We just raised a $30M Series A: Read our story
AA
EMEA IT Infrastructure Manager at a consumer goods company with 5,001-10,000 employees
Real User
Top 20
Works well as part of an overall security solution and has no impact on end-users

Pros and Cons

  • "Defender has very little impact on the end-user and the agent works quite well with a minimal impact on the client and server."
  • "Cortex... has good investigation capabilities, out-of-the-box, in case there is an event that you'd like to investigate. It's quite convenient. Microsoft has those capabilities as well, but you need a bit more training on the product to get the basic information that you can get out-of-the-box with Cortex."

What is our primary use case?

We use it for endpoint security.

How has it helped my organization?

When looking at the ecosystem as a whole, security-wise, Microsoft provides a complete solution with the E5 Security suite. Microsoft has a big advantage because Defender knows how to interact with the CASB and all the other security components that you have. Overall, that makes the management of the environment much easier. It's easier to understand what's going on, to become aware of risks, and to take action.

What is most valuable?

  • Defender has very little impact on the end-user.
  • The agent works quite well with a minimal impact on the client and server.
  • It's very easy to deploy it.

For how long have I used the solution?

We did a trial of Microsoft Defender for Endpoint for about three months, and now we are in the process of rolling it out.

How was the initial setup?

We have about 4,300 users of Defender and it took two days to have it fully deployed. With Cortex it took some time. With Cortex, we had some 500 clients that we had to investigate because for some reason they did not get the agent immediately and we had to do some tweaking to get it to all the end-users.

What about the implementation team?

We used consultants for the deployment of both Cortex and Defender.

Which other solutions did I evaluate?

We gave Palo Alto Cortex XDR a try and we are now in the process of removing it and going to Microsoft Defender for Endpoint. I have experience with both of them.

Cortex has quite good management capabilities that give IT organizations quite a good picture of attempted cyber attacks. It has good investigation capabilities, out-of-the-box, in case there is an event that you'd like to investigate. It's quite convenient. Microsoft has those capabilities as well, but you need a bit more training on the product to get the basic information that you can get out-of-the-box with Cortex.

The onboarding process with Defender is much easier. In two days we were able to deploy it to our whole organization. Cortex is much more cumbersome. But the onboarding process is not the issue. A more important difference is that once you have security risks that you would like to mitigate, Cortex more easily gives you information regarding the threats. Microsoft gives you exactly the same information, but you have to know how to dig a bit more and do some manual steps that, with Cortex, are more straightforward.

The main issue that we had with Cortex, and the reason we decided to roll back and go to Defender, is that Cortex has a horrible impact on the performance of the system. For an enterprise-level organization, it kills the system. Users were complaining that when moving between emails in Outlook it would take a lot of time, creating a lot of delays and timeouts. Web browsing and every action on their computers took much more time than usual with Cortex.

What other advice do I have?

I would rate Defender a nine out of 10, while Cortex XDR is a five out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Fred M
Chief Executive Officer at Apollo Asset Management Company
Real User
Its files and folder protection ensures no changes can made to endpoint folders and files without the user being aware

Pros and Cons

  • "It is quite stable. We have not had any cases, i.e., viruses, that would require a reboot, etc. We have never had a situation where we needed to reinstall the tools as a result of the Defender application or a feature being corrupt."
  • "The folders and files protection are its most valuable features. These have been valuable because of the increase in ransomware attacks. With these two features, I can ensure that no changes have been made to our system or endpoint folders and files without the user being aware."
  • "I wish they would extend the use of the Security Central portal, even for the free option of Defender. Because, as companies grow, it is labor intensive to manage the AV and detection part of it. For companies already subscribed to Office 365, I think this would be a good enhancement."

What is our primary use case?

We are using it as the antivirus as well as the malware protection.

How has it helped my organization?

We have not had any attacks, in terms of viruses, worms, or ransomware, in the last three years.

The impact of the solution has been minimal. Employees can work with any interruptions.

What is most valuable?

The folders and files protection are its most valuable features. These have been valuable because of the increase in ransomware attacks. With these two features, I can ensure that no changes have been made to our system or endpoint folders and files without the user being aware.

What needs improvement?

I wish they would extend the use of the Security Central portal, even for the free option of Defender. Because, as companies grow, it is labor intensive to manage the AV and detection part of it. For companies already subscribed to Office 365, I think this would be a good enhancement.

For how long have I used the solution?

I have been using it for three years.

What do I think about the stability of the solution?

It is quite stable. We have not had any cases, i.e., viruses, that would require a reboot, etc. We have never had a situation where we needed to reinstall the tools as a result of the Defender application or a feature being corrupt.

Four IT support technicians are responsible for administrating Microsoft Defender in our organization. They make sure that upgrades and updates are done in a good timeframe.

What do I think about the scalability of the solution?

Its scalability is good enough. As long as you deploy the OS, you will keep on deploying Microsoft Defender automatically. This is a good option.

We have about 375 endpoints.

How are customer service and technical support?

I have never used their support.

Which solution did I use previously and why did I switch?

Before Microsoft Defender, we were using Bitdefender. Before Bitdefender, we were using McAfee Symantec.

We switched to Microsoft Defender because there was a change of ownership for the company in 2017.

We went for Microsoft Defender once we were informed that it would be part of our Office 365 package. So, we combined the licensing for the OS with Office 365. Yeah. We thought it was a good bargain.

How was the initial setup?

The initial setup was straightforward.

The deployment takes a maximum of half an hour.

What was our ROI?

We have seen ROI. Most of the other competing alternatives will cost up to around $30 per user device. We average 400 devices. Therefore, the amount that we save each year is 400 times $30.

What's my experience with pricing, setup cost, and licensing?

We have been using the free version.

What other advice do I have?

Microsoft Defender is good enough as long as you ensure the environment is well-patched and secure, then even the free option will be sufficient to take care of the entire ground.

We are not looking to increase usage at the moment because of the underlying economic situation.

I would rate this solution as nine out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,407 professionals have used our research since 2012.
PT
Product Manager at a comms service provider with 501-1,000 employees
Reseller
Top 5
Good management over endpoints but the technical support needs to be improved

Pros and Cons

    • "The scanning is slow when it is working with incoming emails."

    What is our primary use case?

    We are a system integrator and I specialize in practically everything that is security-related. This is a product that we sell as part of Office 365, and rarely as a standalone solution.

    Usually, if we have a customer with Office 365 and they need this type of solution then we increase the subscription to a point where it is included.

    From the user's point of view, this is classic anti-virus software. From a management point of view, this product gives better control over endpoint devices because some processes can be stopped remotely. If you have a person that is watching over the system then they have a higher level of control over endpoints.

    What is most valuable?

    This is a cloud-based product so it is always updated by the end-user.

    What needs improvement?

    They have to improve the email scanning where email is coming from somewhere other than our private network. The scanning is slow when it is working with incoming emails. Often, I can see the email but the scanning process is not finished and I cannot open the attachment. In general, the scanning has to be faster.

    What do I think about the stability of the solution?

    This solution looks stable. Provided that Windows 10 is updated, everything is okay.

    How are customer service and technical support?

    I have not been in contact with technical support in regards to this product. However, technical support for Microsoft products is always of bad quality. In my experience, if you cannot find the solution yourself then you will have a huge problem because it is not an easy task to have them understand and support you.

    You can lose a lot of time explaining the problem before you receive something that works.

    My advice to is look for a good support library and try to find the solution yourself. This means that you don't need to contact support.

    Which solution did I use previously and why did I switch?

    We have worked with many different security solutions. For example, we are selling a Security Operations Center as a service. We implement EDR, Privileged Access Management, Identity Management, anti-fraud solutions, web application firewalls, database security, and more. We are working with practically everything in cybersecurity.

    We are working with between 10 and 15 different vendors. Sometimes, this is too many, but it is useful to have information about each product, its quality, and how it compares to others. Two products that we are working with now are Cisco AMP and Carbon Black.

    What's my experience with pricing, setup cost, and licensing?

    There is a free version of Windows Defender, although the paid version has EDR functionality. We sell this product as part of Office 365 and it is not expensive.

    What other advice do I have?

    I have never touched this product. I'm just selling it, and I don't recommend it to anybody as a standalone solution.

    I would rate this solution a five out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    OC
    IT Manager at a financial services firm with 1,001-5,000 employees
    Real User
    Top 20
    Quick and responsive support, stable, improves security, and requires little maintenance

    Pros and Cons

    • "Microsoft's technical support is fantastic."
    • "At times, the other antivirus products are now doing AI, in terms of understanding the behavior of the system and determining when there's an anomaly. This is something that Defender can improve on."

    What is our primary use case?

    We primarily use this product to get antivirus protection in a cost-effective way.

    How has it helped my organization?

    This product tends to detect a lot more issues than the other antivirus solutions. This is because it's essentially tuned to Microsoft. It has some inbuilt intelligence, so they tend to understand the Microsoft environment and we don't need to do as much exclusion. With other antivirus products, we need to exclude certain files from being scanned.

    What is most valuable?

    The malware detection feature is very good.

    What needs improvement?

    At times, the other antivirus products are now doing AI, in terms of understanding the behavior of the system and determining when there's an anomaly. This is something that Defender can improve on.

    For how long have I used the solution?

    I have been working with Microsoft Defender Antivirus for between two and three years.

    What do I think about the stability of the solution?

    This is a stable solution that has matured over the years.

    What do I think about the scalability of the solution?

    We have approximately 7,000 machines and we have not needed to scale beyond our original implementation.

    How are customer service and technical support?

    Microsoft's technical support is fantastic.

    We subscribe to the Microsoft Premier Support Package and they tend to respond to our queries very fast. When our engineers contact them, they respond in a very short time.

    Which solution did I use previously and why did I switch?

    We currently use Cylance, in addition to Microsoft Defender. I'm not sure what the impact is of using two solutions, whether it is a good thing, or not. We do plan on narrowing this down to one solution in the future.

    How was the initial setup?

    This product was included with Windows 10, so we did not have to deploy it separately.

    Once this product is set up, this solution requires very little maintenance.

    What's my experience with pricing, setup cost, and licensing?

    We already use Microsoft solutions and I found it cheaper to purchase the bundle, which includes Defender. By including the antivirus in the bundle, it makes it a little cheaper for us. If you purchase it outside of the bundle, it is a little bit expensive.

    When you want the central administration functionality, it tends to be more expensive. The normal, standalone model is not expensive, but the enterprise model that includes the bundle with email and some web protection, is a bit more expensive.

    What other advice do I have?

    When we initially implemented Windows Defender, we were pessimistic about whether it would be good enough. However, it is a pretty mature product now.

    My advice for anybody who is considering this product is that it's good, and it gets results early.

    I would rate this solution an eight out of ten. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    CG
    Team Lead at a tech services company with 1-10 employees
    Real User
    Top 20
    Easy to use with great anti-malware features and quite stable

    Pros and Cons

    • "It's absolutely free to use."
    • "The anti-ransomware features need to be improved upon."

    What is our primary use case?

    We primarily use it due to the fact that it comes with the Windows 10 bundle and is free. We use it for security purposes. It scans for viruses and malware for us.

    What is most valuable?

    The solution was highly ranked in the Gartner Report.

    It's absolutely free to use.

    The anti-malware features are great.

    It doesn't use up a lot of resources on my laptop, so it's not slowing anything down.

    The product is very easy to use.

    What needs improvement?

    The anti-ransomware features need to be improved upon.

    For how long have I used the solution?

    I've been using the solution for about a year. I switched over when I updated my computer to Windows 10.

    What do I think about the stability of the solution?

    The solution is very stable. So far I haven't had any issues on my laptop. It uses very little resources. It doesn't crash or freeze. There aren't bugs or glitches that I have noticed.  It's reliable.

    What do I think about the scalability of the solution?

    I'm currently only using it on my laptop. I'm not sure if the solution can scale per se.

    I will continue to use the solution, regardless of its scalability potential.

    How are customer service and technical support?

    I've never had a reason to reach out to technical support, as the solution runs very well. As I've never contacted them, I can't speak to the quality of their service at this time.

    Which solution did I use previously and why did I switch?

    I did previously try to use the free version of Avast. It's not really user friendly like Defender and it used to use a lot of my laptop's resources. I switched to Defender as it was also free and came with my Windows 10.

    How was the initial setup?

    The initial setup is not complex. It's very straightforward. When you download Windows 10 it comes pre-loaded and ready to go. It's a default now. Previously, it was a little more difficult.

    What's my experience with pricing, setup cost, and licensing?

    The solution is free. Once a user downloads Windows 10, they automatically get the product.

    What other advice do I have?

    I'd recommend the solution. Why not, after all? It's already there within Windows 10 and is part of a user's Microsoft bundle. 

    Overall, I'd rate the product eight out of ten. If it had more ransomware protection, I'd rate it higher. As it is, the solution offers great malware features, is ranked pretty highly in Gartner and is easy to implement and use. Plus, it doesn't drain a lot of your machine's resources, which is a bonus.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    MM
    Project Director at a tech services company with 1,001-5,000 employees
    Real User
    Top 5
    Quite effective for preventing virus infections, data leak, or other security breaches

    Pros and Cons

    • "I am using it for very simple purposes. It is perfect and quite effective. I have been using it for a while, and I have never had any virus infection, data leak, or other security breaches. It works fine for standalone purposes. If you log on to OneDrive, it has ransomware protection."
    • "Windows Firewall is integrated with Windows Defender. Over the last few days, I have had a problem with defining a wildcard on Windows Firewall. For example, I wanted to pull out the connection of my program and install a software package with a lot of executable files. I wanted to prevent it from accessing the internet. I could not select executables by using a wildcard. I had to select a single executable with its full name."

    What is our primary use case?

    Windows Security Essentials is available on Windows 7 and Windows 10. I'm using Windows Defender, and the agent is deployed on-premises on my laptop. I don't know if it has some background cloud services.

    I use it for flash memories, portable memories, real-time scanning, threat protection, and capturing the data downloaded from the internet.

    What is most valuable?

    I am using it for very simple purposes. It is perfect and quite effective. I have been using it for a while, and I have never had any virus infection, data leak, or other security breaches.

    It works fine for standalone purposes. If you log on to OneDrive, it has ransomware protection.

    What needs improvement?

    Windows Firewall is integrated with Windows Defender. Over the last few days, I have had a problem with defining a wildcard on Windows Firewall. For example, I wanted to pull out the connection of my program and install a software package with a lot of executable files. I wanted to prevent it from accessing the internet. I could not select executables by using a wildcard. I had to select a single executable with its full name.

    For how long have I used the solution?

    I've been using this solution for five years or more. 

    What do I think about the stability of the solution?

    It is very stable. 

    What do I think about the scalability of the solution?

    I don't know about scalability because I have always used it on a single laptop, but I'm sure that there are business options, and you can use it on Windows 7 computers. It must be very scalable.

    How are customer service and technical support?

    I live in Iran, and there is no product support in Iran. If there is a technical issue, I prefer to use online information and resources, such as forums and Wiki pages, to resolve the issue. 

    How was the initial setup?

    It is very easy to install. It is preinstalled when you install Windows. If you install other antiviruses, you have to deactivate it in order to use third-party products.

    What other advice do I have?

    Microsoft has started to integrate the interface with new Windows 10 settings. Previously, there was a lack of information. Users weren't aware of the status of the product in terms of what it was doing on your computer and whether it was actually protecting you or not. In the background, it must have been doing its job, but you couldn't be very well aware of the status of the software. All those issues are now resolved. The information now is very handy, and the user interface is also great. I would recommend this solution to others.

    I would rate Microsoft Defender Antivirus a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    JN
    Manager of Information Systems at a engineering company with 51-200 employees
    Real User
    Easy to scale, reliable, and extremely easy to install

    Pros and Cons

    • "We like that it has a free version available."
    • "The frequency of the patching, and the frequency of the updates, are not included with the free version."

    What is our primary use case?

    We use it at home on some personal machines at home, and there are a few machines inside of the Enterprise that has it.

    We use this solution for general antivirus protection.

    What is most valuable?

    We like that it has a free version available.

    What needs improvement?

    The frequency of the patching, and the frequency of the updates, are not included with the free version. 

    The platform I used in the past would check every hour and deploy every two hours down to the client, every patch that came through. 

    It was actively looking for updates, the latest threats, which is something that the Microsoft Defender product did not have in the free version.

    The Enterprise version that we had, didn't have visibility. If somebody were to uninstall it or turn it off, I'd have trouble seeing that easily. There are tools that I can install, but from a reporting standpoint who has it on and off is included with the Enterprise package that you pay for, or it comes included with Office 365 Enterprise, but not in the free version.

    For how long have I used the solution?

    We have been using Microsoft Defender for Endpoint for two and a half years.

    We are using the latest version. It is always up-to-date.

    What do I think about the stability of the solution?

    We had absolutely no issues with the stability of Microsoft Defender for Endpoint. We did not experience any bugs or glitches.

    What do I think about the scalability of the solution?

    It is pretty easy to scale. it was basically one click to agree that you wanted to use it.

    How are customer service and technical support?

    We did not contact technical support.

    Which solution did I use previously and why did I switch?

    Previously, we were using another solution and were forced to uninstall it to patch Windows. It was an annoyance to reinstall it.

    How was the initial setup?

    The initial setup was straightforward. It was extremely simple.

    What's my experience with pricing, setup cost, and licensing?

    We are using the free version.

    When you are centrally managing it, you can't get there without a much more expensive Microsoft solution to control the rollout and to make sure that it is up-to-date.

    We didn't research that, it was a stop-gap measure until we figured out what we're going to do in the long term.

    Which other solutions did I evaluate?

    We are looking into a product that gets into the EDR, XDR, the fully managed patching, and everything else, versus just the anti-virus that package includes.

    What other advice do I have?

    I would rate Microsoft Defender for Endpoint and eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    Rudy Zurita
    Consultor Senior at a consultancy with 51-200 employees
    Real User
    A free solution that performs well

    Pros and Cons

    • "It performs well. The stability is seamless."
    • "A concern is ransomware, whether people can penetrate and encrypt my data or steal my credit card/banking information."

    What is most valuable?

    I haven't experienced any problems.

    What needs improvement?

    They could improve the information about how they are dealing with people who could attack minors. This is my main concern. 

    Another concern is ransomware, whether people can penetrate and encrypt my data or steal my credit card/banking information. 

    For how long have I used the solution?

    I have been using it since 2019.

    What do I think about the stability of the solution?

    It performs well. The stability is seamless.

    What do I think about the scalability of the solution?

    Scalability is not a problem because we don't have servers. We don't do anything more with the computers than use them for studies, reading papers and books, watching movies, and communicating with our family. So, we don't need to scale up.

    How are customer service and technical support?

    If they could send me more information, then I could evaluate, read more, and give them opinions. For example, if someone tells me about a problem, then I can give solutions and also write to Microsoft regarding this information.

    Which solution did I use previously and why did I switch?

    From the beginning of the pandemic, we received another kind of software when we had to be at home, but it caused us problems with the performance. So, I decided to quit the other software. Then, I installed Windows Defender on all my computers, including my grandchildren's computers.

    I was using Sophos previously, but it was causing problems with the performance. For example, when my grandchildren were trying to assume a session, they opened Excel or Word with a 4 GB computer using Windows 10 and then they always lost the connection or the continuities because the computer slowed down. However, when we decided to quit using Sophos and install all the features of Windows Defender, then those problems were resolved.

    How was the initial setup?

    The initial setup is very easy and straightforward.

    My deployment process: I put some checks in the questions that they have. It was very easy. I read about it in the tutorial. I installed it on my entire family's computers (six computers) in less than half an hour.

    What's my experience with pricing, setup cost, and licensing?

    It is free.

    What other advice do I have?

    We are totally satisfied with performance and price. However, there is still the question, "Is it safe and secure enough for home, primary-school-age children, and minors?" Despite having a Masters degree in Computer Sciences and Mathematics, I have not been able to say if Microsoft is doing bad or good things.

    Many companies may say that they have the best product, but I recommend always watching the news about what a company is doing. Stay informed. Don't be complacent. 

    The solution is a nine out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Buyer's Guide
    Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions.