System Administrator at a non-profit with 201-500 employees
Real User
Top 20
2023-04-16T15:49:00Z
Apr 16, 2023
I've been using it for endpoints and for Microsoft 365, along with Microsoft Defender for Identity. I use it to create policies for anti-spam, anti-malware, anti-phishing, as well as safe links. I also use it for the security score, making sure that our company achieves a good security score across the organization.
The main use case has been for threat hunting, not in the sense of actively looking for the threat, but in terms of analyzing the ongoing process within clients' machines. I was looking into what kind of changes happen when you install any new software and it asks for so many permissions. I wanted to analyze the criticality of the permissions being asked and so on. Usually, when we install any software, we just click next, next, and next. We don't look at the details. So, my role was to check how it behaves within a system. For that reason, I used Microsoft Defender. I used the query language to do advanced threat hunting. I ran different queries to collect the data. The data was then brought into Power BI. We had data coming from different channels. So, we used Power BI to collect it at a single point.
Microsoft 365 Consultant at a tech services company with 5,001-10,000 employees
Real User
Top 10
2022-10-26T20:22:00Z
Oct 26, 2022
Almost every use case is about security layers for messaging in Teams and for email. It especially used for phishing filters, spam filters, and composite authentication, as well as Zero-day advanced protection, and for protection within already received emails. Clients are also looking for link protection in Teams and in SharePoint.
Regional Director, Cloud Lead Architect at Cloudeteer GmbH
Real User
Top 10
2022-09-13T22:50:00Z
Sep 13, 2022
We mainly use this solution for security reasons. We use it for the complete stack of email security so we don't have to use a third-party tool, and we use the extended security features that are included in M365, like sandboxing. The solution is deployed on the Azure cloud. We're a cloud-only company, so we only deploy cloud workloads, but we also have customers with legacy systems. If we're not able to migrate them to Azure, Defender for the server can be deployed on-premise. The solution is deployed across Germany in four regions: Munich, Cologne, Bremen, and Hamburg. However, most people work from home. There are about 50 endpoint users, but we have customers with thousands of users. We focus on customers with a thousand seats or more. We use the entire M365 E5 license for everything that's going on in the M365 world. We try to accomplish everything we need with Microsoft products. It was very easy to integrate the solutions. We integrated them so we could have an overall good view of our assets. The installation was fully automated via Intune.
Consultant at a tech services company with 1,001-5,000 employees
Real User
Top 10
2022-08-23T07:23:00Z
Aug 23, 2022
Microsoft 365 Defender is an extension of Windows Defender. Windows Defender is an AV that is integrated with Windows OS, and with this extension, you also get the EDR functionality for security purposes. Microsoft 365 Defender gets more access to the device and provides more insights and control over that. Apart from the Windows platform, it also includes other OSs, such as Linux and macOS. We do have multiple options for deployment. We did deploy it on the cloud. We got the on-cloud license, and we onboarded our devices to the portal. The portal is deployed on the Azure cloud.
Security and Compliance Engineer - Data Protection at a tech services company with 1,001-5,000 employees
Real User
Top 10
2022-07-28T15:30:00Z
Jul 28, 2022
We are a Microsoft partner and we have clients who are Microsoft 365 administrators in several companies. They are looking for ways to secure their tenants and make sure that their security is top-notch. That's where Microsoft Defender comes in. We use Microsoft 365 Defender for security and compliance to secure tenants from malicious attacks, including spam and phishing attacks. And when it comes to compliance, it is used for data privacy and data protection to ensure that very sensitive data doesn't go out to the wrong location.
Microsoft 365 Defender is one of the first layers to our security. It's our first layer security product, e.g. we use it, then we also use Exchange Online Protection for email, Safelink, etc. We always recommend these products to our customers, e.g. if the customer is using another third-party product. We are always recommending these compliance and security products, e.g. Microsoft 365 Defender, Cloud App Security, etc. We usually recommend cloud security because it connects all of these security and compliance products in one center to take logs and make them meaningful, plus you can also create alerts. We are also recommending it because of Microsoft Teams usage, especially because in Microsoft Teams, users sometimes do mass deletion, mass download, etc. We always say: "Let's connect your Cloud App security with your Azure Information Protection, with Microsoft 365 Defender and your Microsoft Teams, your Engula, etc. We find cloud security to be very useful.
We have very strong DLP policies. The product will inspect each and every outgoing email and what kind of attachments they have, including if any have business-sensitive information such as outgoing email going to some public domain such as Gmail or Yahoo. If the solution detects this, it'll raise an alarm and notify the required teams. On top of that, the incoming email will scan attachments for any potential malware tech or any phishing link.
Senior IT Executive and Operation at a tech services company with 51-200 employees
Real User
2021-04-08T21:04:51Z
Apr 8, 2021
The primary use case for Defender is to control the endpoint systems at the user level. On the networking level, we use it to analyze spam and see if any antivirus services are required or if there's a ransomware attack. As of now, I am just using it for monitoring.
Product Manager at a comms service provider with 501-1,000 employees
Feb 26, 2021
We are using the higher-level package which we have to pay a licensing fee for. There are different tiers. Ours includes extended detection with Advanced Threat Protection. It's the most powerful endpoint protection Microsoft offers.
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.
Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why.
You can read user reviews for the Top Extended Detection and Response (XDR...
Information Security Manager at a retailer with 10,001+ employees
Aug 5, 2022
Well, some times ago, EDR agents was moved to XDR but now, XDR is on "peak of inflated expectations", the second of five phases in product development hype. I'd rather wait a little bit, may be ZDR :)
I've been using it for endpoints and for Microsoft 365, along with Microsoft Defender for Identity. I use it to create policies for anti-spam, anti-malware, anti-phishing, as well as safe links. I also use it for the security score, making sure that our company achieves a good security score across the organization.
I'm a Security and Compliance consultant providing 365 Defender as a security solution for my clients.
The main use case has been for threat hunting, not in the sense of actively looking for the threat, but in terms of analyzing the ongoing process within clients' machines. I was looking into what kind of changes happen when you install any new software and it asks for so many permissions. I wanted to analyze the criticality of the permissions being asked and so on. Usually, when we install any software, we just click next, next, and next. We don't look at the details. So, my role was to check how it behaves within a system. For that reason, I used Microsoft Defender. I used the query language to do advanced threat hunting. I ran different queries to collect the data. The data was then brought into Power BI. We had data coming from different channels. So, we used Power BI to collect it at a single point.
Almost every use case is about security layers for messaging in Teams and for email. It especially used for phishing filters, spam filters, and composite authentication, as well as Zero-day advanced protection, and for protection within already received emails. Clients are also looking for link protection in Teams and in SharePoint.
We mainly use this solution for security reasons. We use it for the complete stack of email security so we don't have to use a third-party tool, and we use the extended security features that are included in M365, like sandboxing. The solution is deployed on the Azure cloud. We're a cloud-only company, so we only deploy cloud workloads, but we also have customers with legacy systems. If we're not able to migrate them to Azure, Defender for the server can be deployed on-premise. The solution is deployed across Germany in four regions: Munich, Cologne, Bremen, and Hamburg. However, most people work from home. There are about 50 endpoint users, but we have customers with thousands of users. We focus on customers with a thousand seats or more. We use the entire M365 E5 license for everything that's going on in the M365 world. We try to accomplish everything we need with Microsoft products. It was very easy to integrate the solutions. We integrated them so we could have an overall good view of our assets. The installation was fully automated via Intune.
Microsoft 365 Defender is an extension of Windows Defender. Windows Defender is an AV that is integrated with Windows OS, and with this extension, you also get the EDR functionality for security purposes. Microsoft 365 Defender gets more access to the device and provides more insights and control over that. Apart from the Windows platform, it also includes other OSs, such as Linux and macOS. We do have multiple options for deployment. We did deploy it on the cloud. We got the on-cloud license, and we onboarded our devices to the portal. The portal is deployed on the Azure cloud.
We are a Microsoft partner and we have clients who are Microsoft 365 administrators in several companies. They are looking for ways to secure their tenants and make sure that their security is top-notch. That's where Microsoft Defender comes in. We use Microsoft 365 Defender for security and compliance to secure tenants from malicious attacks, including spam and phishing attacks. And when it comes to compliance, it is used for data privacy and data protection to ensure that very sensitive data doesn't go out to the wrong location.
Microsoft 365 Defender is one of the first layers to our security. It's our first layer security product, e.g. we use it, then we also use Exchange Online Protection for email, Safelink, etc. We always recommend these products to our customers, e.g. if the customer is using another third-party product. We are always recommending these compliance and security products, e.g. Microsoft 365 Defender, Cloud App Security, etc. We usually recommend cloud security because it connects all of these security and compliance products in one center to take logs and make them meaningful, plus you can also create alerts. We are also recommending it because of Microsoft Teams usage, especially because in Microsoft Teams, users sometimes do mass deletion, mass download, etc. We always say: "Let's connect your Cloud App security with your Azure Information Protection, with Microsoft 365 Defender and your Microsoft Teams, your Engula, etc. We find cloud security to be very useful.
We have many clients that have large companies in the south region of Mexico. They use the solution for security.
We use Microsoft 365 Defender to help secure threats of the Office package, such as Word, Excel, and PowerPoint. Additionally, it can fix issues.
We have very strong DLP policies. The product will inspect each and every outgoing email and what kind of attachments they have, including if any have business-sensitive information such as outgoing email going to some public domain such as Gmail or Yahoo. If the solution detects this, it'll raise an alarm and notify the required teams. On top of that, the incoming email will scan attachments for any potential malware tech or any phishing link.
I use the solution for security against system threats.
The primary use case for Defender is to control the endpoint systems at the user level. On the networking level, we use it to analyze spam and see if any antivirus services are required or if there's a ransomware attack. As of now, I am just using it for monitoring.
We use the solution to back up our data frequently.
We primarily use the solution as security for our endpoints. It covers everything.