2020-09-13T07:02:19Z

What advice do you have for others considering Microsoft Defender for Endpoint?

Julia Miller - PeerSpot reviewer
  • 0
  • 135
PeerSpot user
81

81 Answers

ML
Real User
Top 20
2023-11-28T10:43:00Z
Nov 28, 2023

Overall, I would rate it nine out of ten.

Search for a product comparison
AP
Real User
Top 20
2023-11-28T10:11:00Z
Nov 28, 2023

To those evaluating this solution, I would advise first figuring out what your needs are. Figure out what levels of granularity you need in the system to see if it will support your needs. For example, if you have something like department-level control over devices, you might want to look at another system versus a central security solution that controls all devices. Beyond that, make sure your machines have the resources necessary to support the features you turn on in the environment. A lot of the resources in Microsoft Defender for Endpoint can be shut down for slower machines and older machines. I would rate Microsoft Defender for Endpoint a solid nine out of ten.

CD
Real User
Top 20
2023-11-28T10:07:00Z
Nov 28, 2023

Microsoft Defender for Endpoint helps us save time since we don't have to keep a separate semantic console. We can see the threats as soon as they come in. Our security team gets notifications. I rate it an eight out of ten.

Mark Foust - PeerSpot reviewer
Real User
Top 10
2023-11-28T09:32:00Z
Nov 28, 2023

I rate Microsoft Defender for Endpoint nine out of 10.

VN
Real User
Top 20
2023-11-28T09:30:00Z
Nov 28, 2023

The product's threat intelligence prepares us for potential threats and helps us take proactive steps. Its vulnerability management feature is important to us. Microsoft Defender for Endpoint has improved our security posture by giving visibility to our endpoints and vulnerabilities. The tool helps us save months per year. It also helps us save money in manhours. Microsoft Defender for Endpoint has reduced our time to respond and time to detect by a large margin. We chose the product because we already use Microsoft products, and it better integrates with them. I rate it an eight out of ten.

DS
Real User
Top 5
2023-11-14T12:44:00Z
Nov 14, 2023

I would rate Microsoft Defender for Endpoint six out of ten. The support and product development team need to improve. We have deployed Microsoft Defender for Endpoint across the globe on all of our endpoints. Microsoft Defender for Endpoint updates itself so there is no need for maintenance. It is advisable to always exercise patience with technical support and occasionally guide them in the right direction. Otherwise, they may become overly focused on irrelevant logs. Additionally, it is crucial to always have a contingency plan in place in case Microsoft Defender for Endpoint encounters unforeseen challenges. The effectiveness of both best-of-breed and single-vendor security suite methodologies hinges on seamless integration. When products integrate effectively, they provide a unified view of the security landscape, enabling comprehensive monitoring and threat detection. A SIEM, XDR, or similar tool can serve as this centralized dashboard, providing a single pane of glass for security operations. By centralizing visibility and streamlining response times, organizations can effectively achieve their information security analysis and response objectives.

Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Nagendra Nekkala - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-11-08T07:32:00Z
Nov 8, 2023

The solution provides us with clear visibility. We have a clear dashboard analysis, and we don't need to worry about the changes we need to make as it gives a clear solution for us. Threat hunting is the best feature that gives the response to any event happening. The solution helps me prioritize threats across our enterprise because I'm able to map all the devices across my enterprise. It is improving my security score compared to the earlier one. Compared to our earlier endpoint protection solutions, we have a good edge over the mapping we have with Microsoft Defender for Endpoint. Any new devices getting added to our ecosystem are getting secured in a better way. We use more than one Microsoft security product. We have integrated all of these products, and it was easy to integrate them. The integrated Microsoft security solutions work natively together to deliver coordinated detection and response across our environment. This is very important for us because we follow a framework where protection, detection, response, and recovery have to happen in a seamless manner. Microsoft security products give visibility into the information about the latest threats happening across the globe. This gives us awareness and helps us to be well-prepared before the attacks. We use Microsoft Defender for Cloud, and we make use of its bi-directional sync capabilities. Microsoft Defender for Endpoint has both on-premises and cloud capabilities. We use Microsoft Sentinel, which enables us to ingest data from our entire ecosystem. We have different types of endpoints. The ingestion of data gives more data and more credibility to the logs, which makes my environment more secure. MS Sentinel enables us to investigate threats and respond holistically from one place. It provides vulnerability management and threat detection so that we'll be able to see different logs and parameters. Normally, the threat collection, detection, and response are very much important for an organization. MS Sentinel’s built-in SOAR and UEBA are different higher-end functionalities with artificial intelligence that provide a secure environment for any platform. It can analyze more volumes of data. Compared to MS Sentinel, SOAR solutions are more costly. Our Microsoft security solution helps automate routine tasks and help automate the finding of high-value alerts. It gives us a clear investigation report to find the RCA appropriately, thereby speeding up our response time. Our Microsoft security solution has helped eliminate having to look at multiple dashboards and given us one XDR dashboard. I can integrate all my security parameters into one dashboard, and looking for the management review is easy for me. The solution’s threat intelligence helps prepare us for potential threats before they hit and to take proactive steps. It alerts me immediately from which IP the threat is coming so that I can block that respective port immediately and prevent it from entering my network. Our Microsoft security solution has saved us time by making the operations faster and reducing the response time. The solution has saved me almost 15 days in a month. Our Microsoft security solution has saved us money by providing a single integrated solution and eliminating the need for different security solutions. The solution has decreased our time to detect and respond. The solution has enabled me to act quickly on any issue before it hits me. Microsoft Defender for Endpoint is a one-stop solution for your protection, and it gives overall visibility of your endpoint devices. You can easily add on the devices whenever the enterprise is growing. With Microsoft Defender for Endpoint, you can club your endpoint protection, email protection, network protection, and application protection and ensure they are in good hands. We can handle anything regarding security operations, investigations, or complaints from a single point. Overall, I rate Microsoft Defender for Endpoint a nine out of ten.

SM
Real User
Top 20
2023-08-17T11:47:00Z
Aug 17, 2023

I rate Microsoft Defender for Endpoint an eight out of ten. We also utilize Defender for Cloud. Defender for Cloud is employed specifically for the Azure product. If we have servers deployed within Azure, the system handles alerting, traceability, and security. Therefore, we certainly use it. We have three locations where Microsoft Defender for Endpoint is deployed. One is in Australia, another is in Qatar, and the third is in India. Consequently, we employ approximately two hundred personnel. No maintenance is required for Defender for Endpoint on the customer's end. A single-vendor security solution approach is better than a best-of-breed strategy. We all are using Microsoft laptops and OS. I recommend completing a POC before adapting Microsoft Defender for Endpoint.

SR
Real User
Top 20
2023-08-15T08:22:00Z
Aug 15, 2023

I rate Microsoft Defender for Endpoint nine out of ten. Microsoft Defender for Endpoint is indeed a commendable product. However, despite its implementation, we should consider the integration of other security products. This is due to the escalating variety of cyberattacks prevalent today. While Windows consistently issues patches to update its existing products, I propose the adoption of a dual-product approach within our infrastructure. This approach aims to preempt eleventh-hour security breaches. By juxtaposing and scrutinizing the attributes of different solutions, we can better comprehend their nuances, specifically at the feature level. The pivotal factor lies in how adeptly a solution identifies and mitigates potential threats. Therefore, I advocate for the incorporation of two distinct solutions within our infrastructure. This strategy is poised to yield heightened efficiency, effectively mitigating the risks of both security breaches and data breaches.

Shashank Gahoi. - PeerSpot reviewer
MSP
Top 5
2023-07-18T08:50:00Z
Jul 18, 2023

I give Microsoft Defender for Endpoint an eight out of ten. We currently have around 6,000 Microsoft Defender for Endpoint users in our organization. We have a team called InfoSec Operations that handles maintenance and consists of approximately five people. I recommend Microsoft Defender for Endpoint for larger organizations, and they should undergo training if they intend to use it in conjunction with Microsoft Sentinel, as it is a complex tool compared to others like QRadar. For smaller organizations, I suggest using Splunk, which is a reliable solution. Microsoft Defender for Endpoint is a viable solution, but it does have limitations when it comes to other operating systems. I would not recommend this solution for an organization that operates in a Linux-based environment.

JZ
Real User
Top 20
2023-07-17T21:40:00Z
Jul 17, 2023

I would rate Microsoft Defender for Endpoint a seven out of ten. The solution is stable, easy to deploy, and scalable. However, threat detection could use some improvement. Our organization is a cybersecurity company, and after using Microsoft Defender for Endpoint for one year, we found that it lacked features such as endpoint detection and response. Additionally, it was weak in certain areas, like detecting a set of malware and providing email protection. As a result, we started exploring other solutions, even though they may be more costly.

Danny Nagdev - PeerSpot reviewer
Real User
Top 10
2023-07-14T07:14:00Z
Jul 14, 2023

Defender for Endpoint doesn't really help to prioritize threats across the enterprise. It's more of a basic threat protection solution. It's more of a reactive approach, once something hits. With a single vendor, it's much easier to detect alerts and threats beforehand. Having a single vendor helps. I would recommend Defender For Endpoint. If you are using other Microsoft products, together, this is a better security solution.

JD
Real User
Top 20
2023-04-26T16:57:00Z
Apr 26, 2023

I rate Microsoft Defender for Endpoint a nine out of ten. If someone asked me whether a best-in-breed or single-vendor strategy was better, I would say there's no right or wrong answer. It's better to use one vendor from an integration perspective because it's easier to set up. A single-vendor approach also simplifies support. For example, if you use CrowdStrike, you might be using Splunk as your SIEM. When you open a ticket with CrowdStrike, they will only be able to answer questions about their own products.

MC
MSP
Top 20
2023-04-06T21:03:00Z
Apr 6, 2023

I give the solution an eight out of ten. The most cost-effective and user-friendly option for security is a single-vendor security suite. This approach also eliminates the need for multiple integrations. I recommend that organizations avail themselves of Microsoft's trials and demos, and compare Defender with other solutions in their environment to determine the best fit. With a Microsoft E5 license, organizations can access all of Microsoft's solutions and use whatever they need.

PP
Real User
Top 5
2023-03-18T12:13:00Z
Mar 18, 2023

I rate the solution nine out of ten, and I recommend it. We use Microsoft Sentinel, and it allows us to ingest data from our entire ecosystem. Sentinel enables us to investigate threats and respond holistically from one place, which is important to us.

BE
Real User
Top 20
2023-02-11T23:04:00Z
Feb 11, 2023

Defender for IoT is an add-on to Defender for Endpoint. It's there, but you have to onboard it. I don't really have enough devices, other than my home base, but in a regular business it would find all the switches, routers, security cameras, monitors, printers, modems, and anything else you have attached. With Defender for Endpoint, you need to have an operating system—Linux, Windows, et cetera—to deploy it. A refrigerator or a camera or a security device doesn't really have a Windows-based operating system on which to deploy the agent. So IoT, within Defender, will scan those devices, find them, and let you know that it found them. It does that out-of-the-box with Defender for Endpoint. If you want to see the actual operating system of IoT devices and get alerts that something is out of date or has vulnerabilities, you have to get a subscription to IoT, which I hope to do. There's a lot to learn when it comes to using Defender for Endpoint to automate routine tasks and find high-value alerts. KQL is a structured query language for hunting. If I have data ingestion from M365 logs, Defender for Containers, Defender for Storage, and AWS, Defender for Endpoint or Sentinel will allow me to hook up connectors to pull all of those logs into a "master database" with different tables that contain those logs. There are routines that are already written that say, "If you're looking for this type of an event that started with this application that went to a SQL server that was stored on this server that was accessed from a laptop where the guy went through a browser and went to this particular rogue network," and they access all those tables in that master database. KQL allows me to tap into each of those different tables and correlate like events or like data, and pull it all into an alert or a threat hunt. It's something to master. It's sort of like regular SQL, but there are a lot of tables and schemas and you have to know what the tables and headers and columns and fields are, and then the syntax. It does threat-hunting really well with the canned queries that it has. But if you're looking for something in particular, you need to learn KQL. A SQL Server database admin would know SQL and how to pull data out of tables and do joins, commits, and transaction rollbacks. KQL is on that same level where you have to be an expert in KQL to actually pull all that stuff together. It's quite the learning curve, but there are courses out there that teach you. I've been doing systems administration and engineering server admin things for quite some time, a couple of decades since Windows came out, and a little bit before that. But jumping over into the security space for my home business, and putting all these things together with Defender and Sentinel, has been a learning curve. It has slowed me down a little bit. A while back, security was always an issue for security teams. Now that I'm working on my own company, I'm a one-man show. But at the same time, I know there are a lot of bad actors out there.

UJ
Real User
Top 20
2023-01-18T21:21:00Z
Jan 18, 2023

Microsoft Defender decreased our time to detect and time to respond. However, we didn't completely rely on one solution. We had other means as well. We used to have another EDR solution as well, and we used to run both together. I would definitely agree with a security colleague who says that it’s better to go with a best-of-breed strategy rather than a single vendor’s security suite. For example, if you are a one-vendor customer, the day the vendor gets hit with zero-day or any huge attack, none of your tools or software would work. Your data and other things are also at risk. So, having multiple vendors is good because you'll be covered by different products. Microsoft Defender's threat intelligence helps to prepare for potential threats before they hit and take practice steps, but there was another team that was using the threat intelligence and reporting capabilities to see whether the organization was ready. In my previous organization, we had overall IT support, which was then divided into nearly 20 different teams. We had one team specifically to do one specific job. For prioritization of threats, if I'm not wrong, Microsoft Defender gives you a severity value. I haven't been in the admin part for long, but it gives you a severity value. Based on that, you can prioritize your threats. I would rate Microsoft Defender an eight out of ten.

Harris Koko - PeerSpot reviewer
Real User
Top 20
2023-01-17T03:23:00Z
Jan 17, 2023

If you're considering working with Microsoft Defender, the first thing you need to do is an inventory of the infrastructure. We need to know what the client has: how many Windows Servers, how many Linux servers, and how much content. And then you need to know what you want to do with the devices. Some devices are not supported anymore. We need to know which devices the client wants to be covered by Defender. A lot of times, we want to work with Sentinel because it's the best on the market. But Sentinel is more tricky to put that in place. But when you advise a client on security, of course, you propose a lot of solutions, including Defender and Sentinel. You propose the best on the market to improve their security. Usually, they go for Microsoft Defender, but for Sentinel, sometimes it takes time. They say to us, "We don't have the money right now, let's wait two years." On many of my projects, my clients have already worked in the cloud and they want to start working with Azure. That's why Microsoft Defender is a good tool to implement. There are times we advise the client about Sentinel but they already have a SIEM solution like Splunk. Defender for Endpoint does not help us automate routine tasks right now because it's extra work. I know we could put that in place, but often, when we start working with a client in the cloud, we spend a lot of money on that. I know, in the day-to-day operations of the security teams of our clients, they have so much to do and it would be really good to implement automation. We propose it to our clients, but it's up to them to decide if they want to do it. The threat intelligence can help prepare for potential threats before they hit, but this is also something we need to talk to the client about. Sometimes, it's not in our hands. We can propose things to the client, but they have to choose. So far, after proposing these kinds of things to clients, I haven't received their agreement. This part of the solution is really interesting, but it can also be expensive for some clients. It depends on their budget. And in terms of using multiple vendors for security or a single-vendor security suite, in my current company, we generally advise our clients to have different vendors, but it depends on the client. I, myself, am not a risky guy. But a lot of our clients have Microsoft products, and we'll advise them to use Microsoft products. You don't want to go to war with your client. Sometimes, they want to work with a lot of different products, but when you try to do that it can be really expensive because you need to work on the connections between them. I usually advise Microsoft because it's very easy and a lot of clients already have Windows Servers, et cetera. It really depends on each case. It depends on who is paying, who is asking, and what they want.

AP
MSP
Top 20
2022-11-21T19:24:00Z
Nov 21, 2022

To a security colleague who says it’s better to go with a best-of-breed strategy rather than a single vendor’s security suite, I would agree. I prefer multiple vendors. I am not in favor of implementing Microsoft products in all areas because, in every domain, there are some specialty products. You should focus on that and see how to make your organization much safer. Every organization claims that it has all the products, but all the products are not good. That's why you have to find out the best one and put it there. I would recommend comparing it with other products and defining what are the most important needs for your organization. You may not require all the features. Microsoft Defender includes a lot of things. Microsoft Defender has its own MCAS solution. It also supports DLP, which is not yet mature. You should see what is required for your organization and then do a testing or PoC on that. Microsoft Defender works well with Microsoft products. You can implement or install it on the Windows platform, but you will have to find another way to track non-Windows platforms, such as Linux platforms or Unix platforms. Similarly, Microsoft Sentinel does the analysis for Microsoft products in a better way, but they are yet to catch up when it comes to non-Windows products. It lacks when it comes to analyzing non-Windows products. It isn't able to identify all the threats properly. The number of false positives is much more compared to other products, but still, Microsoft Sentinel is one of the leading products in the market. It has developed a lot as compared to what we saw one year ago. It enables you to ingest data from your Microsoft environment, but I am not sure about the non-Microsoft environment. This data ingestion is very important. Without ingesting all the logs to your SIEM, you can't monitor the threats. When it comes to security products, they need to be product-independent. In terms of cost, it is almost similar to other products, but it is a little bit cheaper than Splunk. In terms of ease of use, on the Windows platform, it is very easy to use, but it is not so easy for non-Windows platforms. Overall, I would rate Microsoft Defender an eight out of ten.

Keith Bird - PeerSpot reviewer
Real User
Top 20
2022-10-09T22:47:00Z
Oct 9, 2022

I would rate this solution as eight out of ten. If you have the money for it, I would recommend the Microsoft security solution. I would recommend a single-vendor strategy if you have the money for it. I believe in defense in depth. Regarding endpoint protection, I think it's better to stick with one vendor. In my previous organization, they had conflicts between MDE and McAfee. McAfee would read MDE as a virus, and MDE would read McAfee as a virus. The problem with endpoints is that if you have more than one solution, each of those solutions will see the other guy as a virus or potential virus. When it comes to endpoint protection, I would go with a single vendor.

Daniel_Ndiba - PeerSpot reviewer
Real User
Top 20
2022-10-09T19:38:00Z
Oct 9, 2022

If you have a big team, then you can go with a best-of-breed strategy where you have dedicated teams that are looking at your endpoint protection, email protection, network protection, and so on. You may have a SOC team as well that gets the events and incidents from all of the different teams, analyzes centrally and provides a general view from a security operations perspective. In summary, if you have a well-resourced, mature organization, then it may make sense to go for the best-of-breed strategy. However, if you have an organization without a big security team, it makes sense to have a single vendor's suite. At times, it may appear to be a single point of failure, but in terms of management and usability, it's a bit easier to work with and deploy. It will give you some level of visibility that will cut across the different domains. Overall, Microsoft Defender for Endpoint is a good solution, and it'll give you good visibility and protection. It's worth considering, and I will rate it at eight on a scale from one to ten.

FM
Real User
Top 20
2022-10-09T19:28:00Z
Oct 9, 2022

I would rate the solution eight out of ten. The infrastructure team has bi-directional sync capabilities set up and running well. It's essential when it comes to having hybrid cloud solutions and cloud solutions from different vendors. Various systems need to have seamless communication and shared issue reporting. Microsoft is increasing its data connectors, which is very helpful for ingesting data from different feeds, though some elements aren't fully fleshed out yet. How much data needs to be digested depends on the enterprise; every SIEM tool has a price to pay for how much data is ingested. The simple answer is that Sentinel allows us to ingest a ton of data, and that's vital. If we can't see a threat, we can't detect it and protect against it. Sentinel enables us to investigate and respond to threats from one place, which is very important for us. This is an area Microsoft has improved because we used to have to go to three different portals for our security picture. Now, everything we need to find can be seen in one pane of glass in Sentinel, whether we are looking at alerts or incidents. The comprehensiveness of Sentinel's protection depends on an organization's security program's maturity and capacity to leverage the solution. There's room for growth, but Microsoft is making good strides in the machine learning and AI portion of its product. The setup and fine-tuning of the tool play a significant role in how smoothly SOAR operates and whether it fulfills an organization's specific requirements. The default playbook may not fit with needs precisely, and staff with knowledge of Kusto Query Language are necessary for fine-tuning. A certain level of expertise is required to leverage Sentinel's sort and machine learning capabilities fully. I don't know how much Sentinel costs as I don't see the bills, but the biggest standalone SIEM and SOAR competitor is Splunk. Splunk does a better job but is also much more expensive; people often complain about the cost. I can't compare the value and pricing of the two as I need to know precisely how much they cost. Splunk is supposed to have changed its pricing model to become more affordable recently, and I wonder if Microsoft did the same with Sentinel. However, because Sentinel integrates with other solutions an organization may already use if they're a Microsoft shop, it makes it worth the price. When it comes to a best-of-breed versus a single vendor security suite, it depends on the people higher up in the organization and usually comes down to cost. Everyone wants the best of the best, but only some companies are capable or willing to pay for that because it can be costly. Microsoft is trying to provide a pricing model that encourages customers to use a suite that seamlessly integrates with Windows and server OSs and increases integration with Linux and Mac OSs. That can provide a better ROI than getting the best of the best but having limited visibility and integration with other tools and the network. Microsoft leverages the security suite model as its selling point, and it's working for them. I advise potential customers to read up on the community boards and look into their specific needs. Defender for Endpoint is a good competitor for those looking for an EDR solution, and for those looking for a complete security suite, it's one of the better choices. The tool is competitive, but there are other choices if a company wants the best. Microsoft Defender for Endpoint is in the top three, only considering EDR, but for those looking for a line of products to protect their company and thereby make some savings, it's one of the premier choices.

AnuragSrivastava - PeerSpot reviewer
Real User
Top 10
2022-10-09T17:07:00Z
Oct 9, 2022

Your use cases, how your organization is configured, and what your infrastructure is like will determine whether you go with a best-of-breed strategy rather than a single vendor's security suite. From a cost perspective, I think it's better to just go with one technology because when you have two technologies in place, there may be conflicts with policies that may result in additional time spent investigating. However, if an organization has a high number of macOSs and they have a lot of Linux servers, they may choose to go with two technologies if Microsoft Defender doesn't provide a complete set of security capabilities. Before you implement the solution, first see what your use cases are and what you're actually looking for. Then, define your environment and what you're going to protect first, whether they be application servers or just endpoints. Then, you can have a detailed discussion with the implementer or vendor. On a scale from one to ten, I would give Microsoft Defender for Endpoint an overall rating of seven.

David Frerie - PeerSpot reviewer
Real User
Top 5
2022-09-15T03:23:00Z
Sep 15, 2022

In theory, the best-of-breed strategy is not secure, and practically, a single vendor's suite is better because there is only one contact. I would recommend trying Microsoft Defender for Endpoint and would give it an overall rating of nine on a scale from one to ten.

RB
Real User
Top 20
2022-09-14T04:47:00Z
Sep 14, 2022

I would recommend Microsoft Defender. They are a leader, and they have many deployment use cases. However, it also depends on the requirements of a company. There is no one-size-fits-all. Each company has its own unique requirements. I would rate it an 8 out of 10.

KF
Real User
Top 20
2022-08-28T04:07:00Z
Aug 28, 2022

I would advise following those secure scores and watching out as you start to communicate with your user base because you're going to impact applications. To a security colleague who says that it is better to go with a best-of-breed strategy rather than a single vendor’s security suite, my response would be that you got to measure trying to do the integration because with security, to me, bringing that integration together is the key thing. You need to know how quickly you are going to be able to move from your detection to your mitigation. Are you going to turn on things on the firewalls or can you go right to the devices and isolation? The best of the breed is great, but trying to get them all to work together becomes very complex. I would rate it an eight out of ten.

Siddip Neduri - PeerSpot reviewer
Real User
Top 10
2022-08-14T13:49:00Z
Aug 14, 2022

We are not using Microsoft Sentinel. It will create alerts regarding VMs or storage but the cost is very high. Sentinel is not going to help much more when compared with Defender for Endpoint. Sentinel isn't preferable. It only creates alerts. There is not that much impact on the organization if it uses Sentinel also. Microsoft Defender for Endpoint is a very good solution. I recommend using it.

Harsimran Sidhu - PeerSpot reviewer
Real User
Top 20
2022-08-10T08:53:00Z
Aug 10, 2022

Work on Sentinel. It has a lot of power versus the Microsoft Defender solution.

Gregory Leiby - PeerSpot reviewer
Real User
Top 20
2022-08-04T21:03:00Z
Aug 4, 2022

First, have an understanding of Microsoft's best practices. Second, understand that Defender for Endpoint is part of the operating system. It is not a "bolt-on," like most antiviruses are. There are going to be some differences in how Defender interacts with an operating system, compared to an external solution. Be prepared for that. It helps prioritize threats across an enterprise to some extent, but we haven't delved that deeply into that part of Defender yet. The solution hasn't saved us time but I'll qualify that with the fact that we are in migration, moving to a new system, which is Microsoft, and that always takes more time and effort, as we work through the teething troubles. That is not necessarily a reflection on Microsoft. It's a reflection that anytime you move from one system to another, it takes a while before the teething troubles are smoothed out. If a security colleague said to me that it's better to go with a best-of-breed strategy rather than a single vendor security suite, I would say there are pros and cons. It would have to be a discussion about what they need to achieve and their thoughts on why a particular solution would seem best. On a high level, there are good and bad reasons for all kinds of solutions. Without having a clear understanding of what is trying to be achieved, it's really difficult to say whether one is particularly good or bad.

BA
Real User
Top 20
2022-08-04T07:57:00Z
Aug 4, 2022

I would advise comparing it with others. If your environment is mostly Microsoft, it makes sense to use Microsoft Defender as part of your deployment. I would rate it a nine out of ten.

YB
Real User
Top 20
2022-07-31T15:20:00Z
Jul 31, 2022

I rate Defender for Endpoint nine out of ten. It's great. I don't have anything negative to say about those technologies. They are serving their purpose.

TK
Real User
Top 20
2022-06-28T00:47:00Z
Jun 28, 2022

At the moment, it is one of the best security platforms for endpoint security in the market. It is comparable to SentinelOne in terms of features and functions. It is part of Microsoft's ecosystem. If you need a reliable and secure work environment, and you are bound by GDPR and other standards where you have to take care of your data and prevent breaches and unauthorized access, it is a great solution. The E1, E3, or E5 license contains Defender for Endpoint along with many other solutions. Having just the scanner is not enough these days. You need an overview of your whole environment. You need to make sure that your endpoints are encrypted, they are up to date, and they are correctly using zero-trust relationships for your central services. All these things that you need these days are perfectly implemented in the solutions that Microsoft provides. This is the only way for a company that takes data seriously and has to give a guarantee to customers that data is protected. It is resource-intensive, but you have to take into account that it is not only a file scanner. It is continuously scanning every connection you make on the internet. It is deeply investigating the data that you transport and the connections that you make. It is scanning your files, and it is scanning your software against all kinds of knowledge bases to identify whether there are vulnerabilities in the software that you use. It is a solution that integrates almost everything. It is doing what a central firewall did before, but it is doing that in a distributed way on your device. So, it does so much more than you expect. If you are providing it to your users, you have to take its CPU consumption into account, and you need to provide sufficient CPU power for this. I would rate it an eight out of ten.

TL
MSP
Top 20
2022-06-06T20:39:00Z
Jun 6, 2022

My advice regarding Defender is the same for any other security solution: Check what you need, what types of logs and whether you will consolidate these logs in another tool. What type of knowledge will you bring from those tools to create and apply new policies and anticipate security problems? Always check your needs with the business case. Aligning them will help determine what you need to buy. Check inside Defender to see what you need to activate. Every new feature you activate inside the cloud is billed and you need to understand if you really need each feature. Defender has some effect on the endpoint itself but it does not change the user's work processes. It is a single tool on the endpoint to monitor the activities that happen there, but it does not affect the end-user. But you need to understand the limitations. There are some limitations with Defender when it comes to non-Microsoft solutions. But that's not unique to Defender. It's the same with every tool. You need to understand its limitations.

Prosanjit Mondal - PeerSpot reviewer
Reseller
Top 20
2022-05-13T10:02:00Z
May 13, 2022

My advice to people looking into implementing Microsoft Defender for Endpoint is to do it very fast because the tool is changing very rapidly, so if you are a novice and you are just learning, what you learn might get changed in the next quarter. Some of the functionality might get changed, so you need to keep up with the changes, and you need to learn quickly and implement Microsoft Defender for Endpoint fast. My rating for Microsoft Defender for Endpoint is seven out of ten.

SAMUELMWANGI - PeerSpot reviewer
Real User
Top 5
2022-05-05T14:09:07Z
May 5, 2022

I'd rate the solution seven out of ten.

TW
Real User
Top 10
2022-05-04T13:03:09Z
May 4, 2022

I rate Microsoft Defender for Endpoint a seven out of ten.

Carlo Du Plessis - PeerSpot reviewer
Real User
Top 5
2022-05-03T08:30:32Z
May 3, 2022

I recommend this solution and rate it eight out of 10.

CL
Real User
Top 20
2022-05-02T14:19:13Z
May 2, 2022

I rate Microsoft Defender for Endpoint eight out of 10. It's a cost-effective solution for Microsoft shops.

NS
Real User
Top 20
2022-04-28T08:48:20Z
Apr 28, 2022

My advice would be to plan carefully and make sure you take notice of what's coming out because it pushes out a lot of very useful information. It's a matter of having sufficient staff because the amount of information it gives you is phenomenal. If a company doesn't have sufficient resources then any other antivirus might work, but this thing produces so much useful information that if you're implementing this solution it's worthwhile having the staff to deal with it. I rate this product 10 out of 10.

JamesYa - PeerSpot reviewer
Real User
Top 5Leaderboard
2022-04-12T19:40:17Z
Apr 12, 2022

I would recommend this solution to others. I rate Microsoft Defender for Endpoint a nine out of ten.

ZA
Real User
Top 20
2022-04-07T14:48:41Z
Apr 7, 2022

I would rate this solution 7 out of 10.

SC
Real User
Top 5
2022-03-28T13:59:03Z
Mar 28, 2022

I rate Microsoft Defender for Endpoint an eight out of ten.

Daniel Bagley - PeerSpot reviewer
Real User
2022-03-24T13:43:15Z
Mar 24, 2022

Microsoft Defender for Endpoint has improved a lot over the years and it is a lot better now. I would recommend this solution to others. I rate Microsoft Defender for Endpoint an eight out of ten.

Peter Arabomen - PeerSpot reviewer
Real User
2022-03-22T20:41:39Z
Mar 22, 2022

We've been working with various Microsoft solutions, e.g. Microsoft Defender for Endpoint, Microsoft Azure, etc. Microsoft Defender for Endpoint has been awesome, so far. I wasn't around during the setup of the solution, so I have no idea on how long setting it up took. We have 6,000 end users of Microsoft Defender for Endpoint within the company, and it's being used on workstations, servers, and mobile devices. I'm rating Microsoft Defender for Endpoint nine out of ten. I found it to be a good product. It's a fine product.

UchechiSylvanus - PeerSpot reviewer
Real User
Top 5Leaderboard
2022-03-22T19:20:36Z
Mar 22, 2022

I would recommend this solution to others who are interested in it. I would rate Microsoft Defender for Endpoint an eight out of ten.

YS
Real User
2022-02-18T09:20:39Z
Feb 18, 2022

New users who are leveraging Microsoft can decide if they want to use Defender. It's already there - you can either activate it or not, depending on your preference. It's nice that you have a choice. Many companies find Defender is enough for them, however, if you want more security, you may be able to add other firewalls or security features to your existing infrastructure. I'd rate the solution at a seven out of ten.

AR
Real User
2022-02-17T12:14:09Z
Feb 17, 2022

If I do recommend it, it will not be solely for security purposes. It is possibly for a first-line security platform, and it is required to build a second, third, and possibly fourth business security layer. I would rate Microsoft Defender for Endpoint a seven out of ten.

Fellipe Abib - PeerSpot reviewer
Real User
2022-02-16T01:11:27Z
Feb 16, 2022

I'm using Microsoft Defender for Endpoint for myself and for my clients. I'm a partner of Microsoft. I'm the one in charge of the deployment and maintenance of this solution. My advice to someone planning to use Microsoft Defender for Endpoint is that it's super easy to understand, whether you have no prior knowledge of it, or you want to learn more about it. You can also learn more about security, particularly information security. My rating for Microsoft Defender for Endpoint is nine out of ten.

VA
Real User
2022-02-14T09:57:00Z
Feb 14, 2022

Defender is an ideal solution for web security. I would rate it as seven out of ten.

MP
Real User
2022-01-13T09:27:00Z
Jan 13, 2022

Currently, we have not experienced or seen any challenges with Microsoft Defender for Endpoint. Our customers are mostly medium-sized companies. My advice to people thinking about implementing Microsoft Defender for Endpoint is that it is good, in relation to Windows, but if they want to have a holistic product in relation to Linux and other systems, they need to consider other products. I'm rating Microsoft Defender for Endpoint an eight out of ten.

VP
MSP
2021-12-23T12:33:00Z
Dec 23, 2021

Anyone on Windows 10 Enterprise should choose this solution. It really depends on the volume. You need one senior architect who can just define the entire thing: the device, network configuration, etc. You will also need some Level 1 engineers who need to keep on monitoring the devices and do onboarding. If they are using the latest version of Windows 10, then you can do the onboarding via Intune, Endpoint, etc. My rating for this solution is an eight out of 10.

HL
Real User
2021-12-06T10:44:05Z
Dec 6, 2021

I rate Microsoft Defender an eight out of ten. I would recommend it to others, but it depends on whether they have their own policy for deploying antivirus products. It's good for some users who have some preferences—who need to follow their security policy or who have some budgeting issues.

OK
MSP
Top 5Leaderboard
2021-12-02T19:07:54Z
Dec 2, 2021

I will rate Microsoft Defender eight out of 10 for now, but we need to evaluate it more, especially the virus detection, which still isn't proven. I think we need to evaluate it first. Yes. I wouldn't recommend it for end-users who already have a more capable antivirus solution. But if someone would like to try in a small environment, we can recommend Defender security.

WG
Real User
2021-12-01T13:03:00Z
Dec 1, 2021

I would recommend Microsoft Defender for Endpoint.

WK
Real User
2021-11-04T11:42:00Z
Nov 4, 2021

I would recommend this solution. I would rate it a seven out of 10.

DB
Real User
2021-10-20T15:58:23Z
Oct 20, 2021

I rate Microsoft Defender for Endpoint eight out 10. I would recommend it to others.

MK
Real User
2021-09-19T09:27:00Z
Sep 19, 2021

We are a Microsoft Customer. I'm not sure if I would recommend the solution to others. It depends on their requirements. It needs to fit a company's use cases. I would rate the solution at an eight out of ten.

KF
MSP
2021-09-15T08:43:00Z
Sep 15, 2021

I'm a consultant. I primarily work with Microsoft and I do the threat management and check vulnerabilities on the database. I'm looking for something that is not super expensive yet covers vulnerability management and where you can pick the products, and pick alerts, and you get a weekly digest report, just so that we can better manage everything. I work with pretty much all of the 365 products. I'm pretty widely experienced in Defender. I work for a managed service provider. I'm one of the people that's, besides having my Microsoft Azure architecture, Azure security, Microsoft 365 expert level, plus M365 security knowledge. I focus on Azure and M365 security. For Microsoft Defender, the product is cloud-based, therefore it is managed and it's updated constantly. I would advise users to take advantage of Microsoft integrations. I would suggest that they put it all together, so they can use it as a full bundle. I'd rate the solution at a ten out of ten.

TG
Consultant
2021-09-01T20:09:00Z
Sep 1, 2021

My advice would be to start small, don't start a project thinking that it's the best solution, and bowl it out straight away. Take your time. Don't think that you'll be able to incorporate the platform within a month, although that would depend on the size of your business. Take your time, there's no rush, be patient. Because there will always be some problems. I would rate it an eight out of ten.

ZG
Real User
Top 20
2021-08-25T21:53:00Z
Aug 25, 2021

I rate Microsoft Defender for Endpoint a ten out of ten.

OP
Real User
2021-08-25T17:48:00Z
Aug 25, 2021

We are customers and end-users. This Microsoft security platform is very much a SAS platform. It's playing together with all the other security products from Microsoft and the company is using the Azure platform to collect the information and to work on the main refine security findings. It's working very well together with the Microsoft Cloud solution for security. It's my understanding that they call it the security graph. It's quite important that they are communicating together. Windows Defender, ATP is delivering a lot of telemetry to that form and correlating it with telemetries. The reason why we have implemented DHCP part is due to the fact that we bought a Microsoft E5 license with a lot of security enhancements. I've only seen it in the implementation and design phase, however, it's pretty good. That said, it's also within the environment of a large company where the processes can be a bit difficult. I'd advise users to integrate it into their security operations center so that they can have the full benefit of the product. I'd rate the solution at an eight out of ten.

GH
Real User
2021-08-07T04:50:00Z
Aug 7, 2021

The organizations I have worked with that are using Microsoft Defender for Endpoint are mostly small- and medium-sized businesses. Our larger customers are generally not using it. There was a service built within our organization, a service that is very much hooked in with CrowdStrike. If you've ever seen the CrowdStrike products, you'll understand why. They are pretty impressive products. They do some things that help them see malicious activity in near real-time. Can they react to it in near real-time? No. But like everybody, they are trying to find a way to be able to react faster. They just bought a company called Humio, which is a SIEM/SOAR product I referred to earlier that does not store events directly to disk, so it can act on things much faster. Used alone, I would rate Defender for Endpoint a seven out of 10. When integrated with other Microsoft products, I would give it an eight. It really depends on other pieces of the solution for Zero trust to work properly. It won't work well if you deploy it by itself. If you're going to use Defender for Endpoint, you should also use Defender for Identity, Defender for Office 365, and the full gamut, including MCAS and MIP, and then you will need your SIEM/SOAR. It's a long journey. And you had better have done your identity very well. If you haven't, it won't really matter what you throw in place, once they breach your identity plane. That's the most important one. I can put every possible safeguard in place, but if someone gets the keys to the kingdom, I might as well just turn them off.

SV
Real User
2021-07-26T18:14:44Z
Jul 26, 2021

I would recommend this solution and rate it a seven out of 10.

MD
Real User
2021-06-21T21:11:00Z
Jun 21, 2021

I would definitely recommend others to go with Defender ATP if they have got the licenses because it can give them a wide range of security controls. It is integrated with Office portals and Microsoft monitoring systems, so they get the sensors from different places. We haven't come across any security threats yet. From the point of view of its theory, implementation, and architecture, Defender ATP and other ATP integrations would definitely help customers in controlling their organization and implementing the best security rules and policies. It hasn't affected the user experience much for our customers. Customers only see the notification pop up saying that Defender hasn't found anything and things like that. I would rate Microsoft Defender for Endpoint a seven out of 10.

JA
Real User
2021-06-21T11:01:00Z
Jun 21, 2021

In terms of the end-user experience, end-users don't like to be bothered with the virus scan. A virus scan is always annoying for the end-user. An end-user cannot actually configure the antivirus and only gets a notification if something is wrong or some malware is found. That's it. There is not really an end-user experience. The performance of the client is fine with Defender. We are not encountering many performance issues or any serious issues with Defender. When we turned over to Defender, some of the applications that were functioning absolutely flawlessly with McAfee started to have serious performance issues. So, we had to define an exclusion list for some of the processes or applications, but there are always some applications that needed exclusions for McAfee or Defender. I would rate Microsoft Defender for Endpoint an eight out of 10.

Anthony Alvarico - PeerSpot reviewer
MSP
Top 10Leaderboard
2021-06-09T23:41:25Z
Jun 9, 2021

If you're looking for anti-virus software, use the one that comes with Windows 10, and save your money. On a scale from one to ten, I would give Microsoft Defender for Endpoint a ten.

OC
Real User
2021-06-07T12:24:00Z
Jun 7, 2021

When we initially implemented Windows Defender, we were pessimistic about whether it would be good enough. However, it is a pretty mature product now. My advice for anybody who is considering this product is that it's good, and it gets results early. I would rate this solution an eight out of ten.

EG
Real User
2021-06-03T09:41:00Z
Jun 3, 2021

Make sure you read the documentation and understand what else is required before you get started. I would rate it a seven out of ten. I don't think that another tool is doing anything better, or this one doesn't. It's just about using it and seeing where to find the stuff.

AM
Real User
2021-05-31T19:06:00Z
May 31, 2021

I would recommend my friends and colleagues use Microsoft Defender because it always protects us against ransomware and viruses. In summary, this is a great product. I would rate this solution an eight out of ten.

Juan Jose Anaya - PeerSpot reviewer
Real User
Top 10
2021-05-21T09:48:30Z
May 21, 2021

I would recommend this solution to others. I rate Microsoft Defender Antivirus an eight out of ten.

NK
Real User
2021-04-26T18:37:00Z
Apr 26, 2021

Defender for Endpoint is marketed as an endpoint detection and response tool, but for others who are looking at onboarding it, they should take it as a holistic tool that provides AV, EDR, and vulnerability management all in one. However, it does not provide very good integration with third parties.

KE
Real User
Top 20
2021-04-02T17:14:02Z
Apr 2, 2021

Microsoft Defender for Endpoint is quite good. We haven't really experienced any issues with it. I would recommend Microsoft Defender for Endpoint to other users. Overall, on a scale from one to ten, I would give this solution a rating of eight.

JL
Real User
2021-03-24T13:16:31Z
Mar 24, 2021

It's pretty good. I would rate this solution a nine out of ten.

KM
Real User
2021-02-17T12:23:55Z
Feb 17, 2021

Overall, on a scale from one to ten, I would give this solution a rating of nine. Some integration components on Mac should be improved. It should be more stable on Mac. If they fixed this, I would give it a rating of ten.

MS
Real User
Top 10
2020-12-21T17:11:02Z
Dec 21, 2020

We are considering moving to another solution, so we are trying to inform ourselves about the other products in the market that will fit our budget and needs. We are trying to see what the competitors offer in the server market. We are looking into ESET NOD32 because we know the product from back in the day. I would recommend this solution. It is free, and it is doing its job for Microsoft Windows Server. It is a good product. I would rate Microsoft Defender for Endpoint a nine out of ten.

PT
Real User
2020-12-16T16:00:26Z
Dec 16, 2020

I would recommend this solution to others. I have a lot of good things to say about it. We are still navigating through it, and it has been working very well. We will absolutely keep on using it. I would rate Microsoft Defender for Endpoint an eight out of ten.

PT
Reseller
2020-10-27T21:07:18Z
Oct 27, 2020

I have never touched this product. I'm just selling it, and I don't recommend it to anybody as a standalone solution. I would rate this solution a five out of ten.

NK
Real User
Top 5Leaderboard
2020-10-20T04:19:19Z
Oct 20, 2020

It's a good solution. I would recommend Microsoft Defender ATP to anyone who is interested in using it. I would rate Microsoft Defender ATP a seven out of ten.

Nadeem Abdulla - PeerSpot reviewer
Real User
Top 10
2020-10-07T07:04:37Z
Oct 7, 2020

Because of my lack of knowledge or experience with the solutions full capacity, I cannot recommend this solution or offer any advice. I would rate this solution a five out of ten.

SA
Real User
2020-09-17T08:06:02Z
Sep 17, 2020

I would suggest that if you're already using Microsoft products, then I think it makes sense to go with Microsoft Defender over any other product. I would rate this solution an eight out of 10.

Anthony Alvarico - PeerSpot reviewer
MSP
Top 10Leaderboard
2020-09-13T07:02:19Z
Sep 13, 2020

My advice for anybody who is implementing Windows Defender is to purchase the ATP, which is in addition to the version that comes with Windows 10. This will allow you to really get the benefits and manage your organization's endpoints as a whole. This requires a presence in the Microsoft environment, such as a subscription to Office 365 or Azure. I think that people should explore Windows Defender before looking at third-party products. While they are not a pioneer in anti-malware and anti-virus software, they are attacking it and they have a good budget. The advanced threat protection has a large cloud presence in Azure that we can take advantage of, and they update their product frequently. As soon as there is a new threat, they act on it right away. I would rate this solution a nine out of ten.

Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks. With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to...
Download Microsoft Defender for Endpoint ReportRead more

Related Q&As