Evaluating Defender ATP



  • We are (finally!!) getting out of our 3 year long McAfee contract soon and slowly started replacing features that we used with McAfee ePO suite to alternate products, mostly with Microsoft. Already started moving from McAfee drive encryption to Bitlocker encryption, and now about to evaluate defender ATP. I tried it in my lab and looks good, but wanted to get some feedback on what needs to be tested with this evaluation.

    I have few things in my mind already;

    • Run malware on the machines (got few sample of malware with me to test out) and test out features like automatic investigation and remediation, isolate endpoint etc.

    • Already tried out knowbe4 ransim:
      Installed with no tweaks on the policy
      b7c18e69-2651-4918-b5a3-fe7802d870e1-image.png

    After making some changes (cloud detection)
    3fbce4c6-6a81-4fe3-be65-f44282820b0e-image.png

    • Test out application blocking to only Microsoft signed application

    • Check machine performance (this was a major killer with McAfee suite, with all the drive encryption, DLP, endpoint security etc, we have around 18 processes running on each machine for McAfee and has severe impact on users performance). With defender atp, since its baked into windows and not as agent for each module, I am expecting a huge improvement on performance.

    • Test out conditional access triggers; to restrict MS signed applications when a critical malware found on endpoint

    • Check integration with MS flow, Cloud App Security etc

    Are there anything else that comes to anyone's mind?



  • It would be worth getting MS to do a webEx session with you to show off some features and integrations. I'm sure that'll spark a bunch more questions and things to test.



  • @Obsolesce I am actually working with MS on the poc and starting with a demo this Tuesday



  • @Ambarishrh : Please keep us in the loop on this. Very curious...



  • @manxam said in Evaluating Defender ATP:

    @Ambarishrh : Please keep us in the loop on this. Very curious...

    Ditto. While I don't see us deploying a solution that pumps 18 additional processes on our machine, a few of those options could be nice... and while it might be considered unfair by the competition, MS's own internal knowledge I can mostly only hope would make their products better.

    Now that said - how many of those 18 points you have for McAfee would simply have to be replicated no matter how who's solution you used? I'm assuming many of them aren't running on typical machines today - i.e. Bitlocker, DLP, not things in use by most Windows shops today.



  • I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.



  • @Dashrender said in Evaluating Defender ATP:

    @manxam said in Evaluating Defender ATP:

    @Ambarishrh : Please keep us in the loop on this. Very curious...

    Ditto. While I don't see us deploying a solution that pumps 18 additional processes on our machine, a few of those options could be nice... and while it might be considered unfair by the competition, MS's own internal knowledge I can mostly only hope would make their products better.

    Now that said - how many of those 18 points you have for McAfee would simply have to be replicated no matter how who's solution you used? I'm assuming many of them aren't running on typical machines today - i.e. Bitlocker, DLP, not things in use by most Windows shops today.

    @manxam sure!
    @Dashrender we do have all this in most machines. Issue with McAfee is even for single component, there are several services running.

    One such machine that is not responding, see the number of process running! 🙂
    ab15150b-e3a4-4ea9-8809-3e3613f96ebb-image.png

    With the switch possibly to Defender ATP, since its using windows defender, all the malware security/endpoint protection is handled by defender. Azure Information Protection should take care of the DLP part. Encryption, already moving to bitlocker. I am expecting a huge improvement for end users along with all the features that we could use with defender ATP



  • @marcinozga said in Evaluating Defender ATP:

    I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

    While it may be more expensive than one's current A/V solution, it's definitely not 15-18 times more than a different centrally-manageable enterprise solution.

    The cheapo 3rd party solutions really only offer definition based protection. That's pretty standard and is just the tip top of the iceberg of enterprise end-point protection. I'm not saying any blanket statements here, perhaps simple cheapo a/v is fine for some traditional or legacy environments, they are all different. I'm also not saying everyone needs all the features of DATP. My point is that while some can get away with a simple cheapo or free A/V or definition based protection, there's a ton of need for more than that.



  • @marcinozga said in Evaluating Defender ATP:

    I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

    Not sure how did they gave you that info! An average pricing structure as below

    7455634e-b366-4cb5-af6e-859115ac1fcd-image.png

    And security products straight from O365 admin portal subscriptions page:
    560b3413-64e4-4a77-9b6c-27030798a842-image.png



  • @Ambarishrh said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

    Not sure how did they gave you that info! An average pricing structure as below

    7455634e-b366-4cb5-af6e-859115ac1fcd-image.png

    And security products straight from O365 admin portal subscriptions page:
    560b3413-64e4-4a77-9b6c-27030798a842-image.png

    These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.



  • @Obsolesce said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

    While it may be more expensive than one's current A/V solution, it's definitely not 15-18 times more than a different centrally-manageable enterprise solution.

    The cheapo 3rd party solutions really only offer definition based protection. That's pretty standard and is just the tip top of the iceberg of enterprise end-point protection. I'm not saying any blanket statements here, perhaps simple cheapo a/v is fine for some traditional or legacy environments, they are all different. I'm also not saying everyone needs all the features of DATP. My point is that while some can get away with a simple cheapo or free A/V or definition based protection, there's a ton of need for more than that.

    We've been using Microsoft Cloud App Security for a while as an add-on to M365 E3 package and been really helpful in many situations, where user account got compromised and attempts made to login from risky IPs/infrequent countries! We got them on the fly and had preset alerts to disable the accounts. I am assuming that with defender ATP add-on, the coverage gets better. I personally am evaluating the portal and impressed with the amount of details they have covered.

    Few screens from my personal tenant. I've been blasting these test vms with malwares! 🙂

    3a40613b-ec18-4910-9235-c52b2a0647a3-image.png

    10b8fd87-7abd-45e9-8d13-8723285b490f-image.png

    I love secure score, with defender you get that extended to windows as well!
    e5b2a85a-374a-433c-b66b-55147d1f8d76-image.png

    ed622100-20bb-45ce-a551-6ded32feec0d-image.png

    dc0c3e8c-b8ae-46b8-a598-bf25023408ae-image.png

    Automatic remediation
    874284cf-beac-4c31-9428-7298fd1088fe-image.png

    Extensive reporting
    66be77e8-1463-4ca5-8110-50387ced891f-image.png

    691f9413-5e96-4505-8613-1a1f6784f2fd-image.png

    ae489656-176d-4fd2-8c68-8ca20e6020e5-image.png

    65ddd230-2a75-4fde-b47b-a229c96293b7-image.png

    and the best part!
    Evaluation lab! You can fire up an Azure VM for free and test out any malware and other settings and tweak policies accordingly. The VM only stays active for few days, but you can fire up new machines (current limit is 3)
    310dbef1-21fc-484b-9cc5-8a03809529d8-image.png



  • @Obsolesce said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

    While it may be more expensive than one's current A/V solution, it's definitely not 15-18 times more than a different centrally-manageable enterprise solution.

    The cheapo 3rd party solutions really only offer definition based protection. That's pretty standard and is just the tip top of the iceberg of enterprise end-point protection. I'm not saying any blanket statements here, perhaps simple cheapo a/v is fine for some traditional or legacy environments, they are all different. I'm also not saying everyone needs all the features of DATP. My point is that while some can get away with a simple cheapo or free A/V or definition based protection, there's a ton of need for more than that.

    I really haven't seen any AV in years that offered only definition based protection, well except maybe ClamAV. Every commercial solution has included advanced heuristic/behavioral detection, and a lot more features. Yearly cost is usually what Defender ATP cost monthly - including required subscriptions.



  • @marcinozga said in Evaluating Defender ATP:

    @Obsolesce said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

    While it may be more expensive than one's current A/V solution, it's definitely not 15-18 times more than a different centrally-manageable enterprise solution.

    The cheapo 3rd party solutions really only offer definition based protection. That's pretty standard and is just the tip top of the iceberg of enterprise end-point protection. I'm not saying any blanket statements here, perhaps simple cheapo a/v is fine for some traditional or legacy environments, they are all different. I'm also not saying everyone needs all the features of DATP. My point is that while some can get away with a simple cheapo or free A/V or definition based protection, there's a ton of need for more than that.

    I really haven't seen any AV in years that offered only definition based protection, well except maybe ClamAV. Every commercial solution has included advanced heuristic/behavioral detection, and a lot more features. Yearly cost is usually what Defender ATP cost monthly - including required subscriptions.

    If you are already on O365 subcription like ours, it makes sense to move to E5 covering more areas or just get add-on for the ones you need.



  • @marcinozga said in Evaluating Defender ATP:

    Every commercial solution has included advanced heuristic/behavioral detection, and a lot more features.

    Some may. But do they show any insight as to what's going on in your environment, or allow for any kind of "real" forensics?



  • @Obsolesce said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    Every commercial solution has included advanced heuristic/behavioral detection, and a lot more features.

    Some may. But do they show any insight as to what's going on in your environment, or allow for any kind of "real" forensics?

    I can't speak for all because I haven't used all, but these are pretty standard features.



  • @marcinozga said in Evaluating Defender ATP:

    @Ambarishrh said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

    Not sure how did they gave you that info! An average pricing structure as below

    7455634e-b366-4cb5-af6e-859115ac1fcd-image.png

    And security products straight from O365 admin portal subscriptions page:
    560b3413-64e4-4a77-9b6c-27030798a842-image.png

    These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

    But as mentioned - $15-20 per year is only for typical AV, not an ATP product.



  • Some more details about investigation on malware. Malwarebytes endpoint detection and protection has similar functionalities and I am sure most vendors would have such capabilities with them

    7416db72-f843-4504-a2bf-f21fd3415428-image.png

    2cb8a427-d060-4971-9d36-ecf44109a7b2-image.png

    As you could imagine, this product has an overwhelming amount of information, which is why I wanted to do a full POC with MS team to understand the right approach on using this product effectively. Will post my experience here as and when I get more infor



  • There are so many components - so many things to buy if you don't just sign up for E5, but as mentioned E5 is hugely expensive, plus has things some just don't need. Like Windows Enterprise edition... just not something I need in my environment.



  • @Dashrender said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Ambarishrh said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

    Not sure how did they gave you that info! An average pricing structure as below

    7455634e-b366-4cb5-af6e-859115ac1fcd-image.png

    And security products straight from O365 admin portal subscriptions page:
    560b3413-64e4-4a77-9b6c-27030798a842-image.png

    These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

    But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

    And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

    • malware protection, both behavioral and definition based
    • ransomware protection
    • phishing protection
    • ids/ips
    • device control
    • exploit blocker
    • botnet protection
    • web filtering
    • memory analysis
    • central management, either cloud or local


  • @marcinozga said in Evaluating Defender ATP:

    @Dashrender said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Ambarishrh said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

    Not sure how did they gave you that info! An average pricing structure as below

    7455634e-b366-4cb5-af6e-859115ac1fcd-image.png

    And security products straight from O365 admin portal subscriptions page:
    560b3413-64e4-4a77-9b6c-27030798a842-image.png

    These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

    But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

    And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

    • malware protection, both behavioral and definition based
    • ransomware protection
    • phishing protection
    • ids/ips
    • device control
    • exploit blocker
    • botnet protection
    • web filtering
    • memory analysis
    • central management, either cloud or local

    And a full forensics audit trail?

    I'm really curious which ones have this stuff for 15-18 times less the cost of Defender ATP?



  • @Obsolesce said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Dashrender said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Ambarishrh said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

    Not sure how did they gave you that info! An average pricing structure as below

    7455634e-b366-4cb5-af6e-859115ac1fcd-image.png

    And security products straight from O365 admin portal subscriptions page:
    560b3413-64e4-4a77-9b6c-27030798a842-image.png

    These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

    But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

    And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

    • malware protection, both behavioral and definition based
    • ransomware protection
    • phishing protection
    • ids/ips
    • device control
    • exploit blocker
    • botnet protection
    • web filtering
    • memory analysis
    • central management, either cloud or local

    And a full forensics audit trail?

    I'm really curious which ones have this stuff for 15-18 times less the cost of Defender ATP?

    I'm having a hard time finding what the real price here is?

    I know that Intune is like $4/user/month. aka $48/user/year. this makes it 2-3 times more expensive than typical AV packages - of course, it gives you a lot more features at that price point.

    The above posts have a dozen different security things listed.

    As @marcinozga says, typical AV with many of the above mentioned features (but not all - and full forensics trails - forget about it) for like $15-20/user/year



  • @Obsolesce said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Dashrender said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Ambarishrh said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

    Not sure how did they gave you that info! An average pricing structure as below

    7455634e-b366-4cb5-af6e-859115ac1fcd-image.png

    And security products straight from O365 admin portal subscriptions page:
    560b3413-64e4-4a77-9b6c-27030798a842-image.png

    These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

    But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

    And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

    • malware protection, both behavioral and definition based
    • ransomware protection
    • phishing protection
    • ids/ips
    • device control
    • exploit blocker
    • botnet protection
    • web filtering
    • memory analysis
    • central management, either cloud or local

    And a full forensics audit trail?

    I'm really curious which ones have this stuff for 15-18 times less the cost of Defender ATP?

    Eset and Webroot for example. I think Sophos had most of above features last time I checked. I'm quite sure most AV on the market have all/most of the above, since all these are standard features now.

    If you want full forensics, you go with SIEM solution, Defender ATP is not one.



  • @Dashrender said in Evaluating Defender ATP:

    @Obsolesce said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Dashrender said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Ambarishrh said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

    Not sure how did they gave you that info! An average pricing structure as below

    7455634e-b366-4cb5-af6e-859115ac1fcd-image.png

    And security products straight from O365 admin portal subscriptions page:
    560b3413-64e4-4a77-9b6c-27030798a842-image.png

    These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

    But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

    And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

    • malware protection, both behavioral and definition based
    • ransomware protection
    • phishing protection
    • ids/ips
    • device control
    • exploit blocker
    • botnet protection
    • web filtering
    • memory analysis
    • central management, either cloud or local

    And a full forensics audit trail?

    I'm really curious which ones have this stuff for 15-18 times less the cost of Defender ATP?

    I'm having a hard time finding what the real price here is?

    I know that Intune is like $4/user/month. aka $48/user/year. this makes it 2-3 times more expensive than typical AV packages - of course, it gives you a lot more features at that price point.

    The above posts have a dozen different security things listed.

    As @marcinozga says, typical AV with many of the above mentioned features (but not all - and full forensics trails - forget about it) for like $15-20/user/year

    ATP is not available if you have just Intune, you need O365 or M365 Enterprise subscriptions, or Windows 10 Enterprise.
    O365 E3 is $20/mo plus ATP add-on, I think it's $2/mo. I don't know how much is Win 10 Ent, so I'm guessing O365 E3 is the cheapest route, at $22/mo, that's $264 a year. Depending on number of endpoints you can get AV for $15/year, perhaps even less.



  • @marcinozga said in Evaluating Defender ATP:

    @Dashrender said in Evaluating Defender ATP:

    @Obsolesce said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Dashrender said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Ambarishrh said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

    Not sure how did they gave you that info! An average pricing structure as below

    7455634e-b366-4cb5-af6e-859115ac1fcd-image.png

    And security products straight from O365 admin portal subscriptions page:
    560b3413-64e4-4a77-9b6c-27030798a842-image.png

    These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

    But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

    And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

    • malware protection, both behavioral and definition based
    • ransomware protection
    • phishing protection
    • ids/ips
    • device control
    • exploit blocker
    • botnet protection
    • web filtering
    • memory analysis
    • central management, either cloud or local

    And a full forensics audit trail?

    I'm really curious which ones have this stuff for 15-18 times less the cost of Defender ATP?

    I'm having a hard time finding what the real price here is?

    I know that Intune is like $4/user/month. aka $48/user/year. this makes it 2-3 times more expensive than typical AV packages - of course, it gives you a lot more features at that price point.

    The above posts have a dozen different security things listed.

    As @marcinozga says, typical AV with many of the above mentioned features (but not all - and full forensics trails - forget about it) for like $15-20/user/year

    ATP is not available if you have just Intune, you need O365 or M365 Enterprise subscriptions, or Windows 10 Enterprise.
    O365 E3 is $20/mo plus ATP add-on, I think it's $2/mo. I don't know how much is Win 10 Ent, so I'm guessing O365 E3 is the cheapest route, at $22/mo, that's $264 a year. Depending on number of endpoints you can get AV for $15/year, perhaps even less.

    That's an unfair assessment. If you already have O365 E3, then it's only $24/year/user

    Also - is O365 E3 the requirement, or can you add ATP onto E1?

    Is windows 10 Enterprise a requirement of ATP? Things I was reading last night never mentioned that.



  • @Dashrender said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Dashrender said in Evaluating Defender ATP:

    @Obsolesce said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Dashrender said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Ambarishrh said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

    Not sure how did they gave you that info! An average pricing structure as below

    7455634e-b366-4cb5-af6e-859115ac1fcd-image.png

    And security products straight from O365 admin portal subscriptions page:
    560b3413-64e4-4a77-9b6c-27030798a842-image.png

    These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

    But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

    And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

    • malware protection, both behavioral and definition based
    • ransomware protection
    • phishing protection
    • ids/ips
    • device control
    • exploit blocker
    • botnet protection
    • web filtering
    • memory analysis
    • central management, either cloud or local

    And a full forensics audit trail?

    I'm really curious which ones have this stuff for 15-18 times less the cost of Defender ATP?

    I'm having a hard time finding what the real price here is?

    I know that Intune is like $4/user/month. aka $48/user/year. this makes it 2-3 times more expensive than typical AV packages - of course, it gives you a lot more features at that price point.

    The above posts have a dozen different security things listed.

    As @marcinozga says, typical AV with many of the above mentioned features (but not all - and full forensics trails - forget about it) for like $15-20/user/year

    ATP is not available if you have just Intune, you need O365 or M365 Enterprise subscriptions, or Windows 10 Enterprise.
    O365 E3 is $20/mo plus ATP add-on, I think it's $2/mo. I don't know how much is Win 10 Ent, so I'm guessing O365 E3 is the cheapest route, at $22/mo, that's $264 a year. Depending on number of endpoints you can get AV for $15/year, perhaps even less.

    That's an unfair assessment. If you already have O365 E3, then it's only $24/year/user

    Also - is O365 E3 the requirement, or can you add ATP onto E1?

    Is windows 10 Enterprise a requirement of ATP? Things I was reading last night never mentioned that.

    It is fair. What if you don't have O365 because you don't need it or use something else? Other AV don't force you to buy any extra services, you can get AV on a plain vanilla Windows machine.

    From the document I got from Microsoft, E3 is minimum. It's O365 E3 or Windows 10 Ent.



  • @marcinozga said in Evaluating Defender ATP:

    @Dashrender said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Dashrender said in Evaluating Defender ATP:

    @Obsolesce said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Dashrender said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    @Ambarishrh said in Evaluating Defender ATP:

    @marcinozga said in Evaluating Defender ATP:

    I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

    Not sure how did they gave you that info! An average pricing structure as below

    7455634e-b366-4cb5-af6e-859115ac1fcd-image.png

    And security products straight from O365 admin portal subscriptions page:
    560b3413-64e4-4a77-9b6c-27030798a842-image.png

    These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

    But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

    And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

    • malware protection, both behavioral and definition based
    • ransomware protection
    • phishing protection
    • ids/ips
    • device control
    • exploit blocker
    • botnet protection
    • web filtering
    • memory analysis
    • central management, either cloud or local

    And a full forensics audit trail?

    I'm really curious which ones have this stuff for 15-18 times less the cost of Defender ATP?

    I'm having a hard time finding what the real price here is?

    I know that Intune is like $4/user/month. aka $48/user/year. this makes it 2-3 times more expensive than typical AV packages - of course, it gives you a lot more features at that price point.

    The above posts have a dozen different security things listed.

    As @marcinozga says, typical AV with many of the above mentioned features (but not all - and full forensics trails - forget about it) for like $15-20/user/year

    ATP is not available if you have just Intune, you need O365 or M365 Enterprise subscriptions, or Windows 10 Enterprise.
    O365 E3 is $20/mo plus ATP add-on, I think it's $2/mo. I don't know how much is Win 10 Ent, so I'm guessing O365 E3 is the cheapest route, at $22/mo, that's $264 a year. Depending on number of endpoints you can get AV for $15/year, perhaps even less.

    That's an unfair assessment. If you already have O365 E3, then it's only $24/year/user

    Also - is O365 E3 the requirement, or can you add ATP onto E1?

    Is windows 10 Enterprise a requirement of ATP? Things I was reading last night never mentioned that.

    It is fair. What if you don't have O365 because you don't need it or use something else? Other AV don't force you to buy any extra services, you can get AV on a plain vanilla Windows machine.

    From the document I got from Microsoft, E3 is minimum. It's O365 E3 or Windows 10 Ent.

    If you're not in the O/M365 ecosystem already - then you likely wouldn't even consider this plan, you would likely look at another option... so yeah, it's not a fair comparison.

    Now, you could decide, since you are looking at this solution, that you might want to change your other solutions at the same time since MS has these bundled together... but you don't just line item this entire cost all on the ATP project, you split it out.