Microsoft Defender for Business review
Most Windows users will already be familiar with the Microsoft Defender brand, given that Microsoft Defender Antivirus (formerly Windows Defender) is preinstalled in all modern versions of the operating system.
Microsoft Defender for Business belongs to the same family of apps but is designed to offer protection above and beyond traditional antivirus, such as automated protection and response for up to 300 users within your organization.
Given that Microsoft are already in the antivirus business and most malware is still designed to target Windows systems, the tech giant is uniquely placed to offer the best endpoint protection software. The question is: does Microsoft Defender for Business offer endpoint protection that's a cut above the rest?
Microsoft Defender for Business: Plans and pricing
Unlike other endpoint security platforms we've reviewed Microsoft are actually very candid about their pricing model. Microsoft Defender for Business is available as a standalone product for all business users.
Subscriptions cost $3 per user per month, billed annually. There's an upper limit of 300 users but each user can have up to 5 devices. Some quick math shows that you can therefore install protection on up to 1500 appliances.
For the same cost per user you can also purchase 'Microsoft Defender for Business Servers' as an add on. This provides a single admin experience for clients and servers, as well as detecting and patching vulnerabilities in real time.
Existing Microsoft 365 Business Premium subscribers also benefit from Microsoft Defender for business at not extra cost.
Microsoft offer a 30-day trial of Defender for Business, provided you're willing and able to register an online account and provide valid payment information.
Microsoft Defender for Business: Features
Defender for Business was officially released in May 2022 as a standalone product.
As readers will discover we were unable to test drive the platform ourselves so the stated features mentioned here are those cited on Microsoft's website itself. We encourage interested users to contact Microsoft direct to arrange a trial in order to test out advertised features for themselves.
This said, on the main product page Microsoft display a slick-looking video stating that Defender for Business offers enterprise-grade endpoint security. One of the takeaways from this video is that the platform can aggregate alerts into a single incident report making it easier for network managers to respond to threats. We assume this refers to the 'Security Summary Reports' feature mentioned in Microsoft's online documentation. The platform can also generate a monthly security summary report.
Defender for Business is built on the foundation of Microsoft Defender for Endpoint and features many of the same capabilities. For instance, users can also activate security policies out of the box with simple set-up wizards.
One feature which caught our eye is the "Streaming API". Although currency still in beta, this is designed for customers who want to build their own security operations center and supports streaming of device file, registry, network, sign-in events and more to Azure Event Hub, Azure Storage, and Microsoft Sentinel, making for more advanced attack detection.
Defender for Business also includes 'Blackpoint Cyber', which adds Blackpoint's own MDR (Managed Detection & Response) technology to investigate and act on alerts generated by Defender itself.
Mobile threat defense also now allows onboarding of iOS and Android devices for the standalone version of Defender for Business.
The Microsoft website also has a rundown of the latest features available in Defender for Business.
Microsoft Defender for Business: Setup
In theory interested parties who want to take Microsoft Defender for a test drive can simply register an account via the website, provide valid payment information and download a 30-day trial version of the product with no obligation.
In practice, during our tests we found this impossible to do. In the first instance, we couldn't understand why a multi-billion dollar corporation like Microsoft would require credit card information but duly tried to sign up using three different email addresses and two different cards, only to encounter an error every time.
From searching online, we found we weren't the only ones to encounter this error and given that we'd tried using different credit cards from different locations we determined the issue must be on Microsoft's side.
Admittedly, we didn't take up the opportunity to create a support ticket as the Microsoft website encouraged us to do. This was because we imagined being in the place of IT Managers in organizations trialing other endpoint security platforms and doubted if they'd have the time or the patience to jump through so many virtual hoops. After spending over an hour trying to download a trial version of the platform we gave up and expect many IT professionals would have done so as well.
This does mean we were unable to run our independent tests on Defender for Business but we wanted to share our experiences with readers, who can then decide if they wish to put in the time and effort to test pilot the platform themselves.
We did discover that assuming managers have an active 365 subscription and Windows endpoints are already using the relevant security tools, there's no need to install extra software in order to manage them.
In other cases, such as where the endpoint runs macOS or Linux endpoints can also be deployed using Microsoft Configuration Manager or Microsoft InTune.
Microsoft Defender for Business: Performance
Our first test for endpoint security software is to use the Microsoft Edge browser in our Windows 11 test machine to attempt to download a fake computer virus, provided by the good people of EICAR.
As we've said, we weren't able to install Defender for Business onto our test machine but we have a good indication that it would pass our test, given the default Windows Security settings already red flag the page containing the virus download link. Even if users choose to proceed, Edge blocks the download of the file.
Our next test is to copy a new, real computer virus that we caught in the wild into the 'Downloads' folder on the test machine. We do this in order to check that the endpoint security software isn't just checking files against known signatures but is able to recognize a potentially harmful program that isn't in its database.
Once again, we can be sure that Defender for Business would pass this test with flying colors as in previous tests the real virus is always picked up by Windows Security settings. For this reason we usually disable real time protection when testing other endpoint security platforms to make sure it's their software which has detected the threat - in this case you can be sure Microsoft are the ones keeping your system safe.
Microsoft Defender for Business: Interface
Although we weren't able to test the product properly, we did discover that the Microsoft 365 Defender portal is the place from which you can use and manage Defender for Business.
From here managers can add users, assign licenses and check the overall health of connected systems. Icons are laid out in the left-hand pane allowing managers to easily switch between sections. There are also links to detailed setup guides for Microsoft 365 Defender.
The interface is clear and well laid out. We were especially impressed to see a dedicated 'reports' section as well as a specific 'health' dashboard.
Microsoft Defender for Business: Final verdict
On the plus side Microsoft Defender for Business is competitively priced and may not even cost anything extra assuming your organization already has a Microsoft 365 Business Premium subscription.
We were also impressed by the elegance and ease use of the Microsoft 365 Defender Portal, not to mention the fact that onboarding will no doubt be made more simple given the fact that managers usually will only need to add new users rather than install hefty amounts of extra software.
While we couldn't run our usual tests, given the home version of 'Defender' is easily able to detect, prevent and quarantine malicious URLs and malware there's every reason to think that the business version can do the same.
Microsoft Defender for Business is let down however by a complicated setup process, which made it impossible for us to really put it through its paces. We're disappointed that a large organization like this needed credit card information upfront, let alone the fact that the website threw up repeated errors which would take precious time out of the day of any IT expert.
If you have the time and patience to go through the setup process and (if necessary) negotiate with Microsoft Support to set up a free trial, we applaud you and encourage you to share your experiences with Techradar.
Otherwise, you may prefer to consider competitors who simply offer a download link on their website for their security solutions such as ManageEngine's Endpoint Central.
0 comments:
Post a Comment