Microsoft Defender for Office 365 OverviewUNIXBusinessApplication

Microsoft Defender for Office 365 is the #1 ranked solution in top Email Security tools, #1 ranked solution in top ATP (Advanced Threat Protection) tools, and #8 ranked solution in top Microsoft Security Suite tools. PeerSpot users give Microsoft Defender for Office 365 an average rating of 8.2 out of 10. Microsoft Defender for Office 365 is most commonly compared to Proofpoint Email Protection: Microsoft Defender for Office 365 vs Proofpoint Email Protection. Microsoft Defender for Office 365 is popular among the large enterprise segment, accounting for 54% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.
Microsoft Defender for Office 365 Buyer's Guide

Download the Microsoft Defender for Office 365 Buyer's Guide including reviews and more. Updated: January 2023

What is Microsoft Defender for Office 365?

Microsoft Defender for Office 365 protects all of Office 365 against advanced threats like business email compromise and credential phishing, and automatically investigates and remediates attacks. With Defender for O365 you get Integrated threat protection for all of Office 365 that gives you:

- Native protection for Office 365 with built-in protection that simplifies administration, lowers total cost of ownership, and boosts productivity.

- Unparalleled scale and effectiveness with powerful automated workflows to improve SecOps efficiency.

- A complete solution for collaboration that protects you from attacks across the kill chain.

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Microsoft Defender for Office 365 was previously known as MS Defender for Office 365.

Microsoft Defender for Office 365 Customers

Microsoft Defender for Office 365 is trusted by companies such as Ithaca College.

Microsoft Defender for Office 365 Video

Microsoft Defender for Office 365 Pricing Advice

What users are saying about Microsoft Defender for Office 365 pricing:
  • "The pricing is normal. Considering its popularity, it's not overpriced."
  • "The solution could be better by simplifying the business model of their licensing. It was hard to figure out how to get the licensing done for the environment, initially."
  • "Defender for 365 comes in various plans and licenses, along with other Microsoft security solutions. Purchasing this kind of package or security bundle gives good value for money, and that's what I recommend."
  • "The solution saves money so we have seen a return on investment."
  • Microsoft Defender for Office 365 Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Principal Consultant at a tech services company with 201-500 employees
    Real User
    Top 5Leaderboard
    Essential security capabilities, plenty of email protection, and enhanced data loss prevention
    Pros and Cons
    • "Some of the valuable features on the email side are anti-phishing, anti-malware, and Safe Links."
    • "There needs to be an improvement in integrating the product to work across multiple operating systems, and to have better support for non-Microsoft file types."

    What is our primary use case?

    This solution is a mixed product. It can be used for email security and for information protection which is basically data loss prevention. Many people do this type of setup for DLP, but it is under Microsoft's naming convention, they call it Microsoft Information Protection(MIP).

    How has it helped my organization?

    It definitely is a must for email protection and O365 app DLP.  Combined with Microsoft Defender for Endpoint, Microsoft Defender for Identity, and MCAS, it provides a holistic solution for threat protection, email protection, O365 apps protection, and DLP for both internal and external risks.

    What is most valuable?

    Some of the valuable features on the email side are anti-phishing, anti-malware, and Safe Links. Anything that has the word "safe" in it is essentially made to defend against the common email vulnerabilities that you would see in similar products. Without these features, it does not have nearly the capabilities. 

    On the information protection side, the best features are probably the data loss prevention policies that cover the whole suite of Office 365 applications. I will explain it a little more, from an information protection standpoint, Defender for Office 365, does strictly apply to the Office apps, but that is where it can get confusing because it can do more. It works with MIP, and MIP can be part of a SKU in the M365, particularly the E5 SKU or equivalent. It can protect and prevent data loss of data wherever it operates. It does not matter where it operates, it can be in a different cloud service, on-premises, in Office, a SaaS application, or even It could be your own applications that you have developed. Defender for Office 365 helps with the loss prevention for Office 365 applications.

    What needs improvement?

    There needs to be an improvement in having the product work across multiple operating systems and have better support for non-Microsoft file types.

    Defender for Office 365 handles the Microsoft supported file types, but MIP is limited. This solution does what it needs to do, but it does not go to the depth of if it was working with MIP, a holistic information protection system. It does not support all the file types an organization might use. For example, AutoCAD B1 for manufacturing or defence-oriented companies, they have to add a third-party add-on, or you would have to create the extensibility.

    In an upcoming release, there should be business continuity features added. Proofpoint solution addresses what happens if you have an outage. If your tenant or your SaaS application is not available, there is no continuity right now with this solution. 

    Buyer's Guide
    Microsoft Defender for Office 365
    January 2023
    Learn what your peers think about Microsoft Defender for Office 365. Get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
    672,785 professionals have used our research since 2012.

    For how long have I used the solution?

    I have been using the solution for approximately 6 months.

    What do I think about the stability of the solution?

    Generally, it is stable with a good SLA.  Still there can be outages in either O365 or Azure AD but they are rare.  That is where Proofpoint adds a BC/DR feature that is lacking with O365 Exchange Online.

    What do I think about the scalability of the solution?

    It is a scalable solution. We have deployed it to several hundred thousand people, and it scaled fine. There are different considerations that need to be made before the solution can scale properly. For example, If I am in a hybrid environment, my connection to the cloud is 100 MB, and I have got 100,000 users, that connection bandwidth is not going to work. As long as people know that there are certain adjustments that are needed to scale, then it will scale properly.

    Another example, if it is a Multi-GEO spread across the globe, you are only as good as your network backbone or what you pay for your network backbone, this is the case in many clouds. If you are using a hybrid setup, it is the same situation, you need to figure out how to regionalize things and then have adequate bandwidth. There are techniques to use that makes sure you are using the shortest path to the cloud from each region. If you do not pay attention to all of these considerations when attempting to scale the product you are not going to have a good experience.

    How are customer service and support?

    Microsoft does a very good job of having information available for customers such as documentation and online videos. The problem is wading into every consideration that you have to have, such as, is the network sufficient, or evaluating the different setup scenario types where it could get really complicated. For example, having a Multi-GEO setup, what is the impact of a network on the performance. There are scenarios where it can get difficult, where a company acquires another company and they both are in separate Active Directory force and a lot of them at times, they do not know the order of how to do things. The complication of supported models between how you do identity and some of them do not even know how to do enterprise architecture or the difference between enterprise architecture and solution architecture. You could run into best practices not being followed and have to re-engineer everything, I have run into all kinds of scenarios.

    Generally, the only problem with the documentation is it is hard for people to put all the information together, there can be a lot of information. Microsoft support is only as good as their documentation, and their documentation is currently behind. Since Ignite 2020, all the announcements came out of that and the documentation still has not caught up. We are now at Ignite 2021. 

    A lot of these technical support agents just read a script. However, it depends on which level you are talking about. If you get entry-level support and then you are moving up the ladder, it could take time to get the information you are seeking for a resolution. If you get the right support person then you are good, but if not then you could be going around in circles for a while before you are able to resolve your issue.

    Which solution did I use previously and why did I switch?

    At GuidePoint Security we are paid consultant therefore work within the requirements of customers.  Some customers understand the holistic Microsoft XDR and information protection solutions and how they integrate together to send signals to a SIEM/SOAR product for incident discovery and remediation.  Others use a mixed bag of products from CrowdStrike, Symantec, etc. on endpoints, may use a third-party CASB product i.e. Netskope which combined with Netskope's Secure Web Proxy forms their SASE solution.

    How was the initial setup?

    The installation can be easy in SMB but there can be some difficult challenges in large enterprises.  Typically it is companies going through mergers, etc.

    What about the implementation team?

    Full deployment can have challenges, but it is all depending on your organization's usage. For example, organizations that have to be in the government cloud and where they have both US and non-US citizens. In the government cloud, friendly nations can participate in the government cloud and there are some that definitely cannot. There could be many that cannot be allowed. For example, If there were two that could not be allowed, those two clouds have to be separated completely. They cannot communicate with each other whatsoever. That is a little bit of a problem for some organizations. What if I have a subsidiary in Australia that says, "No, I do not want to be in the government cloud." how are you going to handle the fact that all your US subsidiaries have agreed to go into the government cloud and the Australian one is sitting out saying "no". You then now have to treat these separately like they are two separate organizations.

    What was our ROI?

    We have received a good return on investment with this solution, it does what it is supposed to do. Particularly from the email and information protection perspective, it does a very good job, but it could be better.

    What's my experience with pricing, setup cost, and licensing?

    Microsoft licensing should include Microsoft Defender for O365 in their E3 and E5 licenses.  Currently it is all or nothing unless you purchase an add-on which we advise enterprise customers to do.

    Which other solutions did I evaluate?

    I have evaluated Proofpoint in the past which has continuity features that this solution is lacking.

    What other advice do I have?

    The solution is really good, but not perfect, nothing is. They have done a very good job, they just have a little ways to go. The way their documentation is constructed, connecting the dots holistically is something people find hard and that is the reason they call people like me because I know how to connect the dots.

    I rate Microsoft Defender for Office 365 a nine out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Sachin Vinay - PeerSpot reviewer
    Network Administrator at Amrita
    Real User
    Top 5Leaderboard
    Prioritizes threats across our enterprise and safeguards us from any incoming threats or viruses
    Pros and Cons
    • "Microsoft Defender has a feature to protect each and every attachment. Even if it's an encrypted attachment, it will check for any potential threats."
    • "Microsoft should provide more documentation for users so they can self-educate. I would like to see more documentation for advanced security features."

    What is our primary use case?

    We mainly use Microsoft Defender for Office 365 to secure our Office 365 combined application package, which includes Outlook, Word, Excel, PowerPoint, OneDrive, Skype, and Teams. We have all of these combined packages in our cloud. 

    Before we deployed Defender, we didn't have the right solution to safeguard these applications because our data was moved from multiple locations, from Outlook to OneDrive, for instance. After the introduction of Defender, we could instantly control most threats.

    We also use Microsoft Defender for Identity and Cloud Apps. We deployed Identity recently. 

    Integration is easy because Microsoft is the vendor of all of these security products. Most of these products are closely integrated, whether they're on-premise or deployed on the cloud.

    These solutions work natively together to deliver coordinated detection and response across our environment. All of these features work on different security layers to ensure protection. Microsoft Defender for Identity gives protection to users. That's an application layer. Simultaneously, Defender for Cloud also provides a layer of security. Each Microsoft product offers a different layer of security, so our organization is secure.

    These security products offer comprehensive threat protection. Each day, thousands of people send emails that contain malicious content. Microsoft Defender for Office 365 constantly monitors those attachments and gives us alerts so that we're able to focus on threats and prioritize them accordingly.

    We use the bidirectional sync capabilities. It's an important feature to us because we need it for proper syncing and security, both on-premises and on the cloud.

    The solution is deployed on a public cloud.

    Defender is used in one tenant, and multiple departments use it. It provides security for about 2,000 users.

    How has it helped my organization?

    We have seen multiple benefits from using Defender. Our data was on-premises about five years ago. We migrated our data to the cloud to improve our security. It's awesome to get all of the security features in the cloud. To apply these features on-premises requires different hardware and multiple vendors. With Microsoft Defender, we're able to have a single manufacturer.

    Microsoft Defender for 365 helps automate routine tasks and the finding of high-value alerts. It's a detection mechanism, so it doesn't solve the issue, but it will give us alerts and other notifications. It provides system alerting and patches.

    The alerting automation definitely affects our security because our organization requires alerts constantly. The Defender setup for Office 365 applications gives us a clear alerting dashboard. The dashboard has multiple features that are linked to most of our applications, so it's more secure.

    This solution helps eliminate the need to look at multiple dashboards. With different vendors for security, we obviously had vertical dashboards. Microsoft Defender gives us a single dashboard that we can link to other applications. 

    Defender has reduced time spent by 50%.

    It definitely saves us money because other vendor products cost more. The hardware itself costs money. Defender's subscription costs less. We have saved 50% compared to other solutions.

    Defender decreases the time it takes to detect and respond. We're able to detect 20-30% faster.

    What is most valuable?

    Most of our files are being stored in OneDrive. We need to safeguard those links because users have to forward them to multiple locations. Microsoft Defender has a feature to protect each and every attachment. Even if it's an encrypted attachment, it will check for any potential threats.

    If there are any spam contents in an email, we will be notified. With the implementation of Defender, we're able to correctly monitor attachments, files, and safeguard the required data. 

    Microsoft Defender for Office 365 provides us with visibility into threats. Our emailing system is Microsoft Office Outlook. We also use a mail server from Microsoft. If there's an issue, we're able to troubleshoot it right away and give a solution. All of the administrators are properly alerted in their dashboards.

    Microsoft Defender for Office 365 helps us prioritize threats across our enterprise. It safeguards us from any incoming threats or viruses. It scans every bit of information from the software cloud, including attachments, links, or malicious emails that hackers generate to break the security system.

    It's definitely important that Defender helps us prioritize threats across the enterprise because some of the security breaches are less serious, so there is more time to troubleshoot. We're able to see everything in the dashboard, so we're notified about the important threats and can act accordingly to resolve them.

    What needs improvement?

    The advanced threat protection requires awareness and knowledge from administrators. Microsoft should provide more documentation for users so they can self-educate. I would like to see more documentation for advanced security features.

    For how long have I used the solution?

    I have used this solution for about five years.

    What do I think about the stability of the solution?

    It's completely stable.

    What do I think about the scalability of the solution?

    It's scalable.

    How are customer service and support?

    Technical support is really good. I would rate them as nine out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We haven't used any other solutions.

    How was the initial setup?

    The setup was straightforward.

    Maintenance isn't required because the solution auto-updates.

    What about the implementation team?

    We received support from Microsoft for implementation. Four system administrators were needed for implementation.

    What was our ROI?

    We have definitely seen a return on investment. OneDrive stores a lot of data, and maintaining the security of that data is a large task. It would be expensive to integrate another solution for that task. Since implementing Defender, we have saved a lot of money.

    There are other Microsoft products included in the package, so we're able to save more money. I think there's a great return on investment.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is normal. Considering its popularity, it's not overpriced.

    Which other solutions did I evaluate?

    We haven't evaluated other options. To secure Microsoft Office 365 applications, we wouldn't necessarily go for other third-party solutions because Microsoft has its own proprietary solutions.

    What other advice do I have?

    I would rate this solution as nine out of ten.

    My advice for other people who are in security is to try Defender. It's much better than other top security appliances and it's completely affordable. For large and medium enterprises, it's definitely worth trying because applications like OneDrive require constant monitoring. 

    Multiple security solutions must be monitored constantly, and the maintenance cost will be much higher. Dependency issues will arise, and you will need multiple support people to troubleshoot issues. Sometimes the issue won't be found if it involves multiple dependencies from other vendors. We prefer to go with a single-vendor product like Microsoft because of their support.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Microsoft Defender for Office 365
    January 2023
    Learn what your peers think about Microsoft Defender for Office 365. Get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
    672,785 professionals have used our research since 2012.
    Senior IT Security Specialist at a tech services company with 1,001-5,000 employees
    Real User
    Top 10
    Eliminated having to look at multiple dashboards, saving us time and helping us respond quicker
    Pros and Cons
    • "It also gives me good visibility because, with Defender, I'm using a Microsoft product to defend Microsoft products. The integration was really seamless and I have wide visibility because it picks up almost everything. Literally, I can see almost every activity that happens, from the e-mail to the workstation itself."
    • "One area for improvement is support, in terms of being able to reach them and, especially, technical support for configuration."

    What is our primary use case?

    I use it for email security and to scan for phishing attempts. I use it for endpoint security as well and scan for any malicious activities, such as viruses, malware, or possible ransomware; to prevent any kind of malicious activity. I also use it to investigate and respond to malicious activity.

    How has it helped my organization?

    So far, it has helped with how we organize data flow within our IT department and has given us increased visibility.

    The solution has also eliminated having to look at multiple dashboards. Reconnaissance, or data gathering, is very important, and the speed at which we gather data is very important when responding to a threat.

    It saves me time because I don't have to go from one tool to the next, or one dashboard to the next to get similar information. Now, I just log in one time to my Azure portal and I can get everything I need from there. It also assists with email alerts because they are consolidated and very simplified. We don't have different tools sending alerts. It's just one tool sending them and they differentiate based on what is going on. That has really been awesome.

    The threat intelligence also helps prepare us for potential threats before we encounter them. We see recommendations and predictions from their SIEM.

    What is most valuable?

    The anti-phishing component and the investigation consoles that Microsoft gives you with this product are the most valuable features. The consoles are very detailed and mostly accurate. There are fewer false positives than in other products that I've used.

    It also gives me good visibility because, with Defender, I'm using a Microsoft product to defend Microsoft products. The integration was really seamless and I have wide visibility because it picks up almost everything. Literally, I can see almost every activity that happens, from the email to the workstation itself. It's a really awesome product in terms of giving me visibility into what's happening with the endpoints in my corporate environment.

    On the investigation console, it shows the form of attack vectors that I may be exposed to and it prioritizes things based on the risk factor. I know what to give priority to when it comes to remediation and prevention.

    In addition to Microsoft Defender for Office 365, we use Sentinel and ATP. They are all integrated. I wouldn't be the best person to speak about the integration process itself because I had huge assistance with that aspect. But I'm assuming it was not too tough because that part of the project was pretty quick. It's all license-based, so it's not that difficult.

    These products work together, natively, to deliver detection and response in a coordinated way. Whatever is reflected in one of them can be seen through evidence in the other tools. For example, if there's an email threat in an attachment and it is downloaded, Defender continues to pick up the trail from there and resolves the threat.

    One aspect of Sentinel that is very important is that it enables us to ingest data from our entire ecosystem. Sentinel is like having built-in AI that analyzes everything that goes on in the environment. The feedback from Sentinel is very important, so it's very important that it has 100% visibility into the environment. It helps us to make a lot of logical decisions.

    Sentinel also helps us to investigate threats and respond in an integrated way from one spot. That is important because the speed at which you respond to a threat is very important. The longer you take, the harder the threat will be to dissolve. The quicker the response, the better it is when it comes to remediating the attack or undoing the damage, and keeping downtime to a minimum.

    And the AI technology of Sentinel has helped to automate finding high-risk alerts. The alerts are prioritized based on the risk factor.

    For how long have I used the solution?

    We recently implemented Microsoft Defender for Office 365 and have been using it for about two months.

    What do I think about the stability of the solution?

    It's pretty stable. There's nothing on-prem except for the agents. They are the only thing you have to worry about. Everything else is in the cloud, so you don't have the responsibility of downtime when it comes to security.

    How are customer service and support?

    One area for improvement is support, in terms of being able to reach them and, especially, technical support for configuration.

    How would you rate customer service and support?

    Neutral

    What's my experience with pricing, setup cost, and licensing?

    The solution could be better by simplifying the business model of their licensing. It was hard to figure out how to get the licensing done for the environment, initially. That was the only hiccup we had when we enrolled with Microsoft for security.

    Which other solutions did I evaluate?

    We tried Cybereason and SimplySecure. We also tried SentinelOne and it was really good. The reason we chose to go with Microsoft was the added features for securing our email tenant.

    Sentinel is pretty cost-effective compared to other solutions because, with Microsoft, we get multiple products for a holistic, cheaper subscription price. The things we would have to purchase from different vendors are the things that Microsoft gives us all in one. Instead of paying Splunk for a SIEM, and paying Fortinet for EDR, we can have a subscription-based solution at a cheaper rate from Microsoft, which is an all-in-one solution.

    What other advice do I have?

    They really keep up to date with the definitions and upcoming threats that are out there and are doing a pretty good job of defending us, in comparison to other products. They're really catching on. Before, I wasn't a Microsoft person, but I'm slowly getting there because these products have really assisted me of late. They have given me a lot of perspectives on security in general.

    It's a good solution for enrolling all your devices. You can have Mac, Windows, and Linux in your console for security visibility. Once your alerts are configured correctly, you shouldn't be missing anything. It's really good for getting alerts to you about anything anomalous.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    DevSecOps Engineer at a tech services company with 11-50 employees
    Real User
    Top 5
    Reduces our response time such that what once took at least an hour can now be resolved in minutes
    Pros and Cons
    • "The email protection is excellent, especially in terms of anti-phishing policies."
    • "Several simulation options are available within 365, and the phishing simulation could be better."

    What is our primary use case?

    We're an MSP, and we deploy security solutions to our clients based in the UAE. We are currently implementing the product ourselves and developing the capacity to deploy it to our clients. We have around 200 total end users. 

    In addition to Defender for Office 365, we also use Defender for Cloud and Microsoft Sentinel. The products are integrated.    

    The integration was straightforward, as most of our clients and we operate an Azure environment, so integration is usually as simple as a few clicks.

    How has it helped my organization?

    Defender for Office 365 helps automate routine tasks and find high-value alerts, which we can do using Azure Logic Apps. We can create operations, automate them, and make a workflow using automation. One of our clients didn't have the budget to invest in a SOC team, but we deployed the solution for them, and they now run a SOC with only one analyst. They can achieve this kind of maturity through the product's automation.   

    The solution's threat intelligence helps prepare us for potential threats before they hit and take proactive steps. Sentinel also features robust threat hunting, which provides indicators of possible attacks and is beneficial information to have.   

    Defender for Office 365 saved us time, we have seen many improvements to the product, and Microsoft regularly brings out new features. The tool is at a good point right now and is on the path to improvement. Time saved is in the region of 30-40%.  

    It decreased our time for detection and response, especially with its SOAR capabilities. We can activate automated runbooks in a few clicks and block a malicious or unauthorized user in a single click. We rapidly receive alerts, which reduces our response time such that what once took at least an hour can now be resolved in minutes.   

    What is most valuable?

    The email protection is excellent, especially in terms of anti-phishing policies. 

    The solution's information protection around sensitive labels and compliance-related security features are also very valuable.

    Defender for Office 365 provides excellent visibility into threats; we can see the attacks and phishing campaigns running against our users from the portal.  

    The product helps us prioritize threats across the enterprise, which is essential because most of our clients come to us with alert fatigue. They have so many alerts they often need help determining which ones to work on, and the solution's threat prioritization helps us narrow that down.  

    The comprehensiveness of the threat protection provided by Microsoft security products is excellent; we wouldn't use any other third-party security solutions, and it all comes packaged with Azure or an E5 license.    

    Microsoft Sentinel enables us to ingest data from our entire ecosystem, which is vital because when we deliver security products for clients, one of their primary requirements is to collect all the on-prem logs and put them in the cloud. Sentinel is capable of this and requires some expertise to operate in this way. 

    Sentinel allows us to investigate threats and respond holistically from one place; that's what it's built for. We work offsite as we aren't in the same region as our clients, so the ability to respond remotely is essential to us.  

    What needs improvement?

    Several simulation options are available within 365, and the phishing simulation could be better.

    I want to see improvements that will make the tool easier to operate. 

    For how long have I used the solution?

    We've been using the solution for one year. 

    What do I think about the stability of the solution?

    The product is stable. 

    What do I think about the scalability of the solution?

    Defender for Office 365 is scalable. 

    How are customer service and support?

    We never had to contact technical support. When we encounter an issue, we can search for a solution on the internet or YouTube, for example, for specific configurations. There's excellent community support available.

    Which solution did I use previously and why did I switch?

    We didn't previously use a different solution. When I joined the company, we were and remained Microsoft Gold Partners, so we don't have any other third-party tools.

    How was the initial setup?

    I wasn't involved in the initial setup, and the solution is lightweight in terms of maintenance. A yearly configuration review is sufficient. 

    What's my experience with pricing, setup cost, and licensing?

    Defender for 365 comes in various plans and licenses, along with other Microsoft security solutions. Purchasing this kind of package or security bundle gives good value for money, and that's what I recommend.

    To a colleague who says it's better to go with a best-of-breed strategy rather than a single vendor's security suite, in terms of pricing, it's better to get a good package for security solutions from one vendor rather than multiple vendors.  

    What other advice do I have?

    I rate the solution eight out of ten.

    Multiple integrated Microsoft solutions work natively together to deliver coordinated detection and response across our environment, and we Microsoft Sentinel to our clients. It's a SIEM tool, and once we configure Defender, we can push alerts to Sentinel, which is valuable.   

    We leverage Sentinel's SOAR capabilities with the help of Logic Apps, and many libraries are available to make automation easier. However, some complexity is involved in developing Logic Apps, so it requires some expertise.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: My company has a business relationship with this vendor other than being a customer: MSP
    Flag as inappropriate
    PeerSpot user
    Rajitha Jayasekera - PeerSpot reviewer
    Associate Tech Lead at a computer software company with 51-200 employees
    Real User
    Top 20
    Helps us target software vulnerabilities and update software sooner
    Pros and Cons
    • "It also gives the vulnerability status according to the versions you have selected. Let's say you have Google Chrome. It mentions the versions it has, and it updates. Within two hours of an update, it is reflected in the dashboard. That's really nice to have."
    • "In one of the reports I can get the exact place where a vulnerable file resides. But for that, I need to explicitly go into the device and check. If they could include that file part in the report, without my having to go to the device itself, that would help."

    What is our primary use case?

    We mainly use it to identify software vulnerabilities. It reports all the software vulnerabilities installed in our web stations and servers.

    How has it helped my organization?

    With Defender for Office 365, we have been able to increase the security posture across our organization. Within the first month of using this product, we realized that benefit.

    When it comes to software vulnerabilities, we can target them and update the software as soon as we see that there is a vulnerability. And then we can make sure that they are updated and check that the update process was successful within a different department. That has really helped us improve our productivity.

    The solution saves us time because we don't have to go here and there to identify things. It's a single portal that has all the details we need. Their support is also good. These features have, again, helped us improve our productivity a lot. It saves us about 25 percent of our time.

    It has also saved us money because we don't have to pay for other security products like Nessus. This solution has almost everything we got from other products, so we don't have to go for an additional solution. It's saving us about 50 percent, cost-wise.

    Our time to detect threats has decreased. With products like Nessus, until their scan runs, we are not aware whether a threat is fixed or not. But with Defender, within one to two hours that information is reflected. With Nessus, sometimes we had to wait a day to see that information reflected in the portal. Because we are aware of issues earlier, we can act on them sooner.

    What is most valuable?

    The most valuable feature is the score. By looking at the score, you can identify if you are at risk or not.

    It also gives the vulnerability status according to the versions you have selected. Let's say you have Google Chrome. It mentions the versions it has, and it updates. Within two hours of an update, it is reflected in the dashboard. That's really nice to have.

    It gives me everything I need, visibility-wise. It also helps prioritize threats across our enterprise and that's very important. That means we can identify the critical vulnerabilities first and keep an eye on other vulnerabilities. By looking at the dashboard, I immediately get an idea of how critical an issue is and we can fix vulnerabilities before they result in an attack.

    It has also helped eliminate looking at multiple dashboards, giving us one XDR dashboard, which has made our security operations really easy. We can also create internal tickets within the portal itself. We can assign them to people and see how long it took them to close the tickets. That makes things really easy.

    What needs improvement?

    In one of the reports, I can get the exact place where a vulnerable file resides. But for that, I need to explicitly go into the device and check. If they could include that file part in the report, without my having to go to the device itself, that would help.

    For how long have I used the solution?

    I have been using Microsoft Defender for Office 365 for about two years.

    What do I think about the stability of the solution?

    It is stable.

    There are bugs here and there, but they have been able to rectify them.

    What do I think about the scalability of the solution?

    It's scalable. It discovers almost all of the workstations and servers across our organization. We have about 3,000 endpoints.

    How are customer service and support?

    Whenever we ask a question, they provide us with a solution. I'm happy with their technical support.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We previously used Nessus. We switched mainly because of the cost and the integration. With Nessus, we had to install an agent, but with Defender, since we were already using it, we could just turn it on with the cloud portal and deploy it very easily.

    How was the initial setup?

    I wasn't involved in the initial setup, but in terms of maintenance, we push it through Windows Update so we don't have to explicitly do any updates.

    What's my experience with pricing, setup cost, and licensing?

    I would recommend Microsoft Defender for Office 365. 

    If you already have a deployment method, like CCM or something similar, it will be easy. Even if not, there are several other deployment methods that could support any scenario.

    Which other solutions did I evaluate?

    We already had an Office subscription, so we just started a trial and we were happy with it and we went with it.

    What other advice do I have?

    In terms of a best-of-breed strategy rather than a single vendor security suite, a single vendor security suite is good when it comes to deployment and manageability. It's easy.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    IT Manager at SSEL
    Real User
    Easy to set up and configure and scales very easily
    Pros and Cons
    • "I would say that 90% of the spam and phishing attack emails get blocked right off the bat."
    • "The custom alerts have to improve a lot."

    What is our primary use case?

    We primarily use the solution for security purposes. 

    How has it helped my organization?

    Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect our organization against unknown malware and viruses by providing robust zero-day protection and includes features to safeguard our organization from harmful links in real-time. Defender for Office 365 has rich reporting and URL trace capabilities that give us (administrators) insight into the kind of attacks happening in our organization. We can discover how Defender for Office 365 can help in define protection policies, analyze threats to our organization, and respond to attacks.

    What is most valuable?

    Defender for Office 365 can help your organization configure policies, analyze threats to your organization and respond to attacks.  It is important to note that there are different levels of protection and capabilities depending upon which version of Office365 license you have. The best features we found most valuable are Forwarding Report, Safe Attachment Files Types, Treat Protection Status, Malware Detected in Email, URL Threat Protection and many more.

    What needs improvement?

    The custom alerts have to improve a lot. Though the system is very good, we have to go and check inside the admin panel to look at all kinds of reports. We won't get any mail alerts that highlight for us, for example, "today this many of spam attacks have happened". Or "these many emails have been blocked." We have to manually go into the admin panel and have to check it out. It would be nice if there are custom email notifications/alerts.

    Right now, there are additional features such as mobile device management and data loss prevention, or eDiscovery (where the admin scans through the inboxes and see all your mail and notes any deviation) that are only currently available under the E5 license. You can't get these services as part of a base plan. In the future, it would be nice if they were added as part of the base plan as well.  

    For how long have I used the solution?

    We've been using the solution for two years at this point. 

    What do I think about the scalability of the solution?

    In terms of Scalability, Microsoft has heavily invested in scalability and security of its Microsoft 365 platform in the last few years.

    Since it is a cloud based solution, at any point of time we can upgrade the number of users without any hassle and there is no user cap limit.

    Currently, we have 350 users at this time.

    How are customer service and technical support?

    The technical support is good. However, for us, personally, we didn't had any serious issues to contact with the technical support team as most of the errors or issues we faced we easily resolved from documentation from Microsoft website. 

    Which solution did I use previously and why did I switch?

    We have been using Fortinet Mail however, later on, we went with the Office 365 Email Protection Plan. The main reason for switching is before we were using G-Suite from google for emailing solution and later on we shifted to Office 365 and the Defender is an inbuilt feature provided by microsoft.

    How was the initial setup?

    The initial setup is so easy and the Microsoft Help Center is available to assist as necessary. In our case, we just went through the documentation which was provided on the Microsoft website and based on the document, we were able to easily configure it.

    What about the implementation team?

    We implemented it in-house and no support was taken from vendor. Everything is in the documentation of Microsoft Website.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is pretty good and was a major factor in choosing it. The pricing is reasonable when compared with Cisco or some other products.

    If it is an IT company, the budget allocation will be more and focused on the IT part. However, when it comes to a manufacturing company, the budget focus will be more on manufacturing and the budget allocation will be very low in terms of IT. 

    For us Office 365 was better in terms of Pricing.

    Which other solutions did I evaluate?

    Before choosing this solution, we had evaluated Cisco. I just visited your site and I just downloaded that datasheet. I compared it to Office 365 Mail Protection. Both are good, however, in terms of the pricing part, Office 365 was better choice.

    What other advice do I have?

    No matter what ever solution we take be it Google/ Cisco/ Microsoft, every one provided the same security. However there would be some features differ based on the plan/license we take.

    With my personal experience, If you don't have any budget constraints go for Google or Cisco.
    If you are on a low budget and if you want a solution that needs to be suitable for your business, then you can go for Microsoft.

    I'd rate the solution at an eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Deputy Chief SAP BASIS Administrator at a comms service provider with 201-500 employees
    Real User
    Top 20
    Easy to use and simple to configure but requires better scanning capabilities
    Pros and Cons
    • "The basic features are okay and I'm satisfied with the Defender."
    • "I'd like some additional features any product can give me to protect our environment in a better way."

    What is our primary use case?

    We are using Defender to protect different kinds of attachments, emails, and safe links, and things like that.

    What is most valuable?

    The basic features are okay and I'm satisfied with the Defender.

    The initial setup is pretty simple. It's easy to configure.

    Microsoft products are always easy to use.

    The solution has been stable and reliable. 

    What needs improvement?

    I was looking for some advanced features, like if I would receive an email that contains a legitimate file type, but the content is malicious, how I can protect against that? Normally, we are dealing with so many phishing and spam emails. I'd like some additional features any product can give me to protect our environment in a better way. 

    There is always a chance to continue to improve the product in some way.

    For how long have I used the solution?

    We've been using the solution since 2015. It's been a few years now. 

    What do I think about the stability of the solution?

    Microsoft so far and been good. We haven't faced any kind of disruption or anything else. It's a good product and good platform, I must say. Overall, it's a good product and good service and we haven't dealt with bugs or glitches.

    What do I think about the scalability of the solution?

    It's scalable. It's software as a service, so it's always scalable. You have to just purchase the additional licenses and you can increase your database. It's nothing that would be considered too difficult.

    How are customer service and support?

    They offer different kinds of support levels. If you have the Premier Support contract with Microsoft you're good. If you have purchased a good support level agreement with Microsoft, then their support is very fantastic. We never faced any kind of issue. The engineer is always available when we create the ticket and the support is good. Due to the fact that we are a big organization, we have a support level agreement with the Microsoft.

    Which solution did I use previously and why did I switch?

    Earlier, we were using the on-prem solution of Exchange, then we migrated to the cloud, so we cannot just compare the feature set and the price of Defender with any other security software, email security software.

    How was the initial setup?

    The initial implementation is not very difficult. Microsoft products are always very easy to configure and use. It's not a big deal. It's the philosophy of Microsoft to make it easy for the users. That's why they always attract the users and users happily migrate to them as compared to using any other product or any other service.

    What's my experience with pricing, setup cost, and licensing?

    I haven't actually evaluated the cost against other products. For example, it's bundled with the licenses that we have procured, so everything is included in that. We haven't purchased the Defender separately. 

    We cannot just say that it's a product which is costly as compared to the other products available in the market or not, as it's a bundled offer. We can calculate the price of one license or an Office 365 license with any other cloud service partner's license cost, however, we cannot just compare the price of any specific feature with the services available in the market.

    Which other solutions did I evaluate?

    We are not using any other product, so we are not actually in a position to compare it with other security products.

    What other advice do I have?

    While the deployment is a hybrid model, we have migrated all the mailboxes to Office 365. We are completely running the services from the cloud.

    I'd rate the solution at a seven out of ten. there's always room for improvement. 

    It's a bundled offer. When we procured the licenses of Office 365, it came up under those licenses. We are not using any other product, so I cannot say or I'm not in a position to say that any other product is good or Defender is not good, as I am not using any other product. 

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Prateek Agarwal - PeerSpot reviewer
    Technical Program Manager at Indian Institute of Management Visakhapatnam
    Real User
    Top 5Leaderboard
    Threat explorer and attack simulator features provide valuable security insights, and the solution saves time, effort, and money
    Pros and Cons
    • "Threat Explorer is one of the features that I very much like because it is a real-time report that allows you to identify, analyze, and trace security attacks."
    • "There is room for improvement with the UI."
    • "The company should focus on adding threats that the solution is currently unable to detect."

    What is our primary use case?

    This solution is a cloud-based email filtering service. It scans our inbound and outbound emails and attachments, and protects our Office 365 from unknown malwares and viruses. It is very effective at analyzing advance attacks such as phishing and zero-day malwares, so it gives us the flexibility to know more about what kind of attacks we're at an increased risk for. The solution helps us to prioritize threats, and it gives us real-time analytic reports about the latest security threats in cyberspace.

    How has it helped my organization?

    Office 365 is our daily driver for Word, MS PowerPoint, Excel, and Outlook. We have confidential attachments and share URLs within emails, so we worry about our data. Defender helps us to track and scan every inbound and outbound email, so that they can't be read by third parties.

    What is most valuable?

    Threat Explorer is one of the features that I very much like because it is a real-time report that allows you to identify, analyze, and trace security attacks.

    The Attack Simulator feature is built into Defender and runs real-time attack scenarios to identify any security vulnerabilities, phishing attacks, or ransomware attacks.

    The automated incident responses, AIRs, have capabilities that save time and effort.

    What needs improvement?

    There is room for improvement with the UI.

    The company should focus on adding threats that the solution is currently unable to detect. Sometimes it misses threats and viruses across the whole solution that are not covered under the current scanning. For example, if there are a hundred viruses that could be threatening us, sometimes Defender will only be able to scan for 95 out of 100.

    We have to pay for storage for the solution. The storage cost should not be included in the subscription.

    The notification rates are very high. It even notifies us for some small, low-priority viruses. My recommendation is that it should only notify us for high-level security threats that could highly affect our applications.

    For how long have I used the solution?

    We deployed Defender about two years ago.

    What do I think about the stability of the solution?

    Every product has some challenges and limitations. Sometimes it skips possible viruses while it is scanning, but apart from that, I would give this solution a nine out of ten for stability.

    How are customer service and support?

    We have had contact with the support team, and it is fine. I would rate them as a nine out of ten because nobody is perfect and sometimes we have to wait for responses.

    How was the initial setup?

    Every solution developed by Microsoft, especially in Azure, is very easy to deploy. The deployment is not complex. It doesn't require much technical knowledge because most things are taken care of by their consulting and solution architect team.

    What about the implementation team?

    It can be implemented in-house. You just need to share your requirements so that they can be set up by Azure, and then you enable the services over the Azure portal. Then you configure your application endpoints and you're done. All of the updates and upgrades are managed by Microsoft.

    What was our ROI?

    Some emails are very confidential, and sometimes Office itself blocks some attachments or blocks some users from sending those emails. Defender helps us to scan the emails first, and then send them to clients and other users. It saves time as well as human efforts to diagnose which emails were sent, which ones were bounced, and which ones are in the outbox. It's a subscription-based service, so we have to procure licenses for the entire user base, but it saves money so we have seen a return on investment.

    What other advice do I have?

    Overall, it is a very good solution. We estimate that we have a 30-35% time savings thanks to this solution.

    My primary focus is the compatibility with Microsoft 365. If a solution is compatible and gives good results, then it's fine with me. I've been unable to find a solution, apart from Defender, that gives us flexibility for end-to-end security and is compatible with Office 365. 

    I would rate this solution as a nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Microsoft Defender for Office 365 Report and get advice and tips from experienced pros sharing their opinions.
    Updated: January 2023
    Buyer's Guide
    Download our free Microsoft Defender for Office 365 Report and get advice and tips from experienced pros sharing their opinions.