Microsoft Defender XDR Reviews

We use Microsoft 365 Defender to provide cybersecurity to our clients. Microsoft 365 Defender provides real-time alerts which I review and analyze for our clients.

We implemented Microsoft 365 Defender to mitigate the cybersecurity threats our clients were facing. 

Microsoft 365 Defender is a valuable tool for our daily security operations. It provides us with a clear picture of security threats through its alert system, which identifies the origin of the attacks and correlates them with the MITRE ATT&CK framework.

It is user-friendly, loaded with features, and priced cheaper than the competitors.

Microsoft 365 Defender thwarts advanced attacks from spreading within our client's networks by utilizing the MITRE ATT&CK framework to recognize and categorize threats, then automatically taking steps to neutralize them.

Microsoft 365 Defender earns a rating of eight out of ten for its effectiveness in stopping attacks, which has demonstrably improved our security operations.

While Microsoft 365 Defender effectively stops attacks and adapts to new threats, human intervention is necessary for entirely new attack patterns. This is because the system relies on machine learning to identify threats based on past data, and completely new attack patterns wouldn't be recognized yet.

Microsoft 365 Defender enabled us to discontinue the use of other security products and helped save our security team time.

The most valuable features are machine learning, AI, and auto-remediation of non-malicious alerts. The onboarding and offboarding of devices are also seamless and the Windows Autopilot is helpful for our users.

Troubleshooting in Microsoft 365 Defender can be inefficient. Onboarding new devices with communication issues, for instance, requires using Veeam for log investigation and contacting Microsoft support, making the process time-consuming.

The current number of indicators of compromise provided by Microsoft is 15,000, but increasing this number would be beneficial for improving detection capabilities.

I have been using Microsoft 365 Defender for one year.

I would rate the stability of Microsoft 365 Defender ten out of ten.

I would rate the scalability of Microsoft 365 Defender ten out of ten.

Microsoft 365 Defender's technical support team is responsive, offering timely solutions to help our clients resolve their security issues.

Positive

In the past, we relied on both McAfee for antivirus protection and Cybereason Endpoint Detection & Response for advanced threat hunting, but we have since streamlined our security posture by consolidating these functions under Microsoft 365 Defender.

Microsoft 365 Defender is more user-friendly and flexible than Cybereason Endpoint Detection & Response.

Deploying Microsoft 365 Defender is a manageable process for our team of three, who handle our roughly eight thousand servers on an ongoing basis.

Microsoft 365 Defender offers competitive pricing. While purchasing an Azure subscription includes it in a bundled model, the standalone subscription cost for cloud storage and Defender itself remains reasonable, making it an affordable option compared to other security services.

I would rate Microsoft 365 Defender nine out of ten.

It takes some time to see the benefits because it is a large tool with many features that keep changing.

Our clients are enterprise-level.

Maintenance is required.

I recommend Microsoft 365 Defender to others.

Public Cloud

Microsoft Azure

Microsoft Defender XDR is our primary solution for security. We have a number of use cases across different environments, allowing us to secure all our use cases comprehensively.

One of the most valuable features of Microsoft Defender XDR is its ability to provide preemptive reports regarding excessive privileged access. This allows us to secure our systems in advance and proactively improve security, rather than waiting for incidents to occur. Additionally, it ensures that we are fully compliant before any audits are conducted, which has potentially saved our reputation. Furthermore, its integration across different environments allows central visibility for different workloads.

There is nothing I can think of at the moment that needs improvement. I am a contractor and finishing up soon, so I haven't encountered any issues requiring enhancements.

I have been working with Microsoft Defender XDR for a few years now, about one and a half to two years.

I was involved in the deployment, and it was very easy to set up and configure. I did not encounter any problem—it took half a day to a full day at most.

There are no complaints regarding the stability of the solution. It seems to do the job well.

The customer service is good, and they supported us well. Although it took some time, we got the required support in the end.

Neutral

The initial setup was straightforward, and I did not have any issues with it.

We used Teams for the deployment, but I could be wrong on that.

Overall, I would rate Microsoft Defender XDR a seven out of ten. It is a useful tool and not necessarily the best solution I've seen, but it is good and I wouldn't object to using it.

Other

Microsoft 365 Defender works together with Exchange Online is my area of specialty.

Microsoft 365 Defender incorporates a capability to identify potentially malicious emails or emails originating from suspicious senders.

Previously, we encountered a significant number of spam emails and suspicious emails, and users were inadvertently interacting with them. However, we have made progress in addressing this issue. We have conducted attack awareness training to educate users on identifying suspicious emails, and Microsoft Defender has played an important role in preventing such emails from reaching our inboxes. As a result, we have noticed a reduction in the volume of spam emails and an increase in the delivery of trustworthy emails. Considering these improvements, I can confidently state that we are in a better position now in terms of email security compared to the past before the implementation of Microsoft 365 Defender.

Within Microsoft 365 Defender, specifically using Advanced Threat Protection, you have the ability to define rules and actions for high-value alerts. 

By using Advanced Threat Protection, you have the capability to conduct thorough investigations and delve deeper into the search for specific threats that you suspect may be present within your organization. 

Within the Microsoft 365 Defender suite, you have access to numerous features that enable you to effectively track and investigate potential threats within your organization.

Automation significantly impacts our security operations in a highly beneficial way. It revolutionizes our approach by providing a centralized IT vendor admin center where we can execute all our search queries and obtain the desired information from a single interface. This unified platform streamlines the entire process by consolidating various components and their respective search processes into one, eliminating the need to navigate through multiple individual interfaces. With Microsoft 365 Defender, we have the convenience of accessing and investigating different areas of interest from a single standpoint. This not only saves us substantial time but also reduces effort and enhances overall efficiency in our security operations.

The consolidation of security operations has had a significant impact on our effectiveness and efficiency. It has resulted in improved response times, enabling us to swiftly pinpoint the potential sources of threats. We have observed a reduction in incident response time, allowing us to address security incidents more promptly. Additionally, the consolidation has enhanced the efficiency of our deployment processes, streamlining our overall security operations. These notable impacts have greatly contributed to our organization's ability to proactively identify and mitigate threats, ultimately bolstering our security posture.

Threat intelligence is an essential component in proactively preparing for potential threats and implementing proactive measures. While I have not personally engaged with this particular feature, it is widely acknowledged that staying informed about current threat intelligence is essential.

Although preventive measures are in place to minimize maintenance issues, there can be instances where threats successfully circumvent those safeguards. However, the capability to detect and identify threats before they cause harm to the system remains a valuable advantage. Anticipating the effects of this specific feature in Microsoft Defender is something I am eager to experience, as it appears to be a fascinating addition to the security measures.

Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment. 

Indeed, the credit-backed simulation feature in Microsoft Defender operates by sending simulated phishing emails to users within the organization based on the configured settings. When a user interacts with the email by clicking on a link or taking any action, they receive a notification informing them that it was a simulated phishing attempt. This simulation serves as a valuable training tool, helping users learn how to detect and respond to phishing emails effectively. By experiencing these simulations, users can enhance their awareness and develop the skills necessary to prevent falling victim to real phishing scenarios in the future. This feature is highly valuable in improving the overall security awareness and resilience of the organization's users.

In terms of visibility, Microsoft 365 Defender offers a comprehensive and detailed overview of threats and potential traces identified within your organization. 

Within Microsoft 365 Defender, you have the ability to configure specific criteria and assign high-risk values to certain indicators. This allows you to align with compliance regulations and establish your organization's threat determination framework. By leveraging Microsoft 365 Defender, you can implement and enforce these criteria to analyze and assess potential threats in your environment. 

I believe that Microsoft has the potential to greatly enhance the efficiency of the application by incorporating advanced capabilities into this feature. By providing users with the ability to customize and tailor threat detection according to their specific needs, Microsoft could significantly improve the overall effectiveness of the application. The addition of advanced capabilities would be a valuable enhancement, complementing the existing features and further strengthening the overall functionality of Microsoft 365 Defender. This would undoubtedly be a welcome and highly beneficial addition to the platform.

Microsoft 365 Defender demonstrates a commendable level of comprehensiveness in its threat protection capabilities. However, it is important to acknowledge that false positives and false negatives can be potential challenges in any security solution.

I primarily focus on using two key features within Microsoft Defender: the attack training simulation and the threat policies integrated with Azure Guard Protection.

The dashboard is one of the features of this application.

Implementing this solution has proven to be time-saving as it enables us to effectively track down suspicious and malicious attachments that may accompany emails. Even if users tend to click on attachments without much thought, we have successfully prevented and significantly reduced security breaches that were prevalent in our past security architecture. The ability to identify and mitigate potential threats has greatly improved our overall security posture, providing us with enhanced protection against breaches and unauthorized access to our systems. By leveraging this solution, we have experienced tangible benefits in terms of minimizing security incidents and safeguarding our organization's sensitive data and resources.

There was a specific incident where an email was received containing an executable file, and unfortunately, like many other users, this particular user was unaware of the potential risks and clicked on it without hesitation. Consequently, the consequences of this action became evident. 

Microsoft 365 Defender has provided us with the capability to pinpoint the specific machine where the application is currently present, as well as track the actions and steps that the application has already taken on that machine. This is just one example of the numerous areas where Microsoft 365 Defender has proven invaluable in our security operations. 

While providing an exact numerical comparison may be challenging, I can confidently say that the improvement in our response capabilities with Microsoft 365 Defender compared to our previous security architecture is indeed significant.

It is fair to acknowledge that Microsoft 365 Defender, like any software product, is not without its imperfections. There are instances where it may incorrectly flag legitimate emails from trusted senders as spam or exhibit inadequate performance in accurately classifying certain emails.

Aside from that, it's a pretty good solution, and that is for the emails.

However, the main point I want to convey is that for someone who is new to it, using Microsoft 365 Defender will demand a significant amount of effort and a willingness to learn about the product in order to maximize its benefits. It deals with technical aspects and encompasses a broad range of features beyond just the mentioned warranty, such as online exchanges. To effectively utilize Microsoft 365 Defender, it is important to have a thorough understanding of its functionalities.

It may be too complex for beginners to grasp.

In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals. 

Breaking it down into smaller components or enhancing its comprehensibility for end users would serve as a valuable advantage. In fact, it would not only impress others but also motivate them to understand the significance of utilizing I Defender in their specific situations.

At the moment, I have limited knowledge about TripAdvisor and its offerings, so I'm unable to provide comprehensive information. However, based on my current understanding, I believe it would greatly benefit from being more user-friendly and simplifying its features. This would enable users to easily navigate the platform and maximize their experience with it.

I have been working with Microsoft 365 Defender for a year.

To the best of my knowledge, I have never encountered a situation where Microsoft 365 Defender experienced significant crashes or unresponsiveness, aside from occasional instances of false positives and false negatives. I have found the platform to be reliable and self-service oriented, with prompt responses from the provider whenever assistance was needed.

We currently have around a hundred users with Office 365 licenses; however, not everyone has the same plan that includes Microsoft 365 Defender. I was hoping to access the admin dashboard to have a closer look at the settings and configurations, but it seems that access is limited to approximately fifty users.

This is managed by Microsoft you don't have to do anything.  All you have to do is understand how to use it to make it work for you.

Similar to other cloud applications, I believe Microsoft 365 Defender demonstrates excellent scalability by seamlessly accommodating an increasing number of users. It effortlessly scales across these users, eliminating the need for extensive efforts to extend security measures to them. The scalability of Microsoft 365 Defender is highly commendable.

In situations where an email that appears to have properties indicative of spam gets delivered instead of being flagged, it is advisable to contact the technical support team directly. 

Engaging with customer support allows you to understand why such potentially harmful content was allowed into your organization. While Microsoft 365 Defender is an advanced solution, there is always room for improvement, and feedback can help drive future enhancements to make it more effective.

By reaching out to customer support, you can address specific concerns and gain insights into how to optimize the system's performance for better security outcomes in the future.

I would rate the technical support an eight out of ten.

I use Exchange Online Protection in conjunction with exchange mailboxes.

They collaborate closely. Collaborating with one is nearly identical to collaborating with the other due to the overlapping features between Microsoft 365 Defender and Exchange Online. Essentially, I consider them to be synonymous since their primary objective is ensuring security.

They lack native integration and instead exhibit interdependence. I believe their collaboration is essential in order to fully utilize their capabilities and optimize the user experience. It is crucial for them to function together in order to achieve maximum benefits and enhance overall performance.

The main differentiating factor is the expanded scope of Microsoft 365 Defender, which is evident as the primary distinction. Our utilization includes Microsoft 365 for cloud applications and Microsoft 365 for Office Microsoft 365 applications. However, when it comes to Exchange Online Protection, its functionality is exclusively focused on email boxes.

Microsoft 365 Defender provides a broader and more extensive coverage compared to Exchange Online Protection, offering a wider reach in terms of wireless accessibility.

In the past, we used Mimecast for email filtering, and before that, we employed Trendmicro as our spam filtering and email filtering solutions.

I was not involved in the deployment process.

Previously, organizations had to invest in separate third-party filtering solutions to effectively address potential threats and breaches. However, the situation has now improved significantly as Microsoft 365 Defender consolidates all these necessary security measures into the comprehensive Microsoft 365 license. This consolidation brings numerous benefits, making it a win-win scenario for organizations. They no longer need to make additional purchases or manage multiple security solutions, as everything is conveniently available with the Microsoft 365 license.

With an eligible and dependable license like Microsoft 365, there is no need to concern yourself with the purchase of an additional third-party solution, which often comes at a higher cost. 

All these functionalities have been consolidated into a single license, eliminating the need to incur additional costs for third-party solutions such as Google Security for email features and similar functionalities.

The time it takes for us to respond has been significantly reduced. Additionally, the time it takes to detect potential threats has also seen significant improvements.

In situations where Microsoft 365 Defender did not successfully mitigate a potential threat or error, it highlights the need to initiate a new process to address the specific scenario. However, with the current setup, we are now able to detect and prevent such incidents in a timely manner. This proactive approach has saved us from potential future issues and the associated costs that may have arisen. Without Microsoft 365 Defender, it would have been challenging to identify and contain these threats, which could have caused widespread problems throughout the environment. The implementation of Microsoft 365 has effectively stopped such incidents from occurring, mitigating the need for extensive investments to resolve the issues. This positive outcome demonstrates a favorable return on investment, provided we fully understand and leverage the capabilities of the product to its maximum potential.

I believe the pricing is fair and acceptable. I consider it to be reasonable and satisfactory.

If you prioritize security, considering the cost should not be a determining factor. If you truly understand the level of protection offered, you wouldn't be concerned about the price. Instead, you would focus on the value provided. From our perspective, the pricing is reasonable considering the significant benefits and value we currently receive.

We recently transitioned away from those solutions and successfully migrated everyone to Microsoft 365 Defender. Since then, we have been exclusively using Microsoft 365 Defender without any changes up to the present time.

We have no motivation or desire to switch to or explore other products, as we are already satisfied with the quality and value we receive from our current investment.

Optimally managing a combination of various security solutions can be time-consuming and overwhelming. Instead, having a single dashboard where you can consolidate and run all your queries proves to be more efficient. While the intention might be to extract the maximum benefits from multiple solutions, dividing your attention among them hinders the ability to fully leverage each one. Therefore, it is advisable to identify a comprehensive solution that meets your requirements and focus on understanding how to maximize its potential and utilization.

Furthermore, using multiple solutions in an environment can lead to compatibility issues and conflicts. When you have multiple applications performing similar functions, it can complicate matters and potentially cause problems in the future. To avoid such complications and maintain a streamlined setup, it is advisable to stick with a single solution and focus on understanding and optimizing its usage. By doing so, you can ensure better control and avoid potential disruptions that may arise from using multiple conflicting applications.

To truly grasp the value of a service like Defender, it may be challenging for someone who hasn't experienced the need for its intervention firsthand. It is essential to engage individuals who have encountered scenarios where Defender played an important role in saving the day. When evaluating the effectiveness of the solution, it is important to involve those with hands-on experience, who have witnessed the capabilities of the product and understand how to maximize its utilization. The hands-on experience becomes paramount when screening and assessing the proficiency of individuals in dealing with this specific solution.

I would give Microsoft 365 Defender a rating of nine out of ten. The only reason I'm not giving it a perfect score of ten is that it can be quite technical for someone who is just starting out. Additionally, there may be occasional false positives and negatives, which is not unique to Defender but is a common occurrence in various software and security applications. However, apart from these minor aspects, I consider Microsoft 365 Defender to be an excellent solution overall.

Private Cloud

Microsoft Azure

We use the entire 365 security package. Defender XDR is primarily used for real-time malware scanning. Our company has about 1,500 endpoints. 

Before Defender, we used a different tool but were unhappy with its performance and frustrated with the deployment. Defender offers real-time scanning and alert notifications.

By adopting the Microsoft stack, we have eliminated other security solutions. Defender XDR reduces manual work. Our organization manages more than 1,500 systems, and manual intervention on all these systems would be a huge workload. Cloud solutions are easier to manage and monitor. 

We are a massive Microsoft shop. We see significant savings by getting all of our security from one vendor. There is a considerable drop compared to buying from other vendors. 

Defender XDR enables you to scan a system remotely and get a complete inventory of its assets. You can gather more information from the asset inventory and apply threat intelligence using Office 365 or something. It's a user-friendly, cost-effective, and feature-rich solution. The XDR features offer considerable value because you get more insights from your user systems.

Microsoft Defender XDR stops the movement of advanced attacks by working with the complete 365 package. For example, you can create rules for email filtering to block phishing emails. I can create rules for email filtering. If there are any suspicious links in an email or its attachments, we can quarantine that email. It notifies the admin or the user.  The user can ask the admin to remove the email from the quarantine. We can investigate the email before it reaches the endpoint. Defender also has web content filtering and all the other EDR file features.

Defender's ability to adapt to evolving threats is critical today. The number of attacks today is multiplying, and Defender's adaptability and awareness are amazing.

The initial time spent setting up and configuring Defender XDR is a bit longer than the other solutions. If everything were on one portal, the platforms for managing policies or alerts would be simpler. We must automate and manage policies on Intune rather than the same portal.

I have used Microsoft Defender XDR for nearly 14 months.

I am very satisfied with Defender's stability. It's a reliable solution that improves our confidence in our security.

I rate Microsoft support seven out of 10. I would like Microsoft's support to be a little more robust and technical.

Neutral

Deploying Defender XDR is pretty straightforward. We deployed it in phases with deadlines. It took a couple of months. We met all our deadlines, and it wasn't a very complex solution to implement. 

We prepared and configured the tenant. Next, we created XDR policies and groups and orchestrated our requirements. We tried pushing the policies to see if the endpoints received them and sent the required information back to the admin portal. There was a testing period before we went live. Deployment only required two people. 

Defender doesn't require much maintenance after deployment because it's a cloud-based solution. We only need to tweak and update the policies, then push them out. 

Defender XDR is reasonably priced based on the licenses we need and the solution's capabilities. At the same time, Defender is a little pricier than some of the other solutions. 

We also considered CrowdStrike and Trend Micro. Trend Micro came the closest to meeting our expectations. Ultimately, we decided to use Defender XDR because we already used most of the Microsoft products, so it was a little more cost-effective. 

I rate Microsoft Defender XDR nine out of 10. Before deploying Defender XDR, potential users should be informed about the pricing, support, and the labor required to manage, maintain, and deploy the solutions. 

I am a consultant responsible for deploying and providing customer support for Microsoft products. We use Defender XDR for endpoint protection. It helps them secure endpoints with an advanced XDR solution that conducts behavior analysis and things like that.

Defender XDR provides more visibility into all the connected services, including the security stack and all the productivity software. They're all integrated. It's much less maintenance and has fewer headaches during integration and setup. Implementing the solution and getting the customer fully protected takes very little time. According to Gartner, it's one of the best solutions on the market,  and it requires a limited amount of time and resources to get it fully operational.

By adopting Defender XDR, our customers have discontinued other security products. The solution can replace products like Kaspersky, McAfee, Trend Micro, and even CrowdStrike. 

It has affected customers' security operations by simplifying permissions and reducing the total cost ownership if we discontinue all the security products that the customers used before. Customers usually save around 20 percent, but it's more than simply replacing one component with another. It replaces several security solutions like email and cloud application protection. If you compare the total cost of ownership of on-prem solutions versus Microsoft, it is better to go with Microsoft. You also get lifetime upgrades for the systems and features that you implement.

Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing. Customers like that the platform provides a single pane of glass for all the security services. Many of them do not have the capacity to support complex systems, so it's better for them to have most of the tools integrated into one platform. 

You can integrate XDR with Microsoft's identity solution Entra ID if you have a premium license. Those tools are fully integrated, but you need to purchase a separate solution called Defender for Identity to get tools to protect identities and connect the Enterprise Data Center with Defender.

Defender XDR's coverage isn't limited to Microsoft products. You can use almost any solution and achieve the same single point of control. For example, you can integrate Microsoft Defender for Cloud Applications, which covers all the cloud service providers. It isn't limited to only Microsoft infrastructure.

Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team.

I have used Microsoft Defender XDR for five years. 

Defender XDR is almost 100 percent stable.

Defender XDR is infinitely scalable. 

I rate Microsoft standard support six out of 10 and premium support eight out of 10. The response times for basic Microsoft support leave much to be desired. It can take up to two weeks to resolve issues if you don't have a support contract. 

Neutral

Deploying Defender XDR is relatively straightforward, but it depends on whether the customer has already integrated its on-premise infrastructure with the Microsoft cloud.

Deployment requires one or two engineers on our side. We determine the scope of the work and the deployment before rolling out the clients to the endpoints. The biggest question is whether the customer already has the network infrastructure prepared for that service based on the Microsoft documentation. For example, we must determine if the endpoints connect directly to the Microsoft cloud or through a proxy server, firewalls, etc.

Defender includes four or five products different products. The most useful is Defender for Endpoint, which typically takes up to two weeks to deploy, while Defender for Office and Defender for Identity take one week to deploy. Defender for Cloud Applications can be deployed in a few days. It also depends on how the customer will use it. If it's being used for compliance, the customer's requirements may be totally different. 

The number of maintenance and administrative personnel depends on the organization's size and the number of solutions deployed. It's hard to calculate how people would be necessary for that particular part of the security ecosystem. However, Defender XDR takes up to three people to manage. 

Defender XDR is expensive, but the cost is justified. Defender is included in an E3 or E5 license. If you don't have a premium Microsoft license and you purchase Defender separately, the whole model will be different. You can also pay extra for premium support. 

I rate Microsoft Defender XDR nine out of 10. I recommend starting it as soon as possible, but you must also plan for any future on-premise solutions that you might bring into the system. Consider any prerequisites you need if you decide to go with the product. The biggest issue is that your network infrastructure needs to be set up according to the Microsoft documentation.

Public Cloud

We use Microsoft Defender XDR to protect our endpoints, computers, mobile devices, and emails.

In part, Microsoft Defender XDR provides unified identity and access management.

Microsoft Defender XDR can protect 98 percent of devices.

With Microsoft Defender XDR we can now manage all of our non-critical computers from one console. The management level and implementation level are easy. Microsoft Defender XDR is also cost-effective.

We have been using Microsoft solutions for over 25 years so it didn't take much convincing to start using Microsoft Defender XDR.

Microsoft Defender XDR has enabled us to discontinue the use of Kaspersky in our safe computers.

Being able to reduce the number of solutions used has been helpful to our security team's operations. The discontinued use of other security products has reduced manual correlation. Using Microsoft has a lot of advantages, especially in management. The reduction in manual correlation is important for our organization.

Microsoft Defender XDR saves our security team around three hours a day.

The most valuable features are spam filtering, attachment filtering, and antivirus protection.

Microsoft Defender XDR is not a full-fledged EDR or XDR. Any true XDR should be more powerful than what Microsoft is currently providing. For some public-facing companies, computers, and endpoint computers, we need additional security from CrowdStrike or other third-party XDR.

Microsoft Defender XDR does not stop 100 percent of the lateral movement or advanced attacks. Our machines use both Microsoft Defender XDR and Crowdstrike and we have had instances where attacks were missed by Microsoft Defender XDR but caught by Crowdstrike.

I have been using Microsoft Defender XDR for four years.

Microsoft Defender XDR is stable.

Microsoft Defender XDR is scalable.

We previously used Kaspersky, Norton, and CrowdStrike. We switched to Microsoft Defender XDR because of its streamlined management capabilities.

The initial deployment was straightforward. We pushed Microsoft Defender XDR remotely across our system consisting of 300 computers. We are a team of seven people and each of us was involved in the deployment process.

The implementation was done in-house.

Microsoft Defender XDR is expensive.

We did not evaluate other security solutions because I have extensive knowledge of most products, their strengths and weaknesses, and their overall capabilities. Additionally, considering all our products are on Microsoft 365, a cloud-based platform, and we already utilize its various components like mail, documents, and more, integrating Microsoft Defender for threat detection and management was a natural choice due to existing ecosystem compatibility and streamlined administration.

I would rate Microsoft Defender XDR an eight out of ten.

Microsoft Defender XDR is deployed across multiple locations and departments.

Minimal maintenance is required for patching.

Private Cloud

Microsoft Azure

Microsoft 365 Defender is used for our threat policies, configuration, and security protection.

The current level of threat visibility is good.

Microsoft 365 Defender helps prioritize threats across our enterprise which is important for our organization.

The mail component within our organization is the most critical part and Microsoft 365 Defender plays a big part in protecting that component. 

We have integrated Microsoft 365 Defender with Defender for Cloud, and Sentinel. Integrating the solution with Defender for Cloud is easy. 

The integrated solutions work natively together to deliver a coordinated detection and response across our environment which is important for our organization.

The comprehensiveness of the threat-protection that Microsoft products provide is good.

The bidirectional sync capability of Defender for Cloud is important for our organization.

The bidirectional sync of Defender for Cloud helps us secure our network.

Microsoft Sentinel allows us to investigate data from our entire ecosystem.

The ingestion of data to our security operations is critical and Sentinel does a better job than the other solutions we tried.

Microsoft Sentinel enables us to investigate threats and respond holistically from one place which is important for us.

The built-in UEBA and threat intelligence capabilities are good.

Microsoft 365 Defender helps our organization by detecting false positives.

Our Microsoft security solutions help automated to retain tasks and help automate the finding of high-value alerts.

The automation has helped us with our playbook.

The solution has helped eliminate multiple dashboards by providing one XDR dashboard.

Having one XDR dashboard allows us to react to threats faster.

Microsoft 365 Defender's threat intelligence helps us prepare proactively for potential threats before they hit.

Microsoft 365 Defender has saved us between one and three months of time.

Microsoft 365 Defender has saved us time to detect and respond.

We have saved a significant amount of money with the implementation of Microsoft 365 Defender. Prior to using this solution, we encountered costly incidents.

All of the security components are valuable including, antiphishing, antispam, and stage three antivirus.

Additional visibility into log analytics would be beneficial. For instance, if an attachment was affected by malware, it would be helpful if Microsoft 365 Defender could provide more specific details about the origin of that particular malware, such as where it originated from. Any additional information in this regard would be greatly appreciated.

The integration of Microsoft 365 Defender with Sentinel is a bit complex when integrating custom connectors.

The cost of using Microsoft Sentinel is dependent on the size of the data the solution will ingest. I would like Microsoft to provide proper guidance on the sizing so we know what we will be spending.

Technical support has a lot of room for improvement. The support team is not competent or responsive.

I have been using the solution for one year.

Microsoft 365 Defender is stable.

Microsoft 365 Defender is scalable.

The quality of technical support we receive is poor. We encounter difficulties while dealing with the support team, even for critical incidents. Moreover, we always receive a response from the same engineer. However, they are not cooperative in using Microsoft Teams or joining a call with our clients.

Negative

The initial setup is straightforward. The deployment was completed by two people and required seven to eight days.

The implementation was completed in-house.

The licensing fee for Microsoft 365 Defender is fair.

I give the solution a seven out of ten.

The solution is deployed across multiple locations.

We have 5,000 users.

We have three administrators for the solution.

When an organization is already using other Microsoft solutions it is best to use Microsoft 365 Defender because of the seamless integration.

Microsoft 365 Defender is not difficult to implement and can be utilized by anyone.

Private Cloud

Microsoft Azure

We are yet to use Microsoft Defender XDR for ourselves as we are yet to procure the product.

Vulnerability assessment and just-in-time access are some valuable features of Defender for server plans. Additionally, the threat detection at the OS level is a very good feature of Defender.

Microsoft could improve on threat hunting and build more on threat detection and handling. The cybersecurity and cloud security posture features are a bit lesser than standard security products.

We have not yet used Microsoft Defender XDR as we are yet to procure the product.

I was working with CrowdStrike before Microsoft Defender XDR. CrowdStrike has advantages in terms of threat hunting.

We are doing it for the first time, so I have nothing to compare in terms of ROI.

The pricing is a little high, however, it is on par with other competitive tools in the market.

I have not evaluated other XDR solutions besides CrowdStrike.

I would recommend Microsoft Defender XDR to others as long as they are aligned with Microsoft products, cloud, or on-prem, especially if they are using Microsoft Windows architecture. I would rate Microsoft Defender XDR six out of ten overall.