Microsoft Defender for Office 365 Reviews

It allows us to effectively detect and manage malicious URLs within emails. This proactive approach allows your team to identify and resolve security incidents promptly. We optimize our security by incorporating Microsoft's IOCs into both Defender for Office 365 and endpoint protection. This integration prevents our devices from accessing known threats, saving significant time weekly. Centralized management of threat indicators proves highly efficient, potentially saving hours. This comprehensive strategy enhances our proactive security measures across our systems.

When dealing with a large volume of emails, whether received or sent by users, Defender solutions, particularly Threat Explorer, prove to be highly effective. In instances where users may have inadvertently interacted with potentially harmful emails, it enables me to isolate and analyze these emails by placing them in a secure sandbox environment. This insight is crucial for addressing incidents promptly and collaboratively, fostering a cooperative approach to resolving potential security issues within the organization. In Defender 365, we've implemented a dual-pronged approach for automating tasks and managing security incidents. When alerts like a user clicking on a malicious URL occur, data is directed to Sentinel or Log Analytics. A logic app is then employed to analyze the user's actions using Defender for Endpoint, tracking device activities, and making informed decisions. This integrated system enables us to swiftly identify, analyze, and respond to security incidents, enhancing our ability to manage and mitigate potential threats effectively. It has significantly reduced our time to detect and respond to security incidents. While I don't have an exact figure, the impact has been substantial. By consolidating multiple solutions into logic apps and gaining visibility, we can now respond much more efficiently than before. Without this integrated approach, lacking visibility hampers our ability to identify and address potential threats promptly.

Threat Explorer is an invaluable tool for me, and it plays a crucial role in helping me discern the origins of various email campaigns, pinpointing where they emanate from, and identifying the individuals within our organization who are affected. The convenience of having a centralized location for extracting comprehensive data is particularly noteworthy. With Threat Explorer, I can efficiently manage and mitigate the impact of these campaigns by removing problematic emails from mailboxes, all in one centralized location, eliminating the need to navigate through multiple areas. Effectively prioritizing threats across our enterprise is crucial for us, given that the primary avenue of attack is often through phishing emails. By having robust protection in place, we're able to significantly mitigate this prevalent threat, essentially clearing a major portion of the cybersecurity landscape.

There's room for improvement regarding the time frame for retrieving emails. Currently, the limitation allows users to go back only thirty days when pulling emails or conducting related actions. Enhancing this capability to extend the timeframe, perhaps to sixty or ninety days, would be beneficial.

I have been working with it for three years.

It has been reliable. I haven't encountered any instances of downtime or significant bugs; occasionally, signing out and back in resolves minor issues.

In terms of scalability, our institution has expanded with more students and staff, and we haven't experienced any performance issues with Defender for Office 365. It has proven to be effective and adaptable to the growth of our organization. We currently have approximately four thousand staff members.

The support team, not only for Defender for Office 365 but for any issues I've encountered, has been exceptional. Whether reaching out through email or submitting a support ticket, I typically receive a callback within hours. I've never personally faced any challenges in contacting Microsoft support—they've consistently been prompt and responsive. The account managers, or whatever they're officially called, have been quick to answer and address any inquiries, making the support experience highly satisfactory. I would rate it ten out of ten.

I would highly recommend it as it offers numerous features that can significantly enhance your security posture. Overall, I would rate it ten out of ten.

We use Microsoft Defender for Office 365 for protection. 

Microsoft Defender for Office 365 has improved my organization's security. It makes it easier to manage the infrastructure without the help of third-party applications. 

The product helped us maintain collaboration and communication during the pandemic with the help of Teams. 

Microsoft Defender for Office 365 must improve the overall management style, including the GUI. It also needs to change the filters so that it is easy to whitelist and blacklist data. 

I have been using the product for six years. 

The product is stable. I rate it a ten out of ten. 

Microsoft Defender for Office 365 is scalable. I rate it a ten out of ten. 

The tool's support is good. 

Positive

Microsoft Defender for Office 365 is expensive but does what it says. 

Microsoft Defender for Office 365 is efficient and picks up threats before they pass on to the systems. 

The tool's automation has made us more efficient in our daily tasks. 

The solution saves much time since you don't have to reimage the computer after an attack. 

Our primary use case is for features like mail protection and preventing impersonation. It has extended the protection for the user.

What I don't like about Microsoft Defender for Office 365 is that many of the features should be default. They should be included, not optional, like other vendors provide.

I have been working with Defender for Office since the beginning. It's been evolving all the time.

I would rate the stability an eight out of ten. We noticed that from time to time, Microsoft does have problems. Sometimes the service goes up and down. Sometimes they change without prior notice. 

It is a scalable solution. Our organization has around a thousand users using Microsoft Defender for Office 365. 

Sometimes it's good. Sometimes it's bad. It's up and down.

The initial setup is straightforward. You just add the license, click it, and then you can set up the rules. It is quite simple. 

You can set it up in-house. 

The pricing has become expensive. 

Some customers want to use a monthly payment, but Microsoft recently changed its license policies. So we are encouraging most users to pay annually.

Overall, I would rate the solution a nine out of ten. I would definitely recommend using the solution. 

The big things we take advantage of are Safe Links for Teams, SharePoint, and Email. We have office locations all over the world. We are in New Zealand, Africa, Europe, the USA, and South America. We have deployed the license for every single person with a mailbox.

Since we have started using the solution, there have been fewer compromises. We're more secure having Safe Links.

It is a high-impact tool. It keeps users from doing anything wrong.

The product must provide better malware detection. The detection algorithms don't perform the way I hope they would.

I have been using the solution for three years.

The tool has 100% stability. It has never been down.

The tool is deployed globally in our tenants. It is scalable. We have about 5500 licenses.

Most of the time, I can get what I need from the support. Sometimes, it is a hit or miss. It is not always straightforward. I often state my problem clearly, and then the support person asks me to explain it again. They must read what I've already written when I opened the ticket. All the details are right there. Far too often, the support personnel do not read the ticket I raise.

Neutral

The initial deployment was pretty simple. We were already under a microscope, so we were pressured. I had to learn what I wanted. We had to deploy the product quickly. We use both AWS and Azure as our cloud providers.

The pricing is too much compared to other security products that do the same things. The product is very expensive. I have a hard time demonstrating more value out of it.

We didn't evaluate anybody else. We had been compromised, so we decided to buy the product.

We get a lot of good visibility. When we look for something, it's pretty easy to see the IP from which the user signed in. We get to know where the person is logging in from. It lets us know quickly whether a particular IP should be logged in at a particular time.

The solution does not help us prioritize threats. It helps us mitigate some of the threats we identify. I don't think prioritization is important. Whoever makes the most has the highest priority.

The solution’s threat intelligence helps us take proactive steps, especially with Safe Links. It helps us track down and look at logs, see what document libraries a threat might have gone to, and try to review the exposed data and potentially exfiltrate it.

The solution has saved my company's money. The tool has decreased our time to respond by a couple of hours per incident. I don't have to involve my network or security teams. We could click through to determine whether an access is legitimate. There may be more cost-effective solutions in the market.

Overall, I rate the solution a nine out of ten for its functionality.

I work for a consulting company that implements security solutions. Defender for 365 helps clients weed out suspicious mail that contains phishing links or fails to meet other criteria in our policies. We set security policies and take action based on the severity of the threat. Defender has preset templates that we modify based on each company's requirements. 

Some of our customers use multiple Microsoft security solutions, and others have a mixture. For example, one of our customers must use CyberArk as their single sign-on solution. If our customers want to use another application, we have a procedure to implement and integrate that.

Our customers are satisfied with Defender for 365 because Microsoft products are easy to use and customize to meet the client's needs. Everything is in one place, so we can adjust policies as needed for phishing, DLP, ATP, or any other security features that our clients want to apply.

Defender allows you to prioritize threats based on severity. We can automate it to trigger alerts based on defined policies and send notifications to the appropriate teams. It may be a security incident or a performance issue like disk, memory, or hardware utilization. We'll set a threshold value for each alert. 

Prioritization is essential, but each customer has different priorities based on their requirements. For example, some customers need to monitor servers, and some don't. We have to implement a policy based on what the customer uses. We want everything to be secure and implement security everywhere.

Microsoft has the latest threat information from around the world. They have a central repository that is constantly updated to address emerging threats and secure customers against them.

Customers can save time and money by implementing the Microsoft package because it's easy to implement. Defender streamlines detection and response. Everything is on the cloud, and you can get a complete picture of your environment from one console. 

Defender for 365 provides a single integrated platform for securing and managing Office 365 solutions like Microsoft Exchange, SharePoint, Microsoft Teams, etc. Sentinel is included in the same security package. It provides continuous monitoring and alerts.

Microsoft security solutions work together to provide comprehensive protection. They are regularly updating the threat database, and we can detect any novel threats on all the endpoints within the cloud. We have policies in place to relocate affected devices to a sandbox, and we can restore it after clearing it.

Microsoft's security solutions work as expected. They are constantly updating the solutions to make them better. At the same time, the changes can impact a customer's environment, and we need to adjust settings. Sometimes we aren't aware of the changes, and nothing is pushed from the backend automatically. 

I have used Microsoft Defender security products for three years. 

Defender is stable. Microsoft guarantees 99.9 percent availability. 

Defender is scalable. 

I rate Microsoft's support a nine out of ten. Their support engineers are highly experienced people. They provide accurate and straightforward suggestions. Sometimes, they need to take time to consult with the backend team and return with a solution. Microsoft offers various levels of support depending on the package you've purchased. Microsoft support can help you investigate issues or root causes, and they will assist you if you get stuck during implementation. 

Positive

I've also worked with Symantec ATP and DLP.

Deploying Defender is straightforward once the client is ready to be onboarded. Before that happens, the sales and technical teams have to demonstrate that the solution meets the customer's requirements. Once the customer purchases the license, Defender will appear in their console. They only need to log in and verify the purchase. The only other setup is configuration. Defender is a cloud-based solution, so it requires no regular maintenance. We will open a ticket if there are any significant outages or performance problems. 

Microsoft Defender is expensive. I typically recommend it only if clients have the budget. Otherwise, I would suggest an alternative. 

I rate Microsoft Defender for Office 365 an eight out of ten. Microsoft covers most security areas, and Azure has a complete infrastructure solution. If someone is willing to learn cloud security, I would prefer an Azure-based security solution.

I recommend Defender for 365 depending on a client's security needs. We need to consult with them to learn about their requirements. 

We use Defender for Office for its five core features: anti-phishing, malware, link scanning, attachment scanning, and anti-spam.

We switched from Mimecast to Defender, and it's been a massive difference. Mimecast is convoluted, obtuse, and frustrating. That's not the case for Microsoft 365. Mimecast has more false positives, and the link-scanning feature requires you to authenticate devices every time you use the solution, which is untenable if you're on your phone. It's just not possible. 

If you're trying to look up a PDF that somebody sent, and a safe link is embedded in that, Mimecast and Microsoft write it into the "send" box. However, Microsoft is much better because you are already authenticated, so you don't need to re-authenticate again. Mimecast makes you reauthenticate every time.

It gives us one admin portal to see the things we need, which has made life for my admin team easier. I estimate it saves us about an hour or two a week. It saves the clients money because my team spends fewer hours doing tasks each week. 

The most valuable feature is protection against malicious links, fishing, and impersonation. You can train people to be aware of these threats, but they're not always careful. When they're using their phones between meetings, they click on a link, and it's game over. 

Impersonation detection is also crucial because attackers are increasingly advanced. They keep changing their tactics and adapting. People are getting emails with display names that look like people from their organization. SDF records, DMARC, and all that stuff don't always work because people often ignore email addresses. We have also used the phishing simulation component. That's pretty good.

The only thing they should improve is the licensing model. They should stop changing it. A year ago, the five features I mentioned were included in one product. Now, three of them are bundled into one product, and you have to pay extra for the other two. I don't mind paying extra, but I don't want them to change it every year or every six months. I need to know what I'm looking at and not worry about it next year.

I've used Defender in production for about a year.

Defender is stable. 

The number of users isn't significant, so I'm not worried about scalability.

Deploying Defender is a two-person job. You don't have to do much to maintain it per se. You occasionally get tickets from users who expected an email that got quarantined. You need to pay attention to that. You'll get access when you get a false positive, and you need one help desk person to look into it. There's no maintenance outside of that. 

Defender is cheaper than Mimecast in the long run, so there are savings, if not a return. It's like proving a negative. We haven't been hacked, so I don't know if that's worth anything.

The price is reasonable. 

I rate Defender for Office 365 a nine out of ten. If you could find a better solution than Defender, I would take a look. I originally went with Mimecast because they seemed to have a better product, but that's no longer true. Microsoft Defender is better than Mimecast. I used Mimecast for four years before switching. It used to be better, but now it isn't. You go with the best. Diversifying it is not helpful. Microsoft is finally doing a good job doing this email protection, they didn't do well in the past, but now they are.

I use it for email security and to scan for phishing attempts. I use it for endpoint security as well and scan for any malicious activities, such as viruses, malware, or possible ransomware; to prevent any kind of malicious activity. I also use it to investigate and respond to malicious activity.

So far, it has helped with how we organize data flow within our IT department and has given us increased visibility.

The solution has also eliminated having to look at multiple dashboards. Reconnaissance, or data gathering, is very important, and the speed at which we gather data is very important when responding to a threat.

It saves me time because I don't have to go from one tool to the next, or one dashboard to the next to get similar information. Now, I just log in one time to my Azure portal and I can get everything I need from there. It also assists with email alerts because they are consolidated and very simplified. We don't have different tools sending alerts. It's just one tool sending them and they differentiate based on what is going on. That has really been awesome.

The threat intelligence also helps prepare us for potential threats before we encounter them. We see recommendations and predictions from their SIEM.

The anti-phishing component and the investigation consoles that Microsoft gives you with this product are the most valuable features. The consoles are very detailed and mostly accurate. There are fewer false positives than in other products that I've used.

It also gives me good visibility because, with Defender, I'm using a Microsoft product to defend Microsoft products. The integration was really seamless and I have wide visibility because it picks up almost everything. Literally, I can see almost every activity that happens, from the email to the workstation itself. It's a really awesome product in terms of giving me visibility into what's happening with the endpoints in my corporate environment.

On the investigation console, it shows the form of attack vectors that I may be exposed to and it prioritizes things based on the risk factor. I know what to give priority to when it comes to remediation and prevention.

In addition to Microsoft Defender for Office 365, we use Sentinel and ATP. They are all integrated. I wouldn't be the best person to speak about the integration process itself because I had huge assistance with that aspect. But I'm assuming it was not too tough because that part of the project was pretty quick. It's all license-based, so it's not that difficult.

These products work together, natively, to deliver detection and response in a coordinated way. Whatever is reflected in one of them can be seen through evidence in the other tools. For example, if there's an email threat in an attachment and it is downloaded, Defender continues to pick up the trail from there and resolves the threat.

One aspect of Sentinel that is very important is that it enables us to ingest data from our entire ecosystem. Sentinel is like having built-in AI that analyzes everything that goes on in the environment. The feedback from Sentinel is very important, so it's very important that it has 100% visibility into the environment. It helps us to make a lot of logical decisions.

Sentinel also helps us to investigate threats and respond in an integrated way from one spot. That is important because the speed at which you respond to a threat is very important. The longer you take, the harder the threat will be to dissolve. The quicker the response, the better it is when it comes to remediating the attack or undoing the damage, and keeping downtime to a minimum.

And the AI technology of Sentinel has helped to automate finding high-risk alerts. The alerts are prioritized based on the risk factor.

We recently implemented Microsoft Defender for Office 365 and have been using it for about two months.

It's pretty stable. There's nothing on-prem except for the agents. They are the only thing you have to worry about. Everything else is in the cloud, so you don't have the responsibility of downtime when it comes to security.

One area for improvement is support, in terms of being able to reach them and, especially, technical support for configuration.

Neutral

The solution could be better by simplifying the business model of their licensing. It was hard to figure out how to get the licensing done for the environment, initially. That was the only hiccup we had when we enrolled with Microsoft for security.

We tried Cybereason and SimplySecure. We also tried SentinelOne and it was really good. The reason we chose to go with Microsoft was the added features for securing our email tenant.

Sentinel is pretty cost-effective compared to other solutions because, with Microsoft, we get multiple products for a holistic, cheaper subscription price. The things we would have to purchase from different vendors are the things that Microsoft gives us all in one. Instead of paying Splunk for a SIEM, and paying Fortinet for EDR, we can have a subscription-based solution at a cheaper rate from Microsoft, which is an all-in-one solution.

They really keep up to date with the definitions and upcoming threats that are out there and are doing a pretty good job of defending us, in comparison to other products. They're really catching on. Before, I wasn't a Microsoft person, but I'm slowly getting there because these products have really assisted me of late. They have given me a lot of perspectives on security in general.

It's a good solution for enrolling all your devices. You can have Mac, Windows, and Linux in your console for security visibility. Once your alerts are configured correctly, you shouldn't be missing anything. It's really good for getting alerts to you about anything anomalous.

We mainly use it to identify software vulnerabilities. It reports all the software vulnerabilities installed in our web stations and servers.

With Defender for Office 365, we have been able to increase the security posture across our organization. Within the first month of using this product, we realized that benefit.

When it comes to software vulnerabilities, we can target them and update the software as soon as we see that there is a vulnerability. And then we can make sure that they are updated and check that the update process was successful within a different department. That has really helped us improve our productivity.

The solution saves us time because we don't have to go here and there to identify things. It's a single portal that has all the details we need. Their support is also good. These features have, again, helped us improve our productivity a lot. It saves us about 25 percent of our time.

It has also saved us money because we don't have to pay for other security products like Nessus. This solution has almost everything we got from other products, so we don't have to go for an additional solution. It's saving us about 50 percent, cost-wise.

Our time to detect threats has decreased. With products like Nessus, until their scan runs, we are not aware whether a threat is fixed or not. But with Defender, within one to two hours that information is reflected. With Nessus, sometimes we had to wait a day to see that information reflected in the portal. Because we are aware of issues earlier, we can act on them sooner.

The most valuable feature is the score. By looking at the score, you can identify if you are at risk or not.

It also gives the vulnerability status according to the versions you have selected. Let's say you have Google Chrome. It mentions the versions it has, and it updates. Within two hours of an update, it is reflected in the dashboard. That's really nice to have.

It gives me everything I need, visibility-wise. It also helps prioritize threats across our enterprise and that's very important. That means we can identify the critical vulnerabilities first and keep an eye on other vulnerabilities. By looking at the dashboard, I immediately get an idea of how critical an issue is and we can fix vulnerabilities before they result in an attack.

It has also helped eliminate looking at multiple dashboards, giving us one XDR dashboard, which has made our security operations really easy. We can also create internal tickets within the portal itself. We can assign them to people and see how long it took them to close the tickets. That makes things really easy.

In one of the reports, I can get the exact place where a vulnerable file resides. But for that, I need to explicitly go into the device and check. If they could include that file part in the report, without my having to go to the device itself, that would help.

I have been using Microsoft Defender for Office 365 for about two years.

It is stable.

There are bugs here and there, but they have been able to rectify them.

It's scalable. It discovers almost all of the workstations and servers across our organization. We have about 3,000 endpoints.

Whenever we ask a question, they provide us with a solution. I'm happy with their technical support.

Positive

We previously used Nessus. We switched mainly because of the cost and the integration. With Nessus, we had to install an agent, but with Defender, since we were already using it, we could just turn it on with the cloud portal and deploy it very easily.

I wasn't involved in the initial setup, but in terms of maintenance, we push it through Windows Update so we don't have to explicitly do any updates.

I would recommend Microsoft Defender for Office 365. 

If you already have a deployment method, like CCM or something similar, it will be easy. Even if not, there are several other deployment methods that could support any scenario.

We already had an Office subscription, so we just started a trial and we were happy with it and we went with it.

In terms of a best-of-breed strategy rather than a single vendor security suite, a single vendor security suite is good when it comes to deployment and manageability. It's easy.