Try our new research platform with insights from 80,000+ expert users
Brian Mulambuzi - PeerSpot reviewer
IT Technician Engineer at Nevasa Foundation
Real User
Top 20
Helps improve our visibility, our security posture, and defends against advanced threats
Pros and Cons
  • "The ability to isolate and address viruses is the most valuable feature of Microsoft Defender XDR."
  • "Just like in any solution, the price can always be cheaper."

What is our primary use case?

Microsoft Defender XDR is our antivirus solution.

How has it helped my organization?

Microsoft Defender XDR provides a unified identity and access management platform.

It does a good job with identity protection.

Including identity and access management within Defender XDR is valuable because it streamlines our organization's security by consolidating multiple tools into one. This eliminates the need to manage and pay for separate solutions and licenses, simplifying our security posture.

Microsoft Defender XDR has improved our visibility, making us more efficient by providing threat details and remediation steps as well as improving our security posture.

It safeguards our organization by preventing advanced threats like ransomware and business email compromise, along with stopping lateral movement within our network that could enable attackers to spread and gain wider access.

It includes the ability to stop attacks and adapt to evolving threats. This is an important feature for us.

We have been enabled to discontinue using Microsoft Sentinel.

Microsoft Defender XDR helps save costs through the licensing for businesses which is around $20 each and helps save time for our security team.

What is most valuable?

The ability to isolate and address viruses is the most valuable feature of Microsoft Defender XDR.

What needs improvement?

Just like in any solution, the price can always be cheaper.

Buyer's Guide
Microsoft Defender XDR
June 2025
Learn what your peers think about Microsoft Defender XDR. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
860,592 professionals have used our research since 2012.

For how long have I used the solution?

I have been using Microsoft Defender XDR for three months.

What do I think about the stability of the solution?

Microsoft Defender XDR is stable. It has been running smoothly for us.

How are customer service and support?

The support has been perfect.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

To consolidate our security tools and avoid additional costs for a separate EDR solution, we leveraged our existing Microsoft Sentinel license to migrate to Microsoft Defender XDR, which already includes EDR capabilities.

How was the initial setup?

Our initial deployment of Defender XDR onto machines was simple. Onboarding a machine involves configuring settings within Intune for our tenant, allowing Defender XDR to communicate and collect data. The entire deployment process took only two hours and required just one person.

What about the implementation team?

The implementation was completed in-house.

What other advice do I have?

I would rate Microsoft Defender XDR ten out of ten.

No maintenance is required.

I recommend Microsoft Defender XDR for small businesses like ours.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2313252 - PeerSpot reviewer
Senior Infrastructure Engineer at a manufacturing company with 51-200 employees
Real User
Top 20
Reduces our reliance on other products, adapts to threats, and saves us time
Pros and Cons
  • "The threat intelligence is excellent."
  • "Advanced attacks could use an improvement."

What is our primary use case?

We use Microsoft Defender XDR for antivirus, threat intelligence, and email blocking.

How has it helped my organization?

Microsoft Defender's XDR platform provides unified identity and access management. It has improved significantly, although other products remain slightly ahead. I would rate it among the top four or five XDR platforms I've used, and Microsoft is continuously enhancing its capabilities. Overall, it's a fairly good solution.

Consolidating identity and access management under one umbrella within Defender 365 offers significant advantages. This unified approach simplifies control and visibility, eliminating the need to navigate through different screens from multiple vendors. With everything centralized, we gain a comprehensive overview of all IAM activities and can easily access specific details through subcategories. The main page provides a clear starting point, highlighting key information and granting quick access to deeper levels of detail when needed.

While Microsoft Defender can effectively impede the lateral movement of advanced ransomware, it cannot guarantee complete protection. No system is perfect, and vulnerabilities will always exist.

Defender's ability to stop attacks includes its adaptability to evolving threats. Microsoft has been steadily improving Defender over the past few years, and they continue to do so. Several updates in recent months have changed Defender's functionality, making it more effective. While technology advances and tools like Defender improve, the skills of hackers and their tools also evolve. This necessitates continuous improvement to keep pace.

Adaptability to evolving threats is crucial. A static system is vulnerable to attack. Its unchanging vulnerabilities can be readily identified and exploited, allowing unauthorized access and manipulation. Constant improvement is necessary to maintain security.

While we have reduced our reliance on other products, we haven't eliminated them at this time. We are actively reducing our use of other products as we progress. Once we have completed the configuration and setup process for Defender XDR, we can then fully transition to using it as our primary product.

Defender XDR has saved our security team approximately two hours per day. Automation is improving steadily, allowing us to automate audit file processing and scheduling. This provides us with continuous insight into our environment. The main page offers a high-level overview of current activity, enabling us to quickly identify any anomalies. Our security team can then address these anomalies promptly.

What is most valuable?

The threat intelligence is excellent. Email collaboration is very good. Device protection is useful. Overall, 90 percent of Microsoft Defender XDR is used weekly, primarily for email collaboration.

What needs improvement?

Advanced attacks could use an improvement.

For how long have I used the solution?

I have been using Microsoft Defender XDR for almost four years.

What do I think about the stability of the solution?

I would rate the stability of Microsoft Defender XDR a nine out of ten.

What do I think about the scalability of the solution?

Microsoft Defender XDR is scalable and we are planning to increase the usage.

How are customer service and support?

The Microsoft technical support I used in the past was quite good. They were typically responsive and efficient, providing solutions quickly. However, I haven't needed their assistance in the last year, so I can't offer an updated assessment.

Which solution did I use previously and why did I switch?

Our past experience includes Sophos, Check Point, and ESET. We briefly utilized SentinelOne as well, but ultimately opted for Microsoft Defender XDR. We had Defender included in our purchases but it wasn't being utilized fully until I fine-tuned and set it up to work more efficiently.

What other advice do I have?

I would rate Microsoft Defender XDR an eight out of ten.

We require three people for maintenance.

We have Microsoft Defender XDR deployed across multiple locations, roles, and teams.

Before implementing Microsoft Defender XDR, ensure that all the features will be utilized otherwise it is more cost-effective to go with a smaller package that includes only the features needed by the organization.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Microsoft Defender XDR
June 2025
Learn what your peers think about Microsoft Defender XDR. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
860,592 professionals have used our research since 2012.
SysAdmin Engineer at FileVine, LLC
Real User
Features a straightforward and user-friendly interface, excellent visibility into threats, and integration with other Microsoft security products
Pros and Cons
  • "The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
  • "Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."

What is our primary use case?

At FileVine, we provide case management software for attorneys, so we have considerable SOC 2 compliance requirements. We need more than a firewall; we also need a solution that helps us upkeep and manage devices, laptops, etc. 365 Defender fulfills these requirements, and SOC 2 compliance is our primary use case.

We're a hybrid company using both Macs and Dells, deployed across multiple regions.

How has it helped my organization?

The solution helps us improve compliance regarding end users installing updates. It clarifies which users need to update and how they can go into Terminal or PowerShell to perform that process. We don't have to waste time looking for what needs to be done, which is a useful functionality. The product automatically informs us of high and low priorities, which is great; it allows us to deal with the most significant priorities first.

365 Defender helps us automate routine tasks, and we get updated daily. We can integrate Splunk to see what's going on and what needs to be updated. Automation significantly impacts our security operations; it feels like we have a vault around us that nobody can breach.  

What is most valuable?

The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update.

The visibility into threats provided by the solution is excellent. When a threat triggers a response based on our set rules, it's stopped, and we are notified via email. We can then analyze the threat and make a decision; this entire process is straightforward and user-friendly. 

The product helps us prioritize threats across the enterprise, especially in the legal domain. It is very valuable, and one of the reasons we have been so successful at Filevine is the security measures we have in place. We use many tools, one of them being Microsoft 365 Defender, which significantly contributes to our IT team and company's success.   

Our integration of multiple solutions helps to deliver a coordinated detection and response in our environment. We integrate with Zscalar, which is very easy and manageable. We thought it might be difficult, but it works very well. Much like a car, our security system is composed of many moving parts working together, which helps us move forwards as a company and thrive in a relatively challenging economic time. 

The comprehensiveness of the threat protection provided by using multiple Microsoft security products is excellent. It's a simple system; we have incoming and outgoing traffic rules. When a rule is triggered, we are notified by email to look over the situation. For example, we can see viruses and malicious actors attempting to breach our security and respond by blacklisting the IP address. Sometimes, we gather information and pass it on to the FBI, as we have many SOC 2 clients.

365 Defender helped eliminate multiple dashboards, which is great because I like to be as minimalistic as possible regarding dashboards. Now, I only have to look at one or two at most, simplifying the security landscape, and I love that about the tool.  

The solution's threat intelligence helps us prepare for potential threats before they hit; most recently, we were protected from the August 2022 Apple hack. We had measures in place, so none of our devices were affected. We were spared any data compromise, and it's an excellent example of why we invest in security solutions. It builds our confidence and strengthens our case with the higher-ups for increasing and maintaining our cybersecurity budget. 

The product certainly saves us time. We trust in the protection and can focus on different projects, including automation, so we don't have to spend time dealing with issues and security breaches. I'd say we save four or five hours a week.  

365 Defender saves us a lot of money because we don't have to recover data or hire outside lawyers to help us with legal trouble. We don't need to invest in physical products or external security teams and solutions. We can keep our security operation within the company, so all our money is invested in people who care about our product and business.  

The solution quickly notifies us when a threat is detected, increasing our response speed. Other products I used in the past sometimes had significant delays with notifications, which is far from ideal when dealing with potential security threats. 

What needs improvement?

Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed.

For how long have I used the solution?

I have been using the solution for a few years. 

What do I think about the stability of the solution?

The solution is very stable with low latency. 

What do I think about the scalability of the solution?

The product is highly scalable, which is fantastic because we have been expanding significantly. It's up and running and good to go very quickly, which has been excellent for our expansion in Florida, New York, Maine, and Canada.

How are customer service and support?

I have yet to contact support. One thing that helps in this regard is that I have an AZ-900 handbook with Microsoft fundamentals. 

Which solution did I use previously and why did I switch?

365 Defender was already in place when I was brought into the company, but they previously used Jamf Protect. They switched because it cost too much and wasn't fulfilling the requirements. It didn't perform as well as 365.

How was the initial setup?

I can't speak to the setup as the solution was in place when I arrived at the company. However, 365 Defender is one of the most lightweight tools we use in terms of maintenance. We keep it up to date, and it works very well.

What was our ROI?

I would say the solution gives us a significant ROI, especially considering the issues in the industry recently. Russia and China hacked many companies, but we never had that problem, and that's a lot of money saved for us. That's not entirely because of 365 Defender, but also thanks to our excellent security team and the robust toolset at our disposal to protect our operation.

What's my experience with pricing, setup cost, and licensing?

The solution is affordable, and we haven't been hit with any hidden costs. The subscription model is straightforward, and it's easy to understand how much additional features cost. If we need to cancel a license or feature, we do that well in advance to avoid being charged for it, but overall, the pricing and licensing are simple and easy.

What other advice do I have?

I would rate the solution an eight out of ten. 

We use multiple Microsoft security products, including Defender for Endpoint, MFA as a standard on all work laptops and computers, and Endpoint Manager. We use additional tools to protect the Mac side of our operation. We use Microsoft Intune, some other MDMs, and some other assets from Defender for Cloud, and for cloud security, we use GCP, Azure, and AWS. 

Many of these products are integrated, and the integration was relatively straightforward. It was somewhat time-consuming as we previously used Jamf Protect for a long time, so switching our entire infrastructure over to the new products took some time.   

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2399394 - PeerSpot reviewer
Security Engineer at a financial services firm with 10,001+ employees
Real User
Top 20
Enables users to access any application and system within the organization
Pros and Cons
  • "The best feature is probably the alert generation. When I do a security reset, the other session triggers instantly from the Defender console, and I can work on it. The policies are three times, but they are also ready to install it."
  • "Defender XDR could provide recommendations for threat-hunting queries. Some people do not know how to write an advanced threat query, so we need to spend time training them."

What is our primary use case?

We use Defender XDR to assign roles and monitor based on the analytics report from Microsoft. 

How has it helped my organization?

Defender XDR has improved the organization's confidentiality. If there's a DLP violation, such as someone sharing documents inappropriately, a notification will automatically trigger. Defender stops the movement of advanced attacks. We first need to set up some independent indicators of compromise. The IOCs are connected to some attack surface reduction rules.

We get alerts if someone tries installing something on the system or adding an external hard drive. We get security recommendations from Microsoft, but our security implements them on their own. We don't use the AI feature. We see significant time savings from the alerts based on the indicators of compromise. It saves us about 10 to 15 percent.

What is most valuable?

The best feature is probably the alert generation. When I do a security reset, the other session triggers instantly from the Defender console, and I can work on it. The policies are three times, but they are also ready to install it.

The identity management feature is something we need for our use case. It wraps up the access management and XDR components, so it's not just Defender. It works well with Azure AD for access management. I didn't think I needed identity and access management in the past, but it's nice to have if you're performing a significant migration on a tight schedule. 

Defender XDR's coverage extends beyond Microsoft technologies. It covers all the endpoints of users in the organization. I can manage access to any application and system within the organization. 

What needs improvement?

Defender XDR could provide recommendations for threat-hunting queries. Some people do not know how to write an advanced threat query, so we need to spend time training them. 

For how long have I used the solution?

We have used Defender XDR for about 15 months.

What do I think about the stability of the solution?

I rate Defender XDR 10 out of 10 for stability. It's a stable solution. We've had no outages. 

What do I think about the scalability of the solution?

The scalability depends on the number of licenses you can purchase. If I want to add more endpoints or solutions from Microsoft XDR, I have to pay more. The scale depends on the pricing. 

How are customer service and support?

I rate Microsoft support eight out of 10. Some cases are easy fixes, so they don't take much time, whereas some of our more complex tickets take some time.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I've also worked with Trellix. Microsoft provides better recommendations for protecting our tools, devices, and files. Trellix has XDR capabilities, too, but Microsoft's recommendations are more robust. 

How was the initial setup?

Defender XDR is a SaaS solution. The deployment is ongoing because we're constantly onboarding and retiring endpoints. Microsoft handles most of the maintenance for it. It rarely requires maintenance from our end. 

What's my experience with pricing, setup cost, and licensing?

Defender XDR is fairly priced and cost-effective. 

What other advice do I have?

I rate Microsoft Defender XDR eight out of 10. If you want to implement this product, you should have a team who understands the product well. It's SaaS-based, so the Microsoft team is delivering everything to you. However, you still need to know the product.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Paul Cooke - PeerSpot reviewer
Consultant at a computer software company with 51-200 employees
Reseller
Top 10
Provides advanced threat detection, investigation, and response capabilities
Pros and Cons
  • "Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
  • "Improving scalability, especially for very large tenants, could be beneficial for Microsoft Defender XDR."

What is our primary use case?

Extended XDR expands threat protection across endpoints, email, identities, and cloud environments.

What is most valuable?

Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise. It includes capabilities for monitoring Active Directory against attacks and threats, making it a broad and deep solution for identity security.

What needs improvement?

Improving scalability, especially for very large tenants, could be beneficial for Microsoft Defender XDR. Additionally, enhancing the privilege access management capability would make it a better solution overall.

For how long have I used the solution?

I have been using Microsoft Defender XDR for about a year and a half.

What do I think about the stability of the solution?

Microsoft Defender XDR is very stable. I would rate the stability as a 10 out of 10.

What do I think about the scalability of the solution?

I would rate the scalability of the product as a 10 out of 10.

How are customer service and support?

Microsoft's customer support for Defender XDR is generally very good and I would rate it at around an eight out of ten. Larger customers like us, especially those partially owned by Microsoft, tend to receive excellent support. However, smaller organizations may not experience the same level of support.

How would you rate customer service and support?

Positive

How was the initial setup?

Microsoft Defender XDR is typically deployed at the organizational level across multiple locations and departments. Maintenance is required, and the number of people needed depends on the organization's size and complexity. It could range from a large team for a big organization to just a few individuals for smaller ones.

What's my experience with pricing, setup cost, and licensing?

Microsoft Defender XDR is expensive, especially for the full suite functionality. However, when compared to buying multiple-point solutions separately, it may be comparable in price. Overall, it is competitive within the market, but the broad capabilities make direct cost comparisons challenging.

What other advice do I have?

Clients implement this tool to address various security issues efficiently. Microsoft Defender XDR offers a unified solution for a wide range of security needs, including extended detection and response across multiple platforms like Office, endpoints, mobile, and identity.

Microsoft Defender XDR includes some identity and access management features, especially when used alongside Azure Active Directory's privileged access management capabilities.

While primarily focused on Microsoft technologies, Microsoft Defender XDR can integrate with third-party SIEM vendors and covers multiple operating systems, including macOS, iOS, Android, and Windows, through its Defender for Endpoint and Intune capabilities.

Microsoft Defender XDR is designed as an XDR solution, utilizing the Mitre ATT&CK framework to detect and correlate events across various areas of compromise. It can identify and correlate events related to advanced attacks, such as business email compromise and ransomware, affecting security operations by providing insights into the events leading up to such attacks.

When security products like antivirus and vulnerability management software are discontinued in favor of Microsoft Defender XDR and other Microsoft 365 tools, it streamlines operations but may require less manual correlation of security events.

Some organizations might experience a 10-20% cost reduction with Microsoft Defender XDR, but for me, the main goal is to improve detection and response capabilities, not just save money. It is about adapting to the evolving threat landscape rather than focusing solely on cost savings.

Microsoft Defender XDR has saved time for our security team, making our operations more efficient.

For those evaluating Microsoft Defender XDR, my advice is to understand your requirements and map them to the appropriate licensing capabilities. It is not a one-time project but an ongoing process, so plan for continuous improvement of your security posture.

Overall, I would rate Microsoft Defender XDR as an 8 out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer.
PeerSpot user
MuhammadBilal6 - PeerSpot reviewer
Cyber Security Analyst at a manufacturing company with 1,001-5,000 employees
Real User
Top 20
It also has an AI-assisted automated feature that cuts off access to persistent attacks
Pros and Cons
  • "I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
  • "Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."

What is our primary use case?

I work at a SOC, and we use Microsoft XDR to provide 24/7 monitoring for our clients. We use it to monitor all types of incidents, including attacks on endpoints and email-related threats. It's integrated with other Microsoft solutions.

What is most valuable?

I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc. The Kubernetes security feature hasn't been released yet, but we're looking forward to that. I'm just focusing on that because it will be a game-changer.

The integrated identity and access management is helpful because sometimes you don't have the information you need inside XDR, so you can go to Entra for more details.

XDR can stop advanced attacks like ransomware and BEC attacks. It also has an AI-assisted automated feature that cuts off access to persistent attacks. This feature disrupts the attack by disabling user access. A person needs to analyze if the response is correct and reject or approve. 

Through integration with Microsoft Lighthouse, we can manage multiple tenants on one screen, and prioritize which areas of the environment to address first. Sometimes, one tenant may be inaccessible to you. It will show an error, but then it will start working again automatically. 

What needs improvement?

Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly. 

For how long have I used the solution?

I've been working with Defender XDR for the last six months.

What do I think about the stability of the solution?

I rate Defender XDR 8 out of 10 for stability. 

What do I think about the scalability of the solution?

Defender XDR is scalable. 

How are customer service and support?

We had a problem once getting a feature to work correctly after an update. We contacted Microsoft, and it took about 2 or 3 days to resolve.

Which solution did I use previously and why did I switch?

I previously used QRadar and Splunk

How was the initial setup?

Deployment is easy. It requires some maintenance on the Microsoft side. 

What other advice do I have?

I rate Defender XDR 9 out of 10. I would recommend Defender. It's easier to use than other products I've worked with, such as Splunk and QRadar.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Dinesh Jaisankar - PeerSpot reviewer
Cloud Architect at Vision Bank
Real User
Top 5
Helps extend its protection to third-party applications, stops malware attacks, and reduces costs
Pros and Cons
  • "Scanning, vulnerability reporting, and the dashboard are the most valuable features."
  • "While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."

What is our primary use case?

We are using Microsoft Defender XDR for our endpoint, desktop, and laptop protection.

How has it helped my organization?

Microsoft Defender can extend its protection to the third-party applications we use, which is helpful.

Microsoft Defender XDR not only helps stop malware attacks but also offers advanced attack prevention features to safeguard against sophisticated threats.

Our environment is multi-tenant, and Microsoft Defender XDR offers seamless integration. Its ability to respond to threats across the multi-tenants is good.

It helps our security team by automating tasks, providing detailed reports, safeguarding our systems, and enabling historical analysis.

It has helped to reduce some of our costs by almost $10,000 per month.

Microsoft Defender XDR is easy to manage, saving our security team time.

What is most valuable?

Scanning, vulnerability reporting, and the dashboard are the most valuable features.

What needs improvement?

While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience. To address this limitation, integrating MDR as part of the XDR experience and incorporating the latest advancements into Microsoft Defender XDR are crucial steps.

For how long have I used the solution?

I have been using Microsoft Defender XDR for over three years.

What do I think about the stability of the solution?

Microsoft Defender XDR is stable.

What do I think about the scalability of the solution?

We can scale up with Microsoft Defender XDR with no problems.

How are customer service and support?

We have a dedicated account manager who handles our support requests. We submit our requests through a ticketing system, and they respond promptly.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We also use CrowdStrike. Both have advanced capabilities and are easy to manage. We have them integrated with multiple tenants but for different products. 

How was the initial setup?

The initial deployment was straightforward and took one to two days to complete.

What's my experience with pricing, setup cost, and licensing?

While Microsoft Defender XDR carries a higher cost, its ease of use compared to Defender may justify the investment.

What other advice do I have?

Although I would rate Microsoft Defender XDR eight out of ten, its visibility suffers when used with third-party applications and non-Azure cloud platforms.

While the implementation itself is straightforward, troubleshooting, log creation, and monitoring can be challenging. This solution may be suitable for Microsoft-centric environments, but its visibility suffers in scenarios with multiple third-party solutions or hybrid deployments.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
David Shlingbaum - PeerSpot reviewer
IT Development Manager, Architect, Developer at Miltel Communications LTD
Real User
Top 5Leaderboard
It gives you reports and updates about the latest hotfixes and zero-day vulnerabilities
Pros and Cons
  • "I like Defender XDR's reports and alerts. They give you updates about the latest hotfixes and zero-day vulnerabilities, which gives me all the information I need to maintain my servers."
  • "Defender's AI for identifying suspicious activity could be improved. Also, I do a lot of home updates. Maybe there is a way to set it up faster. For example, let's say that I want to automatically update seven computers, servers, etc. I wouldn't do it to a user, but maybe the server. I don't mind if the server restarts automatically."

What is our primary use case?

We're a small business. Defender XDR gives us a centralized security solution for monitoring our servers and some user PCs. We have around 30 machines, 10 of which are servers. 

How has it helped my organization?

Defender XDR saves the security team time by telling us what patches to apply. We also get preemptive notes about things that need to be done.

What is most valuable?

I like Defender XDR's reports and alerts. They give you updates about the latest hotfixes and zero-day vulnerabilities, which gives me all the information I need to maintain my servers. 

What needs improvement?

Defender's AI for identifying suspicious activity could be improved. Also, I do a lot of home updates. Maybe there is a way to set it up faster. For example, let's say that I want to automatically update seven computers, servers, etc. I wouldn't do it to a user, but maybe the server. I don't mind if the server restarts automatically.

For how long have I used the solution?

I have used Defender XDR for a year.

What do I think about the stability of the solution?

Defender XDR is stable.

What do I think about the scalability of the solution?

Defender is scalable. I haven't had any issues with that part.  

How are customer service and support?

Microsoft support is good. I usually don't contact them directly. We have a support partner. If there's an issue, they can resolve it with Microsoft quickly.

Which solution did I use previously and why did I switch?

We previously used Symantec antivirus. We're a small company, so switching wasn't a big deal. We switched because Symantec discontinued the solution we were using. They actually don't sell it anymore.

I wasn't involved in the decision to purchase Defender XDR. We are a small company, so we needed a vendor to support SMEs, and Microsoft caters to businesses of all sizes. We checked some other solutions but went with Defender because we're already on Azure, so the solutions complement each other.

How was the initial setup?

Deploying Defender XDR was easy. Our external security guy handled most of the settings and onboarding, and our IT guy handled a few of the problematic cases. Most of the maintenance was automatic.

What's my experience with pricing, setup cost, and licensing?

I don't know the exact pricing, but I believe Defender offered the best small business solution for the price.

What other advice do I have?

I rate Microsoft Defender XDR nine out of 10. I don't have experience with other XDRs that I can compare it to, but I think Defender is an excellent solution. It's fairly easy to understand and navigate, and it's a good value.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Download our free Microsoft Defender XDR Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2025
Buyer's Guide
Download our free Microsoft Defender XDR Report and get advice and tips from experienced pros sharing their opinions.