We replaced our previous XDR with Microsoft Defender XDR 4 years ago and we don't regret the decision we made. The software has provided us with centralised visibility, real time threat management and anomaly detection. It has also provided us with comprehensive protection against malware and other sophiscated attacks. The software has amazing detection efficiency and automation capabilities. Through implementation of the tool we are able to stay ahead of evolving modern day threats and keep our endpoints safe and secure.
Pros
The software has broad integration capabilities and powerful automation systems.
Microsoft Defender XDR is easy to use and has a very user-friendly interface.
It is fast and reliable in detecting attacks
Effectiveness of the product in vulnerability management and threat intelligence.
Cons
Support services of the software are very unreliable. The take so much time before responding to customer queries.
Cost of software premium services and advanced protection is expensive.
Software configuration is complex.
Likelihood to Recommend
<div>The software delivers real-time threat detection and seamlessly integrates with other softwares such as Microsoft Defender for Cloud and Azure Marketplace. </div><div>Microsoft Defender XDR only supports English language which is a major setback to other language natives.</div><div>Customer support services of the software are only available online. No phone calls.</div><div>The product ensures a simplified automation and integration.</div><div>
We use the full Microsoft 365 suite, so Microsoft Defender XDR is included and protects the corporate network.
Utilizamos todo o pacote Microsoft 365, portanto o Microsoft Defender XDR está incluído e protege a rede corporativa.
Pros
Antimalware
Web Protection
ID Monitoring
Cons
Improve resource usage when implemented. The slowness of the system is noticeable when the tool is scanning.
Likelihood to Recommend
Identifying and blocking dangerous apps and websites. This approach has been effective, preventing many issues involving personal and corporate data.
Identificação e bloqueio de aplicativos e sites perigosos. Esta ação tem sido eficaz, evitando muitos problemas com dados pessoais e corporativos.
<i>Parts of this review were originally written in Portuguese and have been translated into English using a third-party translation tool. While we strive for accuracy, some nuances or meanings may not be perfectly captured.</i>
Microsoft Defender XDR is a must have solution if you rely on Microsoft products, especially in Azure. It provides excellent overview of the security posture in our company, represents valuable source of data, providing huge amount of information which can be used for different kinds of investigations and in conjunction with utilizing builtin/custom detections to detect different kinds suspicious events
Pros
Logging
Alerting
Detection
Prevention
Cons
improve customization of detection rules
improve automatic investigations speed
improve remediation scope (some emails from same sender in a phishing campaign are quarantined some are not)
Likelihood to Recommend
Microsoft Defender is an excellent all-in-one solution for managing and monitoring the overall security posture, especially if you rely on Microsoft products. By my opinion, each segment of the suite can be replaced by a better product from a different specialized vendor, but you will lack the benefits of the integration between them. In the today's world of neverending security challenges and solutions, this fact is more than important.
VU
Verified User
Analyst in Information Technology (501-1000 employees)
We use Microsoft Defender XDR across our entire organization as our unified threat protection platform. It plays a critical role in our security operations, allowing us to detect, investigate, and respond to threats across endpoints, email, identities, and cloud apps.
The main business problem it addresses is slow incident response. It pulls in telemetry from different sources and correlates them, giving us better context and prioritization.
Pros
automated investigation and response
attack path visibility
Cons
Complexity of the UI
High learning curve
Likelihood to Recommend
If your environment is heavily based on Microsoft services Defender XDR is a no brainer.
Automatic isolation of endpoints for any type of malware infection.
If you’re not using Microsoft 365 for productivity Defender XDR won’t provide as much value.
Smaller organizations without an experienced security team might find it overwhelming because of its configuration and complexity.
VU
Verified User
Manager in Information Technology (1001-5000 employees)
This is used across our entire fleet of devices. It has allowed us to streamline the services we use as now most things are under the Microsoft umbrella.
This makes them much more worthwhile from a cost perspective as we're no longer paying for the functionality and another product for XDR.
Pros
Picks up issues that other products have not
Highlights vulnerabilities as well as live incidents
Cons
Speed of which the portal updates
Onboarding process
Visibility of all information needed to diagnose and resolve an incident
Likelihood to Recommend
The software links in well with other Microsoft products as they are all designed by the same people.
VU
Verified User
Employee in Information Technology (501-1000 employees)
Microsoft Defender XDR actively monitors all our company endpoints for malicious software and URLS. It covers approx. 100 machines, and is accessed through our MS365 admin portal. It provides us with a real time view of any malicious activity, a break down of the chain of events lading up to it, the machines and user sinvolved and provides automated responses and recommendations on manual interventions.
Pros
Active/real time monitoring
dashboards
Automated responses
Cons
logs even informational incidents as active, even if there's no threat
little hard to navigate some of the consoles to find information sometimes
not always clear if action is needed
Likelihood to Recommend
Multiple laptops in remote locations where they cannot be managed hands on easily. Provides many monitoring tools or keep them secure. It does work well with some other AV products (Trend Micro ApexOne in our case). May not be so useful for IT staff not familiar with security issues.
We use Microsoft Defender XDR as a central part of our cyber safety strategy, which respond to explore, prevent and react to the endpoints, identity, email and cloud application. It provides an integrated platform that helps our security team to correct indications in different Microsoft services such as Defender for endpoints, Office 365, identity, and cloud apps - it is very easy to catch the surfaces of many attacks.
We rely on Microsoft Defender XDR to examine the danger and to automatically, which significantly reduces the response time and manual workload on our SOC team. For example, if a phishing email doubt leads to the closing point behavior, Microsoft Defender XDR can detect the user's identification, device and a full attack path in the inbox, and automatically distinguish the danger.
This addresses important commercial problems such as lack of visibility in security layers, slower detection and manual phenomenon reaction bangles. It also plays an important role in supporting compliance efforts and reducing risk in our hybrid function environment.
The scope of use includes all endpoints, email systems, Azure Active Directory identification, and company-wide deployment in cloud apps, providing the visibility of centralized danger within the Microsoft ecosystem, risk scoring, and coordinated defense.
Pros
One of the greatest strength of Microsoft Defender XDR has the ability to convey alert and signal in the closing point, email, identity and cloud applications in an event. Instead of obtaining isolated alert from each tool, Microsoft Defender XDR consolidates them in a full attack story, which helps the security teams to understand the scope and impact of a danger very fast.
If a user clicks on the fishing link, Microsoft Defender XDR automatically can associate malicious emails with lateral movement efforts, suspected sine-in, and endpoint activity-to protect against hours of manual probes.
The defender uses AI-powered automation for investigating and treatment of Microsoft Defender XDR events. It can separate the infected closing points, can cancel the compromised tokens, or remove malicious email - without the need for human intervention.
When malware is detected on a device, the defender can separate the device, kill malicious processes, and automatically flag the same files throughout the environment, which can spread.
Because it is integrated deeply with Microsoft 365 defender, Entra ID (Azure Ad), Intune, and PurView, the defender provides native safety in the XDR Microsoft Stack. It simplifies deployment and maintenance, offering deep visibility in user activity and cloud data.
Cons
The user interface can be heavy, especially for new users. There is a lot of valuable information, but it is not always easy what you need - especially when examining events in several domains. A more spontaneous, role-based layout will actually help to streamlines the workflows for various safety roles.
Another area is alert noise. While Microsoft Defender XDR performs a good job, which corresponds the signals, we still see a high amount of low-essential alerts that disorganize the dashboard. Dynamic warnings depending on more underlying filtering, better priority logic, or behavior will make it easier to focus on high -risk hazards.
Custom detection and hunting with KQL is powerful, but is a learning state. For junior analysts or teams without deep KQL experience, more prebtt templates, guided query builders, or natural language support will be great.
Likelihood to Recommend
Microsoft Defender XDR is well suited for organizations already invested in the Microsoft Ecosystem - including Microsoft 365, Azure Ad and INTune. For example, in scenarios where you need to correlament the fishing attacks with the closing point behavior and identity agreement, Microsoft Defender XDR does a big task of sewing the timeline of a full attack simultaneously and even automatically removing.
This hybrid function is also ideal for the environment, where safety visibility in distance tools, cloud apps and email is important. Microsoft Defender XDR provides centralized insight and response in all these domains without the requirement of many devices.
However, it is less suitable in the atmosphere with diverse or non-microsoft infrastructure, such as an organization running a mixture of Linux server, Google work area or third-party EDR tools. Cross-platform support is still developing, and integration of the microsoft ecosystem often requires additional configurations or third-party connectors. For companies of that situation, Microsoft Defender XDR cannot give its full value from the XDR box.
VU
Verified User
Project Manager in Information Technology (501-1000 employees)
We use Microsoft Defender XDR to keep our computers safe from bad stuff like viruses and spam. It helps us stop the bad emails and things before they can hurt us. We use it on all our laptops and phones so everyone is safe. It is like a superhero for our computers and makes sure no sneaky hackers come in.
Pros
Unified threat detection across endpoints
Endpoint activity monitoring and logging
Rapid forensic data collection and analysis
Detailed threat analytics and reporting
Automated remediation workflows
Cons
Multi-tenant management complexity
Automated response configuration
User behavior analytics granularity
License complexity and cost
Likelihood to Recommend
I give Microsoft Defender XDR a 9 because it helps us watch all the computers and users. When bad things happen, it tells us fast so we can fix it. Sometimes it gets too many alerts and it's hard to know what to do first. But mostly it works good and keeps our company safe from hackers and viruses. I tell my friends to try it.
It saves our system and mails from the cyber attacks. It blocks the threats immediately. This is knows has extended detection and response. It improves security by adding extra wall in our system. It gives protection across the system from the endpoints, emails to the system apps. It continuously work and deliver the secure and smooth experience to the system. It debug or fix the threat queries rapidly.
Pros
Rapidly detect and fix.
Seamless work on Microsoft ecosystem.
Advanced features that deliver better experience.
Cons
More third party integration needs to be add.
Require high configuration system.
Likelihood to Recommend
Excellent product for every organisation because system security is very necessary for organisation data and it deliver and fulfil the needs very efficiently.
Currently with using this software we are able to provide a security against cyber frauds as using this software is simple and it supports on multiple platforms which saves our cost to buy different software for different error tracking like email and cloud security it provides all in one in single tool also it automatic detect the threats and respons faster which saves our lot of time and saves manual efforts.
Pros
Supports multiple platforms
All in one for multiple threats detection like email and cloud security
It automatically detects the threats faster
Cons
Well suited for multiple os
Easy to implement
Detect and provide alert faster
Likelihood to Recommend
For using different software to secure multiple things like endpoint email and cloud security it provides all in one solution to protect all of there with using single tool which saves lot of time and manual efforts along with that they provide a option to customise dashboard where we can easily track the threats .
VU
Verified User
Project Manager in Information Technology (201-500 employees)
