No more typing reviews! Try our Samantha, our new voice AI agent.
Doug Kinzinger - PeerSpot reviewer
Director of Technologies Solutions at a retailer with 1-10 employees
Real User
Dec 25, 2023
Has good reporting and logging features
Pros and Cons
  • "I like Defender's reporting and logging features. The email alerts are also helpful. It's hard sometimes to sift through the email, especially if you're an IT firm managing hundreds if not thousands of endpoints, but we find email reporting useful. For example, last Tuesday, we learned of new vulnerabilities that were discovered as a result of the previous patches. The endpoints without those patches triggered alerts in Defender."
  • "The onboarding and deployment could be more user-friendly, and there is room to grow in some of the reports. I don't want them to be oversimplified or overly complex, but there is room for improvement in the reporting it can do. It's relatively minor."

What is our primary use case?

We want to find a solution that fits businesses of every size and type, but we primarily target small and medium-sized enterprises. 

How has it helped my organization?

Defender helps us prioritize threats across the organization. When we needed to update the patches on our endpoints, we could look at all the patches and see what still needed to be fixed. We could decide whether it's necessary to address something urgently or deploy it as part of routine monthly maintenance. It's crucial to have the insights and a report that I can show to an executive to demonstrate that we need to act fast. This is less common because most people accept your hotfixes and patches when they come out, especially monthly security updates. However, some older shops might be like, "I'm running Windows 10. No one's touching this." We still need to service and support those machines, too. 

The solution helps us automate routine tasks and alerts. There's a dashboard where I can see the statuses of my machines in the environment. It helps us breathe a little bit easier. We're responding to businesses that had shifting needs during COVID. How can we be more proactive and help them to be more proactive? We shifted from traditional PC antivirus software to stuff that's totally different. I can't say it's "set it and forget it" because that implies a lazy mentality. However, I know I have a level of protection that I can have faith in. 

Defender helps us be more proactive. I find value in the zero-day threats that get fixed from Microsoft bug fixes or security updates. I can read and research about those zero-day threats from Microsoft's public site without digging too deeply into the Defender side of things. 

We've saved some time with Defender for Endpoint because we were doing a lot of unnecessary remediation with the other products. We had a series of servers that our previous product was installed on. It would blue-screen the server at random, and you can't have that. I'm not worried about Defender impacting my system stability. We put a lot of high-performance systems out there, including PCs and backend compute. I want to ensure we won't be overburdened by unnecessary security software that may not be giving me the protection I want.

Defender's reporting saves us four hours to eight hours each month. It has many of the standard reports we need built in, so it's effortless to generate and pull from. The time we save in other areas isn't as easy to quantify. I don't have to worry about the stability of a box or a computer cluster. 

It has decreased my detection time. On Wednesday, I got emails notifying me that new vulnerabilities were detected. They weren't new, but they were newly disclosed because patches came out for them. It has enabled us to react much quicker. 

What is most valuable?

I like Defender's reporting and logging features. The email alerts are also helpful. It's hard sometimes to sift through the email, especially if you're an IT firm managing hundreds if not thousands of endpoints, but we find email reporting useful. For example, last Tuesday, we learned of new vulnerabilities that were discovered as a result of the previous patches. The endpoints without those patches triggered alerts in Defender.

Defender ties into the Microsoft 365 portal where many shops spend a lot of their time doing password resets or other tasks. There is much more in the Azure portal too, but the 365 portal has a list of open issues, bugs, and necessary remediation steps. If I'm working on my security score, I have all of those on an active list, which is nice.

What needs improvement?

Defender should be more accessible for small and medium-sized businesses. You have some organizations that maybe have a hundred employees, and they're focused on making their widgets. That's their nine-to-five every day. They're not thinking about that security side, but maybe they're already invested in 365 or the Azure ecosystem and having Defender as an add-on makes sense from a price perspective. It's easy to deploy, but it could be easier for some of those smaller businesses to onboard endpoints.

The onboarding and deployment could be more user-friendly, and there is room to grow in some of the reports. I don't want them to be oversimplified or overly complex, but there is room for improvement in the reporting it can do. It's relatively minor.

Buyer's Guide
Microsoft Defender for Endpoint
July 2026
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,928 professionals have used our research since 2012.

For how long have I used the solution?

We have used Defender for Endpoint for the last 18 months or so. 

What do I think about the stability of the solution?

Defender's stability is one of the things I love most about the solution. 

What do I think about the scalability of the solution?

There are no limitations on Defender's scalability. I get the impression that it's designed to cater to massive enterprises with 20,000 or more endpoints, but I think there's a market for a simpler deployment, like 100 PCs, 10 servers, etc. Give me a deployment option that's simple. 

How are customer service and support?

I rate Microsoft support eight out of 10. It's good overall, but it can be hit or miss depending on your issue, and sometimes you don't get the right level or technician. All of my 2023 support experiences have been stellar, but 2022 was a little inconsistent. 

Which solution did I use previously and why did I switch?

The company evaluated other solutions in parallel and in tandem with it. Our trajectory shifted slightly during COVID-19, so we explored that more. We tried ESET and SentinelOne for a while. But those are apples-to-oranges comparisons. Defender for Endpoint is geared toward common reporting,  notifications, and backend stuff, whereas SentinelOne is designed to lock machines down. It has many more tendrils deep within, so they're not great comparisons. 

We decided to go with Defender because we're pretty heavily invested in the rest of the Microsoft Stack, so it made sense. However, we wanted to do our due diligence because we're already using other products. We wanted to ensure we were picking the best of breed for our customers fair enough.

We were having issues with other products like ESET, SentinelOne, and Symantec. SentinelOne is just too deep and heavy. It's like trying to shoot a fence post with a missile. It was too much. We rely on the product and trust it. It takes a little while to get there, but once you trust a product, you can move on to the next thing and know you're protected.

How was the initial setup?

The onboarding process could be more straightforward. I wish the onboarding were simpler. It seems a little more ethereal than, "Hey, here's your executable, put this on every machine." That would be easier for a small shop. We're still deploying into a lot of our sites. It didn't take long at all, but it takes a while to get fully ready to deploy, 

What's my experience with pricing, setup cost, and licensing?

Defender's pricing is competitive. There are ways to negotiate a better price with Microsoft or your reseller as your business grows. You can say, "Hey, I bought 365 Business, then E3, and E5. Now, I'm buying Defender, so give me bulk pricing."  There are opportunities to save as you grow that wouldn't exist if you picked a different vendor.

What other advice do I have?

I rate Microsoft Defender for Endpoint eight out of 10. 

Disclosure: My company has a business relationship with this vendor other than being a customer. Resellers
PeerSpot user
Sudhen Swami - PeerSpot reviewer
Senior Enterprise Architect at MTVH
Real User
Jul 9, 2024
Easy to update with good protection and a useful cloud portal
Pros and Cons
  • "Updates and upgrades are quite smooth and seamless."
  • "We'd like to see integrations with more vulnerability scanning solutions like Tenable."

What is our primary use case?

The solution is primarily used for securing endpoints, mainly desktops and laptops.

How has it helped my organization?

We're taking the adoption in phases. We started with endpoints and we want to expand into other capabilities at the application level.

What is most valuable?

We've mainly used it for endpoints. However, we've also used it for DLP as well. We're also in the process of implementing it for cloud and identity as well. However, it's very good for endpoints, and that's our main focus. 

The malware protection is good.

The visibility it provides is very useful. We can combine visibility with wider security features and alerts around malware, misconfiguration, or any other kinds of threats. The cloud portal is quite good. From there, we are able to see alerts and have colleagues review issues and monitor to see if any patterns arise. It's serving us quite well overall. It allows us to look at other items, like application and browser control. 

It helps us prioritize threats. We have a process in place now where we can review issues and remediate them effectively.

We have been able to integrate a variety of Microsoft security products together. We use Azure AD, for example, and we've begun to implement DLP, among other items. We're looking at labeling and tagging and will expand into that soon. 

Defender has more stringent system requirements than, for example, Check Point. So when we implemented the Check Point Endpoint agent, that solution didn't mind what version of Windows you were using. When we moved to Defender, Defender had certain system prerequisites that had to be met. So we had to make sure that we're on a minimum version of Windows when we're utilizing Office, and Office has to be a particular version as well. It has more stringent system requirements that have to be met before you can implement it.

It works natively together with other Microsoft solutions. Once you get more and more of those different components across the environment, then you start to get better visibility. So, rather than having lots of different solutions, you have fewer solutions and a single vendor solution. That way, you start getting into a position where you get better visibility and integration as well.

The standardization is good. It's important. It's helping me with monitoring and learning.

Updates and upgrades are quite smooth and seamless. 

Defender helps us automate routine tasks. Quite a lot of Microsoft is straightforward for us now. Previously, we didn't have enough resources and were unable to look at the alerts. Having this in place makes things a lot more straightforward for us. We have both the technology and the people in place now, alongside the process. We do see the benefits in that, and that's why we're continuing our adoption across the estate in terms of client and server as well. 

It's helping us avoid looking at multiple dashboards and centralized monitoring. We're not fully there yet. We're getting there.

While we haven't witnessed time saving yet, once it's fully deployed, it will. By then, we'll have standardized processes across a single solution. We have saved money, however, as we continue to reduce non-Mircosft systems. Since we won't be using various competing technologies, we can save on licensing costs. We've likely so far saved 15%.

While it's hard to estimate exactly how much, the solution has helped us decrease time to detection and time to respond. 

What needs improvement?

We'd like to see integrations with more vulnerability scanning solutions like Tenable. It would be good to be able to compare both systems to threats that are arising. 

For how long have I used the solution?

I've used the solution for the past couple of years. I haven't used it, however, on an active basis. It's not a solution that requires active engagement. 

What do I think about the stability of the solution?

The solution is stable. We've had no issues. 

What do I think about the scalability of the solution?

We've had no issues with scaling. We're scaling up to just under 2,500 systems.

How are customer service and support?

We haven't had much cause for raising tickets; however, largely support is very good. We did receive initial support during deployment and have a unified support agreement. It's simple and straightforward when we do need help. 

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We have used a Check Point solution as well in the past. We're moving away from other competing technologies. We had a number of issues with Check Point in terms of the mix of client devices and operating it in a VDI environment. It wasn't as reliable as we would have liked. It might have also been a resourcing issue - not just a Check Point issue.

How was the initial setup?

In terms of the actual implementation, once everything is in place, it's quite smooth, and you see the benefits quite quickly as well.

I was not directly involved in the deployment of Defender. I was more involved in procurement. 

What's my experience with pricing, setup cost, and licensing?

Defender is part of the plan we signed up for. Overall, it's part of a wider suite and is representing well, although it's hard to gauge how much of our overall licensing price is based on Defender as a product. It's part of a wider investment in Microsft 365. 

Which other solutions did I evaluate?

We have been through a merger in the last five years, so there were multiple solutions we were using, such as Trend Micro and Kaspersky, as well as Cisco, that we considered before deciding to standardize under Microsoft. 

What other advice do I have?

We are starting to also use Microsoft Defender for Cloud. We have a small POC that we are getting off the ground. We have not yet explored bidirectional sync capabilities.

I'd rate the solution nine out of ten.

I would advise new users to just be mindful of system requirements. You do need to have a relatively up-to-date Windows estate. Take into account legacy considerations in terms of displacing other non-Mircosoft solutions.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Microsoft Defender for Endpoint
July 2026
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,928 professionals have used our research since 2012.
Senior Data Hosting and Security Special at Two aquate
Real User
Oct 2, 2023
Helps to prioritize threats, provides good visibility, and saves us time
Pros and Cons
  • "Microsoft Defender for Endpoint is extremely stable."
  • "A single dashboard would be a significant improvement."

What is our primary use case?

We are a Microsoft-heavy organization, so we use Microsoft Defender for Endpoint because of its compatibility with our environment and its reports, which provide good visibility into our environment and send telemetry logs to the server.

How has it helped my organization?

Microsoft Defender for Endpoint collects all system logs, activity logs, and threats. It then sends this data to the Office 365 security portal, where we can view all logs and use various analytics tools to forecast average bandwidth usage, identify programs used by users, and view which apps are running in our environment, including unauthorized apps. All of these insights are easily accessible if we have a complete Microsoft solution.

Microsoft Defender for Endpoint helps us prioritize threats across our enterprise. We have configured the standard settings and are using many Microsoft solutions, so we receive direct support from Microsoft. We have created many policies, including a standard policy for all apps and programs used in our organization. We have a list of these programs, and any that are in the Defender for Endpoint exclusion list, such as DLP software or trusted software, are excluded so that they do not slow down the process. We then prioritize the apps according to standard cybersecurity priorities. For example, if an application is vulnerable and not from a renowned vendor, it should be blocked.

We have integrated Sentinel with Defender for Endpoint. The integration was a few simple clicks.

Our integrated solutions work together seamlessly to provide coordinated detection and response across our environment. We like Microsoft's Advanced Threat Protection solution, which uses EDR and AI to protect endpoints. Recently, a user downloaded an unknown file, and ATP immediately flagged it. ATP then ran an automatic investigation and provided us with the results in the portal. We can then decide whether to quarantine, delete, or report the file to Microsoft Defender for Endpoint.

Microsoft provides comprehensive security products that have fulfilled all of our security needs and assured us that we have enterprise-grade security and do not need any other solutions. We have received positive results.

We use the cloud's bidirectional synchronization capabilities to synchronize our on-premises Sentinel agents with the Azure Monitor agents.

It is our requirement to have bi-directional synchronization between the cloud and on-premises environments because we now have users in both locations. This means that if a user changes their password in the cloud, it will also be updated in the local Active Directory. Additionally, we have some on-premises servers that require our SQL databases in Azure, so they communicate with the cloud bi-directionally.

Microsoft Sentinel enables us to ingest data from our entire ecosystem. The whole point of Sentinel is to collect logs and notify us, showing us our cybersecurity posture and where we stand. It also advises us on the policies we define for our system and whether the system in our environment matches those policies, identifying any applications that are not fulfilling those policies.

Sentinel provides visibility into our environment and we can investigate and respond to threats through Defender.

In the context of user and entity behavior analytics, Sentinel is very effective. It can identify high- and low-risk users by analyzing their daily usage activities, such as the applications they access, the websites they visit, and how they handle data. Sentinel then segregates users into high-risk and low-risk groups based on this analysis. This gives us good visibility into user behavior, which is essential for protecting our organization. While Sentinel has other capabilities, we are currently using it for UEBA.

Microsoft security has helped us save about 30 hours per month, reducing our workload.

Microsoft security has helped us save costs. In our company, we have different Office 365 licenses, including E5, E3, and F5. Some of the security add-ins are free with these subscriptions. For example, the E5 license includes SIEM, Office 365, Defender for Endpoint, and an Active Directory P1 subscription. This means that we do not have to purchase these add-ins separately, as they are included in our licensing.

Defender for Endpoint has reduced our time to detect and respond. Once an incident has occurred the AI automatically takes action and provides us with a detailed report of the investigation. It takes five to ten minutes to resolve an incident.

What needs improvement?

To have full visibility, we must access multiple dashboards, which is a problem because they change frequently, with daily updates to naming conventions. A single dashboard would be a significant improvement.

For how long have I used the solution?

I have been using Microsoft Defender for Endpoint for seven months.

What do I think about the stability of the solution?

Microsoft Defender for Endpoint is extremely stable.

What do I think about the scalability of the solution?

Microsoft Defender for Endpoint is easily scalable because it is compatible with a variety of Windows and Linux machines.

How are customer service and support?

Technical support is good. We usually receive a response with a solution within 24 hours.

How would you rate customer service and support?

Neutral

Which other solutions did I evaluate?

We are currently evaluating CrowdStrike and a few other solutions.

What other advice do I have?

I would rate Microsoft Defender for Endpoint eight out of ten.

Microsoft-heavy organizations should avoid using third-party SIEM solutions, as the compatibility issues would require significant effort from the IT department to configure them with Microsoft applications.

Microsoft Defender for Endpoint is a detection system, not a prevention system. We receive alerts after a threat has occurred.

It is better to choose a single company security solution because it will free up time to focus on the environment and identify loopholes. Rather than using three or four third-party software programs, which would require us to spend more time learning about them and resolving compatibility issues, a single solution would provide a better view of the environment.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2169915 - PeerSpot reviewer
Information Security Engineer at a financial services firm with 10,001+ employees
Real User
Aug 4, 2023
Easily integrates with Microsoft solutions and helps us prioritize threats across our enterprise
Pros and Cons
  • "The integration with all variations of Microsoft Defender, for Endpoint, 365, and Cloud is valuable."
  • "The time it takes to implement policies has room for improvement."

What is our primary use case?

We use Microsoft Defender for Endpoint to protect our work environment.

How has it helped my organization?

The endpoint provides good visibility into threats. However, working with Microsoft Defender for Endpoint and its control panel can be challenging, especially when dealing with features such as compliance and cloud app security details. Nevertheless, with enough experience, it becomes a useful tool for threat detection. Although it may be difficult to work with initially, it is an essential instrument for information security.

Microsoft Defender for Endpoint helps us prioritize threats across our enterprise.

The integration of Microsoft Defender for Endpoint with other Microsoft solutions is easy. The integrated Microsoft solutions work natively with each other.

The level of comprehensiveness provided by all of the integrated solutions is satisfactory.

Microsoft Sentinel allows us to investigate and respond to threats from one place.

Microsoft Defender for Endpoint helps automate routine tasks and find high-value alerts. The solution has a powerful advanced query that we can schedule to run automatically.

Microsoft Defender for Endpoint simplifies the use of multiple dashboards by providing a single XDR feature. This is a beneficial feature, but my reliance is on the 50 automated rules that run on a schedule to keep me informed of any incidents.

The automatic rules and policies that we apply using Microsoft Defender for Endpoint save us around four hours per day.

Microsoft Defender for Endpoint has saved our organization money by protecting the environment from threats.

Microsoft Defender for Endpoint has reduced our time to detect and respond to security threats by consolidating all relevant information in a single panel within a web portal. This enables us to quickly review and respond to potential threats, thus improving our ability to mitigate risks effectively.

Microsoft Defender for Endpoint has helped our organization by working to identify threats quickly before they become a problem. 

What is most valuable?

The integration with all variations of Microsoft Defender, for Endpoint, 365, and Cloud is valuable.

What needs improvement?

The time it takes to implement policies has room for improvement. When we create policies or configure file profiles and assign them to specific groups, Microsoft Defender for Endpoint will apply these rules accordingly. If we need to make changes to the policy, it can take up to thirty minutes or even two to three hours for the changes to take effect on Microsoft Defender for Endpoint. This waiting period can be a significant amount of time to implement changes. It is at times quicker to create new policies than to make changes to existing policies.

We are experiencing problems with certain Samsung Android mobile devices that have Microsoft Defender for Endpoint installed. Specifically, when attempting to log into the corporate profile, users are prompted multiple times to enter their credentials.

For how long have I used the solution?

I have been using Microsoft Defender for Endpoint for two years.

What do I think about the stability of the solution?

Microsoft Defender for Endpoint is extremely stable.

What do I think about the scalability of the solution?

Microsoft Defender for Endpoint is scalable.

How are customer service and support?

The technical support team is professional.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used a separate antivirus and endpoint solution called Cynet but it was not very useful. Our organization moved into the Cloud so we decided to use Microsoft Defender for Endpoint.

What about the implementation team?

We deployed Microsoft Defender for Endpoint across multiple locations in our organization.

Which other solutions did I evaluate?

We evaluated Splunk and Microsoft 365 before the head of our company chose Microsoft Defender for Endpoint.

What other advice do I have?

I give Microsoft Defender for Endpoint an eight out of ten.

No maintenance is required on our end for Microsoft Defender for Endpoint.

Microsoft Defender for Endpoint is a powerful tool and I recommend it.

Using a single vendor security suite carries inherent risks, but with a well-established company like Microsoft, those risks are significantly reduced, and it's more cost-effective than using multiple best-of-breed solutions to achieve the same level of security.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Naman Verma. - PeerSpot reviewer
Security Delivery Specialist at a consultancy with 10,001+ employees
Real User
Oct 2, 2023
Reasonably priced with good support but still needs to improve its threat intelligence
Pros and Cons
  • "We have very good visibility on our endpoints. The level of information it throws back is helpful."
  • "Where we stand right now, compared to other products that are there in the market, they still have to work on their threat intelligence and the overall maturity of detecting the malware."

What is our primary use case?

The solution is used as an endpoint solution to provide a 360-degree portfolio around an endpoint. It acts as a next-gen antivirus. 

What is most valuable?

It’s included with the Microsoft licensing, so we don't need multiple licenses.

Microsoft is very effective in device control. If there is malware that is coming in, It is very quick to remove it. It doesn't let it gain a footprint on your drive, so that prevents further damage from happening to the endpoint.

This solution helps us prioritize threats across our enterprise. When we are looking at our current scenario, post-COVID, most of the employees of the clients that we are dealing with are remote. When it comes to remote, you can make sure that they're logging in to VPN, however, most of their time is online and we need a product that is actively protecting them even if a user is not on a VPN or a company network. This product integrates very well with Windows due to the fact that it's a Microsoft product. It's giving users the protection that they need while ensuring businesses don’t have to spend extra on licenses.

We are using other Microsoft products. Including CASB integrated with our endpoint. We’re also using Azure, for example, and Microsoft Defender for Cloud as well as Sentinel (although a different team manages it). We have seen a very hybrid kind of environment with one of our clients where they were using an on-prem solution throughout, and they were aiming to move to the cloud. It becomes very easy to integrate everything and move most of their infrastructure to the cloud. It does take time and effort, however, with everything integrated, you can get it done. Microsoft solutions also work natively together. That’s a big strength. Everything communicates seamlessly.

We have very good visibility on our endpoints. The level of information it throws back is helpful.

How long it takes to see the level of benefits will depend on the deployment. Our deployment took two months for one client. Within a month’s time, they started seeing the benefits. We had a substantial number of endpoints to roll out, however, we began to note benefits pretty fast.

Microsoft Defender for Endpoint helps automate the finding of high-value alerts. It still needs to mature a little bit. Overall, we are seeing very security-intensive products and Microsoft still has a lot to learn.

It helped eliminate having to worry about multiple dashboards. Now, we have one single dashboard where our team takes care of everything. That has been very helpful. It makes the team focus on one single product. That helps prepare us for potential threats before they hit. We get fairly decent visibility into what's happening. Since we have one single dashboard that is giving us all the information, it becomes very easy for the team to react to incidents as well.

Overall, the solution has saved time. Previously, while we were doing deployment, most of our time was spent figuring out how to handle the products that are not natively from Microsoft. We had to figure out how we could integrate to get the most out of our products. Now, with Microsoft, we have all the integrations present in one place.

On average, we’ve likely saved nine to 12 hours weekly just by having one single Microsoft dashboard.

We’ve saved money, too. Considering it comes under one existing license, we don’t have to spend money separately or buy another license to get all the features we need.

The solution decreased our time to detection and time to respond. Our turnaround is better. From the moment we receive an alert to the moment we close the case, we’ve seen a reduction of 18% to 20% overall.

What needs improvement?

The visibility of threats needs to improve a bit. It still has to learn a lot. Where we stand right now, compared to other products that are there in the market, they still have to work on their threat intelligence and the overall maturity of detecting the malware. Sometimes we have seen instances where they have wrongly identified the malware. That is something that we would really hope that Microsoft works on.

Microsoft has to improve the efficacy of the product further. When we are talking about a security product, there are minor frameworks and there are close to 145 different techniques that we are talking about. It broadly categorizes into types yet it doesn't drill it down to techniques, which gives us a very specific idea of what they are aiming for. 

For how long have I used the solution?

I've been using the solution for the past one and a half years as a solution architect to design and deliver EDR solutions. 

What do I think about the stability of the solution?

The product is fairly stable. 

What do I think about the scalability of the solution?

The solution can scale. We scaled up initially from 500 to 32,00 endpoints and it was fine. 

How are customer service and support?

We've had to contact support in the past and found them to be very effective. They are knowledgeable in their approach. However, the tasks can be a bit time-consuming.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We are using CrowdStrike, Palo Alto XDR, and a lot of different products. The client using CrowdStrike may have moved to Defender based on the cost.

How was the initial setup?

The initial setup was simple. 

There is a bit of maintenance required around data retention. It has a data retention period of 80 or 90 days depending on the configuration. We make it a habit of filing data for compliance purposes. Two to three people are normally involved with the maintenance aspect. It's not resource-intensive. 

What about the implementation team?

We are the third party. We help clients implement the solution. 

What was our ROI?

We have witnessed an ROI. 

What's my experience with pricing, setup cost, and licensing?

The product is very cheap compared to other options. It's very affordable, which is why Microsoft is gaining a foothold in terms of client acquisition.

What other advice do I have?

We're a Microsoft partner. 

I'd rate the product seven out of ten. 

You can spend a lot of money to get a very specific security tool, however, if you don't have the money, Defender does a pretty good job for you.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer.
PeerSpot user
Shashank Gahoi. - PeerSpot reviewer
Security Architect at a tech vendor with 10,001+ employees
MSP
Sep 15, 2023
We can directly connect to a machine, access the system, and check if any malicious files are present
Pros and Cons
  • "There are a couple of features, such as isolating the devices or connecting the device and connecting live response."
  • "Microsoft Defender for Endpoint does not offer default templates for alerts, requiring us to configure everything ourselves to avoid numerous false positives."

What is our primary use case?

We use Microsoft Defender for Endpoint for anti-malware purposes.

How has it helped my organization?

Microsoft Defender for Endpoint has good visibility into threats, capturing 95 percent of them.

Microsoft Defender for Endpoint helps us prioritize threats across our organization, which is important.

We have integrated Microsoft Defender and Sentinel. The process of integrating Microsoft Defender for Endpoint and Sentinel was easy.

They work natively together to deliver coordinated detection and response across our environment which is important. Microsoft Defender for Endpoint and Sentinel work together comprehensively to detect and protect against threats. If one solution misses a threat, the other one will pick it up.

Sentinel allows us to gather data from our entire ecosystem, which is crucial for us.

It enables us to investigate threats and respond holistically from one place.

Microsoft Defender for Endpoint is an effective anti-malware solution. Additionally, it offers the capability to isolate a device in case of more significant issues with a workstation or server. Moreover, we can directly connect with the machine through Microsoft Defender itself to access and check files using live response, allowing us to assess the situation accurately.

Microsoft Defender for Endpoint offers a unified XDR dashboard that eliminates the need to view multiple dashboards. However, we are only focusing on incidents and log queries.

The threat intelligence helps us prepare for potential threats before they occur, allowing us to take proactive steps, as long as there are alerts and we have properly configured them.

We were previously using IBM QRadar, but it was not quite effective for generating alerts or for data analytics. Additionally, it created numerous alerts, which only sent us notifications for issues like behavioral concerns. This had a significant impact on the workload for InfoSec Operations. Microsoft Defender for Endpoint has helped to reduce our SecOps team's investigation time.

Once we invest the initial time to create alerts and queries, Microsoft Defender for Endpoint saves us time by sending alerts and logs directly. This eliminates the need to repeatedly create queries to search for specific alerts, incidents, or events.

Microsoft Defender for Endpoint has decreased our time to detection and time to respond.

What is most valuable?

There are a couple of features, such as isolating the devices or connecting the device and connecting live response. These are very good features of Microsoft Defender for Endpoint because we can directly connect to the machine, access the system, and check if any malicious files that our Defender or Sentinel is detecting are present or not. This allows us to investigate those files further.

What needs improvement?

Microsoft Defender for Endpoint sometimes fails to detect malware incidents, and when it does manage to stop them, we only receive a notification stating that the issue has been resolved. Unfortunately, we are not provided with any information on how the solution resolved the incident.

Microsoft Defender for Endpoint does not offer default templates for alerts, requiring us to configure everything ourselves to avoid numerous false positives.

The pricing needs to be improved.

For how long have I used the solution?

I have been using Microsoft Defender for Endpoint for a little over one year.

What do I think about the stability of the solution?

I give the stability a nine out of ten.

What do I think about the scalability of the solution?

I give the scalability an eight out of ten.

How are customer service and support?

We rarely need technical support, but when we encounter issues with log ingestion, we contact them. Unfortunately, the support isn't very helpful as they suggest trying things we've already attempted, which haven't worked. Consequently, we often find ourselves searching online to resolve the problem on our own.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I also use FireEye, which is now called Trellix, along with McAfee. Each tool has its own advantages and disadvantages. FireEye was solely an EDR solution. Microsoft Defender for Endpoint is superior to McAfee due to the higher number of alerts and the ability to isolate and connect to the machine in real-time.

Microsoft Defender for Endpoint is the default solution for Microsoft, but it can be challenging to integrate with Linux environments. Additionally, if we are using any other EDR or anti-malware solutions, Microsoft Defender for Endpoint will only work passively, not actively, and we cannot convert it to function as an active anti-malware solution.

How was the initial setup?

The initial setup of Microsoft Defender for Endpoint may be more complex compared to other solutions that only require pushing agents to workstations or servers. Each device must be compliant and onboarded to Azure in order to be active, and any non-compliant workstations cannot be uploaded to Azure. On the other hand, with McAfee and similar solutions, we only need to push the agent and it starts reporting to the console. Our deployment process lasted six months and involved a group of three to four people and their respective teams. We had one team for field agents, another for SCCM purposes, and an Operations team as well.

What about the implementation team?

Microsoft assisted with the implementation, and they were efficient.

What's my experience with pricing, setup cost, and licensing?

We are required to pay for the data we ingest, and increasing the data amount incurs additional expenses.

What other advice do I have?

I give Microsoft Defender for Endpoint an eight out of ten.

We currently have around 6,000 Microsoft Defender for Endpoint users in our organization.

We have a team called InfoSec Operations that handles maintenance and consists of approximately five people.

I recommend Microsoft Defender for Endpoint for larger organizations, and they should undergo training if they intend to use it in conjunction with Microsoft Sentinel, as it is a complex tool compared to others like QRadar. For smaller organizations, I suggest using Splunk, which is a reliable solution.

Microsoft Defender for Endpoint is a viable solution, but it does have limitations when it comes to other operating systems. I would not recommend this solution for an organization that operates in a Linux-based environment.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Mark Foust - PeerSpot reviewer
Director strategic alliances at a computer software company with 11-50 employees
Real User
Dec 20, 2023
I like that the solution is integrated and doesn't have a third-party payload trying to advertise subscription renewal
Pros and Cons
  • "I like that Defender is integrated and doesn't have a third-party payload trying to advertise subscription renewal."
  • "The interface isn't necessarily intuitive to a nontechnical person. You can get stuck in the little endpoint security portal. Sometimes, if you uninstall a competitive product, the end user doesn't always know if it's running or if they're protected even though it's silently running. There could be a notification, widget, or something that's resident on the screen for at least a bit, especially if you're doing remote support. You want to talk them through it, but sometimes, we're not allowed to look at the PCs we support."

What is our primary use case?

We use Defender for endpoint security, firewall administration, and antivirus. 

How has it helped my organization?

From an administrative perspective, Defender provides a single pane of glass for us to look at compliance throughout the company and for the customers we recommended it to. That's probably the most significant piece. The governance and policy features work together for us because we can easily provide the self-attestation that we need for the federal government.

Automation at this point, as I understand, is a lot of one-offs. It depends on the particular console that you're looking at. I'd love to have them integrated. I understand that there's a larger solution for that, but it's challenging to figure out a cost estimate of what it would take to get it up and running. The automations are often tied to the separate Defender products and not always integrated, but we're still shy about buying the larger product and integrating all the logs. 

Defender for Endpoint saves time by making administration more manageable. It's at least four hours per month per administrator. We save money with Defender because it's packaged with other Microsoft solutions. It's $20 to $60 per user annually, depending on the suite you're getting. 

What is most valuable?

I like that Defender is integrated and doesn't have a third-party payload trying to advertise subscription renewal. I don't get spam because of it. Regarding visibility, no one has their finger in as many operating systems as Microsoft. No one has the platform or deployment profile that Microsoft has. Microsoft can outshine any third-party vendor when it comes to visibility.

What needs improvement?

The interface isn't necessarily intuitive to a nontechnical person. You can get stuck in the little endpoint security portal. Sometimes, if you uninstall a competitive product, the end user doesn't always know if it's running or if they're protected even though it's silently running. There could be a notification, widget, or something that's resident on the screen for at least a bit, especially if you're doing remote support. You want to talk them through it, but sometimes, we're not allowed to look at the PCs we support.

I'd like them to improve visualizations for people higher up the reporting chain, such as potential purchasers, directors, VPs, and CEOs. They have little time. They want to see red, green, and yellow lights or some other type of visualization. It would be great to have this functionality out of the box without a lot of custom development.

We're learning about the AI Security Co-pilot. I'm unsure how it integrates, but I'd like to see it integrated. I'm an administrator, so I don't look at the logs constantly, but patching is critical. I would love to see the percentage of PCs patched in a given period. Reporting and alerts are crucial issues. When an alert needs to be triggered, we'd love to see some events flush up.

We often have to wait for and do a report until we find what we're looking for. It would be nice to sort of set it and forget it or have a community board of plugins that we could download and say, "Here's the meantime to resolution for x, y, or z policy or some policies that we could potentially integrate.

For how long have I used the solution?

I have used Defender for Endpoint for seven years. 

What do I think about the stability of the solution?

I can't think of any ongoing issues that we have other than our own internal minor configuration. I don't know if this is in there, but I would love the ability to see how we're deployed and get recommendations.

What do I think about the scalability of the solution?

Defender is scalable. The solution covers multiple locations and departments. We have about 100,000 end users. The departments vary in size. 

How are customer service and support?

I rate Microsoft support six out of 10. They're responsive and willing to help. I have no problems with their customer service. However, it's sometimes difficult to find a technician that understands your issue. Sometimes, when you try to do self-service with Microsoft, it refers you to a third-party website for support ideas and stuff. That's absolutely bizarre. Why would I trust a third party linked from the Microsoft community forums and things?

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We were using Norton Antivirus, but we switched because we were familiar with Defender. We had Defender running on our home machines, and we had positive experiences because it didn't noticeably slow our machines. It was fairly intelligent at what it did. Sometimes, you feel a little restricted by a few of the things that it may not have. But in the end, I don't think that we're missing anything that we didn't already have in the product.

What's my experience with pricing, setup cost, and licensing?

Defender is typically bundled with 365 packages that the customers are already buying. We haven't done an in-depth ROI for right. Often, we leave the customer to make those decisions even though we can point to tools like that on the web or allow an analyst tool to do that type of work. 

Which other solutions did I evaluate?

We looked at Norton, McAfee, and another one that I can't recall. Ultimately, our decision primarily came down to integration into the system. If it's integrated, it isn't overwritten by the security patch, and it doesn't add to the payload we're already sending down to manage the PC. We wouldn't use it if the quality wasn't there, but all else being equal, it's always easier to use an integrated solution from a single vendor.

What other advice do I have?

I rate Microsoft Defender for Endpoint nine out of 10. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner and reseller
PeerSpot user
reviewer2315553 - PeerSpot reviewer
Senior program lead at a manufacturing company with 10,001+ employees
Real User
Dec 14, 2023
Works very well with the Microsoft ecosystem and helps to stop threats at the source
Pros and Cons
  • "The endpoint detection of threats is valuable. The initial detection of things like ransomware and viruses and being able to shut down machines immediately and stop a threat is valuable. We can stop a threat at a source versus allow it to propagate it across the network."
  • "The product itself does not necessarily need improvement, but the support and implementation of the product are the disaster cases."

What is our primary use case?

We use it as an Enterprise Detection and Response (EDR) solution. We use it for compliance purposes, and we are starting to use it for DLP purposes.

How has it helped my organization?

Microsoft Defender for Endpoint allows our threat hunting and threat remediation teams to reduce the footprint of viruses when they come on the network.

We have immediate visibility on all endpoints. It is very good at visibility.

For prioritizing threats across our enterprise, the threat-hunting system in Microsoft Defender for Endpoint is not top-notch. We usually integrate it into things like our SIEM or Sentinel or other things to prioritize or our SOAR system to automate.

We can feed the alerts coming out of it into our XSOAR system to immediately act on events versus waiting until people see them and use the ticketing system.

Microsoft Defender for Endpoint has saved us time. It has saved us at least 40 hours a week. We are able to automate and have the ability to handle threats on an enterprise with 50,000 devices.

Microsoft Defender for Endpoint has not saved us costs. It is a Microsoft product.

Microsoft Defender for Endpoint has reduced our time to detect and respond. By going from a manual process to an automated process, depending on the severity, the time reduced has gone from minutes and days to seconds.

What is most valuable?

The endpoint detection of threats is valuable. The initial detection of things like ransomware and viruses and being able to shut down machines immediately and stop a threat is valuable. We can stop a threat at a source versus allow it to propagate it across the network.

What needs improvement?

The product itself does not necessarily need improvement, but the support and implementation of the product are the disaster cases. Instead of being able to go back to Microsoft and ask how to do something, we have to work with a vendor who does not exactly know how to do that and has to go to Microsoft to say, "How do we do this?" so that they can answer our questions. There are a lot of things in relation to various compliance standards such as CIS. The primary levels of support of Microsoft do not know or cannot implement that. Working through vendors is time-consuming. It is a painful process to get back to them to get the answers.

For how long have I used the solution?

I have been using Microsoft Defender for Endpoint for three years.

What do I think about the stability of the solution?

We have never seen any downtime in it, so it is incredibly stable.

What do I think about the scalability of the solution?

It is incredibly scalable. However, its ability to bind things into the groups on its dashboard is limited. You can see your 50,000 machines empire, but dividing it into regions, and dividing it into subgroups and management areas is very limited.

It is deployed across the world. There are 250 sites worldwide with 50,000 devices.

How are customer service and support?

I would rate their support poorly. I would rate them a two out of ten.

How would you rate customer service and support?

Negative

Which solution did I use previously and why did I switch?

The history would be a Symantec product, but I do not remember what it was. Then we went up through Azure ATP to Microsoft EDR. 

How was the initial setup?

I was involved in its deployment and initial setup, but I was not a part of PoC at the time. The deployment was very easy. We pushed it out with SCCM.

Our implementation strategy was PoC, small user groups, and then wide or regional deployments.

We have on-premises and cloud deployments. It is an endpoint protection platform. It goes on any endpoint that we have or that we have running. It could be an endpoint that is sitting in the cloud. It could be an endpoint that is sitting on-prem. We use Azure, GCP, and AWS. There is also some limited rack space from IBM.

What about the implementation team?

We used CDW.

What was our ROI?

We have reduced man hours using the product. We have definitely been able to leverage automation with it more than other products that we have used previously and other products that we are using.

What's my experience with pricing, setup cost, and licensing?

I recently switched from education to private business, and all I can say is that private business licensing from Microsoft is not cheap until you hit certain quantities or scale. That does not mean that it is not comparable to other industries. It is similar pricing, but it is still crazy to me how much you pay for a client. I feel it is high, but it is in line with other vendors.

Which other solutions did I evaluate?

We evaluated Cortex XDR, Carbon Black, and QRadar or whatever that solution was from IBM.

The Microsoft ecosystem is the main difference. Everything under the umbrella of the Microsoft security toolkit makes life easier when all the systems talk together nicely.

What other advice do I have?

To those evaluating this solution, I would advise first figuring out what your needs are. Figure out what levels of granularity you need in the system to see if it will support your needs. For example, if you have something like department-level control over devices, you might want to look at another system versus a central security solution that controls all devices. Beyond that, make sure your machines have the resources necessary to support the features you turn on in the environment. A lot of the resources in Microsoft Defender for Endpoint can be shut down for slower machines and older machines.

I would rate Microsoft Defender for Endpoint a solid nine out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Cyber Security Analyst with 1-10 employees
Real User
Sep 11, 2023
Enables us to see details on vulnerabilities and connections and it identifies any unauthenticated extensions
Pros and Cons
  • "I find the vulnerability management section of Microsoft Defender for Endpoint to be very useful for organizations."
  • "The time to generate certain alerts on our dashboard can take between 45 minutes to an hour, and I am unsure of the factors that influence this duration."

What is our primary use case?

We use Microsoft Defender for Endpoint to prevent traffic attacks. The solution displays each attack through Symantec. Therefore, we do not need to develop any use cases. It will detect anomalies using machine learning in Defender for Endpoint. It collects logs from the sensor, which include all mission data from the Windows sensor. The machine logs will then be sent to the cloud for analysis, and for every anomaly found, an alert is generated in our console.

How has it helped my organization?

Microsoft Defender for Endpoint provides comprehensive threat visibility. It allows for file analysis, checking unsupported files in the system, and accessing the Mission Live console. Unused files can be deleted, and suspicious files are analyzed and checked for viruses on the platform. In cases where a file has numerous detections from different security vendors, it is quarantined, blocking it in the organization. Care is taken to avoid quarantining legitimate files to prevent disruption. Additionally, there are numerous advanced configuration options available.

It helps us prioritize threats across our entire enterprise. We receive notifications for any advanced threats and can also identify if there is an advanced threat within our organization. Additionally, we can view the different priorities, such as high, medium, or low, and understand the severity of the alerts. For high and medium alerts, we can take immediate action, such as isolating the machines from the network.

We also utilize Microsoft Elastic Cloud and EnCase. I believe the integration is straightforward, but I was only responsible for monitoring after the integration had been completed.

Microsoft offers four products that can seamlessly work together and be accessed through one console. These products are Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, and Microsoft CloudApp Security. With the appropriate license, we can subscribe to all four solutions from the Microsoft security website.

Sentinel allows us to collect data from our entire ecosystem and seamlessly integrate the log files with an API.

Microsoft Sentinel allows us to investigate threats and respond swiftly from a centralized platform. We possess the capability to generate customized queries and delve deep into the logs.

Microsoft Sentinel also has built-in SOAR, UEBA, and threat intelligence capabilities. The playbooks make the security analyst's job much easier. If there is unwanted software, we can configure a notification from the playbook to send the user a message or block the IOCs.

Defender for Endpoint aids our organization by enabling us to monitor the antivirus status on devices to ensure they are up-to-date. We can also access vulnerability details that we can share with the vulnerability team to promptly apply necessary patches. Additionally, it allows us to identify any pending configurations, streamlining our security analysis process.

It helped eliminate having to look at multiple dashboards and gave us one XDR dashboard for everything.

Microsoft Defender for Endpoint's threat intelligence assists us in proactively preparing for potential threats before they strike. Any threats detected by Microsoft Defender for Endpoint are automatically blocked, while for those that are not, we have the option to block them manually.

What is most valuable?

I find the vulnerability management section of Microsoft Defender for Endpoint to be very useful for organizations. It provides details on vulnerabilities, connection, and software vulnerabilities, and identifies any unauthenticated extensions. The Secure Score option is also helpful for reviewing configurations. In a project to improve Secure Score, we reviewed configurations on a weekly basis and implemented changes gradually. Each section (Identity, Endpoint, Encryption) can be configured phase by phase, and the changes are tracked through a graph. Comparing our Secure Score with other organizations is also possible. From a security perspective, Microsoft Defender for Endpoint is easy to understand and facilitates advanced investigations.

What needs improvement?

The time to generate certain alerts on our dashboard can take between 45 minutes to an hour, and I am unsure of the factors that influence this duration. When I analyze the logs, I notice that some incidents occurred an hour before the alert was generated and sent to the console. This suggests that we are not detecting threats in real-time. Additionally, we encountered another issue with the dashboard while monitoring multiple organizations. One organization received a notification that 70 of their machines were at risk, while the other organizations only had five or ten machines at risk. Upon checking all 70 machines, we found no alerts or vulnerabilities in the logs. We submitted a ticket and provided the logs to Microsoft, but they were unable to offer a proper explanation for the triggered alert on those machines being at risk.

We were experiencing high CPU usage issues on the servers and found that Microsoft Defender for Endpoint was the root cause. We reached out to Microsoft and, after two weeks, they provided us with a solution to edit the registry keys and update the software.

For how long have I used the solution?

I have been using Microsoft Defender for Endpoint for two years.

What do I think about the stability of the solution?

The stability is good.

How are customer service and support?

The technical support team is good.

How was the initial setup?

The initial setup is simple. We can deploy using Microsoft SCCM and provide the onboarding package to SCCM. 

What's my experience with pricing, setup cost, and licensing?

There are different licenses, such as E3 and E5. With an E5 license, we can access all the solutions, which is better, but the cost is high. However, it is still valuable from a security perspective.

What other advice do I have?

I give Microsoft Defender for Endpoint an eight out of ten.

We deployed Microsoft Defender for Endpoint and CrowdStrike together in one organization. While Microsoft Defender for Endpoint displayed valid alerts, there were no alerts in CrowdStrike.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Danny Nagdev - PeerSpot reviewer
Founder at LetsReflect
Real User
Jul 25, 2023
Single console gives me a one-shot view of our whole infrastructure
Pros and Cons
  • "The solution's threat protection is mostly AI and machine-learning based. That is the most important feature of the product. It also offers centralized management so I can remotely manage devices."
  • "The automation could be simpler on the mitigation side. It has a learning curve. Otherwise, it's pretty easy."

What is our primary use case?

We use it for threat protection.

How has it helped my organization?

It protects my endpoints from malware and viruses. Those benefits were immediate.

And the automation of routine tasks, such as finding high-value alerts, had an immediate impact because I can see all the threats in a single console, and how they are mitigated.

It has also definitely eliminated having to look at multiple dashboards, giving me one XDR dashboard. It's really effective because it is very tough to handle two different dashboards or environment consoles. The single console gives me a one-shot view of the whole infrastructure, security-wise.

The solution also saves me time because there is no need to install it on all the machines. That is automated. Even the mitigation is sometimes automated, which definitely saves time. It saves me about 90 percent of the time I would otherwise spend on these things.

I have also seen a clear improvement in time to detect and respond. It is instant.

What is most valuable?

The solution's threat protection is mostly AI and machine-learning based. That is the most important feature of the product. It also offers centralized management so I can remotely manage devices.

In terms of visibility, it gives me all the threats. They are showcased in the management portal. I check there and it's nice.

We also use Microsoft Intune and Azure Information Protection and have them integrated with Defender For Endpoint. The integration was moderately difficult, slightly confusing, but it can be done. But the solutions work natively together to deliver coordinated detection and response. That is very important. Integration is one of the main things I look at. The fact that they work together is the best thing. The threat protection these solutions provide is very comprehensive and very detailed. They cover different aspects and layers of security and that's why it's very important to have them integrated.

What needs improvement?

The automation could be simpler on the mitigation side. It has a learning curve. Otherwise, it's pretty easy.

For how long have I used the solution?

I have been using Microsoft Defender for Endpoint for one and a half years.

What do I think about the stability of the solution?

It is a stable solution.

What do I think about the scalability of the solution?

It's also scalable.

How are customer service and support?

If I have any issues I can relate them to support. But they are quite slow in responding.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We used Sophos and we switched because of integration. 

How was the initial setup?

It's deployed on the cloud and the setup is quite fast. I just needed to add the machines and the deployment happened quickly. Within a day, we were up and running. It was straightforward and involved two people.

There is not much maintenance required.

What was our ROI?

We have definitely seen ROI, due to the fact that I only have one dashboard and one solution. Our ROI is around 20 percent.

What's my experience with pricing, setup cost, and licensing?

The cost is high, compared to other products in the market, if you look at it as a separate product. If you look at the cost where it is part of a bundle, the cost is okay.

What other advice do I have?

Defender for Endpoint doesn't really help to prioritize threats across the enterprise. It's more of a basic threat protection solution. It's more of a reactive approach, once something hits.

With a single vendor, it's much easier to detect alerts and threats beforehand. Having a single vendor helps.

I would recommend Defender For Endpoint. If you are using other Microsoft products, together, this is a better security solution.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2026
Buyer's Guide
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.