Microsoft 365 Defender has adapted and shifted with the scope of cloud computing
September 25, 2023
Microsoft 365 Defender has adapted and shifted with the scope of cloud computing
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft 365 Defender
365 Defender has come to mean much more than traditional Microsoft Defender did when it was a pseudo antivirus. As an IT provider, we leverage Defender for the any Office 365 cyber security customer to prevent, detect, and remediate threats to their cloud email platform. Defender folds into our MSSP offering as a layer of both proactive and reactive approaches. It is intelligent and always shifting, which can be both an asset and a challenge.
- Detects and stops threats incoming to 365
- Provides customization and throttling of detection engine
- Provides an overall score to illustrate gaps in protection
- Changes to the intelligent agent sometimes yield false positives
- Many times there are all or nothing options when it comes to protection
- Exchange message trace is not as effective or accurate since Microsoft moved to the Cloud
- Depending on the licensing you pay for, Defender is included and a great ROI cost wise
- In terms of time spent, Defender can be a large time suck but yield positive results for end users
- Generally, it pays to learn and train in Defender BEFORE there is a problem and you need to really use it.
Before Defender is what it is now, as an IT Provider, more of the weight was on the third party spam filters and tools we traditionally utilized for all email clients. Microsoft has done an overall good job of building protection layers into their services. Getting third party tools to play nice with a provider like Microsoft used to be straightforward, but with how quickly these services and Microsoft change, it can be trouble at times.
Microsoft Defender 365 has caused us to adapt, and to always begin with the built in Microsoft tools and build outward. This does not mean we are beholden to Microsoft and not using third party services, but Defender has to be considered when backing any changes to the 365 tenant.
No, we have not begun to use it at this time.
Yes, this is a feature that can provide potential protection and catch issues faster than we have been, but we prefer to vet things over a period of time before implementing.
We utilize a third party SIEM with many clients and more or less follow the steps with respect to Azure and Defender. This is not difficult once you have established a process. The discovery and testing period was several months, however, mainly due to our approach of baby steps and not wanting to disrupt our client workflows and productivity.
We have used and find great value with competitors to Microsoft 365 Defender. Many of these services were utilized before customers began the total cloud shift that has been seen with certain industries. It is difficult to compare these products apples to apples. What I will say is that Microsoft has a steeper learning curve, and suffers from frequent enough rebranding and renaming of services, but it is often included in licensing that many companies need or wind up purchasing. Third party competitors come at an additional cost, but can remediate the burden of learning as they are typically user friendly in comparison.
Do you think Microsoft Defender XDR delivers good value for the price?
Yes
Are you happy with Microsoft Defender XDR's feature set?
Yes
Did Microsoft Defender XDR live up to sales and marketing promises?
Yes
Did implementation of Microsoft Defender XDR go as expected?
No
Would you buy Microsoft Defender XDR again?
Yes