Microsoft Defender for Endpoint Review.
May 20, 2024
Microsoft Defender for Endpoint Review.
Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Defender for Endpoint
It is used as what most people call an antivirus, a legacy antivirus, although we know it's an EDR. So, we want to cover most malware attacks on endpoints and understand the telemetry from different users, interconnecting with the vendor for Office 365 and some other platforms.
- It integrates perfectly with Azure Sentinel. I mean, that's great. We can have a single pane of class with other platforms, like Defender for Cloud, Defender for endpoints, and Defender for servers, which is awesome as well. The ease of deployment is because Microsoft made sure around a year ago that every single workstation with Microsoft Windows came with Defender for Endpoints embedded.
- So the fact that Defender for Endpoint still works with signatures is actually, I don't know, a little difficult for us because, I mean, since Microsoft trusts those signatures, you can easily inject code. And we've done it many times. To show that you can inject code through vulnerabilities like CV 2013, 99, and 33 but still keep the signature. So because of the trust of those signatures, the malware just kind of slides into the environment without Defender knowing. That's the first part. The second part is that the behavioral analysis is not precisely its Prime. It's not Defender's best capability for endpoints. So, Defender does not identify all behaviors considered by other EDRs in the market.
- It's awareness because while the vendor for endpoints cannot stop specific threats, you have the visibility that something else is going on, and that's much better than not having anything. So I mean, in the end, protection-wise, it has its areas of opportunity, but it's the awareness to say, company X customer, you need to do this, though the response is very manual.
- Ease of Use
In this case, it was ease of deployment. Now, we don't buy it per se. We actually manage it for customers. Since most Microsoft subscriptions are bought by the customers themselves, we manage them, but we don't buy them and then resell them. We don't work like that.
Well, we're tying it to Sentinel and via Sentinel. We're actually using Logic apps, playbooks, and books. We're using advanced investigation, threat analytics, and many others. But really, the fact that it can integrate with Sentinel in a single pane of glass is a game changer for us.
I would say that around 300k and within our company, probably 80K.
Do you think Microsoft Defender for Endpoint delivers good value for the price?
Yes
Are you happy with Microsoft Defender for Endpoint's feature set?
No
Did Microsoft Defender for Endpoint live up to sales and marketing promises?
Yes
Did implementation of Microsoft Defender for Endpoint go as expected?
Yes
Would you buy Microsoft Defender for Endpoint again?
Yes