Microsoft Defender for Endpoint

Formerly Microsoft Defender ATP

Since we have adopted Microsoft Defender for Endpoint, managing Cyber Security got way less complex, way more simplified, and easy to manage. Not only this, but we also have peace of mind knowing that it works and does what it says it can do. Not only for us but also for our client base we look after.

We use Microsoft Defender Endpoint to check incoming E-mail and PDF, ZIP and xlsx files for viruses. Incoming E-mail without or with attachments or downloaded files can contains viruses, malware or other dangerous components.We receive daily many E-mail, some with attachments, and our customers upload many files to our servers. This should not cause any security problems

We are using this as our endpoint AV. We migrated from Trellix to Defender very recently. This was not a pressing point for us except our org was moving from G-Suite and Microsoft a very good deal for the Collaboration and Security Infrastructure. We have only used the product for EDR and for ATP. The overall performance of our endpoints are good till now. There were slowness reported in the older versions of Defender but with M365, we did not notice any significant slowness of system performance. One major plus is the security dashboard which gives you a very good view of the reports for CISOs.

Defender for Endpoint provides a platform that allows our analysts to quickly and accurately answer important questions during investigations.Most importantly, by simulating these capabilities in the API, we can more efficiently provide high-quality detection and response based on the Defender for Endpoint platform. Microsoft Defender ATP mainly has built-in Threat & Vulnerability Management (TVM), which is a risk-based approach to discover, prioritize and repair vulnerabilities and incorrect configurations of each endpoint to prevent current and future threats and vulnerabilities! TVM can effectively identify, assess and repair endpoint defects, and at the same time score the enterprise's vulnerability level. Therefore, it is very important for IT personnel to implement computer security and health plans and reduce risks to the company's organization.

We use this product enterprise-wide on all of our workstations and servers. It aids in securing the endpoints and users as well as providing easy auditing and reporting on the back end of it all. It allows us to scan at will and/or schedule scans. It also provides real time protection. When an issue is detected the alert system is immediate. Overall, a very solid option for us.

MS Defender is used as endpoint security solution. Pretty useful in protecting endpoints from malware & other threats like credential dump activity, bloodhound/sharphound-related activity. MS support is good in responding on request raised related to threat detection. Major challenges faced is for whitelisting FP detection using file path. Also reports are not much available for reporting requirement.

It's part of a daily tasks that I do with my IT security job at my work. So just watching, monitoring, using it to check for vulnerabilities or alerts for people that have clicked on malicious links or malicious emails or things of that nature.

For antivirus. We have it installed across every Windows device and it's to protect against virus threats.

We deploy Microsoft Defender for Endpoint to every workstation that is capable of supporting it in order to help with malware detection and ransomware detection, amongst any other Defender for Endpoint alerts it can detect.

Microsoft Defender for Endpoint is our main line of defense for our devices, users, and servers. It can be centrally configured and is updated automatically via Microsoft Services. It integrates smoothly with the operating system, and utilizes a large amount of resources provided by Microsoft for detection, remediation and investigation, including taking suspect files and expanding them in automatic, online 'bomb' chambers to expand the file and see if there is anything included as a payload.

Microsoft Defender for Endpoint performs well when using to protect endpoints (PCs, laptops, and servers) from various threats like malware, viruses, and advanced attacks. Scalability is always a challenge in any organization. With Defender for Endpoint we can define the policy and configure setting to match our business needs. Defender for Endpoint has features such as data protection and threat intelligence that bring awareness and risk reduction by analyzing events in our environment.

We use it organization-wide. Defender has addressed malware, phishing, and viruses (trojans). This has significantly decreased our issues and potential exposure.

MDE is Microsoft's latest cybersecurity tool which takes a holistic approach to protect my organization from known and zero-day threats. I love the fact that I don't need to stitch together a diverse solution to increase my organization's security posture. I only have to use one login to manage my dashboard. MDE is compatible with all endpoints in my organization. I have macOS, iOS, Windows server, Windows 10, and Ubuntu Linux on-boarded. It is an EDR, XDR that is mapped against the MITRE ATT&CK framework.

We use Microsoft Defender ATP to get visibility into systems, as well as provide antivirus protection for our Microsoft 365 resources. We currently have it set up for just our IT department and a select few users as we consider transitioning our entire organization away from our current, more traditional Antivirus to something like ATP.