Item: Microsoft Defender for Endpoint
Rating: 10
Author: Michael Miller

Overall Satisfaction with Microsoft Defender for Endpoint

Use Cases and Deployment Scope

We used Defender to replace Sophos. Being included as part of the Microsoft 365 package saved us the entirety of the cost of the previous provider. It also provides significantly more detailed security insights into our devices. Dashboard scores are used to help proactively respond to threats. The software also includes threat assessment to see all of the vectors an attacker would use.

Pros and Cons

Pros

Dashboard for threats.
Ease of installation.
Rapid response to threats.

Cons

PC reporting often lags behind, so scores remain unchanged longer than desired.
The portal interface changes regularly, moving objects and menus.
It needs a more defined client interface to resemble a traditional third-party antivirus.

Return on Investment

Was able to alert us to a malicious event overnight, tracking the incident end-to-end.
Gives management clear insight into the security footprint of the company.
Saved several thousand dollars a year in 3rd party antivirus costs.

Key Differentiators

Scalability
Integration with Other Systems
Ease of Use
Other

Our primary driving factor is always cost, and Defender is very cost-effective with its integration into Microsoft 365. The software was able to deliver the same results as our previous vendor while providing more value. Its integration with Intune and Exchange Online also allowed us to move on from a separate MDM and SPAM protection vendor. The results of which provided much more value and reliability than those services had offered.

Components

We utilize the Security Score to determine actions to take to protect our infrastructure better. We use the software for email and data protection. This includes email filtering and phishing campaign monitoring. We have integrated Defending with Intune to provide asset management. This identifies critical assets and high-risk devices with significant exposure.

Protection Scope

We are currently deployed to around 200 total PCs and servers. Our PCs are mostly Windows 11 with a few Windows 10 PCs that are in the process of being replaced. Our servers are entirely Windows-based, with most using Server 2019. We are not currently using Defender on mobile devices.

Alternatives Considered

Sophos Managed Detection and Response

Defender is far easier to deploy and manage than Sophos and tends to work without as many issues. The threat assessment portal provides an in-depth view of the organization's security posture, whereas Sophos only shows the patching status of the PCs. We did need Intune to get many of the control features (disabling USB drives) that Sophos offered out of the box.

Key Insights

Do you think Microsoft Defender for Endpoint delivers good value for the price?

Yes

Are you happy with Microsoft Defender for Endpoint's feature set?

Yes

Did Microsoft Defender for Endpoint live up to sales and marketing promises?

Yes

Did implementation of Microsoft Defender for Endpoint go as expected?

Yes

Would you buy Microsoft Defender for Endpoint again?

Yes

Other Software Used

Microsoft Intune, Microsoft Exchange Online Archiving, VMware vSphere

Likelihood to Recommend

Because of its integration with Windows, it is very easy to deploy and manage. Any IT department should be able to leverage the software and interface. The admin portal provides weighted recommendations that comprise the Secure Store, offering admins, security teams, and business owners valuable insights into their security footprint without requiring a strong security background. The software would be ideal for small and mid-sized businesses that cannot dedicate resources to security. Larger enterprises would also benefit, but may require the enhanced license.

Microsoft Defender for Endpoint Feature Ratings

Comments

Please log in to join the conversation

Defender is a more than viable antivirus protection solution.