Extremely versatile well integrated threat monitoring
September 19, 2023
Extremely versatile well integrated threat monitoring
Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft 365 Defender
We use Microsoft 365 Defender as part of our comprehensive security policy implementation and enforcement, device enrollment monitoring and compliance, threat detection and mitigation for end users (email filtering, active phishing mitigation etc.) across various comm channels (email, Teams, etc.), data loss prevention policies and enforcement as well as endpoint detection and response monitoring.
Pros
- Endlessly customizable and extensible.
- Excellent security 'scoring' and overviews.
- Plenty of pre-implemented security policies and templates to create new ones with common/suggested variables
Cons
- Learning curve is significant. If you don't have a reseller/implementation partner with a support contract you will be doing a lot of documentation reading.
- Tiered pricing means not every implementation gets every feature set.
- As with all MS365 admin portals, the web interact is extremely slow and often requires refreshes.
- The admin console often bounces you around between a bunch of different URLs and interfaces.
- It is cheaper to have it integrated into our Microsoft 365 contract rather than using/paying for a 3rd party EDR provider. We negotiated discounted pricing.
- Quantifiable blocked threats great for compliance training etc.
- Ability to scale up security policies allow us to advertise our DLP and compliance with clients.
Endpoint security and security compliance was always hard to implement and enforce with a mix of company owned and employee owned computers and devices. We had a mix of different systems to do what is essentially managed by Microsoft 365 Defender, Meraki for device management/profile enrollment, Google for email threat detection/mitigation and DLP/asset management, TrendMicro for endpoint security etc.
We have less systems to monitor/manage for security as a whole. The dashboard view and security scoring is a handy way to check out trends and get an overall snapshot of the status quo.
Yes. We mostly used the pre configured security policies and added some DLP type policies for containing and controlling PII across Sharepoint's and external sharing. That being said, the number of threats and responses/automatic healing etc. that we have actually had to deal with has thankfully been very low.
No. The only other systems we use that utilize SIEM are not integrated with Microsoft 365 Defender data primarily because we don't use Active Directory and don't have an on premises Windows server environment that really is necessary for that kind of integration. We are a Mac based shop and virtually every system we have is cloud based.
We liked the deep device integration and active threat monitoring for Sophos but ultimately we went with Microsoft 365 Defender integrated into our Microsoft 365 tenant because we could negotiate favorable pricing along with our 365 licensing. The additional expense of Sophos was not something we could justify in the budget.
Do you think Microsoft Defender XDR delivers good value for the price?
Yes
Are you happy with Microsoft Defender XDR's feature set?
Yes
Did Microsoft Defender XDR live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Microsoft Defender XDR go as expected?
Yes
Would you buy Microsoft Defender XDR again?
Yes
Comments
Please log in to join the conversation