Extremely versatile well integrated threat monitoring
September 19, 2023

Extremely versatile well integrated threat monitoring

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with Microsoft 365 Defender

We use Microsoft 365 Defender as part of our comprehensive security policy implementation and enforcement, device enrollment monitoring and compliance, threat detection and mitigation for end users (email filtering, active phishing mitigation etc.) across various comm channels (email, Teams, etc.), data loss prevention policies and enforcement as well as endpoint detection and response monitoring.

Pros

  • Endlessly customizable and extensible.
  • Excellent security 'scoring' and overviews.
  • Plenty of pre-implemented security policies and templates to create new ones with common/suggested variables

Cons

  • Learning curve is significant. If you don't have a reseller/implementation partner with a support contract you will be doing a lot of documentation reading.
  • Tiered pricing means not every implementation gets every feature set.
  • As with all MS365 admin portals, the web interact is extremely slow and often requires refreshes.
  • The admin console often bounces you around between a bunch of different URLs and interfaces.
  • It is cheaper to have it integrated into our Microsoft 365 contract rather than using/paying for a 3rd party EDR provider. We negotiated discounted pricing.
  • Quantifiable blocked threats great for compliance training etc.
  • Ability to scale up security policies allow us to advertise our DLP and compliance with clients.
Endpoint security and security compliance was always hard to implement and enforce with a mix of company owned and employee owned computers and devices. We had a mix of different systems to do what is essentially managed by Microsoft 365 Defender, Meraki for device management/profile enrollment, Google for email threat detection/mitigation and DLP/asset management, TrendMicro for endpoint security etc.
We have less systems to monitor/manage for security as a whole. The dashboard view and security scoring is a handy way to check out trends and get an overall snapshot of the status quo.
Yes. We mostly used the pre configured security policies and added some DLP type policies for containing and controlling PII across Sharepoint's and external sharing. That being said, the number of threats and responses/automatic healing etc. that we have actually had to deal with has thankfully been very low.
No. The only other systems we use that utilize SIEM are not integrated with Microsoft 365 Defender data primarily because we don't use Active Directory and don't have an on premises Windows server environment that really is necessary for that kind of integration. We are a Mac based shop and virtually every system we have is cloud based.
We liked the deep device integration and active threat monitoring for Sophos but ultimately we went with Microsoft 365 Defender integrated into our Microsoft 365 tenant because we could negotiate favorable pricing along with our 365 licensing. The additional expense of Sophos was not something we could justify in the budget.

Do you think Microsoft Defender XDR delivers good value for the price?

Yes

Are you happy with Microsoft Defender XDR's feature set?

Yes

Did Microsoft Defender XDR live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Microsoft Defender XDR go as expected?

Yes

Would you buy Microsoft Defender XDR again?

Yes

If you are running a Microsoft 365 exclusive shop (email/calendar/teams/sharepoint/onedrive) then the level of integration is hard to beat. Automatic enrollment for all users and a standard set of tenant level security policies are the baseline and can be customized up from there. Optional EDR and device enrollment/enforcement is ideal for company owned devices. Ideally you would be working with an implementation partner to work on customized security policies and threat monitoring/mitigation because the sheer breadth of options and the iffy interface make it very challenging.

Comments

More Reviews of Microsoft Defender XDR