Microsoft Defender for Endpoint Information Reviews & Insights

In our organization, we use Microsoft Defender for Endpoint to protect against malware, phishing, and other advanced threats. It provides real-time threat detections and automated remediations. This application assists us in improving endpoint compliance and centralized control.

Microsoft Defender for Endpoint works very well in the Microsoft ecosystem, especially in the Windows environment, with integrated tools like Intune policy management and Enterprise ID. It has some compatibility issues on MAC and Linux OS.

We used Defender to replace Sophos. Being included as part of the Microsoft 365 package saved us the entirety of the cost of the previous provider. It also provides significantly more detailed security insights into our devices. Dashboard scores are used to help proactively respond to threats. The software also includes threat assessment to see all of the vectors an attacker would use.

Because of its integration with Windows, it is very easy to deploy and manage. Any IT department should be able to leverage the software and interface. The admin portal provides weighted recommendations that comprise the Secure Store, offering admins, security teams, and business owners valuable insights into their security footprint without requiring a strong security background. The software would be ideal for small and mid-sized businesses that cannot dedicate resources to security. Larger enterprises would also benefit, but may require the enhanced license.

Usually we are deploying Defender for Endpoint as an endpoint XDR tool. We're replacing an existing tool, so that is going to be a deployment in passive mode first, which is easy. Then we uninstall the legacy tool and we move this one to active mode and it takes over as your XDR. The reasons we're doing that is cost. Sometimes it is just better protection.

I would say organizations that are primarily Windows based, definitely very appropriate where they're moving from a legacy antivirus solution or older XDR tool to a more modern one, definitely well suited. Where it's more challenging is where you've got a mixed environment of let's say a lot of Mac users, a lot of Linux users, and although those platforms are supported by Defender for Endpoint, it's harder to deploy. Depending on the quantity of Mac in a client environment for example, sometimes it's a lot more challenging to deploy than if you have like 10,000 Windows PCs and 100 Mac, that's easy, but if you have 5,000 Macs, it's a lot harder.

It is providing a way to secure our device across multiple platforms like windows Linux and iot devices it scan all the files and protect against the harmful and suspicious virus it automatically monitor and analyse the files and protect our system it acts as a antivirus to the system which increases the platform efficiency.

It is a well and advance tool for protecting our device from the virues and also helps to investigate the threads which helps us to fixing the problem as soon as possible without getting crash also it provides immediate response and alerts to the user if anything found in the system along with that they support multiple platforms which is very good part of this software

So we have suggested the Microsoft Defender for Endpoint for supporting and protecting the client's endpoint, so that's a complete C-Suite, Microsoft Suite we have implemented.

So it's well it's a financial services client, so for them protecting the endpoints like the servers, computers, mobile devices, was a key priority so that we have implemented a complete Microsoft Suite. So it's all in one with interface. No scenarios where it's less appropriate. Nothing specific on top of mind. The client is fine.

We have been using Microsoft Defender for Endpoint to augment our cybersecurity processes by protecting our network for advanced threats and attacks, this product helps with critical bussiness problems like malware, spyware, philsing, data breaches, and it provides a real time detection and response, with the signature of Microsoft products, we have been grateful for its perfomance in our organization, and it has ensured that all our devices are secure, free of viruses, and minimized cybersecurity risks in our networks.

This product is well suited for organizations that need comprehensive threat detection and resppnse across multiple endpoints, ensuring robust security and protection against malware, spyware, philsing attacks. It could be less appropiate for small business with limited IT resources, and its features and complexity sometimes could be overwhelming for inexperienced security teams.

Currently we use the EDR product together with Entra ID and we also use it as a third-party EDR product. And normally what happens is we use Defender as an audit tool and login tool. So whenever there is an incident raised in any means by security products, which can be Defender or another product, we use the extended capabilities of auditing and logging of Defender to drill down and see what the user has to face and identify what the problem is. Then we contact the user and we try to help them.

Well, I just say that, so you are a Microsoft shop, there is no reason not to install it. You should definitely have it.

Defender for Endpoint provides a platform that allows our analysts to quickly and accurately answer important questions during investigations.Most importantly, by simulating these capabilities in the API, we can more efficiently provide high-quality detection and response based on the Defender for Endpoint platform. Microsoft Defender ATP mainly has built-in Threat & Vulnerability Management (TVM), which is a risk-based approach to discover, prioritize and repair vulnerabilities and incorrect configurations of each endpoint to prevent current and future threats and vulnerabilities! TVM can effectively identify, assess and repair endpoint defects, and at the same time score the enterprise's vulnerability level. Therefore, it is very important for IT personnel to implement computer security and health plans and reduce risks to the company's organization.

Microsoft defender for endpoint has helped me prevent my organization network from malwares, ransomware etc. We have also used it in incidence response. For a possible breach we are using defender for Endpoints to quickly identify the compromised endpoint, investigate the incident, and automatically initiate remediation actions, isolating the threat. This rapid response minimizes damage and prevents lateral movement across the network.

According to me, because of the cost, it can be used where budget is moderate to high, and the system mostly relies on Microsoft based systems i.e. Windows centric environments. But with less budget, the cost of using this is too high. also for non Windows based system like MacOS or Linux based system this is not compatible. Also if there is already a security architecture in place, then integrating this defender with the third party system is way difficult and sometimes unachievable.

We use MS Defender ATP on all of our systems. It uses low resources compared to other AV providers and full integration into Windows OS. You don't experience the breakage that happens when you have a 3rd part AV providers when there are feature roll-up updates and hotfixes issued by Microsoft. Also is MS ATP is competitive compared to 3rd part AV providers.

MS ATP is great for any organization that wants to protect itself from AV, malware, spyware, and ransomware threats. I can't imagine any organization doing without an AV protection provider. Small deployment can get expensive compared to the competition.