Rupesh Singh - PeerSpot reviewer
Technical Team Lead at Alepo
MSP
Top 5
Effective firewall capabilities, regular antivirus updates, and it is preinstalled with Windows
Pros and Cons
  • "The most valuable features are the Windows Firewall and the regular virus definition updates. These features are very helpful and have helped to improve our security."
  • "This solution needs to move beyond relying on virus definitions alone and protect the system using behavioral analysis of the processes that are running."

What is our primary use case?

We use Microsoft Defender Antivirus for antivirus protection as part of our endpoint security solution. It protects our systems against attacks from any virus, malware, or trojan. 

How has it helped my organization?

We rely on this product for endpoint protection in our organization because we have not subscribed to any antivirus, apart from Microsoft Defender. It comes for free with our Windows subscription and it has improved the way our organization functions because there have been no virus attacks to date on our laptops.

It has not negatively affected our end-user experience.

What is most valuable?

This solution takes care of most of the infections that are found in the system, and it comes included with Windows. These are the two main advantages of using it.

The most valuable features are the Windows Firewall and the regular virus definition updates. These features are very helpful and have helped to improve our security.

What needs improvement?

Microsoft Defender protects the computer by using virus definitions that we download through regular updates but nowadays, cybersecurity attacks have become more intelligent. This solution needs to move beyond relying on virus definitions alone and protect the system using behavioral analysis of the processes that are running. These can be vulnerable points and if a process causes a glitch in the system, it should be quarantined. Moreover, enhancements of this type should not detract from system performance. There should be no slowdown on the laptop, for example.

Buyer's Guide
Microsoft Defender for Endpoint
November 2022
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,465 professionals have used our research since 2012.

For how long have I used the solution?

I have been using Microsoft Defender Antivirus since I started using Windows 7, more than eight years ago.

What do I think about the stability of the solution?

Stability-wise, it is good, and it performs very nicely.

What do I think about the scalability of the solution?

The scalability is fine. We had more than 300 devices that are being protected.

How are customer service and support?

I have never had an opportunity to speak with technical support because everything has always worked very smoothly. As we have experienced no issues at all, we never contacted support.

Which solution did I use previously and why did I switch?

Prior to using Microsoft Defender, we used McAfee and Avast Antivirus.

One of the main reasons that we switched away from McAfee is that it required purchasing a subscription. With Microsoft Defender, it is included with Windows. When we install the operating system, it is already there and we don't have to purchase an additional antivirus product.

For security, aside from a traditional antivirus, we have purchased the SentinelOne Endpoint Security solution. This product is more enhanced when compared to an antivirus product. It is modern and has better threat intelligence than other products. I don't know SentinelOne very well yet, as we have just purchased the subscription, but I know that the difference between products is not based on virus definitions.

SentinelOne has intelligence on the cloud and many other security features including the blocking of domain names, and the blocking of USB drives that users plug into their laptops. Although it has many more features than legacy antivirus software, I have no complaints about the performance of Microsoft Defender.

One of the reasons we are more heavily relying on endpoint security is that everybody is working from home and using the internet for work. This transition was made within the last two or three months. When people were working in the office, the firewall afforded them protection. However, as it is now, the endpoints are more vulnerable to attack. This is why we now rely more heavily on SentinelOne.

How was the initial setup?

Microsoft Defender comes preinstalled with the Windows operating system, so we do not have to deploy it separately.

What's my experience with pricing, setup cost, and licensing?

The subscription is part of Windows, so we don't have to pay anything extra for this product.

What other advice do I have?

This is definitely a product that I recommend people use because first of all, you do not have to pay anything extra to use it. The performance is very smooth and it protects your system, which is very much needed. All in all, I would say that this is a good antivirus solution.

I would rate Microsoft Defender Antivirus an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
‎Infrastructure Analyst at a energy/utilities company with 1,001-5,000 employees
Real User
Top 10
Covers almost all threats, doesn't slow down systems, and helps with compliance and business uptime
Pros and Cons
  • "It doesn't cause the slowness of the system, which is one of the reasons why I like it."
  • "They should bring back the feature of a dedicated proxy device for communication to the cloud. As of now, all the agents are required to send the logs directly to the cloud. There should be a solution where you can put a proxy and all the logs are consolidated, like a forwarder."

What is our primary use case?

I have tried so many antiviruses personally, but this one is integrated with the operating system. That's one of the main reasons for considering this.

How has it helped my organization?

The main benefits are compliance and protection from threats.

It helps us to avoid disruption in the business. It helps us see if other solutions are causing any slowness to our end-user machines. We can see if there are any service availability issues. Operations-wise, it helps us a lot to maintain the uptime of our business.

It helps us prioritize threats across our enterprise, which is very important and one of our priorities.

We have the Defender for cloud applications. It's very easy to integrate. It's straightforward. These solutions work natively together to deliver coordinated detection and response across our environment, which is very important for us.

We did extensive testing of its functionality, and it's very effective. It covers almost all the new, unknown, and known threats. 

It helps automate routine tasks and the finding of high-value alerts, which is helpful for incident response and SLAs. It has saved us 50% of the time to respond to the incident.

It helps us to be proactive. It can detect unknown threats and alerts us. We're able to identify any malicious sign-ins or logins. 

It has decreased our time to detect and respond. Previously, we were doing it manually. It took one hour to two hours to detect and respond. Now, it takes us minutes.

What is most valuable?

It has very good detection and protection capabilities. They have a new feature for ransomware protection. 

It doesn't cause the slowness of the system, which is one of the reasons why I like it.

What needs improvement?

There is complexity in accessing the dashboard. Microsoft security suite has a different URL per service or per application. If there was one single place of information, that would help.

They should bring back the feature of a dedicated proxy device for communication to the cloud. As of now, all the agents are required to send the logs directly to the cloud. There should be a solution where you can put a proxy and all the logs are consolidated, like a forwarder.

For how long have I used the solution?

I've been using it for about five years.

What do I think about the stability of the solution?

It's very stable.

What do I think about the scalability of the solution?

It's very scalable. We have deployed it only to 250 endpoints for now. It's not enterprise-wide. We have plans to increase its usage.

How are customer service and support?

I haven't encountered many issues so far. Their support is good. I would rate them an 8 out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used another solution. The switch over to this solution was a management decision.

How was the initial setup?

We have a hybrid deployment with the Microsoft Azure cloud. The initial setup was complex. There were some issues because a lot of prerequisites needed to be accomplished. It took us about three months.

We had a staged approach. We first onboarded non-critical assets and then moved to critical assets.

It takes time to realize the benefits from the time of deployment. It took us about two years.

What about the implementation team?

We had around five people for deployment. Some of them were testers, and some of them were admins for the configuration and deployment of agents.

It requires maintenance. We have cloud administrators and desktop support for endpoints.

Which other solutions did I evaluate?

We did look into other solutions. We have criteria for evaluation. The features that stood out were their reputation and innovation.

What other advice do I have?

I would recommend Microsoft Defender. They are a leader, and they have many deployment use cases. However, it also depends on the requirements of a company. There is no one-size-fits-all. Each company has its own unique requirements.

I would rate it an 8 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Microsoft Defender for Endpoint
November 2022
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,465 professionals have used our research since 2012.
Technical Support Engineer at a tech services company with 51-200 employees
Real User
Top 20
Offers cloud protection and comes embedded with Windows, but isn't very robust
Pros and Cons
  • "The solution's main antivirus capabilities are okay. So far, they have kept us safe."
  • "The solution could use improvement on the interface."

What is our primary use case?

The solution is basically an antivirus and is used to protect users from a number of things. Mainly, the solution protects against cyber-attacks and defends a user from viruses so that files are protected. Of course, it will be very important to have a big antivirus in place so that companies are protected from big attacks. Windows Defender does not really do that.

What is most valuable?

The solution's main antivirus capabilities are okay. So far, they have kept us safe.

There is cloud protection as well, however, we don't utilize that very much.

What needs improvement?

The solution does not have deep protection. Sometimes you find that you have some virus attacks. Most times we're on the internet. As you search so many websites, chances are high you visit sites that are fraudulent. There could be cases like phishing, where software could be embedded in some websites or some other viruses could come into your PC under Windows Defender. The security is basically limited. It's not so strong, in my understanding. It could be more robust.

The solution could use improvement on the interface. Most different Defender software comes with a different graphical user interface and some tend to be a bit complex. They should work to make the interface more user-friendly for basic users. For myself, as an IT person, it's fine, however, for a layperson, the interface might be a bit confusing.

It would be nice if they would collect user ratings and feedback. It would help them find ways to better add features and add-ons in the future.

The dashboards always have room for improvement.

For how long have I used the solution?

We've been using the solution for over two years now. 

What do I think about the stability of the solution?

For the most part, free things are not as effective as licensing or something you purchase. That's why many times our clients ask for a licensed antivirus such as Kaspersky. Our clients do ask for licensed Kaspersky or BitDefender, or other antiviruses. Windows Defender, which is just a free version, is not as effective. It doesn't have deep support or deep protection.

What do I think about the scalability of the solution?

We have ten people in our office and everyone is currently using the solution. That's just in our Ugandan office. We have head office in India, for example, and they may use it there as well.

How are customer service and technical support?

I've never reached out to Microsoft's technical support. We haven't had issues that would require us to. I can't speak to their level of service.

Which solution did I use previously and why did I switch?

We have clients that also ask to license Kaspersky or BitDefender for added protection.

How was the initial setup?

The initial setup is not complex. We don't have a deployment or installation process, as the solution comes pre-installed with Windows. It's just the default software. It's part of their offering. We don't have to do anything separately.

What's my experience with pricing, setup cost, and licensing?

There isn't really a licensing process. The solution was pre-installed by default. It simply comes with Microsoft Windows.

What other advice do I have?

We are Microsoft resellers.

The solution is not on the cloud. Our office is small. We use independent computers. It's not in a structured network environment. We just use a small wireless network. As individuals, we are using it on small computers.

In my region, I would not necessarily recommend this solution. I'd still advise my clients to have other antiviruses unless I get to know that there is a licensed version of Windows Defender that Microsoft is selling and licensing. I still go ahead to advise my clients to buy other antiviruses, which are more effective. Kaspersky, for example, is a good option.

I would rate the solution at a six out of ten. There are other more robust antiviruses on the market that you can license.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
AJITH H G - PeerSpot reviewer
Modern Workspace Solution (Technical Specialist - Managing Consultant) at GFI India
Consultant
Top 20
Centralized device management, advanced threat detection, and it's cost-effective
Pros and Cons
  • "We apply the DLP policies across a range of endpoints and it is very accurate when reporting vulnerabilities, including those in email attachments."
  • "It would be helpful if they included XDR features, on top of the EDR functionality."

What is our primary use case?

We are using this product as part of our EDR solution, and we use it in conjunction with CrowdStrike. We are a solution provider and this is one of the products that we deploy for our clients.

How has it helped my organization?

This product has features that improve our security posture including good vulnerability detection, maintaining endpoint devices, and unified management. The management feature allows us to manage all of our devices from a single location.

The advanced techniques used by Microsoft Defender are improving our user experience. Our users used to complain that they didn't need certain features, but this was because the legacy antivirus and other EDR solutions were hampering their usage. Nowadays, vulnerability detection is very effective and they are comfortable with the security, as well as the administration, giving them a better overall experience.

What is most valuable?

The most valuable feature is threat detection. We have been notified of viruses and threats of problems such as ransomware attacks.

The Cloud App Security features are useful.

We apply the DLP policies across a range of endpoints and it is very accurate when reporting vulnerabilities, including those in email attachments.

Microsoft Defender integrates well with Office 365.

Especially these days, with the COVID situation, this product helps us to better reach our users and solve problems. For example, we no longer need to ask them to bring in their laptop to check for and address issues. We can apply policy, automatically define rules, and remedy problems using the central management features. 

What needs improvement?

It would be helpful if they included XDR features, on top of the EDR functionality. It would improve the capabilities, as XDR solutions are doing better.

For how long have I used the solution?

I have been working with Microsoft Defender for Endpoint for almost a year, with the E5 licenses.

What do I think about the stability of the solution?

Stability-wise, it is responsive and I don't see any drawbacks. They have additional features that make it a little more robust.

What do I think about the scalability of the solution?

Scalability-wise, considering the integration that they have, it's good. For example, it can be integrated with Azure Sentinel. We have two or three people who work with managing and deploying this product.

We deploy across Qatar and currently have about 68,000 endpoints protected with Defender. Our usage will increase based on the number of clients we have that buy the product. Ultimately, it depends on the licensing model.

Which solution did I use previously and why did I switch?

Prior to working with Microsoft Defender, we used CrowdStrike and SentinelOne. We switched because these other products are standalone, and require that we install and maintain them manually. Microsoft Defender is unified and comes as part of Microsoft 365, which makes it easier to set up and manage.

The advantage that these other products have is the XDR features.

How was the initial setup?

The initial setup is straightforward. We deploy this product using Microsoft Intune, which is very helpful. It took us one month to deploy approximately 5,000 users. We had a specific plan that we followed for the implementation. 

What about the implementation team?

I completed the deployment.

What's my experience with pricing, setup cost, and licensing?

This product offers cost-effective threat protection, which integrates with Office 365 and has unified endpoint management features.

We currently use the enterprise-level, E5 licensing scheme. It is a complete bundle that includes the Microsoft 365 products, the Zero Trust solution, and Microsoft Defender.

The E5 license is the one that I recommend because it comes with Cloud App Security, which is a good thing to have on top of Microsoft Defender. It means that you can monitor any threats, sign-in attempts, and other resources whether on the cloud or on-premises.

What other advice do I have?

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Delivery Practice Director at a computer software company with 201-500 employees
MSP
Top 5Leaderboard
A stable and scalable enterprise endpoint security platform that's easy to set up and deploy
Pros and Cons
  • "I like that it's easy to deploy because it already comes with Windows 10. Overall, it has all the features that we need. Easy to deploy, comes with updates, and comes with Windows updates. You don't have to really manage or update the signature."
  • "Integration with third-party vendors could be better. It would be better if it integrates with other protection solutions or other products outside of Microsoft. Nowadays, anti-virus protection doesn't really have to be planned as overall protection for your environment in terms of security. There are really different avenues that bad actors can take to wreak havoc on your machine."

What is our primary use case?

We use it to protect computers or endpoints from any malicious software, malware, and other viruses. You have to use this one as part of your overall protection plan.

How has it helped my organization?

The deployment of Microsoft Defender for Endpoint is a no-brainer when it comes to Windows. When you provision a new laptop for your environment, it comes with it. We use Intune to be seen on the cloud for centralized management. There's actually a console where you can go in and manage it properly, and we use Intune to deliver the onboarding.

What is most valuable?

I like that it's easy to deploy because it already comes with Windows 10. Overall, it has all the features that we need. Easy to deploy, comes with updates, and comes with Windows updates. You don't have to really manage or update the signature.

What needs improvement?

Integration with third-party vendors could be better. It would be better if it integrates with other protection solutions or other products outside of Microsoft. Nowadays, anti-virus protection doesn't really have to be planned as overall protection for your environment in terms of security. There are really different avenues that bad actors can take to wreak havoc on your machine. 

We don't just use anti-virus. That's really like a traditional way of doing it. We have different kinds of protections. We have our advanced threat protection for email, and we have advanced threats analytics for domain controllers for servers. We use all those. 

For how long have I used the solution?

I have been using Microsoft Defender for Endpoint for three or four years.

What do I think about the stability of the solution?

It's very reliable and very dependable. I don't see any issues with it. In fact, it's the best product I have used because it's integrated with Windows 10. It doesn't eat up resources while running like other products. It's a really well-thought product.

What do I think about the scalability of the solution?

It can scale as much as you want. It installs a very low footprint on your laptop, but the management is cloud-based.

How are customer service and technical support?

Technical support is average. We call technical support very rarely for this particular product, but it's actually hit or miss with Microsoft. Sometimes you get a good person on the other line. Sometimes you get someone that's slow in providing support.

Which solution did I use previously and why did I switch?

I've used many products in the past, and I liked this one because I can't really find that many issues with it. I used McAfee, Symantec, CrowdStrike, and different anti-malware and anti-virus programs, but this seems to be good.

We switched because we're Microsoft partners, and we're actually kind of biased about it. We also implement other products because some of our clients use them. It's very hard to convince them to go with another product. Sometimes because of the existing subscriptions, they are unable to make the switch.

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?

We are a Microsoft partner and consultants. We implement these solutions.

What's my experience with pricing, setup cost, and licensing?

Microsoft Defender for Endpoint comes with Windows 10, and it's free. But for you to be able to manage it in the cloud and use the console, you need to have either an Office 365 E5 subscription or a Microsoft M365 subscription. You need to buy an extra license.

What other advice do I have?

If you're looking for anti-virus software, use the one that comes with Windows 10, and save your money.

On a scale from one to ten, I would give Microsoft Defender for Endpoint a ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
ZakiAhmad - PeerSpot reviewer
Principal Architect at KAS IT Global
Real User
Reliable with a good online community and an easy initial setup
Pros and Cons
  • "It does not make Windows slow, as compared to all of the third part antiviruses."
  • "We would like more customization."

What is our primary use case?

The solution is primarily used for antivirus and malware protection.

How has it helped my organization?

It definitely improves the organization in terms of security and productivity. We integrate the Defender with the Microsoft Cloud platform as well. It provides us with sandboxing and other functionalities in real time, where we can have the protection we need. 

It's integrated with advanced threat analysis so we can see how the threat is coming into our network, what it is doing, and more. We can see everything step by step if a threat comes, including how this threat impacted the organization, et cetera.

What is most valuable?

The first thing which I noticed is that it is completely compatible with Windows. It does not make Windows slow, as compared to all of the third part antiviruses.

The stability has been good.

Technical support is helpful and they have a very robust online community as well.

The product can scale very well.

What needs improvement?

We would like more customization, actually. They're not too customizable. We'd like the flexibility to be able to set some applications on a white list. We need more options. 

For how long have I used the solution?

I've used the solution for approximately five years. 

What do I think about the stability of the solution?

The solution is stable and responsive. 

What do I think about the scalability of the solution?

We have the solution deployed to around 350 users across four different locations.

It can scale to the thousands and thousands. I have seen customers here, some have approximately 12,000 devices and they're running that one program and it's going far without any issues. 

How are customer service and support?

Technical support is good. They know things about the solution. The best part is that if anything happens, the Microsoft community is so big that any problem comes up, you can also just Google it and you will get the solution.

Which solution did I use previously and why did I switch?

We used McAfee and another solution as well and they both are great and amazing, however, they make PCs slow and every time something happens you have to call the vendor and they will help you support. The difference is, with Defender, it doesn't slow things done and you never have to call Microsoft.

How was the initial setup?

The initial setup is very straightforward. IT is actually my default. We actually helped our end-users with system centers, integrated Defender updates, Defender itself, patching, and Defender configuration using the consent and configuration manager. It's simple. It's not complex to set it up or manage.

It's a bulk operation to set it up, therefore, even if you have 100 PCs, it will only take you about an hour and you will be up and running with everyone. You only need one to two percent of your staff to handle the deployment and maintenance tasks. 

What about the implementation team?

We used an integrator during the initial setup. They were quite helpful. Our experience with them was good. 

What was our ROI?

We have seen an ROI.

What's my experience with pricing, setup cost, and licensing?

The solution is free for end-users. 

What other advice do I have?

While we have the solution set up on our private cloud, you can also use a hybrid setup if that's better for your organization. 

I would advise new users to connect it with an endpoint manager and connect it with the cloud and then let the real magic happen.

I'd rate the solution an eight out of ten.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Head Of Information Technology at a financial services firm with 1,001-5,000 employees
Real User
Top 5
Integrates well with Microsoft applications and endpoints and has a good antivirus
Pros and Cons
  • "The solution integrates very well with Windows applications and Microsoft endpoint products."
  • "The pricing could be a bit better."

What is our primary use case?

We primarily use the solution for MDM, MAM, and Find Point.

What we did is we replaced our antivirus with Microsoft Defender. There are three products that we implemented, including the Endpoint Defender, which is deployed to all of our end points.

What is most valuable?

The antivirus and their Office Defender are pretty good, although we are still processing that. It seems to be really great at protecting office documents.

The solution integrates very well with Windows applications and Microsoft endpoint products.

The product doesn't take up too many resources. You don't have to install it in different areas. It's very easy to implement and use.

What needs improvement?

As I've only used the product for three months, I haven't really had time to explore the entire solution. However, I haven't found anything that is lacking just yet. Currently, we're actually behind on the current feature offerings and need to explore the system quite a bit more. It fits our needs so far.

The pricing could be a bit better.

For how long have I used the solution?

I've been using the solution for three months.

What do I think about the stability of the solution?

The solution is quite stable. It goes well with Windows applications. We haven't had any issues with it so far. It doesn't crash or freeze or glitch. However, we haven't tried the app just yet. 

What do I think about the scalability of the solution?

The solution is quite scalable. We've found it to be very easy to expand as needed. If a company needs to scale the solution, they can do so.

Currently, we have 151 people using the solution in our organization. We do plan to continue usage.

How are customer service and technical support?

I personally haven't had any experience with technical support just yet. Only my colleagues have spoken with them. Therefore, I can't speak to their level of knowledge or responsiveness.

Which solution did I use previously and why did I switch?

We were using a different product previously, however, I can't recall the name of it at this time. It might have been number three on the market in 2019. I can't recall precisely.

How was the initial setup?

The initial setup was not complex at all. There was really not much that we had to do due to the fact that we have Intune. Therefore, it was very easy to deploy.

It did not take long to deploy. We did it directly on the control panel, then the rest deployed to the other machines. What took longer was onboarding all the machines to Intune. Once they were there, they were all protected.

We have a partner that handles the maintenance for us. We have two technicians handling that aspect of the product.

What about the implementation team?

We had a partner that helped us with the deployment.

What's my experience with pricing, setup cost, and licensing?

The product pricing is definitely in the same range as other products. It's therefore not too expensive, however, it's also not too cheap. It could be better, however, it's Microsoft and they can pretty much set their pricing how they like.

What other advice do I have?

We're just a customer and an end-user. We don't have a business relationship with Microsoft.

We're using the latest version of the solution.

I would recommend this product to other organizations. In fact, I already have.

Currently, I'd rate it an eight out of ten. That's with the knowledge gap I have, as a user that just started working with the solution recently.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
User1#2% - PeerSpot reviewer
Application Manager at Financial Corp
Real User
Top 10
Good alert chaining and tool compatibility for endpoints with helpful heuristic capabilities
Pros and Cons
  • "We are able to productively integrate with existing on-prem, hybrid, or cloud applications."
  • "Features like device inventory continue to lack essential workstation drill-downs showing the entire device information with the least effort."

What is our primary use case?

We primarily used the solution as Endpoint Detection and protection (EDR, EPP) with secondary benefits of threats and vulnerability management, security incident response, automated query and real-time device monitoring, and with the capability of email security, identity management (DFI), and task automation (Power automate). We used respective licenses where required.

The solution was also used for an endpoint antivirus for workstations in a multi-OS environment, including Windows and Mac OS. We had file, device, and user trajectory monitoring for the security operations team.

How has it helped my organization?

The solution benefited the company via:

  • OS-level/Tool compatibility for endpoints running Windows (since both are Microsoft products and Defender core files are included in Win10 or later delivery).
  • Heuristic capability. Consistent usage of MDE indicates that the tools are continuously learning new prevention techniques by pulling real-time up-to-date cloud resources.
  • Alert chaining. The solution makes security Incidents, events, and alerts less tedious from a Security Operation Center standpoint. This can result in false negatives or detriment for small to medium-scale firms running no or semi-automated threat response features.

What is most valuable?

The most valuable aspects of the solution include:

  • Advanced hunting. The product offers flexibility, visibility, and automation capability using a user-friendly query language (KQL).
  • Reporting. Clear and concisely plotted graphics show real-time data representation - which is valuable to upper management.
  • Scalability/API. We are able to productively integrate with existing on-prem, hybrid, or cloud applications. 
  • Great OOB features. The solution comes with SIEM-ingestion-ready features for extensive visibility, automation, and integration, including advanced hunting, threats and vulnerability management, embedded simulation for end-to-end testing, ransomware prevention (Controlled Folder Access), and Attack Surface Reduction (ASR) rules.

What needs improvement?

Improvements could be made via:

  • Clicks. There's a poor user experience with lots of optimizable opportunities of user interface particularly on the newly improved portal (https://security.microsoft.com/). Features like device inventory continue to lack essential workstation drill-downs showing the entire device information with the least effort.
  • De-centralized console features. Discrepancies with enabling core features at the click of a button within the MDE portal is mostly due to prerequisites that are tied to the functionality or partial enforcement requirements from other Microsoft tools (Group policy, Azure, Sentinel, SCCM, Intune). EDR in block mode requires Intune security baselines and tamper protection requires MAPS enabled. Web content filtering also has security baseline dependencies
  • No single pane of glass. There are too many loose ends with tiny bits and pieces to enforce essential security policies compared to other EDR solutions within the same caliber. A typical example is having to create exclusions in different locations for entirely different functionalities, such as: automation folder exclusion, group policy exclusions (per tenant), Controlled Folder Access (ASR) Allowed application, and Attack Surface Reduction (ASR).
  • Service Requests. Noncritical cases with MDE technical support teams tend to be queued for over a week before the first customer engagement. Most of these tickets also end up in the hands of temporary or contracted non-Microsoft employees who are scripted and offer little attention to unique incidents.

Suggested additional features that should be included in the next release include:

  • Digestible interface/filter for crown-jewel capabilities like ASR, CFA and Exploit mitigation occurrences.
  • Restoration of an always visible search bar from the previous console view (https://securitycenter.windows.com).
  • A definitive action plan for Secure Score recommendations and deduplicate of controls.

For how long have I used the solution?

We were using Microsoft Defender for Endpoint prior to its change of name from Defender ATP. We experienced a plethora of GA changes including, but not limited to, IOS/multiple OS support, device discovery, web content filtering, API updates, and continuous integrations with existing security tools.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2022
Buyer's Guide
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.