Microsoft Defender XDR Reviews

One of my largest customers deployed Defender for Endpoint, but they also wanted Defender XDR to get a specific feature. Defender XDR is included in the E5 license, but it's a bit too expensive. Our customer wanted Defender XDR's file integrity monitor tools for compliance. My client is using Defender with Sentinel, but I'm unsure how much they use it. 

My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files.

My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it. 

We have a similar tool to Defender's file integrity monitoring. Under the VMware VM properties, there is a change-checking tool, and it will tell us if the extension is in a different location. You can configure checking and do the monitoring. When I log into Defender's file integrity portal, I cannot see that this machine was enabled.  It's the same agent and extension. 

It's confusing because I don't know how to tell the customer they don't need to pay $15 per month because you already can enable the extension in VMware. Under the Defender account, it all seems like it's high code, and we cannot change it. Every customer has requirements for us to customize those things. 

I have used Defender XDR for about a year. 

Defender XDR is an enterprise-scale solution. 

I rate Microsoft support 4 out of 10. 

I rate Defender XDR 3 out of 10. I don't think Defender XDR is ready to deploy in its current state. It has too many solutions inside, and they're not fully integrated. 

It is an integral part of our security infrastructure, primarily serving to monitor both our server and client environments comprehensively.

Its strength lies in providing a holistic view of the protection it offers. When a threat is detected, the system not only identifies the nature of the threat but also provides valuable insights into how and why it was detected. This thorough understanding empowers us to take well-informed steps to remediate the threat effectively. The unified Microsoft environment enhances overall ease of use, making it considerably simpler for our team members to collaborate and work efficiently, given our familiarity with Microsoft products. Unified identity and access benefits stand out as crucial, especially as we delve deeper into compliance considerations. The increasing importance lies in having a centralized view, streamlining visibility through a single interface rather than navigating across various sections in Defender.

The incident threat response and its ability to facilitate effective remediation against threats are the standout features. I haven't encountered a similar level of comprehensive incident response in other solutions before.

Perhaps there's room for visual enhancements to make the platform more appealing. Stability could be improved by avoiding frequent changes to the interface.

We have been working with it for approximately a year.

It has proven to be scalable within our organization, which, while not exceptionally large, consists of around eight hundred users globally. It strikes a balance, meeting our needs effectively without being overly complex.

The technical support is generally good, but we sometimes find the first-line support process a bit cumbersome. After initiating a case, we, as experienced professionals, go through the standard script diligently (ABC), only to find that first-level support requests the same steps again. While I understand the need for thorough troubleshooting before escalation, it can be time-consuming. I would rate it six out of ten.

Neutral

Compared to antivirus or security products such as Trend Micro or McAfee, Microsoft Defender XDR appears notably more user-friendly and offers a clearer interface. The adoption of Microsoft Defender allowed us to phase out the use of other security products, including our long-standing reliance on McAfee and Trend Micro. The transition was prompted by the effectiveness of Advanced Threat Protection offered through Microsoft Defender 365. The decision to consolidate under Microsoft's umbrella proved advantageous, making the adoption process smoother and more efficient for our organization.

The initial setup wasn't overly complicated. We only needed to create a few scripts, which were then executed on our local machines within the environment. This process seamlessly integrated the machines into Defender within our tenant.

We use a third-party software tool for executing scripts and deploying software packages.

We've achieved significant cost savings, primarily in the realm of security. As Microsoft continues to enhance Defender, we anticipate further opportunities to streamline and consolidate various aspects of security monitoring and software under the Microsoft umbrella. I'd estimate the savings to be in the tens of thousands of dollars annually.Considering our relatively small team of around thirty IT professionals, especially those at the first level primarily using security products like Defender, the streamlined access within the same application prevents them from having to navigate through multiple applications. This efficiency translates to a potential saving of around a dozen hours per month per individual.

Understanding the subscription model has been a bit challenging, as every feature or requirement comes with an additional cost.

Overall, I would rate it eight out of ten.

The main use case has been for threat hunting, not in the sense of actively looking for the threat, but in terms of analyzing the ongoing process within clients' machines. I was looking into what kind of changes happen when you install any new software and it asks for so many permissions. I wanted to analyze the criticality of the permissions being asked and so on. Usually, when we install any software, we just click next, next, and next. We don't look at the details. So, my role was to check how it behaves within a system. For that reason, I used Microsoft Defender. 

I used the query language to do advanced threat hunting. I ran different queries to collect the data. The data was then brought into Power BI. We had data coming from different channels. So, we used Power BI to collect it at a single point.

My usage of it was on a very small scale. I am not aware of its overall impact on the organization, but it did help us a lot to know and achieve what we wanted to achieve. Without Microsoft 365 Defender, the detection for our use case would have been impossible.

It provided more visibility into threats, and it came with some of the default functions from Microsoft, which was an advantage. They had already defined different tables in advanced threat hunting, which was very helpful. I am not aware of other vendors providing that.

Its threat intelligence helped to prepare for potential threats before they hit and to take proactive steps. That was my target for that project. We were actively looking for vulnerabilities inside the software, and we wanted to detect the software supply chain aspect. That was a difficult task, but we wanted to be ahead before any attack happened. That's why we were using Microsoft 365 Defender.

It saved time. They had already defined different tables to identify different artifacts within the system, which saved about 50% of our time.

Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis.

I liked its portal a lot. I am currently using a different vendor, and there is a big difference between them. Microsoft had a very good portal, and its user interface was good. Irrespective of where I was, with a click, I could see comprehensive details about something on the right side. The related information was always on the right side. So, I didn't have to jump over different tabs and functionalities. The information was always there on the right side, which is something I liked in Microsoft 365 Defender portal.

The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete. They should refresh all their articles and see that the steps and figures aren't missing. They can also provide more documentation.

I used it just for four months in a previous company.

I never had any problems with it. It was always stable.

It's scalable. You can query each and every machine in the company.

I was working for a client, and that client had more than 50,000 people.

I never contacted them directly, but based on what I heard during the meetings, they seemed to be quite helpful and good.

I didn't use any other similar solution before Microsoft 365 Defender. That was the first time I used Microsoft 365 Defender. That was my first experience. Now, I'm using a different product, and I can see that Microsoft 365 Defender was much better than the current product.

Microsoft 365 Defender is very good for analyzing something. There are multiple types of data and multiple ways to utilize that data. With a single click, you can have all the related data for a particular topic. That's really good, and that is what I'm missing in the current product.

I did not use Microsoft Defender for Cloud, but I saw the cloud part for monitoring cloud applications. It was nice, and it had some added functionalities. For example, application risk scoring was very good. It shows what data has been considered to give a particular risk score, which is useful for a new learner like me. It was helpful to know the criteria for scoring. They also included so many applications. There were more than 24,000 cloud applications inside their catalog. That's a really good catalog.

To a security colleague who says it’s better to go with a best-of-breed strategy rather than a single vendor’s security suite, I would agree that multiple vendors are better than a single vendor because every vendor has different capabilities. It's always better to use the best products from different vendors than to use all the products from the same vendor.

I would rate Microsoft 365 Defender a nine out of ten. 

It's the main tool that we use for the customer that we support. We don't use any other tools to monitor the environment.

It helps us prioritize threats.

In addition, Microsoft Sentinel enables you to ingest data from your entire ecosystem. One of the main reasons we use Sentinel is to receive logs from different sources and create analytical routines to generate alerts. Sentinel enables you to investigate threats and respond from one place and that is also very important because it becomes part of the monitoring team.

Microsoft 365 Defender has also helped eliminate looking at multiple dashboards, giving us one XDR dashboard. That means we don't have to spend too much time checking different pages. We just have one specific portal with all the information.

The solution has saved us time, although we haven't measured how much. It has reduced our time to detection and time to response by about 20 percent.

The most valuable features are the 

• integration among all the Microsoft tools
• details of the alerts.

We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience the with the integrations, it was just a click of a button and things were integrated. It's just a button.

They work natively together to deliver coordinated detection and response across the environment. We get more details when we integrate more tools, so it's relevant to have integration enabled. When it comes to monitoring an environment, this is very important, because you get different perspectives and points of view on the same alert.

I have a positive impression of the visibility into threats that the solution provides. It brings a lot of information and details related to the alerts or any security threat.

There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups.

There could also be an improvement on the customization part. Sometimes we need to customize a few configurations but we can't.

I have been using Microsoft 365 Defender for a year and a half.

We have never had any problem with downtime.

The scalability is good.

Sometimes, they still take too much time to reply. But when they do reply, it's positive support.

Neutral

I was not involved in the initial setup, but there is no maintenance involved now.

My advice would be to have someone from Microsoft involved in the deployment part to help. There are a lot of details that they have information about, and it's impossible to know everything.

We use Microsoft Defender XDR for endpoint protection.

We have integrated Microsoft Defender XDR with 365 for identity and access management.

Microsoft Defender XDR protects against ransomware, business, and mail compromise. Microsoft offers the MITRE ATT&CK framework through its Defender XDR platform. This integration is particularly beneficial for Microsoft Office environments. It's a common practice to use Sentinel to investigate potential security incidents. For instance, we can check logs, examine hunting patterns, and review queries in Sentinel. Additionally, I've encountered situations where clients have lost their conditional access policies due to various factors, such as country-based rules, MSA-related rules, or application-based roles. Clients need to maintain these specific policies to ensure optimal security.

Multi-tenant management is a relatively new concept. I currently work with GCP, Microsoft 365, AWS, and Azure, where I access and perform assessments.

Microsoft Defender XDR helps replace other security products in our environment.

Microsoft Defender XDR helps save us time.

The common and advanced security policies for threat hunting and blocking attacks are valuable.

The UI is user-friendly. 

Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features. This can make it difficult for users to keep track of the latest changes and find the information they need. For example, every month, Microsoft might rename a product, change a portal, or update a feature. This can lead to confusion and frustration for users.

I have been using Microsoft Defender XDR for seven years.

I would rate the stability of Microsoft Defender XDR eight out of ten.

I would rate the scalability of Microsoft Defender XDR eight out of ten.

The few times I have contacted technical support, they have been helpful.

Positive

The initial setup is straightforward. Depending on the size of the environment, two to three people are involved in the installation.

Purchasing Microsoft Defender XDR as part of a Microsoft 365 bundle can be cost-effective, but acquiring it as a standalone product may be more expensive.

I would rate Microsoft Defender XDR eight out of ten.

We make use of Microsoft Defender for Office 365 for endpoint security and email and we use Defender umbrella for impersonation and sales. Under Defender umbrella, we use a lot of products depending on the customer requirements. As a company, we use Defender for email as well as for endpoint security.

We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence. 

This solution could be improved if it included features such as those offered by Malwarebytes. 

We have used this solution for many years and we are a Microsoft partner. We use this solution on a daily basis.

This is a stable solution. 

This is a scalable solution.

We have not yet needed to contact Microsoft for support with Defender. 

We have previously used a number of different solutions including Trend Micro, Symantec, Sophos Intercept X and Malwarebytes. Overall, we are more comfortable using Defender.

The initial setup was straightforward. 

I would rate this solution a nine out of ten. 

We have many clients that have large companies in the south region of Mexico. They use the solution for security.

 Microsoft 365 Defender is a good solution and easy to use.

I have been using Microsoft 365 Defender for approximately 15 years.

Microsoft 365 Defender is a stable solution.

The scalability of Microsoft 365 Defender has been good.

The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist.

If the solution is deployed using a good specialist with the correct configuration it works very well for normal users.

The amount of people needed for the deployment depends on the number of licenses the customer has. if it is a large company as we have with approximately 8,000 to 12,000 people, we need more people to do customer service in this case. However, for small to medium companies, we have two people that do the implementation.

We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue.

I rate Microsoft 365 Defender an eight out of ten.

We use Microsoft Defender XDR to secure data. 

Microsoft Defender XDR has reduced our security staff. 

The product integrates security into one tool instead of having third-party security tools. 

The solution does not offer a unified response and standard data. 

I have been using the product for three years. 

Microsoft Defender XDR is stable. 

The solution is scalable. 

It takes weeks for the support to respond. They are not helpful. 

Negative

Microsoft Defender XDR's deployment was very easy. 

We have seen ROI with the tool's use. 

Microsoft Defender XDR's licensing is complicated. 

Microsoft Defender XDR has helped us reduce two full-time employees. 

The solution is our identity source, which protects our identities through Microsoft Intra ID.

The solution helped us save time by not flipping between the systems.  

I rate it an eight out of ten.