Microsoft Defender XDR Reviews

Microsoft Defender XDR is our antivirus solution.

Microsoft Defender XDR provides a unified identity and access management platform.

It does a good job with identity protection.

Including identity and access management within Defender XDR is valuable because it streamlines our organization's security by consolidating multiple tools into one. This eliminates the need to manage and pay for separate solutions and licenses, simplifying our security posture.

Microsoft Defender XDR has improved our visibility, making us more efficient by providing threat details and remediation steps as well as improving our security posture.

It safeguards our organization by preventing advanced threats like ransomware and business email compromise, along with stopping lateral movement within our network that could enable attackers to spread and gain wider access.

It includes the ability to stop attacks and adapt to evolving threats. This is an important feature for us.

We have been enabled to discontinue using Microsoft Sentinel.

Microsoft Defender XDR helps save costs through the licensing for businesses which is around $20 each and helps save time for our security team.

The ability to isolate and address viruses is the most valuable feature of Microsoft Defender XDR.

Just like in any solution, the price can always be cheaper.

I have been using Microsoft Defender XDR for three months.

Microsoft Defender XDR is stable. It has been running smoothly for us.

The support has been perfect.

Positive

To consolidate our security tools and avoid additional costs for a separate EDR solution, we leveraged our existing Microsoft Sentinel license to migrate to Microsoft Defender XDR, which already includes EDR capabilities.

Our initial deployment of Defender XDR onto machines was simple. Onboarding a machine involves configuring settings within Intune for our tenant, allowing Defender XDR to communicate and collect data. The entire deployment process took only two hours and required just one person.

The implementation was completed in-house.

I would rate Microsoft Defender XDR ten out of ten.

No maintenance is required.

I recommend Microsoft Defender XDR for small businesses like ours.

We use Microsoft Defender XDR for antivirus, threat intelligence, and email blocking.

Microsoft Defender's XDR platform provides unified identity and access management. It has improved significantly, although other products remain slightly ahead. I would rate it among the top four or five XDR platforms I've used, and Microsoft is continuously enhancing its capabilities. Overall, it's a fairly good solution.

Consolidating identity and access management under one umbrella within Defender 365 offers significant advantages. This unified approach simplifies control and visibility, eliminating the need to navigate through different screens from multiple vendors. With everything centralized, we gain a comprehensive overview of all IAM activities and can easily access specific details through subcategories. The main page provides a clear starting point, highlighting key information and granting quick access to deeper levels of detail when needed.

While Microsoft Defender can effectively impede the lateral movement of advanced ransomware, it cannot guarantee complete protection. No system is perfect, and vulnerabilities will always exist.

Defender's ability to stop attacks includes its adaptability to evolving threats. Microsoft has been steadily improving Defender over the past few years, and they continue to do so. Several updates in recent months have changed Defender's functionality, making it more effective. While technology advances and tools like Defender improve, the skills of hackers and their tools also evolve. This necessitates continuous improvement to keep pace.

Adaptability to evolving threats is crucial. A static system is vulnerable to attack. Its unchanging vulnerabilities can be readily identified and exploited, allowing unauthorized access and manipulation. Constant improvement is necessary to maintain security.

While we have reduced our reliance on other products, we haven't eliminated them at this time. We are actively reducing our use of other products as we progress. Once we have completed the configuration and setup process for Defender XDR, we can then fully transition to using it as our primary product.

Defender XDR has saved our security team approximately two hours per day. Automation is improving steadily, allowing us to automate audit file processing and scheduling. This provides us with continuous insight into our environment. The main page offers a high-level overview of current activity, enabling us to quickly identify any anomalies. Our security team can then address these anomalies promptly.

The threat intelligence is excellent. Email collaboration is very good. Device protection is useful. Overall, 90 percent of Microsoft Defender XDR is used weekly, primarily for email collaboration.

Advanced attacks could use an improvement.

I have been using Microsoft Defender XDR for almost four years.

I would rate the stability of Microsoft Defender XDR a nine out of ten.

Microsoft Defender XDR is scalable and we are planning to increase the usage.

The Microsoft technical support I used in the past was quite good. They were typically responsive and efficient, providing solutions quickly. However, I haven't needed their assistance in the last year, so I can't offer an updated assessment.

Our past experience includes Sophos, Check Point, and ESET. We briefly utilized SentinelOne as well, but ultimately opted for Microsoft Defender XDR. We had Defender included in our purchases but it wasn't being utilized fully until I fine-tuned and set it up to work more efficiently.

I would rate Microsoft Defender XDR an eight out of ten.

We require three people for maintenance.

We have Microsoft Defender XDR deployed across multiple locations, roles, and teams.

Before implementing Microsoft Defender XDR, ensure that all the features will be utilized otherwise it is more cost-effective to go with a smaller package that includes only the features needed by the organization.

At FileVine, we provide case management software for attorneys, so we have considerable SOC 2 compliance requirements. We need more than a firewall; we also need a solution that helps us upkeep and manage devices, laptops, etc. 365 Defender fulfills these requirements, and SOC 2 compliance is our primary use case.

We're a hybrid company using both Macs and Dells, deployed across multiple regions.

The solution helps us improve compliance regarding end users installing updates. It clarifies which users need to update and how they can go into Terminal or PowerShell to perform that process. We don't have to waste time looking for what needs to be done, which is a useful functionality. The product automatically informs us of high and low priorities, which is great; it allows us to deal with the most significant priorities first.

365 Defender helps us automate routine tasks, and we get updated daily. We can integrate Splunk to see what's going on and what needs to be updated. Automation significantly impacts our security operations; it feels like we have a vault around us that nobody can breach.  

The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update.

The visibility into threats provided by the solution is excellent. When a threat triggers a response based on our set rules, it's stopped, and we are notified via email. We can then analyze the threat and make a decision; this entire process is straightforward and user-friendly. 

The product helps us prioritize threats across the enterprise, especially in the legal domain. It is very valuable, and one of the reasons we have been so successful at Filevine is the security measures we have in place. We use many tools, one of them being Microsoft 365 Defender, which significantly contributes to our IT team and company's success.   

Our integration of multiple solutions helps to deliver a coordinated detection and response in our environment. We integrate with Zscalar, which is very easy and manageable. We thought it might be difficult, but it works very well. Much like a car, our security system is composed of many moving parts working together, which helps us move forwards as a company and thrive in a relatively challenging economic time. 

The comprehensiveness of the threat protection provided by using multiple Microsoft security products is excellent. It's a simple system; we have incoming and outgoing traffic rules. When a rule is triggered, we are notified by email to look over the situation. For example, we can see viruses and malicious actors attempting to breach our security and respond by blacklisting the IP address. Sometimes, we gather information and pass it on to the FBI, as we have many SOC 2 clients.

365 Defender helped eliminate multiple dashboards, which is great because I like to be as minimalistic as possible regarding dashboards. Now, I only have to look at one or two at most, simplifying the security landscape, and I love that about the tool.  

The solution's threat intelligence helps us prepare for potential threats before they hit; most recently, we were protected from the August 2022 Apple hack. We had measures in place, so none of our devices were affected. We were spared any data compromise, and it's an excellent example of why we invest in security solutions. It builds our confidence and strengthens our case with the higher-ups for increasing and maintaining our cybersecurity budget. 

The product certainly saves us time. We trust in the protection and can focus on different projects, including automation, so we don't have to spend time dealing with issues and security breaches. I'd say we save four or five hours a week.  

365 Defender saves us a lot of money because we don't have to recover data or hire outside lawyers to help us with legal trouble. We don't need to invest in physical products or external security teams and solutions. We can keep our security operation within the company, so all our money is invested in people who care about our product and business.  

The solution quickly notifies us when a threat is detected, increasing our response speed. Other products I used in the past sometimes had significant delays with notifications, which is far from ideal when dealing with potential security threats. 

Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed.

I have been using the solution for a few years. 

The solution is very stable with low latency. 

The product is highly scalable, which is fantastic because we have been expanding significantly. It's up and running and good to go very quickly, which has been excellent for our expansion in Florida, New York, Maine, and Canada.

I have yet to contact support. One thing that helps in this regard is that I have an AZ-900 handbook with Microsoft fundamentals. 

365 Defender was already in place when I was brought into the company, but they previously used Jamf Protect. They switched because it cost too much and wasn't fulfilling the requirements. It didn't perform as well as 365.

I can't speak to the setup as the solution was in place when I arrived at the company. However, 365 Defender is one of the most lightweight tools we use in terms of maintenance. We keep it up to date, and it works very well.

I would say the solution gives us a significant ROI, especially considering the issues in the industry recently. Russia and China hacked many companies, but we never had that problem, and that's a lot of money saved for us. That's not entirely because of 365 Defender, but also thanks to our excellent security team and the robust toolset at our disposal to protect our operation.

The solution is affordable, and we haven't been hit with any hidden costs. The subscription model is straightforward, and it's easy to understand how much additional features cost. If we need to cancel a license or feature, we do that well in advance to avoid being charged for it, but overall, the pricing and licensing are simple and easy.

I would rate the solution an eight out of ten. 

We use multiple Microsoft security products, including Defender for Endpoint, MFA as a standard on all work laptops and computers, and Endpoint Manager. We use additional tools to protect the Mac side of our operation. We use Microsoft Intune, some other MDMs, and some other assets from Defender for Cloud, and for cloud security, we use GCP, Azure, and AWS. 

Many of these products are integrated, and the integration was relatively straightforward. It was somewhat time-consuming as we previously used Jamf Protect for a long time, so switching our entire infrastructure over to the new products took some time.   

We use Defender XDR to assign roles and monitor based on the analytics report from Microsoft. 

Defender XDR has improved the organization's confidentiality. If there's a DLP violation, such as someone sharing documents inappropriately, a notification will automatically trigger. Defender stops the movement of advanced attacks. We first need to set up some independent indicators of compromise. The IOCs are connected to some attack surface reduction rules.

We get alerts if someone tries installing something on the system or adding an external hard drive. We get security recommendations from Microsoft, but our security implements them on their own. We don't use the AI feature. We see significant time savings from the alerts based on the indicators of compromise. It saves us about 10 to 15 percent.

The best feature is probably the alert generation. When I do a security reset, the other session triggers instantly from the Defender console, and I can work on it. The policies are three times, but they are also ready to install it.

The identity management feature is something we need for our use case. It wraps up the access management and XDR components, so it's not just Defender. It works well with Azure AD for access management. I didn't think I needed identity and access management in the past, but it's nice to have if you're performing a significant migration on a tight schedule. 

Defender XDR's coverage extends beyond Microsoft technologies. It covers all the endpoints of users in the organization. I can manage access to any application and system within the organization. 

Defender XDR could provide recommendations for threat-hunting queries. Some people do not know how to write an advanced threat query, so we need to spend time training them. 

We have used Defender XDR for about 15 months.

I rate Defender XDR 10 out of 10 for stability. It's a stable solution. We've had no outages. 

The scalability depends on the number of licenses you can purchase. If I want to add more endpoints or solutions from Microsoft XDR, I have to pay more. The scale depends on the pricing. 

I rate Microsoft support eight out of 10. Some cases are easy fixes, so they don't take much time, whereas some of our more complex tickets take some time.

Positive

I've also worked with Trellix. Microsoft provides better recommendations for protecting our tools, devices, and files. Trellix has XDR capabilities, too, but Microsoft's recommendations are more robust. 

Defender XDR is a SaaS solution. The deployment is ongoing because we're constantly onboarding and retiring endpoints. Microsoft handles most of the maintenance for it. It rarely requires maintenance from our end. 

Defender XDR is fairly priced and cost-effective. 

I rate Microsoft Defender XDR eight out of 10. If you want to implement this product, you should have a team who understands the product well. It's SaaS-based, so the Microsoft team is delivering everything to you. However, you still need to know the product.

Extended XDR expands threat protection across endpoints, email, identities, and cloud environments.

Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise. It includes capabilities for monitoring Active Directory against attacks and threats, making it a broad and deep solution for identity security.

Improving scalability, especially for very large tenants, could be beneficial for Microsoft Defender XDR. Additionally, enhancing the privilege access management capability would make it a better solution overall.

I have been using Microsoft Defender XDR for about a year and a half.

Microsoft Defender XDR is very stable. I would rate the stability as a 10 out of 10.

I would rate the scalability of the product as a 10 out of 10.

Microsoft's customer support for Defender XDR is generally very good and I would rate it at around an eight out of ten. Larger customers like us, especially those partially owned by Microsoft, tend to receive excellent support. However, smaller organizations may not experience the same level of support.

Positive

Microsoft Defender XDR is typically deployed at the organizational level across multiple locations and departments. Maintenance is required, and the number of people needed depends on the organization's size and complexity. It could range from a large team for a big organization to just a few individuals for smaller ones.

Microsoft Defender XDR is expensive, especially for the full suite functionality. However, when compared to buying multiple-point solutions separately, it may be comparable in price. Overall, it is competitive within the market, but the broad capabilities make direct cost comparisons challenging.

Clients implement this tool to address various security issues efficiently. Microsoft Defender XDR offers a unified solution for a wide range of security needs, including extended detection and response across multiple platforms like Office, endpoints, mobile, and identity.

Microsoft Defender XDR includes some identity and access management features, especially when used alongside Azure Active Directory's privileged access management capabilities.

While primarily focused on Microsoft technologies, Microsoft Defender XDR can integrate with third-party SIEM vendors and covers multiple operating systems, including macOS, iOS, Android, and Windows, through its Defender for Endpoint and Intune capabilities.

Microsoft Defender XDR is designed as an XDR solution, utilizing the Mitre ATT&CK framework to detect and correlate events across various areas of compromise. It can identify and correlate events related to advanced attacks, such as business email compromise and ransomware, affecting security operations by providing insights into the events leading up to such attacks.

When security products like antivirus and vulnerability management software are discontinued in favor of Microsoft Defender XDR and other Microsoft 365 tools, it streamlines operations but may require less manual correlation of security events.

Some organizations might experience a 10-20% cost reduction with Microsoft Defender XDR, but for me, the main goal is to improve detection and response capabilities, not just save money. It is about adapting to the evolving threat landscape rather than focusing solely on cost savings.

Microsoft Defender XDR has saved time for our security team, making our operations more efficient.

For those evaluating Microsoft Defender XDR, my advice is to understand your requirements and map them to the appropriate licensing capabilities. It is not a one-time project but an ongoing process, so plan for continuous improvement of your security posture.

Overall, I would rate Microsoft Defender XDR as an 8 out of 10.

I work at a SOC, and we use Microsoft XDR to provide 24/7 monitoring for our clients. We use it to monitor all types of incidents, including attacks on endpoints and email-related threats. It's integrated with other Microsoft solutions.

I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc. The Kubernetes security feature hasn't been released yet, but we're looking forward to that. I'm just focusing on that because it will be a game-changer.

The integrated identity and access management is helpful because sometimes you don't have the information you need inside XDR, so you can go to Entra for more details.

XDR can stop advanced attacks like ransomware and BEC attacks. It also has an AI-assisted automated feature that cuts off access to persistent attacks. This feature disrupts the attack by disabling user access. A person needs to analyze if the response is correct and reject or approve. 

Through integration with Microsoft Lighthouse, we can manage multiple tenants on one screen, and prioritize which areas of the environment to address first. Sometimes, one tenant may be inaccessible to you. It will show an error, but then it will start working again automatically. 

Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly. 

I've been working with Defender XDR for the last six months.

I rate Defender XDR 8 out of 10 for stability. 

Defender XDR is scalable. 

We had a problem once getting a feature to work correctly after an update. We contacted Microsoft, and it took about 2 or 3 days to resolve.

I previously used QRadar and Splunk

Deployment is easy. It requires some maintenance on the Microsoft side. 

I rate Defender XDR 9 out of 10. I would recommend Defender. It's easier to use than other products I've worked with, such as Splunk and QRadar.

We are using Microsoft Defender XDR for our endpoint, desktop, and laptop protection.

Microsoft Defender can extend its protection to the third-party applications we use, which is helpful.

Microsoft Defender XDR not only helps stop malware attacks but also offers advanced attack prevention features to safeguard against sophisticated threats.

Our environment is multi-tenant, and Microsoft Defender XDR offers seamless integration. Its ability to respond to threats across the multi-tenants is good.

It helps our security team by automating tasks, providing detailed reports, safeguarding our systems, and enabling historical analysis.

It has helped to reduce some of our costs by almost $10,000 per month.

Microsoft Defender XDR is easy to manage, saving our security team time.

Scanning, vulnerability reporting, and the dashboard are the most valuable features.

While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience. To address this limitation, integrating MDR as part of the XDR experience and incorporating the latest advancements into Microsoft Defender XDR are crucial steps.

I have been using Microsoft Defender XDR for over three years.

Microsoft Defender XDR is stable.

We can scale up with Microsoft Defender XDR with no problems.

We have a dedicated account manager who handles our support requests. We submit our requests through a ticketing system, and they respond promptly.

Positive

We also use CrowdStrike. Both have advanced capabilities and are easy to manage. We have them integrated with multiple tenants but for different products. 

The initial deployment was straightforward and took one to two days to complete.

While Microsoft Defender XDR carries a higher cost, its ease of use compared to Defender may justify the investment.

Although I would rate Microsoft Defender XDR eight out of ten, its visibility suffers when used with third-party applications and non-Azure cloud platforms.

While the implementation itself is straightforward, troubleshooting, log creation, and monitoring can be challenging. This solution may be suitable for Microsoft-centric environments, but its visibility suffers in scenarios with multiple third-party solutions or hybrid deployments.

We're a small business. Defender XDR gives us a centralized security solution for monitoring our servers and some user PCs. We have around 30 machines, 10 of which are servers. 

Defender XDR saves the security team time by telling us what patches to apply. We also get preemptive notes about things that need to be done.

I like Defender XDR's reports and alerts. They give you updates about the latest hotfixes and zero-day vulnerabilities, which gives me all the information I need to maintain my servers. 

Defender's AI for identifying suspicious activity could be improved. Also, I do a lot of home updates. Maybe there is a way to set it up faster. For example, let's say that I want to automatically update seven computers, servers, etc. I wouldn't do it to a user, but maybe the server. I don't mind if the server restarts automatically.

I have used Defender XDR for a year.

Defender XDR is stable.

Defender is scalable. I haven't had any issues with that part.  

Microsoft support is good. I usually don't contact them directly. We have a support partner. If there's an issue, they can resolve it with Microsoft quickly.

We previously used Symantec antivirus. We're a small company, so switching wasn't a big deal. We switched because Symantec discontinued the solution we were using. They actually don't sell it anymore.

I wasn't involved in the decision to purchase Defender XDR. We are a small company, so we needed a vendor to support SMEs, and Microsoft caters to businesses of all sizes. We checked some other solutions but went with Defender because we're already on Azure, so the solutions complement each other.

Deploying Defender XDR was easy. Our external security guy handled most of the settings and onboarding, and our IT guy handled a few of the problematic cases. Most of the maintenance was automatic.

I don't know the exact pricing, but I believe Defender offered the best small business solution for the price.

I rate Microsoft Defender XDR nine out of 10. I don't have experience with other XDRs that I can compare it to, but I think Defender is an excellent solution. It's fairly easy to understand and navigate, and it's a good value.