If MDE is a “leader”, the metric must not have any sort of “actually gets the job done” measurement.

Defender seems to do a lot of alerting well after the attack was already successful. And the interface for analysts seems designed to hide information and make investigations far harder than they should be.

I’ll give them that Advanced Hunting is actually good. But, that gets gimped a bit by the UI being less about presenting data and more about a consistent look and feel. Said “look and feel” being, “look at all this screen real estate we’re wasting. Doesn’t this make you feel rage at the designer?”

And then settings and configuration is a nightmare of “which MS portal is this hiding in?” Between Azure, Intune and whatever the fuck “XDR” is supposed to cover, you’re lucky if you can find your ass with both hands.

So ya, not sure if Gartner is measuring anything other than, “gave us a bunch of money”. 'Cause, holy shit, I would choose Defender for any Endpoint.