antiviruses, like McAfee and Avira Antivirus.
The same thing can be viewed as a pro and a con:
Pro: It is more than silent; you do not even realize that it is an antivirus. Any other antivirus third-party will nag you with pop ups for any small threats. They want to show that they are doing something because you pay them money. They are funny, colorful pop-ups, whatever color they use is like an advertisement for them, e.g., "They are doing it wrong, and we pointed it out." Windows Defender does not do that. In a way, this is good for the people who know the threat sender. They do not really need to be nagged by the antivirus every time you open a site or click on a file.
Con: For normal people who do not know anything about the security side, some pop ups should be there. Some pop-ups call people's attention that you are doing it the wrong way. For example, "This is potentially wrong. Don't visit this site. Don't potentially open this link, file, or attachment." This is missing in Windows Defender.
It has a good return on investment, especially since we are used to paying for antivirus. Now, it is part of the Windows purchase.
You don't need to worry about the renewal and purchase of antivirus products. It is bundled with Windows 10, so you don't need to worry about separately purchasing any antiviruses.
Whenever you purchase an antivirus, there are so many factors to consider, such as, weighing, doing a comparison, studying everything, and analyzing the cost-benefit factors. You don't need to consider any of this with Windows Defender because it all comes with it. So, you don't need to worry about it.
With Windows Defender, Microsoft is protecting their own operating system from hackers, viruses, malware, etc. It is better to use Windows Defender over other third-party providers. Microsoft knows what best is for the solutions.
If your computers or users are limited and you are not worried about using your computers for a lot of other browsing purposes or a lot of communication from the public, then you can depend on Microsoft Defender as your only solution. However, when your company is a lot more public facing, then you get a lot of mail from the public and must interact with the public. Also, if you must connect your computer to other computers not in your company, then I would suggest going for either a top-of-the line antivirus solution or third-party solutions. Totally depending on Microsoft Defender is not going to work for a company who is facing a lot of public interactions with their computer system.
I would rate it as an eight out of 10.
The solution is used to protect the endpoint. Also, there's an antivirus and then advanced threat protection. It's also detecting threats and sending that to the cloud and correlating that without the events from other parts of the EMS suites. That's primarily what we are using it for. It is also capable of doing some attack surface reduction that you can configure on the endpoint. It's basic protection plus surveillance. It's also an EDR, however, we are not using that.
It's always very difficult to measure, however, it integrates very well with the other Microsoft products. It's easy to handle them. That's an important point when you want to achieve a higher security level that it's easy to manage. You can be sure that it's up to date and it's managed and the alarms are taking care of and so on. It's not only the technical capabilities, that are important. How it plays together with the rest of your products is also key.
It's not really visible for the user - which is a benefit.
We know it's pretty good in terms of detecting threats against our platform and attacks. We have seen that.
There's privileged escalation or lateral movements for attacks.
The solution is stable.
The scalability is good.
The dashboards could be better. There's a suite of different products that play together and enhance security and receive signals from different parts of the product suites. When you are trying to look into that sort of depth on a dashboard, or across various dashboards, it can be difficult to obtain a comprehensive overview as it's so divided.
The initial setup can be a bit complex.
Beyond that, I'm not involved in the day-to-day operation. There may be others that can offer more insights.
We started using it when we started to migrate to Windows 10 and that was likely four years ago. However, that was the Microsoft basic version. Recently, we also enabled the ATP path.
It's my understanding that the solution is very stable. It's a pretty mature solution.
In terms of scalability, we have not encountered any issues. We have around 7,000 end points.
We don't have too many physical people dealing with the solution. We have some people in operations and then some architects and so on, however, they are not involved on a day-to-day basis.
The initial setup is somewhat complex, however, that's not only due to the product. It's also the environment that it is going to be implemented into. Also, when you have a company with a lot of legacy products and all the setups and so on there may be difficulties in terms of getting everything to work together.
The deployment can take up to a couple of months, however, it's dependant on the environment that it needs to be implemented into. For instance, if other kinds of agents are writing on the computer, you need to make sure that it is not consuming too much CPU capacity and so on. If you have a good system, it would be very quick to install.
We have a deployment plan and we have taken advice from Microsoft Learning from their onboarding Planning information. There isn't anything that is very special, as, when you roll out new software on an endpoint, you must make sure that it's not disturbing the day-to-day operation. You start with a small group of test users and then do it in bigger and bigger waves and always be ready to go back. It's good to have that preparedness so that you can roll back and you can investigate what's gone wrong and so on, however that's not special to a different endpoint. That's a normal deployment strategy.
It has been possible to reduce the use of other agents. Beyond that, we have not made any financial calculations in relation to ROI. We have been using McAfee, for example, among others, and it's been possible to scale down. Microsoft is more integrated, more comprehensive, and Defender is part of the Microsoft operating system.
We are customers and end-users.
This Microsoft security platform is very much a SAS platform. It's playing together with all the other security products from Microsoft and the company is using the Azure platform to collect the information and to work on the main refine security findings. It's working very well together with the Microsoft Cloud solution for security.
It's my understanding that they call it the security graph. It's quite important that they are communicating together. Windows Defender, ATP is delivering a lot of telemetry to that form and correlating it with telemetries.
The reason why we have implemented DHCP part is due to the fact that we bought a Microsoft E5 license with a lot of security enhancements.
I've only seen it in the implementation and design phase, however, it's pretty good. That said, it's also within the environment of a large company where the processes can be a bit difficult.
I'd advise users to integrate it into their security operations center so that they can have the full benefit of the product.
I'd rate the solution at an eight out of ten.
We combine Microsoft Defender with Advanced Threat Protection to manage, isolate, and scan our laptops and workstations for security threats. We have a dashboard that is embedded into Office 365 and it allows us to remotely scan for viruses and malware, so we don’t have to have the laptop present.
Using this product helps with device inventory. This is not an inventory solution, but it helps you take count of how many workstations you have, as well as what software is installed on each of them. It is important because any software installed on a workstation may be vulnerable to parts of the internet.
Microsoft Defender has features that have helped to add layers to our security posture. The most important of these features is visibility and the provision of detailed alerts. It correlates the data and using this information, I can identify a threat and see if any other workstation in the environment has been affected by it.
Using this product has not negatively affected our user experience. It is just like using Windows 10.
The GUI is very nice.
The reporting capabilities are fantastic.
In the future, I would like to have the ability to patch using this product. Specifically, in an enterprise environment, it would be very good if you could patch the workstations remotely.
The alerting is something that needs to be improved. Alerts need to be sent immediately because as it is now, you see some of them without delay and others arrive perhaps 30 minutes later, and it leaves important gaps in terms of information gathering.
I have been working with Microsoft Defender Antivirus since it first came out, at least seven or eight years ago.
With respect to the stability of the product line, Microsoft has many products that do almost the same thing. The question becomes which one you want to use. This is a good product but at the same time, after a while, you don't know if it is the next one that Microsoft is going to stop releasing because of other products that practically do the same thing.
Microsoft Defender is very scalable and there is a lot of room to expand and add extra layers. We have 2,500 endpoints and we plan to expand; however, we are thinking about using the Microsoft Endpoint Manager in place of it.
Once the decision is made to stay with this product or instead adopt Endpoint Manager, we will expand to cover 6,000 endpoints.
I have not been in contact with technical support.
Prior to Microsoft Defender, we tried quite a few different products from vendors such as Kaspersky and McAfee. One of the major reasons that we adopted Defender is because of the advantage that Microsoft owns the platform, Windows 10. As they have developed the operating system, it is believed that they understand how to guard it much better against a third party. An attacker has to learn a lot about Windows 10.
Another reason we selected Defender is the frequency of updates. Every other time that Windows is updated, Defender is updated. Again, this is because it is owned by Microsoft and exists on its platform.
We also use Microsoft ATP and we are currently looking at Microsoft Endpoint Manager.
The initial setup is straightforward. Basically, once you have the competency with the product, it is straightforward and there are no surprises. It is not rocket science.
This product is built into the Windows 10 image that we install. As you roll out Windows 10, it is already set up and pre-configured, so there is no additional work required.
We saw a return on our investment within the first two years.
If I quantify the effort used for the setup and compare it with the pricing of the previous solution, value for the money was realized during the second year.
We have an enterprise agreement so from my perspective, this is a product that ships with Windows and it is not priced standalone. It comes together with the other Microsoft products that we buy.
When we evaluated Kaspersky and McAfee, we found the scalability was better for Microsoft. You can do in-place upgrades of the endpoints with Defender but for the others, you would have to re-install the upgraded agents on the workstation. This takes a lot of time and it is not productive.
We are currently evaluating Microsoft Endpoint Manager by comparing the differences between it and Microsoft Defender. This is being done in advance of expanding our usage.
My advice for anybody who is implementing this product is to first analyze their critical assets to have an understanding of what they are. Then, decide if they want a scalable solution. New threats are coming in every month and the way this is going, Microsoft is learning lessons from networks that have been compromised. With this information, they give updates and patches to everybody. In support of this product, you have to consider the patching, consider the visibility that it gives, and then consider the critical assets it is protecting.
I would rate this solution a seven out of ten.
It is an Endpoint Detection and Response system (EDR), and it seems the new term is XDR. We use it for anti-malware protection. It protects from a virus, worm, ransomware, and other similar things.
It can automatically scan and remediate stuff without an administrator doing anything. We use it for threat and vulnerability management. There are components in there that will tell us about any vulnerable software running on endpoints. There are a whole bunch of other things too.
It's great for investigating what's happening on a machine. They show a whole bunch of machine timeline events that are related to a security incident. They have quite good details on the things related to threat and vulnerability management, such as any weakness that has been disclosed publicly, assets that are exposed, and if there is an exploit active in the wild for that vulnerability. It can provide you with all such information, which is cool.
It has got some awesome threat hunting capabilities. It can search for malicious activity that could indicate that an asset is being compromised, but it is not something to which you would have necessarily got alerted.
We're fully Microsoft, it integrates with other Microsoft security products very well. Its interface is also fine.
It can get a bit laggy sometimes. Other than that, we don't have any issues. They constantly tweak it and fix it up based on users' feedback. It has improved a lot over the past four years. Defender for Endpoint never really used to be a good endpoint security solution, but over the past couple of years, Microsoft has invested heavily in it. So, it has come a long way in all aspects of endpoint security. If they want to make it better, they should just continue investing in the current path of what they've been doing over the past couple of years.
I have been using this solution for nearly four years.
It can get a little laggy sometimes, but overall, it's fine when investigating events.
It is easy to scale.
There are different levels of technical support that you can purchase from Microsoft. We don't have the top level, but we used to have the top level, and that was good. I would rate them a five out of five. They've got a dedicated team specifically looking at threats for all their customers.
I was not involved in its setup. I am only a user of the solution, but I'm pretty sure it's pretty straightforward. It's just deployed by Intune or a partial script or something like that.
It was implemented internally. In terms of maintenance, it generally doesn't require any maintenance. There are some policy configuration changes that we can tweak, but the signatures, behavior analysis, and all similar things in the engine are kept up to date by them. We have four people who are dealing with this product.
Licensing models of Microsoft are renowned for being complex. We just purchased the whole E5 stack. With E5 licenses for users, we get access to a bunch of features that are not just related to security. I would rate them a three out of five in terms of pricing.
One of the things that I like to constantly do is assess other vendors in the same space. We get vendor demonstrations, and for the most of it, it seems like Defender is well truly up there with the other best players in the market. I've never done a proof of concept with any other tool, so I can't really compare it with others. Most of the time, vendor demonstrations are all about glitz and glam to sell their product and show how much better they are than competitors.
I would advise doing your due diligence. This is more than just an endpoint security solution, and sometimes, you've got to think of your technology stacks before applying or purchasing certain security solutions and see if they're applicable to your environment.
I would rate it an eight out of 10. No endpoint solution is ever going to be able to be perfectly good at stopping all types of threats. No endpoint solution would ever get a 10 in my point of view.
I have used Windows Defender to protect my computer from viruses or harmful websites on either flash drives and other removable devices when I am online which tend to attack my computer and corrupt it causing inefficiencies in my computer working processes.
I usually check from time to time if the hard disks of my computer has been infected and remove the files that are harmful to my systems. Another purpose of this tool is blocking and filtering sites that are harmful or appear threatening to my system.
Windows Defender has improved my organisation's security in many ways which ensure that my systems are being safeguarded. Since we are mostly online doing our projects and research, we tend to enter into harmful sites that may damage our computers. But Windows Defender does great work in blocking and warning you of those sites. Another advantageous part is that when removable devices are connected to our systems they are scanned for viruses and cleaned immediately. Hence, it ensures no viruses from external devices enter into our systems. It automatically scans and checks for viruses on the hard drive from time to time ensuring good security in our systems.
I have used the solution for more than five years and the solution has greatly influenced my work. It gives good results in protecting my systems and data.
Automatic scanning and cleaning of viruses is the best and most valuable feature helping this tool to thrive. If any viruses are found, they are cleaned automatically.
Another feature is the ability to filter sites and block harmful ones, which makes it to enter sites with full protection. This ensures no harmful Trojans can be sent into our systems through those sites and are always blocked when detected.
Another great feature is the ability to warn the system user, making it easier to know when a virus has been found on our system.
It is easy to use and has a lot functionality to make systems safeguarded in the right manner.
The product should keep updating its software as to counter incoming threats since threats are becoming more advance with time. The product should be strong in all parts.
I would recommend if the product continues to be updated that the way it updates is faster for downloading and updating in our system. The stability is good and should continue to perform well in that way.
With increase of cyber threats and cybersecurity issues, I would recommend that the product be developed like an AI product with more features which can counter any threat in the coming eras.
I have used the product more than five years. It is a great tool.
The solution is very stable. It has good features that make it efficient in the security aspects of our systems.
The product has performed very well in my computers. I don't have any complains about its functionality.
I have never used any solution apart from Windows Defender when safeguarding my systems.
The solution comes pre-installed in the Windows Operating System so you do not have to install it manually. You are required to connect to the Internet and update the solution to the latest version.
I am just an end user of the solution.
I hired a technical guy to keep the solution up-to-date since it could be more stable and work more efficiently.
I invested in Windows Defender since it has good functionalities.
The product is free of charge and comes integrated into Windows.
I chose Windows Defender for system safety, its ease of use, and the continuous update of the product.
Windows is a great tool that I have used. It has helped my organisation in achieving what it does daily and protected our data in a great way.
I would recommend every user who has a computer or laptop to consider using Windows Defender since it is the best tool to safeguard your system from malware and attacks.
The solution is used for endpoint detection and response, however, it also has vulnerability management. I don't use that as much as the endpoint detection and response. I use it in combination with Cloud App Security and Endpoint Manager.
The most valuable feature is the fact that, if you have the M365 E5, it's included and everything is in the bundle.
It's a very solid security system and the advanced hunting and everything really lets you dive deep into things.
Overall, they're doing a much better job. However, recently, they added the Azure Defender. When you use the Azure Defender licenses, you're already enrolled.
I prefer that they had the old interface that was not combined with compliance, and still, they've changed that to make it better. I would just like them to have more consistency, and that's a comment that's across the board with Microsoft. They change things a lot.
I probably started diving into Microsoft Defender about two years ago.
Stability-wise, I have not had another product that has been as stable and has had fewer issues. It's amazing.
The solution is scalable. For example, I helped a 12,000-person company put it in and automated it without any issue.
In terms of technical support, I have not had to call them related to anything on Defender for Endpoint. I'm a CSP, so I'm calling and I'm getting different assistance than, say, a home user. That said, at the same time, it really depends on if you're getting level one or level three support.
The initial setup is very straightforward. There's a lot of people putting it in that don't understand it, however. They're not using device groups and auto-remediation settings.
I do a lot of security reviews as well, and what I find is that, although it works well out of the box, there are missing components. Another thing is that people will basically use the product, and yet, not set up the integrations with Cloud App Security and Endpoint Manager. When they do that, they're not getting the full functionality of it. I, on the other hand, know the system, so I see people often having trouble with it. If people are trained or go through training, they would be able to get the full functionality out of it.
I can't give numbers, however, for the price, when you're increasing from an E3 to an E5 license, the amount of features you get eliminates a lot of other systems. Therefore, you do get a pretty good ROI. On top of that, you only have one management system and one reporting system. Overall, the numbers have been quite impressive.
I don't know the standalone costs. It is my understanding that the M365 E5 is $56 a month or something close to that pricing. That would be for the full suite. Just Defender might be $8 a month. I can't say for sure.
I'm a consultant. I primarily work with Microsoft and I do the threat management and check vulnerabilities on the database. I'm looking for something that is not super expensive yet covers vulnerability management and where you can pick the products, and pick alerts, and you get a weekly digest report, just so that we can better manage everything.
I work with pretty much all of the 365 products. I'm pretty widely experienced in Defender. I work for a managed service provider. I'm one of the people that's, besides having my Microsoft Azure architecture, Azure security, Microsoft 365 expert level, plus M365 security knowledge. I focus on Azure and M365 security.
For Microsoft Defender, the product is cloud-based, therefore it is managed and it's updated constantly.
I would advise users to take advantage of Microsoft integrations. I would suggest that they put it all together, so they can use it as a full bundle.
I'd rate the solution at a ten out of ten.
