Microsoft Defender XDR Reviews

We mainly use this solution for security reasons. We use it for the complete stack of email security so we don't have to use a third-party tool, and we use the extended security features that are included in M365, like sandboxing.

The solution is deployed on the Azure cloud. We're a cloud-only company, so we only deploy cloud workloads, but we also have customers with legacy systems. If we're not able to migrate them to Azure, Defender for the server can be deployed on-premise.

The solution is deployed across Germany in four regions: Munich, Cologne, Bremen, and Hamburg. However, most people work from home.

There are about 50 endpoint users, but we have customers with thousands of users. We focus on customers with a thousand seats or more.

We use the entire M365 E5 license for everything that's going on in the M365 world. We try to accomplish everything we need with Microsoft products.

It was very easy to integrate the solutions. We integrated them so we could have an overall good view of our assets. The installation was fully automated via Intune.

Overall, the solution has decreased our time to detect and respond. If there is any issue, it's not complicated to get the information we need and respond quickly. We offer managed services to some customers, and we have a very clear view of what's going on in their security environments.

One of our main focuses is IT security. This solution has a huge impact on how we use tools and what we do in IT.

One of the biggest points is that Defender is included in the license. It's integrated fully into the M365 world. There's no need to have a third party, which is more complex and includes additional costs. Especially because we're partners, it's very good to have 100 free licenses. We're able to distribute all the information to our customers and integrate it into our projects in a very streamlined way.

We saw all of these benefits instantly. It's different with customers because they are often heterogeneous in the software they use. There's a little bit of explaining and promoting, but it's a huge benefit for most of our customers when they understand that they can have a centralized view of all these security topics. If we are able to deploy the solution to new customers, the benefits are realized in about six months because we have to train them and implement all of the security.

The solution helps with finding high alerts. I wouldn't say it helps with automation because we are piping the problem into the Jira automation, so our managed service kicks in. I would say that it's half-automated.

It helps save time when it comes to the operation and receiving information because we don't have to skip around with different products and customer situations.

This solution enabled our security operations. The legacy approach, in which the tools are in place and someone occasionally checks them, is not secure as it's meant to be today. 

It eliminates the need to look at multiple dashboards and gives us one XDR dashboard. The consolidated dashboard helps our customers get a faster view, which wasn't possible with the former solution.

The solution's threat intelligence helps us prepare for potential threats before they hit and to take proactive steps. Our security team is able to work well with it, and a lot of information is getting to our internal users. We distribute everything we learn to our customers.

Sentinel enables us to ingest data from our entire ecosystem because we're cloud-only, so there is no other architecture to monitor.

I would say the logging and analyzers are about 80% of our security operations. The ability to have a clear view of the security information is a big win. For legacy implementations, it's normal to have the security installed but not be able to monitor, detect anything, or get the information to the right people.

For the most part, Sentinel enables us to investigate threats and respond holistically from one place. Today, there are different views, different websites, and different portals to use in order to drill down and get to the real problem. It's a good starting point.

I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender. We use Plan 1 for email security because it's a common vector for phishing and attacks. The Plan 2 version goes more into advanced features and logging, which we also use for our internal security operations center.

The solutions work natively together to deliver coordinated detection and response across our environment by about 80%. There should be something to get a consolidated view, which doesn't exist at the moment. We have a known tool in place to consolidate all the information into one view for us. That would be a perfect function to have in the future.

I have more than 15 years of experience in IT security, so I have a very good understanding of the tools we need for a use case. I think the documentation helps us and all of our customers comprehend the product. For cloud products, it's normal that something new today is almost outdated tomorrow. Company-wide, we have a very good view of all these products, and we're very firm in deploying them.

I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses.

I would also like a more aesthetically pleasing dashboard. For German customers, it's important that the solution is in German. Multi-language support should be in all the features if possible. In many projects, we want to use digital signatures on emails. It would be perfect to have better integration of digital signing in a standard way.

In the last few months, the dashboard changed very often. When they restructure it, it's a little bit painful. Otherwise, the technology is very helpful.

The visibility into threats could be better. For the last six months, getting information from the access points has been difficult. However, the newest version fits very well. It's easy if you've found the right spot to view what's happening.

For legacy organizations or legacy customers, I would say it's possible to save time, but time-saving isn't always the best with security because it needs to be deployed and managed.

It can be installed quickly, but it takes time to check out false positives, have everything in place, and train each end user.

We have been using this solution for five years since our company started. The solution had a different name, but we have been using it since it's been available. We use company-wide E5 licenses.

The solution is stable.

We haven't had any scalability problems.

I haven't had a lot of contact with technical support.

For my personal project, I used many other legacy projects, but not at my company. We aren't selling anything other than the new Microsoft solution at the moment.

The solution doesn't require any maintenance.

We have seen ROI in project situations because we removed legacy email gateways and legacy antivirus on-premise solutions.

I would like to have more security features in the lower licenses because not every customer is able to buy E5 licenses. The bundling isn't always easy for our customers to understand. Compared to other tools, it's a good price.

I would rate this solution as eight out of ten. 

My advice to those who are looking to implement this solution is to get help from the right company so you can use the solution properly.

Defender helps us prioritize threats, but I would say it's a combination of all the information that we're getting from the internet and from other resources.

To a security colleague who says it's better to go with a best-of-breed strategy rather than a single vendor security suite, I would say that it depends on the customer. If someone has their own VSOCK implemented and many security guys on board, then maybe best-of-breed is what they need. 

If someone is a classic customer who doesn't know a lot about security, then they should stick to a one-vendor strategy.

I am the head of IT of the police force in the Madrid municipality. I have deployed the product to all 6,000 policemen and police women here and we are trying to protect all our devices with it.

It has helped eliminate having to look at multiple dashboards. This is a part of the benefit of the integration. It's quite helpful to receive information and data that is correlated with other information, in the form of a graph or chart. It's a good added value. We are provided with consolidated information, which is very valuable for making decisions and moving forward in improving our devices and our security.

It's very well known by all our technicians and it has helped to decrease the time to detection and response.

And while I can't demonstrate it with metrics, my intuition is that we have saved money. Because we are a very large organization, we have very large needs in IT systems. Perhaps the best thing we did, years before, was to have everything, all applications and the operating system, come from Microsoft. Perhaps that means potential money savings.

The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products. Even the desktop devices seem more productive by having all these products integrated. That's the best advantage.

I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera. That is where they should put in more effort. I don't have a global risk solution coming from Microsoft, one that could help me in all these different IT areas.

I have been using Microsoft 365 Defender for about two years.

I would rate its stability at seven or eight out of 10. It's quite good. Up until today, we haven't had any big problems with the solution. I'm quite comfortable with it.

The solution is deployed to more than 25,000 in the municipality, but my responsibility is only over 6,000 people in the police corps.

Microsoft provides quite good support across their different areas of activity. The people attending to your requests are quite professional. They take care of your requests and respond to your needs. They try to help you. The documentation is not the best in the world, but it's quite sufficient for our needs.

Positive

Years ago we had solutions from other companies, such as Trend Micro for the desktop devices, and Trend Micro and Sophos for servers.

We used to work in different ways. Some people were in the office with desktop devices, but most of our people work outside with mobile devices. The latter group is at much more risk and we wanted to protect all these devices from potential damage and risks.

The switch was a company decision made by higher management within the municipality. We started to work with Microsoft Office 365 years ago, and then a decision came down imposing the use of Microsoft 365. I feel comfortable with the decision, but I know inside our organization that we've had plenty of problems deploying all facilities given by M365.

I'm not aware of having more or fewer problems with this product than the ones we had before, when it comes to deployment or interfaces. It's quite standard and the deployment was quite easy, but it was equally easy to deploy all the products years ago.

It has been easy to integrate with the rest of our devices and software. In addition, there was no impact on the user experience. The solution is transparent. The users may not even know of the existence of this product. There was no problem deploying and starting to use Microsoft 365 Defender. We have some other products, beyond the desktop level, that work in a coordinated way Defender.

The deployment took a few months, but we needed at least a year to stabilize our organization. The first days were awful because people couldn't understand the change in mentality required to work with this paradigm of software. During the first year, we had to cope with plenty of incidents and problems. Having passed the one-year mark since we deployed, we have started to see some of the benefits.

I generally use an "onion" deployment methodology. I start deploying new solutions in desktops that are quite close to my area of activity in the IT department. We implement, let's say, 50 to 100 desktops per day and we wait for a week to see if everything is okay and whether there are incidents. Once we are assured everything is fine, we implement by regional police units in different locations.

We had 10 to 12 operations technicians involved in the deployment.

Every software solution requires maintenance. In this case, there isn't a lot of maintenance. We have to keep an eye on the status of the solution every day. That process involves two or three people.

As most software companies have done during the last few years, they have moved from a licensing model to pay-per-use. It was difficult to understand and accept this change. When we had to accept that model, it had a great risk for companies like ours that always have to cope with annual budgets. The question is: What happens if, for any reason, there's not enough budget to accept this model? That could be a great problem.

There was a possibility of continuing with the solutions we had been working with.

But we cannot compare them because the other solutions were built eight years ago. Technology has changed so much.

Fortunately, we haven't had the chance to see if the solution's threat intelligence helps prepare us for potential threats before they hit. But I'm quite sure that it's working together with other tools to help us to stop potential breaches and risks.

Give this product a chance. Is it the best in the market? I don't know. Is it the worst? I don't know. But what is quite good is the integration with the rest of Microsoft's software products. That's the added value.

Try it, prove it, and see how it integrates. It depends on the situation. If a colleague is using Linux in their data center and desktops, of course, I wouldn't recommend this solution. But here in Spain, most companies have Microsoft products.

The product replaced Sophos, a third-party product we used, helping us save money equal to its yearly subscription. The product saves us time. We do not have to interfere. It just keeps running.

Considering we haven't encountered any technical problems since we started using it. It is working as intended. It has great stability.

I don't know if that is Defender's feature, but more active monitoring for data breaches would be beneficial. There could be a way to proactively monitor unusual activity versus just depending on viruses and malware. If the traffic seems unusual, it could detect anomalies and update us. It would help us stop malware attacks ahead of time.

I have been using Microsoft Defender XDR since 2015.

We never encountered stability issues.

Whenever we add a license, it automatically sets the account for a new user.

The initial setup process was fine and similar to Office 365. We had to get our email server lifted externally from the premises to the cloud. It is easy to use once all applications are deployed.

Microsoft Defender XDR is already included in our Office 365 licensing. It is better because we're saving money by using it.

The product was included with the Office 365 licensing that we had. So, we decided to try it out. Before that, we were using Sophos.

I haven't run into that particular instance where the security features have extended beyond Microsoft technologies. The only products we use outside of Microsoft are proprietary lockdown applications, and it's not really an issue there.

During staff training, we've been using Intune to detect phishing attempts. It hasn't detected anything in that aspect. However, it has the ability to check for malicious attacks preemptively.

I rate it a ten out of ten.

I'm a deployment engineer for Microsoft products, and we work with multiple SMEs. Customers adopting Microsoft products want the same features they had in their third-party solutions. We look at their requirements and the types of features they need. We determine the security mechanism that best addresses their vulnerabilities. We might suggest Defender for Identity,  Defender for Endpoint, 365 Defender, and Defender for Cloud Apps. In addition to those security solutions, we offer device management. We provide everything.

Defender improves our security operations. I've had chances to collaborate with our SOC team. Our customers face many random attacks they don't know how to prevent, and the SOC team handles them remotely. The security engineers can investigate the incident or use the information from the customer's environment to offer a recommendation. If the customer doesn't have the detection mechanism, we can recommend a product or find a solution for them. 

The solution can help customers save money because we can bundle it with all the other Microsoft solutions, like email and Defender for endpoint, identity, and cloud apps. Most of our customers use Windows 10 devices and Microsoft Active Directory, so everything is on the same page. Defender can save time by automating investigation and response. We don't need to spend much time because it'll automatically take action in many cases. 

The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI. 

Defender has integrated identity access management, and you can add DLP features through a separate solution called Microsoft Purview. Within the cloud, we can create access policies based on each user's risk. It's integrated with Azure AD and on-prem Active Directory, so all the user identities can be managed in a single portal.

We use the multi-tenant management capability, so we can cover customers that have multiple regions. We can easily investigate across tenants based on severity. For high-priority alerts, we start from scratch and ignore what's happening on the endpoints or emails. We isolate the device and ensure that nothing will be released from it. Next, we check this device and some more details.

There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the roadmap, and we were waiting for that feature. 

I have used 365 Defender for about four years.

365 Defender is stable. There is no downtime. Still, Microsoft is constantly rolling out features, so there are sometimes bugs after new releases. Our customer experience team is collaborating with Microsoft and sharing feedback with them. 

365 Defender is scalable 

I rate Microsoft support nine out of 10. The support depends on the product and the customer's issues. 

Positive

I work with customers coming to Microsoft from other third-party products, so I try to understand what the product does and suggest a solution. The names are different, but all the technology is the same.

Deploying Microsoft Defender isn't complex if you have experience. The deployment depends on the number of users, apps, and the client's requirements. If the client wants to implement XDR, it takes about a month to achieve full functionality.  Endpoint protection takes around five to ten days. It's a cloud product, so it doesn't require any maintenance. 

Defender XDR is agentless, so you don't need to install an agent anywhere. It's a cost-effective option.

I rate Microsoft 365 Defender nine out of 10. We recommend it to our customers. 

I use 365 Defender to protect against phishing attacks and filter out our email to pick up certain vulnerabilities. For example, if someone sends out their credentials, it triggers an alarm. 

Features like filtering and phishing simulation increase our email security. The main purpose is to protect employees and sensitive company information. Everything is connected, so an intruder can potentially access sensitive, confidential information by breaching just one account. 365 Defender is a good way to protect the entire environment. 

Defender helped us automate tasks because we had everything preconfigured. We create alerts and automated responses, which save us some time. Threat intelligence is helpful. For example, if there is a suspicious IP address based in Russia, we can block that address. I didn't do much of that, but it's possible.

365 Defender provides solid visibility because we can map out what's happening and get a good overview of the intelligence. The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats. 

I also like that Microsoft has a lot of resources online. It's easy to Google information about the tool and what it can do for your organization. 

The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process. 

I used Microsoft 365 Defender for 10 weeks during an internship. 

365 Defender is highly stable. I've never had any issues with it. It can be slower at times, but that may not be product's fault. Maybe there's too much traffic or an issue with the connection. 

365 Defender can scale. More than a thousand people work for this company, and some of them have multiple endpoints, like laptops, workstations, phones, etc. 

I've used CrowdStrike and some other tools for endpoint and email security. Microsoft Defender is excellent because it covers everything in one place, including endpoint protection, email security, phishing simulation, spam filtering, etc.  

365 Defender is billed per account. I don't know the exact price, but my supervisor told me that Microsoft Defender is cheaper than the alternatives. It's bundled, so you get all the features in one place. 

I rate Microsoft 365 Defender a nine out of ten. It's an excellent product that protects employees and organizations from attacks. If you have it configured correctly, you should be good. It's an ideal solution for new companies that are starting up and need protection. 

If I were asked to pick between a best-of-breed strategy or getting all of my solutions from one company, I would say that it depends on the product. Many companies have products that offer the same quality as others. The Microsoft family covers so much, but you can also try CrowdStrike for endpoint protection or Proofpoint for email security. 

Each platform offers flexibility, and some can be better than Microsoft, but when it comes to creating configurations, I feel that it's a better option. Also, you can get a better price by purchasing all your solutions from one company. 

We are a Microsoft partner and we have clients who are Microsoft 365 administrators in several companies. They are looking for ways to secure their tenants and make sure that their security is top-notch. That's where Microsoft Defender comes in. We use Microsoft 365 Defender for security and compliance to secure tenants from malicious attacks, including spam and phishing attacks. And when it comes to compliance, it is used for data privacy and data protection to ensure that very sensitive data doesn't go out to the wrong location.

It makes security and protection very seamless.

And Defender saves me time. For instance, if I get notified that a user isn't receiving emails from a particular person, I know that the first thing I have to do is a message trace. It saves me time to an extent because I have a go-to location. With message trace, I'm able to trace emails from, for example, abc@givendomain.com over the past two days. It gives me information about what actually happened in the mail flow. I'd rate the time it saves me as a seven out of 10. 

It has also saved us money, on the order of 50 percent. And our time to respond has improved to the level of a six out of 10.

The features of the solution are vast and wide.

The most valuable feature is the content search feature in the compliance portal. It is very useful because it covers both audit log search and content search. The audit log search is very useful because, most of the time, you see several changes within the admin portal and it's hard to keep track of what happened. Our customers want to get to the root cause and see the activity that must have triggered those changes. That's where the audit log search comes in. They've enhanced the feature in such a way that it has a vast range of search options so that an analyst can carry out a full search.

The content search feature has also advanced to a point where you can carry out several searches with your keywords. You can point it to a certain location, such as Exchange Online or SharePoint Online, or Teams Online. You can narrow the search down to a particular individual or group of individuals. When administrators report that they have lost content or accidentally deleted a mailbox or the mailbox content, the content search feature is a good way to recover the content.

Another top feature is threat management. It helps prioritize threats across the enterprise.

In addition, you can navigate to the security compliance portal and set restrictions to block IP addresses from different locations. You can also choose to flag domains that are sending malicious attacks and block them and update the anti-spam policy to make it more strict to prevent attacks from happening in the future.

Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal, you can set security restrictions and policies to help secure your tenants, but most administrations do not know about that, including things like multi-factor authentication, conditional access policies, and privileged access.

We've had reports from clients about compromised accounts because someone got access to a password that they shouldn't have. Multi-factor authentication helps eliminate this. As for conditional access policies, you can set certain policy restrictions to certain locations or IP addresses so that emails or sign-ins only come from particular locations. That helps secure your environment against malicious sign-ons to your accounts.

The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features. You will see Exchange Online, security and compliance, and Microsoft Azure. All you need to do is click and it takes you to the portals.

Overall, the comprehensiveness of the threat protection is at 95 percent. It's not 100 percent because of updates not being done on the Knowledge Base and technical know-how.

The alert feature allows you to set the severity of alerts. If there is a malicious or suspicious sign-on, an alert triggers immediately letting you know, as an administrator, to check what's going on in that account. For example, there was a time when one of our users' accounts was about to be compromised. We got an email notification which was sent to all administrators on the tenant. I was able to block that activity in real-time and then set the system to trigger more alerts for such sign-ons in the future. I also blocked the IP address. That particular feature has helped. The alert arrived in real time to prevent the account from being compromised.

When changes are done within either the admin or security and compliance portals, there should be a real-time update to administrators about the changes. Many times I'm supporting a case where someone says, "I used to do this like this, but I'm unable to do it that way anymore. What happened?" And I will have to say, "Oh, sorry. That doesn't work like that anymore. It's now done this way." So there should be a way to notify people about changes like that, and prompt information when changes are done within a portal.

I would also like to see regular updates about new features in the Knowledge Base. There are cases where I'm using a Knowledge Base article to try to educate a customer, but when I check the feature on the admin portal, and in the article, they don't look alike. For instance, it's saying, "Go to settings. From settings, go to options." Meanwhile, on the portal itself, I'm seeing "Settings, go to more settings, then go to options." It would help a whole lot if feature updates were updated in real-time in the documentation.

Also, the message trace feature for investigating mail flow issues should add more detailed information to the summary report. The summary report is what the administrators are able to understand. The extended reports are a very deep dive and the administrators will only understand them if they reach out to support engineers. But if they could extend the summary report a little bit, and make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and prevent it from occurring again. Making that summary report more extensive and detailed would be of great help.

I have been using Microsoft 365 Defender for a little over three years.

Overall, it is stable. 

There are a few bugs but they generally don't impact the reliability. The bugs are not the kind that impact the work done by an organization. Processes can continue while they fix the bugs.

It is scalable.

It is used across multiple departments with anywhere between one and 200 endpoints.

Their response time is okay, it works fine, but the time it takes to resolve escalated cases needs improvement. An escalated case is when there is a bug. You could literally have reported a bug and it's still not resolved the following week. Bug fixes take a long time, especially when a very essential feature is not working as expected.

Neutral

It took me three to five months to understand it because it has a vast number of features. If you do not understand it, one click could mess up a whole lot of things.

Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible. An individual should be able to access the solution at a very affordable rate.

Most administrators, in my experience so far, are reaching out to third parties for email filtering and to manage threats in their organization. According to them, Microsoft 365 Defender isn't giving them the information they need. And I realize that this is not correct. What they're missing out on is the proper information or technical know-how to utilize the features.

For example, if someone uses Barracuda as their third-party filtering service, I begin to ask questions such as, "Okay, why did you choose to use the Barracuda service when we have the ability to create good anti-spam policies that could help secure your tenant? You can create anti-phishing policies and rules that will help restrict IP addresses." Often, what they say is that Barracuda is better because it gives them more information and real-time data. At that point, I ask them to let me provide a deep dive into the features of Microsoft 365 Defender. I use the documentation and Knowledge Base articles to explain its features, one after the other, and they begin to say, "Oh wow." They didn't know these features actually exist. They'll begin to look at the possibility of utilizing the Microsoft solution since they have paid for it. Why should they pay additional money to a third party to get services that Microsoft provides? They feel very happy about the information I provide.

So far so good. The Microsoft 365 product hasn't given me a reason to want to check for other products and move to something else.

For the best and most seamless user experience, it's best to go with a single vendor because there could be a lot of complications going with a best-of-breed strategy. It's easier to understand things with a single vendor.

When you don't understand a feature, ask questions and reach out for support. There are some features that are being used wrongly or that are underutilized.

Also, test the product beforehand. They provide trials so you can test the solution and see if it meets your expectations.

Microsoft 365 Defender is one of the first layers to our security. It's our first layer security product, e.g. we use it, then we also use Exchange Online Protection for email, Safelink, etc.

We always recommend these products to our customers, e.g. if the customer is using another third-party product. We are always recommending these compliance and security products, e.g. Microsoft 365 Defender, Cloud App Security, etc.

We usually recommend cloud security because it connects all of these security and compliance products in one center to take logs and make them meaningful, plus you can also create alerts. We are also recommending it because of Microsoft Teams usage, especially because in Microsoft Teams, users sometimes do mass deletion, mass download, etc. We always say: "Let's connect your Cloud App security with your Azure Information Protection, with Microsoft 365 Defender and your Microsoft Teams, your Engula, etc. We find cloud security to be very useful.

What I found most valuable in Microsoft 365 Defender is that it's able to scan emails and protect users from dangerous links or attachments. This is important in a first layer or base layer security product such as Microsoft 365 Defender. You can even combine Microsoft Defender for Endpoint with this solution to get the most benefits.

I also find Microsoft 365 Defender user-friendly, so that's another valuable feature of this solution.

What could be improved in Microsoft 365 Defender is its licensing. It needs to be more consolidated, because there are so many plans for Microsoft 365 Defender, and every other year, there will be new licensing options, e.g. plan one, plan two, etc., that become more and more different from each other. The most valuable product would be the most expensive product, and customers usually say: "We really need the last version, but that's really expensive for us, because we are in Turkey and the currency is very, very high now." Three years ago, this wasn't a problem, because $1 was three or four Turkish liras, but now it's 15.

In the licensing options, it would also be better if there can be some optimizations, similar to what Power BI Pro offers. There are two options in Power BI: user-based and capacity-based. It would be good if there can be another option for one consolidated product for the whole company with a higher price, but you cannot depend on user count.

What I'd like to see in the next release of Microsoft 365 Defender is for them to provide more details in the alerts and notifications they send out.

We've been a partner for Microsoft for 10 years.

I found that the stability of Microsoft 365 Defender is good.

Scalability is good in Microsoft 365 Defender.

What we have is Premier Support from Microsoft, e.g. we are a CSP partner, so we were required to buy Premier Support and Cloud Consulting from Microsoft. We are really happy with the support we've been receiving for Microsoft 365 Defender, but on the customer side, they don't have Premier Support, and sometimes, depending on the case, they're not very satisfied with the support. 

Our satisfaction is five out of five, but our customers would only have three or four out of five, in terms of their satisfaction with Microsoft 365 Defender support.

The initial setup for Microsoft 365 Defender is really easy. It's not very complicated. I didn't see any other difficulties with setting it up, but customers sometimes think it's not very easy. They purchase consulting services from us, so it doesn't bother us, but sometimes the customer says: "I don't know how to start, but I use Microsoft Security." Microsoft is very late in the security niche, so customers sometimes say: "We have Symantec", or they would mention that they have other products from other vendors, and these vendors are very reliable for many, many years.

In the last three or four years, though, customers start to depend on Microsoft Security products, but they are not early adopters, because they usually tell us: "When we buy the product, some policies cannot be used, but after sometime we can use it." It's not really a problem, but I wanted to relay some of the feedback we get from our customers.

The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change.

We've been dealing with the latest version of Microsoft 365 Defender.

For an average project, deployment of Microsoft 365 Defender can take a week, but we do need some change management models, because we still need to train the users about safe links and attachments, so we sometimes have to expand the average time, but implementation is not very hard. If we only do the implementation, one week is more than enough.

We rely on just one to two persons, particularly engineers, for the deployment and maintenance of Microsoft 365 Defender.

My recommendation to others looking into implementing Microsoft 365 Defender is that reading the documentation is really good. If you are a Microsoft partner, you'll also have benefits, e.g. CDS tenants and demo tenants that are free to you for one year, so you can test the products first, before you implement. If you are a partner, my advice is to use your Microsoft partner benefits.

I'm giving Microsoft 365 Defender a rating of eight out of ten.

We use the solution for endpoints. 

What I like most about the product is its all-in-one solution. With Microsoft Defender XDR, we get coverage for various aspects like endpoint security, cloud security, and image-related cases, all within a single platform. This eliminates the need for multiple products or technical controls to address incidents. The main benefit became evident immediately after deployment, especially in its ability to analyze files and phishing emails quickly. By submitting suspicious files or emails, we receive quick results on whether they are legitimate, suspicious, or malicious, saving time. 

The solution could enhance the threat Intelligence feature by making it more relevant to specific industries. Much of the threat intelligence information isn't directly applicable to our environment. It would be beneficial if the threat intelligence were tailored to the industry, such as healthcare or fintech, where the solution is being used.

Additionally, the MDCA feature could be improved to provide more accurate data on how much data is uploaded or downloaded from the cloud. This might involve better implementation from our infrastructure team, but clearer and more precise reporting on cloud data activities would be valuable.

I have been using the product for eight to ten months. 

The solution works smoothly. 

The tool's scalability is good. 

If we open a case on the Microsoft portal, a support person from Microsoft helps resolve the queries. From our side, it usually involves two or three people. The Microsoft support person sometimes brings in another expert to resolve technical queries.

We've submitted our queries, and a tech support engineer comes through on a chat, a Zoom call, or another type of call. We discuss the queries with them, and they usually resolve the issues in one or two sessions.

Sometimes, if one engineer can't resolve the query, they will bring in another engineer, which can take an additional one or two days. 

Neutral

We chose Microsoft Defender XDR because it provides a one-stop solution. Everything related to endpoint security, email security, or cloud applications is integrated and visible in a single window. If we were to use other solutions, we would need to implement three different products to achieve the same level of integration and functionality.

We had some issues while deploying the tool's on-prem version. Support helped us resolve them. The cloud version is easy to deploy, while the on-prem version takes one month and doesn't require any maintenance.  

I rate the overall product an eight out of ten. If a new customer is going to buy Microsoft Defender XDR, they should clearly state their needs in front of the Microsoft team. They need to specify what they want and what features they require. It's good for the Microsoft team and the customer to understand all the requirements before deployment clearly. This way, any potential issues can be addressed beforehand, making the deployment smoother.