Microsoft Defender for Endpoint Reviews

Our main use case for Microsoft Defender for Endpoint was that we needed to move away from Symantec, so we switched to Microsoft Defender for Endpoint because it was already available to us. We have E5s already and E3s, so it was part of our license already.

Generally, my primary reason for switching to Microsoft Defender for Endpoint was dissatisfaction with our current vendor.

Specifically, a lot of the support for Symantec was not working for us, as they got bought a couple of times by different companies and got split up during the Broadcom acquisition. They just were not covering our needs anymore, and they were getting more and more expensive. So, it did not make a lot of sense to be paying them when we already had the license through Microsoft as part of our E5 offering, E3s, and F3s, and all the other licenses we have.

I find the entire Microsoft Defender for Endpoint valuable because it finds not just definition-based threats but also behaviors. The ability to isolate machines automatically is crucial. During a recent data breach, it saw the accounts doing bad things. It was not just Microsoft Defender for Endpoint, it was all the Defender pieces working together, and it automatically isolated the accounts. They do not call it isolate in Identity; they call it something else. But it automatically basically turned those IDs off so they could not do anything and tried to help us prevent the data breach from being worse than it was.

When we first brought Microsoft Defender for Endpoint in, within about a month, we got an alert that one of our servers was breached, and it was a pretty good use case for the XDR. Traditional antivirus never would have seen it, but the EDR picked it up pretty quickly.

The logs go into our SIEM without needing to put an agent on all the computers to collect the logs anymore because they are already being collected by Microsoft Defender for Endpoint agent and shipped up to our SIEM. So we can go through there and grab most of the logs we need. That has cut down on some of our SIEM spend because it is already there. We do not have to send all those logs into Splunk anymore. Now we send everything central. The integrated product in general, all the pieces of it are put together. It is all Microsoft products, and it is pretty easy.

The experience of managing unified endpoint settings across both security and IT teams with Microsoft Defender for Endpoint is pretty simple. Microsoft Defender for Endpoint portal is pretty simple to set most of that up. A lot of that is handled by other teams in our department. I do not do a lot with the actual configuration of endpoints. I deal mostly with the SIEM and response to alerts and responses instead of actual configuration.

Microsoft Defender for Endpoint has helped reduce mean time to remediation. Being able to isolate the device, once we isolate it, it is kind of remediated for the most part, and then it is just cleanup. That is a feature we did not have with Symantec, so it is a really nice piece to have.

Overall, I would evaluate the Microsoft support level that I receive at probably about a seven, but that depends on the day. It has been spotty. We have had issues where the urgency level of the Microsoft support is not as high as ours, especially during a data breach or potential data breach situation. We have had issues with some of the offshore support being lackluster. One specific thing that comes to mind is we were on a support call with our CISO on the call, and the Microsoft agent, who did not actually work for Microsoft, is one of the vendors that Microsoft uses for support, said, "Just to set expectations, my lunch break is in an hour and I am going to go away then." For us, it was already ten o'clock at night and we had been working on this for a couple of hours, trying to get a security engineer on with us. For him to tell us that he was going to go away and have lunch, it was, "Okay, but go find somebody else if you need to." It was just the lackluster approach, and it seemed like he did not really care. We seem to get a lot of this when we get non-Microsoft support.

I can identify areas for improvement with Microsoft Defender for Endpoint, as it is kind of a convoluted mess to try to take care of false positives. Especially when they have been identified as false positives but they keep going off over and over again. It is great for my pocketbook because it generates a lot of on-call action, but I would really prefer more sleep at two o'clock in the morning than dealing with false positives.

I would say that the unified portal for managing Microsoft Defender for Endpoint is suitable for both teams as they are all in there. It would be great if they would stop moving things around and renaming things, which makes sense. The new XDR portal is pretty nice. Being able to have it central again inside of the regular Security Center without having to open up two windows is helpful. Overall, I think it is pretty good. There is always going to be something that could be improved, such as alerting and the ability to modify alerts would be a little bit helpful to have. Being able to add more data into the alerts and turn off alerts that are not as useful would be beneficial.

It is hard to say what the quantitative impact the security exposure management feature has had on our company's security, because a lot of it is kind of subjective. I think we are sitting at around a fifty percent score still, and a lot of it is just kind of unusual circumstances that we cannot really implement without breaking the organization.

We have been using Microsoft Defender for Endpoint for probably four, maybe five years.

I would assess the stability and reliability of Microsoft Defender for Endpoint as mostly stable. Every once in a while, the security portal goes down, but these things happen. Any cloud product eventually has connectivity issues, especially when the internet at large has issues or it is being attacked, or someone may make a weird DNS change. But overall, it has been good.

Microsoft Defender for Endpoint grows with and scales with the growing needs of my company as we keep adding more into the Defender portfolio. We have implemented Defender for Cloud Apps, Defender for Identity, and Microsoft Defender for Endpoint. We keep adding more and more of the entire stack in there, and it is all kind of combined, so it is hard to tell where one ends and where one begins, because it all goes into one unified portal. So, for us as the analyst, we do not really care which platform it is coming from. We just want to take care of the alerts.

Overall, I would evaluate the Microsoft support level that I receive at probably about a seven, but that depends on the day. It has been spotty. We have had issues where the urgency level of the Microsoft support is not as high as ours, especially during a data breach or potential data breach situation. We have had issues with some of the offshore support being lackluster. One specific thing that comes to mind is we were on a support call with our CISO on the call, and the Microsoft agent, who did not actually work for Microsoft, is one of the vendors that Microsoft uses for support, said, "Just to set expectations, my lunch break is in an hour and I am going to go away then." For us, it was already ten o'clock at night and we had been working on this for a couple of hours, trying to get a security engineer on with us. For him to tell us that he was going to go away and have lunch, it was, "Okay, but go find somebody else if you need to." It was just the lackluster approach, and it seemed like he did not really care. We seem to get a lot of this when we get non-Microsoft support.

Positive

My experience deploying Microsoft Defender for Endpoint involved a learning curve, mostly. Deploying it was pretty simple. It was basically turning it on. Most of the process involved deploying the agents to the endpoints. It really was not that difficult of a process to deploy. It is pretty simple. Within a couple of weeks, we probably had it done. It has been a long time, though, so I do not remember everything.

Regarding my experience with pricing, setup costs, and licensing for Microsoft Defender for Endpoint, it has been included in my main license that I pay.

Before implementing Microsoft Defender for Endpoint, we did consider other solutions. It came down to cost. The cost of it already being part of our license versus having to pay for another license was the big one. We have seen some that we preferred a little bit better, but when you put the cost versus those features in, it just did not even register at that point because it would be so costly. We looked at CrowdStrike, and we looked at Trend Micro, which I think was in the mix somewhere. I did not even know they existed still.

I do not know if I have saved any money by switching to Microsoft Defender for Endpoint. Our Microsoft bill gets bigger every year, and we have to keep adding more licenses because you need an F3, F3 with security, A3, A3 with security, E5, F5, and whatever the licenses are. It is all alphabet soup at this point. All I know is our Microsoft bill is very large, and we just pay it every year.

For the price we pay for Microsoft Defender for Endpoint, I suppose it is okay, versus going out and buying a second product that we would have to pay for, because we would still have to pay for the E5s because we need it for everything else.

Microsoft Defender for Endpoint has helped reduce mean time to remediation. Being able to isolate the device, once we isolate it, it is kind of remediated for the most part, and then it is just cleanup. That is a feature we did not have with Symantec, so it is a really nice piece to have.

Microsoft Defender for Endpoint has the security exposure management feature that provides visibility into what settings and patches are missing.

My advice to someone who is looking to implement Microsoft Defender for Endpoint is that if you do not have another solution already, go with it. If you have Microsoft E5 licenses, it is free, so use it. I would rate this product an eight out of ten.

My main use case for Microsoft Defender for Endpoint is to protect the endpoint.

The main thing I like about Microsoft Defender for Endpoint is that you can integrate it with or deploy it with Intune, so it's really easy to deploy without needing to bring in any third-party solution. From there, we can integrate it into our management platform, so I think ease of deployment is probably our biggest advantage because once we have the data, we can use other tools to help analyze it, and we do use Microsoft as well.

We leverage Intune to help deploy Microsoft Defender for Endpoint, so having that single platform makes our job easier compared to the past, where we had to have line of sight to it, needing VPN, or any of that, because now the device just needs internet.

I don't get that far into the automatic attack disruption feature in Microsoft Defender for Endpoint, but from what the team tells me, they appreciate it. As far as I know, we are using the security exposure management feature of Microsoft Defender for Endpoint to optimize our security configurations.

Microsoft Defender for Endpoint has helped free up our SOC team to work on other projects or tasks. We saved about 20 percent of their time with Microsoft Defender for Endpoint.

The mean time to remediate has been lowered with Microsoft Defender for Endpoint. I have no idea how much it has been lowered, but I can say it's approximately 25 percent.

In terms of improvements or enhancements related to Microsoft Defender for Endpoint, I cannot really think of anything right now. Keep improving and do not back off, because that is usually what you run into: you pick a product, and then they start putting efforts in other places, and then it goes down. As long as Microsoft keeps maintaining improvement and keeps up with what the adversaries are doing, I cannot say I have anything specific.

I have been using Microsoft Defender for Endpoint for probably five years or four years.

So far, I do not know that we have had an outage with Microsoft Defender for Endpoint. There was an outage of the front door a couple of weeks ago, but to my knowledge, that did not impact Microsoft Defender for Endpoint.

I have never had any issues with the usage of Microsoft Defender for Endpoint. It is not the same as the old days where we had a console sitting on a server managing a limited amount of devices. Since it is talking to the cloud, as long as Microsoft can support it, that has not been a concern so far.

Microsoft Defender for Endpoint scales with the growing needs of our company, but I am not sure how to specify that further.

Regarding the customer service and technical support from Microsoft, when you get the right person that knows what you are asking the first time, it is excellent. However, when you get someone who may be new or just switched into that role, it can be less effective. That happens with all products. Because I am more on the sales side, I generally do not reach out to support often, but when I have, I have not had a problem.

Positive

We were using many different tools to address similar needs before choosing Microsoft Defender for Endpoint.

We stuck with Microsoft Defender for Endpoint because it met our needs and the cost side of it.

Regarding the pricing, the setup costs, and the licensing of Microsoft Defender for Endpoint, it is generally included for where we put most customers or clients, so they are actually getting rid of other products to save money. I do not have a problem with the pricing.

Just do not increase the pricing.

As long as you have Intune, the deployment process of Microsoft Defender for Endpoint is easy, but if you do not, then using scripts to deploy it becomes painful. Most of our customers or clients are using Intune now, so it is easy with that.

From my point of view, the biggest return on investment from using Microsoft Defender for Endpoint is that it saves us money because you have to have some tool out there. Especially when it is included with E5 or Business Premium, we are saving by not having that third-party tool, and then the remediation and the attack surface reduction are cutting human hours, so all of that reduces costs for us.

I think we always have to look at other products and evaluate if this product does something that we cannot do today and if it is something we should add, so it is always a possibility. But as I mentioned earlier, as long as Microsoft keeps focus and keeps enhancing and does not back off, I do not see any reason why we would need to switch.

My advice for other companies considering getting Microsoft Defender for Endpoint is to do it and do not think twice.

At the end of the day, we are always looking at ways to reduce the human time that we need, and I know on some things we have saved 25 to 40 percent, but I do not know how much for that specific aspect. We are definitely saving efforts versus having somebody manually do it. I would rate this solution a 9 out of 10.

The main use cases for Microsoft Defender for Endpoint are for vulnerability management and detection for both laptops and servers.

We find the features of Microsoft Defender for Endpoint valuable because we use it in a Windows shop, so it fits in nicely rather than buying another solution.

The advantages of using Microsoft Defender for Endpoint are that it fits into the entire ecosystem. We use Intune for MDM and all of that, so we can manage everything from the server side. We have had some challenges with the Linux side, but otherwise we have been fine.

From using Microsoft Defender for Endpoint, the benefits we have seen are the ease of use and the management because the team is already accustomed to it. We are in the entire Microsoft ecosystem using M365 and all of that, so it fits in nicely with all of the products.

Our team manages unified endpoint settings across both security and IT teams with Microsoft Defender for Endpoint, and it has been quite good. The way it links into Sentinel is helpful because we do a lot of KQL queries and Sentinel is used by both the security team and the infrastructure side. Through that, we can collaborate and see what is going on. On top of that, we have a managed XDR solution from another provider on the same console, providing a single pane of glass.

Microsoft Defender for Endpoint has helped free up our SOC team to work on other projects or tasks. However, we were pretty new to it and were concerned that we might misconfigure something or not be able to take advantage of it, so we hired a third party for the MXDR. Within the next two to three years, we plan to bring it all in-house, at which point we can definitely save a lot of time. Right now we are already paying somebody to do it.

Microsoft Defender for Endpoint could be better in the support on the Linux side. My Linux administrator complains sometimes that it does not work well with Linux servers, so if they could improve that, it would be helpful.

My Linux administrator said something specific that some of the libraries do not work well. He has to go in and tweak things because it blocks certain things and breaks things. He has developed a special script that he built on Ansible to deploy it. He has a way around it, but he was not happy about it.

As a product, Microsoft Defender for Endpoint is pretty good. If you are in the Microsoft ecosystem, it makes complete sense to go with those products. We have Entra ID, Azure, and most of the Defender products, except for a couple where we are pretty new, especially on the cloud side. Our security team has been looking at it from different angles.

The other problem we saw them mentioning is that we were hoping Sentinel would work as our aggregator tool because we have vulnerabilities coming from about ten different places and tools. We need something that will look at everything and consolidate and say that instead of these one hundred vulnerabilities, we should focus only on these ten that apply to us. Microsoft is not doing a really good job of aggregating. If they could improve on that, it would be excellent because they have a huge ecosystem with Microsoft Defender for all these different things. It would be great if they made something that understands the entire environment and could say that even though something may be a high vulnerability, if it does not connect to the internet in our environment, then it is actually low. That would give us the entire view from end to end.

The organization has been using Microsoft Defender for Endpoint for probably five or six years. I joined this organization about three and a half years ago, but they were already using it before I arrived.

We have not seen any return on our investment in Microsoft Defender for Endpoint financially. We had the product before I joined, so I do not know what was being used before. However, we seem to be happy with it, which is why we are still running with it. Some other things that we think we could implement Defender in do not look too good, otherwise my peer would not be looking at something like Wiz or CNAPP and other security products.

Our experience with pricing, setup costs, and licensing of Microsoft Defender for Endpoint is that it is a very complex question because currently we are not so happy with Microsoft pricing. I do not know what pricing is available in the US, but in Canada, we have had a pretty bad experience. It is not necessarily specific to Defender, but other products, for example Intune, can do a lot more, and to get those features, the advanced visibility or whatever, the amount of money they charge means we can pay about one-tenth of that for another product that will give us more details. We have actually seen that. We were not happy that Microsoft Defender for Endpoint, as a Microsoft product, along with Intune to manage devices, charges this much and still does not provide the information that we are looking for. On the Defender side, that is the reason we are looking at some other products like Wiz. Even though we are a Defender customer, they just do not do everything, and if they do do it, it is super expensive. That has been the trend we have seen with Microsoft lately—it is just getting more and more expensive. Even with all the AI features, they are saying that now you can do this with Copilot, but you have to pay this license now.

We probably looked at solutions similar to Microsoft Defender for Endpoint. We are happy with the endpoint piece of it except for the server side. So far it has been working and we are making use of it, hoping that it will improve as we go along. If not, maybe in the future we will look at something else.

We may be moving away from Microsoft Defender for Cloud because it was not fulfilling our needs, so we may be looking at another product called Wiz.

The main difference between Microsoft Defender for Endpoint and Wiz is that they are completely different. It is not a very good example, but it shows that Microsoft Defender for Endpoint, because there are so many different products within the Defender platform, would benefit from having everything within that platform. All of the information could be aggregated and consolidated. However, it seems that Microsoft Defender for Endpoint does a good job of certain things, but when moving to the cloud, we are looking at other products. Wiz is a CNAPP, which stands for Cloud Native Application Protection Platform. Microsoft has their product, probably one of the Defender for Cloud pieces, but we ended up going with Wiz because pricing and the features were just not there. It is completely separate from endpoint security.

On a scale of one to ten, I would rate Microsoft Defender for Endpoint an eight. The only thing is that the Linux server administrator said that it does not work too well for him, but we have a way around it, so we are okay.

We may not even be using the automatic attack disruption feature in Microsoft Defender for Endpoint, so I am not sure. We do have a lot of CAPs, which are Conditional Access Policies, that take care of a lot of those. We have a managed XDR, so they do a lot of that. I am pretty sure the security exposure management feature to optimize our security configurations is enabled, but I do not know. That piece is managed by my peer.

My overall rating for Microsoft Defender for Endpoint is eight out of ten.

Our main use cases for Microsoft Defender for Endpoint involve protecting our various endpoints, and we are currently looking at it extensively for our developer environments.

We have integrated Microsoft Defender for Endpoint and are using it for all of them.

I appreciate the features of Microsoft Defender for Endpoint because it is integrated with the workstations and the endpoints, so we do not have to add anything extra onto it.

Microsoft Defender for Endpoint integration in our organization benefits us by giving us more of a single point of accountability perspective.

Microsoft Defender for Endpoint has helped free up my SOC team to work on other projects or tasks because it has automated some things and allowed them to use that time to focus on other areas.

Microsoft Defender for Endpoint has helped reduce mean time to remediation, MTTR, and I have heard that it saved some time, but I do not know exactly how much time was saved.

For us, Microsoft Defender for Endpoint can be improved by providing better visibility into our developers' environments, especially as we try to integrate a lot of the AI coding environments, such as Windows Services for Linux v2.

I have been using Microsoft Defender for Endpoint for two years because I have been with my current company for that amount of time, and we have been using it the entire time that I have been there.

So far, Microsoft Defender for Endpoint has been very stable and reliable; we have not had any issues, and Microsoft has built good products. We have not experienced any downtime, crashes, or performance issues.

Microsoft Defender for Endpoint scales well with the growing needs of our organization; we are about 10,000 employees, so while we are not huge, it works well for our environment.

We have not really expanded the usage of Microsoft Defender for Endpoint beyond the initial one, although we are trying to get more visibility into the developer area, which would be a potential expansion.

While I do not see customer service and technical support on a day-to-day basis, from what I have heard, it is very good; we regularly talk to our Microsoft representatives, and they have always been very responsive.

I would rate customer service and technical support a nine because I believe a ten should be nearly impossible to achieve, but overall, it is good but not perfect.

Prior to adopting Microsoft Defender for Endpoint, we were using another solution, specifically Symantec and CrowdStrike.

From what I understand, it was pretty easy to integrate Microsoft Defender for Endpoint because it is integrated in, works with Entra, works with Microsoft 365, and works with all of our other ecosystem very well.

In the evaluation process for Microsoft Defender for Endpoint, the positive aspect that stood out was its integration with our existing Microsoft ecosystem, while the negative side is the concern of whether it is the best of breed, as we often try to do best of breed, and whether we are sacrificing anything by going with the Microsoft product rather than something else, which would also mean managing another solution.

From what I understand, my experience with deploying Microsoft Defender for Endpoint has gone very well; the team that manages it is happy with how they have rolled it out.

I do not manage the unified endpoint setting on a day-to-day basis, but from what I have heard, the team that manages it is very fond of it.

Regarding the automatic attack disruption feature in Microsoft Defender for Endpoint, I do not have day-to-day involvement with that, but I know the team that manages it is confident they are using it.

I do not know any specific challenges we have faced, but I think what worked well was just the visibility into the entire environment and being able to do that in place.

I have not seen return on investment with Microsoft Defender for Endpoint in the strictest sense, as it is really more about having better security, better posture management, and not having to pay for another solution and integrate it.

It is more about time management and improvements in productivity.

We have been discussing pricing, setup cost, and licensing, and we are currently on an E3.

We are discussing going to E5, which should probably be included, making it pretty easy as it is just about bundling it together into the enterprise license.

I do not know all the solutions they considered before selecting Microsoft Defender for Endpoint, as I was not part of that selection process, but I do know that they looked at some other options and settled on Microsoft.

The factors that led me to consider change included the need to consolidate. My advice to other organizations considering Microsoft Defender for Endpoint is that they should definitely look at it, especially if they are heavy users of the Microsoft ecosystem, as it works well, fits in, and gives good visibility.

It definitely should be something that anyone considering Microsoft products looks into. I would rate this product a nine overall.

My main use case is to protect the endpoint. I use Microsoft Defender for Endpoint as an EDR solution for protecting and monitoring endpoints, and my SOC monitors Microsoft Defender for Endpoint.

My favorite feature is the integration of Microsoft Defender for Endpoint and Microsoft 365.

Integration is my favorite feature because it is easy to have all insights and all alerts in one platform.

It benefited my organization by allowing us to respond faster to incidents and providing a unique view for reviewing how our security is progressing.

I would appreciate agentic protection as an additional feature in the next release to protect the agents that the business creates.

I believe there could be more integration with third parties that can be improved.

I have used Microsoft Defender for Endpoint for two years.

I assess the stability and reliability by conducting penetration tests and vulnerability assessments for all solutions every six months.

Microsoft Defender for Endpoint passes penetration tests and assessments, and it works as expected.

I have not used customer service at any point yet.

Neutral

I considered other solutions before choosing this one.

I can name them as SentinelOne and CrowdStrike.

The deployment is easy because I am already using Intune. I use Intune to deploy the solution easily.

I have seen a return on investment for my company from this solution. Microsoft 365, even if I do not use the security component, has already paid for itself.

The cost and pricing are integrated into the Microsoft 365 environment, so it is not an extra cost.

I chose Microsoft Defender for Endpoint because of cost and integration with the ecosystem.

The experience of managing unified endpoint settings has been straightforward.

My experience with automatic attacks includes having many attacks every day. I have created many automations to automatically respond to attacks, which makes it easy for my SOC team to focus on real, bigger problems rather than specific, small ones.

Creating this automation is easy and not difficult.

I update the automation approximately once a month. If the ecosystem changes, I need to update, add more integration, or make other adjustments, but it is not difficult to update.

It did help reduce the mean time to remediation, or MTTR.

I rate this solution an 8 overall.

An example of how it has benefited the organization is that the attack surface reduction capabilities offer a predefined set of rules that differ based on deployment models across things such as whether you deploy it through Group Policy or Intune. Realistically, the capabilities of that element of the platform provide additional security controls to organizations, such as blocking macro-enabled documents. Obviously, you could not do that for a finance department who might run on macro-enabled documents, but if you can reduce the attack surface through effective exclusions, it allows you to minimize that risk somewhat. This means you can actually properly reduce an attack surface because you are never going to be able to mitigate it entirely.

Positive

Comparing Microsoft Defender for Endpoint to the last one, generally, there is always going to be a disparity in function between any endpoint security solution. Some solutions are generally better than others. When I think of solutions such as Microsoft Defender for Endpoint, CrowdStrike, and Vulkan, those are very good solutions. However, depending on what I am coming from, it depends on whether I am building on the functionality available to me. It is really going to be on a case-by-case basis and solution by solution.

My experience with any automatic attack disruption is that it can be quite useful. I do need the correct licensing in order to leverage the full automated capabilities, but they are quite good. Beyond that, I have the opportunity to perform investigations and hand it over to my SOC team if I have an internal SOC.

I am using the security exposure management feature to optimize my security, which is nice because it collaborates between each of the capabilities of the XDR platform and gives me a holistic view. I can identify vulnerabilities that need to be dealt with, and I can also identify common threats to the organization.

Microsoft Defender for Endpoint has somewhat helped to free up my SOC team. I think that is somewhat complex because it can also add additional requirements for the SOC teams directly interacting with the XDR platform, especially if I am using something such as Sentinel. In that instance, I am going to leverage the automation capabilities to then run automated isolation of devices with XDR and endpoint. I am going to free time up, but I am creating new capabilities that need someone to manage them anyway.

It can help to reduce remediation time from hours to minutes.

The time it saves depends on how much of the automation is being leveraged. If I am fully licensed on Plan 2, and it does the full AIR piece, I get that full investigation. I am saving a lot of time for my SOC analyst because I am removing the need to manually go through and correlate the events. It does save a lot of time if used effectively and at the right license model.

I assess the stability and reliability of it by running evidencing exercises against the workspace that supports the product. Using Kusto Query Language, I can correlate the registry key values as expected based on control policy. I can run exercises using some of the Microsoft-hosted tooling that allows me to simulate threats. If I really want to, I could always get someone to do some red teaming exercises against it to check my configuration afterwards.

I would rate this product an 8 out of 10.

My main use cases for Microsoft Defender for Endpoint are mostly for end-user system protections, as well as a server environment.

The feature I appreciate most about Microsoft Defender for Endpoint is the portal, being able to see everything rolling up into the portal for a total overview of how the organization looks for all the managed endpoints.

A specific example of Microsoft Defender for Endpoint in use is that there will be a status on some of the devices that will report whether they are in a healthy state, need attention, or whether there is any critical alerting on it. Having that high-level visibility across a large organization is very beneficial.

One of the things that I think can be improved or added to a future release of Microsoft Defender for Endpoint is the timing, specifically the delivery of updates for Microsoft Defender for Endpoint, not just a product update, but also the signatures and so on within itself. The actual product updates have caused a little bit of disruption that could be avoided, so I think that customers need to have more granular controls as to when updates can be deployed versus more done from a top-down deployment perspective.

I have been using Microsoft Defender for Endpoint for four years.

I do have experience with Microsoft support already.

I would describe Microsoft support as good, but we also pay a lot; we have a very large investment with Microsoft on all of the products that we use. It is not just the security suite itself, so having that gives us some leverage for getting support as needed.

Positive

Before adopting Microsoft Defender for Endpoint, we used third-party products, specifically a lot of Trend Micro before switching to Microsoft.

What made us switch to Microsoft Defender for Endpoint was the support, as it was not as good as it should be with Trend Micro.

The return on investment for Microsoft Defender for Endpoint has definitely been a more productive, secure environment for us, but from a financial perspective, I cannot tell you if there has been an actual return on it.

My experience managing unified endpoint settings across both security and IT teams with Microsoft Defender for Endpoint involves using role-based access, where the Information Security group has a different view of the environment, separate from the actual local IT teams that are supporting the end-users. This helps both of them, one from an overall management perspective, but also from a local regional perspective, to know the health of the environment in those two different forms.

My experience with Automatic Attack Disruption in Microsoft Defender for Endpoint has been pretty good for us, as we have been able to stave off some issues and it has brought them to our attention. It has worked quite well.

We have tried to integrate every single thing within Microsoft Defender for Endpoint, but it takes a lot of time and planning because you do not want to just apply the security settings by default. You want to go through a test process; otherwise, you may introduce incidents.

I would say that testing it on Microsoft Defender for Endpoint is not difficult; it just requires proper planning when you do a rollout so that you do not cause issues of your own. The integration process has actually been quite good for us.

We do use the Security Exposure Management feature in Microsoft Defender for Endpoint.

The impact of using the Security Exposure Management feature is that Information Security says, 'You have some items to clean up,' and they assign a lot more work.

I would not say it helped free up the SOC team to work on other projects, but it gave them an area of focus to do their jobs better.

I would say that Microsoft Defender for Endpoint did reduce mean time to remediation.

The licensing for Microsoft Defender for Endpoint has been fine, but I do not know about the pricing that was handled at more of an executive level, so I do not know if that was good or not. I would rate my overall experience with this product as a nine out of ten.

My main use cases are security on our Windows 10 and Windows 11 laptops and desktops.

The feature I like the most is all of the signals that we can see out in the cloud and the correlation and detection reporting; that's very good.

It helps me because, on traditional EDR-type products that we've used, getting that information and getting the visibility down into the brass tacks of what your digital estate is, is very hard to do, so Microsoft Defender for Endpoint does a great job of that.

One example of a benefit for my organization is that Microsoft Defender for Endpoint has been leading the field in EDR, and there are so many benefits to how that is managed versus the traditional products; that's huge.

The Automatic Attack Disruption feature is good; I think we've only used that in a lab scenario, and I don't think that we've done anything with rolling that out yet because of the type of control and the level of feeling of trust that they have in that yet, so I'm unaware of any implementation.

I am using the Security Exposure Management feature, and with that, the security engineers on my team are using it to determine what our overall risk is on the desktop laptop fleet and to see how effective SCCM is in deploying the patches and whether things need to be ramped up or if they have to change the way that they deploy, and that's been a great informative site for that.

What I think can be improved on Microsoft Defender for Endpoint is that the whitelisting abilities are pitiful, and the understanding of how you go about doing that by the support techs that you speak with is really bad, so that I think is an area where Microsoft Defender for Endpoint needs improvement; the understanding and support of that and what actually works is pretty buggy.

I have been using Microsoft Defender for Endpoint for four years.

I think the stability and reliability of Microsoft Defender for Endpoint are very good; it's very stable, it doesn't hit the CPU as hard as other types of products, and it does play well with other security technologies, which I like because it's so well known in the industry; that's a huge benefit.

I see a return on investment from having Microsoft Defender for Endpoint because we are already a Microsoft E5 shop, and being able to use that allows us to cut back on licenses in other products that are not as good as Microsoft Defender for Endpoint.

How I would describe the experience of managing unified endpoint settings across both security and IT teams is tough; it's good, but I'm uncertain.

I would not say that it saves my SOC team time; rather, it saves them focus, so the amount of time that it would take to identify what the real threats to the business are is reduced. I would say it probably saves them three hours a week on what their other research would have to tell them.

It has helped me reduce the mean time to remediation; that is huge. It is beneficial because of the wait-and-see type aspect of pushing the patches and whether these people are in the office; that constant reporting even if they're not in the office and are working from home is fantastic.

I did think of other products before choosing Microsoft Defender for Endpoint; we did do a bake-off between this one and another, and based on research and everything that was involved, this one won.

I would describe the experience of deploying it as very easy on the desktop; for the configuration, again, back to that whitelisting piece, the whitelisting had to actually work, and that took a very long time; I would say a good year for Microsoft to get that right.

I don't have anything else to add about Microsoft Defender for Endpoint; it's a good product, and the ability that we'll have eventually to tie AI agents into it and to understand how to better configure our endpoints is going to be a game changer. I have given this review a rating of nine out of ten.

Our main use case for Microsoft Defender for Endpoint is endpoint security.

The features of Microsoft Defender for Endpoint that I like the most are that it is not a very intrusive product, so it is not using up a lot of compute.

We have an AI practice that uses quite a bit of compute, and the security product that we were using before Microsoft Defender for Endpoint was taking up quite a bit of compute for them, impeding them from helping our clients. We found a new solution with Microsoft Defender for Endpoint to bring that compute down so they could easily help our clients, speeding things up.

I like managing the unified endpoint settings across both security IT teams with Microsoft Defender for Endpoint; it is super easy. With Defender, it is all in that single pane of glass, whereas before I was using several different products, but now it is all underneath the Microsoft stack.

Microsoft Defender for Endpoint has helped free up my SOC team to work on other projects or tasks.

At least ten percent per week has been saved due to the efficiency gained with Microsoft Defender for Endpoint.

I do not have anything that I can think of regarding how Microsoft Defender for Endpoint can be improved or any additional features that should be included in the next release.

Currently, I have not expanded usage of Microsoft Defender for Endpoint; we are still using it as we started with.

I assess the stability and reliability of Microsoft Defender for Endpoint as being quite good; so far, we have not had any issues with it.

I have not experienced any downtime, crashes, or performance issues with Microsoft Defender for Endpoint.

Microsoft Defender for Endpoint scales very easily with the growing needs of my organization; it is easy enough to purchase new licenses as we grow.

I evaluate my customer service and technical support experience as what I expected from Microsoft; sometimes it is a little lacking, but for the most part, they are able to provide exactly what I need.

On a scale from one being the worst and ten being the best, I would rate my customer service and technical support an eight because I have always thought a little more improvement from Microsoft could come, especially from tier-one support where I have had to re-go through everything I have already troubleshot. Getting that escalation would improve things if they understood where I was coming from.

Positive

Prior to adopting Microsoft Defender for Endpoint, we were using another solution to address similar needs.

In the past, we were using Sophos for endpoint, and the factors that led me to consider change were performance, cost, support, and scalability. As we have not seen them really grow with the rest of the security field over the last five years, they were not improving anything, and their support was lacking.

My experience while deploying Microsoft Defender for Endpoint was extremely easy.

There were no challenges faced while deploying; it was a simple product to deploy, with the only issue being removing the old software.

We have seen a return on investment with Microsoft Defender for Endpoint.

In terms of return on investment, we are paying quite a bit less for Microsoft Defender for Endpoint, enabling us to use that saved budget for other products, and it is performing better than we had previously thought it would.

My experience with the pricing, setup cost, and licensing of Microsoft Defender for Endpoint is that it required one hundred licenses, which was fine, but I was hoping that I could use a little less for the demo. Other than that, the price point was quite a bit lower than competitors.

I considered several other solutions before selecting Microsoft Defender for Endpoint, but off the top of my head, I would not be able to name them.

Price point stood out as a major factor in my evaluation process, and as we are a Microsoft partner, continuing to work with Microsoft made the decision quite a bit easier.

I would advise another organization considering Microsoft Defender for Endpoint to take a look at it, especially for the cost point if they are already working inside of the Microsoft stack; it is seamless to deploy it, and it works with the other tools. I would rate this product a nine out of ten.

My main use case for Microsoft Defender for Endpoint is security for endpoints.

The features I like the most about Microsoft Defender for Endpoint include the EDR capability.

The reason I like the EDR capability is because of the response.

An example of how these features of Microsoft Defender for Endpoint benefited my organization is that it helped detect and action ransomware emails.

I describe the experience of managing unified endpoint settings across both security and IT teams with Microsoft Defender for Endpoint as a single pane of glass and response capabilities through Sentinel.

As for my experience with the automatic attack disruption feature in Microsoft Defender for Endpoint, I'm in sales, so I don't have that experience, but from a technical standpoint, I hear that the response capabilities are what matter.

I have integrated some of these features of Microsoft Defender for Endpoint.

Integrating them was straightforward; obviously, you need to know what you're doing, but being a partner and having the right training makes it straightforward.

I am using the security exposure management feature in Microsoft Defender for Endpoint.

I know there are individual SKUs that you can purchase, and from an improvement standpoint, the only thing I will mention is the cost. If Microsoft Defender for Endpoint can be more competitive and in line with what other vendors are doing, I think that would be a bonus.

I have been using Microsoft Defender for Endpoint for eight years.

I would assess the stability and reliability of Microsoft Defender for Endpoint as pretty good; we are very happy.

I have not experienced any downtime, crashes, or issues with Microsoft Defender for Endpoint.

Microsoft Defender for Endpoint scales with the growing needs of my organization pretty well. When a new person comes in, I add a license, and they get the policy, so adding new users is pretty easy.

Before using Microsoft Defender for Endpoint, we weren't using another formal solution, but we were looking at SentinelOne, Microsoft Defender for Endpoint, and CrowdStrike.

My experience with deploying Microsoft Defender for Endpoint is positive. I had Intune set up, so it was straightforward to push that as well.

I have seen 100% ROI with Microsoft Defender for Endpoint.

My experience with pricing, setup costs, and licensing for Microsoft Defender for Endpoint is that licensing is a bit pricey but also does a lot more than what other competitive products are doing. The setup was straightforward and could have been the same time spent setting up a competitive product, so it came down to licensing and the ongoing cost year over year.

The other solutions I considered before selecting Microsoft Defender for Endpoint included SentinelOne and CrowdStrike.

The quantitative impact this has had on my organization's security is that definitely the secure score has improved, which obviously helps on the insurance side as well as showing our customers that their data is secured with us.

Microsoft Defender for Endpoint has helped free up my SOC team to work on other projects or tasks.

I estimate that we have saved probably about 10 to 15% in time, enabling us to be more proactive instead of reactive.

Microsoft Defender for Endpoint has helped reduce mean time to remediation.

I have seen the time saved on that go from initially an hour or more to 15 minutes or less.

In terms of data points or examples, we were using SentinelOne, so removing SentinelOne or CrowdStrike or any other competitive product has allowed us to utilize that single pane of glass that Microsoft provides using Sentinel and other workflows, which is the ideal.

The advice I would give other organizations considering Microsoft Defender for Endpoint is to invest in Microsoft security tools.

I rate this product an 8 out of 10.