Our primary use case is anti-malware and virus protection for our machines. We don't operate a network as such; our setup is almost entirely in the cloud.
We use the solution across multiple departments and teams, with about 400 total end users.
Our primary use case is anti-malware and virus protection for our machines. We don't operate a network as such; our setup is almost entirely in the cloud.
We use the solution across multiple departments and teams, with about 400 total end users.
Around 90% of our estate is Mac, so we rarely have security alerts, but we get daily reports. The solution lets us proactively advise users about security concerns, especially when downloading files.
The solution is a Microsoft built-in tool, so it's very straightforward to use and monitor from the admin center, it's intuitive.
As with all antivirus software, the benefits of using it far outweigh the risks of not having it. Protecting our estate, machines, and users is essential. We can take action quickly, for example, when a user downloads something suspicious and step in before the threat escalates. As an organization, we have encrypted files and data it is vital for us to protect.
Defender for Endpoint is a robust solution that works well out of the box.
We can monitor and manage our security picture from one dashboard, and that's one of the primary reasons we use the solution. Our machines are enrolled on Microsoft Intune, which further simplifies management. With the E5 license, everything is in the same place; that makes our job easier and allows us to be more proactive when confronting threats. Not having to log in and out of different systems to manage devices is an excellent improvement to our operation.
The solution's threat intelligence helps us prepare for potential threats and makes us more proactive. We have the information required to warn our users of threats, including malicious links and phishing emails. The product gives us an accurate picture of the threat landscape, enabling us to adapt our strategy to protect our most sensitive and vital data.
There is a difficult balance working in IT, as we don't want to put all our eggs in one basket; if one system goes down, we are compromised. We want the flexibility and reliability offered by different specialized solutions, but that complicates management. With Defender for Endpoint, we don't need to worry about machines slipping through the gaps and remaining unprotected because the product is connected to the user account and pushed by the tenant. There is no agent, and the solution isn't intrusive; the user doesn't even know it's there. Other vendors I dealt with in the past required clients to be installed and updated, with potential problems coming in if the client isn't up to date. This isn't an issue we have with Defender.
Our team's knowledge of the solution needs to be improved, and Microsoft could do a better job conveying the necessary information to users. We could proactively use the tool more and explore capabilities we are not yet utilizing.
We have been using the solution for about six months.
The solution is stable; Microsoft goes down very rarely. It happened just a few times over my career. If it does go down, the impact is significant.
The solution is very scalable. Microsoft makes that easy, and we plan to increase our Defender for Endpoint usage.
I've only contacted Microsoft support a few times, and they were always helpful. I don't have any issues with the support; they're good.
Positive
We previously used Symantec Endpoint Security. It was somewhat clunky. The engineers found it too intrusive as it required a client to be installed, dramatically slowing down the machines. We switched to Defender for Endpoint because it's part of the Microsoft suite, and we can use it across platforms for Windows and Mac.
The initial setup is straightforward. Initially, we didn't use the E5 licensing, so it was a basic cloud setup with a license per user. Now we have our own tenants, and we're deploying E5 licenses, and Defender for Endpoint comes as part of the license. A user activates the app in the Office 365 tenant, and that's the setup.
The initial deployment didn't take very long; it was just a tick box exercise. We are moving tenants, so we're giving everyone a new E5 license when they move over. It's quick and easy to assign licenses via a tool we have, which provides users with access to the entire Microsoft suite, including Defender for Endpoint.
Five people were involved in the deployment, all of them IT staff.
I'm not directly involved in taking care of the solution, but it seems lightweight in terms of maintenance. Most of the updating is end-user-driven; users are prompted to restart their machines to stay up to date with security patches.
As we have only been using the solution for six months, I don't think we've seen an ROI yet. I imagine in another two years, we will see a return.
AV solutions are pretty expensive because they are necessary, not just for protection, but many businesses need them to comply with regulatory bodies and receive accreditation. We recently purchased an E5 license, which gives us access to the entire Microsoft suite. I would say the pricing is competitive; most tools of this kind are similarly priced. There are minor differences between the competitors, but they aren't spectacularly different. Defender for Endpoint makes sense because all our solutions are in the same place, paid for with a single license. The subscription price is around £50 per user per month, though it may have increased slightly.
We evaluated Sophos Intercept X and Kaspersky Endpoint Security for Business.
I would rate the solution an eight out of ten.
Defender for Endpoint helps us automate routine tasks, but I don't specifically know what kind of automation it does or what we use it for, as the InfoSec team is responsible for that.
No solution is completely foolproof, but the configuration has a large part to play in the quality of the protection.
We have been in business for two years, so we're a relatively small and young company. Nevertheless, it's vital to have protection against malicious actors. The threat landscape we face today is complex and diverse, so our threat protection needs to be up to par. That's the benefit of using the product; we need to protect our data, and having a tool that informs us of potential threats is excellent.
As an end user, the solution didn't personally save me time, but I imagine it did for the InfoSec team who deal with it directly. The security reporting will all be in one place, and we don't have to go to the marketplace to look for separate tools to fulfill different functions.
It is a comprehensive monitoring solution for all user activities and their associated details within our tenant. All data flows seamlessly through Sentinel, streamlining the process and ensuring thorough oversight of our environment.
It enhances our security posture. It seamlessly integrates with all our systems, particularly across our Microsoft infrastructure. It offers insights into threats, furnishing information about potential security risks within our environment. It effectively sets up alerts to notify us of any suspicious or unusual activities. The prioritization of threats holds significant importance. It concentrates on the most crucial threats rather than overwhelming us with all potential risks. It excels at organizing and highlighting those critical threats, providing a level of efficiency beyond what I've observed elsewhere. It has proven to be a cost-effective solution, saving both time and money, as the adage goes—time is money. Specifically, it has significantly reduced our time to detect and respond to incidents. Its real-time threat detection and blocking capabilities contribute to these improvements.
The most valuable aspect lies in its automation capabilities, particularly within security automation. It contributes to more efficient time management for us and it provides an efficient way to keep track of user actions and maintain a secure and well-monitored system.
In terms of improvements for their technical support, a focus on enhancing response times could be beneficial.
I have been using it for approximately five years.
The stability is excellent and I've never encountered any issues; it has consistently performed well.
The scalability is impressive, especially since we use it in the cloud. It works seamlessly without any issues.
Microsoft's technical support is commendable. I would rate it eight out of ten.
Positive
Overall, I would rate it nine out of ten.
I am a SOC analyst and I use Microsoft Defender for Endpoint to investigate endpoints in our environment and malicious activity.
The visibility into threats that Defender provides is excellent. The logs I receive are quite comprehensive, allowing me to see what is happening on each endpoint, including the running processes and generated alerts. It does a pretty good job of detecting when certain events occur, which helps me stay attentive to potential issues. Overall, it offers significant visibility.
Defender does a good job in helping to prioritize threats across our entire enterprise because it provides me with context by distinguishing between high and medium threats.
We also utilize Azure Sentinel, Defender for Cloud Apps, Defender for Identity, and Office 365. These solutions are integrated together, and whenever one of them receives an alert, it is sent to the main alert queue. I would give the integration an eight out of ten.
Sentinel allows us to collect data from our entire ecosystem. We primarily use it for the network firewall logs, but it can also handle other types of logs.
Sentinel does an excellent job of providing us with comprehensive security protection and visibility into security alerts and incidents. It informs us about policy violations, such as foreign user sign-ins and sign-ins from multiple or different devices, among other things. Therefore, it offers greater visibility beyond just phishing alerts.
Microsoft Defender for Endpoint has significantly improved our organization by identifying the activities of individual users and effectively hunting for any threatening activities they might engage in. For instance, if a user downloads a malicious file or clicks on a malware-infected link, the software can promptly detect and mitigate the issue on the server.
Defender helps to automate routine tasks and the identification of high-value alerts. Sentinel aids in the automation process by allowing me to address the issue of numerous false positives. Specifically, I automated the handling of certain false positives that originated from a particular IP range. This IP range was generating false positives due to a flagged server, even though the server itself was not actually malicious. In such cases, Sentinel proved to be beneficial as it facilitated the automation and removal of unnecessary noise.
Microsoft Defender for Endpoint has helped save us the trouble of looking at multiple dashboards by providing a single XDR dashboard.
Microsoft Defender for Endpoint has been instrumental in saving us time, especially by identifying true positives instead of wasting time on false positives.
I enjoy using the live response feature, which allows me to remotely access different endpoints and investigate malicious files, such as malware that people may have downloaded, and other related issues.
Threat intelligence has the potential for improvement, particularly by integrating more sources. This will enable us to accurately identify when a domain or an IP is malicious. If we could obtain information from external sources, it would reduce the need to use different open source tools to verify whether a domain or IP is malicious or not.
I have been using Microsoft Defender for Endpoint for a year and a half.
Microsoft Defender for Endpoint is stable. I have only experienced one crash.
Microsoft Defender for Endpoint proved to be scalable in our environment, supporting over 500 endpoints.
I have also used Splunk. Splunk is more modular and portable, allowing us to integrate it with a wide range of different tools. In contrast, features of Defender and Sentinel, such as those provided by Microsoft, do not integrate well with as many other options.
I would rate Microsoft Defender for Endpoint a nine out of ten. It provides me with greater certainty regarding malicious activity compared to Splunk, which demands much more analysis. Defender for Endpoint performs a significant amount of work in terms of identifying and validating malicious elements. This saves us from having to read and interpret a large number of logs. It takes care of the interpretation and conducts about half of the log analysis on our behalf.
I still have to conduct threat intelligence on my own, such as open-source intelligence. I don't automatically search VirusTotal for things, but I still end up doing my own source searching.
We use it to prevent malware attacks.
The automatic report is very good, and it is easy to see which user or device has a problem. The benefit we were able to realize immediately was protection.
I like the simplicity of the portal and the integration with Microsoft Intune. Microsoft Defender for Endpoint is easy to use and implement.
It has helped automate routine tasks and the finding of high-value alerts. However, we have a small IT team, and we have not automated many tasks.
It has also helped us save a little time, but we have saved more time with email protection. We have saved money as well because of ransomware protection.
Microsoft Defender for Endpoint's threat intelligence has helped us prepare for potential threats before they hit and take proactive steps. We have a scoreboard of each device and can quickly see which device needs an upgrade.
This solution has made our threat detection and response time faster by a few hours.
Right now, there's a portal for Azure, portals for Microsoft Office, and portals for endpoints. It would be good to have only one portal and integrate everything.
I've been using this solution for five years.
Because it is in the cloud, the stability is good.
It is easy to scale and increase capacity.
We are at one location with multiple departments such as IT, marketing, sales, invoicing, etc. We are a small company and have 53 users of Microsoft Defender for Endpoint.
I have contacted Microsoft technical support a few times a year, and they have responded quickly. I'd give them a rating of nine out of ten.
Positive
We used a different solution and switched to Microsoft Defender for Endpoint because the integration and alignment with Microsoft was great. The previous solution was heavy, and it took a long time to update.
The initial deployment was easy and took a few hours.
It is deployed to the cloud, and I don't have to spend time on maintenance.
I deployed it myself.
The ROI is very difficult to calculate, but it may be 20% ROI. We don't have any problems with ransomware or malware.
It is an expensive solution. It would be nice if it could be included with the Microsoft Office package.
In theory, the best-of-breed strategy is not secure, and practically, a single vendor's suite is better because there is only one contact.
I would recommend trying Microsoft Defender for Endpoint and would give it an overall rating of nine on a scale from one to ten.
It's an antivirus product, so its main use is to protect us.
This is a really good product, it's user-friendly and offers us safety and security.
The technical support could be improved.
I've been using this solution for three years.
The solution is stable.
In terms of scalability, we went from 10 pilot machines to 35,000 devices.
The technical support isn't too bad but their responsiveness needs to be improved. I'd say it's their biggest issue.
The initial setup is very easy, probably one of the easiest onboarding processes I've done. Implementation was done in-house and takes a few minutes per device; click it and go. I deal with anything related to antivirus patching and encryption and we have four cyber analysts that look after whatever comes out of ATP or Defender for Endpoint.
My advice would be to plan carefully and make sure you take notice of what's coming out because it pushes out a lot of very useful information. It's a matter of having sufficient staff because the amount of information it gives you is phenomenal. If a company doesn't have sufficient resources then any other antivirus might work, but this thing produces so much useful information that if you're implementing this solution it's worthwhile having the staff to deal with it.
I rate this product 10 out of 10.
The stability has been good so far.
If I compare its features to the other solutions in the market, it has some good features. It's comparable to others.
The solution can scale as needed.
In India at least, it seems to be a bit more expensive than other options.
I've just recently been introduced to the product. I haven't used it for very long.
The stability has been fine. There are no bugs or glitches and it doesn't crash or freeze.
The scalability has been great. If you need to expand, you can.
I have never needed to contact technical support. I can't speak to how helpful or responsive they are.
The pricing is a bit high for the Indian market.
We are a partner and we consult clients on security solutions. It's one of the solutions we take to our clients.
For companies that are Microsoft shops, I would recommend the product. It saves a lot of integration requirements as compared to other solutions. It's a good product that does what it says it will do.
I would rate the product a seven out of ten. There are improvement opportunities in terms of the overall tech and commercial aspects of the product. It needs to be more competitive and technical.
We use Microsoft Defender for Endpoint as an antivirus and antimalware solution. We also use it for endpoint management.
What I'd like included in the next release of Microsoft Defender for Endpoint is more integration with different platforms.
We've been using Microsoft Defender for Endpoint for four years.
Microsoft Defender for Endpoint is stable, except for occasional internet connection issues, but it's stable.
We contact the technical support team for this solution whenever we have an issue, and once you open a ticket, they respond as quickly as possible, though it would still depend on the severity level that you define.
The initial setup for Microsoft Defender for Endpoint was straightforward. It wasn't complicated.
We pay for our Microsoft Defender for Endpoint subscription yearly.
We've been working with various Microsoft solutions, e.g. Microsoft Defender for Endpoint, Microsoft Azure, etc.
Microsoft Defender for Endpoint has been awesome, so far.
I wasn't around during the setup of the solution, so I have no idea on how long setting it up took.
We have 6,000 end users of Microsoft Defender for Endpoint within the company, and it's being used on workstations, servers, and mobile devices.
I'm rating Microsoft Defender for Endpoint nine out of ten. I found it to be a good product. It's a fine product.
We use Microsoft Defender for Endpoint for network and endpoint protection.
Microsoft Defender for Endpoint could improve by making the reporting better.
I have been using Microsoft Defender for Endpoint for approximately three years.
Microsoft Defender for Endpoint is stable in my usage.
I have found Microsoft Defender for Endpoint to be scalable.
We have approximately 700 people using this solution and we plan to increase usage.
The technical support from Microsoft is very good. We are part of the Microsoft Suite, and from being part of this we have consistent news regarding Microsoft Defender for Endpoint.
I have previously used ESET.
The initial setup of Microsoft Defender for Endpoint was straightforward.
We have two engineers that do the implementation and maintenance of Microsoft Defender for Endpoint.
Microsoft Defender for Endpoint has improved a lot over the years and it is a lot better now.
I would recommend this solution to others.
I rate Microsoft Defender for Endpoint an eight out of ten.