2021-02-26T19:10:55Z

What needs improvement with Microsoft 365 Defender?

Miriam Tover - PeerSpot reviewer
  • 0
  • 9
PeerSpot user
35

35 Answers

Dinesh Jaisankar - PeerSpot reviewer
Real User
Top 10
2024-02-19T14:04:00Z
Feb 19, 2024

While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience. To address this limitation, integrating MDR as part of the XDR experience and incorporating the latest advancements into Microsoft Defender XDR are crucial steps.

Search for a product comparison
EA
Real User
Top 20
2024-02-13T13:17:00Z
Feb 13, 2024

There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again.

Mustafa Al-Shawwa - PeerSpot reviewer
Real User
Top 20
2024-02-13T11:33:00Z
Feb 13, 2024

The design of the user interface could use some work. Sometimes it's hard to find the exact information you need.

DM
Reseller
Top 20
2024-02-13T08:59:00Z
Feb 13, 2024

The console is missing some features that would be helpful for a managed services provider, like device and user management.

MY
Real User
Top 5
2023-12-27T10:54:00Z
Dec 27, 2023

The mobile app support for Android and iOS is difficult and needs improvement.

IlanHamoy - PeerSpot reviewer
Real User
Top 20
2023-12-04T15:53:00Z
Dec 4, 2023

One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions. It's unclear who makes these decisions, but simplicity would be a highly welcome change. A great way to achieve this simplicity would be to have built-in wizards within the products to help users accomplish tasks. This would eliminate the need to guess where to find the necessary options to enable or disable features. The features I would like to see added to Defender are improved web filtering capabilities and a WAF service. However, I may be mistaken, and Microsoft may already offer a similar solution. I understand that our finance department rejected most of the Defender for Azure services due to their cost, but I lack the information to judge their expense myself. I believe that, as with the Azure environment itself, which was initially considered expensive but became increasingly popular over time, the Defender for Azure solution will also gain traction if its price becomes slightly more competitive.

Learn what your peers think about Microsoft Defender XDR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
AM
Real User
Top 20
2023-12-04T11:53:00Z
Dec 4, 2023

Advanced attacks could use an improvement.

Dan Penning - PeerSpot reviewer
Real User
Top 10
2023-11-28T11:19:00Z
Nov 28, 2023

The solution does not offer a unified response and standard data.

NK
Real User
Top 20
2023-11-28T10:49:00Z
Nov 28, 2023

It doesn't work in Word, Excel, and PowerPoint consistently. We find it full of bugs. It doesn't work properly. The tool gives inconsistent answers and crashes a lot. I spoke with the Microsoft team regarding these issues. The person I spoke to said that our expectation was too high and that we should have expected that it would only operate at 70% accuracy, which was a bit of a shock.

MM
Real User
Top 20
2023-11-28T09:44:00Z
Nov 28, 2023

The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year. Once you've onboarded your servers to Defender, they're housed on Azure. When those things are brought into the 365 Defender portal, I can see clearly that some of those are Azure resources. There is a subscription and the resource group. That data doesn't exist in the tables. We don't want to run automated remediation against our domain controllers, but you can't exclude those using Azure resource tags. You can't tell it to exclude assets from this resource group. That data doesn't exist inside the tables you use to build your thresholds or custom protections. I could see where they could improve the data they present to you in the tables. I assume that it will come with time. There's so much happening. Every time I open the portal, there's a new feature.

Michael Wurz - PeerSpot reviewer
Reseller
Top 10
2023-11-22T20:23:00Z
Nov 22, 2023

Overall, the unified dashboard is a great step forward. However, for new users unfamiliar with Microsoft and these products, it can be overwhelming. The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense. While it's great for our technical teams and C-Suite to have access to a centralized risk dashboard, it needs to be simplified for less tech-savvy users. The numerous dashboards and interfaces, despite being unified, can be daunting for new users. Ideally, Microsoft could streamline the interface and consolidate information to improve accessibility. When incidents occur, the action center for response actions can be unclear, especially for users unfamiliar with the platform. It can be difficult to find out where, when, and how remediation actions took place. A more intuitive and transparent action center would be helpful.

IP
Real User
Top 5
2023-11-20T13:31:00Z
Nov 20, 2023

Microsoft Defender XDR is not a full-fledged EDR or XDR. Any true XDR should be more powerful than what Microsoft is currently providing. For some public-facing companies, computers, and endpoint computers, we need additional security from CrowdStrike or other third-party XDR. Microsoft Defender XDR does not stop 100 percent of the lateral movement or advanced attacks. Our machines use both Microsoft Defender XDR and Crowdstrike and we have had instances where attacks were missed by Microsoft Defender XDR but caught by Crowdstrike.

Eusebiu Ciorobatca - PeerSpot reviewer
Real User
Top 10
2023-11-09T15:51:00Z
Nov 9, 2023

We should be able to use the product on devices like Apple, Linux, etc.

Yusuf Buhari - PeerSpot reviewer
Real User
Top 20
2023-08-14T17:51:00Z
Aug 14, 2023

The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging. We're working on the onboarding and configuration policies. We're collecting feedback from customers and partners in hopes of refining the future design for deployment.

Benjamin Van Der Westhuyzen - PeerSpot reviewer
Reseller
Top 10
2023-07-28T08:41:00Z
Jul 28, 2023

In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things. The information it provides is great, but for a newcomer, it is quite tedious and takes a long time to load. Here in South Africa, when you click, oftentimes you have to wait quite some time before you get to the next page. It's not necessarily internet-related. I think it's just that the service is a bit slow. Also, while the solution does help to prioritize threats, unfortunately, it doesn't do so for the entire environment. The reason is that it only supports full integration from Windows 10 and up. It provides you certain information from your server environment, but when you start going with legacy services, it is a bit lacking. Another issue that is sometimes a headache is that they constantly make changes. Things will be merged, they will get different names, or be moved around. Things will be added and other things go somewhere else. They do a lot of development to make the product better, but it's very frustrating having to search for stuff after they've moved it, because you don't always know that they have moved things. They might have little banners, but if you're just working and don't read them, you don't know where things have gone. I would also really like to see better integration with the server platforms for managing your server environment. That's something it currently doesn't do. For all the server environments, you either need to make use of group policies or SCCM to manage that independently. It can provide you information on the system, but it doesn't have control over your server line. Also, I make use of 365 Defender on a business level and on a personal level. On the personal level, there is a lot less functionality. Something that would be very nice is that, for the level you are on, you would only see the product you are subscribed to. For instance, if you log on via the business, you have all your action areas, anything you can do and see, on the left. Because you're using it at a corporate level, you can see and do everything. On the personal level, or in a small business where you're only using some of the features, you still have all the same options, but when you click on them, it tells you that you need to upgrade or subscribe. They should only show you what you have access to, and not all the tabs and then say, "You need to subscribe to get access to this." It just clutters the whole area.

NY
Real User
Top 20
2023-07-26T10:42:00Z
Jul 26, 2023

There is a section titled 'Action and Submission.' When we submit any kind of share value for evaluation to Microsoft, they take a significant amount of time for the process. When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments. Nevertheless, there are instances where options to disable macros and various configurations appear, even though they shouldn't be present.

DO
Real User
Top 20
2023-05-17T15:09:00Z
May 17, 2023

It is fair to acknowledge that Microsoft 365 Defender, like any software product, is not without its imperfections. There are instances where it may incorrectly flag legitimate emails from trusted senders as spam or exhibit inadequate performance in accurately classifying certain emails. Aside from that, it's a pretty good solution, and that is for the emails. However, the main point I want to convey is that for someone who is new to it, using Microsoft 365 Defender will demand a significant amount of effort and a willingness to learn about the product in order to maximize its benefits. It deals with technical aspects and encompasses a broad range of features beyond just the mentioned warranty, such as online exchanges. To effectively utilize Microsoft 365 Defender, it is important to have a thorough understanding of its functionalities. It may be too complex for beginners to grasp. In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals. Breaking it down into smaller components or enhancing its comprehensibility for end users would serve as a valuable advantage. In fact, it would not only impress others but also motivate them to understand the significance of utilizing I Defender in their specific situations. At the moment, I have limited knowledge about TripAdvisor and its offerings, so I'm unable to provide comprehensive information. However, based on my current understanding, I believe it would greatly benefit from being more user-friendly and simplifying its features. This would enable users to easily navigate the platform and maximize their experience with it.

PD
Real User
Top 20
2023-05-17T11:22:00Z
May 17, 2023

For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details. One other limitation is with cloud-based events. Sometimes, you don't get enough details in the alert. You have to go to other portals to then complete the story or do your own research, ask the user, etc. The other one is that with Defender for Endpoint, the attack story is quite good in terms of queries and things like that, but sometimes, multiple events for the same thing are captured, and it's not summarized in a good way. You have to open each entry to see what that partial syntax is. It'll be good if it said that this specific partial syntax was seen fifteen times, and maybe it's something to pay attention to. They could also do some sort of pattern matching. There could be some sort of pattern matching where it says that this is the attack trying to do some enumeration or reconnaissance activities.

Mikael Nordby - PeerSpot reviewer
Real User
Top 5
2023-05-17T09:30:00Z
May 17, 2023

In the Microsoft Azure Portal, in Active Directory, if there is anything on the user it will provide you with the information, but you still have to go through it a bit. And sometimes, I have experienced difficulties in understanding the information, especially because the synchronization between Microsoft Intune and the devices that are connected to the user in Azure Active Directory takes a lot of time. In addition, device compliance policies can take a day to be deployed. There are some delays and that can cause some misunderstandings, although they are not huge if you have experience working on Microsoft products.

BS
Real User
Top 20
2023-05-17T09:28:00Z
May 17, 2023

365 Defender's attack surface reduction rules could be more customizable. Microsoft has its own pre-defined rules that can be adapted to every organization, but Defender should support the ability to create custom rules from scratch. Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation. Automated remediation can be improved. I'm currently creating a remediation structure there and pushing it to my vendor, but the vendor should have their own way of resolving things. It only alerts you that something is happening. The security administrator needs to take action because Defender's automated capabilities aren't up to par.

Axel Viloria - PeerSpot reviewer
Real User
Top 20
2023-04-16T15:49:00Z
Apr 16, 2023

Intrusion detection and prevention would be great to have with 365 Defender.

AkashGupta2 - PeerSpot reviewer
Reseller
Top 10
2023-03-24T20:13:00Z
Mar 24, 2023

365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot.

MP
Real User
Top 20
2022-11-15T23:00:00Z
Nov 15, 2022

The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete. They should refresh all their articles and see that the steps and figures aren't missing. They can also provide more documentation.

Lukasz Rutkowski - PeerSpot reviewer
Real User
Top 10
2022-10-26T20:22:00Z
Oct 26, 2022

There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use. Right now, I need to spend a lot of time using Defender to check the possibilities and how to connect them together to see things better. If I could read a more detailed article about it and see some use cases and how some threats are remediated, that would be great. Maybe I'm not looking deep enough or maybe there is some room for them to improve in this area. And I would really like to see new features.

Florian Stamer - PeerSpot reviewer
Real User
Top 10
2022-09-13T22:50:00Z
Sep 13, 2022

I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses. I would also like a more aesthetically pleasing dashboard. For German customers, it's important that the solution is in German. Multi-language support should be in all the features if possible. In many projects, we want to use digital signatures on emails. It would be perfect to have better integration of digital signing in a standard way. In the last few months, the dashboard changed very often. When they restructure it, it's a little bit painful. Otherwise, the technology is very helpful. The visibility into threats could be better. For the last six months, getting information from the access points has been difficult. However, the newest version fits very well. It's easy if you've found the right spot to view what's happening. For legacy organizations or legacy customers, I would say it's possible to save time, but time-saving isn't always the best with security because it needs to be deployed and managed. It can be installed quickly, but it takes time to check out false positives, have everything in place, and train each end user.

HB
Real User
Top 10
2022-08-23T07:23:00Z
Aug 23, 2022

The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there.

Tochukwu Josiah Okafor - PeerSpot reviewer
Real User
Top 10
2022-07-28T15:30:00Z
Jul 28, 2022

When changes are done within either the admin or security and compliance portals, there should be a real-time update to administrators about the changes. Many times I'm supporting a case where someone says, "I used to do this like this, but I'm unable to do it that way anymore. What happened?" And I will have to say, "Oh, sorry. That doesn't work like that anymore. It's now done this way." So there should be a way to notify people about changes like that, and prompt information when changes are done within a portal. I would also like to see regular updates about new features in the Knowledge Base. There are cases where I'm using a Knowledge Base article to try to educate a customer, but when I check the feature on the admin portal, and in the article, they don't look alike. For instance, it's saying, "Go to settings. From settings, go to options." Meanwhile, on the portal itself, I'm seeing "Settings, go to more settings, then go to options." It would help a whole lot if feature updates were updated in real-time in the documentation. Also, the message trace feature for investigating mail flow issues should add more detailed information to the summary report. The summary report is what the administrators are able to understand. The extended reports are a very deep dive and the administrators will only understand them if they reach out to support engineers. But if they could extend the summary report a little bit, and make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and prevent it from occurring again. Making that summary report more extensive and detailed would be of great help.

Hande Tarhan - PeerSpot reviewer
Consultant
Top 10
2022-03-31T19:16:55Z
Mar 31, 2022

What could be improved in Microsoft 365 Defender is its licensing. It needs to be more consolidated, because there are so many plans for Microsoft 365 Defender, and every other year, there will be new licensing options, e.g. plan one, plan two, etc., that become more and more different from each other. The most valuable product would be the most expensive product, and customers usually say: "We really need the last version, but that's really expensive for us, because we are in Turkey and the currency is very, very high now." Three years ago, this wasn't a problem, because $1 was three or four Turkish liras, but now it's 15. In the licensing options, it would also be better if there can be some optimizations, similar to what Power BI Pro offers. There are two options in Power BI: user-based and capacity-based. It would be good if there can be another option for one consolidated product for the whole company with a higher price, but you cannot depend on user count. What I'd like to see in the next release of Microsoft 365 Defender is for them to provide more details in the alerts and notifications they send out.

WG
Real User
2022-02-23T12:58:37Z
Feb 23, 2022

The user interface of Microsoft 365 Defender could improve. They could make it simpler.

NP
Real User
2021-11-17T18:11:00Z
Nov 17, 2021

These days, in the security industry, there is a buzzword called zero trust. I personally have not seen much evidence of how Defender can enhance the story of Zero Trust for enterprises. Microsoft needs to offer more features here or spread awareness in the industry and the market about how Defender addresses Zero Trust issues.

DS
Consultant
2021-11-15T19:38:57Z
Nov 15, 2021

Microsoft 365 Defender offers emerging endpoint security technologies, such as EDR and XDR and Zero trust approach

PD
Real User
2021-08-17T15:34:57Z
Aug 17, 2021

The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better.

GV
Real User
2021-04-08T21:04:51Z
Apr 8, 2021

The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things.

Ramprasad Yalavarthi - PeerSpot reviewer
Real User
Top 10
2021-03-15T17:58:21Z
Mar 15, 2021

The data recovery and backup could be improved.

PT
Reseller
2021-02-26T19:10:55Z
Feb 26, 2021

It would be helpful if the solution could scan faster when it comes to scanning attachments to emails.

Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment.  It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks.  Users have found it effective in detecting and preventing various types of attacks, such as...
Download Microsoft Defender XDR ReportRead more