Microsoft Defender XDR Review
May 05, 2025
Microsoft Defender XDR Review
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Defender XDR
So in general, the idea of Defender XDR is to bring the security signals of the different areas together so that you have events on the client, on the user identity and this all needs to come together so that you have the full view so that you can easily see if there is an issue with the security configuration or if there is something actively going on. So I'm owning part of these applications in our company, so I'm responsible for everything, access control and all these things truly ensure that we have everything configured so that we get all the data we need to then run the analytics on it.
Pros
- If you stay on the XDR endpoint management part, it collects really a lot of data from the endpoints. So it is not only a security tool, it is also helpful for operations. So if some user on the other half of the world has an issue, business machines, I do not necessarily rely anymore to have a connection to the client to find some log and audit things on the local machine because everything is in the cloud. I can do run the analytics right there to see really. But from user perspective really it's just an operational point of view. So he opened a website but was not able to access something, it was blocked by some firewall, all these things and so this is not only really security tool is really day-to-day tool use. Also by operations.
Cons
- This is a general discussion we have in that best of suite approach so that sometimes even if deliver all Microsoft products and even if we live in the same console, we are not really talking to each other. So users and devices have different ID identities. So that means just because I see insecurity somewhere that there is an issue. I can in general, and it is a good point, create a task for the team that is doing client management, but it comes with totally the wrong identities because in the security world and the identity world and then the client management, the same device has three different identities. So the other team always need to do something, they need to have some conversion. That is of course bad. If these systems know each other, we should have a better understanding of the other part, the other product.
Really to have that overall view of events, configurations from the different parts like identity offers, client management and all these things to bring all this together because it just lived in differents and was hard to combine.
It makes it easier on an entry level because prior to that you really had to have a lot of knowledge in different parts including KQL as a scripting level to bring these things together. So now it is more native integrator, so even if you are not up for scripting KQL, you can achieve a lot Achieve just out of the ux.
We only use a DR on part of our systems, so we are still learning corporate.
Yeah, already on that unified so platform, so it is already integrated because we have quite difficult situation on everything. What is data slicing and these things? So unified is definitely the part
Our product in that area, for instance as a security platform and for us it is for the moment really bad point. We started to move in that direction that there is that disconnect from the client management. So if there is some action that needs to be executed detected by security team, there is not an easy way to make that available to the team that is responsible for managing the identities as users, as the devices.
Do you think Microsoft Defender XDR delivers good value for the price?
Yes
Are you happy with Microsoft Defender XDR's feature set?
No
Did Microsoft Defender XDR live up to sales and marketing promises?
Yes
Did implementation of Microsoft Defender XDR go as expected?
I wasn't involved with the implementation phase
Would you buy Microsoft Defender XDR again?
Yes
Comments
Please log in to join the conversation