Try our new research platform with insights from 80,000+ expert users
Kevin Mabry - PeerSpot reviewer
CEO at Sentree Systems, Corp.
Reseller
Top 20
Lowers costs for my clients and has the ransomware solution built into it, but there should be more telemetry information and more promotion
Pros and Cons
  • "I like the fact that it has the ransomware solution in there. I'm glad that the ransomware solution is built into it. That's probably the biggest thing that I see in Microsoft Defender."
  • "It is not very scalable from the eyes of an MSP because there is no dashboard that you can use to see all of your devices that have Windows Defender unless you have your own dashboard or an RMM tool to actually look at it. So, you might not get to know that a particular computer of a client is doing something, and it might have got a virus. That person might know that, but unless you set it up to actually send you the information, you won't get to know that. That's one of the things that is hard with Microsoft Defender. It is not made for the MSP world where you have one pane of glass to see all of your clients with Microsoft Defender on it unless your RMM tool already has that built-in and it can see the telemetry from Microsoft Defender."

What is our primary use case?

I offer a Security Operation Center (SOC), which is like a person standing and going through the metal detector at the airport. We're like the staff standing there and watching people and then having them send stuff through the conveyor. It is real-time detection and response.

I don't use Microsoft Defender that much. If I come across a client who doesn't want to spend on a different endpoint solution, I just have them use Microsoft Defender that is built into their devices.

How has it helped my organization?

The ransomware and some of the other features that are built into it give you more telemetry now. From the security side, I don't look at what an endpoint solution does. I look at what it gives me. I need data. I don't want something to just say, "Oh, I stopped it." That's good, but I need to be able to figure out what did it stop. Was it a good thing or a bad thing that it stopped, and what is it doing. I need to be able to break that down and go deeper into that analysis to figure out what is being stopped. Microsoft Defender is doing that now and is giving more telemetry. It doesn't give nearly as much as Bitdefender does, but it is pretty good.

It is built into Windows 10. So, I don't really have to go out and get an extra or a separate endpoint security solution. It stands on its own. I have some clients who are using Microsoft Defender, and it is perfectly fine because my SOC can actually get the telemetry from Microsoft Defender and use that as well. Microsoft Defender does have the telemetry information, and I can get some of that out of it for my SOC. I can use what's built into it to stop and do more of a response layer. I can use Microsoft Defender to stop something right there.

What is most valuable?

I like the fact that it has the ransomware solution in there. I'm glad that the ransomware solution is built into it. That's probably the biggest thing that I see in Microsoft Defender.

It is useful when a client does not want to spend extra on getting a new endpoint solution or does not want to get something else installed on their devices.

What needs improvement?

The biggest thing that I would emphasize to Microsoft is that if they are confident in their solution, they should brag more about it. In other words, they should put more stuff out there to prove that they're just as good as the others. The biggest thing is that people still don't believe in it. When it comes to the IT world, they still don't believe in Microsoft Defender. It has been there for a while, and I know that I used to not trust it because it was free and I didn't know what it was doing and if I could trust it. If you go to comparison sites, you would hardly see it being compared to solutions like Norton, Bitdefender, Webroot, etc. Microsoft can do a better job of promoting it.

They should offer more telemetry or more information coming out of there for Syslog type of scenario so that a SOC could use the data that they have built into it. This would be useful.

It is not very scalable from the eyes of an MSP because there is no dashboard that you can use to see all of your devices that have Windows Defender unless you have your own dashboard or an RMM tool to actually look at it. So, you might not get to know that a particular computer of a client is doing something, and it might have got a virus. That person might know that, but unless you set it up to actually send you the information, you won't get to know that. That's one of the things that is hard with Microsoft Defender. It is not made for the MSP world where you have one pane of glass to see all of your clients with Microsoft Defender on it unless your RMM tool already has that built-in and it can see the telemetry from Microsoft Defender. 

Buyer's Guide
Microsoft Defender for Endpoint
August 2025
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
867,676 professionals have used our research since 2012.

For how long have I used the solution?

I have been using it off and on for some time.

What do I think about the stability of the solution?

Its stability is fine. It is a built-in and legacy solution. It can stand up to any other endpoint security solution. 

What do I think about the scalability of the solution?

It is not very scalable from the eyes of an MSP. There is no dashboard that you can use to see all of your devices that have Windows Defender unless you have your own dashboard or an RMM tool to actually look at it. Because it doesn't give you one pane of glass to look at everything, you have to have an RMM tool that can actually see the data coming from Microsoft Defender. If you don't have an RMM tool, you would need one, and that would be an extra cost.

I don't really use an RMM tool. We have a SOC, and I don't really deal with individual computers themselves. In the past, I have used RMM tools, and some of them do well with looking at Microsoft Defender, but my SOC has a really good dashboard that I can use to see what's going on with Microsoft Defender. I can actually control stuff on Microsoft Defender from my SOC.

How are customer service and support?

I have not used their support for Microsoft Defender. Generally, their support is fine. They've definitely improved and gotten better.

Which solution did I use previously and why did I switch?

I don't use Microsoft Defender that much. It is built into Windows 10, and if you put the antivirus or endpoint security on, it kind of turns itself off automatically. I've been using Bitdefender lately. I used to use Panda Security, but now I use Bitdefender.

I recommend it for clients who don't want to spend on a different endpoint solution, but I don't put all my eggs in one basket. I don't say that a particular antivirus or endpoint security solution is 10 times better than the other one. I just don't look at things that way because I know the process and what hackers actually go through to get past all of them. So, none of them are that much better. The only thing I tell others is to not use the free ones, but to that defense, they all have a level of reachability.

When it comes to performance, Microsoft Defender is much faster because it really doesn't look at all of the things that are Microsoft-focused. It has a better understanding of what Microsoft has made, whereas other solutions are going to look at anything as a potential threat. It is definitely a better option because it knows Windows. You install another antivirus on Windows, it has to try to figure out the software. Microsoft already knows how Word, OneNote, or their other solutions work. So, Microsoft Defender doesn't need to scan specific things, whereas Bitdefender or another solution doesn't know that, and it is going to scan everything, which can slow your system down. 

I offer a SOC, and we do real-time detection and response. I don't put all my eggs in one basket when it comes to endpoint security. I believe endpoint security needs to be there because it is a layer of security, but it is not everything. The reason I use Bitdefender is that it has more telemetry and more information coming out of it to put into my SOC than Microsoft Defender, which doesn't have as much telemetry coming out of it.

For telemetry or forensics, Microsoft Defender doesn't give you reports. It just does what it does. Microsoft Defender will give you information, but you got to go to the individual device. I can't pull much telemetry information into a SOC. So, if you want to see from where the hacker or the hacking software came in, how it got there, and how it moved unilaterally across the system or network, you may not get all of that with Microsoft Defender, but with the telemetry data that comes out of Bitdefender, you will get more of such information and you can follow its path.

How was the initial setup?

It just comes on a device when you buy it. When you buy a laptop, it is built into Windows 10. They have Windows Security, and there are separate pieces of it. When you look into some of it, it is called Defender. They also have a standalone Windows Defender.

It is a full endpoint security solution, and they have a firewall in there. You can go in there and set different things up for your firewall. When it comes to security, not everything is turned on. You actually have to go in and turn the ransomware part on. There are things about ransomware that you got to turn on, and they really depend on what you need in your practice or business. You have to make sure you go in there and look at it. You can't just set it and forget it. It does come automatically, but you got to go in there and set things up because they know that some things can stop certain aspects of your business from running. So, they don't want to turn everything on. They leave it up to you.

The configuration of those extra parts can get complex, but I do believe it is pretty straightforward. It involves more yes or no type of questions. It is just flipping a switch on each individual part that you want to use. It is just like everything else. You have to test and see if it is going to work in your environment.

In terms of maintenance, all the updates come with Microsoft. Every time they update Windows 10, they also update Microsoft Defender. It is pretty simple.

What was our ROI?

It doesn't really affect my business because the cost goes out to my client either way. If they have 200 devices and they are charged $2 per endpoint for each one of them, that's an extra $400 a month. If they are just using Microsoft Defender built into their systems, that cost goes away for them. My clients are definitely saving money with Microsoft Defender.

It doesn't affect my business because I'm looking at telemetry regardless of the solution. So, it doesn't matter if it is coming from Microsoft Defender or Bitdefender.

What's my experience with pricing, setup cost, and licensing?

It is built into Windows 10. If our clients are using Microsoft Defender, the cost goes away for them.

What other advice do I have?

It is just like anything. You should definitely do your homework and see if it is going to give you the information that you need. You should focus on forensics and the kind of information you are going to get out of Microsoft Defender. Will you get the reporting that you need? Will you get the telemetry and all the data that you need to be able to follow the path of an attack? You need to be able to see that. You need to know this information for your clients because they may need it for the FBI or something else. So, you need as much information as you can. You need to make sure that that you're going to get the information out of there and you have the right setup to be able to see everything with all of your clients. You should have an RMM tool or whatever you're using to be able to see all of your clients, and you need to make sure that you have the setup for that.

Microsoft Defender has been around for many years, and since Windows 10, they've really ramped it up, and it has gotten a lot better. I've seen some of the statistics on it, and it stands up against some of the other solutions out there, such as Norton. They've added things that make it more of an EDR, which is the endpoint detection and response layer. The ransomware was one of the big add-ons, and it is good that they've put that in there. It can stand on its own now.

It has not affected our organization's security posture a lot, but it has given me more options to lower costs for my clients. It has helped my clients and in turn, my business. It has not affected our end-user experience in a negative or a positive way. It is just a tool. I do the monitoring, stopping, blocking, and everything else for clients. 

It can be a good solution, and I hope that they grow with it and do more with it. They can make it simpler for the security and MSP world. If their solution just gets better for the MSP world, it would help everyone.

I would rate Microsoft Defender a seven out of 10 because of its lack of usability for an MSP and its lack of telemetry information, but it is useful, and it does stop ransomware.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Cloud Architect at a consultancy with 11-50 employees
Real User
Top 20
Robust security posture and streamlined incident response with excellent automation features, seamless integration within Microsoft systems and efficient threat prioritization
Pros and Cons
  • "The most valuable aspect lies in its automation capabilities, particularly within security automation."
  • "In terms of improvements for their technical support, a focus on enhancing response times could be beneficial."

What is our primary use case?

It is a comprehensive monitoring solution for all user activities and their associated details within our tenant. All data flows seamlessly through Sentinel, streamlining the process and ensuring thorough oversight of our environment.

How has it helped my organization?

It enhances our security posture. It seamlessly integrates with all our systems, particularly across our Microsoft infrastructure. It offers insights into threats, furnishing information about potential security risks within our environment. It effectively sets up alerts to notify us of any suspicious or unusual activities. The prioritization of threats holds significant importance. It concentrates on the most crucial threats rather than overwhelming us with all potential risks. It excels at organizing and highlighting those critical threats, providing a level of efficiency beyond what I've observed elsewhere. It has proven to be a cost-effective solution, saving both time and money, as the adage goes—time is money. Specifically, it has significantly reduced our time to detect and respond to incidents. Its real-time threat detection and blocking capabilities contribute to these improvements.

What is most valuable?

The most valuable aspect lies in its automation capabilities, particularly within security automation. It contributes to more efficient time management for us and it provides an efficient way to keep track of user actions and maintain a secure and well-monitored system.

What needs improvement?

In terms of improvements for their technical support, a focus on enhancing response times could be beneficial.

For how long have I used the solution?

I have been using it for approximately five years.

What do I think about the stability of the solution?

The stability is excellent and I've never encountered any issues; it has consistently performed well.

What do I think about the scalability of the solution?

The scalability is impressive, especially since we use it in the cloud. It works seamlessly without any issues.

How are customer service and support?

Microsoft's technical support is commendable. I would rate it eight out of ten.

How would you rate customer service and support?

Positive

What other advice do I have?

Overall, I would rate it nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Microsoft Defender for Endpoint
August 2025
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
867,676 professionals have used our research since 2012.
David Frerie - PeerSpot reviewer
Head of IT & Database Management at a educational organization with 51-200 employees
Real User
Is easy to use and implement, and decreases the threat detection and response times
Pros and Cons
  • "I like the simplicity of the portal and the integration with Microsoft Intune. Microsoft Defender for Endpoint is easy to use and implement."
  • "Right now, there's a portal for Azure, portals for Microsoft Office, and portals for endpoints. It would be good to have only one portal and integrate everything."

What is our primary use case?

We use it to prevent malware attacks.

How has it helped my organization?

The automatic report is very good, and it is easy to see which user or device has a problem. The benefit we were able to realize immediately was protection.

What is most valuable?

I like the simplicity of the portal and the integration with Microsoft Intune. Microsoft Defender for Endpoint is easy to use and implement.

It has helped automate routine tasks and the finding of high-value alerts. However, we have a small IT team, and we have not automated many tasks.

It has also helped us save a little time, but we have saved more time with email protection. We have saved money as well because of ransomware protection.

Microsoft Defender for Endpoint's threat intelligence has helped us prepare for potential threats before they hit and take proactive steps. We have a scoreboard of each device and can quickly see which device needs an upgrade.

This solution has made our threat detection and response time faster by a few hours.

What needs improvement?

Right now, there's a portal for Azure, portals for Microsoft Office, and portals for endpoints. It would be good to have only one portal and integrate everything.

For how long have I used the solution?

I've been using this solution for five years.

What do I think about the stability of the solution?

Because it is in the cloud, the stability is good.

What do I think about the scalability of the solution?

It is easy to scale and increase capacity.

We are at one location with multiple departments such as IT, marketing, sales, invoicing, etc. We are a small company and have 53 users of Microsoft Defender for Endpoint.

How are customer service and support?

I have contacted Microsoft technical support a few times a year, and they have responded quickly. I'd give them a rating of nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used a different solution and switched to Microsoft Defender for Endpoint because the integration and alignment with Microsoft was great. The previous solution was heavy, and it took a long time to update. 

How was the initial setup?

The initial deployment was easy and took a few hours.

It is deployed to the cloud, and I don't have to spend time on maintenance.

What about the implementation team?

I deployed it myself.

What was our ROI?

The ROI is very difficult to calculate, but it may be 20% ROI. We don't have any problems with ransomware or malware.

What's my experience with pricing, setup cost, and licensing?

It is an expensive solution. It would be nice if it could be included with the Microsoft Office package.

What other advice do I have?

In theory, the best-of-breed strategy is not secure, and practically, a single vendor's suite is better because there is only one contact.

I would recommend trying Microsoft Defender for Endpoint and would give it an overall rating of nine on a scale from one to ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
UchechiSylvanus - PeerSpot reviewer
Team Lead, Process Improvement & RPA at Fidelity Bank Plc
Real User
Top 5
Automation of routine tasks makes our processes more efficient
Pros and Cons
  • "It automatically detects intrusion and malware."
  • "The time it takes to restore the application could be improved. It has a lot of dependencies. It's not like the Microsoft security that comes with the OS. Updating through the command prompt, most of the time, it takes some time to download some of these dependencies."

What is our primary use case?

We use it for security purposes. It provides important security for some critical systems, such as network devices.

How has it helped my organization?

For securing access, USB security helps us block our USB ports and that ensures that users do not plug USB drives into their computers.

In addition, our efficiency in the way we handle our processes has been improved because the solution automates routine tasks and helps find high-value alerts.

It has also saved us a good amount of time, something like 15 percent, while decreasing our time to detect and our time to respond, each, by 5 percent.

What is most valuable?

It automatically detects intrusion and malware.

It's also easy to use. The interface is user-friendly and the navigation is 
not difficult. It is very easy to move from one hyperlink to another, to move from one solution within the platform to another solution.

And in terms of categorizing the info and the actions that need to be done, it helps you to prioritize threats. That is very important.

What needs improvement?

The time it takes to restore the application could be improved. It has a lot of dependencies. It's not like the Microsoft security that comes with the OS. Updating through the command prompt, most of the time, it takes some time to download some of these dependencies. They need to make the download of the dependencies more efficient.

For how long have I used the solution?

I have been using Microsoft Defender for Endpoint for more than five years.

What do I think about the stability of the solution?

The stability is okay.

What do I think about the scalability of the solution?

It is scalable. We use it for multiple departments, teams, and locations. We have over 5,000 users.

How are customer service and support?

I would rate Microsoft's technical support at seven out of 10, because of the time it takes them to respond. But when they finally respond, they give us complete attention and things are resolved within the SLA.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

Before Microsoft Defender for Endpoint, we were using McAfee.

What other advice do I have?

We constantly get updates from Microsoft that are light and they don't really affect us while we're working. The updates have been very helpful.

I would recommend Microsoft Defender for Endpoint.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1633539 - PeerSpot reviewer
Manager at a recruiting/HR firm with 51-200 employees
Real User
Supports centralized management, provides complete visibility, and reduces management costs
Pros and Cons
  • "We had Norton Antivirus before, and with Norton, we didn't have a way to centrally manage a lot of features. Defender allowed us to deploy it from our Office 365 admin console. That is probably the biggest thing that made us go with Defender."
  • "One thing that was lacking in Defender was web filtering. Its web filtering wasn't as comprehensive. Sophos was a little bit better than Defender for blocking URLs or installing programs."

What is our primary use case?

We're using it for endpoint security.

How has it helped my organization?

We are able to get quite a lot of details about the laptops that we have across the organization. I would rate it pretty high in terms of visibility into our environment.

We are better able to see or get alerts on things that we might not have been able to see before. With Norton, for example, we didn't have a centrally managed system. All we could see was that a node had some threat on it, and we had to manually log into that node and work with the user to figure out what that threat was. With Defender, we are able to see all of that through the console instead of having to reach out to the user, which speeds up the process of figuring out what type of vulnerability we're looking at, and we are able to run scans and do other things remotely without having to interact with the user anything. It speeds up our process of detecting vulnerabilities and threats.

It has significantly reduced the amount of time to respond to threats and manage threats.

It has definitely improved our security, and it also helped us in reducing management costs.

What is most valuable?

We had Norton Antivirus before, and with Norton, we didn't have a way to centrally manage a lot of features. Defender allowed us to deploy it from our Office 365 admin console. That is probably the biggest thing that made us go with Defender.

Since we moved to Defender, we have more visibility into our security posture for our devices across the organization. We can not only see how the devices are doing as far as AV is concerned; we can also see any threats that might come up. We get alerts on those as well, which is very useful for us.

What needs improvement?

One thing that was lacking in Defender was web filtering. Its web filtering wasn't as comprehensive. Sophos was a little bit better than Defender for blocking URLs or installing programs. 

In terms of additional features, we have more features than we use. We haven't really had a chance to dig too deep into it. 

For how long have I used the solution?

We've been using this solution for about a year.

What do I think about the stability of the solution?

So far, so good. We haven't had any issues related to the service not being available or anything like that.

What do I think about the scalability of the solution?

It is highly scalable. We were able to deploy it across the organization fairly quickly. It is also pretty straightforward to add users or remove users.

We use Office 365 and Azure AD. We have somewhere around 400 users dispersed across the USA.

How are customer service and support?

When we reached out for support, there were times when it took a little bit longer than we liked, but once we were able to engage with their support, we were able to get the resolution fairly quickly.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We were using Norton as our endpoint antivirus solution. We switched so that we are able to centrally manage endpoint security.

How was the initial setup?

My team implemented it, and I was in charge of overseeing the deployment.

We're a small team managing about 400 users across the organization. A lot of them are remote, especially since the pandemic. We have a couple of administrators who are responsible for checking Defender and just keeping on top of our security.

What was our ROI?

We have definitely seen improvements in terms of quickly being able to manage threats and being able to centrally manage everything.

What's my experience with pricing, setup cost, and licensing?

We mostly use Microsoft products. We use Office 365, and we use Azure. We're also a Microsoft partner. So, the licensing was much cheaper for us, and at the same time, a lot of the features that we were looking for were included in Defender.

We were trying to get our firm the security certification for government contracting. One of the requirements was to upgrade our Microsoft licensing to a level to be able to use the government cloud. We found out that the required licensing already included Defender. So, it helped us kill two birds with one stone. It was much easier for us to convince the executives to go with it.

Which other solutions did I evaluate?

We did evaluate other options. CrowdStrike was one of the solutions we looked at. It was a pretty good option, and then there was Trend Micro. Symantec was another one, and then there was also Sophos. Those were the options that we were looking at.

Some of them were priced prohibitive for us. Sophos was a pretty good solution, but it was pretty expensive as compared to some of the other options. Trend Micro was good, but the management interface was lacking for us. It didn't have some of the features that we were looking for. Symantec was just expensive, and their centralized management was also not that great. So, both Trend Micro and Symantec didn't have good management interfaces. Sophos had probably the best one, but it was very expensive. Sophos was also better than Microsoft Defender in terms of web filtering. Web filtering was something for which Microsoft Defender didn't have as good features.

What other advice do I have?

I would advise comparing it with others. If your environment is mostly Microsoft, it makes sense to use Microsoft Defender as part of your deployment.

I would rate it a nine out of ten.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1928946 - PeerSpot reviewer
Cloud Productivity and Security Engineer at a tech vendor with 11-50 employees
Real User
It shows you the dangers that matter the most to your own organization and which threats you should address first to achieve the most significant improvement in your security posture
Pros and Cons
  • "Defender provides useful alerts and groups them. It sends an alert to your portal if it detects any malicious activity, and you can group multiple alerts to form an incident."
  • "I had some cases a while back and told an agent my issue. When I called the next day, I had to explain everything again to a different person, so I found it annoying to repeat myself all over."

What is our primary use case?

We use a package of Microsoft security products, including Defender for Endpoint, 365 Defender, Sentinel, and Defender for Identity. You can integrate them with a few clicks. They work together natively, and Sentinel provides advanced monitoring, so you know everything happening in your environment.

It's essential to have one space where you can manage all these solutions together because security can be complicated. It makes it that much more complex to have to navigate to a different portal for identity, email, etc. It's crucial to have a single place to manage all your security operations, so you don't have to move around. 

We started with endpoint protection, where you install an agent on your client with a sensor already built in. Once you have that agent installed, the endpoint can report to the Microsoft security portal. You'll be able to see the device onboarded on the portal using some scripts, and you can monitor most of the vulnerabilities. You can also detect, respond and remedy security vulnerabilities from the portal.

We added email protection by setting policies that will analyze our email. It analyzes our links and attachments to see if there's malware attached. We move ahead to use Defender for Office 365. We also moved forward with Defender for Cloud, and the solution for our workloads, like VM, our network security group, etc. There is another one called Defender for Identity that lets us manage our on-premises and cloud identity from a single portal.

How has it helped my organization?

Many of our users are on older operating systems and browsers with vulnerabilities that harm the environment. An attacker can take advantage of those old browsers to access the infrastructure. Defender for Endpoint lets us identify those browsers with vulnerabilities and resolve the issues. We can also find processes that we didn't initiate and stop them right away.

Defender helps us prioritize threats from the security portal. It shows us the dangers that matter the most to our own organization and which threats we should address first to achieve the most significant improvement in our security posture. 

We can manage Defender for Endpoint and Defender for 365 from the same integrated security portal, and it's user-friendly. Microsoft is much more user-friendly than Sophos. 

Microsoft covers every aspect of security and the global challenges we face. The biggest threat today is identity and access management. If someone has access to your identity, they can access much of your technology. They have solid solutions for identity, email, and cloud. I don't think there's anything Microsoft left out. Microsoft has your security environment protected. 

Sentinel enables you to ingest data from your entire ecosystem from on-premise to the cloud. It has single sign-on technology, so you can use your account from your on-prem to sign on to the cloud and vice versa. A user doesn't have to remember a lot of passwords.

Sentinel's data ingestion is essential. Security tasks can be tedious. It's great to have technology that lets you integrate all your data from different sources. You can also incorporate data from other clouds, not just Azure. You can have data from Azure and on-premise. 

So far, Sentinel is one of the most comprehensive SIEMs I've seen. They have even added this XDR. Sentinel doesn't just do SIEM and SOAR. It also covers XDR. The automation is there, so you don't have to do much work. The automation helps you look at the activities behind all this data and correlate them to see the relationships. It gives you information at a glance to see if there is a relationship between these various data sources. 

Defender saves us time. A task takes typically three days and could be accomplished in one day using Microsoft technology. With an on-premise network, you need to switch between portals on all your network devices, but you can achieve that from one portal. You can set policies that will block traffic to your infrastructure, so it saves time. The advanced threat protection using AI has also reduced our detection time. 

We've also saved money. We previously managed the technologies on-premise, so we had to maintain the solutions ourselves. We spend less using Microsoft cloud technology because we don't need to pay for those extra features. We only need to pay for operational expenses. 

We don't have to go to the affected devices when we see a security vulnerability from the portal. We can respond to those issues and resolve them using an endpoint management solution, like Intune. When we resolve a security issue, it takes a week to see the score, but we see the results immediately.

What is most valuable?

I like the security score that you can see from the portal. You can see the list of the vulnerabilities, and the security score tells you how well your organization is managing those vulnerabilities. It's a strong feature that helps improve your security operations.

Another helpful feature is the recommendations. The portal will guide you on how you can resolve those issues from your own endpoint. This feature is great if you don't have that kind of experience. It will help you understand the technology better and improve your security posture. 

Defender provides useful alerts and groups them. It sends an alert to your portal if it detects any malicious activity, and you can group multiple alerts to form an incident. 

What needs improvement?

I would like to see Sentinel better integrated with the rest of the security technology within one portal. 

For how long have I used the solution?

I've been using Defender for more than a year.

How are customer service and support?

I rate Microsoft support seven out of ten. I had some cases a while back and told an agent my issue. When I called the next day, I had to explain everything again to a different person, so I found it annoying to repeat myself all over. 

It would be helpful if they had some coordination between their support, so we don't have to repeat ourselves. They should be able to transfer your details from one agent to another. 

Which solution did I use previously and why did I switch?

We previously used Sophos.

What's my experience with pricing, setup cost, and licensing?

Defender doesn't cost that much. When you use Microsoft technology, you can start with the free version and see how much the technology helps your organization solve security problems before you use the subscription. They also do this pay-as-you-go model, so you only pay when you use it. 

What other advice do I have?

I rate Defender for Endpoint nine out of ten. It's great. I don't have anything negative to say about those technologies. They are serving their purpose.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
reviewer1284948 - PeerSpot reviewer
Network Engineer at a real estate/law firm with 51-200 employees
Real User
Covers everything that we want from our security platform, integrates with all enterprise services, and is infinitely scalable
Pros and Cons
  • "It is a very advanced system based on AI. It has a very large database of places or sites on the internet where you should not go. It is continuously online."
  • "It makes your Surface devices hot. It is resource-intensive. It strains your CPU, not more than other file scanners around, but it also does a lot more. When you are transmitting files or data, it is continuously scanning the traffic and analyzing it bit by bit to see what's going on, and that, of course, is costly in terms of CPU. It is CPU intensive, and if you are on battery, it drains your battery fast. That's the only drawback that it has."

What is our primary use case?

We are a property investment company, and people here use Microsoft Surface devices for their daily job. We are a Microsoft-oriented company, and we use it for our basic endpoint security implementation. 

Our entire security is based on this endpoint solution. Sometimes you have centralized security where you scan all traffic going through a central firewall and you also check through several types of solutions. You also check HTTPS connections. Basically, for all the traffic going inside and outside the company, you use a security firewall, and this endpoint solution is actually a firewall solution or security solution that is distributed. So, all the traffic coming from and going into the end-user device is basically submitted for scanning. If you download an ISO on a website or an email, everything is scanned for security to check whether it contains any malicious data. 

We are using Microsoft Defender for Endpoint Plan 2, which is the enterprise version of Microsoft Defender for Endpoint. We are using the most recent version of it.

We deploy it via Intune. The feature is called Microsoft Intune Autopilot. We have a hardware hash. A colleague of mine prepares the configuration and then based on the hardware hash and Autopilot, the devices are completely installed and joined to Azure AD and then to our enterprise. Intune is a Microsoft device management platform that comes with Microsoft solutions. When you buy a new device, based on the hardware hash, it can automatically find that device through Autopilot and do the specific deployment for your company. So, the users can use any type of device, start it, and then it will automatically be joined to our environment.

How has it helped my organization?

It is a completely integrated platform with advanced threat analysis, SIEM features, updated inventory, and so on. It is an all-in-one solution. Microsoft is taking over lots of companies to provide more and better services to its clients. This is one of the best solutions around at the moment.

It protects our organization from all kinds of attacks, such as ransomware attacks and any malware downloads. It is like an oracle who knows everything about:

  • What is around at the moment?
  • From where the attacks are coming?
  • What is currently going on security-wise?

It knows about all the software that you have installed on the laptop, and whether they are not patched or have security issues. It covers everything you want from your security platform.

What is most valuable?

It is a very advanced system based on AI. It has a very large database of places or sites on the internet where you should not go. It is continuously online. 

It is completely self-sufficient. You don't have to install anything. It is completely integrated into the operating system, and it also has a centralized information dashboard where you can immediately see:

  • Are all your devices up to date?
  • Are there any threats?
  • Are the devices having problems with updates?
  • Are they infected with anything?
  • Was something blocked?

You can immediately see what is going on in your enterprise, in different networks, and also in people's homes in terms of endpoint security.

It is a zero-trust platform, and it integrates with all types of enterprise services that we run. It also integrates with the Office 365 environment where you can securely connect from anywhere.

What needs improvement?

It makes your Surface devices hot. It is resource-intensive. It strains your CPU, not more than other file scanners around, but it also does a lot more. When you are transmitting files or data, it is continuously scanning the traffic and analyzing it bit by bit to see what's going on, and that, of course, is costly in terms of CPU. It is CPU intensive, and if you are on battery, it drains your battery fast. That's the only drawback that it has.

They're continuously improving it. You can compare it with Teams. About a year ago, the codex and the presentation of the Teams application were not very well optimized, and if you were using the Teams application, it used to drain your battery. It still drains your battery, but they have improved it a lot, and it is a lot less CPU intensive after one year. They're working on Defender for Endpoint to make it less CPU intensive.

For how long have I used the solution?

We have been using Microsoft Defender for Endpoint for more than six months.

What do I think about the stability of the solution?

Its stability is quite good, especially with Windows 11, which is a very stable operating system. Of course, you can run into some issues. We have some issues with docking stations for Surface and screens, but generally, the operating system together with the endpoint security solution is very stable.

What do I think about the scalability of the solution?

It is the most scalable solution around. You can create an Azure tenant, and with a script, you can deploy 1,000 user accounts. There is no actual limit to it, so the scalability is infinite.

How are customer service and support?

Their support has improved. They're quite good. I would rate them an eight out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

It has the easiest setup that I've ever seen. It's completely integrated with Microsoft. When you deploy your machine through Autopilot and Intune and assign the license, everything is done automatically. Of course, you have a lot of possibilities and a lot of freedom for detailed configuration, but out of the box, it comes completely self-sustained. You don't have to do anything. This is one of the easiest solutions that I've seen.

You just apply for the plan in Office 365, and you set up your very basic Autopilot template where you would specify the types of software that have to be installed. For instance, you want Office or other types of software. The very basic template is enough to roll it out fully automatically.

It takes a couple of hours. If you apply for a tenant on Azure, you pay for the licenses, and you can roll out with a click on 200 to 1,000 endpoint devices within the hour. This cloud is really amazing.

What about the implementation team?

We are a small company with a few technical engineers, and we provide services for our clients. We provide all kinds of services such as maintaining endpoints and Azure cloud solutions with virtualized services and SaaS services.

Its implementation is more or less handled by my colleague. I do a little bit of configuration but not so much. My colleague knows about all the technical details. He does the complete installation and the complete central management of policies and templates. However, a basic part with basic software is very quickly implemented. You just create a tenant on microsoft.com, and then you can very easily roll out to as many workstations as you would like the necessary configuration for Defender for Endpoint.

What's my experience with pricing, setup cost, and licensing?

Its price at the moment is very good because you get a lot of value for your money, especially with the subscriptions. If you have the E1, E3, or E5 enterprise subscription, you pay per month per user, and you get almost an infinite number of solutions. If you compare the price to the number of solutions that you get, it is a very good deal. 

I'm only concerned about the future because Microsoft is taking over one company after another. In the end, there will be no alternative and then they can do whatever they like, but for now, in terms of price, Microsoft is one of the best performers.

What other advice do I have?

At the moment, it is one of the best security platforms for endpoint security in the market. It is comparable to SentinelOne in terms of features and functions.

It is part of Microsoft's ecosystem. If you need a reliable and secure work environment, and you are bound by GDPR and other standards where you have to take care of your data and prevent breaches and unauthorized access, it is a great solution. 

The E1, E3, or E5 license contains Defender for Endpoint along with many other solutions. Having just the scanner is not enough these days. You need an overview of your whole environment. You need to make sure that your endpoints are encrypted, they are up to date, and they are correctly using zero-trust relationships for your central services. All these things that you need these days are perfectly implemented in the solutions that Microsoft provides. This is the only way for a company that takes data seriously and has to give a guarantee to customers that data is protected.

It is resource-intensive, but you have to take into account that it is not only a file scanner. It is continuously scanning every connection you make on the internet. It is deeply investigating the data that you transport and the connections that you make. It is scanning your files, and it is scanning your software against all kinds of knowledge bases to identify whether there are vulnerabilities in the software that you use. It is a solution that integrates almost everything. It is doing what a central firewall did before, but it is doing that in a distributed way on your device. So, it does so much more than you expect. If you are providing it to your users, you have to take its CPU consumption into account, and you need to provide sufficient CPU power for this.

I would rate it an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
SamiEsber - PeerSpot reviewer
Security consultant at Manaai corp.
Real User
Reliable with useful security and helpful technical support.
Pros and Cons
  • "Technical support has been great."
  • "We'd like the stability to be better."

What is our primary use case?

It's used to improve the security score for the whole system, even if it is the cloud or on-premises version.

What is most valuable?

The security is very useful.

Its stability is okay.

The solution can scale. 

Technical support has been great.

There's no setup process; a user simply needs to enable it to get started.

What needs improvement?

We'd like the stability to be better.

For how long have I used the solution?

I've been using the solution for about two years. 

What do I think about the stability of the solution?

The solution is stable. There are no bugs or glitches and it doesn't crash or freeze. It's reliable and the performance is good.

What do I think about the scalability of the solution?

The product can scale if a company needs it to.

There's a big number of users on the solution in our company. It's likely more than 400 users. 

How are customer service and support?

We've dealt with support in the past and found them to be very helpful. We're quite satisfied with the level of service. 

Which solution did I use previously and why did I switch?

I'm also familiar with Trend Micro, which is similar. However, Defender is specific to Microsoft.

The company does use more than one solution as well. 

How was the initial setup?

There's not really an installation process. A user simply needs to enable it. That's all.

What's my experience with pricing, setup cost, and licensing?

We pay a yearly licensing fee.

What other advice do I have?

I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.
Updated: August 2025
Buyer's Guide
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.