Good enough, if you've already paid for a license anyway.
Updated June 04, 2024
Good enough, if you've already paid for a license anyway.
Score 6 out of 10
Vetted Review
Overall Satisfaction with Microsoft Defender for Endpoint
All Windows endpoints need some kind of antivirus to survive in the wild and while we generally use alternative software and likely always will, on low importance systems that just need something for the sake of compliance, where a license is already paid and available as part of a Microsoft 365 package, it is viable.
- Meets compliance requirements.
- In my experience, 0 Day detection and remediation.
- In my opinion, configuration is convoluted. In my experience, it pretends to be more complicated and advanced than it is.
- In my opinion, No meaningful ROI.
- Other
It comes with various MS subscriptions, so no reason not to use it if you effectively have it free. In my opinion, I would never pay money for it though.
Using it for AV, we don't use its EDR directly as we use Huntress on all devices, which handles that aspect. It does occasionally notify us of know exploits automatically, but we have other means of monitoring that anyway.
We are only protecting about 40 devices with it, some Windows server, some desktop, all low priority systems, like trial devices, endpoints for testing and so on. We only use the licenses at all because they are included with other licenses we have.
Do you think Microsoft Defender for Endpoint delivers good value for the price?
Yes
Are you happy with Microsoft Defender for Endpoint's feature set?
Yes
Did Microsoft Defender for Endpoint live up to sales and marketing promises?
No
Did implementation of Microsoft Defender for Endpoint go as expected?
No
Would you buy Microsoft Defender for Endpoint again?
No
Microsoft Defender for Endpoint Feature Ratings
Using Microsoft Defender for Endpoint
10 - This question doesn't directly apply to our use case. We consider defender an adequate AV solution for servers that end users don't directly access. Thus there is still some AV protection, but no risk of end users carelessly trying to install malware. The servers service hundreds of users, but only our technical staff access them.
6 - We have a number of staff qualified to handle security matters, such as detections or false positives from Defender. But we've never had malware reach any of our backend servers before, so it's mostly irrelevant. In fact in the 20 year history of our business, we've only had one end user terminal server get a virus, and it had hourly snapshots anyway, so it was basically irrelevant.
- We only use Defender because we end up with lots of licenses included with other MS subscriptions, and only on devices that end users don't touch.
- It's light weight and integrates well with Huntress, which is a plus.
- Although we've literally never had a detection from it, we know it works in theory.
- We use better AV for user facing devices that are more likely to be infected, and Defender licenses that come with various MS subscriptions for backend or trial systems that users don't touch. Basically makes use of otherwise useless licenses.
- We have considered a Defender/Huntress stack for end user devices, maybe in the future. Currently our tests have shown it to be less effective than competing solutions.