What is your primary use case for Microsoft 365 Defender?

Microsoft Defender XDR ( /products/microsoft-defender-xdr-reviews ) is our primary solution for security. We have a number of use cases across different environments, allowing us to secure all our use cases comprehensively.

We are yet to use Microsoft Defender XDR for ourselves as we are yet to procure the product.

We offer an MDR service and use Microsoft Defender XDR with Defender for Endpoint, Defender for Cloud Apps, and Defender for Cloud.

Our primary use of Microsoft Defender XDR is for threat hunting and monitoring potential threats entering through email and URLs. We use the full suite, including Defender for Endpoint, Defender for Office 365, and Defender for CloudOps, especially now that we have upgraded to M5.

The primary use case involves using Microsoft Defender XDR as a comprehensive security solution. This includes securing endpoints, user devices, SQL databases, containers, and third-party cloud solutions such as AWS and Google Cloud.

We use the solution for endpoints.

I'm using the solution for security.

Microsoft Defender XDR is our antivirus solution.

We use Defender XDR to assign roles and monitor based on the analytics report from Microsoft.

Extended XDR expands threat protection across endpoints, email, identities, and cloud environments.

We use Microsoft Defender XDR for our Microsoft 365 email service.

We are using Microsoft Defender for Office 365 for identity and email security, safe links, etc.

We typically use Defender's default settings and are implementing MITRE ATT&CK use cases on Microsoft Defender this year. We do manual threat hunting and check to see if there is a trending attack. We have the latest IOCs and sweep across the organization looking for them. When implementing Defender, we usually use its advanced hunting features to determine particular techniques used across the whole environment. We use multiple Microsoft security products, including Defender for Endpoint, Defender for Cloud Apps, Sentinel, email and collaboration, data loss prevention, and Microsoft Purview.

We implement it on client endpoints and server endpoints. We also integrate it with Microsoft Entra ID for the identity part because the security part of Microsoft Defender is completely correlated to user activity.

One of my largest customers deployed Defender for Endpoint, but they also wanted Defender XDR to get a specific feature. Defender XDR is included in the E5 license, but it's a bit too expensive. Our customer wanted Defender XDR's file integrity monitor tools for compliance. My client is using Defender with Sentinel, but I'm unsure how much they use it.

We are using Microsoft Defender XDR for our endpoint, desktop, and laptop protection.

Defender XDR is a solution that protects your enterprise systems and devices.

We provide services to medium-sized businesses in the banking and administrative sectors. We are also using Microsoft Sentinel and Defender for 365.

We use Microsoft Defender XDR to centralize our security solutions.

For endpoint protection, monitoring network traffic, and enabling automation of issues, we utilize Microsoft Defender XDR. If we are specifically referring to Defender for Endpoint, it is a perfect solution to monitor user behavior and activities across all of our web portals. This provides an easy way to analyze and generate reports about user online activities.

We use Microsoft Defender XDR for antivirus, threat intelligence, and email blocking.

We use Microsoft Defender XDR to secure data.

I'm managing the SIEM, but the SIEM is heavily integrated with 365 Defender and all the other components. Defender is a natural extension of Sentinel, and our entire SOC team leverages the solution. We utilize it daily for everything related to incident response from an advanced threat-hunting perspective. We do some KQL-based threat hunting and have set up some custom detections built into the platform, so we can raise an alert about a threat when we see it. Right now, we're onboarding our server environment to push Defender for server agents to see what that looks like. Defender is used widely by our SOC for everyday investigations. Our attack surface reduction teams use it for vulnerability information. Other teams at the company use the telemetry data, but it's primarily our SOC using it for incident response.

I work for a managed security service provider, where a dedicated team at our Security Operations Center manages the entire 365 Security Stack for our clients. This means we're constantly monitoring alerts, prioritizing incidents, and responding actively, leveraging automation features where possible. We also play a crucial role in the onboarding process, setting up and integrating security solutions with our platforms for efficient alert management and incident response. Furthermore, we handle policy configuration and hardening, ensuring effective security controls are in place. We actively maintain these policies, fine-tune them as needed, and adapt them to new features and updates, collaborating closely with clients throughout the process. In essence, we own and manage the security platform for our clients, providing them with comprehensive protection and peace of mind.

We use Microsoft Defender XDR to protect our endpoints, computers, mobile devices, and emails.

We use Microsoft Defender XDR for malware detection and browser protection. We have around 500 devices to protect. We use it to get reports for each of these devices.

I primarily use the solution as an engineer. I use the product to protect the endpoint and I use it to protect my customer's environment.

We're using it for our email filtering to check incoming emails and URLs. We're also using it for vulnerability management to see the status of our assets that are registered on the system. We also check it to see what kinds of threats and campaigns are currently being launched via emails.

My role is to monitor Microsoft 365 Defender. We investigate various alerts and incidents that occur there. We utilize the solution to block any malicious domains, URLs, or other harmful elements that could affect our environment. Microsoft 365 Defender is our tool of choice for this purpose, and it helps improve our secure score. We assess the available remediation options to determine if they are suitable for our enrollment. Additionally, we use it for email analysis and make use of all the features provided by Microsoft 365 Defender.

Microsoft 365 Defender works together with Exchange Online is my area of specialty. Microsoft 365 Defender incorporates a capability to identify potentially malicious emails or emails originating from suspicious senders.

I've mainly used the EDR component within 365 Defender, which is Microsoft Defender for Endpoint. It does a good job of bringing the whole attack story together, so you can see email activity, endpoint activity, cloud app activity, and some sort of sign-in activity as well relating to Azure AD, but I've mainly dealt with it from the EDR aspect.

My company mostly uses Microsoft Office products, so we use 365 Defender for our security. 365 Defender is deployed globally, and it works the same whether you are in Europe, China, or India. It currently covers around 4,000 people worldwide.

I've been using it for endpoints and for Microsoft 365, along with Microsoft Defender for Identity. I use it to create policies for anti-spam, anti-malware, anti-phishing, as well as safe links. I also use it for the security score, making sure that our company achieves a good security score across the organization.

I'm a Security and Compliance consultant providing 365 Defender as a security solution for my clients.

The main use case has been for threat hunting, not in the sense of actively looking for the threat, but in terms of analyzing the ongoing process within clients' machines. I was looking into what kind of changes happen when you install any new software and it asks for so many permissions. I wanted to analyze the criticality of the permissions being asked and so on. Usually, when we install any software, we just click next, next, and next. We don't look at the details. So, my role was to check how it behaves within a system. For that reason, I used Microsoft Defender. I used the query language to do advanced threat hunting. I ran different queries to collect the data. The data was then brought into Power BI. We had data coming from different channels. So, we used Power BI to collect it at a single point.

Almost every use case is about security layers for messaging in Teams and for email. It especially used for phishing filters, spam filters, and composite authentication, as well as Zero-day advanced protection, and for protection within already received emails. Clients are also looking for link protection in Teams and in SharePoint.

We mainly use this solution for security reasons. We use it for the complete stack of email security so we don't have to use a third-party tool, and we use the extended security features that are included in M365, like sandboxing. The solution is deployed on the Azure cloud. We're a cloud-only company, so we only deploy cloud workloads, but we also have customers with legacy systems. If we're not able to migrate them to Azure, Defender for the server can be deployed on-premise. The solution is deployed across Germany in four regions: Munich, Cologne, Bremen, and Hamburg. However, most people work from home. There are about 50 endpoint users, but we have customers with thousands of users. We focus on customers with a thousand seats or more. We use the entire M365 E5 license for everything that's going on in the M365 world. We try to accomplish everything we need with Microsoft products. It was very easy to integrate the solutions. We integrated them so we could have an overall good view of our assets. The installation was fully automated via Intune.

Microsoft 365 Defender is an extension of Windows Defender. Windows Defender is an AV that is integrated with Windows OS, and with this extension, you also get the EDR functionality for security purposes. Microsoft 365 Defender gets more access to the device and provides more insights and control over that. Apart from the Windows platform, it also includes other OSs, such as Linux and macOS. We do have multiple options for deployment. We did deploy it on the cloud. We got the on-cloud license, and we onboarded our devices to the portal. The portal is deployed on the Azure cloud.

We are a Microsoft partner and we have clients who are Microsoft 365 administrators in several companies. They are looking for ways to secure their tenants and make sure that their security is top-notch. That's where Microsoft Defender comes in. We use Microsoft 365 Defender for security and compliance to secure tenants from malicious attacks, including spam and phishing attacks. And when it comes to compliance, it is used for data privacy and data protection to ensure that very sensitive data doesn't go out to the wrong location.

Microsoft 365 Defender is one of the first layers to our security. It's our first layer security product, e.g. we use it, then we also use Exchange Online Protection for email, Safelink, etc. We always recommend these products to our customers, e.g. if the customer is using another third-party product. We are always recommending these compliance and security products, e.g. Microsoft 365 Defender, Cloud App Security, etc. We usually recommend cloud security because it connects all of these security and compliance products in one center to take logs and make them meaningful, plus you can also create alerts. We are also recommending it because of Microsoft Teams usage, especially because in Microsoft Teams, users sometimes do mass deletion, mass download, etc. We always say: "Let's connect your Cloud App security with your Azure Information Protection, with Microsoft 365 Defender and your Microsoft Teams, your Engula, etc. We find cloud security to be very useful.

We have many clients that have large companies in the south region of Mexico. They use the solution for security.

We use Microsoft 365 Defender to help secure threats of the Office package, such as Word, Excel, and PowerPoint. Additionally, it can fix issues.

We have very strong DLP policies. The product will inspect each and every outgoing email and what kind of attachments they have, including if any have business-sensitive information such as outgoing email going to some public domain such as Gmail or Yahoo. If the solution detects this, it'll raise an alarm and notify the required teams. On top of that, the incoming email will scan attachments for any potential malware tech or any phishing link.

I use the solution for security against system threats.

The primary use case for Defender is to control the endpoint systems at the user level. On the networking level, we use it to analyze spam and see if any antivirus services are required or if there's a ransomware attack. As of now, I am just using it for monitoring.

We use the solution to back up our data frequently.

We primarily use the solution as security for our endpoints. It covers everything.