We changed our name from IT Central Station: Here's why
Rupesh Singh
Technical Team Lead at Alepo
MSP
Effective firewall capabilities, regular antivirus updates, and it is preinstalled with Windows
Pros and Cons
  • "The most valuable features are the Windows Firewall and the regular virus definition updates. These features are very helpful and have helped to improve our security."
  • "This solution needs to move beyond relying on virus definitions alone and protect the system using behavioral analysis of the processes that are running."

What is our primary use case?

We use Microsoft Defender Antivirus for antivirus protection as part of our endpoint security solution. It protects our systems against attacks from any virus, malware, or trojan. 

How has it helped my organization?

We rely on this product for endpoint protection in our organization because we have not subscribed to any antivirus, apart from Microsoft Defender. It comes for free with our Windows subscription and it has improved the way our organization functions because there have been no virus attacks to date on our laptops.

It has not negatively affected our end-user experience.

What is most valuable?

This solution takes care of most of the infections that are found in the system, and it comes included with Windows. These are the two main advantages of using it.

The most valuable features are the Windows Firewall and the regular virus definition updates. These features are very helpful and have helped to improve our security.

What needs improvement?

Microsoft Defender protects the computer by using virus definitions that we download through regular updates but nowadays, cybersecurity attacks have become more intelligent. This solution needs to move beyond relying on virus definitions alone and protect the system using behavioral analysis of the processes that are running. These can be vulnerable points and if a process causes a glitch in the system, it should be quarantined. Moreover, enhancements of this type should not detract from system performance. There should be no slowdown on the laptop, for example.

For how long have I used the solution?

I have been using Microsoft Defender Antivirus since I started using Windows 7, more than eight years ago.

What do I think about the stability of the solution?

Stability-wise, it is good, and it performs very nicely.

What do I think about the scalability of the solution?

The scalability is fine. We had more than 300 devices that are being protected.

How are customer service and technical support?

I have never had an opportunity to speak with technical support because everything has always worked very smoothly. As we have experienced no issues at all, we never contacted support.

Which solution did I use previously and why did I switch?

Prior to using Microsoft Defender, we used McAfee and Avast Antivirus.

One of the main reasons that we switched away from McAfee is that it required purchasing a subscription. With Microsoft Defender, it is included with Windows. When we install the operating system, it is already there and we don't have to purchase an additional antivirus product.

For security, aside from a traditional antivirus, we have purchased the SentinelOne Endpoint Security solution. This product is more enhanced when compared to an antivirus product. It is modern and has better threat intelligence than other products. I don't know SentinelOne very well yet, as we have just purchased the subscription, but I know that the difference between products is not based on virus definitions.

SentinelOne has intelligence on the cloud and many other security features including the blocking of domain names, and the blocking of USB drives that users plug into their laptops. Although it has many more features than legacy antivirus software, I have no complaints about the performance of Microsoft Defender.

One of the reasons we are more heavily relying on endpoint security is that everybody is working from home and using the internet for work. This transition was made within the last two or three months. When people were working in the office, the firewall afforded them protection. However, as it is now, the endpoints are more vulnerable to attack. This is why we now rely more heavily on SentinelOne.

How was the initial setup?

Microsoft Defender comes preinstalled with the Windows operating system, so we do not have to deploy it separately.

What's my experience with pricing, setup cost, and licensing?

The subscription is part of Windows, so we don't have to pay anything extra for this product.

What other advice do I have?

This is definitely a product that I recommend people use because first of all, you do not have to pay anything extra to use it. The performance is very smooth and it protects your system, which is very much needed. All in all, I would say that this is a good antivirus solution.

I would rate Microsoft Defender Antivirus an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Technical Support Engineer at a tech services company with 51-200 employees
Real User
Top 20
Offers cloud protection and comes embedded with Windows, but isn't very robust
Pros and Cons
  • "The solution's main antivirus capabilities are okay. So far, they have kept us safe."
  • "The solution could use improvement on the interface."

What is our primary use case?

The solution is basically an antivirus and is used to protect users from a number of things. Mainly, the solution protects against cyber-attacks and defends a user from viruses so that files are protected. Of course, it will be very important to have a big antivirus in place so that companies are protected from big attacks. Windows Defender does not really do that.

What is most valuable?

The solution's main antivirus capabilities are okay. So far, they have kept us safe.

There is cloud protection as well, however, we don't utilize that very much.

What needs improvement?

The solution does not have deep protection. Sometimes you find that you have some virus attacks. Most times we're on the internet. As you search so many websites, chances are high you visit sites that are fraudulent. There could be cases like phishing, where software could be embedded in some websites or some other viruses could come into your PC under Windows Defender. The security is basically limited. It's not so strong, in my understanding. It could be more robust.

The solution could use improvement on the interface. Most different Defender software comes with a different graphical user interface and some tend to be a bit complex. They should work to make the interface more user-friendly for basic users. For myself, as an IT person, it's fine, however, for a layperson, the interface might be a bit confusing.

It would be nice if they would collect user ratings and feedback. It would help them find ways to better add features and add-ons in the future.

The dashboards always have room for improvement.

For how long have I used the solution?

We've been using the solution for over two years now. 

What do I think about the stability of the solution?

For the most part, free things are not as effective as licensing or something you purchase. That's why many times our clients ask for a licensed antivirus such as Kaspersky. Our clients do ask for licensed Kaspersky or BitDefender, or other antiviruses. Windows Defender, which is just a free version, is not as effective. It doesn't have deep support or deep protection.

What do I think about the scalability of the solution?

We have ten people in our office and everyone is currently using the solution. That's just in our Ugandan office. We have head office in India, for example, and they may use it there as well.

How are customer service and technical support?

I've never reached out to Microsoft's technical support. We haven't had issues that would require us to. I can't speak to their level of service.

Which solution did I use previously and why did I switch?

We have clients that also ask to license Kaspersky or BitDefender for added protection.

How was the initial setup?

The initial setup is not complex. We don't have a deployment or installation process, as the solution comes pre-installed with Windows. It's just the default software. It's part of their offering. We don't have to do anything separately.

What's my experience with pricing, setup cost, and licensing?

There isn't really a licensing process. The solution was pre-installed by default. It simply comes with Microsoft Windows.

What other advice do I have?

We are Microsoft resellers.

The solution is not on the cloud. Our office is small. We use independent computers. It's not in a structured network environment. We just use a small wireless network. As individuals, we are using it on small computers.

In my region, I would not necessarily recommend this solution. I'd still advise my clients to have other antiviruses unless I get to know that there is a licensed version of Windows Defender that Microsoft is selling and licensing. I still go ahead to advise my clients to buy other antiviruses, which are more effective. Kaspersky, for example, is a good option.

I would rate the solution at a six out of ten. There are other more robust antiviruses on the market that you can license.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
563,327 professionals have used our research since 2012.
AJITH H G
Modern Workspace Solution (Technical Specialist - Managing Consultant) at GFI India
Consultant
Centralized device management, advanced threat detection, and it's cost-effective
Pros and Cons
  • "We apply the DLP policies across a range of endpoints and it is very accurate when reporting vulnerabilities, including those in email attachments."
  • "It would be helpful if they included XDR features, on top of the EDR functionality."

What is our primary use case?

We are using this product as part of our EDR solution, and we use it in conjunction with CrowdStrike. We are a solution provider and this is one of the products that we deploy for our clients.

How has it helped my organization?

This product has features that improve our security posture including good vulnerability detection, maintaining endpoint devices, and unified management. The management feature allows us to manage all of our devices from a single location.

The advanced techniques used by Microsoft Defender are improving our user experience. Our users used to complain that they didn't need certain features, but this was because the legacy antivirus and other EDR solutions were hampering their usage. Nowadays, vulnerability detection is very effective and they are comfortable with the security, as well as the administration, giving them a better overall experience.

What is most valuable?

The most valuable feature is threat detection. We have been notified of viruses and threats of problems such as ransomware attacks.

The Cloud App Security features are useful.

We apply the DLP policies across a range of endpoints and it is very accurate when reporting vulnerabilities, including those in email attachments.

Microsoft Defender integrates well with Office 365.

Especially these days, with the COVID situation, this product helps us to better reach our users and solve problems. For example, we no longer need to ask them to bring in their laptop to check for and address issues. We can apply policy, automatically define rules, and remedy problems using the central management features. 

What needs improvement?

It would be helpful if they included XDR features, on top of the EDR functionality. It would improve the capabilities, as XDR solutions are doing better.

For how long have I used the solution?

I have been working with Microsoft Defender for Endpoint for almost a year, with the E5 licenses.

What do I think about the stability of the solution?

Stability-wise, it is responsive and I don't see any drawbacks. They have additional features that make it a little more robust.

What do I think about the scalability of the solution?

Scalability-wise, considering the integration that they have, it's good. For example, it can be integrated with Azure Sentinel. We have two or three people who work with managing and deploying this product.

We deploy across Qatar and currently have about 68,000 endpoints protected with Defender. Our usage will increase based on the number of clients we have that buy the product. Ultimately, it depends on the licensing model.

Which solution did I use previously and why did I switch?

Prior to working with Microsoft Defender, we used CrowdStrike and SentinelOne. We switched because these other products are standalone, and require that we install and maintain them manually. Microsoft Defender is unified and comes as part of Microsoft 365, which makes it easier to set up and manage.

The advantage that these other products have is the XDR features.

How was the initial setup?

The initial setup is straightforward. We deploy this product using Microsoft Intune, which is very helpful. It took us one month to deploy approximately 5,000 users. We had a specific plan that we followed for the implementation. 

What about the implementation team?

I completed the deployment.

What's my experience with pricing, setup cost, and licensing?

This product offers cost-effective threat protection, which integrates with Office 365 and has unified endpoint management features.

We currently use the enterprise-level, E5 licensing scheme. It is a complete bundle that includes the Microsoft 365 products, the Zero Trust solution, and Microsoft Defender.

The E5 license is the one that I recommend because it comes with Cloud App Security, which is a good thing to have on top of Microsoft Defender. It means that you can monitor any threats, sign-in attempts, and other resources whether on the cloud or on-premises.

What other advice do I have?

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Delivery Practice Director at a computer software company with 201-500 employees
MSP
Top 5Leaderboard
A stable and scalable enterprise endpoint security platform that's easy to set up and deploy
Pros and Cons
  • "I like that it's easy to deploy because it already comes with Windows 10. Overall, it has all the features that we need. Easy to deploy, comes with updates, and comes with Windows updates. You don't have to really manage or update the signature."
  • "Integration with third-party vendors could be better. It would be better if it integrates with other protection solutions or other products outside of Microsoft. Nowadays, anti-virus protection doesn't really have to be planned as overall protection for your environment in terms of security. There are really different avenues that bad actors can take to wreak havoc on your machine."

What is our primary use case?

We use it to protect computers or endpoints from any malicious software, malware, and other viruses. You have to use this one as part of your overall protection plan.

How has it helped my organization?

The deployment of Microsoft Defender for Endpoint is a no-brainer when it comes to Windows. When you provision a new laptop for your environment, it comes with it. We use Intune to be seen on the cloud for centralized management. There's actually a console where you can go in and manage it properly, and we use Intune to deliver the onboarding.

What is most valuable?

I like that it's easy to deploy because it already comes with Windows 10. Overall, it has all the features that we need. Easy to deploy, comes with updates, and comes with Windows updates. You don't have to really manage or update the signature.

What needs improvement?

Integration with third-party vendors could be better. It would be better if it integrates with other protection solutions or other products outside of Microsoft. Nowadays, anti-virus protection doesn't really have to be planned as overall protection for your environment in terms of security. There are really different avenues that bad actors can take to wreak havoc on your machine. 

We don't just use anti-virus. That's really like a traditional way of doing it. We have different kinds of protections. We have our advanced threat protection for email, and we have advanced threats analytics for domain controllers for servers. We use all those. 

For how long have I used the solution?

I have been using Microsoft Defender for Endpoint for three or four years.

What do I think about the stability of the solution?

It's very reliable and very dependable. I don't see any issues with it. In fact, it's the best product I have used because it's integrated with Windows 10. It doesn't eat up resources while running like other products. It's a really well-thought product.

What do I think about the scalability of the solution?

It can scale as much as you want. It installs a very low footprint on your laptop, but the management is cloud-based.

How are customer service and technical support?

Technical support is average. We call technical support very rarely for this particular product, but it's actually hit or miss with Microsoft. Sometimes you get a good person on the other line. Sometimes you get someone that's slow in providing support.

Which solution did I use previously and why did I switch?

I've used many products in the past, and I liked this one because I can't really find that many issues with it. I used McAfee, Symantec, CrowdStrike, and different anti-malware and anti-virus programs, but this seems to be good.

We switched because we're Microsoft partners, and we're actually kind of biased about it. We also implement other products because some of our clients use them. It's very hard to convince them to go with another product. Sometimes because of the existing subscriptions, they are unable to make the switch.

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?

We are a Microsoft partner and consultants. We implement these solutions.

What's my experience with pricing, setup cost, and licensing?

Microsoft Defender for Endpoint comes with Windows 10, and it's free. But for you to be able to manage it in the cloud and use the console, you need to have either an Office 365 E5 subscription or a Microsoft M365 subscription. You need to buy an extra license.

What other advice do I have?

If you're looking for anti-virus software, use the one that comes with Windows 10, and save your money.

On a scale from one to ten, I would give Microsoft Defender for Endpoint a ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Cloud Consultant at Brio Technologies Private Limited
Real User
Good with vulnerability assessment and integrates well with Office 365 and Azure
Pros and Cons
  • "Provides good vulnerability assessment."
  • "The GUI is very complex and could be more user friendly."

What is our primary use case?

This is an endpoint security product. It helps detect and prevent attacks and is very good when it comes to vulnerability assessment. It automatically detects attacks. It provides support for all the end devices, whether it is a Mac OS, Windows, mobiles, Android and iOS, it has support for all. I mostly deal with smaller and medium sized companies, I don't deal much with enterprises. I'm a customer of Microsoft and I work as a solution architect.

What is most valuable?

The product is very good when it comes to vulnerability assessment. It's a Microsoft flagship product and it integrates with Office 365. If my customers are using Office 365 or Azure or a Windows server, it helps to use Defender. Other products like Symantec or McAfee don't have that kind of integration with Microsoft products. In terms of identifying the attacks, it's far superior to Symantec. 

What needs improvement?

The GUI is very complex, particularly for normal users who work on it. It could be more user friendly. For future improvements, I'd be looking at internet security which we don't have as Microsoft does not distinguish whether a site is malicious or not. Kaspersky is very good at that but not Microsoft. It would be a big advantage for them if they were to include it. 

For how long have I used the solution?

I've been using this solution for seven months. 

What do I think about the stability of the solution?

It's a stable product. Microsoft only recently entered this market and nobody believed that Microsoft antivirus would be good. They are now trying to prove everyone wrong in that sense by having a good security product. 

What do I think about the scalability of the solution?

Scaling in or out is very easy. Scalability is really about licensing so you just have to request a registration license.

How are customer service and technical support?

Ninety-nine percent of the time, I'm able to solve the problem. I do not have access to Microsoft support so if I go to their open support page and try to login a request, it takes up to 24 hours for the support agent to get back to me. It's pretty average. If you have the premium support or if you're a support partner of Microsoft, they respond back in one or two hours, something like that.

Which solution did I use previously and why did I switch?

I tested the difference between Symantec and Defender by taking a malware from the internet and downloading it. Symantec allowed me to do it, even though it shouldn't have, but Defender, gave me notification and wouldn't allow me to do it. That said, Symantec is a very stable product that's been on the market for a long time. They have more expertise in endpoint protection than Microsoft. Symantec is not a cost-effective product for most customers. It's integrated with third party companies and is good in protecting endpoint. Because my customer base is companies that use Office 365 and Microsoft Azure so Microsoft integration with these products is very good.

How was the initial setup?

The initial setup is very simple, you just have to attach it to the user's email address. Once the user logs in, it automatically downloads and starts working. I do the implementation.  In terms of maintenance, sometimes my engagement with the client is one time but sometimes, I do maintenance as well. This is a subscription-based, cloud-based product. They have to call me every year to renew. 

What other advice do I have?

I would suggest that if you're already using Microsoft products, then I think it makes sense to go with Microsoft Defender over any other product.

I would rate this solution an eight out of 10. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Delivery Practice Director at a computer software company with 201-500 employees
MSP
Top 5Leaderboard
Easy to manage, updated frequently, and comes included with Windows
Pros and Cons
  • "The patch management is very easy, as it can be done automatically or added to a schedule."
  • "I would like to see better integration with their other security products to give better visibility from a higher level."

What is our primary use case?

We are a consulting company and we use this product for endpoint protection across the company, as well as for our clients.

How has it helped my organization?

Windows Defender makes it easy to streamline the updates so we don't really worry about managing it.

What is most valuable?

The patch management is very easy, as it can be done automatically or added to a schedule. This will update all of the virus signatures.

We have a hook from our on-premises application to the cloud services for advanced threat protection, so the management is in the cloud. Centralized management allows us to schedule malware scans.

When you hook it up to the cloud's advanced threat protection, it gives you more than protection from ransomware. It covers different types of malware and allows you to see what malicious software is being executed on the machine.

The product allows you to manage your machine through it, similarly to the way SCCM does.

What needs improvement?

I would like to see better integration with their other security products to give better visibility from a higher level. Integrating with email, Azure, identity management, and other security applications, putting them all together, would be very good.

The first level of technical support is not very useful and it sometimes takes time to escalate to somebody more knowledgeable.

For how long have I used the solution?

We have been using Microsoft Windows Defender for years.

What do I think about the stability of the solution?

This product is pretty stable.

What do I think about the scalability of the solution?

We have had no issues with scalability. We deploy it anywhere from a small environment with a hundred users, to a large environment with 15,000 to 20,000 endpoints. The majority of our clients are small to medium-sized, with 3,000 to 4,000 users in the mid-range.

How are customer service and technical support?

I would rate Microsoft's technical support an eight out of ten. At the first level, the support is very limited. You have to escalate it to the more senior team to get good value.

Which solution did I use previously and why did I switch?

Some of our clients have used different products from vendors such as Symantec and McAfee, and they were not happy with them. We steered them towards Windows Defender and they switched because of the ATP hook to the cloud.

With other products, you have a management console, so you have to push the signature updates. We still do that now, but it's all in the cloud.

Both Symantec and McAfee come at an additional charge because they are not included in the operating system.

How was the initial setup?

The initial setup is very straightforward.

What's my experience with pricing, setup cost, and licensing?

We are using the version that is included with Windows 10. If you don't purchase the advanced threat protection then there is no additional charge.

What other advice do I have?

My advice for anybody who is implementing Windows Defender is to purchase the ATP, which is in addition to the version that comes with Windows 10. This will allow you to really get the benefits and manage your organization's endpoints as a whole. This requires a presence in the Microsoft environment, such as a subscription to Office 365 or Azure.

I think that people should explore Windows Defender before looking at third-party products. While they are not a pioneer in anti-malware and anti-virus software, they are attacking it and they have a good budget. The advanced threat protection has a large cloud presence in Azure that we can take advantage of, and they update their product frequently. As soon as there is a new threat, they act on it right away.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head Of Information Technology at a financial services firm with 1,001-5,000 employees
Real User
Top 5
Integrates well with Microsoft applications and endpoints and has a good antivirus
Pros and Cons
  • "The solution integrates very well with Windows applications and Microsoft endpoint products."
  • "The pricing could be a bit better."

What is our primary use case?

We primarily use the solution for MDM, MAM, and Find Point.

What we did is we replaced our antivirus with Microsoft Defender. There are three products that we implemented, including the Endpoint Defender, which is deployed to all of our end points.

What is most valuable?

The antivirus and their Office Defender are pretty good, although we are still processing that. It seems to be really great at protecting office documents.

The solution integrates very well with Windows applications and Microsoft endpoint products.

The product doesn't take up too many resources. You don't have to install it in different areas. It's very easy to implement and use.

What needs improvement?

As I've only used the product for three months, I haven't really had time to explore the entire solution. However, I haven't found anything that is lacking just yet. Currently, we're actually behind on the current feature offerings and need to explore the system quite a bit more. It fits our needs so far.

The pricing could be a bit better.

For how long have I used the solution?

I've been using the solution for three months.

What do I think about the stability of the solution?

The solution is quite stable. It goes well with Windows applications. We haven't had any issues with it so far. It doesn't crash or freeze or glitch. However, we haven't tried the app just yet. 

What do I think about the scalability of the solution?

The solution is quite scalable. We've found it to be very easy to expand as needed. If a company needs to scale the solution, they can do so.

Currently, we have 151 people using the solution in our organization. We do plan to continue usage.

How are customer service and technical support?

I personally haven't had any experience with technical support just yet. Only my colleagues have spoken with them. Therefore, I can't speak to their level of knowledge or responsiveness.

Which solution did I use previously and why did I switch?

We were using a different product previously, however, I can't recall the name of it at this time. It might have been number three on the market in 2019. I can't recall precisely.

How was the initial setup?

The initial setup was not complex at all. There was really not much that we had to do due to the fact that we have Intune. Therefore, it was very easy to deploy.

It did not take long to deploy. We did it directly on the control panel, then the rest deployed to the other machines. What took longer was onboarding all the machines to Intune. Once they were there, they were all protected.

We have a partner that handles the maintenance for us. We have two technicians handling that aspect of the product.

What about the implementation team?

We had a partner that helped us with the deployment.

What's my experience with pricing, setup cost, and licensing?

The product pricing is definitely in the same range as other products. It's therefore not too expensive, however, it's also not too cheap. It could be better, however, it's Microsoft and they can pretty much set their pricing how they like.

What other advice do I have?

We're just a customer and an end-user. We don't have a business relationship with Microsoft.

We're using the latest version of the solution.

I would recommend this product to other organizations. In fact, I already have.

Currently, I'd rate it an eight out of ten. That's with the knowledge gap I have, as a user that just started working with the solution recently.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Korede Olatunji
Application Manager at Huntington Bancshares Incorporated
Real User
Top 5
Good alert chaining and tool compatibility for endpoints with helpful heuristic capabilities
Pros and Cons
  • "We are able to productively integrate with existing on-prem, hybrid, or cloud applications."
  • "Features like device inventory continue to lack essential workstation drill-downs showing the entire device information with the least effort."

What is our primary use case?

We primarily used the solution as Endpoint Detection and protection (EDR, EPP) with secondary benefits of threats and vulnerability management, security incident response, automated query and real-time device monitoring, and with the capability of email security, identity management (DFI), and task automation (Power automate). We used respective licenses where required.

The solution was also used for an endpoint antivirus for workstations in a multi-OS environment, including Windows and Mac OS. We had file, device, and user trajectory monitoring for the security operations team.

How has it helped my organization?

The solution benefited the company via:

  • OS-level/Tool compatibility for endpoints running Windows (since both are Microsoft products and Defender core files are included in Win10 or later delivery).
  • Heuristic capability. Consistent usage of MDE indicates that the tools are continuously learning new prevention techniques by pulling real-time up-to-date cloud resources.
  • Alert chaining. The solution makes security Incidents, events, and alerts less tedious from a Security Operation Center standpoint. This can result in false negatives or detriment for small to medium-scale firms running no or semi-automated threat response features.

What is most valuable?

The most valuable aspects of the solution include:

  • Advanced hunting. The product offers flexibility, visibility, and automation capability using a user-friendly query language (KQL).
  • Reporting. Clear and concisely plotted graphics show real-time data representation - which is valuable to upper management.
  • Scalability/API. We are able to productively integrate with existing on-prem, hybrid, or cloud applications. 
  • Great OOB features. The solution comes with SIEM-ingestion-ready features for extensive visibility, automation, and integration, including advanced hunting, threats and vulnerability management, embedded simulation for end-to-end testing, ransomware prevention (Controlled Folder Access), and Attack Surface Reduction (ASR) rules.

What needs improvement?

Improvements could be made via:

  • Clicks. There's a poor user experience with lots of optimizable opportunities of user interface particularly on the newly improved portal (https://security.microsoft.com/). Features like device inventory continue to lack essential workstation drill-downs showing the entire device information with the least effort.
  • De-centralized console features. Discrepancies with enabling core features at the click of a button within the MDE portal is mostly due to prerequisites that are tied to the functionality or partial enforcement requirements from other Microsoft tools (Group policy, Azure, Sentinel, SCCM, Intune). EDR in block mode requires Intune security baselines and tamper protection requires MAPS enabled. Web content filtering also has security baseline dependencies
  • No single pane of glass. There are too many loose ends with tiny bits and pieces to enforce essential security policies compared to other EDR solutions within the same caliber. A typical example is having to create exclusions in different locations for entirely different functionalities, such as: automation folder exclusion, group policy exclusions (per tenant), Controlled Folder Access (ASR) Allowed application, and Attack Surface Reduction (ASR).
  • Service Requests. Noncritical cases with MDE technical support teams tend to be queued for over a week before the first customer engagement. Most of these tickets also end up in the hands of temporary or contracted non-Microsoft employees who are scripted and offer little attention to unique incidents.

Suggested additional features that should be included in the next release include:

  • Digestible interface/filter for crown-jewel capabilities like ASR, CFA and Exploit mitigation occurrences.
  • Restoration of an always visible search bar from the previous console view (https://securitycenter.windows.com).
  • A definitive action plan for Secure Score recommendations and deduplicate of controls.

For how long have I used the solution?

We were using Microsoft Defender for Endpoint prior to its change of name from Defender ATP. We experienced a plethora of GA changes including, but not limited to, IOS/multiple OS support, device discovery, web content filtering, API updates, and continuous integrations with existing security tools.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.