Microsoft Defender for Office 365 Reviews

We use Defender with Sentinel to investigate user activity on Office 365 applications.

Defender enables us to secure all 365-related activity from a single place. It gives us visibility into everything happening in Outlook, protecting us against phishing and other email-based threats. Defender helps us detect any suspicious behaviors.

The solution helps us automate some tasks. For example, instead of going through alerts one at a time, we can ping using Sentinel, and everything will be reduced to one group because it is already done in Defender. I don't need to write a KQL or investigate everything. It reduces the time spent and helps me to prioritize. Sentinel usually resolves the low-level alerts on its own, so I don't need to spend much time. 

Defender lets us consolidate dashboards, so we can see all the information we need in one place. It's time-consuming to switch between multiple dashboards to find what you need. 

The solution's threat intelligence helps us stay on top of new attacks. Novel threats are flagged in Microsoft Defender. It will show you what to look for, and you can learn the recommended remediation steps, so you can take steps to mitigate risk before the issue occurs.

It reduces the work we need to do for our clients because we can quickly find the information we need and take action. Every alert takes some time to respond to. If we see something suspicious, we can gather all the details and provide them to the client. We do about 90 percent of the work; the other 10 percent is the client's responsibility. 

Defender provides all the details and evidence we need about an incident, so you don't need to look for it. Once you enter the tab, you get all the information about the user's activity and everything you need to know within the alert. 

It also helps us identify vulnerabilities. When a new threat is discovered, Defender will flag the client's vulnerable assets and tell us what needs to be patched. That is helpful information to share with our clients. They can patch the vulnerability before being affected. 

Microsoft Defender enables us to prioritize threats. It's crucial because if we ignore critical alerts, we might miss a severe vulnerability, and the user host could be affected if that happens. We must prioritize alerts to address the ones with the highest risk first. Next, we move on to the medium or low-risk alerts and the purely informational notifications. 

We use Defender for 365 with Defender for Cloud and Sentinel. Microsoft Defender for Cloud is primarily for checking the client's security posture. Sentinel ingests data from our entire ecosystem and helps us correlate events from the logs to understand user activity better. 

We can run queries on user behavior or check the logs for any activity related to the alert. Integrating Sentinel and Defender is vital because getting the information from the logs is much easier. We don't need to look at the metadata because we can see the events in a structured format. A few of the alerts can always be resolved by SIEM analysis. If it isn't a high-priority alert, Sentinel can clear it. 

Having everything available in one place is helpful for our investigation. We can forward those details to our clients so they can take action. All the information is in the logs. 

Sentinel allows us to analyze user behavior and assign user risk based on patterns. For example, we can see if a user attempts to log in with an abusive IP. It detects the behavior, so we don't need to search the logs or look through the threat intel. Sentinel gives us a report of all the risky users. The sign-in logs and audits are neatly formatted so we can click through instead of searching manually.

Microsoft sometimes has downtime, and we'll get several incidents coming back-to-back. We have a huge backlog of notifications, many of which may be false positives. However, there might be serious alerts, so we can't risk dismissing all of them at once.

A few days ago, we had an issue where everything that came into the user's mailbox was flagged. We got hundreds of notifications. It was problematic for us, but the investigation was easy. 

I have used Defender for 365 for around six months.

I rate Defender for 365 an eight out of ten for stability. 

I rate Defender a nine out of ten for scalability. 

I rate Microsoft's support a nine out of ten. 

Positive

I rate Microsoft Defender for Office 365 a nine out of ten. We work in more of an investigative role. Defender helps us automate many tasks. It's better to go with a single vendor instead of a best-of-breed strategy. 

We are using Microsoft Defender for Office 365 to avoid spam, malware, and similar threats.

Microsoft Defender for Office 365 helps us prioritize threats across our enterprise. I am able to let the system fix the malware while I focus on other tasks.

Microsoft Defender for Office 365 automates routine tasks and highlights critical alerts, significantly improving our security operations. This automation saves us time by reducing repetitive tasks, allowing us to focus on developing new services instead of solely on security operations.

The threat intelligence feature helps us take proactive steps to prevent threats.

Microsoft Defender for Office 365 saves us time and money and has helped decrease the time to detection and response.

It has helped us to avoid malware in the system and prevent unwanted emails from entering our system.

The most valuable aspect of Microsoft Defender for Office 365 is its ability to protect us from malware. This has effectively helped us avoid malware in the system and keep out unwanted emails. It allows us to spend less time on repeated tasks, enabling us to develop new services.

The changes to customer service, specifically the new model for support agreements, are not favorable. We have to pay $600 for every instance, making it too expensive. We might need to look at other support options.

I have been using Microsoft Defender for Office 365 for over ten years.

Microsoft Defender for Office 365 is stable. It's doing what it's supposed to do.

The solution is scalable. Microsoft Defender for Office 365 is flexible with other security products we use. Our usage depends on Microsoft adding features.

We have a premier support agreement. Initially, it worked well, but the new model, where we have to pay for every instance, is not satisfactory.

Positive

We used alternative solutions prior to implementing Microsoft Defender for Office 365. We selected it due to its superior integration with our existing security infrastructure.

The implementation was completed in-house.

We evaluated other solutions before switching to Microsoft Defender for Office 365.

I would rate Microsoft Defender for Office 365 ten out of ten.

I work in the industry where we use Microsoft 365 and its associated products like Office Works, PowerPoint, Excel, and Word.

We use Microsoft Defender to help protect our business areas by integrating it with our existing infrastructure, including Azure, which assists in defending the business areas.

We use Microsoft Defender for its ability to integrate with existing business technologies, which is beneficial for protecting business areas.

Configuration at the mid-level could be improved for the support team.

I have about ten years of experience with Microsoft Defender for Office 365.

The solution is very stable, and Microsoft products have general high availability within the company.

Microsoft 365 meets the needs of the company, which suggests that Microsoft Defender is a scalable solution.

We have a premium contract for Microsoft support, which is rated nine or ten. Although I am not directly involved with their support, clients usually appear satisfied.

Positive

I do not have experience with other email security solutions.

The setup is easy and not difficult.

I do not understand the question regarding return on investment.

I do not know the value of the contracts or the cost compared to competitors.

I have not evaluated other solutions for email security.

Configuration for end users is simple, but improvements can be made in mid-level configurations to make it better for the team.

I'd rate the solution eight out of ten.

The benefit that stands out to me is the ability for multiple individuals to collaborate simultaneously within the same document. Additionally, there is the option to save the document directly in the integrated OneDrive or SharePoint. 

Microsoft Defender for Office 365 should improve the troubleshooting tools. It's unclear whether the device is blocked at the firewall level or at the device itself. The granularity needed for troubleshooting is currently lacking.

From my perspective, Microsoft should address this issue to benefit many users who likely share the same sentiment.

I have been using the product for three years. 

Microsoft Defender for Office 365 is stable. 

You can scale up as you pay. 

Evaluating Microsoft support can be a bit mixed. Sometimes, it's good, but not so much. The initial contact is typically with the help desk. When I call, I usually need someone at a higher level, maybe level three, to assist with more complex problems. The challenge is that it can take up to two weeks to resolve issues, and my main complaint is the waiting times and the basic nature of level-one support. Getting to the expert who can fix the problem often takes a couple of weeks.

Neutral

My clients used Norton and McAfee before Microsoft Defender for Office 365. It makes sense in the long term, especially when many clients already have Microsoft 365 in their licenses. Paying more to get the security features with Microsoft instead of additional licensing costs with a different company is a practical choice. It seems to be mainly about saving money.

The tool's deployment is not straightforward. However, it has good documentation. 

The solution is good but not cheap. It offers a big ecosystem where you can manage everything from one place. 

Integrating identity and access management into Microsoft 365 Defender is important for my customers and me. The ability to centrally manage these aspects within the platform is highly valuable. Rather than navigating through numerous consoles to verify various aspects, having almost everything in a single location saves time. This integrated approach streamlines operations and reduces the complexity of learning and managing different products.

Nowadays, everyone uses not just Microsoft products but also third-party ones. It would be good if Microsoft could make its security tools work with all kinds of software. Nowadays, there are so many cyber attacks and security threats. Having one product that can handle and manage all these threats across the board is beneficial.

We have stopped using Trend Micro in a couple of places. I am not sure if it was due to cost or pricing. 

The product is more convenient to manage, and it saves time. Instead of navigating through different controls, having everything in one place allows the security team to take action on threats or issues.

I rate the product a nine out of ten. I have used it for security and compliance. In my experience, they're doing quite well; it's a good product. If people are considering Microsoft products, I would say, why not? It's just that support during implementation could be better sometimes. However, it's a good product with frequent updates. 

I work for a consulting company that implements security solutions. Defender for 365 helps clients weed out suspicious mail that contains phishing links or fails to meet other criteria in our policies. We set security policies and take action based on the severity of the threat. Defender has preset templates that we modify based on each company's requirements. 

Some of our customers use multiple Microsoft security solutions, and others have a mixture. For example, one of our customers must use CyberArk as their single sign-on solution. If our customers want to use another application, we have a procedure to implement and integrate that.

Our customers are satisfied with Defender for 365 because Microsoft products are easy to use and customize to meet the client's needs. Everything is in one place, so we can adjust policies as needed for phishing, DLP, ATP, or any other security features that our clients want to apply.

Defender allows you to prioritize threats based on severity. We can automate it to trigger alerts based on defined policies and send notifications to the appropriate teams. It may be a security incident or a performance issue like disk, memory, or hardware utilization. We'll set a threshold value for each alert. 

Prioritization is essential, but each customer has different priorities based on their requirements. For example, some customers need to monitor servers, and some don't. We have to implement a policy based on what the customer uses. We want everything to be secure and implement security everywhere.

Microsoft has the latest threat information from around the world. They have a central repository that is constantly updated to address emerging threats and secure customers against them.

Customers can save time and money by implementing the Microsoft package because it's easy to implement. Defender streamlines detection and response. Everything is on the cloud, and you can get a complete picture of your environment from one console. 

Defender for 365 provides a single integrated platform for securing and managing Office 365 solutions like Microsoft Exchange, SharePoint, Microsoft Teams, etc. Sentinel is included in the same security package. It provides continuous monitoring and alerts.

Microsoft security solutions work together to provide comprehensive protection. They are regularly updating the threat database, and we can detect any novel threats on all the endpoints within the cloud. We have policies in place to relocate affected devices to a sandbox, and we can restore it after clearing it.

Microsoft's security solutions work as expected. They are constantly updating the solutions to make them better. At the same time, the changes can impact a customer's environment, and we need to adjust settings. Sometimes we aren't aware of the changes, and nothing is pushed from the backend automatically. 

I have used Microsoft Defender security products for three years. 

Defender is stable. Microsoft guarantees 99.9 percent availability. 

Defender is scalable. 

I rate Microsoft's support a nine out of ten. Their support engineers are highly experienced people. They provide accurate and straightforward suggestions. Sometimes, they need to take time to consult with the backend team and return with a solution. Microsoft offers various levels of support depending on the package you've purchased. Microsoft support can help you investigate issues or root causes, and they will assist you if you get stuck during implementation. 

Positive

I've also worked with Symantec ATP and DLP.

Deploying Defender is straightforward once the client is ready to be onboarded. Before that happens, the sales and technical teams have to demonstrate that the solution meets the customer's requirements. Once the customer purchases the license, Defender will appear in their console. They only need to log in and verify the purchase. The only other setup is configuration. Defender is a cloud-based solution, so it requires no regular maintenance. We will open a ticket if there are any significant outages or performance problems. 

Microsoft Defender is expensive. I typically recommend it only if clients have the budget. Otherwise, I would suggest an alternative. 

I rate Microsoft Defender for Office 365 an eight out of ten. Microsoft covers most security areas, and Azure has a complete infrastructure solution. If someone is willing to learn cloud security, I would prefer an Azure-based security solution.

I recommend Defender for 365 depending on a client's security needs. We need to consult with them to learn about their requirements. 

We mainly use it to identify software vulnerabilities. It reports all the software vulnerabilities installed in our web stations and servers.

With Defender for Office 365, we have been able to increase the security posture across our organization. Within the first month of using this product, we realized that benefit.

When it comes to software vulnerabilities, we can target them and update the software as soon as we see that there is a vulnerability. And then we can make sure that they are updated and check that the update process was successful within a different department. That has really helped us improve our productivity.

The solution saves us time because we don't have to go here and there to identify things. It's a single portal that has all the details we need. Their support is also good. These features have, again, helped us improve our productivity a lot. It saves us about 25 percent of our time.

It has also saved us money because we don't have to pay for other security products like Nessus. This solution has almost everything we got from other products, so we don't have to go for an additional solution. It's saving us about 50 percent, cost-wise.

Our time to detect threats has decreased. With products like Nessus, until their scan runs, we are not aware whether a threat is fixed or not. But with Defender, within one to two hours that information is reflected. With Nessus, sometimes we had to wait a day to see that information reflected in the portal. Because we are aware of issues earlier, we can act on them sooner.

The most valuable feature is the score. By looking at the score, you can identify if you are at risk or not.

It also gives the vulnerability status according to the versions you have selected. Let's say you have Google Chrome. It mentions the versions it has, and it updates. Within two hours of an update, it is reflected in the dashboard. That's really nice to have.

It gives me everything I need, visibility-wise. It also helps prioritize threats across our enterprise and that's very important. That means we can identify the critical vulnerabilities first and keep an eye on other vulnerabilities. By looking at the dashboard, I immediately get an idea of how critical an issue is and we can fix vulnerabilities before they result in an attack.

It has also helped eliminate looking at multiple dashboards, giving us one XDR dashboard, which has made our security operations really easy. We can also create internal tickets within the portal itself. We can assign them to people and see how long it took them to close the tickets. That makes things really easy.

In one of the reports, I can get the exact place where a vulnerable file resides. But for that, I need to explicitly go into the device and check. If they could include that file part in the report, without my having to go to the device itself, that would help.

I have been using Microsoft Defender for Office 365 for about two years.

It is stable.

There are bugs here and there, but they have been able to rectify them.

It's scalable. It discovers almost all of the workstations and servers across our organization. We have about 3,000 endpoints.

Whenever we ask a question, they provide us with a solution. I'm happy with their technical support.

Positive

We previously used Nessus. We switched mainly because of the cost and the integration. With Nessus, we had to install an agent, but with Defender, since we were already using it, we could just turn it on with the cloud portal and deploy it very easily.

I wasn't involved in the initial setup, but in terms of maintenance, we push it through Windows Update so we don't have to explicitly do any updates.

I would recommend Microsoft Defender for Office 365. 

If you already have a deployment method, like CCM or something similar, it will be easy. Even if not, there are several other deployment methods that could support any scenario.

We already had an Office subscription, so we just started a trial and we were happy with it and we went with it.

In terms of a best-of-breed strategy rather than a single vendor security suite, a single vendor security suite is good when it comes to deployment and manageability. It's easy.

Our primary use case is for features like mail protection and preventing impersonation. It has extended the protection for the user.

What I don't like about Microsoft Defender for Office 365 is that many of the features should be default. They should be included, not optional, like other vendors provide.

I have been working with Defender for Office since the beginning. It's been evolving all the time.

I would rate the stability an eight out of ten. We noticed that from time to time, Microsoft does have problems. Sometimes the service goes up and down. Sometimes they change without prior notice. 

It is a scalable solution. Our organization has around a thousand users using Microsoft Defender for Office 365. 

Sometimes it's good. Sometimes it's bad. It's up and down.

The initial setup is straightforward. You just add the license, click it, and then you can set up the rules. It is quite simple. 

You can set it up in-house. 

The pricing has become expensive. 

Some customers want to use a monthly payment, but Microsoft recently changed its license policies. So we are encouraging most users to pay annually.

Overall, I would rate the solution a nine out of ten. I would definitely recommend using the solution. 

We use Defender for Office for its five core features: anti-phishing, malware, link scanning, attachment scanning, and anti-spam.

We switched from Mimecast to Defender, and it's been a massive difference. Mimecast is convoluted, obtuse, and frustrating. That's not the case for Microsoft 365. Mimecast has more false positives, and the link-scanning feature requires you to authenticate devices every time you use the solution, which is untenable if you're on your phone. It's just not possible. 

If you're trying to look up a PDF that somebody sent, and a safe link is embedded in that, Mimecast and Microsoft write it into the "send" box. However, Microsoft is much better because you are already authenticated, so you don't need to re-authenticate again. Mimecast makes you reauthenticate every time.

It gives us one admin portal to see the things we need, which has made life for my admin team easier. I estimate it saves us about an hour or two a week. It saves the clients money because my team spends fewer hours doing tasks each week. 

The most valuable feature is protection against malicious links, fishing, and impersonation. You can train people to be aware of these threats, but they're not always careful. When they're using their phones between meetings, they click on a link, and it's game over. 

Impersonation detection is also crucial because attackers are increasingly advanced. They keep changing their tactics and adapting. People are getting emails with display names that look like people from their organization. SDF records, DMARC, and all that stuff don't always work because people often ignore email addresses. We have also used the phishing simulation component. That's pretty good.

The only thing they should improve is the licensing model. They should stop changing it. A year ago, the five features I mentioned were included in one product. Now, three of them are bundled into one product, and you have to pay extra for the other two. I don't mind paying extra, but I don't want them to change it every year or every six months. I need to know what I'm looking at and not worry about it next year.

I've used Defender in production for about a year.

Defender is stable. 

The number of users isn't significant, so I'm not worried about scalability.

Deploying Defender is a two-person job. You don't have to do much to maintain it per se. You occasionally get tickets from users who expected an email that got quarantined. You need to pay attention to that. You'll get access when you get a false positive, and you need one help desk person to look into it. There's no maintenance outside of that. 

Defender is cheaper than Mimecast in the long run, so there are savings, if not a return. It's like proving a negative. We haven't been hacked, so I don't know if that's worth anything.

The price is reasonable. 

I rate Defender for Office 365 a nine out of ten. If you could find a better solution than Defender, I would take a look. I originally went with Mimecast because they seemed to have a better product, but that's no longer true. Microsoft Defender is better than Mimecast. I used Mimecast for four years before switching. It used to be better, but now it isn't. You go with the best. Diversifying it is not helpful. Microsoft is finally doing a good job doing this email protection, they didn't do well in the past, but now they are.