Microsoft XDR, worth it?
Updated June 05, 2024
Microsoft XDR, worth it?
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Defender XDR
We use Microsoft Defender XDR mainly for threat detection and response to automatically block attacks, view and improve our security posture over our Microsoft 365 tenancy and for threat hunting for our endpoints, email and applications.
Microsoft Defender XDR helps us by reducing the complexity of security management with the use of AI to detect and remediate security risks.
Microsoft Defender XDR helps us by reducing the complexity of security management with the use of AI to detect and remediate security risks.
- Use of AI to detect threats
- Advanced threat protection
- Efficiency with automated investigation and remediation
- Interface is a little slow
- False positives can arise causing IT teams to investigate and wasting time/resources
- First set up is complex
- Licensing is a bit expensive for SMBs
Multiple security solutions were complex and time consuming, using Microsoft Defender XDR combines most of these making it more efficient for IT professionals to monitor risks.
Microsoft Defender XDR removes some of the manual processes involved with other security solutions with the use of AI, although not always completely accurate, it saves time and resources by monitoring and mitigating risks seamlessly.
Microsoft Defender XDR removes some of the manual processes involved with other security solutions with the use of AI, although not always completely accurate, it saves time and resources by monitoring and mitigating risks seamlessly.
As it is all accessible through the cloud portal, it means that there is no more confusion involved with which security platform you need to use for each case.
The automated response from Microsoft Defender XDR is quite good, however as it is AI based, there is always room for improvement. False positives do take time for the IT or security team to review, which could be reduced by an improvement to the AI used for detection and remediation.
No plans currently
Microsoft Defender XDR is more seamless than Sophos Intercept X as it is better integrated into the Microsoft 365 suite. Sophos Intercept X is a little bit cheaper per year than Microsoft Defender XDR though, and definitely worth looking into if you are looking for a security solution for your Microsoft 365 tenancy
Do you think Microsoft Defender XDR delivers good value for the price?
Yes
Are you happy with Microsoft Defender XDR's feature set?
Yes
Did Microsoft Defender XDR live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Microsoft Defender XDR go as expected?
I wasn't involved with the implementation phase
Would you buy Microsoft Defender XDR again?
Yes
Using Microsoft Defender XDR
3 - The people who use Microsoft Defender XDR in this business are the head of IT and the two IT Analysts to review incidents and respond to threats using automation. Microsoft Defender XDR is only used by the IT team in this business as they are the admins of the Microsoft 365 tenancy.
3 - The types of people and skills required to support Microsoft Defender XDR are:
Security Analysts - To monitor and analyse the security alerts, respond to incidents and conduct threat hunting.
IT Administrators - Responsible for deployment, configuration and maintenance of the security solutions across the IT used in the business
Security Analysts - To monitor and analyse the security alerts, respond to incidents and conduct threat hunting.
IT Administrators - Responsible for deployment, configuration and maintenance of the security solutions across the IT used in the business
- Threat detection and response
- Security posture management
- Incident response
- Integration in generative AI
- Automated security training for IT professionals
- Predictive threat intelligence