Microsoft Defender for Office 365 Reviews

We use Microsoft Defender for Office 365 as part of Microsoft XDR solution. It offers native integration within Microsoft Ecosystem and provides proactive recommendations that help enhance our organization's security. Additionally, it is used to protect on-premises mail flow by redirecting it to Defender EOP.

The solution saves time due to its easy policy configuration and licensing process. It integrates naturally with Sentinel, which simplifies IT and technical configuration tasks with minimal clicks, offering flexibility and efficiency.

Microsoft Defender for Office 365 provides natively integrated cybersecurity tools that are part of Microsoft Ecosystem. It offers proactive recommendation tasks to enhance organizational security. It provides end-to-end visibility on email threats such as phishing, extending beyond Exchange Online Protection. The scalability is managed by Microsoft as a cloud-hosted tool, relieving us of those concerns.

Microsoft could improve by offering recommendations for domain spoofing attacks, especially scenarios where DNS records like SPF, DKIM, and DMARC are not properly published. It's essential to enhance awareness about these issues within organizations.

I have experience in Microsoft Defender for Office 365 for the past three years.

Deployment is straightforward due to a comprehensive guide provided by Microsoft. It's easy to deploy, and anyone with a security background can apply it without difficulty.

The solution is stable, as we have been using it for the past two years. Sometimes it generates false positive alerts, but adjusting policies resolves these issues. Security products occasionally provide false positives, so alignment of configuration is necessary.

As a cloud-hosted tool, scalability is great. We have never faced scalability problems, and Microsoft manages it effectively. We only need to focus on configuring policies.

I would rate customer service at a five out of five. Over the past two years, there have been no critical problems. Any issues are addressed quickly by Microsoft's support.

Positive

Microsoft offers an affordable and feature-rich security solution compared to third-party email security tools like Trend Micro.

The initial setup is easy due to Microsoft's deployment guide.

Microsoft is quite affordable with a lot of features available for any size organization.

Overall, I would rate Microsoft Defender for Office 365 at a ten. My experience with the visibility into threats is positive; Microsoft provides transparency and regularly improves its products. Most of the customers using Microsoft Defender for Office 365 in our region belong to the financial sector.

Public Cloud

Other

I use Microsoft Defender for Office 365 for various compliance tasks. For example, I can use it for eDiscovery to search mailbox content. Just today, a manager requested all emails for a departing user who no longer had an active license. Using Defender's content search feature, I exported the user's entire mailbox as a PST file for the manager to import into Outlook. Beyond eDiscovery, Defender also helps us monitor compliance and security scores, manage quarantine emails, investigate phishing alerts, and configure data classification, labeling, anti-spam, and anti-malware policies.

Before using Microsoft Defender for Office 365, we were plagued by phishing and ransomware emails, especially for our board members. To combat this, we implemented a Defender policy that triggers alerts for emails containing keywords like "bank account" or "credit card details." Additionally, a policy tip and disclaimer appear in user mailboxes for such emails. This disclaimer clarifies the email's external origin and allows users to move it directly to junk with a single click. Simultaneously, an alert goes to the administrator, who investigates the email: if legitimate, it's released, otherwise it's blocked.

Our organization operates a single, hybrid tenant environment with a mix of on-premises and cloud-based mailboxes, with the majority residing in the cloud. This small, non-multi-tenant setup supports approximately 2,000 users.

While Microsoft Defender for Office 365 integrates with third-party solutions, our organization prioritizes Microsoft technologies for security. We only integrate external tools with explicit management approval. This focus extends to data backup. Even though Office 365 is a cloud service, we recently purchased Barracuda, a tool that seamlessly integrates with Office 365 for data backup.

Prior to my arrival, our organization lacked a dedicated Office 365/Microsoft 365 security specialist, with IT admins relying on web searches for configuration. Upon identifying vulnerabilities, I implemented Microsoft Defender and other security measures. Our compliance score, which was around 30 percent a year and a half ago, now consistently ranges from 75 to 85 percent, thanks in large part to Microsoft Defender for Office 365.

Microsoft Defender for Office 365 helps prevent advanced attacks like business email compromise by stopping lateral movement within the network. It also includes data loss prevention features, where our custom policies have helped block malicious emails, ransomware, and spam before they ever reach our servers. While not perfect, Microsoft Defender has significantly improved our email security, offering around 80 to 90 percent effectiveness, which we're quite happy with.

Microsoft Defender for Office 365 has significantly improved our security team's efficiency. The comprehensive security analytics dashboard provides insightful information on threats, including the number of phishing attempts and attacks on our servers. This data can be easily exported for clear reporting to management. Overall, Microsoft Defender for Office 365 saves us time and simplifies security analysis presentations.

Our long-established organization has faced recent economic downturns, leading to employee departures. Managers frequently request departing users' SharePoint data, Mailboxes including PST files, and other associated information. So the most valuable feature of Microsoft Defender for Office 365 is data backups that we can provide through ticket requests.

Microsoft Defender for Office 365's Mac functionality requires improvement to deliver the same level of protection found on Windows devices.

I have been using Microsoft Defender for Office 365 for two years.

I would rate the stability of Microsoft Defender for Office 365 nine out of ten.

Microsoft Defender for Office 365 is highly scalable.

I've found that Microsoft's third-party support teams are slow to resolve issues. While they do eventually fix the problem, it can take a week for issues that should only take a day or two. In contrast, Microsoft employees can typically resolve issues within two days.

Neutral

While deploying Microsoft Defender for Office 365 in my previous organization with multiple tenants was complex, the current single-tenant setup was easy.

We had a team of four involved in the deployment. Two were in the United States and Belgium and two were in India. 

The implementation was completed in-house.

While Microsoft Defender for Office 365 necessitates pricier E3 or E5 subscriptions, the extensive functionality offered by these licenses across various Microsoft products justifies the investment.

I would rate Microsoft Defender for Office 365 eight out of ten.

Microsoft Defender for Office 365 is deployed in multiple regions in India, China, Belgium, Italy, and the United States.

So far, no maintenance has been required yet, but we regularly check Microsoft's security advisories and discuss them in our scrum meetings. If an advisory requires action, we'll address it accordingly.

I would recommend Microsoft Defender for Office 365 to others.

With over ten years of experience using Microsoft 365 and Microsoft 365 Defender exclusively, I've successfully implemented it at multiple companies. While the upfront cost may seem high, it delivers value based on your infrastructure size. Overall, Microsoft Defender is an excellent security product for any environment, regardless of size.

Hybrid Cloud

Microsoft Azure

Over 4,000 employees across my organization use all of the products under Office 365, as it is super pervasive. Everybody uses them every day in my organization. My organization is a manufacturing company, where Office 365 has become a daily necessity.

I am a little biased towards Microsoft Teams because it is what I use and helps me pay my bills. In Microsoft Teams, file-sharing options and ease of collaboration or meetings allow for quick collaborations and chats.

I work in my company's IT department, so I use all of the products under Office 365 daily, including Microsoft Word, Microsoft PowerPoint, Microsoft Teams, and all the other components in the product. My company can't make it through a day or go by without using the products offered under Office 365. Some of our manufacturing workers may use Office 365 a lot less, but it is still necessary for things like Microsoft Outlook and Exchange.

I found Microsoft Teams to be the most valuable feature of the solution, along with all of the products and features offered under Office 365. My organization has remote workers, and we can't run the company without meetings organized with the help of Microsoft Teams.

It seems like Microsoft has begun to roll out products before they are fully baked. Microsoft wants its well-paying customers to finish testing some of its half-baked products, find bugs, and report bugs back to Microsoft's team, which is a little frustrating for those who have to manage it and roll it up to thousands of people across the organization. I would say that Microsoft should release or launch better or fully baked products before going ahead with the GA phase.

I use Office 365 in my company as we have an enterprise contract with Microsoft from 2020 that ends in 2025, but it may get extended.

It is tough to speak about the stability-related area of the solution, especially considering that the newly released Microsoft Teams is not so great. The classic version of Microsoft Teams was relatively stable compared to its new version, but in our company, we faced some challenges with network performance. I don't know if there were any network performance issues at our end, with the ISPs, or at Microsoft's end, making it tough to pin it down.

The product's scalability is good.

Microsoft's support was great during the rollout period, especially since it was the product's operational phase. Microsoft's support team has scaled back, so my company has Microsoft365DSC for Microsoft Teams specifically. My company sometimes struggles with getting direct answers and real insights from Microsoft's support team, especially when we need a higher level of insight while no super technical questions need to be answered, leading to some frustrations.

I rate the technical support a seven out of ten.

Neutral

I was involved in the deployment of Microsoft Teams but not the rest of Office 365. Nowadays, everything is complex, but the deployment of Microsoft Teams was pretty straightforward since my company got a lot of help from Microsoft directly.

My company received direct help from Microsoft during our organization's deployment phase of Microsoft Teams.

I have seen a return on investment from the use of the product. With the product in place, my company no longer needs to rely on paper and pen in many ways, which has helped us save time, energy, effort, and money while ensuring an increase in productivity.

I know that the product is incredibly expensive. I know that my company has high expectations from Microsoft because of the high cost. I also know that Microsoft delivers tremendous value for our company in terms of productivity and collaboration. With Copilot coming along, the value Microsoft provides to my company will be even higher than what it was previously, owing to the productivity gain and the reformulation of how we work because of AI.

I believe that my organization will get ready to start looking into other solutions in the market because our contract with Microsoft will come to an end in 2025. I think that the evaluation process will be something that is on the horizon next year. My company may evaluate all of the available options in the market against Microsoft.

Unfortunately, I can't speak much about the visibility into threats that Microsoft's security solution provides.

I am unsure if the solution helps our organization prioritize threats across our enterprise, but I think it does. I get to leave the security part to be handled by the smart security personnel in my company.

I believe that Microsoft's security solution helps automate routine tasks and routine finding of high-value alerts. It is not my area of expertise, but the security team in my company seems to be pretty happy with the vendor.

I think the solution's threat intelligence helps my company prepare for potential threats before they hit us and helps us take some active steps.

I know that my company's security team is very aware of what Microsoft does, especially with Microsoft Defender and its related products. My company's security team is better equipped to stay at the front of any curve. My company's security team had approached me to speak about Microsoft Teams and asked me to tweak certain settings based on industry standards and the developments Microsoft has been coming forward with lately. The aforementioned aspects explain how threat intelligence affected my company's security operations.

Microsoft's security solution has helped my company save a lot of time, as we believe in being more proactive than cleaning up the mess at a later stage.

I am sure that the product helps my company save money, especially since it aids us in finding threats before they actually become a reality. Probably, my company saves millions in terms of money since we don't have to clean up any mess as the product has already prevented it.

I believe that the solution has helped my organization decrease the time to detect and respond to threats, but I can't explain how or how much.

I would suggest that others who plan to use it just find the right contact within Microsoft, work very closely with them, and lean on them as much as needed.

I rate the overall tool an eight out of ten.

We are using Microsoft Defender for Office 365 primarily for security purposes.

The integration with Office 365 is seamless, and we don't need a large IT team to manage it. It helps in maintaining the basic security functions without additional complexity.

Since we are using the basic version, we find that it covers most of our requirements without needing additional configurations. It’s easy to handle integrations, and we don't need a lot of people in our IT team.

Sometimes, phishing emails manage to pass through the filter, so the system needs to enhance its phishing email detection capabilities. We also need alerting features for abnormal actions like unusual logins or abnormal activities in the mailbox.

We have been using Microsoft Defender for Office 365 for seven to eight years.

Stability is generally good; I would rate it an eight out of ten.

Scalability is also quite good. I would rate it an eight out of ten.

Technical support from Microsoft is reliable and meets our expectations. I would rate it an eight out of ten.

Positive

We chose Microsoft Defender as it integrates easily with our existing Office 365 setup, and we do not need to pay extra for security functions.

The setup was easy and not time-consuming. We didn’t need to set up much as it was integrated with Office 365.

The installation was handled by two engineers in our team.

Since we are using the basic functions, we don't need to invest a lot of money. It does help in cost reduction.

The pricing is reasonable since it comes integrated with our Office 365 license.

In our current situation, we are not considering other vendors for this purpose.

Integration with Office 365 is one of the strongest points. I recommend it for easy handling and less need for additional IT resources.

I'd rate the solution eight out of ten.

On-premises

365 Defender is a critical tool for mitigating attacks and preventing threats. We use it for email filtering and blocking phishing attacks throughout the entire enterprise. We have around 1,500 users. 

365 Defender has improved our security across multiple categories. It's effective against advanced attacks like phishing and ransomware. Defender's attack disruption works well if you have a strong policy configuration. It will automatically block threats and filter them in most cases without the need to investigate. It will remedy the threat immediately. 

The automated response reduces the manual work, saving our security team time. I would estimate it saves about six hours per day. 

Defender is a SaaS platform, so it offers more flexibility. Managing the permissions is easier. The solution's automated detection and response features are scalable. It's a unified solution that doesn't just cover Microsoft products. We're a multi-cloud shop, and having that coverage is critical. It also includes the latest IAM features like two-factor and multifactor authentication, giving us the most robust solution.

You should be able to deploy Defender for every subscription without the need to add servers. 

I have used 365 Defender for almost six years

I rate Microsoft 365 Defender nine out of 10 for stability.

I rate Microsoft 365 Defender nine out of 10 for scalability.

I rate Microsoft support nine out of 10. Their support is excellent. 

Positive

We migrated to 365 Defender from a McAfee solution.

365 Defender is a cloud-based solution deployed on Azure. You can set it up in two days with some help from Microsoft support using two people.

365 Defender is worth what we paid for it. 

I rate Microsoft 365 Defender nine out of 10. It's the most economical product you can buy, offering a range of features for safeguarding your enterprise. 

Public Cloud

I work in the industry where we use Microsoft 365 and its associated products like Office Works, PowerPoint, Excel, and Word.

We use Microsoft Defender to help protect our business areas by integrating it with our existing infrastructure, including Azure, which assists in defending the business areas.

We use Microsoft Defender for its ability to integrate with existing business technologies, which is beneficial for protecting business areas.

Configuration at the mid-level could be improved for the support team.

I have about ten years of experience with Microsoft Defender for Office 365.

The solution is very stable, and Microsoft products have general high availability within the company.

Microsoft 365 meets the needs of the company, which suggests that Microsoft Defender is a scalable solution.

We have a premium contract for Microsoft support, which is rated nine or ten. Although I am not directly involved with their support, clients usually appear satisfied.

Positive

I do not have experience with other email security solutions.

The setup is easy and not difficult.

I do not understand the question regarding return on investment.

I do not know the value of the contracts or the cost compared to competitors.

I have not evaluated other solutions for email security.

Configuration for end users is simple, but improvements can be made in mid-level configurations to make it better for the team.

I'd rate the solution eight out of ten.

Hybrid Cloud

As a specialist in SOC, we work closely with multiple customers to cover their IT assets using Microsoft 365 Defender. They have Microsoft Defender for Endpoint deployment, especially for Microsoft 365. We configure the tool to implement the different policies and requirements to cover the email security part and the cloud apps part with the different strategies available on the platform.

After that, we either work directly on the Microsoft 365 portal or configure the sending of the alerts from this portal to Microsoft Sentinel. This will act as a single pane of glass for us to follow the incidents and advise our customers based on that.

One of the best features of the tool is its capability to aggregate insights from different workloads, basically from the Office 365 and endpoints part. With the integration of Microsoft Defender for Identity and Microsoft Entra ID Protection, we will have insights from the identity part. Finally, with the Microsoft Defender for Cloud Apps, we'll also have insights about our cloud apps, either Microsoft 365 cloud apps or third-party cloud apps.

The aggregation of all of these insights into the tool's incident feature will help us have a global vision of the incidents and find multistage attacks at the first steps of the attacks.

Microsoft Defender for Cloud Apps is a very good solution that allows you to use a single port or tool to control everything happening with your organization's different cloud applications.

Configuring the default strategies and policies in Microsoft Defender for Cloud Apps generates a lot of noise and false positives. Also, the documentation does not have many details about that. The bad configuration and lack of good documentation prevent professionals from taking the most advantage of this tool.

One of the big problems that some customers face is that Microsoft always changes its products' names. For example, four to six months ago, Microsoft Defender for Office 365 was renamed Microsoft Defender XDR. Microsoft comes up with a new name for the tool every one or two years, which sometimes is hard for customers to follow.

Microsoft should improve some integrations in the Microsoft Defender for Cloud Apps sub-category. With a specific configuration to Microsoft Defender for Endpoint, we can get logs and insights from network devices and other workloads on our system.

I have been using Microsoft Defender for Office 365 for two years.

I rate the solution an eight or nine out of ten for stability.

We configure the tool for different clients, and thousands of people work with the solution. The tool scales out very well and can cover and monitor devices and users ranging from a few hundred to thousands without any problem. Our clients for Microsoft Defender for Office 365 are medium and small businesses. Microsoft Defender for Office 365 is a scalable solution. There are no issues with the solution's scalability or latency.

I rate the solution's scalability ten out of ten.

The technical support for the solution is very good, and I didn't face any issues with it.

Positive

I have previously used CrowdStrike Falcon. Microsoft Defender for Office 365 and CrowdStrike Falcon are both great tools. Each has its advantages and disadvantages. In my opinion, CrowdStrike is more mature in the endpoint and classic antivirus parts. On the other hand, Microsoft Defender for Office 365 is more mature regarding identity and Office 365.

For artificial intelligence integration, Microsoft 365 Defender is far ahead of others with the integration of CoPilot within the portal. This feature that helps analysts reduce time to analyze and respond to incidents does not exist in CrowdStrike.

The solution's initial setup is very straightforward. You have to go to the portal and click on the incident icon, and the tool will automatically start configuring itself. After that, the integration of the endpoints depends on your workload. For example, 1,000 devices will take much longer than two or three devices.

Automation tools are available within the platform to help us automatically deploy the sensors on different workloads that we will need to cover with this tool. The solution's initial configuration and deployment are very straightforward. A lot of videos and documentation are available for the same.

The initial configuration and deployment of the tool for a specific tenant takes five to ten minutes. After that, it depends on what you want to do. You can implement specific strategies today. Based on the evolution of threats, you will need to configure different things tomorrow.

We tried to solve a lot of issues by implementing the solution. The solution helps us detect problems related to the endpoints, like the detection of suspicious processes or suspicious installation of suspicious software. We will raise an alert, and it will show us a graph of the different entities included in the incident, including users, computers, or endpoints.

If it is related to email, it will show us the initial email and different insights about the incident. We'll go through those alerts and try to check them manually. Sometimes, the tool detects suspicious emails for some incidents and automatically quarantines them.

After that, we, as analysts, will do the manual review. If we find an action suspicious, we use the tool to blocklist the domain that has sent the email. If we find that it's a false positive, we will reject this automatic action by the XDR, and the email will be delivered to the end user.

Unified identity and access management is a new feature on the Microsoft 365 Defender portal. It's all about having a single pane of glass to give you insights into the different identities available on your tenant. Those identities are either on-premises, cloud-based, or synchronized between the on-premises and cloud-based workloads.

The solution's security covers more than just Microsoft technologies. Microsoft Defender for Endpoint and Microsoft Defender for Cloud Apps have a specific configuration to get insights from third-party cloud applications or from within the Microsoft Defender for Endpoint sensors. We can also get logs and insights from other network devices present in our perimeter, like routers, switches, or firewalls. All those insights will help us gain some visibility into our security posture.

The product has gone through a lot of improvements, especially in the last few moments. It will be like a SOC unified platform with the integration of the Microsoft Sentinel tool within the Microsoft 365 Defender portal. This tool is available to cover all the perimeters. Even third-party solutions and workloads that do not have any security tools from where we can get insights, we can directly use something else to install the low connectors and get visibility about those.

Also, the most significant evolution is the integration of artificial intelligence with Microsoft Copilot for security. This is also a big added value that will help analysts investigate and minimize the meantime needed to respond to advanced threats.

The solution stops the lateral movement of advanced attacks, like ransomware or business email compromise, in a good way. Specific measures and configurations are implemented within the tool that will help us detect advanced attacks in the early stages. We can set configurations for business email compromise.

With the help of artificial intelligence, we'll get insights about emails that may be starting a business email compromise based on specific keywords. It's the same for ransomware and other advanced attacks.

The solution's integration into a company will help it be more resilient to cyber attacks. It will help the company prepare for attacks at an early stage and respond quickly, which will help it be more secure.

Being an XDR, the solution has detection and response capabilities. With adequate configuration, we can configure the required measures to stop or at least quarantine attacks and isolate the assets involved with the attacks in the early stage upon detection. After that, the manual site comes into the picture, and we do the manual review. Based on our review and feedback, the tool will learn from us and behave better in the next similar incident.

I saw a demo about the solution's multi-tenant management feature, and it's a very good feature. It will help big companies with multiple tenants and MSSPs that deal with multiple tenants for users. It will help them to work with multiple tenants by flipping a switch.

I'm a big fan of the solution. Having a Microsoft E5 license will help you to cover all the different types of security, including the identity, the endpoint, the email, and even the cloud. I'm just an engineer and work with whatever tool the client provides me. I noticed that many customers have a Microsoft E5 license, but they don't know a lot about the capabilities that come with it.

They buy or add other tools from third parties when they have that feature or capability included within the E5 license. Microsoft needs to talk to different customers and show them the capabilities that come with these types of licenses, which cover a lot of features.

The integration of Copilot has helped us a lot in concentrating on a single portal to get different insights. This will help a lot to reduce the meantime to respond to incidents by 50%.

The configuration of the Copilot assistant is very straightforward and doesn't take more than 30 minutes. After that, when the tool automatically detects incidents and you go to the analysis page of a specific incident, you will find an initial analysis of the whole incident by the Copilot security assistant.

You may also interact with it using chat, and it will help you if you haven't understood any specific terms from the initial analysis. It can be configured to automatically respond to specific incidents based on workbooks, which will help us automatically apply the measures to respond to specific incidents for remediation.

Microsoft Defender for Office 365 is a cloud-based solution. Since it's a cloud-based solution, Microsoft does all the maintenance for the tool. We are notified via email if there is a shortage or a problem. The SLAs are usually very good, and I have not noticed any problems in the last two years where we could not access the tool.

I would recommend the solution to other users because it's a very good solution and one of the best XDRs in the world right now. If you go through reviews from Gartner or other companies, you will see that Microsoft Defender for Office 365 is a leader in the XDR market. It has the capability to collect and aggregate insights from different sources, either cloud-based or on-premises.

The integration of artificial intelligence will greatly help final users and security practitioners respond to incidents adequately and efficiently.

Overall, I rate the solution an eight out of ten.

I am the IT director for my organization, a small municipality with a population of 20,000 located in New Mexico. We employ 250 staff members. Our cybersecurity measures encompass a wide range, including endpoint management and the utilization of Windows Defender for Office 365. This software is internally deployed and primarily focuses on monitoring our email systems. This is where the most intricate configuration is applied. It examines our email traffic, aiming to prevent a significant amount of spam and numerous phishing attempts, although it cannot catch everything due to inherent limitations, it effectively performs tasks such as antivirus and antimalware functions within our email communication.

I would rate the visibility into threats eight out of ten.

Microsoft Defender for Office 365 assists to some extent in prioritizing threats across our enterprise, but it is not our primary tool for this purpose. I would rate the significance of this capability in Microsoft Defender for Office 365 a five out of ten.

I also utilize Windows Defender for both our desktops and mobile devices running on iOS and Android. Additionally, we employ Azure AD for authentication. All of these solutions have been seamlessly integrated into a unified dashboard. This integration process is highly straightforward and occurs automatically during the setup phase.

Our integrated solutions all work natively together to deliver coordinated threat responses.

Microsoft Defender for Office 365 assists in automating routine tasks and identifying high-value alerts. This has led to a 100 percent improvement in our security operations, as we had not implemented anything prior to the adoption of Microsoft Defender for Office 365.

Microsoft Defender for Office 365 has aided in decreasing the number of dashboards we need to monitor, although it does not eliminate all of them. As a cybersecurity practitioner, I still require external vulnerability management for certain third-party risk assessments; Microsoft Defender for Office 365 does not cover those aspects. Consequently, I utilize a separate product for that purpose.

It currently lacks built-in security awareness features. However, efforts are being made to develop such features. The initial stages of the security awareness program can already be observed in the Microsoft platform. Defender for Office 365 provides us with a tool called Safe Links, which enables us to analyze attachments, including both files and data. If someone attempts to access content that is later identified as malicious, we receive a notification. This allows us to identify users who may have interacted with harmful content to some extent, addressing active and potentially harmful interactions. If an individual receives a suspicious link, Safe Links examines the link for potential phishing characteristics. Although the link's malicious nature might not be immediately apparent, it is delivered within a protective Safe Links wrapper. Consequently, if the recipient clicks on the link, this action is logged within the Microsoft environment. Later, if the link is identified as part of a credential phishing attack, appropriate measures are taken. This includes deleting the associated email and notifying the user who clicked on the link. Subsequent actions may involve remediation, such as password changes if deemed necessary. This integration works seamlessly and proves to be highly effective.

Microsoft Defender for Office 365 has helped our organization save around 20 hours of work time.

It saves our organization money. No one would accuse the Microsoft product of being cheap or inexpensive. However, the reality is that most of the security functionality is included in the licensing that I need to purchase to support my operation. In other words, I'm not buying these security products separately; I'm obtaining them as part of my Microsoft 365 licensing. It's not an add-on; they are required components of the government cloud licensing that I have purchased. Therefore, I must acquire Microsoft 365 to access applications such as Office, SharePoint, OneDrive, Exchange, and others. The security features are all integrated within this package; I don't need to source them from elsewhere. Additionally, I would have had to pay for the performance products regardless.

There are several features that I consider valuable. These include anti-malware and anti-phishing capabilities, along with certain remediation abilities for addressing issues once identified. Moreover, the system allows for easy reporting of problems. In the event of a phishing attack, we can conveniently initiate a comprehensive search to identify all related elements of the campaign and remove them from users' mailboxes.

Additionally, the platform offers anti-spoofing measures targeting well-known high-value targets. This proactive approach helps in mitigating business email compromise by designating our high-value personnel. Consequently, any communication purporting to originate from these individuals undergoes a more rigorous verification process to ascertain its authenticity and whether it genuinely stems from a valid account associated with the respective individual.

Microsoft Defender for Office 365 lacks proactivity in assisting us with preparing for potential threats before they occur. While they employ a substantial amount of threat intelligence to preemptively prevent incidents, their effectiveness diminishes when it comes to delivering proactive threat intelligence alerts from Microsoft. Their focus primarily revolves around managing the internal environment. On the other hand, my other vendor, Check Point, along with my membership in MS-ISAC, supplements me with this type of information. 

The phishing and spam filters could use some improvement. It is adequate, but it doesn't match the quality of Proofpoint or Mimecast. However, it comes close in effectiveness. Plus, if we're obtaining it for free, investing in the other products seems impractical.

I have been using Microsoft Defender for Office 365 for around seven years.

Obtaining technical services is challenging.

Negative

I would rate Microsoft Defender for Office 365 eight out of ten.

I would rate the comprehensiveness of our integrated Microsoft products for threat protection a six out of ten.