We changed our name from IT Central Station: Here's why
Mani MS
CRM & IT Head at a computer software company with 201-500 employees
Real User
Top 20
Provides real-time security, but requires time to understand how it works
Pros and Cons
  • "Its real-time security is the most valuable."
  • "I would like to see online updates for patches for this solution. I would also like to see online information about what is trending in the market in terms of spams, viruses, or trojans. It takes some time to understand how this solution works. A few things are unclear at the beginning, such as whether it actually restricts the virus or spam at the initial stage, or when there is a security update, how will we come to know and how will it get synchronized. It would be really helpful if there is some kind of knowledge base in the form of video, audio, or document that can explain in a user-friendly way the setup, features, risks, and process to mitigate the risks. Currently, I have installed endpoint security for every individual system. I could not install it like other endpoint solutions where we have a server and a client. It would be really helpful if Microsoft Windows Defender has a server-client based model so that I can save some bandwidth when it downloads or uploads features. It will be helpful if we have a LAN-based or WAN-based controlling system."

What is our primary use case?

We use MWD for detecting malware, viruses and protect from Ransomware.

How has it helped my organization?

We don't have third party software for EPS. We have started using Windows defender which is inbuilt one with windows to safeguard our systems from malware. It actually works as an anti-spyware program built to fight unauthorized access and protect our Windows computers from unwanted traffic. 

What is most valuable?

Its a complete free version which came as in-built with windows and has no impact on our system performance. We don't need an extra software to be installed for security concerns and virus a such. It is very easy to use comparing to other available software's in the market.

    What needs improvement?

    I would like to see online updates for patches for this solution. I would also like to see online information about what is trending in the market in terms of spams, viruses, or trojans.

    It takes some time to understand how this solution works. A few things are unclear at the beginning, such as whether it actually restricts the virus or spam at the initial stage, or when there is a security update, how will we come to know and how will it get synchronized. It would be really helpful if there is some kind of knowledge base in the form of video, audio, or document that can explain in a user-friendly way the setup, features, risks, and process to mitigate the risks.

    Currently, I have installed endpoint security for every individual system. I could not install it like other endpoint solutions where we have a server and a client. It would be really helpful if Microsoft Windows Defender has a server-client based model so that I can save some bandwidth when it downloads or uploads features. It will be helpful if we have a LAN-based or WAN-based controlling system.

    For how long have I used the solution?

    I have been using Microsoft Windows Defender for the last six months.

    What do I think about the stability of the solution?

    In my experience, Microsoft Windows Defender has never caused any issues as such. It is pretty much stable and has not affected the system resources as per my observation.

    What do I think about the scalability of the solution?

    The solution is easily scalable. I'm always trying to increase the usage to maximize the capabilities of the product offering. As soon as new capabilities appear I will expand usage to include them. 

    How are customer service and technical support?

    We never contacted their technical support. Indeed Microsoft technical support has always been great.

    Which solution did I use previously and why did I switch?

    I used to use McAfee & Norton as a different solution in my previous Organization.

    How was the initial setup?

    Its initial setup is fine. I did not find it too complex. We just installed and enabled it on all the systems.

    What about the implementation team?

    We implemented in-house. 

    What's my experience with pricing, setup cost, and licensing?

    I pay for it through the Windows Professional or Standard license. It is a one-time cost for me, and I use the same license.

    Which other solutions did I evaluate?

    No

    What other advice do I have?

    I would really recommend this solution because it is an in-built Microsoft product, and it is at the OS level. We don't require a new layer to install it as a software application. 

    I would rate Microsoft Windows Defender a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Senior Manager at RP Sanjiv Goenka Group
    Real User
    Top 5Leaderboard
    Good security, scales well, and automatically updates
    Pros and Cons
    • "The patch updates and version updates are very good. Those happen on an automated basis whenever I'm connecting to the organization network, either through LAN or through the VPN."
    • "The price, in general, could always be a little bit cheaper."

    What is our primary use case?

    We have a dedicated team that handles all security-related aspects of the solution, however, my understanding is that the solution helps guard the endpoints in our organization. 

    What is most valuable?

    Along with security, there are certain IT policies in terms of accessibility of different sites, which are there in the organization. With everything put together, there haven't been any instances where I have seen any kind of issues such as malware or other malicious event getting through on my laptop. From that perspective, everything is fine. 

    The patch updates and version updates are very good. Those happen on an automated basis whenever I'm connecting to the organization network, either through LAN or through the VPN. I never have to worry about anything being out-of-date.

    The solution scales well.

    I have found the stability to be good.

    What needs improvement?

    From a general user perspective, I don't see any further improvements needed. 

    The price, in general, could always be a little bit cheaper.

    For how long have I used the solution?

    I've used the solution for two years or so. It's not much more than that.

    What do I think about the stability of the solution?

    The stability of the product is good. I have not dealt with bugs or glitches. It doesn't crash or freeze. the performance is good. It's reliable. 

    What do I think about the scalability of the solution?

    The solution scales well. If a company needs to expand it, it can.

    We have 1,000 to 2,000 people on the solution currently.

    How are customer service and support?

    I've never directly dealt with technical support for issues related to Defender. Many years ago I had reached out to Microsoft support for an issue related to Visio, a different product.

    How was the initial setup?

    The initial setup is straightforward. There are certain automatic patches as well that keep on updating and those automatically install.

    I don't recall how long the product took to deploy. When any new laptop or anything is assigned in an organization, all these things are installed prior to coming to us. Therefore, I wasn't actually a part of the installation process. 

    We have a few contractors working with the in-house team. There may be around five to ten people. Any maintenance that is needed would be done by them.

    What's my experience with pricing, setup cost, and licensing?

    The pricing could be lower. That said, I cannot speak to the exact costs involved as I do not directly deal with that aspect of the product. I'm unsure if the company is set up with a monthly or yearly subscription package. 

    What other advice do I have?

    I'm just a customer and an end-user.

    I'd rate the solution at an eight out of ten. I've been very pleased with how it has worked for me over the last two years. 

    I would recommend the solution to others, however, I'm just a passive end-users and not as technically involved as those deploying the solution in our company. However, from my perspective, there has never been an issue on my machine with malware and therefore it seems to be doing what it's designed to do.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
    564,143 professionals have used our research since 2012.
    Vijay-Pandey
    Delivery manager at a computer software company with 201-500 employees
    MSP
    Top 5
    One-stop solution with data capture, analytics, and threat intelligence
    Pros and Cons
    • "It captures data through machine learning, which is built-in on the back-end. It also provides built-in analytics and a threat intelligence feature. It is a one-stop solution that doesn't require an antivirus because it comes prebuilt into Windows 10."
    • "Sometimes, there are different skews. In a basic skew, they should have basic log analysis without the need to integrate with any third-party or SIEM solutions, like Sentinel. This would make it so much easier for users who don't have log collection or log analysis."

    What is our primary use case?

    I lead a delivery team. I have a team of about 20 technology specialists and we do the deployment for Microsoft Defender.

    Instead of having a third-party antivirus, then you can have a Microsoft ecosystem for your entire endpoint protection. 

    What is most valuable?

    This solution has its own sensors, which is its best feature. It senses the behavior of your endpoints, whether it is logged in from a particular location or external of that location. 

    It captures data through machine learning, which is built-in on the back-end. It also provides built-in analytics and a threat intelligence feature. It is a one-stop solution that doesn't require an antivirus because it comes prebuilt into Windows 10.

    What needs improvement?

    Sometimes, there are different skews. In a basic skew, they should have basic log analysis without the need to integrate with any third-party or SIEM solutions, like Sentinel. This would make it so much easier for users who don't have log collection or log analysis.

    For how long have I used the solution?

    We have been using it for a year.

    What do I think about the stability of the solution?

    This solution is very much stable.

    What do I think about the scalability of the solution?

    This solution is scalable. It is a cloud solution.

    If you have the Microsoft Azure ecosystem, you can collect logs and view them through Sentinel. You can also onboard your devices within Intune. 

    You can integrate Microsoft Defender for Endpoint with different Microsoft solutions, e.g., Defender for Cloud, Sentinel, Endpoint Manager for onboarding of Intune, and Defender for Office 365.

    We have a large number of customers.

    How are customer service and support?

    Premium support is okay. Professional support is not as good because it is free. You must wait because you are not paying.

    How was the initial setup?

    The initial setup was straightforward. There was nothing rocket science to it. It didn't take much time as we just enrolled the device and assigned the licenses, then it was done.

    You just prepare it, doing a license evaluation licensing and some network configuration, then you can onboard your device.

    What about the implementation team?

    We do the implementation ourselves. We find it easy to deploy. We help customers adopt the solution and get better ROI.

    What's my experience with pricing, setup cost, and licensing?

    They have to pay for the Defender license. There are different licenses and skews, such as Plan 1, Plan 2, or the trial.

    You do not need to pay any additional costs for antivirus and anti-malware solutions for endpoint protection. 

    What other advice do I have?

    Anyone on Windows 10 Enterprise should choose this solution.

    It really depends on the volume. You need one senior architect who can just define the entire thing: the device, network configuration, etc. You will also need some Level 1 engineers who need to keep on monitoring the devices and do onboarding. If they are using the latest version of Windows 10, then you can do the onboarding via Intune, Endpoint, etc. 

    My rating for this solution is an eight out of 10.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    Oleksii-Shcherbatiuk
    IT Director at Innovecs
    Real User
    Provides a centralized console and supports all the platforms that we use
    Pros and Cons
    • "It's an enterprise solution that provides a centralized console and it supports all the platforms that we use, including Windows, Linux, Mac, iOS, and Android."
    • "Microsoft should improve support for third-party platforms, because not all functionality is available for all of them. It's a good product, but they should just extend the functionality for all platforms."

    What is our primary use case?

    It's an XDR (Extended Detection and Response) system.

    What is most valuable?

    It's an enterprise solution that provides a centralized console and it supports all the platforms that we use, including Windows, Linux, Mac, iOS, and Android. Microsoft Defender is embedded in Windows and is a basic anti-virus, but Defender for Endpoint is an enterprise-grade XDR system.

    What needs improvement?

    Microsoft should improve support for third-party platforms, because not all functionality is available for all of them. It's a good product, but they should just extend the functionality for all platforms.

    For how long have I used the solution?

    I have been using Microsoft Defender for Endpoint for about three months.

    What do I think about the stability of the solution?

    It's quite stable. Sometimes it can overload the CPU of endpoints, but Microsoft provides ways to solve this problem.

    What do I think about the scalability of the solution?

    Microsoft Defender for Endpoint is scalable. It's the ground-level service for other Microsoft security services. Microsoft provides a full range of security services and you have the ability to extend it anytime and in a simple way. You can scale the range of security services by just buying the license and implementing some extra service.

    We have close to 200 users in our organization, but we plan to deploy this product to the whole company, with a total of nearly 800 people.

    How are customer service and support?

    We have not had to contact Microsoft's technical support because we get support from our partner.

    How was the initial setup?

    When it comes to the initial setup, Microsoft is very strong in that area and it is very simple. That's why we use it in our company. Some products are hard to deploy. Another solution was declined because it was not possible to roll it out in a bigger company.

    We don't have a dedicated person to maintain the solution. Two people share the role. One is a Layer-1 specialist who maintains a daily routine, and the other is a Layer-2 engineer.

    What about the implementation team?

    We started to install this product for ourselves, but Microsoft proposed some different kinds of programs in which an integrator helps key customers deploy services and products. We accepted the proposition and we are happy we did so because the partner was very professional with very deep experience with the product.

    What's my experience with pricing, setup cost, and licensing?

    Microsoft has different plans for buying this product. The price depends on the configuration of the full set of products that you buy and on the licensing program in your contract. Microsoft provides a flexible licensing program and you can choose what you want.

    Which other solutions did I evaluate?

    The pros of Microsoft Defender for Endpoint are that it's simple to deploy and has all the required functionality. The drawback is that it lacks some functionality for other platforms, such as Linux.

    What other advice do I have?

    I would recommend implementing this solution together with a certified partner. That will help to avoid a lot of mistakes and save you money, because licensing is a big part of the project.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    EMEA IT Infrastructure Manager at a consumer goods company with 5,001-10,000 employees
    Real User
    Top 10
    Works well as part of an overall security solution and has no impact on end-users
    Pros and Cons
    • "Defender has very little impact on the end-user and the agent works quite well with a minimal impact on the client and server."
    • "Cortex... has good investigation capabilities, out-of-the-box, in case there is an event that you'd like to investigate. It's quite convenient. Microsoft has those capabilities as well, but you need a bit more training on the product to get the basic information that you can get out-of-the-box with Cortex."

    What is our primary use case?

    We use it for endpoint security.

    How has it helped my organization?

    When looking at the ecosystem as a whole, security-wise, Microsoft provides a complete solution with the E5 Security suite. Microsoft has a big advantage because Defender knows how to interact with the CASB and all the other security components that you have. Overall, that makes the management of the environment much easier. It's easier to understand what's going on, to become aware of risks, and to take action.

    What is most valuable?

    • Defender has very little impact on the end-user.
    • The agent works quite well with a minimal impact on the client and server.
    • It's very easy to deploy it.

    For how long have I used the solution?

    We did a trial of Microsoft Defender for Endpoint for about three months, and now we are in the process of rolling it out.

    How was the initial setup?

    We have about 4,300 users of Defender and it took two days to have it fully deployed. With Cortex it took some time. With Cortex, we had some 500 clients that we had to investigate because for some reason they did not get the agent immediately and we had to do some tweaking to get it to all the end-users.

    What about the implementation team?

    We used consultants for the deployment of both Cortex and Defender.

    Which other solutions did I evaluate?

    We gave Palo Alto Cortex XDR a try and we are now in the process of removing it and going to Microsoft Defender for Endpoint. I have experience with both of them.

    Cortex has quite good management capabilities that give IT organizations quite a good picture of attempted cyber attacks. It has good investigation capabilities, out-of-the-box, in case there is an event that you'd like to investigate. It's quite convenient. Microsoft has those capabilities as well, but you need a bit more training on the product to get the basic information that you can get out-of-the-box with Cortex.

    The onboarding process with Defender is much easier. In two days we were able to deploy it to our whole organization. Cortex is much more cumbersome. But the onboarding process is not the issue. A more important difference is that once you have security risks that you would like to mitigate, Cortex more easily gives you information regarding the threats. Microsoft gives you exactly the same information, but you have to know how to dig a bit more and do some manual steps that, with Cortex, are more straightforward.

    The main issue that we had with Cortex, and the reason we decided to roll back and go to Defender, is that Cortex has a horrible impact on the performance of the system. For an enterprise-level organization, it kills the system. Users were complaining that when moving between emails in Outlook it would take a lot of time, creating a lot of delays and timeouts. Web browsing and every action on their computers took much more time than usual with Cortex.

    What other advice do I have?

    I would rate Defender a nine out of 10, while Cortex XDR is a five out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Fred M
    Chief Executive Officer at Apollo Asset Management Company
    Real User
    Its files and folder protection ensures no changes can made to endpoint folders and files without the user being aware
    Pros and Cons
    • "It is quite stable. We have not had any cases, i.e., viruses, that would require a reboot, etc. We have never had a situation where we needed to reinstall the tools as a result of the Defender application or a feature being corrupt."
    • "The folders and files protection are its most valuable features. These have been valuable because of the increase in ransomware attacks. With these two features, I can ensure that no changes have been made to our system or endpoint folders and files without the user being aware."
    • "I wish they would extend the use of the Security Central portal, even for the free option of Defender. Because, as companies grow, it is labor intensive to manage the AV and detection part of it. For companies already subscribed to Office 365, I think this would be a good enhancement."

    What is our primary use case?

    We are using it as the antivirus as well as the malware protection.

    How has it helped my organization?

    We have not had any attacks, in terms of viruses, worms, or ransomware, in the last three years.

    The impact of the solution has been minimal. Employees can work with any interruptions.

    What is most valuable?

    The folders and files protection are its most valuable features. These have been valuable because of the increase in ransomware attacks. With these two features, I can ensure that no changes have been made to our system or endpoint folders and files without the user being aware.

    What needs improvement?

    I wish they would extend the use of the Security Central portal, even for the free option of Defender. Because, as companies grow, it is labor intensive to manage the AV and detection part of it. For companies already subscribed to Office 365, I think this would be a good enhancement.

    For how long have I used the solution?

    I have been using it for three years.

    What do I think about the stability of the solution?

    It is quite stable. We have not had any cases, i.e., viruses, that would require a reboot, etc. We have never had a situation where we needed to reinstall the tools as a result of the Defender application or a feature being corrupt.

    Four IT support technicians are responsible for administrating Microsoft Defender in our organization. They make sure that upgrades and updates are done in a good timeframe.

    What do I think about the scalability of the solution?

    Its scalability is good enough. As long as you deploy the OS, you will keep on deploying Microsoft Defender automatically. This is a good option.

    We have about 375 endpoints.

    How are customer service and technical support?

    I have never used their support.

    Which solution did I use previously and why did I switch?

    Before Microsoft Defender, we were using Bitdefender. Before Bitdefender, we were using McAfee Symantec.

    We switched to Microsoft Defender because there was a change of ownership for the company in 2017.

    We went for Microsoft Defender once we were informed that it would be part of our Office 365 package. So, we combined the licensing for the OS with Office 365. Yeah. We thought it was a good bargain.

    How was the initial setup?

    The initial setup was straightforward.

    The deployment takes a maximum of half an hour.

    What was our ROI?

    We have seen ROI. Most of the other competing alternatives will cost up to around $30 per user device. We average 400 devices. Therefore, the amount that we save each year is 400 times $30.

    What's my experience with pricing, setup cost, and licensing?

    We have been using the free version.

    What other advice do I have?

    Microsoft Defender is good enough as long as you ensure the environment is well-patched and secure, then even the free option will be sufficient to take care of the entire ground.

    We are not looking to increase usage at the moment because of the underlying economic situation.

    I would rate this solution as nine out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Product Manager at a comms service provider with 501-1,000 employees
    Reseller
    Top 5
    Good management over endpoints but the technical support needs to be improved
    Pros and Cons
      • "The scanning is slow when it is working with incoming emails."

      What is our primary use case?

      We are a system integrator and I specialize in practically everything that is security-related. This is a product that we sell as part of Office 365, and rarely as a standalone solution.

      Usually, if we have a customer with Office 365 and they need this type of solution then we increase the subscription to a point where it is included.

      From the user's point of view, this is classic anti-virus software. From a management point of view, this product gives better control over endpoint devices because some processes can be stopped remotely. If you have a person that is watching over the system then they have a higher level of control over endpoints.

      What is most valuable?

      This is a cloud-based product so it is always updated by the end-user.

      What needs improvement?

      They have to improve the email scanning where email is coming from somewhere other than our private network. The scanning is slow when it is working with incoming emails. Often, I can see the email but the scanning process is not finished and I cannot open the attachment. In general, the scanning has to be faster.

      What do I think about the stability of the solution?

      This solution looks stable. Provided that Windows 10 is updated, everything is okay.

      How are customer service and technical support?

      I have not been in contact with technical support in regards to this product. However, technical support for Microsoft products is always of bad quality. In my experience, if you cannot find the solution yourself then you will have a huge problem because it is not an easy task to have them understand and support you.

      You can lose a lot of time explaining the problem before you receive something that works.

      My advice to is look for a good support library and try to find the solution yourself. This means that you don't need to contact support.

      Which solution did I use previously and why did I switch?

      We have worked with many different security solutions. For example, we are selling a Security Operations Center as a service. We implement EDR, Privileged Access Management, Identity Management, anti-fraud solutions, web application firewalls, database security, and more. We are working with practically everything in cybersecurity.

      We are working with between 10 and 15 different vendors. Sometimes, this is too many, but it is useful to have information about each product, its quality, and how it compares to others. Two products that we are working with now are Cisco AMP and Carbon Black.

      What's my experience with pricing, setup cost, and licensing?

      There is a free version of Windows Defender, although the paid version has EDR functionality. We sell this product as part of Office 365 and it is not expensive.

      What other advice do I have?

      I have never touched this product. I'm just selling it, and I don't recommend it to anybody as a standalone solution.

      I would rate this solution a five out of ten.

      Which deployment model are you using for this solution?

      Public Cloud

      If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

      Microsoft Azure
      Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
      Cyber Security Consultant at a consultancy with 11-50 employees
      Real User
      Top 5
      Stable, easy to use, and easy to install
      Pros and Cons
      • "The most valuable feature is that it comes with the package, so there is no additional installation of third-party software. It's also easy to use."
      • "Microsoft Defender could be improved with features more like the McAfee ePO. It would be better if I had a console to get all the information for my endpoints. Maybe this is too much for it, but it would be better if it could handle those non-signature-based malicious codes or viruses."

      What is our primary use case?

      Our primary use case of this solution is endpoint protection. In general, we use it to protect our devices, rather than using third-party software. 

      This solution is deployed on-prem. 

      What is most valuable?

      The most valuable feature is that it comes with the package, so there is no additional installation of third-party software. It's also easy to use. 

      What needs improvement?

      Microsoft Defender could be improved with features more like the McAfee ePO. It would be better if I had a console to get all the information for my endpoints. Maybe this is too much for it, but it would be better if it could handle those non-signature-based malicious codes or viruses. In the future, more and more non-signature-based activities or viruses will appear, which you can see in the market with software like CrowdStrike or other products that target non-signature-based attacks. 

      There are two groups: one is signature, which means that people know it, and the other is non-signature, which means that these are abnormal activities unknown to people. If Defender could also handle those non-signature-based attacks or abnormal activities, it would be better. 

      For how long have I used the solution?

      I have been using Microsoft Defender for one or two years. 

      What do I think about the stability of the solution?

      This solution is quite stable. In our opinion, it's similar to those signature-based antivirus software, and almost at the same level. 

      What do I think about the scalability of the solution?

      There are about five or six users of Microsoft Defender in my organization, because we are not very big. Other people and other teams like to have different end device software. 

      How are customer service and support?

      We have a support contract with Microsoft, so we have a ticket system where we can pass questions to them. These things are handled by the help desk people, though, not me. 

      How was the initial setup?

      It's not difficult to install Microsoft Defender. I don't remember how much time it took, but the process is easy. 

      What's my experience with pricing, setup cost, and licensing?

      We pay a yearly license for Microsoft Defender. We also have a support contract with them. 

      Which other solutions did I evaluate?

      I wish that Microsoft Defender had a feature like McAfee's ePO, where I could have a console to get all the information for my endpoints. I also evaluated CrowdStrike because it can target non-signature-based attacks.  

      What other advice do I have?

      I rate Microsoft Defender an eight out of ten. I would recommend it to others, but it depends on whether they have their own policy for deploying antivirus products. It's good for some users who have some preferences—who need to follow their security policy or who have some budgeting issues. 

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Flag as inappropriate
      Buyer's Guide
      Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.