Microsoft Defender for Endpoint Reviews

We have two phases with Defender for Endpoint because we have been using it on mobile since 2019, and we started this year changing out our Carbon Black Symantec deployment with Defender for Endpoint on our computers. Currently, the Defender for Endpoint deployment on computers like clients is mainly just a one-to-one takeover from Symantec. In the long run, we are exploring possibilities to use it for more advanced functions as it can work as a sensor and comply with the policies in Defender for Cloud apps and DLP policies.

From a security point of view, our mobile clients allow us to sleep at night. The current implementation on our client is economical because we have the E5 license, which we have anyway. In the long run, it would mean a more secure information security posture for our company, but we need to implement it first and then start the second phase.

It was quite important to have extra security on our mobile platform because of geopolitical situations, as we are located close to some countries that represent a concern. Defender for Endpoint allows us automatic resolutions if a unit is compromised or if a user clicks a malicious link. Importantly, the experience of an automatic attack disruption is quite positive for the end users. They don't feel supervised, which is essential for mobile phones since they are more private than work computers.

The auto-deployed anti-deception techniques are excellent because we have a large fleet on the Norwegian scale. We deployed it for 10,000 clients and about 5,000 servers in three months. 

Defender for Endpoint's coverage across different platforms in our environment is pretty good. We have devices running Linux, Mac OS, Windows, iOS, and Android. It covers all of them. 

The major area for improvement is the integration with a managed service provider. We use Microsoft partners to help govern the platform, and as part of an alliance, we want to gather data from each tenant and combine them for a complete view. This process has been complicated, though it has gotten better.

We see the possibilities in terms of visibility into our attack surface, but we haven't been able to enforce all the insights we can get from it. We have multiple endpoints, and we want to look for signals across tenants. 

We have been using it on mobile since 2019 and just started transitioning from Carbon Black Symantec to Defender for Endpoint on our computers this year.

I rate Defender 10 out of 10 for stability. We haven't had any issues with it.

We managed to scale it out in a short amount of time, with two months of planning and three months of implementation on 10,000 computers. It is a scalable platform.

I rate Microsoft support 10 out of 10. We have a unified support agreement with Microsoft involving biweekly or more frequent contact. We are supported by both Microsoft and our customer success manager. 

We previously used Carbon Black and Symantec for endpoint protection but transitioned to Defender for Endpoint as it was included in our license. Our ultimate goal was achieving a complete security posture, not just endpoint protection.

The initial setup and the deployment process have been easy, especially since we are using it with Azure.

We are working with a Microsoft partner called Supercellus as we transition to them from our previous managed service provider.

We are aiming to fully utilize the E5 license, using more of its features than before. However, the return on investment is not fully realized yet, as we are still implementing.

Given our extensive Microsoft licensing, transitioning to Defender for Endpoint did not affect licensing costs.

We did not evaluate other solutions, primarily because we were satisfied with our existing one. Still, when the license agreement with the other parts expired, we took the opportunity to switch.

I rate Microsoft Defender for Endpoint eight out of 10. While I think highly of it, there are issues with sharing data across tenants, which is a particular request but still affects our satisfaction.

I'm working with Azure and Microsoft Defender for Endpoint, which is used for threat hunting. This tool is installed in environments to monitor network activity, detect potential intrusions, and identify hacking attempts. I perform threat intelligence by running KQL commands to analyze activities and follow Microsoft's best practices to reduce system intrusion risks. Additionally, I work with Azure cloud platform, which offers various services including virtual environments. For instance, if a small SME requests assistance in reducing costs and setting up IT infrastructure across five different sites, instead of extensive spending, I advise them to deploy a virtual desktop. This saves money since all necessary network infrastructures are set up in the cloud, allowing them to use what they pay for at specific times.

It took considerable time to understand and utilize Microsoft Defender for Endpoint, especially learning KQL. Despite my knowledge of SQL, I believe new users would benefit from additional video guidance on usage and running their own threat hunting.

There are numerous tools available, but for organizations already using Microsoft, such as Office 365, Microsoft Defender for Endpoint focuses on securing environments and monitoring activities. Every environment faces different threats, whether from insider threats or countries attempting to steal data or assets. Microsoft Defender for Endpoint detects anomalies and provides best practices for resolving or mitigating specific risks.

One of the best features of Microsoft Defender for Endpoint is its database for identifying zero-day attacks or malware attacks. The service runs continuously, even when users are offline. This enables me to receive notifications about irregularities, conduct investigations, and resolve issues, ultimately creating policies or procedures to prevent similar incidents.

The solution offers real-time updates on ongoing attacks affecting assets or companies. It provides automatic detection of ransomware, spyware, or phishing attacks, which is crucial for preventing ransomware infiltration. It protects the cloud environment using AI and machine learning, enhancing speed. The built-in cost feature is important as expenses increase with additional features.

The solution is sufficiently effective, making my life easier in terms of setup, analysis, and monitoring.

It took considerable time to understand and utilize Microsoft Defender for Endpoint, especially learning KQL. Despite my knowledge of SQL, I believe new users would benefit from additional video guidance on usage and running their own threat hunting.

I have been using this solution for about three to four years.

Following Microsoft's recommended best practices for setup, I haven't encountered any issues during the implementation process from start to finish.

I have not encountered any limitations or scalability issues; it has always performed effectively.

I have not encountered any limitations or scalability issues; it has always performed effectively.

In past situations where I escalated issues, they were quite responsive and provided prompt guidance on necessary actions.

Positive

Following Microsoft's recommended best practices for setup, I haven't encountered any issues during the implementation process from start to finish.

There are significant cost benefits since Microsoft Defender for Endpoint provides real-time threat protection. Consider the cost benefits of saving a company from a ransomware attack. Without detection and protection measures, organizations would face substantial payments and reputational damage, including the necessity to inform customers about data breaches, potentially leading to loss of business. It's important to measure costs and understand potential threat impacts, but Microsoft Defender for Endpoint and other companies have reached reasonable pricing levels.

For trend analysis and issue isolation/resolution, it typically takes 10 to 15 minutes because I know exactly how to use particular statements, what to investigate, and where to look, whether isolating a device or identifying attack sources, then writing policies or procedures to prevent recurrence.

We are working with Microsoft Defender for Endpoint, which is connected to Azure VMs and online services.

I recommend Microsoft Defender for Endpoint to others and advise watching informational videos about its benefits. It is particularly beneficial for businesses using Defender for Endpoint and Cloud, especially customers with Office 365 and those using Windows, MacOS, or Linux.

Microsoft Defender for Endpoint has significantly impacted our security posture. From my experience, it has improved system performance, reduced attacks, and offers enhanced incident response capabilities. I have been using it with different companies and will continue recommending it to customers.

This product is recommended for clients because it complies with various standards including ISO, GDPR, and other frameworks for American companies. It enables faster responses, reduces manual work, and facilitates audits.

The solution covers all operating systems including Windows, Linux, and Macs, securing them effectively. Once agents are installed, monitoring becomes easier and provides real-time data about asset and network environment activities.

Rating: 8 out of 10

My current use cases for Microsoft Defender for Endpoint include primary Defender MDE, Endpoint Detection Response EDR. I also use it mainly for attack simulator, which is for phishing deployments.

Microsoft Defender for Endpoint has changed significantly for the better. I appreciate that it has MD integrated with it. The cloud app feature is beneficial. The attack surface feature where phishing simulations can be performed is quite neat. I definitely appreciate the vulnerability assessment capability. These are significant key features that I find valuable.

It would be helpful if Microsoft could integrate a sandbox with Microsoft Defender for Endpoint. This is critical and important, especially when conducting phishing attacks since it has a simulator. This is particularly notable as competitor CrowdStrike has a robust sandbox, while Defender does not.

The vulnerability management feature in Microsoft Defender for Endpoint needs enhancement to make it more robust. The naming convention should be changed to M365 Defender instead of just Defender, as there is confusion between Defender, Defender 365, and Defender XDR. This creates uncertainty about whether we're discussing XDR, EDR, or M365 Defender.

The vulnerability management modules could be improved to be more user-friendly and accurate compared to other vulnerability management solutions such as Tenable, Rapid7, and Titanium. Currently, the vulnerability management in Microsoft Defender for Endpoint is not as accurate as the BMS information from Tenable or Rapid7.

I have been using Microsoft Defender for Endpoint for a couple of months now. Prior to this, I used Defender when it was known as ATP for two to three years. Technically, I have been using the solution since 2020.

The solution is pretty stable.

I don't think it's scalable at this moment. It is doing what it's supposed to do, but Microsoft Defender for Endpoint isn't there yet.

I would definitely recommend having professional services from Microsoft help with deploying Microsoft Defender for Endpoint, not a third-party vendor. This is critically important because you want a Microsoft expert who knows the system thoroughly. Vendors often lack knowledge of Microsoft bending, rebranding, and the underlying engine systems that a Microsoft security engineer would possess.

The pricing is pretty decent. We have a unified platform with a dark package and G5 GCC. I am satisfied with it as the company covers the cost.

I am planning to conduct an assessment in July. Based on my experience, I would rate Microsoft Defender for Endpoint an 8 out of 10.

We have used Microsoft Defender for Endpoint for various purposes, from tracking different vulnerabilities to monitoring potential issues with attacks.

Defender for Endpoint has significantly improved our security posture. We run two MDRs, and Defender catches more threats than the other. We've benefited from fewer attacks, reduced risk, and less exposure. We passed our recent physical penetration test audit with excellent results, partially due to Microsoft Defender.

Because of the notification and reporting, our mean time to resolution has drastically reduced. It's easier to find the issue by clicking through the notifications. Our SOC team has saved a lot of time, allowing them to focus on audits and other tasks. 

The notification and reporting features are most valuable because we are part of a compliance project, and maintaining SOC 2 compliance is critical. The reporting, dashboards, and automatic notifications of potential issues greatly improve visibility. Luckily, we haven't had to use automatic attack disruption, but we are happy it's there.

The only issue is that our mobile endpoints do not have Defender installed for part of them. An additional feature that could be included in the next release is free Copilot.

I have been using Microsoft Defender for Endpoint for at least two years now.

Defender for Endpoint is extremely stable. I haven't seen anything that would give me any cause to doubt it.

Defender's scalability is phenomenal, and it's going to be one of the keys to resolving issues for the SOC.

We haven't had much need to use customer service and technical support. Due to our size, we don't have access to direct technical support, but the knowledge base, Microsoft Learn, and the articles available are really good.

Positive

We use both Microsoft Defender and SentinelOne for extra coverage. We evaluated CrowdStrike and other options, but Microsoft Defender makes logical sense as part of our E5 license.

Deploying Defender was extremely easy. We built a package and rolled out everything without our end users noticing.

We did the deployment ourselves in-house. We're that good.

The return on investment is primarily in time savings and better observability of what's happening. Although I don't know the exact numbers associated with the time savings, it has definitely improved efficiency.

The pricing, setup, and licensing were very easy and simple. I've really enjoyed it.

We looked at CrowdStrike and several other options, but Microsoft's integration, communication, and Copilot make it the better product. Other solutions lacked integration and visibility across the entire estate.

I'd rate Microsoft Defender for Endpoint nine out of 10. I don't give anything a 10, and it's about as good as a nine can get.

The solution is primarily used for securing endpoints, mainly desktops and laptops.

We're taking the adoption in phases. We started with endpoints and we want to expand into other capabilities at the application level.

We've mainly used it for endpoints. However, we've also used it for DLP as well. We're also in the process of implementing it for cloud and identity as well. However, it's very good for endpoints, and that's our main focus. 

The malware protection is good.

The visibility it provides is very useful. We can combine visibility with wider security features and alerts around malware, misconfiguration, or any other kinds of threats. The cloud portal is quite good. From there, we are able to see alerts and have colleagues review issues and monitor to see if any patterns arise. It's serving us quite well overall. It allows us to look at other items, like application and browser control. 

It helps us prioritize threats. We have a process in place now where we can review issues and remediate them effectively.

We have been able to integrate a variety of Microsoft security products together. We use Azure AD, for example, and we've begun to implement DLP, among other items. We're looking at labeling and tagging and will expand into that soon. 

Defender has more stringent system requirements than, for example, Check Point. So when we implemented the Check Point Endpoint agent, that solution didn't mind what version of Windows you were using. When we moved to Defender, Defender had certain system prerequisites that had to be met. So we had to make sure that we're on a minimum version of Windows when we're utilizing Office, and Office has to be a particular version as well. It has more stringent system requirements that have to be met before you can implement it.

It works natively together with other Microsoft solutions. Once you get more and more of those different components across the environment, then you start to get better visibility. So, rather than having lots of different solutions, you have fewer solutions and a single vendor solution. That way, you start getting into a position where you get better visibility and integration as well.

The standardization is good. It's important. It's helping me with monitoring and learning.

Updates and upgrades are quite smooth and seamless. 

Defender helps us automate routine tasks. Quite a lot of Microsoft is straightforward for us now. Previously, we didn't have enough resources and were unable to look at the alerts. Having this in place makes things a lot more straightforward for us. We have both the technology and the people in place now, alongside the process. We do see the benefits in that, and that's why we're continuing our adoption across the estate in terms of client and server as well. 

It's helping us avoid looking at multiple dashboards and centralized monitoring. We're not fully there yet. We're getting there.

While we haven't witnessed time saving yet, once it's fully deployed, it will. By then, we'll have standardized processes across a single solution. We have saved money, however, as we continue to reduce non-Mircosft systems. Since we won't be using various competing technologies, we can save on licensing costs. We've likely so far saved 15%.

While it's hard to estimate exactly how much, the solution has helped us decrease time to detection and time to respond. 

We'd like to see integrations with more vulnerability scanning solutions like Tenable. It would be good to be able to compare both systems to threats that are arising. 

I've used the solution for the past couple of years. I haven't used it, however, on an active basis. It's not a solution that requires active engagement. 

The solution is stable. We've had no issues. 

We've had no issues with scaling. We're scaling up to just under 2,500 systems.

We haven't had much cause for raising tickets; however, largely support is very good. We did receive initial support during deployment and have a unified support agreement. It's simple and straightforward when we do need help. 

Neutral

We have used a Check Point solution as well in the past. We're moving away from other competing technologies. We had a number of issues with Check Point in terms of the mix of client devices and operating it in a VDI environment. It wasn't as reliable as we would have liked. It might have also been a resourcing issue - not just a Check Point issue.

In terms of the actual implementation, once everything is in place, it's quite smooth, and you see the benefits quite quickly as well.

I was not directly involved in the deployment of Defender. I was more involved in procurement. 

Defender is part of the plan we signed up for. Overall, it's part of a wider suite and is representing well, although it's hard to gauge how much of our overall licensing price is based on Defender as a product. It's part of a wider investment in Microsft 365. 

We have been through a merger in the last five years, so there were multiple solutions we were using, such as Trend Micro and Kaspersky, as well as Cisco, that we considered before deciding to standardize under Microsoft. 

We are starting to also use Microsoft Defender for Cloud. We have a small POC that we are getting off the ground. We have not yet explored bidirectional sync capabilities.

I'd rate the solution nine out of ten.

I would advise new users to just be mindful of system requirements. You do need to have a relatively up-to-date Windows estate. Take into account legacy considerations in terms of displacing other non-Mircosoft solutions.

Our main use case for Microsoft Defender for Endpoint is as a safety plan because we're in hospitality.

Microsoft Defender for Endpoint benefits my company by saving on labor costs since we don't have to put in extra effort to maintain it. It's self-sufficient.

Microsoft Defender for Endpoint gives us information about attacks and security, and easy access to data, similar to a spreadsheet. It gives us the information we need. It helps provide quick responses.

Microsoft Defender for Endpoint seems safe, which is the main thing we were looking for, and it works reliably in catching the things we used to catch. We see many random hacking attempts and fake emails, and it cuts them off before anything happens.

Microsoft Defender for Endpoint works mainly behind the scenes. We know we are safe and feel we can relay accurate information to customers.

Microsoft Defender for Endpoint's coverage across different platforms in our environment has no issues. Microsoft seems to have it covered, unlike other software that isn't compatible.

I have tried integrating Microsoft Defender for Endpoint with other software products, and it seems compatible with all of them.

Microsoft Defender for Endpoint has helped reduce our mean time to remediation significantly. It is doing all the work for us, so we don't have to spend our own time on it. It has reduced our mean time to remediation by about 75% to 80%.

Microsoft Defender for Endpoint has helped free our SOC team to work on other projects since we don't have to waste time, as this solution does the work for us. We have saved about 70% to 80% of time because we don't have to focus on certain tasks, allowing Microsoft to handle it for us.

It's pretty easy to use, works with compliance issues, and is reliable.

It sends us data, which is clear-cut. We don't have to do anything extra.

Microsoft Defender for Endpoint can have more options and more AI capabilities in the future, because everything keeps changing.

I have been using Microsoft Defender for Endpoint for about six to seven years.

I have no complaints about the stability and reliability of Microsoft Defender for Endpoint; it feels solid.

There is plenty of room to expand, which is not a problem since we have been bringing in different brands over the years. Compatibility is its main feature. 

The technical support for Microsoft Defender for Endpoint is available around the clock, and that's not an issue at all.

Positive

I was using another solution six to seven years ago to address similar needs. It has been a long time, and I'm struggling to remember which one it was.

We have seen a return on investment when using Microsoft Defender for Endpoint, as it saves labor by reducing the need for staff to focus on it.

It isn't cheap, but it's reasonable and fair.

I considered a few other solutions before choosing Microsoft Defender for Endpoint, but that was quite a while ago, and I don't even know if they exist anymore.

I would rate Microsoft Defender for Endpoint a ten out of ten.

We are an MSP. We've got a lot of clients that use Microsoft Defender for Endpoint as their EDR system. We support that.

A lot of the use cases for Microsoft Defender for Endpoint check the boxes for the EDR solution for that client. We use the endpoint portals to work through any alerts. Mostly, we feed all of the Azure Office 365 security logs into our SIEM and then take those alerts if we have to do more work, and see if we can get more details from that.

The automatic attack disruption feature in Microsoft Defender for Endpoint works great. Microsoft Defender for Endpoint's auto-deployed deception techniques also work great. It hasn't bothered me, so it just does its thing, which helps a lot because we have many things to deal with.

The visibility into the company's attack surface provided by Microsoft Defender for Endpoint is good. It's all in one place, which is great. I can see where things are going and make sure that it's deployed on all the machines that we work on.

Microsoft Defender for Endpoint has affected the security posture of our clients' organizations. It does its job fine. For some clients, we don't have to worry too much. Even if we're not getting tons of alerts from it, it's at least there, doing its job.

Microsoft Defender for Endpoint's coverage in client environments is comprehensive. Every device we support is a Microsoft Windows device. It covers pretty much all the endpoints and workstations for those clients.

Microsoft Defender for Endpoint has helped reduce our mean time to remediation. A lot of the reduction is due to the automatic disruption, so we don't have to sit there. It also gives us another data point to look at where the vulnerability might have been.

It has helped me free our SOC team to work on other projects or tasks. It has saved 5% to 10% of our time.

The features of Microsoft Defender for Endpoint that I prefer most are the detections. It just works. Malware getting on a machine and running is a big deal, so we can trust it to sit there and scan and have real-time protections.

The log searches for Microsoft Defender for Endpoint are pretty difficult to navigate. It needs a better UI or more intuitive search and filter mechanisms to make it easy to get through and filter through all the data logs.

At the company, we've been using it for a long time. I've been here for about three months.

The stability of Microsoft Defender for Endpoint is good. I've never had it be unavailable. It's always available when I need it to be.

It has been able to fulfill our needs. Everyone we work with is pretty small, so it's not usually an issue.

I have never interacted with the customer service of Microsoft Defender for Endpoint, as it just does what I need it to. Based on my other experiences with Microsoft technical support, I would rate them an eight out of ten.

Positive

We use Microsoft Defender for Endpoint along with some other products. Some of our clients choose to stick with Microsoft. There are other EDR products that we support as well.

I've deployed it for a client. It was pretty smooth and simple. They're small shops, so there wasn't a whole lot of craziness to do with it.

The biggest return on investment for me when using Microsoft Defender for Endpoint is the time saving. It's an easy recommendation. If I have clients wanting to dive into more security products for their environments and are hesitant about going with an endpoint solution or a different software vendor, it's an easy recommendation.

It's all pretty easy. For some clients, it's an easier sell because it's just an add-on to their existing Microsoft licensing and Office 365 licensing.

I would rate Microsoft Defender for Endpoint a nine out of ten. The log search features are difficult. If I don't have visibility into another product, the log search functions of Microsoft Defender for Endpoint are pretty difficult to navigate.

We utilize Microsoft Defender for Endpoint as our EDR solution, which stands for endpoint detection and response. Through this solution, devices are integrated. If new vulnerabilities or novel attacks emerge, Defender for Endpoint promptly identifies them. It serves as our primary EDR solution amidst the variety available in the market.

The current surge in Defender for Endpoint's popularity is attributed to its real-time detection capabilities. Additionally, we can execute SOAR actions, namely security orchestration response. For instance, if we need to isolate a device from the network or run an antivirus scan on a machine, Defender for Endpoint facilitates these tasks.

Consider a scenario where one of the devices becomes compromised. During the investigation, if a malicious IP address is identified, it can be blocked using Defender for Endpoint.

Microsoft Defender for Endpoint offers excellent visibility. We can observe all the details regarding the attack process, such as the type of activity that occurred, including the entire MITRE ATT&CK framework. This enables us to view the initial actions, the device involved, the IP address used, and the extent of the impact on users and devices all through a single interface.

Microsoft Defender for Endpoint definitely assists us in prioritizing threats throughout our enterprise. Based on the signatures, the alert categories are related to high severity, medium severity, and low severity. Therefore, we can determine which alerts require our focus and prioritize them accordingly.

I am currently the Subject Matter Expert for Microsoft within my organization. This encompasses the entire Microsoft security suite. I specialized in working with Microsoft Sentinel. In the past, I was a part of the Microsoft Sentinel team itself, back in 2017 when Sentinel was in its pilot version, known as Azure Security Insights. 

It's very easy to integrate the Microsoft solutions. We have data connectors and APIs readily available. There are no difficulties. If we teach an unfamiliar person for a week how to use Defender for Endpoint and Microsoft Sentinel, they can likely gain insight into the basics of integrating Defender for Endpoint, Microsoft Sentinel, Defender for Identity, or Defender for Cloud Apps.

These solutions work natively together to deliver coordinated detection responses across our environment. When an incident is detected in Microsoft Defender for Endpoint, the same incident will be captured in Microsoft Sentinel within a few minutes. The integration capabilities with both Microsoft and third-party solutions are valuable.

The comprehensiveness of threat protection provided by these Microsoft security solutions is combined into a single interface. We can access all necessary features from one place. The combined solutions offer us User and Entity Behavior Analytics, Endpoint Detection and Response, on-premises, and cloud application security. While no single product can handle everything independently, by implementing basic security practices across all Microsoft products, we achieve a comprehensive threat detection system.

The bi-directional sync capability is a feature that allows us to enable safe devices in both Defender for Cloud and Defender for Endpoint.

Sentinel allows us to ingest data from across our entire ecosystem. If we are utilizing third-party firewalls or other products, we can employ APIs to integrate those solutions with Sentinel.

Sentinel allows us to examine threats and respond comprehensively from a single location. Within this location, we can utilize SOAR playbooks to accomplish different tasks, such as blocking all compromised email sign-in sessions with just one click.

Sentinel is a comprehensive security product, owing to its integrated SOAR, UEBA, and threat intelligence capabilities. UEBA employs built-in machine learning to identify users with high, medium, and low-risk profiles. The user interface also includes a feature that enables us to log out of the user. Threat intelligence has the ability to assimilate all access information from third-party solutions and identify threats originating from the internet. Sentinel consistently operates proactively to prevent compromises. 

I used to utilize Splunk back in 2015, but I have recently transitioned into being a Microsoft security advocate due to the cost optimization benefits. Microsoft Sentinel's pricing is based on the data we ingest. We have the flexibility to choose different models, such as the pay-as-you-go model or the bandwidth model. For instance, if we ingest 500 GB of EPS, we will incur charges for that usage; however, a 20 percent discount is applicable in this scenario. The pricing is directly linked to the amount of data we ingest, which is advantageous. I prefer not to ingest certain security events that are intended for operational purposes. By excluding these events, I can effectively reduce the overall cost of using Microsoft Sentinel. Additionally, being a cloud-native tool eliminates the need for any physical hardware. With just one click, the entire installation process is completed.

There are three ways Microsoft Defender for Endpoint has benefited our organization. The primary advantage is the optimization of our organization's scanning process. We have established a bi-weekly scanning process that runs at midnight, encompassing all machines. This stands as the foremost enhancement. The second advantage revolves around obtaining visibility into vulnerabilities within our environment. Considering our role as an MSSP, responsible for managing over 25 clients, this visibility holds paramount importance. Within Defender, a particularly noteworthy feature is the enabled management. This provides us with the latest information regarding vulnerabilities within Microsoft products as well as third-party software. The third and final advantage pertains to responding to emerging threats. For instance, in the case of a new attack, such as the recent CVE 3688, which targets a Microsoft Office vulnerability, including a zero-day exploit lacking an available solution, our Microsoft-oriented threat intelligence block comes into play. Through custom query languages deployed within Defender, we have the capability to identify anomalous activities. Additionally, this third point ties in with the Application Guard rules. These rules have proven instrumental in proactively preventing ransomware attacks. They operate by automatically obstructing any suspicious processes occurring within the Office environment.

Defender for Endpoint assists in automating routine tasks and identifying high-value alerts. We have APIs established, allowing us to develop our own dashboards using the Defender for Endpoint APIs. For instance, we can utilize Power BI to generate a security report, providing a comprehensive overview of the organization's internal activities.

It has eliminated the necessity for multiple dashboards. This pertains to the MXDR dashboard, which stands for Microsoft Extended Detection Dashboard, as well as the Detection Response Dashboard. Essentially, we have consolidated these into a single comprehensive dashboard, developed entirely by Microsoft. This unified dashboard streamlines the process of accessing organizational insights. As a result, there's no longer a need to access different security products to view their respective dashboards. Within Defender for Endpoint itself, we offer an array of security reports, all conveniently accessible with just one click. For those who may not find the reports relevant, we also provide the option to utilize our in-house developers for Power BI integration. This entails having a centralized dashboard where data from all products is collected and displayed in one location, facilitating a holistic view of security reports.

The integration into a single dashboard has simplified our security operations. Previously, our team had to perform numerous manual tasks for all customers. Therefore, with automation, when we present the report to the customers, they are quite impressed with having everything in one place. 

Microsoft Defender for Endpoints' threat intelligence assists us in preparing for potential threats before they materialize, enabling us to take proactive measures. We identify these proactive threats due to the presence of a threat entry system. If any IOCs are obtained, they are undoubtedly identified by Microsoft Sentinel. Moreover, we have set up indicators ingestion for Defender for Endpoint. This process involves creating steps to acquire data from third-party sources and directly inputting it into Defender for Endpoint. Since Defender for Endpoint has a capacity limit of 15,000 indicators of compromise, we can only ingest data up to this extent. Any surplus data will be automatically removed, provided their IOC scores fall below 60 within a month. Consequently, new IOCs will replace the removed ones.

It has saved our organization around 30 percent of our time in terms of not having to worry about malware. When any malware does get in, it is automatically remediated. Now, the main portion of our time is dedicated to conducting in-depth investigations and identifying other occurrences.

We have cut our organization's costs in half compared to our previous solutions. This is mainly due to the automation of most tasks, which means we now only need ten people to manage 20 customers, a significant reduction from the 30 engineers we needed before.

Microsoft Defender for Endpoint has significantly reduced our time for detection and response. Our Service Level Agreement entails detecting issues within 15 minutes and responding within 30 minutes. Defender for Endpoint has greatly contributed to these time savings. The incidents that we used to address using Splunk required extensive coordination within our team and with our customers, leading to substantial time consumption. Previously, resolving a single incident took around 40 minutes. Presently, this process takes approximately 15 minutes.

The most valuable feature is the timeline, which allows us to view the details of an event 30 minutes before and after.

Forensic investigation is a valuable feature of Defender for Endpoint.

We can run the virus scan across our entire environment.

We can block suspicious URLs and quarantine malicious files within the Defender for Endpoint portal.

Some of the integrations that Defender should include involve the use of the web app. Utilizing the web app implies that the Defender API should be accessible through mobile devices as well. For instance, if there exists a mobile application, it would be beneficial. Let's imagine a scenario where I'm traveling and I receive a new alert. With a Defender mobile application, I could easily isolate the threat, conduct an investigation on my mobile device, or even automatically escalate or assign the alert to my engineers.

There are certain third-party apps that haven't been integrated with Defender. I would be delighted to witness the integration of those apps with Defender for Endpoint. 

The deployment of Defender for Endpoint should be made smoother via Intune.

I have been using Microsoft Defender for Endpoint for five years.

Microsoft Defender for Endpoint is stable.

Microsoft Defender for Endpoint is scalable.

The technical support is fine but it takes time to reach them.

Neutral

We previously used Splunk but switched to Microsoft Defender for Endpoint because of the cost and smoother operation.

With the proper training, the initial setup is straightforward.

When conducting customer onboarding, the deployment will require a minimum of three days. Therefore, we must ensure everything is executed flawlessly and follow security best practices. Emphasizing precise deployment is crucial. Hence, deploying without careful planning is not an option, aiming to prevent any issues in a larger environment. In contrast, a smaller environment can be deployed within two days.

For a large organization with over 5,000 employees, a team of up to six people is required for the deployment.

We are achieving a 15 percent return on investment, which is contributing to the growth and impact of our company.

If we are acquiring everything in a single place, the front end becomes cost-effective. We won't need to purchase five separate products for various tasks. Instead, it's one product designed for five tasks, which is certainly a cost-effective approach.

I rate Microsoft Defender for Endpoint an eight out of ten.

We also utilize Defender for Cloud. Defender for Cloud is employed specifically for the Azure product. If we have servers deployed within Azure, the system handles alerting, traceability, and security. Therefore, we certainly use it.

We have three locations where Microsoft Defender for Endpoint is deployed. One is in Australia, another is in Qatar, and the third is in India. Consequently, we employ approximately two hundred personnel.

No maintenance is required for Defender for Endpoint on the customer's end.

A single-vendor security solution approach is better than a best-of-breed strategy. We all are using Microsoft laptops and OS.

I recommend completing a POC before adapting Microsoft Defender for Endpoint.