Skip to main content
TrustRadius
Microsoft Defender XDR

Microsoft Defender XDR
Formerly Microsoft 365 Defender

Overview

What is Microsoft Defender XDR?

Microsoft 365 Defender combines SIEM and XDR capabilities for Microsoft 365 environments, encompassing threat detection, post-breach detection, automated investigation, and response for endpoints. Additionally, it protects cloud apps, emails and documents, and employee identities.

Read more
Recent Reviews

Defender XDR Review

7 out of 10
May 17, 2024
Incentivized
We use the product to secure our endpoints, and by using the XDR suite, we're also securing our email and securing our cloud environment …
Continue reading

Microsoft Defender XDR

10 out of 10
February 06, 2024
Microsoft Defender XDR is mainly responsible for the detection and handling of Phishing related emails. Microsoft Defender XDR is also …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons
Anirudh Srinivas
Lead Enterprise Architect
Kyndryl (Information Technology & Services, 10,001+ employees)
Verified User
Engineer in Information Technology
Information Technology & Services Company, 201-500 employees
Return to navigation

Pricing

View all pricing
Microsoft Defender XDR

Microsoft Defender XDR

N/A
Unavailable

What is Microsoft Defender XDR?

Microsoft 365 Defender combines SIEM and XDR capabilities for Microsoft 365 environments, encompassing threat detection, post-breach detection, automated investigation, and response for endpoints. Additionally, it protects cloud apps, emails and documents, and employee identities.

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.microsoft.com/en…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

30 people also want pricing

Alternatives Pricing

Kaspersky EDR Expert

Kaspersky EDR Expert

$52.30
3-year commitment, calculated per year per endpoint
What is Kaspersky EDR Expert?

Kaspersky Endpoint Detection and Response (EDR) Expert provides endpoint protection, advanced detection, threat hunting and investigation capabilities and multiple response options in a single package. It is an EDR solution for IT security teams with more mature incident response processes,…

Return to navigation

Product Demos

Getting started with Microsoft 365 Defender

YouTube
Return to navigation

Product Details

What is Microsoft Defender XDR?

For SecOps, XDR with incident-level visibility across the kill chain for automatic disruption of sophisticated attacks and accelerated response across endpoints, identities, email, collaboration tools, cloud applications, and data.


Endpoints: Discovers and secures endpoint and network devices across a multiplatform enterprise.

Identities: Manages and secures hybrid identities and simplifies employee, partner, and customer access.

Cloud apps: Visibility, control, and threat detection across cloud services and apps.

Email and collaboration tools: Protects email and collaboration tools from advanced threats, such as phishing and business email compromise.

Microsoft Defender XDR (formerly Microsoft 365 Defender) combines SIEM and XDR capabilities for Microsoft 365 environments, encompassing threat detection, post-breach detection, automated investigation, and response for endpoints. Additionally, it protects cloud apps, emails and documents, and employee identities.

Microsoft Defender XDR Features

  • Supported: Endpoints: Discovers and secures endpoint and network devices across a multiplatform enterprise.
  • Supported: Identities: Manages and secures hybrid identities and simplifies employee, partner, and customer access.
  • Supported: Cloud Apps: Offers visibility, controls data, and detects threats across cloud services and apps.
  • Supported: Email & Collaboration tools: Protects email and collaboration tools from advanced threats, such as phishing and business email compromise.

Microsoft Defender XDR Screenshots

Screenshot of AH Advanced ModeScreenshot of AH Guided modeScreenshot of CD exampleScreenshot of CD Supported actions

Microsoft Defender XDR Competitors

Microsoft Defender XDR Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Microsoft 365 Defender combines SIEM and XDR capabilities for Microsoft 365 environments, encompassing threat detection, post-breach detection, automated investigation, and response for endpoints. Additionally, it protects cloud apps, emails and documents, and employee identities.

CrowdStrike Falcon, Sophos Intercept X, and Symantec Endpoint Security are common alternatives for Microsoft Defender XDR.

Reviewers rate Usability and Support Rating highest, with a score of 8.

The most common users of Microsoft Defender XDR are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(145)

Attribute Ratings

Reviews

(1-3 of 3)
Companies can't remove reviews or game the system. Here's why
June 05, 2024

Microsoft 365 Defender has come a long ways, becoming a top shelf product

Verified User
Engineer in Information Technology
Information Technology & Services Company, 201-500 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
we use this as the front line of defense and then use Huntress as the add on to get the optimal settings and config and reporting to give better insight into what is going on and how to remediate the issues. Microsoft 365 Defender has come a long way and certainly at this point a great firstline
Pros and Cons
  • built in, ready to go
  • easy for complicancy
  • one stop shop
  • reporting
  • config
Likelihood to Recommend
stand alone it does a pretty good job, out of the gates they were slow to get things right but over time they got it better and getting better as time goes by. In my opinion, the areas that fall short is the reporting and remediations that are needed. once they get better at this, we can look at this as a stand alone product to end point management
Return on Investment
  • positive, has become a strong product over time
  • built in to windows so there is no need to remove or stop it
  • one less thing to install / remove
Challenges Being Addressed
Out of the gates, was not the best and took a while to get it where it's is now but continues to make huge strides and is a good challenger for top shelf for endpoint management.
easier to roll out and manage, built in to windows OS so one less thing to install or roll out. no need for tokens or special installers
Automated Response
not directly, we use huntress as the reporting and config portion as the maturity of the product as it is now is does not meet our needs. i am sure they will develop this to include more features for management of this.
not at the momment, as it's not mature enough to use as a stand alone. we have coupled it with huntress.
SIEM Connection/Configuration
yes another SIEM, was dead simple to config and all data is pushed up and we get it all monitored and alerts sent to use.
Alternatives Considered
beats cylance protect, crowstrike is solid but at a costly product
cannot use kapersky due to embargo
norton not good enough now
Other Software Used
Users and Roles
450
all walks, from front line staff to executives. we deploy this to every endpoint by default. no one escapes from having this installed on the corporate device by policy and reinstalls if removed. Fill as many gaps as possible so that we try to have complete and wide as possible coverage for threat protection.
Support Headcount Required
6
we have 6 FTE for internal, but 2 are dedicated to security. we have over lapping roles so that we have extended coverage so that we all are on top of this important asset.
Business Processes Supported
  • built in to windows so, so it should be ideal for the product
  • no excuse not to have it
  • not perfect but we add a 3rd party to beef things up
Innovative Uses
  • able to offset some of the costs to the 3rd party tool
Future Planned Uses
  • not sure
Likelihood to Renew
9
had a rough start but matured and a decent product. will keep seeing how it grows and fits into our ecosystem of protection
Products Replaced
Yes
cyclance protect
Key Differentiators
  • Scalability
  • Integration with Other Systems
  • Ease of Use
built in so scalability is a no brainer
Evaluation Lessons Learned
work closer with MSFT partner to get more insight into some roll out ideas
Implementation Rating
9
seemless and almost transparent. can be deployed by script if needed so every endpoint on our system get's it. if you have intune it gets dumped on the the endpoint by policy so nothing escapes it.
Implementation Details / Implementation Partner
  • Implemented in-house
Implementation Phases
No
Change Management Lessons
Change management was a small part of the implementation and was well-handled
get it rolled out in our dev environement, tested on a few users then once UAT accepted and no issues or noted the issues rolled out on mass
Implementation Issues
  • people leaving their devices on
Support Rating
8
easy to contact, and provides call back within the hour to help look at the issue. not immediate but need to make time to pick up the call and work on their time line
Premium Support
comes with our subscription so there is no added costs
Bug Resolution
No
Exceptional Examples of Microsoft Defender XDR Support
generally average or just above average support, there was once a licensing support issue that they went above and beyond to help resolve the reporting error in the portal caused a huge error and the support went above and beyond to quickly get it sorted out
Usability
9
integrated with windows OS, so pre installed and no mucking around afterwards
Easy Tasks
  • no need to install, all machines that are rolled out have it
  • no need to find installers or tweak settings
Difficult Tasks
  • poor reporting
  • poor remediations
June 04, 2024

MS 365 Defender plays good defense!

Verified User
Consultant in Information Technology
Information Technology & Services Company, 1001-5000 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
MS Defender protects all our company files, email and archives. It prevents any potential virus from being loaded and spread across our people and our organization. Links are blocked and suspicious content is controlled from loading automatically.
Pros and Cons
  • identifies threats
  • detects attacks and suspicious activity
  • protects devices
  • lacks protection against malicious websites
  • vulnerability to unknown virus
Likelihood to Recommend
It is well suited for automated investigation features, to waste less time detecting problems and resolve them automatically. It also auto-heals damaged assets. This applies to all, and only, the MS Suite products which already have in-build security features, but for external products the things get a bit more complicated and MS 365 Defender might not be the best solution.
Return on Investment
  • consolidates necessary security measures
  • cost savings
  • time saving
Challenges Being Addressed
Threat detection, email security, endpoint security, and securing the Office package
The solution is used to create policies for anti-spam, anti-malware, and anti-phishing, as well as for analyzing and monitoring system behaviour.
Automated Response
NO
Not really
SIEM Connection/Configuration
NO
Alternatives Considered
Stability, scalability, overall protection, time and cost-saving
Other Software Used
Users and Roles
30
People who mainly work in IT such as IT managers, tech leads, cloud architects, global administrators, and security administrators.
Support Headcount Required
Not sure
Business Processes Supported
  • Prevent security risks
  • Detect and suspend user intrusions
  • Investigate compromised users and connections
Innovative Uses
  • Simulation of attacks with the Microsoft Defender portal
  • Endpoint attacks: tutorials and simulations
  • Simulated intranets
Future Planned Uses
  • Network security certifications
Likelihood to Renew
8
Our IT people say it's an essential tool to provide security and analysis and perform quickly on what matters the most to our clients: security and data protection.
Products Replaced
No
Key Differentiators
  • Cloud Solutions
  • Scalability
  • Ease of Use
COST
Evaluation Lessons Learned
it's too difficult to evaluate any defender program if you are not a real security expert
Support Rating
5
IDK
Premium Support
No knowledge of this
Bug Resolution
No
Exceptional Examples of Microsoft Defender XDR Support
I am not involved in the support and problem solving matters.
Usability
6
Too complicated sometimes, doesn't explain the meaning of certain features or problems encountered.
Easy Tasks
  • set up
  • dashboard
Difficult Tasks
  • concept explanation
  • UI features
August 15, 2023

Microsoft 365 Defender: Microsoft knows cyber security threats!

Verified User
Advisor in Professional Services
Management Consulting Company, 1-10 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
I use Microsoft 365 Defender for my personal uses scanning the dark web and finding vulnerabilities, and addressing passwords that are leaked keys stored and information related to companies' data breaches, etc.
Pros and Cons
  • Showed me the # of data breaches I had and I found many errors
  • Showed me the name of the companies of the possible intruders
  • Showed the date and link to the website
  • Showed me the remediation options and actions to take to secure my account
  • Contact information of companies
  • Alerts I did not realize I had so many since being a Office 365 member and did not realize it was an option until Blackhat
  • I was breached last year and hope it does not happen again with this add on service
  • Good visibility is understandable was able to easily track the breaches where they came from and the potential risks on the first page.
Likelihood to Recommend
More visibility graphs would be nice from low to moderate to high risks
Return on Investment
  • So far so good
  • Was not aware it was an add on when I subscribed
Challenges Being Addressed
I did not realize it was an option to add until recently after getting hacked. :(
Adding VPN to mobile as well as web.
Automated Response
Not at this time just home use work LinkedIn social media feeds job boards market research purposes.
I am planning to keep this solution.
SIEM Connection/Configuration
No
Alternatives Considered
I registered and found everything that was going on in the past few years that I was not aware of could not find the source until now.
Usability
10
Found it easy to understand.
Return to navigation