Microsoft Defender for Office 365 Reviews

We use Microsoft Defender for Office 365 for email security. We are partners of Microsoft and I'm the company's chief operation security officer. 

The deployment capability is a great feature. We're able to activate this feature throughout France with a click.

I'd like to see fewer false positives and potentially have an accurate capability to detect malicious SharePoint sites. There could also be an improvement in some of the features related to training. In a phishing test campaign, for example, it should be more user-friendly and include the capability to evaluate and assess users' understanding of the content provided. 

I've been using this solution for several years. 

The customer support could be more advanced at the technical level and more responsive. There should also be more communication on updates.

We previously had some reinforced email security features with Microsoft; this is just an improvement on what we had.

This is quite an expensive solution and understanding the pricing model and features is quite complicated and it can, in fact, be a nightmare when dealing with Microsoft.

We reviewed several on-premise solutions such as Forcepoint that could be integrated with other components within our infrastructure. The reason we didn't go with them is that we have to respond quickly to threats and at an international level. Given the complexity of our situation in terms of architecture, we decided to go with a ready-to-use solution.

We haven't had a review recently, so I can't say that this is the best solution on the market. Things are evolving all the time with new features constantly being added to all solutions. For now, I would rate this solution seven out of 10. 

This solution is a mixed product. It can be used for email security and for information protection which is basically data loss prevention. Many people do this type of setup for DLP, but it is under Microsoft's naming convention, they call it Microsoft Information Protection(MIP).

It definitely is a must for email protection and O365 app DLP.  Combined with Microsoft Defender for Endpoint, Microsoft Defender for Identity, and MCAS, it provides a holistic solution for threat protection, email protection, O365 apps protection, and DLP for both internal and external risks.

Some of the valuable features on the email side are anti-phishing, anti-malware, and Safe Links. Anything that has the word "safe" in it is essentially made to defend against the common email vulnerabilities that you would see in similar products. Without these features, it does not have nearly the capabilities. 

On the information protection side, the best features are probably the data loss prevention policies that cover the whole suite of Office 365 applications. I will explain it a little more, from an information protection standpoint, Defender for Office 365, does strictly apply to the Office apps, but that is where it can get confusing because it can do more. It works with MIP, and MIP can be part of a SKU in the M365, particularly the E5 SKU or equivalent. It can protect and prevent data loss of data wherever it operates. It does not matter where it operates, it can be in a different cloud service, on-premises, in Office, a SaaS application, or even It could be your own applications that you have developed. Defender for Office 365 helps with the loss prevention for Office 365 applications.

There needs to be an improvement in having the product work across multiple operating systems and have better support for non-Microsoft file types.

Defender for Office 365 handles the Microsoft supported file types, but MIP is limited. This solution does what it needs to do, but it does not go to the depth of if it was working with MIP, a holistic information protection system. It does not support all the file types an organization might use. For example, AutoCAD B1 for manufacturing or defence-oriented companies, they have to add a third-party add-on, or you would have to create the extensibility.

In an upcoming release, there should be business continuity features added. Proofpoint solution addresses what happens if you have an outage. If your tenant or your SaaS application is not available, there is no continuity right now with this solution. 

I have been using the solution for approximately 6 months.

Generally, it is stable with a good SLA.  Still there can be outages in either O365 or Azure AD but they are rare.  That is where Proofpoint adds a BC/DR feature that is lacking with O365 Exchange Online.

It is a scalable solution. We have deployed it to several hundred thousand people, and it scaled fine. There are different considerations that need to be made before the solution can scale properly. For example, If I am in a hybrid environment, my connection to the cloud is 100 MB, and I have got 100,000 users, that connection bandwidth is not going to work. As long as people know that there are certain adjustments that are needed to scale, then it will scale properly.

Another example, if it is a Multi-GEO spread across the globe, you are only as good as your network backbone or what you pay for your network backbone, this is the case in many clouds. If you are using a hybrid setup, it is the same situation, you need to figure out how to regionalize things and then have adequate bandwidth. There are techniques to use that makes sure you are using the shortest path to the cloud from each region. If you do not pay attention to all of these considerations when attempting to scale the product you are not going to have a good experience.

Microsoft does a very good job of having information available for customers such as documentation and online videos. The problem is wading into every consideration that you have to have, such as, is the network sufficient, or evaluating the different setup scenario types where it could get really complicated. For example, having a Multi-GEO setup, what is the impact of a network on the performance. There are scenarios where it can get difficult, where a company acquires another company and they both are in separate Active Directory force and a lot of them at times, they do not know the order of how to do things. The complication of supported models between how you do identity and some of them do not even know how to do enterprise architecture or the difference between enterprise architecture and solution architecture. You could run into best practices not being followed and have to re-engineer everything, I have run into all kinds of scenarios.

Generally, the only problem with the documentation is it is hard for people to put all the information together, there can be a lot of information. Microsoft support is only as good as their documentation, and their documentation is currently behind. Since Ignite 2020, all the announcements came out of that and the documentation still has not caught up. We are now at Ignite 2021. 

A lot of these technical support agents just read a script. However, it depends on which level you are talking about. If you get entry-level support and then you are moving up the ladder, it could take time to get the information you are seeking for a resolution. If you get the right support person then you are good, but if not then you could be going around in circles for a while before you are able to resolve your issue.

At GuidePoint Security we are paid consultant therefore work within the requirements of customers.  Some customers understand the holistic Microsoft XDR and information protection solutions and how they integrate together to send signals to a SIEM/SOAR product for incident discovery and remediation.  Others use a mixed bag of products from CrowdStrike, Symantec, etc. on endpoints, may use a third-party CASB product i.e. Netskope which combined with Netskope's Secure Web Proxy forms their SASE solution.

The installation can be easy in SMB but there can be some difficult challenges in large enterprises.  Typically it is companies going through mergers, etc.

Full deployment can have challenges, but it is all depending on your organization's usage. For example, organizations that have to be in the government cloud and where they have both US and non-US citizens. In the government cloud, friendly nations can participate in the government cloud and there are some that definitely cannot. There could be many that cannot be allowed. For example, If there were two that could not be allowed, those two clouds have to be separated completely. They cannot communicate with each other whatsoever. That is a little bit of a problem for some organizations. What if I have a subsidiary in Australia that says, "No, I do not want to be in the government cloud." how are you going to handle the fact that all your US subsidiaries have agreed to go into the government cloud and the Australian one is sitting out saying "no". You then now have to treat these separately like they are two separate organizations.

We have received a good return on investment with this solution, it does what it is supposed to do. Particularly from the email and information protection perspective, it does a very good job, but it could be better.

Microsoft licensing should include Microsoft Defender for O365 in their E3 and E5 licenses.  Currently it is all or nothing unless you purchase an add-on which we advise enterprise customers to do.

I have evaluated Proofpoint in the past which has continuity features that this solution is lacking.

The solution is really good, but not perfect, nothing is. They have done a very good job, they just have a little ways to go. The way their documentation is constructed, connecting the dots holistically is something people find hard and that is the reason they call people like me because I know how to connect the dots.

I rate Microsoft Defender for Office 365 a nine out of ten.

Microsoft Defender for Office 365 was a product called Advanced Threat Protection(ATP) in the beginning and it was changed. Microsoft Defender for Office 365 is an email security. Our customers should know that it is only email security and not a full security feature solution. It is for checking the attachments of emails, and it will move them on if they are secure, and if they are not secure it will not move them forward.

The solution is very easy to use. All you have to do is to assign the license to the end-user and it's done. The customer will only have the feature activated, and the solution will monitor the emails to determine if they are a threat or not.

They can improve their security in a way where a customer can know if all their attachments are safe or not to open through a report. The solution does its job perfectly, but it never reports to the customer whether those attachments have been stopped before or not.

I have been using Microsoft Defender for Office 365

Microsoft Defender for Office 365 has been scalable.

The implementation is simple, once you have the license you assign it to the end-user.

We have seen a return on investment because if we would have received a phishing email, Microsoft Defender for Office 365 would help out to detect the threat instead of crashing down the whole company. The solution keeps emails protected with high security benefiting the company, whether it's an inbound or outbound email.

Microsoft Defender for Office 365 is an add-on to the Office license. Many customers are purchasing this solution.

I would advise every customer who requires email security to purchase Microsoft Defender for Office 365.

I rate Microsoft Defender for Office 365 a ten out of ten.

We are using Defender to protect different kinds of attachments, emails, and safe links, and things like that.

The basic features are okay and I'm satisfied with the Defender.

The initial setup is pretty simple. It's easy to configure.

Microsoft products are always easy to use.

The solution has been stable and reliable. 

I was looking for some advanced features, like if I would receive an email that contains a legitimate file type, but the content is malicious, how I can protect against that? Normally, we are dealing with so many phishing and spam emails. I'd like some additional features any product can give me to protect our environment in a better way. 

There is always a chance to continue to improve the product in some way.

We've been using the solution since 2015. It's been a few years now. 

Microsoft so far and been good. We haven't faced any kind of disruption or anything else. It's a good product and good platform, I must say. Overall, it's a good product and good service and we haven't dealt with bugs or glitches.

It's scalable. It's software as a service, so it's always scalable. You have to just purchase the additional licenses and you can increase your database. It's nothing that would be considered too difficult.

They offer different kinds of support levels. If you have the Premier Support contract with Microsoft you're good. If you have purchased a good support level agreement with Microsoft, then their support is very fantastic. We never faced any kind of issue. The engineer is always available when we create the ticket and the support is good. Due to the fact that we are a big organization, we have a support level agreement with the Microsoft.

Earlier, we were using the on-prem solution of Exchange, then we migrated to the cloud, so we cannot just compare the feature set and the price of Defender with any other security software, email security software.

The initial implementation is not very difficult. Microsoft products are always very easy to configure and use. It's not a big deal. It's the philosophy of Microsoft to make it easy for the users. That's why they always attract the users and users happily migrate to them as compared to using any other product or any other service.

I haven't actually evaluated the cost against other products. For example, it's bundled with the licenses that we have procured, so everything is included in that. We haven't purchased the Defender separately. 

We cannot just say that it's a product which is costly as compared to the other products available in the market or not, as it's a bundled offer. We can calculate the price of one license or an Office 365 license with any other cloud service partner's license cost, however, we cannot just compare the price of any specific feature with the services available in the market.

We are not using any other product, so we are not actually in a position to compare it with other security products.

While the deployment is a hybrid model, we have migrated all the mailboxes to Office 365. We are completely running the services from the cloud.

I'd rate the solution at a seven out of ten. there's always room for improvement. 

It's a bundled offer. When we procured the licenses of Office 365, it came up under those licenses. We are not using any other product, so I cannot say or I'm not in a position to say that any other product is good or Defender is not good, as I am not using any other product. 

Our primary use case of Defender is to protect customers' emails. We use this solution for the servers being hosted on Azure. We use it mostly for the emails of Office 365 users, to secure their emails. Some customers already have other email security, complementing Office 365, but smaller customers prefer using a single solution to protect their emails. 

This solution is cloud-based. 

The most valuable feature is the integration. It's a single console, so we don't have to switch around between multiple products. Another valuable feature is the ease of operations and maintenance. 

This product's effectiveness could be improved, in terms of detecting unwanted spam or even malware between the emails, compared to other products. 

We have been using this solution for almost a year, just in 2021. 

The technical support's response is very good. If you have Premier Support, they can respond within 15 minutes. In terms of their technical team, it's very good as well. 

The installation is a key feature, since it's a single product within Microsoft. It's integrated with Office 365, so it's very easy to install. You only need one person for deployment and maintenance—the administrator, which is usually either from the security team or email administrator team. 

We implemented this solution ourselves. 

For licensing, it's usually a yearly package for customers who are subscribed to Office 365, but they can also pay on a monthly basis. 

Some of our customers have IronPort or Trend Micro and prefer to use these solutions, complementing Office 365. 

I rate Defender a seven out of ten because it's easy to operate and maintain, but it could be improved by spam and phishing detection. 

Safe attachments, safe links, policies, and the ability to protect from zero-day threats are the most valuable features.

In some situations, it has not been able to pick impersonated emails having no attachments. Technical support definitely has a scope for improvement.

I have been using this solution for the last one year. I have its latest version.

It is stable. We didn't find any issues with that.

It is highly scalable. We have deployed for around 7,000 accounts.  Performance is not impacted.

Their technical support can definitely be improved. They can avoid using templatized response.

We had basic Exchange Online Protection. 

It was easy to configure and with one/two skilled the ongoing maintenance can be handled. 

It has a simple interface to configure and manage. From the pricing point of view, like any other product in the market, there is scope for negotiation. 

Before we chose to settle with this product, we experimented with Cisco, Forcepoint, etc.

I would advise others to do a proof of concept for at least a month before taking a decision.

I would rate Microsoft Defender for Office 365 a eight out of ten.

We are using it with Laptops that go directly to the end-user. We used the Defender because it was already there.

The good part is that you don't have to configure it, which is very convenient.

We are waiting for better software to block viruses. The feedback that we receive is that it is weaker when compared with other products such as Cisco and Palo Alto.

The only concern that we have is that this product is user-based, but we have requirements to run separate PCs or servers that are not on the same subscription. We need a separate license and we don't know how to get the license that is required.

We also wonder if it can prevent attacks from new types of viruses such as Widefire.

We started using Microsoft Defender for Office 365 after the pandemic started. 

Technical support is very good. They are knowledgeable and respond quickly. 

We have had other issues with Word, but we have not had any issues with the Defender product.

Previously, we used Symantec Endpoint Protection. They seemed to have some sort of software issue where you couldn't renew your license.

The initial setup was quite straightforward. There was nothing complex for both IT and the user.

There is no installation, you just enable it on the cloud to have it work automatically.

It's very convenient for remote support or remote installation.

It's a user-base subscription.

Licensing is on a monthly basis. It's part of Office 365, so you really can't tell how much it costs. It's part of the bundle.

It's difficult to compare prices with other companies.

I feel Defender is a product that is good enough, especially for small to medium-size businesses.

I would rate this solution an eight out of ten.

We are using Microsoft Defender for Office 365 to defend against computer threats.

The most valuable feature of Microsoft Defender for Office 365 is the ease of use.

Microsoft Defender for Office 365 could improve by giving customers information on techniques to prevent threats. For example, information about best practices on how to protect their own devices against hackers and scammers, such as educational information or training. This would help others have a better understanding of cyber security. Additionally, there can be more security features added.

I have been using Microsoft Defender for Office 365 for approximately five years.

Microsoft Defender for Office 365 is a stable solution.

The solution is scalable in my usage.

I have not used the technical support from Microsoft. I managed to fix any issues I had myself.

The implementation is simple and Microsoft Defender for Office 365 because it comes with Microsoft Windows, works as soon as the computer is on. 

Microsoft Defender for Office 365 comes with Microsoft Windows. It is free with the operating system.

I rate Microsoft Defender for Office 365 a seven out of ten.