Defender 365 - One solution to defend them all.
October 26, 2023
Defender 365 - One solution to defend them all.
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft 365 Defender
Microsoft 365 Defender is the complete solution for our cloud infrastructure. It is used as a multi-layered security solution that protects our mail platform, identities, applications, and data all in one platform. The zero-trust approach is built upon this solution in combination with conditional access policies. The Defender portal is the main portal for security, research, and mitigation of incidents.
- Fully integrated solution in one portal.
- Advanced products that are developing at a high pace.
- Defender for Identity is a perfect solution for protecting hybrid identity solutions.
- Correlate incident data across all Defender products.
- Extremely powerful KQL query language.
- IP Geolocation is not the best part; it must be improved.
- The interface of Defender is not always intuitive.
- More options to tune detections in order to decrease false positives.
- Single solution for a multi-layered approach.
- More incidents and threats detected.
- The infrastructure is monitored from beginning to end.
- Low-impact op end users.
The most challenging part for security teams is that when all tools are implemented, you have to know how to act on the incidents, do the right research, and correlate the right data together. This can take some time, and it is advisable to ask the help of a security partner to get up to speed with this.
Security monitoring becomes more easy since there is just a single pane of glass to manage. Fewer people are needed to do the monitoring of all the products. Since the integration is very good and KQL is used in all products, it is very efficient to use.
Partly in Defender for endpoint, but most automatic response is done with Sentinel SOAR functionality. In my opinion, Sentinel is the better platform for this.
Most automation will be moved towards Sentinel.
Yes, this is extremely easy. All alerts are free to ingest; watch out for the raw data because this is billed. Sentinel and Defender 365 go hand in hand; everyone can do the basic configuration. Even the basic alert rules are already available for Defender.
Do you think Microsoft Defender XDR delivers good value for the price?
Yes
Are you happy with Microsoft Defender XDR's feature set?
Yes
Did Microsoft Defender XDR live up to sales and marketing promises?
Yes
Did implementation of Microsoft Defender XDR go as expected?
Yes
Would you buy Microsoft Defender XDR again?
Yes