Kishan Kishto - PeerSpot reviewer
Systems Administrator at Kishto Technologies
Real User
Top 20
Multiple people can collaborate on a single document but needs improvement in troubleshooting tools
Pros and Cons
  • "The benefit that stands out to me is the ability for multiple individuals to collaborate simultaneously within the same document. Additionally, there is the option to save the document directly in the integrated OneDrive or SharePoint."
  • "Microsoft Defender for Office 365 should improve the troubleshooting tools. It's unclear whether the device is blocked at the firewall level or at the device itself. The granularity needed for troubleshooting is currently lacking. From my perspective, Microsoft should address this issue to benefit many users who likely share the same sentiment."

What is most valuable?

The benefit that stands out to me is the ability for multiple individuals to collaborate simultaneously within the same document. Additionally, there is the option to save the document directly in the integrated OneDrive or SharePoint. 

What needs improvement?

Microsoft Defender for Office 365 should improve the troubleshooting tools. It's unclear whether the device is blocked at the firewall level or at the device itself. The granularity needed for troubleshooting is currently lacking.

From my perspective, Microsoft should address this issue to benefit many users who likely share the same sentiment.

For how long have I used the solution?

I have been using the product for three years. 

What do I think about the stability of the solution?

Microsoft Defender for Office 365 is stable. 

Buyer's Guide
Microsoft Defender for Office 365
May 2024
Learn what your peers think about Microsoft Defender for Office 365. Get advice and tips from experienced pros sharing their opinions. Updated: May 2024.
772,422 professionals have used our research since 2012.

What do I think about the scalability of the solution?

You can scale up as you pay. 

How are customer service and support?

Evaluating Microsoft support can be a bit mixed. Sometimes, it's good, but not so much. The initial contact is typically with the help desk. When I call, I usually need someone at a higher level, maybe level three, to assist with more complex problems. The challenge is that it can take up to two weeks to resolve issues, and my main complaint is the waiting times and the basic nature of level-one support. Getting to the expert who can fix the problem often takes a couple of weeks.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

My clients used Norton and McAfee before Microsoft Defender for Office 365. It makes sense in the long term, especially when many clients already have Microsoft 365 in their licenses. Paying more to get the security features with Microsoft instead of additional licensing costs with a different company is a practical choice. It seems to be mainly about saving money.

How was the initial setup?

The tool's deployment is not straightforward. However, it has good documentation. 

What's my experience with pricing, setup cost, and licensing?

The solution is good but not cheap. It offers a big ecosystem where you can manage everything from one place. 

What other advice do I have?

Integrating identity and access management into Microsoft 365 Defender is important for my customers and me. The ability to centrally manage these aspects within the platform is highly valuable. Rather than navigating through numerous consoles to verify various aspects, having almost everything in a single location saves time. This integrated approach streamlines operations and reduces the complexity of learning and managing different products.

Nowadays, everyone uses not just Microsoft products but also third-party ones. It would be good if Microsoft could make its security tools work with all kinds of software. Nowadays, there are so many cyber attacks and security threats. Having one product that can handle and manage all these threats across the board is beneficial.

We have stopped using Trend Micro in a couple of places. I am not sure if it was due to cost or pricing. 

The product is more convenient to manage, and it saves time. Instead of navigating through different controls, having everything in one place allows the security team to take action on threats or issues.

I rate the product a nine out of ten. I have used it for security and compliance. In my experience, they're doing quite well; it's a good product. If people are considering Microsoft products, I would say, why not? It's just that support during implementation could be better sometimes. However, it's a good product with frequent updates. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: implementator
Flag as inappropriate
PeerSpot user
Sandor Nilsson - PeerSpot reviewer
Project Leader and IT Transition Manager at Data Communication & Software i Grondal Aktiebolag
Real User
Top 5
Efficiently provides mail protection and prevents impersonation
Pros and Cons
  • "The initial setup is straightforward. You just add the license, click it, and then you can set up the rules. It is quite simple."
  • "We noticed that from time to time, Microsoft's stability does have problems. Sometimes the service goes up and down. Sometimes they change without prior notice."

What is our primary use case?

Our primary use case is for features like mail protection and preventing impersonation. It has extended the protection for the user.

What is most valuable?


What needs improvement?

What I don't like about Microsoft Defender for Office 365 is that many of the features should be default. They should be included, not optional, like other vendors provide.

For how long have I used the solution?

I have been working with Defender for Office since the beginning. It's been evolving all the time.

What do I think about the stability of the solution?

I would rate the stability an eight out of ten. We noticed that from time to time, Microsoft does have problems. Sometimes the service goes up and down. Sometimes they change without prior notice. 

What do I think about the scalability of the solution?

It is a scalable solution. Our organization has around a thousand users using Microsoft Defender for Office 365

How are customer service and support?

Sometimes it's good. Sometimes it's bad. It's up and down.

How was the initial setup?

The initial setup is straightforward. You just add the license, click it, and then you can set up the rules. It is quite simple. 

What about the implementation team?

You can set it up in-house. 

What's my experience with pricing, setup cost, and licensing?

The pricing has become expensive. 

Some customers want to use a monthly payment, but Microsoft recently changed its license policies. So we are encouraging most users to pay annually.

What other advice do I have?

Overall, I would rate the solution a nine out of ten. I would definitely recommend using the solution. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Microsoft Defender for Office 365
May 2024
Learn what your peers think about Microsoft Defender for Office 365. Get advice and tips from experienced pros sharing their opinions. Updated: May 2024.
772,422 professionals have used our research since 2012.
Prateek Agarwal - PeerSpot reviewer
Manager at a tech company with 201-500 employees
Real User
Top 5Leaderboard
Threat explorer and attack simulator features provide valuable security insights, and the solution saves time, effort, and money
Pros and Cons
  • "Threat Explorer is one of the features that I very much like because it is a real-time report that allows you to identify, analyze, and trace security attacks."
  • "There is room for improvement with the UI."
  • "The company should focus on adding threats that the solution is currently unable to detect."

What is our primary use case?

This solution is a cloud-based email filtering service. It scans our inbound and outbound emails and attachments, and protects our Office 365 from unknown malwares and viruses. It is very effective at analyzing advance attacks such as phishing and zero-day malwares, so it gives us the flexibility to know more about what kind of attacks we're at an increased risk for. The solution helps us to prioritize threats, and it gives us real-time analytic reports about the latest security threats in cyberspace.

How has it helped my organization?

Office 365 is our daily driver for Word, MS PowerPoint, Excel, and Outlook. We have confidential attachments and share URLs within emails, so we worry about our data. Defender helps us to track and scan every inbound and outbound email, so that they can't be read by third parties.

What is most valuable?

Threat Explorer is one of the features that I very much like because it is a real-time report that allows you to identify, analyze, and trace security attacks.

The Attack Simulator feature is built into Defender and runs real-time attack scenarios to identify any security vulnerabilities, phishing attacks, or ransomware attacks.

The automated incident responses, AIRs, have capabilities that save time and effort.

What needs improvement?

There is room for improvement with the UI.

The company should focus on adding threats that the solution is currently unable to detect. Sometimes it misses threats and viruses across the whole solution that are not covered under the current scanning. For example, if there are a hundred viruses that could be threatening us, sometimes Defender will only be able to scan for 95 out of 100.

We have to pay for storage for the solution. The storage cost should not be included in the subscription.

The notification rates are very high. It even notifies us for some small, low-priority viruses. My recommendation is that it should only notify us for high-level security threats that could highly affect our applications.

For how long have I used the solution?

We deployed Defender about two years ago.

What do I think about the stability of the solution?

Every product has some challenges and limitations. Sometimes it skips possible viruses while it is scanning, but apart from that, I would give this solution a nine out of ten for stability.

How are customer service and support?

We have had contact with the support team, and it is fine. I would rate them as a nine out of ten because nobody is perfect and sometimes we have to wait for responses.

How was the initial setup?

Every solution developed by Microsoft, especially in Azure, is very easy to deploy. The deployment is not complex. It doesn't require much technical knowledge because most things are taken care of by their consulting and solution architect team.

What about the implementation team?

It can be implemented in-house. You just need to share your requirements so that they can be set up by Azure, and then you enable the services over the Azure portal. Then you configure your application endpoints and you're done. All of the updates and upgrades are managed by Microsoft.

What was our ROI?

Some emails are very confidential, and sometimes Office itself blocks some attachments or blocks some users from sending those emails. Defender helps us to scan the emails first, and then send them to clients and other users. It saves time as well as human efforts to diagnose which emails were sent, which ones were bounced, and which ones are in the outbox. It's a subscription-based service, so we have to procure licenses for the entire user base, but it saves money so we have seen a return on investment.

What other advice do I have?

Overall, it is a very good solution. We estimate that we have a 30-35% time savings thanks to this solution.

My primary focus is the compatibility with Microsoft 365. If a solution is compatible and gives good results, then it's fine with me. I've been unable to find a solution, apart from Defender, that gives us flexibility for end-to-end security and is compatible with Office 365. 

I would rate this solution as a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security analyst at a educational organization with 1,001-5,000 employees
Real User
Comprehensive protection for email security with responsive support and valuable features like attack simulation offering robust threat detection, efficient automation, and excellent scalability
Pros and Cons
  • "Threat Explorer is an invaluable tool for me, and it plays a crucial role in helping me discern the origins of various email campaigns, pinpointing where they emanate from, and identifying the individuals within our organization who are affected."
  • "There's room for improvement regarding the time frame for retrieving emails."

What is our primary use case?

It allows us to effectively detect and manage malicious URLs within emails. This proactive approach allows your team to identify and resolve security incidents promptly. We optimize our security by incorporating Microsoft's IOCs into both Defender for Office 365 and endpoint protection. This integration prevents our devices from accessing known threats, saving significant time weekly. Centralized management of threat indicators proves highly efficient, potentially saving hours. This comprehensive strategy enhances our proactive security measures across our systems.

How has it helped my organization?

When dealing with a large volume of emails, whether received or sent by users, Defender solutions, particularly Threat Explorer, prove to be highly effective. In instances where users may have inadvertently interacted with potentially harmful emails, it enables me to isolate and analyze these emails by placing them in a secure sandbox environment. This insight is crucial for addressing incidents promptly and collaboratively, fostering a cooperative approach to resolving potential security issues within the organization. In Defender 365, we've implemented a dual-pronged approach for automating tasks and managing security incidents. When alerts like a user clicking on a malicious URL occur, data is directed to Sentinel or Log Analytics. A logic app is then employed to analyze the user's actions using Defender for Endpoint, tracking device activities, and making informed decisions. This integrated system enables us to swiftly identify, analyze, and respond to security incidents, enhancing our ability to manage and mitigate potential threats effectively. It has significantly reduced our time to detect and respond to security incidents. While I don't have an exact figure, the impact has been substantial. By consolidating multiple solutions into logic apps and gaining visibility, we can now respond much more efficiently than before. Without this integrated approach, lacking visibility hampers our ability to identify and address potential threats promptly.

What is most valuable?

Threat Explorer is an invaluable tool for me, and it plays a crucial role in helping me discern the origins of various email campaigns, pinpointing where they emanate from, and identifying the individuals within our organization who are affected. The convenience of having a centralized location for extracting comprehensive data is particularly noteworthy. With Threat Explorer, I can efficiently manage and mitigate the impact of these campaigns by removing problematic emails from mailboxes, all in one centralized location, eliminating the need to navigate through multiple areas. Effectively prioritizing threats across our enterprise is crucial for us, given that the primary avenue of attack is often through phishing emails. By having robust protection in place, we're able to significantly mitigate this prevalent threat, essentially clearing a major portion of the cybersecurity landscape.

What needs improvement?

There's room for improvement regarding the time frame for retrieving emails. Currently, the limitation allows users to go back only thirty days when pulling emails or conducting related actions. Enhancing this capability to extend the timeframe, perhaps to sixty or ninety days, would be beneficial.

For how long have I used the solution?

I have been working with it for three years.

What do I think about the stability of the solution?

It has been reliable. I haven't encountered any instances of downtime or significant bugs; occasionally, signing out and back in resolves minor issues.

What do I think about the scalability of the solution?

In terms of scalability, our institution has expanded with more students and staff, and we haven't experienced any performance issues with Defender for Office 365. It has proven to be effective and adaptable to the growth of our organization. We currently have approximately four thousand staff members.

How are customer service and support?

The support team, not only for Defender for Office 365 but for any issues I've encountered, has been exceptional. Whether reaching out through email or submitting a support ticket, I typically receive a callback within hours. I've never personally faced any challenges in contacting Microsoft support—they've consistently been prompt and responsive. The account managers, or whatever they're officially called, have been quick to answer and address any inquiries, making the support experience highly satisfactory. I would rate it ten out of ten.

How would you rate customer service and support?

Positive

What other advice do I have?

I would highly recommend it as it offers numerous features that can significantly enhance your security posture. Overall, I would rate it ten out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Gordon McGowan - PeerSpot reviewer
Deputy Chief Information Officer at County of Montgomery, PA
Real User
Top 20
Improves organizational security without the help of third-party applications
Pros and Cons
  • "Microsoft Defender for Office 365 has improved my organization's security. It makes it easier to manage the infrastructure without the help of third-party applications."
  • "Microsoft Defender for Office 365 must improve the overall management style, including the GUI. It also needs to change the filters so that it is easy to whitelist and blacklist data."

What is our primary use case?

We use Microsoft Defender for Office 365 for protection. 

How has it helped my organization?

Microsoft Defender for Office 365 has improved my organization's security. It makes it easier to manage the infrastructure without the help of third-party applications. 

What is most valuable?

The product helped us maintain collaboration and communication during the pandemic with the help of Teams. 

What needs improvement?

Microsoft Defender for Office 365 must improve the overall management style, including the GUI. It also needs to change the filters so that it is easy to whitelist and blacklist data. 

For how long have I used the solution?

I have been using the product for six years. 

What do I think about the stability of the solution?

The product is stable. I rate it a ten out of ten. 

What do I think about the scalability of the solution?

Microsoft Defender for Office 365 is scalable. I rate it a ten out of ten. 

How are customer service and support?

The tool's support is good. 

How would you rate customer service and support?

Positive

What's my experience with pricing, setup cost, and licensing?

Microsoft Defender for Office 365 is expensive but does what it says. 

What other advice do I have?

Microsoft Defender for Office 365 is efficient and picks up threats before they pass on to the systems. 

The tool's automation has made us more efficient in our daily tasks. 

The solution saves much time since you don't have to reimage the computer after an attack. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Giovanni Emerenciano - PeerSpot reviewer
IT Manager at a manufacturing company with 51-200 employees
Real User
Top 10
Helps our SOC team avoid manual work
Pros and Cons
  • "It gives us visibility into threats and, for endpoints, it helps us to prioritize threats. We used to have a lack of visibility, but now our time to detect and respond has decreased."
  • "About eight months ago, we started to measure the quantity of phishing and spam that we have been receiving, and it has been increasing a lot. That means that protection for our email is not as good as we were expecting."

What is our primary use case?

We have started using Defender on our endpoints, together with the basic Defender for email. We placed Defender on our endpoints through our XDR solution. It's connected to our SOC and the SIEM.

How has it helped my organization?

The fact that it's easy to integrate and implement has helped us to move forward with our project.

Also, on the clients, we have implemented automated identification and blocking, and these help our SOC team avoid doing manual work.

What is most valuable?

It gives us visibility into threats and, for endpoints, it helps us to prioritize threats. We used to have a lack of visibility, but now our time to detect and respond has decreased.

Also, in the beginning, Microsoft Defender for Office 365 saved us time because we had started a completely new company. Now that we are more established, we need another, more advanced solution with more machine learning and artificial intelligence related functionality.

What needs improvement?

About eight months ago, we started to measure the quantity of phishing and spam that we have been receiving, and it has been increasing a lot. That means that protection for our email is not as good as we were expecting.

Now that we have more visibility into threats, our orientation is to have a more top-market solution to give us more visibility and easier ways to respond to the threats that we find and also to identify threats better.

It is not really straightforward to get a lot of information from Microsoft Defender, so we have had to use Microsoft Graph to create some custom views to export custom information.

For how long have I used the solution?

I have been using Microsoft Defender for Office 365 for four years.

What do I think about the stability of the solution?

The stability is really good. We have never had any problems related to Defender.

What do I think about the scalability of the solution?

The scalability is also very good. It's easy to increase usage, but that's expected.

We are a multinational company, so we have multiple locations, including Brazil and several countries in Europe. We have about 470 end-users.

How are customer service and support?

The technical support is really good. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used Symantec when we were part of a big company. We decided to use Microsoft because it is a fully integrated solution and was embedded in our licenses. We did not take into consideration all the features.

Our company was sold by that big company that we used to be part of and we then consolidated and created a new company about four years ago. We wanted to move forward, as fast as possible, with as much security as possible.

How was the initial setup?

It was really straightforward to set up. We implemented it on our endpoint devices, and then we configured a lot of policies to manage and avoid threats, as well as policies for phishing and the cloud.

The maintenance is mostly related to fine-tuning phishing and other issues and is handled by one or two engineers, but it's not needed frequently.

What about the implementation team?

It was done in-house, with two or three of our resources.

What's my experience with pricing, setup cost, and licensing?

It is much more expensive than using another solution because we have had to include some options and upgrade our license. Be aware of the licensing model, because for certain features you need a different level of licensing.

Which other solutions did I evaluate?

We did not look at other options. The main reason we went with Microsoft was because of the complete integration.

What other advice do I have?

If I were asked whether to go with a single vendor or multiple vendors for security, I would say use multiple vendors. We are using Microsoft for collaboration, email, chat, and security. It's like having the wolf secure your house. Having different vendors would help give you different visibility and data and different people managing different solutions.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Vice President at a computer software company with 11-50 employees
Real User
Top 20
Saves the clients money because my team spends fewer hours doing tasks each week
Pros and Cons
  • "The most valuable feature is protection against malicious links, fishing, and impersonation. You can train people to be aware of these threats, but they're not always careful. When they're using their phones between meetings, they click on a link, and it's game over."
  • "The only thing they should improve is the licensing model. They should stop changing it. A year ago, the five features I mentioned were included in one product. Now, three of them are bundled into one product, and you have to pay extra for the other two. I don't mind paying extra, but I don't want them to change it every year or every six months. I need to know what I'm looking at and not worry about it next year."

What is our primary use case?

We use Defender for Office for its five core features: anti-phishing, malware, link scanning, attachment scanning, and anti-spam.

How has it helped my organization?

We switched from Mimecast to Defender, and it's been a massive difference. Mimecast is convoluted, obtuse, and frustrating. That's not the case for Microsoft 365. Mimecast has more false positives, and the link-scanning feature requires you to authenticate devices every time you use the solution, which is untenable if you're on your phone. It's just not possible. 

If you're trying to look up a PDF that somebody sent, and a safe link is embedded in that, Mimecast and Microsoft write it into the "send" box. However, Microsoft is much better because you are already authenticated, so you don't need to re-authenticate again. Mimecast makes you reauthenticate every time.

It gives us one admin portal to see the things we need, which has made life for my admin team easier. I estimate it saves us about an hour or two a week. It saves the clients money because my team spends fewer hours doing tasks each week. 

What is most valuable?

The most valuable feature is protection against malicious links, fishing, and impersonation. You can train people to be aware of these threats, but they're not always careful. When they're using their phones between meetings, they click on a link, and it's game over. 

Impersonation detection is also crucial because attackers are increasingly advanced. They keep changing their tactics and adapting. People are getting emails with display names that look like people from their organization. SDF records, DMARC, and all that stuff don't always work because people often ignore email addresses. We have also used the phishing simulation component. That's pretty good.

What needs improvement?

The only thing they should improve is the licensing model. They should stop changing it. A year ago, the five features I mentioned were included in one product. Now, three of them are bundled into one product, and you have to pay extra for the other two. I don't mind paying extra, but I don't want them to change it every year or every six months. I need to know what I'm looking at and not worry about it next year.

For how long have I used the solution?

I've used Defender in production for about a year.

What do I think about the stability of the solution?

Defender is stable. 

What do I think about the scalability of the solution?

The number of users isn't significant, so I'm not worried about scalability.

How was the initial setup?

Deploying Defender is a two-person job. You don't have to do much to maintain it per se. You occasionally get tickets from users who expected an email that got quarantined. You need to pay attention to that. You'll get access when you get a false positive, and you need one help desk person to look into it. There's no maintenance outside of that. 

What was our ROI?

Defender is cheaper than Mimecast in the long run, so there are savings, if not a return. It's like proving a negative. We haven't been hacked, so I don't know if that's worth anything.

What's my experience with pricing, setup cost, and licensing?

The price is reasonable. 

What other advice do I have?

I rate Defender for Office 365 a nine out of ten. If you could find a better solution than Defender, I would take a look. I originally went with Mimecast because they seemed to have a better product, but that's no longer true. Microsoft Defender is better than Mimecast. I used Mimecast for four years before switching. It used to be better, but now it isn't. You go with the best. Diversifying it is not helpful. Microsoft is finally doing a good job doing this email protection, they didn't do well in the past, but now they are.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
PeerSpot user
HariOmKanth MS - PeerSpot reviewer
DevSecOps Engineer at a tech services company with 11-50 employees
Real User
Top 5Leaderboard
Reduces our response time such that what once took at least an hour can now be resolved in minutes
Pros and Cons
  • "The email protection is excellent, especially in terms of anti-phishing policies."
  • "Several simulation options are available within 365, and the phishing simulation could be better."

What is our primary use case?

We're an MSP, and we deploy security solutions to our clients based in the UAE. We are currently implementing the product ourselves and developing the capacity to deploy it to our clients. We have around 200 total end users. 

In addition to Defender for Office 365, we also use Defender for Cloud and Microsoft Sentinel. The products are integrated.    

The integration was straightforward, as most of our clients and we operate an Azure environment, so integration is usually as simple as a few clicks.

How has it helped my organization?

Defender for Office 365 helps automate routine tasks and find high-value alerts, which we can do using Azure Logic Apps. We can create operations, automate them, and make a workflow using automation. One of our clients didn't have the budget to invest in a SOC team, but we deployed the solution for them, and they now run a SOC with only one analyst. They can achieve this kind of maturity through the product's automation.   

The solution's threat intelligence helps prepare us for potential threats before they hit and take proactive steps. Sentinel also features robust threat hunting, which provides indicators of possible attacks and is beneficial information to have.   

Defender for Office 365 saved us time, we have seen many improvements to the product, and Microsoft regularly brings out new features. The tool is at a good point right now and is on the path to improvement. Time saved is in the region of 30-40%.  

It decreased our time for detection and response, especially with its SOAR capabilities. We can activate automated runbooks in a few clicks and block a malicious or unauthorized user in a single click. We rapidly receive alerts, which reduces our response time such that what once took at least an hour can now be resolved in minutes.   

What is most valuable?

The email protection is excellent, especially in terms of anti-phishing policies. 

The solution's information protection around sensitive labels and compliance-related security features are also very valuable.

Defender for Office 365 provides excellent visibility into threats; we can see the attacks and phishing campaigns running against our users from the portal.  

The product helps us prioritize threats across the enterprise, which is essential because most of our clients come to us with alert fatigue. They have so many alerts they often need help determining which ones to work on, and the solution's threat prioritization helps us narrow that down.  

The comprehensiveness of the threat protection provided by Microsoft security products is excellent; we wouldn't use any other third-party security solutions, and it all comes packaged with Azure or an E5 license.    

Microsoft Sentinel enables us to ingest data from our entire ecosystem, which is vital because when we deliver security products for clients, one of their primary requirements is to collect all the on-prem logs and put them in the cloud. Sentinel is capable of this and requires some expertise to operate in this way. 

Sentinel allows us to investigate threats and respond holistically from one place; that's what it's built for. We work offsite as we aren't in the same region as our clients, so the ability to respond remotely is essential to us.  

What needs improvement?

Several simulation options are available within 365, and the phishing simulation could be better.

I want to see improvements that will make the tool easier to operate. 

For how long have I used the solution?

We've been using the solution for one year. 

What do I think about the stability of the solution?

The product is stable. 

What do I think about the scalability of the solution?

Defender for Office 365 is scalable. 

How are customer service and support?

We never had to contact technical support. When we encounter an issue, we can search for a solution on the internet or YouTube, for example, for specific configurations. There's excellent community support available.

Which solution did I use previously and why did I switch?

We didn't previously use a different solution. When I joined the company, we were and remained Microsoft Gold Partners, so we don't have any other third-party tools.

How was the initial setup?

I wasn't involved in the initial setup, and the solution is lightweight in terms of maintenance. A yearly configuration review is sufficient. 

What's my experience with pricing, setup cost, and licensing?

Defender for 365 comes in various plans and licenses, along with other Microsoft security solutions. Purchasing this kind of package or security bundle gives good value for money, and that's what I recommend.

To a colleague who says it's better to go with a best-of-breed strategy rather than a single vendor's security suite, in terms of pricing, it's better to get a good package for security solutions from one vendor rather than multiple vendors.  

What other advice do I have?

I rate the solution eight out of ten.

Multiple integrated Microsoft solutions work natively together to deliver coordinated detection and response across our environment, and we Microsoft Sentinel to our clients. It's a SIEM tool, and once we configure Defender, we can push alerts to Sentinel, which is valuable.   

We leverage Sentinel's SOAR capabilities with the help of Logic Apps, and many libraries are available to make automation easier. However, some complexity is involved in developing Logic Apps, so it requires some expertise.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: MSP
PeerSpot user
Buyer's Guide
Download our free Microsoft Defender for Office 365 Report and get advice and tips from experienced pros sharing their opinions.
Updated: May 2024
Buyer's Guide
Download our free Microsoft Defender for Office 365 Report and get advice and tips from experienced pros sharing their opinions.