Item: Microsoft Defender for Endpoint
Rating: 8
Author: Verified User

Use Cases and Deployment Scope

Microsoft Defender for Endpoint is an excellent EDR solution that integrates very well with the XDR products in Sentinel. It is used as an AV and EDR solution for all endpoint devices based on different operating systems. All servers are protected as well by using the Defender for Cloud licensing. The product is part of a multi-layered security solution based on all the Microsoft Defender products and Sentinel. All incidents are handled in the Defender portal.

Pros and Cons

One of the strong points is that AI is tightly integrated into the platform, which leads to excellent detection.
Vulnerability management is very useful for assessing tracking, and mitigating threats across all protected devices.
KQL integration is very good.

Licensing between Defender for Endpoint and Servers is complicated.
Deployment has improved but is not really streamlined. There is no single installer available and no single way of deploying settings.
The Defender portal is rich in information but can be complicated to use.

Return on Investment

Less license costs because of integration.
Better detection of threats and vulnerabilities.
Deployment was not always very smooth and took some time to become reliable.

Key Differentiators

Scalability
Integration with Other Systems

Microsoft Defender for Endpoint is a service that scales very well, be it in size or in different locations. The integration part is the biggest driver for choosing Defender for Endpoint, especially since the M365 platform is in use.

Components

EDR, Auto investigation & remediation Threat & Vulnerability Management Attack Service Reduction rules Secure Score for Devices Network Discovery. Basically, all features for clients are managed with Intune as MDM; Servers are managed with Azure Policy and GPO. Linux machines have custom scripting for deployment.

Protection Scope

Around 60 clients (Windows/Mac), 20 server workloads (Windows and 5 Linux systems.

Key Insights

Do you think Microsoft Defender for Endpoint delivers good value for the price?

Yes

Are you happy with Microsoft Defender for Endpoint's feature set?

Yes

Did Microsoft Defender for Endpoint live up to sales and marketing promises?

Yes

Did implementation of Microsoft Defender for Endpoint go as expected?

Would you buy Microsoft Defender for Endpoint again?

Yes

Likelihood to Recommend

Defender for Endpoint is an excellent choice for companies that work with a Microsoft-based platform. The endpoint does not need to be specific Windows-based, but it is very helpful when Entra is used in combination with other Defender products. That way, you can aim for a multi-layered approach based on zero trust. Sentinel is not essential but a great addition to the platform for incident management and offering longer retention. Small companies should look at ways to outsource the investigation of incidents to specialized companies; the learning curve for proper analysis is pretty steep.

Defender for Endpoint - First class EDR and more.

Overall Satisfaction with Microsoft Defender for Endpoint