Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.
We never went beyond pilot testing these other platforms when it comes to Avast and Bitdefender, but it was an easy decision to go with Microsoft Defender for Endpoint in regards to cost, ease of installation, configuration, and deployment, and usage on a daily basis. The …
We have used McAfee/Trellix solution before Microsoft Defender for Endpoints with similar experience. There were organization reasons to switch from Trellix to another solution, and Microsoft Defender for Endpoints was a good choice in our case.
As compared to some of the other products we have used in our organization over the years, Windows Defender has been a lot better at not using a lot of system resources when running on the clients. A lot of other commercial threat protection products on the market today, tend …
I think Microsoft Defender for Endpoint is well-suited, especially if you are an e5shop. And then, if you have other Microsoft ecosystems in your organization, for example, we do have Microsoft Defender for Office 365. We also have the Defender for the DIP and the point DIP, Microsoft Purview, and Microsoft Entra ID. When you have all these Microsoft ecosystems in your organization, the collaboration and the data enlistment, the capability, each other is tremendous. So I highly recommend. If you own the first type of the Microsoft ecosystem, definitely a perk to use the Microsoft Defender for Endpoint and the financial EDR system.
Windows Server and Active Directory is very robust and stable, it has been a staple in every IT environment I have worked in during my career. Junior to Intermediate admins can learn Windows Server easily, the user interfaces make administration tasks very easy as well as the documentation available through a vast amount of resources. There are other Operating Systems available with no GUI which has a smaller attack surface, faster update installation and reboot time. Windows Server does have the ability to remove the desktop experience, however it is not something I have had experience with and I believe most administrators choose not to remove it.
It really protects our endpoints. We've used other antivirus programs in the past, and they haven't had that full confidence in those products compared to what Microsoft Defender for Endpoint does for us.
Another pro is that it's easy to manage the management console through Intune to see Microsoft Defender for Endpoint up in the cloud and see the state of our devices.
Another pro is we haven't had an incident since we installed it.
Microsoft needs to minimize the update frequency by making the product more secure. It can become very exhausting trying to keep updated if you don't have a dedicated support team. It can become challenging where the business is unable to allow downtime for reboots as part of the update process.
Prone to security and audit vulnerabilities.
The operating system needs more CPU and memory resources compared to other options such as Linux.
Understanding the licensing model can be abit confusing.
Comes with a standard firewall, but not the most secured one available. Would suggest using a more secured firewall as part of your antivirus software.
Due to the number of vulnerabilities and the operating system being a target for hackers, anti-virus software is a must.
Cost add-ons for Security features is nickel and diming the process to keep pace with cybercrime. Limited Education budgets require us to be more pro-active in finding cost-effective measures to protect our devices, staff and students. Defender is a strong, well-featured product that is pricing itself out of the education market
I've carefully reviewed the servers and services currently running on Windows Server 2012, and given the opportunity would renew them as is going forward. There are two systems I currently have in place, one is a very large Linux implementation for a large ecommerce site, and one is a very large backup solution front ended by FTP servers running Linux. Neither are well suited for Windows, but the overall network infrastructure is and will be Windows Server for the foreseeable future.
Microsoft Defender for Endpoint is a great EDR to have that works quickly and silently in the background and it integrates well with other Microsoft services. As an IT manager, I can appreciate that I do not get bombarded by alerts for every small detail. On the flipside, the management site can use some work in being more clear and should be more streamlined so I'm not clicking through multiple pages to figure out what happened
Anyone new to IT could easily use the familiar Desktop Experience (GUI) version because we all know how to use Windows, whether a client or server version. Once an IT user is more comfortable with the operating system, they can move on to the Core version, which is the way to go in almost all situations.
Microsoft Defender for Endpoint chugs along just fine no matter what we throw at it and what systems it's running on. It doesn't take up a lot of resources either, so that's welcomed.
The first time I tried to onboard my macOS endpoints to MDE I struggled for quite a bit. I had to reach out to Microsoft's MDE support team. The tech was very helpful in walking me through the steps during a screen share session
Microsoft's support is hugely wide-ranging from articles online to having to contact them directly for the more serious issues. In recent years when I have contacted them directly, I have found the support o be excellent as I have found myself connected to very knowledgeable people in the field in which I needed the support. The online support available is vast and I tend to find most of the time that there is always someone out there who has had the same issue as me in the past and knows something about how to resolve it! This is the advantage of using industry standard and long-established systems such as Windows Server.
Deployment was handled by our team here and everything went pretty smoothly. We did have a few hiccups in our test group, but that only took a bit to get ironed out.
Make sure that you have detailed processes in place for every server instance you plan to install/upgrade, if possible get the base OS loaded and Windows Updates applied ahead of time, and if using a VM take a snapshot prior to installing each role, as well as along the way.
Microsoft Defender for Endpoint offers strong integration with Microsoft 365 and Azure services, which provide a unified security experience. While McAfee Trellix is known for solid antivirus, Microsoft Defender excels in integration in the ecosystem.
They are different experiences, and while the other solutions offer enterprise-grade stability and, in some cases, address Windows server shortcomings (such as patching), they all do the trick, but the other solutions require a deeper technical background/configuration of items at the command line, which some people are not fully comfortable with.
