Our organization utilizes Microsoft Defender XDR to enhance security of our cloud and onpremises environments. The product secures our endpoints, identeties, productivity products like Exchange, Teams and Sharepoint and also other cloud applications. Product is one of the most important layers of security for out IT team. The product is deployed on all of our several hundred endoints and it secure several thousand identities.
Pros
Unified visibility in one tool
Automated attack distribution
Threat intelligence
Cons
For non-Windows devices features are more limited and would need some work
Sometimes there is alert noise
UI is somewhat complex as the products scope is large
Likelihood to Recommend
Product gives most bang for buck for organizations that have a lot of products from Microsoft ecosystem. Support is excellent for Microsoft products, but more limited for other products. The product is somewhat expensive for enterprises, but for academic institutions the product is quite affordable. Even for enterprises first in class security is an investment worth doing.
We use Microsoft Defender XDR to monitor for cyber threats, increase our response time to cyber events and tie into Microsoft Purview for insider risk management and data loss prevention. We can investigate and remediate threats from a single portal and Microsoft Defender XDR integrates perfectly with Purrview for insider risk and adaptive DLP policies.
Pros
Anti-phishing workflows
Threat and vulnerability scanning and detection
Insider risk detection and policy enforcement
Cons
The security portal is busy and can be difficult to navigate
Licensing is spread across multiple plans.
Struggles with non-Microsoft ecosystems like Linux or other SIEM tools besides Sentinel
Likelihood to Recommend
Multi-stage attack detection. Microsoft Defender XDR excels at gathering alerts from endpoints, email and cloud apps into a single view. Seamless integration for organizations fully invested in Microsoft 365. Built-in playbooks can isolate devices, block sessions and delete/block malicious emails automatically. It struggles with non-Microsoft environments. Limited integration withe 3rd party tools and non-windows platforms. Complexity of setup and steep learning curve for advanced features like hunting and automation would make it difficult to manage for small teams.
We use the full Microsoft 365 suite, so Microsoft Defender XDR is included and protects the corporate network.
Utilizamos todo o pacote Microsoft 365, portanto o Microsoft Defender XDR está incluído e protege a rede corporativa.
Pros
Antimalware
Web Protection
ID Monitoring
Cons
Improve resource usage when implemented. The slowness of the system is noticeable when the tool is scanning.
Likelihood to Recommend
Identifying and blocking dangerous apps and websites. This approach has been effective, preventing many issues involving personal and corporate data.
Identificação e bloqueio de aplicativos e sites perigosos. Esta ação tem sido eficaz, evitando muitos problemas com dados pessoais e corporativos.
<i>Parts of this review were originally written in Portuguese and have been translated into English using a third-party translation tool. While we strive for accuracy, some nuances or meanings may not be perfectly captured.</i>
We use Microsoft Defender XDR across our entire organization as our unified threat protection platform. It plays a critical role in our security operations, allowing us to detect, investigate, and respond to threats across endpoints, email, identities, and cloud apps.
The main business problem it addresses is slow incident response. It pulls in telemetry from different sources and correlates them, giving us better context and prioritization.
Pros
automated investigation and response
attack path visibility
Cons
Complexity of the UI
High learning curve
Likelihood to Recommend
If your environment is heavily based on Microsoft services Defender XDR is a no brainer.
Automatic isolation of endpoints for any type of malware infection.
If you’re not using Microsoft 365 for productivity Defender XDR won’t provide as much value.
Smaller organizations without an experienced security team might find it overwhelming because of its configuration and complexity.
VU
Verified User
Manager in Information Technology (1001-5000 employees)
This is used across our entire fleet of devices. It has allowed us to streamline the services we use as now most things are under the Microsoft umbrella.
This makes them much more worthwhile from a cost perspective as we're no longer paying for the functionality and another product for XDR.
Pros
Picks up issues that other products have not
Highlights vulnerabilities as well as live incidents
Cons
Speed of which the portal updates
Onboarding process
Visibility of all information needed to diagnose and resolve an incident
Likelihood to Recommend
The software links in well with other Microsoft products as they are all designed by the same people.
VU
Verified User
Employee in Information Technology (501-1000 employees)
Microsoft Defender XDR actively monitors all our company endpoints for malicious software and URLS. It covers approx. 100 machines, and is accessed through our MS365 admin portal. It provides us with a real time view of any malicious activity, a break down of the chain of events lading up to it, the machines and user sinvolved and provides automated responses and recommendations on manual interventions.
Pros
Active/real time monitoring
dashboards
Automated responses
Cons
logs even informational incidents as active, even if there's no threat
little hard to navigate some of the consoles to find information sometimes
not always clear if action is needed
Likelihood to Recommend
Multiple laptops in remote locations where they cannot be managed hands on easily. Provides many monitoring tools or keep them secure. It does work well with some other AV products (Trend Micro ApexOne in our case). May not be so useful for IT staff not familiar with security issues.
We use Microsoft Defender XDR as a central part of our cyber safety strategy, which respond to explore, prevent and react to the endpoints, identity, email and cloud application. It provides an integrated platform that helps our security team to correct indications in different Microsoft services such as Defender for endpoints, Office 365, identity, and cloud apps - it is very easy to catch the surfaces of many attacks.
We rely on Microsoft Defender XDR to examine the danger and to automatically, which significantly reduces the response time and manual workload on our SOC team. For example, if a phishing email doubt leads to the closing point behavior, Microsoft Defender XDR can detect the user's identification, device and a full attack path in the inbox, and automatically distinguish the danger.
This addresses important commercial problems such as lack of visibility in security layers, slower detection and manual phenomenon reaction bangles. It also plays an important role in supporting compliance efforts and reducing risk in our hybrid function environment.
The scope of use includes all endpoints, email systems, Azure Active Directory identification, and company-wide deployment in cloud apps, providing the visibility of centralized danger within the Microsoft ecosystem, risk scoring, and coordinated defense.
Pros
One of the greatest strength of Microsoft Defender XDR has the ability to convey alert and signal in the closing point, email, identity and cloud applications in an event. Instead of obtaining isolated alert from each tool, Microsoft Defender XDR consolidates them in a full attack story, which helps the security teams to understand the scope and impact of a danger very fast.
If a user clicks on the fishing link, Microsoft Defender XDR automatically can associate malicious emails with lateral movement efforts, suspected sine-in, and endpoint activity-to protect against hours of manual probes.
The defender uses AI-powered automation for investigating and treatment of Microsoft Defender XDR events. It can separate the infected closing points, can cancel the compromised tokens, or remove malicious email - without the need for human intervention.
When malware is detected on a device, the defender can separate the device, kill malicious processes, and automatically flag the same files throughout the environment, which can spread.
Because it is integrated deeply with Microsoft 365 defender, Entra ID (Azure Ad), Intune, and PurView, the defender provides native safety in the XDR Microsoft Stack. It simplifies deployment and maintenance, offering deep visibility in user activity and cloud data.
Cons
The user interface can be heavy, especially for new users. There is a lot of valuable information, but it is not always easy what you need - especially when examining events in several domains. A more spontaneous, role-based layout will actually help to streamlines the workflows for various safety roles.
Another area is alert noise. While Microsoft Defender XDR performs a good job, which corresponds the signals, we still see a high amount of low-essential alerts that disorganize the dashboard. Dynamic warnings depending on more underlying filtering, better priority logic, or behavior will make it easier to focus on high -risk hazards.
Custom detection and hunting with KQL is powerful, but is a learning state. For junior analysts or teams without deep KQL experience, more prebtt templates, guided query builders, or natural language support will be great.
Likelihood to Recommend
Microsoft Defender XDR is well suited for organizations already invested in the Microsoft Ecosystem - including Microsoft 365, Azure Ad and INTune. For example, in scenarios where you need to correlament the fishing attacks with the closing point behavior and identity agreement, Microsoft Defender XDR does a big task of sewing the timeline of a full attack simultaneously and even automatically removing.
This hybrid function is also ideal for the environment, where safety visibility in distance tools, cloud apps and email is important. Microsoft Defender XDR provides centralized insight and response in all these domains without the requirement of many devices.
However, it is less suitable in the atmosphere with diverse or non-microsoft infrastructure, such as an organization running a mixture of Linux server, Google work area or third-party EDR tools. Cross-platform support is still developing, and integration of the microsoft ecosystem often requires additional configurations or third-party connectors. For companies of that situation, Microsoft Defender XDR cannot give its full value from the XDR box.
VU
Verified User
Project Manager in Information Technology (501-1000 employees)
We use Microsoft Defender XDR to keep our computers safe from bad stuff like viruses and spam. It helps us stop the bad emails and things before they can hurt us. We use it on all our laptops and phones so everyone is safe. It is like a superhero for our computers and makes sure no sneaky hackers come in.
Pros
Unified threat detection across endpoints
Endpoint activity monitoring and logging
Rapid forensic data collection and analysis
Detailed threat analytics and reporting
Automated remediation workflows
Cons
Multi-tenant management complexity
Automated response configuration
User behavior analytics granularity
License complexity and cost
Likelihood to Recommend
I give Microsoft Defender XDR a 9 because it helps us watch all the computers and users. When bad things happen, it tells us fast so we can fix it. Sometimes it gets too many alerts and it's hard to know what to do first. But mostly it works good and keeps our company safe from hackers and viruses. I tell my friends to try it.
It saves our system and mails from the cyber attacks. It blocks the threats immediately. This is knows has extended detection and response. It improves security by adding extra wall in our system. It gives protection across the system from the endpoints, emails to the system apps. It continuously work and deliver the secure and smooth experience to the system. It debug or fix the threat queries rapidly.
Pros
Rapidly detect and fix.
Seamless work on Microsoft ecosystem.
Advanced features that deliver better experience.
Cons
More third party integration needs to be add.
Require high configuration system.
Likelihood to Recommend
Excellent product for every organisation because system security is very necessary for organisation data and it deliver and fulfil the needs very efficiently.
Currently with using this software we are able to provide a security against cyber frauds as using this software is simple and it supports on multiple platforms which saves our cost to buy different software for different error tracking like email and cloud security it provides all in one in single tool also it automatic detect the threats and respons faster which saves our lot of time and saves manual efforts.
Pros
Supports multiple platforms
All in one for multiple threats detection like email and cloud security
It automatically detects the threats faster
Cons
Well suited for multiple os
Easy to implement
Detect and provide alert faster
Likelihood to Recommend
For using different software to secure multiple things like endpoint email and cloud security it provides all in one solution to protect all of there with using single tool which saves lot of time and manual efforts along with that they provide a option to customise dashboard where we can easily track the threats .
VU
Verified User
Project Manager in Information Technology (201-500 employees)
