Microsoft Defender XDR Reviews

We use the solution to back up our data frequently.

The solution is well integrated with applications. It is easy to maintain and administer.

The data recovery and backup could be improved.

I have been using the solution for a couple of years.

The solution is stable.

The solution is scalable, you do not need to worry about resources. I have more than 50 users using the solution in my organization.

The support provides a 24 hrs service which I am completely satisfied with.

The installation was straightforward it did not take very long to deploy the backup software on any application.

We have six people that do the maintenance of the solution in my organization.

The solutions price is fair for what they offer.

I recommend this solution to others, it is easy to use and they will enjoy it.

I rate Microsoft 365 Defender a seven out of ten.

We primarily use the solution for security. We removed all other antivirus products such as McAfee. We removed everything and now use Defender as Defender covers everything all third-party products used to cover.

Overall, we are satisfied with the product.

Instead of using three or four tools for security, we can use one. With one product, Defender, we have all of the features we need. We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks. 

It's very user-friendly.

The dashboards could be improved. They have to improve something about the dashboard. It is good, however, they need to provide some more information under each account.

The logs could be better.

I've been using the solution for two years. 

The solution is a perfectly stable product.

The scalability of the product is good.

Technical support from Microsoft is good. We haven't had any issues with them. We are quite satisfied so far. 

We previously used McAfee, however, we wanted to have just one solution, Defender, to cover everything.

The solution's initial setup is not complex yet not easy. We had to use some scripts and policies and a lot of things. If you set up a new environment with Defender, you have to integrate with the old policy and the same policy that was already set up. It needs time.

I handled everything without any consultation from any outside sources. 

I don't know the cost. The costs are handled by management. I can't say if the cost is expensive or not. I don't handle that aspect.

We're Microsoft partners. 

I'd rate the solution at a ten out of ten. It's a pretty perfect product.

As an MSSP, we work with customers who have Microsoft Defender XDR. We manage it for them 24/7 and 365 days, acting as an extension of their team. We leverage what they've got in their licensing, often E5 or E3 with the security add-on, to get the best information for our analysts to improve investigations, triage, and respond on their behalf, as the XDR stack allows us to do this extremely well.

We do this for a lot of different customers. We've got customers all across the country. Some of them have global distribution, so it's pretty significant.

The incident-level visibility across the cyber attack chain when using Microsoft Defender XDR is great. The biggest advantage is having a more integrated platform. What we've seen by working with customers who have disparate technologies is that those are rarely implemented properly. They don't have good configurations or the right configurations turned on, and then they do not get the value out of those products, and those products aren't working together. Technologies that aren't implemented properly or lack good configurations fail to deliver value. When we implement Microsoft Defender XDR, we see a more integrated experience with better telemetry, giving us clearer insights into their environment as compared to using disparate products.

Due to this integrated approach, the impact of using Microsoft Defender XDR on our SecOps team's effectiveness in handling cybersecurity incidents is fantastic. We've worked with other products in the past that weren't as powerful or robust. Since making the switch, our customers are benefiting more from these products working together, providing a full picture rather than just a piece of the pie.

Microsoft Defender XDR's capability to automatically disrupt advanced cyber attacks is awesome. The automations in play are fantastic, although we often opt for manual investigation to ensure that the automated actions taken were the correct responses. From a first-level response perspective, it's extremely powerful.

We use Microsoft Defender XDR to manage and secure hybrid identities. In terms of access management, it gives a lot more provisional access, where we can make sure that we've got the right access for the right level of employee. As they change profiles or leave, we can go and change pretty easily, so that all this access is not floating around in the customer's environment.

The feature of Microsoft Defender XDR that I preferred the most traditionally was its focus on endpoint protection, but now identity is right up there with endpoint security. Identity is important because different compromises start at the identity level. This allows us to understand what actions are being taken, who is doing them, and whether it is actually them. It provides better information for us to assess the situation, decide if it's real, and determine if further investigation is needed.

Microsoft Defender XDR can be improved with continued development of automations and automated playbooks, but overall, we've been really happy with it, and I don't have a long list of changes I would make.

The customer support aspect can be better because it's the biggest complaint I hear about Microsoft. They can improve the ease of support and licensing processes.

I have been using Microsoft Defender XDR for about a year and a half or two years. We use it for our customers. We manage it for them.

The stability and reliability of Microsoft Defender XDR is fantastic.

Microsoft Defender XDR scales extremely well with our company's growing needs, especially if Intune is in place. As we build out operations, such as during M&A, having everything set up allows us to migrate customers seamlessly.

We do a lot of troubleshooting ourselves, so we don't utilize their support frequently. I have heard from customers that it's not the easiest, and sometimes, it can be complex to reach the right person for specific needs, which is an area we prefer to handle ourselves.

Positive

The factors that made us change from other solutions to Microsoft Defender XDR include the issues with disparate tools that promise much but fail to deliver. Once we saw how Microsoft Defender XDR is purpose-built to work together seamlessly, it became clear that we could deploy it. We could witness how it functions as one cohesive platform instead of troubleshooting multiple products.

It's pretty easy, especially if Intune is in place. Otherwise, it can be a little bit complex. That's another area that we lean into. We're trying to get Intune fully deployed. We're working with customers who don't have Intune. We strongly encourage it, or we help them get it. If they don't, we'll get some workarounds, but we'll ultimately try and get them to Intune so that it makes that experience much easier as they continue to add employees. They may go through M&A or bring on a new system.

The biggest return on investment for us is that by being on the platform, we can sunset many legacy tools. Many customers don't realize what they can access through the stack. It enables them to cut out old tools with redundant functionalities, freeing up the budget for their security programs elsewhere.

It can be complex to navigate since customers have varying licensing agreements across Microsoft. If they go straightforward with E5 for all users, it's simple, but combinations based on budget constraints can complicate things.

There are certainly savings when using Microsoft Defender XDR, which can range from 30%, 40%, and even up to 50%. However, outcomes depend on the specific environment and the tools previously purchased that can be replaced.

I did consider other solutions before choosing Microsoft Defender XDR, but it was a quick decision because many of our customers were already moving in that direction. Some of the names I remember include SentinelOne, Cylance back in the day, Sophos, and Symantec. These were among the traditional EDR products we looked at before switching to Microsoft.

Microsoft ranks at the very top among the platforms we considered. We frequently tell customers that if they aren't considering it, they should be, because everyone is using Microsoft in some capacity already. We see better security outcomes. Gartner rates them in the top right quadrant, and consistently, it's recognized at the highest level.

I would rate Microsoft Defender XDR overall as a nine out of ten, as I rarely give a ten.