Microsoft 365 Defender combines SIEM and XDR capabilities for Microsoft 365 environments, encompassing threat detection, post-breach detection, automated investigation, and response for endpoints. Additionally, it protects cloud apps, emails and documents, and employee identities.
N/A
Microsoft Entra ID
Score 8.9 out of 10
N/A
Microsoft Entra ID (formerly Microsoft Azure Active Directory or Azure AD) is a cloud-based identity and access management (IAM) solution supporting restricted access to applications with Azure Multi-Factor Authentication (MFA) built-in, single sign-on (SSO), B2B collaboration controls, self-service password, and integration with Microsoft productivity and cloud storage (Office 365, OneDrive, etc) as well as 3rd party services.
Microsoft Defender XDR is well suited for organizations already invested in the Microsoft Ecosystem - including Microsoft 365, Azure Ad and INTune. For example, in scenarios where you need to correlament the fishing attacks with the closing point behavior and identity agreement, Microsoft Defender XDR does a big task of sewing the timeline of a full attack simultaneously and even automatically removing. This hybrid function is also ideal for the environment, where safety visibility in distance tools, cloud apps and email is important. Microsoft Defender XDR provides centralized insight and response in all these domains without the requirement of many devices. However, it is less suitable in the atmosphere with diverse or non-microsoft infrastructure, such as an organization running a mixture of Linux server, Google work area or third-party EDR tools. Cross-platform support is still developing, and integration of the microsoft ecosystem often requires additional configurations or third-party connectors. For companies of that situation, Microsoft Defender XDR cannot give its full value from the XDR box.
Microsoft Entra ID provides powerful and reliable identity and access management capabilities that enhance secure authentication and authorization for cloud systems. Offer modern security features, including MFA, conditional access, and threat intelligence, to protect identities and prevent unauthorized access. Single Sign-On allows us to access multiple apps with just a single login.
The software uses advanced AI and machine learning algorithms to monitor activities and detect any anomalies immediately, protecting our financial data.
Automated responses to known threats reduce the impact of possible incidents and improve our security posture.
Microsoft 365 Defender easily combines with other Microsoft 365 services and external security solutions, providing a complete and unified security solution.
Single Sign-on helps ease the user experience, allowing users to avoid typing multiple passwords.
The identity and management are straightforward to use and easy to connect to other applications, as well as third-party applications.
The support of remote work. Nowadays, many people work from home and need to access their accounts. Microsoft Enterprise ID gives secure access to the company data.
Improved algorithms to minimize false positives in threat detection, reducing the impact on security teams and preventing unnecessary investigations into non-threatening incidents.
Advanced User-Friendly Interface:
Streamlined and intuitive user interface for the centralized dashboard, making it more accessible for security professionals with varying levels of expertise.
Greater Third-Party Integration:
Increased compatibility and integration capabilities with a broader range of third-party security tools
We are pleased with the product and have no plans to look for alternatives. We are deeply invested in Microsoft ecosystem and Defender XDR provides seamless integration to other Microsoft products. For academic institution pricing is also quite affordable. In the contrary, we hope to extend the scope of the product for our entire environment.
MSFT Entra ID has been essential for managing our geographically dispersed team. We're confident that it will scale with us as grow, and we'll be able to take advantage of additional security and ID management features as they become necessary. Being able to centrally manage our user access from anywhere with a small support team is such a relief.
Overall the UI is modern and OK to use. Attack story is quite nice visual of incident. Advanced hunting supports autocomplete so that helps doing KQL-queries efficiently. The product is quite comprehensive and one can get lost in the vast UI. Learning curve is quite high and navigation is complex. As product also continues to evolve the UI might change somewhat.
Simply because of what I mentioned earlier, the feature set sort of keeps changing and they do a lot of, they integrated with a lot of the other tools and so for users who are not as well seasoned, it may be a little bit more complicated for them to begin working within the tool.
In our experience there has been very little downtime for Microsot Defender XDR. For us there hasn’t been any single incident where we needed the product and it was not available.
Most of the time the product is as responsive as you might expect from cloud product. Occasionly the product is little slugish, this has been at most a slight irritation. Reports generate quickly ennough for our needs. We also not have found that Defender XDR slows down systems that it is integrated with
Their support throughout our onboarding of the product was fabulous. They not only took the time to carefully explain to teams not as well equipped with the lingo but explained to the tech team how to teach the other teams to be successful. They never once seemed impatient or annoyed with basic questions and didn’t pretend to know something when they needed to research an answer
I have not needed to engage support for anything at this time. I have been able to find the answers either online or in a knowledgebase. I tried to skip the question but it would not let me, so I rated a 9 based on other interactions with Microsoft support I have had
Microsoft Provides a good training for the Microsoft 365 Defender and has a good learning paths to learn and take the exams and get your Certifications.
seemless and almost transparent. can be deployed by script if needed so every endpoint on our system get's it. if you have intune it gets dumped on the the endpoint by policy so nothing escapes it
Make sure you use a good partner. Our implementation was a bit longer and more problematic than we expected. Our partner got it done, but, in my opinion, some of their inexperience and staffing issues were evident.
Our product in that area, for instance as a security platform and for us it is for the moment really bad point. We started to move in that direction that there is that disconnect from the client management. So if there is some action that needs to be executed detected by security team, there is not an easy way to make that available to the team that is responsible for managing the identities as users, as the devices
Yeah, so basically that product to be honest, was more of a getting comfortable with cloud identification management. So that was a product I used. It has all the policies for desktops and doing updates and all that central directory identity provisioning stuff for users. Users and I will have an advantage because right now you get it from the time you get email, you get it, it is there, right? I mean you don't have to pay for anything. And then Microsoft, depending on your interest file license you have Access to Defender and all of those other nice products that compliment Entra ID. So I think that Entra ID is more rich. There's more potential as the business scales if that other product, you can't really scale as much as it was good because I deal with a lot of small medium size enterprises. I do a lot of more consulting type firms. They don't have more than 20 consultants and they just need a system whether it's for their legal activities, finance activities, et cetera. But in terms of having an email is very important to so many companies. So it's so easy to use the Entra ID and easy to expand more value for money for clients.
Azure cloud provides techical power to scale the product for whole organization. From organizational point of view scaling Defender XDR for various IT teams needs good collaboration and clear norms that all teams must agree to and follow.
Microsoft Professional Services' technical knowledge is appreciable as consultants design the solution as per customer requirements. Mapping of features per user specifications and assisting Customer IT engineers to implement so they can manage and administer the services.
I think it's had positive. It's enabled us to make authentication easier and more streamlined across the organization from frontline workers to back office workers.
It's allowed us to really adopt authentication policies and methods that suit that user and their work environment.
