Microsoft Defender Threat Intelligence Reviews

From a threat intelligence perspective, we use Microsoft Defender in conjunction with Azure and the cloud for our cloud-based customers. It helps us defend against various types of malicious code, whether it's through email inbounds or uploaded through USB sticks. It offers a wide range of capabilities.

Microsoft Defender is delivered in different components. One of them is the Microsoft community, where they share information about discovered malicious code, and remediation is promptly provided. This collaborative approach ensures that threats found in one country can be quickly addressed in other countries.

The global review and remediation of malicious code is probably the most valuable feature.

It's difficult to provide direct feedback to Microsoft, even as a Microsoft partner. However, the community out there supports and assists each other if that helps.

Microsoft itself is a major target for attacks and threats due to its size and popularity. That could be considered Microsoft's Achilles heel. Being the largest technology provider attracts significant threats. Microsoft is constantly fighting against threat actors trying to breach its technology. So by being the biggest, you attract the biggest threats.

I believe Microsoft could play more nicely with other IT security vendors. Currently, if you want your technology to integrate with Microsoft, you have to go through an extensive testing program to ensure compatibility with Azure. So, even the partnership program could be more efficient, allowing for smoother integration.

I've been working with it since its inception. I've been involved in IT security for over thirty years, so I've seen it evolve.

If I were to rate the stability, I would say it's around an eight. However, there are occasional outages in Microsoft 365. So, stability can vary depending on the region, and there are instances of outages.

I would give it an eight, without a doubt. It's highly scalable. Microsoft Defender can fulfill the needs of both small businesses and enterprise businesses effectively.

Directly contacting Microsoft can be quite challenging. However, there is a community platform where users can find resolutions to specific issues. Microsoft also has an extensive patching program, and Microsoft releases updates to its solutions on the first Tuesday of every month.

Positive

Microsoft Defender is comprehensive. It covers areas such as email security, local firewall, and anti-malware. It's a comprehensive solution with different components within Defender. It also supports the operating system, Windows 11. 

It's not limited to a single function. Defender encompasses various security aspects, like email security, local firewall, and anti-malware. Moreover, it's designed to work seamlessly with Windows 11.

On a scale of one to ten, where one is the most difficult and ten is the easiest, I would say it's around a seven or eight. No software is perfect, including Microsoft.

Most organizations are moving to the cloud now, so the majority of deployments are in the cloud. However, we don't provide extensive support for that. The deployment depends on how the customer wants to set it up. A lot of it is in the private cloud, but it is essentially in public areas. It's a combination of both.

The deployment process can vary, but on average, it can take anywhere from two to twenty-four hours, depending on the tenant and whether it's a single or multiple tenancy setup. So, it depends on the specific circumstances.

Considering Microsoft is constantly changing licensing, I would give it a seven out of ten. It can be difficult to get your head around it, especially for small to medium-sized enterprises (SMEs) like most of my clients. We typically deal with E3 licensing rather than the larger corporate E5 licensing.

So, the pricing is subject to changes, and it can be complex, especially for SMEs. It's traditionally based on E3 licensing for our clients.

I wouldn't always advise my clients to exclusively rely on Microsoft products. However, they should derive maximum benefits from the licensing they pay for. For example, you can't simply purchase Defender on its own because it's bundled with the operating system. So, that question loses some relevance since you already have it regardless of choice. So, the value of Defender is already included with the operating system, and users don't have the option to choose whether to have it or not.

However, you can explore other solutions to enhance the security of Windows 11 or Windows 10, such as cloud-based options. But I would suggest making the most out of Defender. If you encounter any limitations, then you can consider other technologies to fill those gaps. So, it's about maximizing the potential of Defender and, if necessary, supplementing it with additional technologies.

You have the option to bolster the security of your Windows system with other solutions if needed, but Defender should be your primary focus.

Overall, I would rate it an eight out of ten because it is bundled with Windows OS. However, it doesn't cover all threats, and it remains a target for threat actors. So, depending on your business needs and the specific areas where Defender falls short in delivering effective security, you may need to supplement it with other technologies to strengthen your overall security position.

The solution is one suite covering everything from email protection to threat intelligence and vulnerability scanning. Microsoft keeps adding more features to the tool, and through one interface, you can see the whole attack path, the assets involved, and the users involved. It's a very good product if you're using mainly Microsoft products. Most of our machines are Microsoft Windows and Microsoft Windows servers.

I would like to see more frequent updates, which is always better for security because of daily threats.

Since it's cloud-based, the tool is mostly available. If an on-premises solution goes down, it only affects a few people, but if a cloud solution is down, it affects most customers. So, Microsoft is investing a lot in the stability and resilience of the solution. Microsoft Defender Threat Intelligence is a very stable solution.

Microsoft Defender Threat Intelligence is a scalable solution. You just keep installing agents on the extra new machines in your network, and it automatically starts working. Around 100 users are using the solution in our organization.

We have a support structure not directly with Microsoft but with one local vendor who has partnered with Microsoft. Their knowledge base, information, and training are all very good.

I have previously worked with Sophos.

The solution's initial setup is straightforward.

On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a six or seven out of ten.

Since the solution is more linked with Microsoft products, it gives you notifications of vulnerabilities, threats, or attacks happening currently. It flags them, and you can break them down to learn which asset or process started it. You can configure the product to report the same situation or similar alerts as false positives and not flag them. They are part of the business application

You can apply these rules to all the machines in the network because you would have similar users on other machines doing the same thing. If you see a threat or suspicious action, you can configure the tool to block the whole thing and apply the same rule on all the machines.

Microsoft is the market leader, and it's already innovating, adding more features, and integrating everything with its other products. The solution provides value for money. Microsoft had a different version for small licenses and introduced a new licensing structure so that small companies could have additional features at less cost. Otherwise, they would have to buy a really expensive license for big organizations.

Microsoft brought additional features into a small license for small and medium businesses. Microsoft keeps adding value to its products.

With Microsoft Defender Threat Intelligence, you have one product and one console to see everything. You don't have to buy multiple products to look at different security aspects. Microsoft keeps adding features to the product that are more than enough to monitor your entire suite.

Users have to learn the product and get free training and certification. It's always better to have training provided by the vendor. Very few market leaders invest in providing training.

Overall, I rate the solution a nine out of ten.

We use the product to capture the logs, collect data, and understand patterns.

The product provides smooth functioning for our service desk and the technical team. It helps in efficiently generating reports to update the management.

There could be AI functionality included for features like reporting and dashboard preparation.

We have been using Microsoft Defender Threat Intelligence for more than a year.

The product has high stability.

The product has high scalability.

The technical support services are excellent.

The initial setup process is straightforward. It took us three months to deploy.

We implemented the product with the help of an integrator.

Microsoft Defender Threat Intelligence generates a good return on investment.

The product’s pricing is worth it.

I recommend Microsoft Defender Threat Intelligence to others and rate it a nine out of ten.

We use the product as a defender for Office 365, endpoints, and security-dependable cloud apps.

The product provides efficient email security for sending links and file attachments. It has valuable features for anti-spam and antivirus. It integrates well with Microsoft Sentinel as well.

We encounter problems connecting the product deployed on the user endpoints with the servers. Additionally, the license model for the servers needs improvement.

We have been using Microsoft Defender Threat Intelligence for two years.

It is a very stable product.

Microsoft Defender Threat Intelligence is scalable.

The initial setup is simple. However, it takes a lot of bandwidth to scan the device. It is challenging to deploy backups of thousands of computers. We have to configure the integration between the Defender for the endpoint and the server. The deployment and maintenance process requires one technical engineer to troubleshoot issues by reviewing PCs and setups.

They offer two license plans: Microsoft Defender for endpoints and Microsoft Defender for businesses.

I have evaluated Kaspersky.

I advise others to develop a good infrastructure and a vision for security before deploying any product. I rate Microsoft Defender Threat Intelligence a nine out of ten.

At our company, we use Microsoft Defender Threat Intelligence for vulnerability management. The solution's infrastructure and overall software are improving. 

A new valuable feature from the solution allows an user to close all tickets from a single console. At our company, we are also working on the CM side to analyze the solution's behavior and we have noticed that our customers prefer to use a single console. 

A stable licensing model is absent with Microsoft Defender Threat Intelligence. Implementation of the product can be difficult if the team on the customer's end is not willing to work on pilots. 

I have been using the solution for five years. 

I am satisfied with the technical support provided for the solution. I would rate technical support an eight out of ten. 

Positive

I find the Sentinel solution, its Hunting feature, automation rules, and customization rules valuable. Our company sometimes recommends Carbon Black, CrowdStrike, and Fidelis instead of Microsoft Defender Threat Intelligence because there have been fewer security incidents. 

The product can be easily implemented for customers who are already using Microsoft Cloud. For hybrid or on-prem customers of our organization, deployment is difficult. 

With Microsoft, at our company, we have one or three-year TCO, and we have to renew the license for this solution two times per year. I am looking to integrate a CRM product from Microsoft with the solution so that the pricing is more reasonable and transparent.

At our company, we are willing to integrate multiple Microsoft solutions: EDR for infrastructure and server end, another for vulnerability, and Microsoft Defender Threat Intelligence for endpoint security, and we offer the same to our customers.

The implementation cost versus the license cost needs to be analyzed for Microsoft Defender Threat Intelligence. When some of our company's customers are not comfortable with Microsoft products, we provide them with a different option. 

Real-time threat detection usage of the solution depends upon the varying strategies and maturity of our organization's customers. At our company, we are implementing the mesh as well as cybersecurity laws. Our company is focusing on implementing observations instead of threat hunting with Microsoft Defender Threat Intelligence.  

At our company, we are offering Sentinel solutions to Tier-1 customers. The integration capabilities of the solution have improved the security posture of our customers but it also depends upon the maturity. Few of the customers of our company are using an in-house solution so they are aware of the posture and the rating. Our organization offers solutions to the customers, but often, they develop their own road map for expansion. 

The actionable insights of the solution have aided in incident response by mitigating major attacks. Our company rarely utilizes customization options for the solution, as customers can start using the product comfortably in the default configuration. For vulnerability management with Microsoft Defender Threat Intelligence, our company needs to adapt and apply the processes followed by the customer's organization; there are limited opportunities for customization.

I would recommend the product to others. But as part of our company offerings, a pilot can also be provided to the customers for comparison on the KPIs. I am satisfied with the product as it meets all the expectations on the infrastructure and security aspects. A user should choose between Microsoft Defender Threat Intelligence and other competitive products after verifying the feature expectations. 

I would overall rate the product an eight out of ten. The product can be effortlessly integrated with the existing system of cloud based customers. 

We use the product for endpoint security of machines. It includes threat detection, defining compliance rules, and governance policies. It helps us with extracting reports as well.

The platform ensures that the environment is fully protected. Its operational excellence helps us reduce resource costs. We do not need a large team to manage security. The subscription models provide monthly and short-term -plans. We can the number of items scale according to the requirements, and dynamically adjust resources during lean periods. It doesn’t require us to purchase long-term licensing plans.

The product’s most valuable feature is the ability to provide threat detection and protection simultaneously. It doesn’t require additional power for processing similar to other products.

One area where Microsoft Defender could be improved is in its support for non-Microsoft products, particularly for systems running Linux or other open-source platforms across ecosystems.

We have been using Microsoft Defender Threat Intelligence for five years.

We have 7000 Microsoft Defender Threat Intelligence users. It scales automatically depending on the requirements. It is a highly available application.

The technical support team responds immediately to the queries.

Positive

The initial setup is straightforward. It has a good amount of documentation available to refer to the steps. It is a cloud-based application and thus, easy to implement compared to an out-of-the-box version. It can be deployed on endpoint devices as well.

The product has multiple subscription models. The pricing is expensive, but it is justifiable considering the amount of threat-related information it provides.

The platform is built for threat detection and protection. It saves the environment from zero-day attacks. It offers an intermittent mechanism for new operating system updates. It can be integrated with many enterprise-grade solutions. We can build APIs and explore the logs as well.

Microsoft Defender has played a crucial role in addressing security incidents related to auditing and compliance within our organization. During audits, a common requirement is to ensure that the environment is fully patched, updated, and compliant with all necessary security measures. With Defender in place, it allows auditors direct access to relevant reports, and verify them.

I advise others to use the product if they are planning to move to a cloud environment. It gives a sufficient amount of information or threat intelligence data.

I rate it a nine out of ten.

We use the software to scan malware for email attachments by identifying and blocking phishing emails.

The product's anti-spam and malware-scanning features are useful. We scan email attachments, documents, and malicious codes.

The software is expensive.

We have been using Microsoft Defender Threat Intelligence for almost a year now.

The software is stable, similar to Office 365.

We have 400 Microsoft Defender Threat Intelligence users. It is a scalable product. However, the cost increases as we increase the number of users.

We receive technical support services via the integrator as well as the vendor.

The software is deployed on the cloud. The setup requires technical knowledge or assistance from the integrators.

The product generates ROI for securing the company resources at minimum cost. We don't need to employ two to three analysts for this purpose.

It is an expensive product. We purchase its yearly license.

We evaluated a few products before.

I rate Microsoft Defender Threat Intelligence a ten out of ten.

Threat Intelligence is a modern antivirus XDR solution that we use to protect the environment, identities, data, and endpoints from attacks.

It was an excellent tool for its covered area and protected data, applications and controlled user access remotely.

I value how Threat Intelligence integrates with the different platforms in Microsoft.

I would like to see more AI features and capabilities.

I've been providing the solution to customers for a little over two years.

I rate Microsoft Defender Threat Intelligence's stability a ten out of ten.

I rate Microsoft Defender Threat Intelligence's scalability a ten out of ten. We have about 50 customers using the solution.

The technical support for Threat Intelligence is very good.

We have previously tried Trend Micro Palo Alto CrowdStrike and several others. We chose Microsoft Defender Threat Intelligence because it has more features and functionalities, is more effective with attacks, and integrates better with different platforms, especially Sentinel, which helped us build a SOC. Threat Intelligence has better reactivity, too, so this solution was what we needed. The other solutions were a bit more complicated and had limitations.

Another interesting thing was how the solution had other data applications, not only endpoints but also identity and so on.

The initial setup is not complicated at all. Threat Intelligence is something engineers can develop and deploy properly. However, the initial setup's difficulty depends on the experience the engineers have with the cases that they need to deploy for, and this is where the skills come into play.

The time taken to deploy the solution depends really on the scenarios. And besides this company, we deployed the solution for small projects, which took less than ten days. There is also integration with Sentinel and third-party tools, so the time to deploy Threat Intelligence depends on what's needed. The deployment, when compared to other solutions, Is not complicated and does not take much time.

The solution can be licensed, but most users would already have it in their Office 365 license. They just need to use it. The solution is very cost-effective and not expensive compared to what other vendors provide. Since the solution is part of a bigger bundle, customers would not have to pay extra.

I rate Microsoft Defender Threat Intelligence a ten out of ten. People planning to implement this solution can confidently choose it. I wouldn't hesitate a minute to renew my license because it's very cost-effective and rich in functionalities. It has more features than other vendors' applications.