Microsoft Defender for Endpoint or the primary endpoint protection suite coupled with our M365 and Intune. It is solving our endpoint protection use case and integrates nicely into 3rd party monitoring and SIEM products. Microsoft Defender for Endpoint, with the right M365 licensing level, is a very capable solution to solve endpoint security needs and is cost effective.
Pros
Cost Effective
Good Protection
Non-instrusive
Cons
Management isn't super intuitive
Insight split between Intune and Security Admin Center
Not all controls translate from Intune
Likelihood to Recommend
If you or your organization are using Microsoft 365 E3 licensing or higher, it's a very cost effective and smart solution to take advantage of Microsoft Defender for Endpoint. While the solution is dependent on Intune enrollment for easy management, once setup, it works great. It's fairly easy to manage once you get the hang of it, although it is split between Intune and Security Admin center for insights.
VU
Verified User
Director in Information Technology (Non-profit Organization Management company, 51-200 employees)
We use it organization-wide. Defender has addressed malware, phishing, and viruses (trojans). This has significantly decreased our issues and potential exposure.
Pros
Great dashboard for the techs on the end of support
Provides good notifications for the user
Does a great job quarantining questionable emails that may have suspicious links.
Cons
Stop changing the product name - creates confusion at times
Likelihood to Recommend
[Microsoft Defender is a] great product for standard office users. It does not become a resource hog, yet does the job well.
VU
Verified User
Director in Information Technology (Non-profit Organization Management company, 1001-5000 employees)
MDE is Microsoft's latest cybersecurity tool which takes a holistic approach to protect my organization from known and zero-day threats. I love the fact that I don't need to stitch together a diverse solution to increase my organization's security posture. I only have to use one login to manage my dashboard. MDE is compatible with all endpoints in my organization. I have macOS, iOS, Windows server, Windows 10, and Ubuntu Linux on-boarded. It is an EDR, XDR that is mapped against the MITRE ATT&CK framework.
Pros
Compatible with macOS, iOS, Android, Windows Server, Windows 10 and Linux
It runs natively on Windows it is not a bolted on solution. Once you have the correct license it is easy enough to light up the application to protect the endpoint
Integrated with Microsoft Intune
It is designed to detect and remediate adversary tactics from the MITRE knowledge base.
Microsoft analyzes billions of signals daily to detect attacks against O365 tenants these same signals are fed into ML to further fine-tune MDE. How many other solutions out there will have access to this vast amount of data to analyze to train their ML?
Automated detection and remediation of threats with a graphical timeline view of how the treat got into the device and was stopped
It has its own vulnerability scanner to feed data into the dashboard so you can see daily which endpoints need to be patch first based on its value
It comes with an advanced hunting tool using the kusto query language to search your tenant for threats
It can keep 180 days of log data
From one bundled license I can protect Exchange online email, Sharepoint, Microsoft Teams, One Drive, Azure identities, AD, endpoints
Cons
Web filtering on the macOS it not available yet
They recently made it easier to on-board macOS endpoints using Microsoft Intune by deploying it as an app. It used to take a lot of more configuration profiles to set up. For older macOS Sierra using the older extensions it will still require the multiple steps to on-board to MDE
They need to integrate Microsoft Cloud app into the new dashboard of MDE
Reduce the memory overhead of the mdatp agent running on Linux
Likelihood to Recommend
Small or large organizations will benefit from using MDE. They need to provide a way to buy MDE as a standalone add-on product not only make it a bundled feature in Microsoft 365 E5. I wish it had the ability to deploy updates to 3rd party apps when the vulnerability scanner discovers a vulnerability. Currently, I have to use a 3rd party tool to address this gap.
