Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.
$2.50
per user/per month
Microsoft Purview Data Loss Prevention
Score 7.8 out of 10
N/A
Microsoft Purview Data Loss Prevention is used to provide intelligent detection and control of sensitive information across Office 365, OneDrive, SharePoint, Microsoft Teams, and on the endpoint. It also helps prevent data loss through identifying and preventing risky or inappropriate sharing, transfer, or use of sensitive data on endpoints, apps, and services.
I can definitely tell you where it’s more suited, because we haven’t come across any less appropriate scenarios. But definitely in regard to how we centrally manage our user space and our endpoints, it’s been beneficial from an API perspective and is really transferable, with strong collaboration with our Azure stack. It works very well.
It's definitely best for customers. If your main collaboration tools are hosted on Microsoft 365, and your company uses M365, this is a no-brainer. So this integrates pretty nicely with all Microsoft applications. So it becomes a no-brainer to go with this. Less appropriate would be like if you already are using another solution to do classification, I would still stick to Microsoft Purview Data Loss Prevention being that classification, but if you want to use it in the scenarios where you already have a tool and you're classifying documents, data, using that tool and you want Microsoft Purview Data Loss Prevention just to label and apply protection documents that is also supported, but the comprehensiveness, the end-to-end story would still be missing if you're investigating an incident.
Definitely on the threat action and response. We didn't have a stress-response option before, but the dependent brand point provided it instantly. Also, it's doing UVA and machine learning, which we didn't have before. So it's definitely providing more sophisticated threat-detection capabilities than we had before.
The ability to create groups of people that would access a certain label, having been able to organize the data access to the document access, and protecting repositories with the same level of criticality, regardless of where they're located in the company. That's quite good because we had a lot of document distribution, and it helped provide the same layer of protection regardless of where they're stored.
The other good thing is that it provided traceability of what was going on with the label. So I could understand how many people were trying to access a document that weren't meant to. So it gave me an idea of how well protection was working, not only because people who did have access accessed it, but also I could trace that people who didn't have access couldn't do it.
The only thing is sometimes, because Microsoft has so many platforms, it gets a little confusing, like am I in the security platform? Am I in Purview? Where am I at right now? Because there's so many sites that are kind of doing a lot of the same thing, and so that does get a little confusing from time to time, but outside of that, it's a pretty good product.
I'd say over the last couple of years, there have been some great advancements in Microsoft Purview Data Loss Prevention, so I really do like that. I think some of the challenges I see with Microsoft Purview Data Loss Prevention today are in the first-party world; it does provide some real-time capabilities, but the alerting on DLP has a big lag. And some of our customers, actually, one of my customers in particular, whom I advise heavily, ran into a situation where they were getting hours of delays when they were getting critical, sensitive alerts. So being able to provide that in a more real-time way for both internal use within Microsoft and for third-party products, I think, would be significantly impactful. E-share, as a platform, also uses DLP in order to automate our policy, as I mentioned before. And some of that is a challenge because some of the capabilities we do need real-time information for aren't exposed to us based on the current capabilities that Firmy provides.
Cost add-ons for Security features is nickel and diming the process to keep pace with cybercrime. Limited Education budgets require us to be more pro-active in finding cost-effective measures to protect our devices, staff and students. Defender is a strong, well-featured product that is pricing itself out of the education market
Microsoft Defender for Endpoint is a great EDR to have that works quickly and silently in the background and it integrates well with other Microsoft services. As an IT manager, I can appreciate that I do not get bombarded by alerts for every small detail. On the flipside, the management site can use some work in being more clear and should be more streamlined so I'm not clicking through multiple pages to figure out what happened
Just because it's so easy to navigate and, for the most part, even areas that I don't know about, the support channels are very clear and concise, and they respond very quickly to whatever I need. They'll guide me through whatever I don't understand, and sometimes there are a lot of things added in there.
Microsoft Defender for Endpoint chugs along just fine no matter what we throw at it and what systems it's running on. It doesn't take up a lot of resources either, so that's welcomed.
The first time I tried to onboard my macOS endpoints to MDE I struggled for quite a bit. I had to reach out to Microsoft's MDE support team. The tech was very helpful in walking me through the steps during a screen share session
Deployment was handled by our team here and everything went pretty smoothly. We did have a few hiccups in our test group, but that only took a bit to get ironed out.
Previously, we've used Sophos. We've used, way back when, McAfee, Norton, Symantec, all those. And we finally settled on Microsoft Defender for Endpoint. We're a Microsoft technology stack shop. So obviously it was natural. It's built into Windows, so we're not adding additional agents. Some of the other vendors and their agents, for a while, would compete with CPU usage. And so it actually slowed down the machines. Because Microsoft Defender for Endpoint is built into the Windows product, Microsoft is going to ensure that it does not affect the other productivity tools that a user may use.
Symantec or now? Brocom. Forcepoint, GPV. I'm trying to think of, there's a couple more. I can't think of the top of my head. I would say closer to the bottom then rather than the top. So because of the fact that yes, it integrates well. But in terms of the actual functionality of DLP, there are other requirements that they just don't have the features for yet.
Microsoft Purview Data Loss Prevention is included within the E5 license suite providing value to organizations who are using Microsoft technologies for their organization.
Provides the most extensive integration for Microsoft technologies.
Highly effective for building out a Data Security program and reducing risk exposure associated with data exfiltration.
Provides cross collaboration between assurance functions in a company (Security, Privacy, Risk, Audit)
