Principle IT Support Engineer at a retailer with 201-500 employees
Real User
A robust, straightforward, and intuitive tool that's easy to manage from the admin center
Pros and Cons
  • "Defender for Endpoint is a robust solution that works well out-of-the-box."
  • "Our team's knowledge of the solution needs to be improved, and Microsoft could do a better job conveying the necessary information to users. We could proactively use the tool more and explore capabilities we are not yet utilizing."

What is our primary use case?

Our primary use case is anti-malware and virus protection for our machines. We don't operate a network as such; our setup is almost entirely in the cloud.

We use the solution across multiple departments and teams, with about 400 total end users.

How has it helped my organization?

Around 90% of our estate is Mac, so we rarely have security alerts, but we get daily reports. The solution lets us proactively advise users about security concerns, especially when downloading files.

What is most valuable?

The solution is a Microsoft built-in tool, so it's very straightforward to use and monitor from the admin center, it's intuitive. 

As with all antivirus software, the benefits of using it far outweigh the risks of not having it. Protecting our estate, machines, and users is essential. We can take action quickly, for example, when a user downloads something suspicious and step in before the threat escalates. As an organization, we have encrypted files and data it is vital for us to protect.

Defender for Endpoint is a robust solution that works well out of the box. 

We can monitor and manage our security picture from one dashboard, and that's one of the primary reasons we use the solution. Our machines are enrolled on Microsoft Intune, which further simplifies management. With the E5 license, everything is in the same place; that makes our job easier and allows us to be more proactive when confronting threats. Not having to log in and out of different systems to manage devices is an excellent improvement to our operation.

The solution's threat intelligence helps us prepare for potential threats and makes us more proactive. We have the information required to warn our users of threats, including malicious links and phishing emails. The product gives us an accurate picture of the threat landscape, enabling us to adapt our strategy to protect our most sensitive and vital data.

There is a difficult balance working in IT, as we don't want to put all our eggs in one basket; if one system goes down, we are compromised. We want the flexibility and reliability offered by different specialized solutions, but that complicates management. With Defender for Endpoint, we don't need to worry about machines slipping through the gaps and remaining unprotected because the product is connected to the user account and pushed by the tenant. There is no agent, and the solution isn't intrusive; the user doesn't even know it's there. Other vendors I dealt with in the past required clients to be installed and updated, with potential problems coming in if the client isn't up to date. This isn't an issue we have with Defender. 

What needs improvement?

Our team's knowledge of the solution needs to be improved, and Microsoft could do a better job conveying the necessary information to users. We could proactively use the tool more and explore capabilities we are not yet utilizing.

Buyer's Guide
Microsoft Defender for Endpoint
March 2024
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.

For how long have I used the solution?

We have been using the solution for about six months.

What do I think about the stability of the solution?

The solution is stable; Microsoft goes down very rarely. It happened just a few times over my career. If it does go down, the impact is significant.

What do I think about the scalability of the solution?

The solution is very scalable. Microsoft makes that easy, and we plan to increase our Defender for Endpoint usage.

How are customer service and support?

I've only contacted Microsoft support a few times, and they were always helpful. I don't have any issues with the support; they're good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used Symantec Endpoint Security. It was somewhat clunky. The engineers found it too intrusive as it required a client to be installed, dramatically slowing down the machines. We switched to Defender for Endpoint because it's part of the Microsoft suite, and we can use it across platforms for Windows and Mac.

How was the initial setup?

The initial setup is straightforward. Initially, we didn't use the E5 licensing, so it was a basic cloud setup with a license per user. Now we have our own tenants, and we're deploying E5 licenses, and Defender for Endpoint comes as part of the license. A user activates the app in the Office 365 tenant, and that's the setup.

The initial deployment didn't take very long; it was just a tick box exercise. We are moving tenants, so we're giving everyone a new E5 license when they move over. It's quick and easy to assign licenses via a tool we have, which provides users with access to the entire Microsoft suite, including Defender for Endpoint.

Five people were involved in the deployment, all of them IT staff.

I'm not directly involved in taking care of the solution, but it seems lightweight in terms of maintenance. Most of the updating is end-user-driven; users are prompted to restart their machines to stay up to date with security patches.

What was our ROI?

As we have only been using the solution for six months, I don't think we've seen an ROI yet. I imagine in another two years, we will see a return.

What's my experience with pricing, setup cost, and licensing?

AV solutions are pretty expensive because they are necessary, not just for protection, but many businesses need them to comply with regulatory bodies and receive accreditation. We recently purchased an E5 license, which gives us access to the entire Microsoft suite. I would say the pricing is competitive; most tools of this kind are similarly priced. There are minor differences between the competitors, but they aren't spectacularly different. Defender for Endpoint makes sense because all our solutions are in the same place, paid for with a single license. The subscription price is around £50 per user per month, though it may have increased slightly.

Which other solutions did I evaluate?

We evaluated Sophos Intercept X and Kaspersky Endpoint Security for Business.

What other advice do I have?

I would rate the solution an eight out of ten. 

Defender for Endpoint helps us automate routine tasks, but I don't specifically know what kind of automation it does or what we use it for, as the InfoSec team is responsible for that. 

No solution is completely foolproof, but the configuration has a large part to play in the quality of the protection. 

We have been in business for two years, so we're a relatively small and young company. Nevertheless, it's vital to have protection against malicious actors. The threat landscape we face today is complex and diverse, so our threat protection needs to be up to par. That's the benefit of using the product; we need to protect our data, and having a tool that informs us of potential threats is excellent.

As an end user, the solution didn't personally save me time, but I imagine it did for the InfoSec team who deal with it directly. The security reporting will all be in one place, and we don't have to go to the marketplace to look for separate tools to fulfill different functions.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Cloud Architect at a consultancy with 11-50 employees
Real User
Top 20
Robust security posture and streamlined incident response with excellent automation features, seamless integration within Microsoft systems and efficient threat prioritization
Pros and Cons
  • "The most valuable aspect lies in its automation capabilities, particularly within security automation."
  • "In terms of improvements for their technical support, a focus on enhancing response times could be beneficial."

What is our primary use case?

It is a comprehensive monitoring solution for all user activities and their associated details within our tenant. All data flows seamlessly through Sentinel, streamlining the process and ensuring thorough oversight of our environment.

How has it helped my organization?

It enhances our security posture. It seamlessly integrates with all our systems, particularly across our Microsoft infrastructure. It offers insights into threats, furnishing information about potential security risks within our environment. It effectively sets up alerts to notify us of any suspicious or unusual activities. The prioritization of threats holds significant importance. It concentrates on the most crucial threats rather than overwhelming us with all potential risks. It excels at organizing and highlighting those critical threats, providing a level of efficiency beyond what I've observed elsewhere. It has proven to be a cost-effective solution, saving both time and money, as the adage goes—time is money. Specifically, it has significantly reduced our time to detect and respond to incidents. Its real-time threat detection and blocking capabilities contribute to these improvements.

What is most valuable?

The most valuable aspect lies in its automation capabilities, particularly within security automation. It contributes to more efficient time management for us and it provides an efficient way to keep track of user actions and maintain a secure and well-monitored system.

What needs improvement?

In terms of improvements for their technical support, a focus on enhancing response times could be beneficial.

For how long have I used the solution?

I have been using it for approximately five years.

What do I think about the stability of the solution?

The stability is excellent and I've never encountered any issues; it has consistently performed well.

What do I think about the scalability of the solution?

The scalability is impressive, especially since we use it in the cloud. It works seamlessly without any issues.

How are customer service and support?

Microsoft's technical support is commendable. I would rate it eight out of ten.

How would you rate customer service and support?

Positive

What other advice do I have?

Overall, I would rate it nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Microsoft Defender for Endpoint
March 2024
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
SOC Analyst with 1-10 employees
Real User
Provides comprehensive logs and the live response feature allows me to remotely access different endpoints and investigate malicious files
Pros and Cons
  • "I enjoy using the live response feature, which allows me to remotely access different endpoints and investigate malicious files, such as malware that people may have downloaded, and other related issues."
  • "Threat intelligence has the potential for improvement, particularly by integrating more sources."

What is our primary use case?

I am a SOC analyst and I use Microsoft Defender for Endpoint to investigate endpoints in our environment and malicious activity.

How has it helped my organization?

The visibility into threats that Defender provides is excellent. The logs I receive are quite comprehensive, allowing me to see what is happening on each endpoint, including the running processes and generated alerts. It does a pretty good job of detecting when certain events occur, which helps me stay attentive to potential issues. Overall, it offers significant visibility.

Defender does a good job in helping to prioritize threats across our entire enterprise because it provides me with context by distinguishing between high and medium threats.

We also utilize Azure Sentinel, Defender for Cloud Apps, Defender for Identity, and Office 365. These solutions are integrated together, and whenever one of them receives an alert, it is sent to the main alert queue. I would give the integration an eight out of ten.

Sentinel allows us to collect data from our entire ecosystem. We primarily use it for the network firewall logs, but it can also handle other types of logs.

Sentinel does an excellent job of providing us with comprehensive security protection and visibility into security alerts and incidents. It informs us about policy violations, such as foreign user sign-ins and sign-ins from multiple or different devices, among other things. Therefore, it offers greater visibility beyond just phishing alerts.

Microsoft Defender for Endpoint has significantly improved our organization by identifying the activities of individual users and effectively hunting for any threatening activities they might engage in. For instance, if a user downloads a malicious file or clicks on a malware-infected link, the software can promptly detect and mitigate the issue on the server.

Defender helps to automate routine tasks and the identification of high-value alerts. Sentinel aids in the automation process by allowing me to address the issue of numerous false positives. Specifically, I automated the handling of certain false positives that originated from a particular IP range. This IP range was generating false positives due to a flagged server, even though the server itself was not actually malicious. In such cases, Sentinel proved to be beneficial as it facilitated the automation and removal of unnecessary noise.

Microsoft Defender for Endpoint has helped save us the trouble of looking at multiple dashboards by providing a single XDR dashboard.

Microsoft Defender for Endpoint has been instrumental in saving us time, especially by identifying true positives instead of wasting time on false positives.

What is most valuable?

I enjoy using the live response feature, which allows me to remotely access different endpoints and investigate malicious files, such as malware that people may have downloaded, and other related issues.

What needs improvement?

Threat intelligence has the potential for improvement, particularly by integrating more sources. This will enable us to accurately identify when a domain or an IP is malicious. If we could obtain information from external sources, it would reduce the need to use different open source tools to verify whether a domain or IP is malicious or not.

For how long have I used the solution?

I have been using Microsoft Defender for Endpoint for a year and a half.

What do I think about the stability of the solution?

Microsoft Defender for Endpoint is stable. I have only experienced one crash.

What do I think about the scalability of the solution?

Microsoft Defender for Endpoint proved to be scalable in our environment, supporting over 500 endpoints.

Which solution did I use previously and why did I switch?

I have also used Splunk. Splunk is more modular and portable, allowing us to integrate it with a wide range of different tools. In contrast, features of Defender and Sentinel, such as those provided by Microsoft, do not integrate well with as many other options.

What other advice do I have?

I would rate Microsoft Defender for Endpoint a nine out of ten. It provides me with greater certainty regarding malicious activity compared to Splunk, which demands much more analysis. Defender for Endpoint performs a significant amount of work in terms of identifying and validating malicious elements. This saves us from having to read and interpret a large number of logs. It takes care of the interpretation and conducts about half of the log analysis on our behalf.

I still have to conduct threat intelligence on my own, such as open-source intelligence. I don't automatically search VirusTotal for things, but I still end up doing my own source searching.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
David Frerie - PeerSpot reviewer
Head of IT & Database Management at a educational organization with 51-200 employees
Real User
Top 5
Is easy to use and implement, and decreases the threat detection and response times
Pros and Cons
  • "I like the simplicity of the portal and the integration with Microsoft Intune. Microsoft Defender for Endpoint is easy to use and implement."
  • "Right now, there's a portal for Azure, portals for Microsoft Office, and portals for endpoints. It would be good to have only one portal and integrate everything."

What is our primary use case?

We use it to prevent malware attacks.

How has it helped my organization?

The automatic report is very good, and it is easy to see which user or device has a problem. The benefit we were able to realize immediately was protection.

What is most valuable?

I like the simplicity of the portal and the integration with Microsoft Intune. Microsoft Defender for Endpoint is easy to use and implement.

It has helped automate routine tasks and the finding of high-value alerts. However, we have a small IT team, and we have not automated many tasks.

It has also helped us save a little time, but we have saved more time with email protection. We have saved money as well because of ransomware protection.

Microsoft Defender for Endpoint's threat intelligence has helped us prepare for potential threats before they hit and take proactive steps. We have a scoreboard of each device and can quickly see which device needs an upgrade.

This solution has made our threat detection and response time faster by a few hours.

What needs improvement?

Right now, there's a portal for Azure, portals for Microsoft Office, and portals for endpoints. It would be good to have only one portal and integrate everything.

For how long have I used the solution?

I've been using this solution for five years.

What do I think about the stability of the solution?

Because it is in the cloud, the stability is good.

What do I think about the scalability of the solution?

It is easy to scale and increase capacity.

We are at one location with multiple departments such as IT, marketing, sales, invoicing, etc. We are a small company and have 53 users of Microsoft Defender for Endpoint.

How are customer service and support?

I have contacted Microsoft technical support a few times a year, and they have responded quickly. I'd give them a rating of nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used a different solution and switched to Microsoft Defender for Endpoint because the integration and alignment with Microsoft was great. The previous solution was heavy, and it took a long time to update. 

How was the initial setup?

The initial deployment was easy and took a few hours.

It is deployed to the cloud, and I don't have to spend time on maintenance.

What about the implementation team?

I deployed it myself.

What was our ROI?

The ROI is very difficult to calculate, but it may be 20% ROI. We don't have any problems with ransomware or malware.

What's my experience with pricing, setup cost, and licensing?

It is an expensive solution. It would be nice if it could be included with the Microsoft Office package.

What other advice do I have?

In theory, the best-of-breed strategy is not secure, and practically, a single vendor's suite is better because there is only one contact.

I would recommend trying Microsoft Defender for Endpoint and would give it an overall rating of nine on a scale from one to ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Technical Specialist at a retailer with 10,001+ employees
Real User
Top 20
Very user-friendly, offering safety, security and providing a phenomenal amount of good information
Pros and Cons
  • "User-friendly, offering safety and security."

    What is our primary use case?

    It's an antivirus product, so its main use is to protect us.

    What is most valuable?

    This is a really good product, it's user-friendly and offers us safety and security. 

    What needs improvement?

    The technical support could be improved. 

    For how long have I used the solution?

    I've been using this solution for three years. 

    What do I think about the stability of the solution?

    The solution is stable. 

    What do I think about the scalability of the solution?

    In terms of scalability, we went from 10 pilot machines to 35,000 devices.

    How are customer service and support?

    The technical support isn't too bad but their responsiveness needs to be improved. I'd say it's their biggest issue. 

    How was the initial setup?

    The initial setup is very easy, probably one of the easiest onboarding processes I've done. Implementation was done in-house and takes a few minutes per device; click it and go. I deal with anything related to antivirus patching and encryption and we have four cyber analysts that look after whatever comes out of ATP or Defender for Endpoint. 

    What other advice do I have?

    My advice would be to plan carefully and make sure you take notice of what's coming out because it pushes out a lot of very useful information. It's a matter of having sufficient staff because the amount of information it gives you is phenomenal. If a company doesn't have sufficient resources then any other antivirus might work, but this thing produces so much useful information that if you're implementing this solution it's worthwhile having the staff to deal with it. 

    I rate this product 10 out of 10. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Supriya Kumar - PeerSpot reviewer
    Senior Manager at Ernst & Young
    Real User
    Reliable with good features but needs improvements on some of the technical aspects
    Pros and Cons
    • "The solution can scale as needed."
    • "In India at least, it seems to be a bit more expensive than other options."

    What is most valuable?

    The stability has been good so far. 

    If I compare its features to the other solutions in the market, it has some good features. It's comparable to others.

    The solution can scale as needed. 

    What needs improvement?

    In India at least, it seems to be a bit more expensive than other options. 

    For how long have I used the solution?

    I've just recently been introduced to the product. I haven't used it for very long. 

    What do I think about the stability of the solution?

    The stability has been fine. There are no bugs or glitches and it doesn't crash or freeze. 

    What do I think about the scalability of the solution?

    The scalability has been great. If you need to expand, you can.

    How are customer service and support?

    I have never needed to contact technical support. I can't speak to how helpful or responsive they are. 

    What's my experience with pricing, setup cost, and licensing?

    The pricing is a bit high for the Indian market.

    What other advice do I have?

    We are a partner and we consult clients on security solutions. It's one of the solutions we take to our clients.

    For companies that are Microsoft shops, I would recommend the product. It saves a lot of integration requirements as compared to other solutions. It's a good product that does what it says it will do. 

    I would rate the product a seven out of ten. There are improvement opportunities in terms of the overall tech and commercial aspects of the product. It needs to be more competitive and technical. 

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Peter Arabomen - PeerSpot reviewer
    Security Engineering, Team Lead at Fidelity Bank Plc
    Real User
    Stable solution that protects networks against viruses and malware; good for endpoint management
    Pros and Cons
    • "Stable endpoint manager, antivirus, and antimalware, with fast technical support and a straightforward setup."
    • "More integration with different platforms is an area for improvement for this product, and should be included in its next release."

    What is our primary use case?

    We use Microsoft Defender for Endpoint as an antivirus and antimalware solution. We also use it for endpoint management.

    What needs improvement?

    What I'd like included in the next release of Microsoft Defender for Endpoint is more integration with different platforms.

    For how long have I used the solution?

    We've been using Microsoft Defender for Endpoint for four years.

    What do I think about the stability of the solution?

    Microsoft Defender for Endpoint is stable, except for occasional internet connection issues, but it's stable.

    How are customer service and support?

    We contact the technical support team for this solution whenever we have an issue, and once you open a ticket, they respond as quickly as possible, though it would still depend on the severity level that you define.

    How was the initial setup?

    The initial setup for Microsoft Defender for Endpoint was straightforward. It wasn't complicated.

    What's my experience with pricing, setup cost, and licensing?

    We pay for our Microsoft Defender for Endpoint subscription yearly.

    What other advice do I have?

    We've been working with various Microsoft solutions, e.g. Microsoft Defender for Endpoint, Microsoft Azure, etc.

    Microsoft Defender for Endpoint has been awesome, so far.

    I wasn't around during the setup of the solution, so I have no idea on how long setting it up took.

    We have 6,000 end users of Microsoft Defender for Endpoint within the company, and it's being used on workstations, servers, and mobile devices.

    I'm rating Microsoft Defender for Endpoint nine out of ten. I found it to be a good product. It's a fine product.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Daniel Bagley - PeerSpot reviewer
    Information Security Officer at Church of England
    Real User
    Top 10
    Scalable, good support, and straightforward implementation
    Pros and Cons
    • "The technical support from Microsoft is very good. We are part of the Microsoft Suite, and from being part of this we have consistent news regarding Microsoft Defender for Endpoint."
    • "Microsoft Defender for Endpoint could improve by making the reporting better."

    What is our primary use case?

    We use Microsoft Defender for Endpoint for network and endpoint protection.

    What needs improvement?

    Microsoft Defender for Endpoint could improve by making the reporting better.

    For how long have I used the solution?

    I have been using Microsoft Defender for Endpoint for approximately three years.

    What do I think about the stability of the solution?

    Microsoft Defender for Endpoint is stable in my usage.

    What do I think about the scalability of the solution?

    I have found Microsoft Defender for Endpoint to be scalable.

    We have approximately 700 people using this solution and we plan to increase usage.

    How are customer service and support?

    The technical support from Microsoft is very good. We are part of the Microsoft Suite, and from being part of this we have consistent news regarding Microsoft Defender for Endpoint.

    Which solution did I use previously and why did I switch?

    I have previously used ESET.

    How was the initial setup?

    The initial setup of Microsoft Defender for Endpoint was straightforward. 

    What about the implementation team?

    We have two engineers that do the implementation and maintenance of Microsoft Defender for Endpoint.

    What other advice do I have?

    Microsoft Defender for Endpoint has improved a lot over the years and it is a lot better now.

    I would recommend this solution to others.

    I rate Microsoft Defender for Endpoint an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.
    Updated: March 2024
    Buyer's Guide
    Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.