Microsoft Defender for Endpoint Review
May 17, 2024
Microsoft Defender for Endpoint Review
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Defender for Endpoint
It monitors our endpoints for issues. Actually in the last week, we had a ransomware in 2019. We had some users open some files on their OneDrive that had been restored from our ransomware event in 2019. Defender for Endpoint found the files when they were accessed and yelled, "Hey, this is malicious." And actually since 2019 we've been trying to get to the root cause of what our Ransomware event was and we think we found the patient zero essentially with these files. We ran them through virus total and found attributes of them when they were run through virus Total Sandbox that very specifically referred to the university's original main phone number. So it had been a customized piece of malware with payload specifically for our university. This was all found by somebody touching the file on a computer that had Microsoft Defender for endpoint installed.
- When an end user opens a file or accesses a file I should say that has malicious content, it will quarantine the file. It will also let us know if an end user themselves has an issue now. So the whole Defender Suite has different parts. So some of these may be going over into Defender for identity and stuff. I'm not clear on which is which, but it's the whole ecosystem. I'll get an email letting me know that there's an issue and then we follow up. The email generally has a link in it to the actual event in the defender for endpoint or whatever console. And then we can start looking at the case, make sure the endpoint is quarantined. So it can't do anything. The only thing we can do is talk to it to do forensics or whatever so it's not totally isolated where we have to get somebody on the ground to go to the thing. We can still work on it remotely, but the end user can't do anything that would continue to cause lateral movement of the compromise or anything like that.
- As much as I've talked about loving this product, there are issues it seems like almost daily when we get into it. Something has changed or moved or the name of the overall system has changed. Microsoft needs to just stick and stay. I understand with development and their merging products and stuff, but it's really frustrating when things change daily, especially when we're doing an e-discovery investigation or DLP. It's almost an emergency situation and when you have to relearn how to do something in the system, it's very frustrating.
- It has made me feel more comfortable on a day-to-day basis that our institution is secure, especially having gone through a ransomware in 2019. If we had something like this in place in 2019, we would've stopped the situation before we ended up calling the cyber liability insurance carrier.
- Other
The most important factor was getting the complete suite of Microsoft products available in the A five licensing. And the most important factor was just our money went a lot further. One thing I guess I'm not sure it's in this question, but that I am a little unhappy with is now we're finding there are add-ons that are not part of it, especially as Microsoft moves into artificial intelligence, it's like, nope, that's not included.
I'm afraid that's a little bit too much in the weeds that I can't really speak to that.
I think about 1500 endpoints. The vast majority of them are Windows 10. We're going to be migrating to 11 soon. We've got about a hundred servers. We've got about six Linux servers. The rest of them are either 2016, 2019 servers and probably about 80 Mac systems.
Do you think Microsoft Defender for Endpoint delivers good value for the price?
Yes
Are you happy with Microsoft Defender for Endpoint's feature set?
Yes
Did Microsoft Defender for Endpoint live up to sales and marketing promises?
Yes
Did implementation of Microsoft Defender for Endpoint go as expected?
Yes
Would you buy Microsoft Defender for Endpoint again?
Yes