Microsoft 365 Defender Review
Updated September 20, 2023
Microsoft 365 Defender Review
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft 365 Defender
We use the 365 Defender tool and a few other 365 tools to monitor data in motion. We get triggers for emails that may have PCI data or card data on it. If the system intelligently thinks that this could be a positive, it quarantines that email, and sends a trigger alert to us so that we can review that email and determine if it contained PCI data, so that way we can scrub it. We can then send a violation notice to the team member who sent it and give them a coaching session so it doesn't happen again. We don't get very many repeat offenses, and it improves our security posture around managing PCI Data in our environment, specifically helps to keep it out of our environment. As far as the positive things, it reduces our PCI compliance scope quite greatly, which I'm very happy about. But on the downside we get too many false positives and one of the things that we tried to look at was trying to do a BIN range check, which supposedly is set up in the background, but we found cases where it wasn't properly detecting BIN ranges. So either the BIN range database was out of date or the process where it does check BINs did not work accordingly. So that's the downside that we had
Pros
- The triggering it does.
- The ease of approving or denying the quarantines
Cons
- We have found two historical instances where the system did not detect the data for whatever reason in the initial email, but then when the email got replied to it then detected it on the second time. So trying to figure out why it didn't detect it on the first time. Unfortunately, we were never able to figure it out with Microsoft technicians and it happened in two occasions within the past year. That leads us to believe that there could be other instances where the system also is not properly detecting PCI data when we expect it to.
- Purely positive. There are no negative aspects. We're able to detect data, we're able to stop it, we're able to scrub it and get rid of it, and we're able to keep it out of our environment, which is the sole purpose of the solution.
Because we already had a pre-existing solution, we just did a swap (one for one). So we didn't go from not having anything to then having Microsoft, we just swapped the product. So that unfortunately doesn't really apply in our situation.
No. We tried to and it wouldn't work. It wasn't able to properly detect whether a 16 digit number was a valid card number or not. We have to do that ourselves manually. The good thing is that we have refined our rules so we do not get many emails to research.
Unfortunately not we will have to keep it manual at least for PCI data. other data elements are automated and work as intended though.
I think our DLP team is in the process of doing that now. We're trying to centralize everything within Microsoft's cloud, so I think that's part of that structure, but I'm not a hundred percent sure.
Do you think Microsoft Defender XDR delivers good value for the price?
Not sure
Are you happy with Microsoft Defender XDR's feature set?
Yes
Did Microsoft Defender XDR live up to sales and marketing promises?
Yes
Did implementation of Microsoft Defender XDR go as expected?
Yes
Would you buy Microsoft Defender XDR again?
Yes
Comments
Please log in to join the conversation