Try our new research platform with insights from 80,000+ expert users

Microsoft Defender for Office 365 Room for Improvement

CB
Senior Director, Security Architecture & Engineering at a leisure / travel company with 10,001+ employees

In the areas of improvement for Microsoft Defender for Office 365, the console is the biggest challenge for me. There is a different console for different things; I just want one consolidated console.

View full review »
GS
Designation Chief Consultant at Avtow

Specifically, within Microsoft Defender for Office 365, I want it to improve the DLP capabilities.

View full review »
AR
Deputy Manager at Punchpower dream

Microsoft Defender for Office 365's Mac functionality requires improvement to deliver the same level of protection found on Windows devices.

View full review »
Buyer's Guide
Microsoft Defender for Office 365
June 2025
Learn what your peers think about Microsoft Defender for Office 365. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,390 professionals have used our research since 2012.
reviewer2700627 - PeerSpot reviewer
Chief Architect at a tech vendor with 1,001-5,000 employees

We still see many false positives from time to time with Microsoft Defender for Office 365, so it would be good if we can reduce those false positives and provide better workflows for our end users, as sometimes they may not know what to do when they encounter a false positive. Those kinds of workflows will help make it easier to use.

View full review »
JP
Technology support manager at Alfred State College

I am generally satisfied with how it currently is. If I could improve anything, I would reduce the cost. 

View full review »
RZ
Cloud Security Specialist at a tech services company with 1-10 employees

Microsoft Defender for Cloud Apps is a very good solution that allows you to use a single port or tool to control everything happening with your organization's different cloud applications.

Configuring the default strategies and policies in Microsoft Defender for Cloud Apps generates a lot of noise and false positives. Also, the documentation does not have many details about that. The bad configuration and lack of good documentation prevent professionals from taking the most advantage of this tool.

One of the big problems that some customers face is that Microsoft always changes its products' names. For example, four to six months ago, Microsoft Defender for Office 365 was renamed Microsoft Defender XDR. Microsoft comes up with a new name for the tool every one or two years, which sometimes is hard for customers to follow.

Microsoft should improve some integrations in the Microsoft Defender for Cloud Apps sub-category. With a specific configuration to Microsoft Defender for Endpoint, we can get logs and insights from network devices and other workloads on our system.

View full review »
reviewer1308627 - PeerSpot reviewer
Engineer at a healthcare company with 10,001+ employees

Microsoft needs to broaden its global support presence by establishing teams of subject-matter experts in all regions.

View full review »
Tolu Omolaja - PeerSpot reviewer
Head of Department of Network Communications at Eko electricity

Microsoft Defender for Office 365 should be more proactive. As a major global player, Microsoft possesses the platform to gather more information than any other company. Utilizing this information would enable them to make the system much more proactive. It would be sensible for Microsoft Defender for Office 365 to send occasional notifications, acting as advisories on how to prevent the latest threat trends. Similar to a newsletter, these notifications could guide users to take appropriate measures and review their organization's configurations, thereby ensuring maximum security.

View full review »
Luis-Brown - PeerSpot reviewer
IT Director at a energy/utilities company with 11-50 employees

Microsoft Defender for Office 365 lacks proactivity in assisting us with preparing for potential threats before they occur. While they employ a substantial amount of threat intelligence to preemptively prevent incidents, their effectiveness diminishes when it comes to delivering proactive threat intelligence alerts from Microsoft. Their focus primarily revolves around managing the internal environment. On the other hand, my other vendor, Check Point, along with my membership in MS-ISAC, supplements me with this type of information. 

The phishing and spam filters could use some improvement. It is adequate, but it doesn't match the quality of Proofpoint or Mimecast. However, it comes close in effectiveness. Plus, if we're obtaining it for free, investing in the other products seems impractical.

View full review »
Vikas Ingle - PeerSpot reviewer
Infrastructure and Security Lead at Vedanta
The main area for improvement is simplifying the implementation and rollout process. There are many conditions to be met, making it challenging to ensure every system is protected. Troubleshooting is difficult, especially at the endpoint level. View full review »
NaySan @ Suraj Verma - PeerSpot reviewer
Solution Consultant at BIM Group of Companies
Microsoft could improve by offering recommendations for domain spoofing attacks, especially scenarios where DNS records like SPF, DKIM, and DMARC are not properly published. It's essential to enhance awareness about these issues within organizations. View full review »
reviewer2104224 - PeerSpot reviewer
Solution Consultant Information Security at Ixtel

Microsoft Defender for Office 365 is a comprehensive security solution, but it could be improved. Compared to other solutions, Microsoft Defender for Office 365's security reports are not as detailed and the visibility into our network coverage could be better.

The IOC scanning has room for improvement.

The XDR dashboard has room for improvement. The dashboard needs more of a single pane of glass because currently, Microsoft Defender for Office 365 does not give me any options to scan an email thread or attachment for IOCs on my endpoint. I need to manually download the file from the email and then scan it with Microsoft Defender for Office 365. I think Microsoft Defender for Office 365 should be able to scan email threads and attachments directly, without the need for manual intervention.

Secondly, the Data Loss Prevention functionality in Microsoft Defender for Office 365 is very limited. It can only scan for certain types of data. Microsoft Defender for Office 365 should be able to scan for a wider variety of data types, such as customer lists and intellectual property.

Attack process management and breach attack simulation should be included in Microsoft Defender for Office 365.

View full review »
Jamie LeClair - PeerSpot reviewer
IT Collaboration Services Manager at Dow

It seems like Microsoft has begun to roll out products before they are fully baked. Microsoft wants its well-paying customers to finish testing some of its half-baked products, find bugs, and report bugs back to Microsoft's team, which is a little frustrating for those who have to manage it and roll it up to thousands of people across the organization. I would say that Microsoft should release or launch better or fully baked products before going ahead with the GA phase.

View full review »
Wing Cheng - PeerSpot reviewer
Supervisor, Information Technology at Hung Hing Printing Group Ltd

Sometimes, phishing emails manage to pass through the filter, so the system needs to enhance its phishing email detection capabilities. We also need alerting features for abnormal actions like unusual logins or abnormal activities in the mailbox.

View full review »
MQ
Information Technology Specialist at a pharma/biotech company with 1,001-5,000 employees

The GUI is sometimes slow to fetch the device report and could be improved.

It would be great if Microsoft Defender for Office 365 were priced at the tenant level, rather than the user level. This is because the feature is used by all users in the tenant, not just individual users.

View full review »
Nagendra Nekkala. - PeerSpot reviewer
Senior Manager ICT & at Bangalore International Airport Limited

You should be able to deploy Defender for every subscription without the need to add servers. 

View full review »
PK
Architect at BRF

Configuration at the mid-level could be improved for the support team.

View full review »
Reynaldo Ruiz Flores - PeerSpot reviewer
Self Employed, Freelance, Consultor, Sales - Learning Time at SpectralByte

The certification training for Defender for 365 needs to be deeper and incorporate Sentinel. I took all the security courses except one, and Sentinel isn't included. 

View full review »
reviewer2595123 - PeerSpot reviewer
Pre-Sales Product Specialist at a tech services company with 1,001-5,000 employees

The changes to customer service, specifically the new model for support agreements, are not favorable. We have to pay $600 for every instance, making it too expensive. We might need to look at other support options.

View full review »
Sachin Vinay - PeerSpot reviewer
Assistant Manager-Networks at Amrita

The advanced threat protection requires awareness and knowledge from administrators. Microsoft should provide more documentation for users so they can self-educate. I would like to see more documentation for advanced security features.

View full review »
Vinutha Madi - PeerSpot reviewer
Information Security Analyst at a tech services company with 51-200 employees

Microsoft sometimes has downtime, and we'll get several incidents coming back-to-back. We have a huge backlog of notifications, many of which may be false positives. However, there might be serious alerts, so we can't risk dismissing all of them at once.

A few days ago, we had an issue where everything that came into the user's mailbox was flagged. We got hundreds of notifications. It was problematic for us, but the investigation was easy. 

View full review »
Kishan Kishto - PeerSpot reviewer
Systems Administrator at Kishto Technologies

Microsoft Defender for Office 365 should improve the troubleshooting tools. It's unclear whether the device is blocked at the firewall level or at the device itself. The granularity needed for troubleshooting is currently lacking.

From my perspective, Microsoft should address this issue to benefit many users who likely share the same sentiment.

View full review »
HariOmKanth MS - PeerSpot reviewer
DevSecOps Engineer at a tech services company with 11-50 employees

Several simulation options are available within 365, and the phishing simulation could be better.

I want to see improvements that will make the tool easier to operate. 

View full review »
reviewer2315811 - PeerSpot reviewer
Security analyst at a educational organization with 1,001-5,000 employees

There's room for improvement regarding the time frame for retrieving emails. Currently, the limitation allows users to go back only thirty days when pulling emails or conducting related actions. Enhancing this capability to extend the timeframe, perhaps to sixty or ninety days, would be beneficial.

View full review »
Chris-Atkinson - PeerSpot reviewer
Sales Director for Academic, Medical, Corporate and Government markets at a tech services company with 1,001-5,000 employees

The product must provide better malware detection. The detection algorithms don't perform the way I hope they would.

View full review »
Rajitha Jayasekera - PeerSpot reviewer
Associate Tech Lead at a computer software company with 51-200 employees

In one of the reports, I can get the exact place where a vulnerable file resides. But for that, I need to explicitly go into the device and check. If they could include that file part in the report, without my having to go to the device itself, that would help.

View full review »
Gordon McGowan - PeerSpot reviewer
Deputy Chief Information Officer at County of Montgomery, PA

Microsoft Defender for Office 365 must improve the overall management style, including the GUI. It also needs to change the filters so that it is easy to whitelist and blacklist data. 

View full review »
reviewer2153502 - PeerSpot reviewer
Lead Technical Consultant at a tech vendor with 1,001-5,000 employees

Microsoft's security solutions work as expected. They are constantly updating the solutions to make them better. At the same time, the changes can impact a customer's environment, and we need to adjust settings. Sometimes we aren't aware of the changes, and nothing is pushed from the backend automatically. 

View full review »
reviewer2019894 - PeerSpot reviewer
Vice President at a computer software company with 11-50 employees

The only thing they should improve is the licensing model. They should stop changing it. A year ago, the five features I mentioned were included in one product. Now, three of them are bundled into one product, and you have to pay extra for the other two. I don't mind paying extra, but I don't want them to change it every year or every six months. I need to know what I'm looking at and not worry about it next year.

View full review »
OK
Cloud solution engineer at a computer software company with 51-200 employees

They have moved features from one console to another. Things have been moved around in the interface and it takes me time to find where certain features are. 

View full review »
Sandor Nilsson - PeerSpot reviewer
Project Leader and IT Transition Manager at Data Communication & Software i Grondal Aktiebolag

What I don't like about Microsoft Defender for Office 365 is that many of the features should be default. They should be included, not optional, like other vendors provide.

View full review »
Giovanni Emerenciano - PeerSpot reviewer
IT Manager at a manufacturing company with 51-200 employees

About eight months ago, we started to measure the quantity of phishing and spam that we have been receiving, and it has been increasing a lot. That means that protection for our email is not as good as we were expecting.

Now that we have more visibility into threats, our orientation is to have a more top-market solution to give us more visibility and easier ways to respond to the threats that we find and also to identify threats better.

It is not really straightforward to get a lot of information from Microsoft Defender, so we have had to use Microsoft Graph to create some custom views to export custom information.

View full review »
reviewer1463265 - PeerSpot reviewer
Solutions Architect at a computer software company with 1,001-5,000 employees

One area for improvement is integration. For example, when it comes to external SaaS platforms, we were not able to get a lot of information on integrations with such apps for security and authentication. The awareness of ecosystem information that is provided needs to be better.

View full review »
supervis809292 - PeerSpot reviewer
Supervisor of IT Infrastructure & Cybersecurity at a comms service provider with 51-200 employees

This is not really a defined product. You have to go to a lot of different places to enable things so it would be nice if you could go to one tab that says 365 Defender for Office 365 or something similar. You would be able to make all the settings and changes there, rather than having to go to lots of different places in the admin center to get it configured.

Configuring Defender for Office 365 is not as easy as I would like but with some research and patience, you can tweak the solution to meet your needs. There are some pretty good articles online that assist in setting up Defender for Office 365 to meet your needs.

Creating a path for your Security Awareness Training (SAT) phishing tests to go around the Defender filtering is way too complex for our current solution KnowBe4. But I learned that is a KnowBe4 limitation. Phin SAT has a much easier method of injecting test phishing emails that do not require such acrobatics to configure.

View full review »
reviewer1783893 - PeerSpot reviewer
Co-Founder with 11-50 employees

The pre-sales cost calculations could be more transparent. 

View full review »
reviewer1547532 - PeerSpot reviewer
Technical Support Specialist

The solution provides us with visibility into threats; however, there is room for improvement in the threat visibility, as it could be more granular, refined, and detailed.

The UI needs to be more user-friendly. Some of the dashboard views are hard to follow and make the reporting complicated.

View full review »
BO
Corporate IT Infrastructure Manager at United Test and Assembly Center Ltd.

The visibility for the weaknesses in the system and unauthorized access can be improved.

Its price should be improved. Its cost is a major concern for us.

View full review »
VR
IT Manager at SSEL

The custom alerts have to improve a lot. Though the system is very good, we have to go and check inside the admin panel to look at all kinds of reports. We won't get any mail alerts that highlight for us, for example, "today this many of spam attacks have happened". Or "these many emails have been blocked." We have to manually go into the admin panel and have to check it out. It would be nice if there are custom email notifications/alerts.

Right now, there are additional features such as mobile device management and data loss prevention, or eDiscovery (where the admin scans through the inboxes and see all your mail and notes any deviation) that are only currently available under the E5 license. You can't get these services as part of a base plan. In the future, it would be nice if they were added as part of the base plan as well.  

View full review »
reviewer1030527 - PeerSpot reviewer
Chief Information Security Officer at a outsourcing company with 10,001+ employees

I'd like to see fewer false positives and potentially have an accurate capability to detect malicious SharePoint sites. There could also be an improvement in some of the features related to training. In a phishing test campaign, for example, it should be more user-friendly and include the capability to evaluate and assess users' understanding of the content provided. 

View full review »
reviewer1501215 - PeerSpot reviewer
Principal Consultant at a tech services company with 201-500 employees

There needs to be an improvement in having the product work across multiple operating systems and have better support for non-Microsoft file types.

Defender for Office 365 handles the Microsoft supported file types, but MIP is limited. This solution does what it needs to do, but it does not go to the depth of if it was working with MIP, a holistic information protection system. It does not support all the file types an organization might use. For example, AutoCAD B1 for manufacturing or defence-oriented companies, they have to add a third-party add-on, or you would have to create the extensibility.

In an upcoming release, there should be business continuity features added. Proofpoint solution addresses what happens if you have an outage. If your tenant or your SaaS application is not available, there is no continuity right now with this solution. 

View full review »
BA
Sales Account Manager at a tech services company with 51-200 employees

They can improve their security in a way where a customer can know if all their attachments are safe or not to open through a report. The solution does its job perfectly, but it never reports to the customer whether those attachments have been stopped before or not.

View full review »
reviewer1753173 - PeerSpot reviewer
Deputy Chief SAP BASIS Administrator at a comms service provider with 201-500 employees

I was looking for some advanced features, like if I would receive an email that contains a legitimate file type, but the content is malicious, how I can protect against that? Normally, we are dealing with so many phishing and spam emails. I'd like some additional features any product can give me to protect our environment in a better way. 

There is always a chance to continue to improve the product in some way.

View full review »
OK
Consultant at a tech services company with 1,001-5,000 employees

This product's effectiveness could be improved, in terms of detecting unwanted spam or even malware between the emails, compared to other products. 

View full review »
OR
General Manager IT at a logistics company with 10,001+ employees

In some situations, it has not been able to pick impersonated emails having no attachments. Technical support definitely has a scope for improvement.

View full review »
reviewer1388559 - PeerSpot reviewer
Information Technology Manager at a performing arts with 51-200 employees

We are waiting for better software to block viruses. The feedback that we receive is that it is weaker when compared with other products such as Cisco and Palo Alto.

The only concern that we have is that this product is user-based, but we have requirements to run separate PCs or servers that are not on the same subscription. We need a separate license and we don't know how to get the license that is required.

We also wonder if it can prevent attacks from new types of viruses such as Widefire.

View full review »
reviewer1378728 - PeerSpot reviewer
Cybersecurity and Business Continuity Consultant at a tech services company with 201-500 employees

Microsoft Defender for Office 365 could improve by giving customers information on techniques to prevent threats. For example, information about best practices on how to protect their own devices against hackers and scammers, such as educational information or training. This would help others have a better understanding of cyber security. Additionally, there can be more security features added.

View full review »
reviewer1783893 - PeerSpot reviewer
Co-Founder with 11-50 employees

We are always looking for others tools to increase automation on tasks. There can be better integration with other solutions, such as PowerPoint and email.

View full review »
reviewer1343688 - PeerSpot reviewer
Senior Network Analyst at a financial services firm with 1,001-5,000 employees

It would be better if it were more scalable. It depends on the architecture, but we would like to make it more scalable for both data centers. 

View full review »
reviewer2315748 - PeerSpot reviewer
IT Specialist at a government with 51-200 employees

We need to be able to whitelist data at the backend. 

View full review »
reviewer1272933 - PeerSpot reviewer
Cloud Services Director at a tech services company with 11-50 employees

There is room for improvement in terms of reporting. There could be more features around it.

View full review »
Buyer's Guide
Microsoft Defender for Office 365
June 2025
Learn what your peers think about Microsoft Defender for Office 365. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,390 professionals have used our research since 2012.