Microsoft Defender for Endpoint Review
August 09, 2024

Microsoft Defender for Endpoint Review

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Microsoft Defender for Endpoint

The use cases are both the use of IT internally as well as doing some managed security service, some managed soc. A lot of it's just taking that telemetry and from Defender for Endpoint, using it for threat hunting. We take some alerts off of it, too. I think the biggest value of it is really the threat hunting.

Pros

  • One, it's crazy lightweight, so compared to some of the competitors that we also have used with our security services, it's really lightweight and so I don't have a lot of overhead on the system that it's running on.
  • It does really fantastic PowerShell integration.

Cons

  • If I'm being frank, I don't think that the reporting in the native UI is particularly intuitive for most users. Most of the reports that we run, we end up having to use PowerShell to run.
  • I don't feel like in a lot of cases I have to code, I shouldn't have to program something to get an answer out of the platform. And so compared to competitors, I think it's a place that has a lot of room for improvement.
  • I don't know that it's had any. I guess positive: it's an EDR and you have to run one today.
  • Other
It's bundled licenses. So most of our work at Hunter is a large amount of work with organizations that are on GCCI, which is the special Microsoft 365 cloud. They already have licenses for this, so cost is the number one. Or for the folks that aren't already that license level, we can bump them to that way cheaper than we can buy another standalone product. So bundled licensing is probably it.
We write our own analytics, so we're querying the telemetry. The defender for endpoint is generating the query functionality.
CrowdStrike Falcon, and Sentinel One are other big ones that we use a bit. Cisco Secure Endpoint we've evaluated as well. Cisco Secure Endpoint capability-wise doesn't match up to Defender, SentinelOne, and CrowdStrike both do, but the cost profiles are a bit higher. So most of the clients that we work with already have Microsoft 365 licensing. So typically it becomes a cost consideration for deploying Defender for Endpoint.

Do you think Microsoft Defender for Endpoint delivers good value for the price?

Yes

Are you happy with Microsoft Defender for Endpoint's feature set?

Yes

Did Microsoft Defender for Endpoint live up to sales and marketing promises?

Yes

Did implementation of Microsoft Defender for Endpoint go as expected?

Yes

Would you buy Microsoft Defender for Endpoint again?

Yes

I think it's well suited as a drop-in EDR, really an XDR, I guess if you want to go there. A platform for most organizations. I think it lacks some of the granularity in off-the-shelf rule sets that I want for defense Industrial base or financial services clients. For heavily targeted organizations, I think it requires a lot more customization than some of the competitor products off the shelf. So if you get there, it's not there day one.

Microsoft Defender for Endpoint Feature Ratings

Endpoint Security
Not Rated
Anti-Exploit Technology
Not Rated
Endpoint Detection and Response (EDR)
Not Rated
Centralized Management
Not Rated
Infection Remediation
Not Rated
Vulnerability Management
Not Rated
Malware Detection
Not Rated

Comments

More Reviews of Microsoft Defender for Endpoint

  1. Home
  2. Endpoint Security Software
  3. Microsoft Defender for Endpoint Reviews
  4. User Review of Microsoft Defender for Endpoint