Item: Microsoft Defender for Endpoint
Rating: 7
Author: Verified User

Use Cases and Deployment Scope

It is used as what most people call an antivirus, a legacy antivirus, although we know it's an EDR. So, we want to cover most malware attacks on endpoints and understand the telemetry from different users, interconnecting with the vendor for Office 365 and some other platforms.

Pros and Cons

It integrates perfectly with Azure Sentinel. I mean, that's great. We can have a single pane of class with other platforms, like Defender for Cloud, Defender for endpoints, and Defender for servers, which is awesome as well. The ease of deployment is because Microsoft made sure around a year ago that every single workstation with Microsoft Windows came with Defender for Endpoints embedded.

So the fact that Defender for Endpoint still works with signatures is actually, I don't know, a little difficult for us because, I mean, since Microsoft trusts those signatures, you can easily inject code. And we've done it many times. To show that you can inject code through vulnerabilities like CV 2013, 99, and 33 but still keep the signature. So because of the trust of those signatures, the malware just kind of slides into the environment without Defender knowing. That's the first part. The second part is that the behavioral analysis is not precisely its Prime. It's not Defender's best capability for endpoints. So, Defender does not identify all behaviors considered by other EDRs in the market.

Return on Investment

It's awareness because while the vendor for endpoints cannot stop specific threats, you have the visibility that something else is going on, and that's much better than not having anything. So I mean, in the end, protection-wise, it has its areas of opportunity, but it's the awareness to say, company X customer, you need to do this, though the response is very manual.

Key Differentiators

Ease of Use

In this case, it was ease of deployment. Now, we don't buy it per se. We actually manage it for customers. Since most Microsoft subscriptions are bought by the customers themselves, we manage them, but we don't buy them and then resell them. We don't work like that.

Components

Well, we're tying it to Sentinel and via Sentinel. We're actually using Logic apps, playbooks, and books. We're using advanced investigation, threat analytics, and many others. But really, the fact that it can integrate with Sentinel in a single pane of glass is a game changer for us.

Protection Scope

I would say that around 300k and within our company, probably 80K.

Key Insights

Do you think Microsoft Defender for Endpoint delivers good value for the price?

Yes

Are you happy with Microsoft Defender for Endpoint's feature set?

Did Microsoft Defender for Endpoint live up to sales and marketing promises?

Yes

Did implementation of Microsoft Defender for Endpoint go as expected?

Yes

Would you buy Microsoft Defender for Endpoint again?

Yes

Likelihood to Recommend

What Microsoft does great at the market or business level is that once you buy a subscription to E three and E five, you already have a certain number of endpoints to be covered by this technology. And since it's very easy to deploy because you only need to turn on certain capabilities, the ease of deployment is just amazing right now. When it comes to protection, that's where things need to improve.

Microsoft Defender for Endpoint Review.

Overall Satisfaction with Microsoft Defender for Endpoint