Skip to main content
TrustRadius
Microsoft Defender XDR

Microsoft Defender XDR
Formerly Microsoft 365 Defender

Overview

What is Microsoft Defender XDR?

Microsoft 365 Defender combines SIEM and XDR capabilities for Microsoft 365 environments, encompassing threat detection, post-breach detection, automated investigation, and response for endpoints. Additionally, it protects cloud apps, emails and documents, and employee identities.

Read more
Recent Reviews

Microsoft Defender XDR

10 out of 10
February 06, 2024
Microsoft Defender XDR is mainly responsible for the detection and handling of Phishing related emails. Microsoft Defender XDR is also …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing
Microsoft Defender XDR

Microsoft Defender XDR

N/A
Unavailable

What is Microsoft Defender XDR?

Microsoft 365 Defender combines SIEM and XDR capabilities for Microsoft 365 environments, encompassing threat detection, post-breach detection, automated investigation, and response for endpoints. Additionally, it protects cloud apps, emails and documents, and employee identities.

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.microsoft.com/en…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

24 people also want pricing

Alternatives Pricing

Kaspersky EDR Expert

Kaspersky EDR Expert

$52.30
3-year commitment, calculated per year per endpoint
What is Kaspersky EDR Expert?

Kaspersky Endpoint Detection and Response (EDR) Expert provides endpoint protection, advanced detection, threat hunting and investigation capabilities and multiple response options in a single package. It is an EDR solution for IT security teams with more mature incident response processes,…

Return to navigation

Product Demos

Getting started with Microsoft 365 Defender

YouTube
Return to navigation

Product Details

What is Microsoft Defender XDR?

For SecOps, XDR with incident-level visibility across the kill chain for automatic disruption of sophisticated attacks and accelerated response across endpoints, identities, email, collaboration tools, cloud applications, and data.


Endpoints: Discovers and secures endpoint and network devices across a multiplatform enterprise.

Identities: Manages and secures hybrid identities and simplifies employee, partner, and customer access.

Cloud apps: Visibility, control, and threat detection across cloud services and apps.

Email and collaboration tools: Protects email and collaboration tools from advanced threats, such as phishing and business email compromise.

Microsoft Defender XDR (formerly Microsoft 365 Defender) combines SIEM and XDR capabilities for Microsoft 365 environments, encompassing threat detection, post-breach detection, automated investigation, and response for endpoints. Additionally, it protects cloud apps, emails and documents, and employee identities.

Microsoft Defender XDR Features

  • Supported: Endpoints: Discovers and secures endpoint and network devices across a multiplatform enterprise.
  • Supported: Identities: Manages and secures hybrid identities and simplifies employee, partner, and customer access.
  • Supported: Cloud Apps: Offers visibility, controls data, and detects threats across cloud services and apps.
  • Supported: Email & Collaboration tools: Protects email and collaboration tools from advanced threats, such as phishing and business email compromise.

Microsoft Defender XDR Screenshots

Screenshot of AH Advanced ModeScreenshot of AH Guided modeScreenshot of CD exampleScreenshot of CD Supported actions

Microsoft Defender XDR Competitors

Microsoft Defender XDR Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Microsoft 365 Defender combines SIEM and XDR capabilities for Microsoft 365 environments, encompassing threat detection, post-breach detection, automated investigation, and response for endpoints. Additionally, it protects cloud apps, emails and documents, and employee identities.

CrowdStrike Falcon, Sophos Intercept X, and Symantec Endpoint Security are common alternatives for Microsoft Defender XDR.

Reviewers rate Usability highest, with a score of 8.

The most common users of Microsoft Defender XDR are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(137)

Attribute Ratings

Reviews

(1-3 of 3)
Companies can't remove reviews or game the system. Here's why
September 28, 2023

Microsoft 365 Defender has come a long ways, becoming a top shelf product

Verified User
Engineer in Information Technology
Information Technology & Services Company, 201-500 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
we use this as the front line of defense and then use Huntress as the add on to get the optimal settings and config and reporting to give better insight into what is going on and how to remediate the issues. Microsoft 365 Defender has come a long way and certainly at this point a great firstline
Pros and Cons
  • built in, ready to go
  • easy for complicancy
  • one stop shop
  • reporting
  • config
Likelihood to Recommend
stand alone it does a pretty good job, out of the gates they were slow to get things right but over time they got it better and getting better as time goes by. In my opinion, the areas that fall short is the reporting and remediations that are needed. once they get better at this, we can look at this as a stand alone product to end point management
Return on Investment
  • positive, has become a strong product over time
  • built in to windows so there is no need to remove or stop it
  • one less thing to install / remove
Challenges Being Addressed
Out of the gates, was not the best and took a while to get it where it's is now but continues to make huge strides and is a good challenger for top shelf for endpoint management.
easier to roll out and manage, built in to windows OS so one less thing to install or roll out. no need for tokens or special installers
Automated Response
not directly, we use huntress as the reporting and config portion as the maturity of the product as it is now is does not meet our needs. i am sure they will develop this to include more features for management of this.
not at the momment, as it's not mature enough to use as a stand alone. we have coupled it with huntress.
SIEM Connection/Configuration
yes another SIEM, was dead simple to config and all data is pushed up and we get it all monitored and alerts sent to use.
Alternatives Considered
beats cylance protect, crowstrike is solid but at a costly product
cannot use kapersky due to embargo
norton not good enough now
Other Software Used
Products Replaced
Yes
cyclance protect
Key Differentiators
  • Scalability
  • Integration with Other Systems
  • Ease of Use
built in so scalability is a no brainer
Evaluation Lessons Learned
work closer with MSFT partner to get more insight into some roll out ideas
Usability
9
integrated with windows OS, so pre installed and no mucking around afterwards
Easy Tasks
  • no need to install, all machines that are rolled out have it
  • no need to find installers or tweak settings
Difficult Tasks
  • poor reporting
  • poor remediations
September 20, 2023

MS 365 Defender plays good defense!

Verified User
Consultant in Information Technology
Information Technology & Services Company, 1001-5000 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
MS Defender protects all our company files, email and archives. It prevents any potential virus from being loaded and spread across our people and our organization. Links are blocked and suspicious content is controlled from loading automatically.
Pros and Cons
  • identifies threats
  • detects attacks and suspicious activity
  • protects devices
  • lacks protection against malicious websites
  • vulnerability to unknown virus
Likelihood to Recommend
It is well suited for automated investigation features, to waste less time detecting problems and resolve them automatically. It also auto-heals damaged assets. This applies to all, and only, the MS Suite products which already have in-build security features, but for external products the things get a bit more complicated and MS 365 Defender might not be the best solution.
Return on Investment
  • consolidates necessary security measures
  • cost savings
  • time saving
Challenges Being Addressed
Threat detection, email security, endpoint security, and securing the Office package
The solution is used to create policies for anti-spam, anti-malware, and anti-phishing, as well as for analyzing and monitoring system behaviour.
Automated Response
NO
Not really
SIEM Connection/Configuration
NO
Alternatives Considered
Stability, scalability, overall protection, time and cost-saving
Other Software Used
Products Replaced
No
Key Differentiators
  • Cloud Solutions
  • Scalability
  • Ease of Use
COST
Evaluation Lessons Learned
it's too difficult to evaluate any defender program if you are not a real security expert
Usability
6
Too complicated sometimes, doesn't explain the meaning of certain features or problems encountered.
Easy Tasks
  • set up
  • dashboard
Difficult Tasks
  • concept explanation
  • UI features
August 15, 2023

Microsoft 365 Defender: Microsoft knows cyber security threats!

Verified User
Advisor in Professional Services
Management Consulting Company, 1-10 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
I use Microsoft 365 Defender for my personal uses scanning the dark web and finding vulnerabilities, and addressing passwords that are leaked keys stored and information related to companies' data breaches, etc.
Pros and Cons
  • Showed me the # of data breaches I had and I found many errors
  • Showed me the name of the companies of the possible intruders
  • Showed the date and link to the website
  • Showed me the remediation options and actions to take to secure my account
  • Contact information of companies
  • Alerts I did not realize I had so many since being a Office 365 member and did not realize it was an option until Blackhat
  • I was breached last year and hope it does not happen again with this add on service
  • Good visibility is understandable was able to easily track the breaches where they came from and the potential risks on the first page.
Likelihood to Recommend
More visibility graphs would be nice from low to moderate to high risks
Return on Investment
  • So far so good
  • Was not aware it was an add on when I subscribed
Challenges Being Addressed
I did not realize it was an option to add until recently after getting hacked. :(
Adding VPN to mobile as well as web.
Automated Response
Not at this time just home use work LinkedIn social media feeds job boards market research purposes.
I am planning to keep this solution.
SIEM Connection/Configuration
No
Alternatives Considered
I registered and found everything that was going on in the past few years that I was not aware of could not find the source until now.
Usability
10
Found it easy to understand.
Return to navigation