Try our new research platform with insights from 80,000+ expert users

Azure Firewall vs Microsoft Defender for Cloud Apps comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Azure Firewall
Ranking in Microsoft Security Suite
10th
Average Rating
7.4
Reviews Sentiment
7.1
Number of Reviews
40
Ranking in other categories
Firewalls (14th)
Microsoft Defender for Clou...
Ranking in Microsoft Security Suite
13th
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
37
Ranking in other categories
Cloud Access Security Brokers (CASB) (5th), Advanced Threat Protection (ATP) (12th)
 

Mindshare comparison

As of April 2025, in the Microsoft Security Suite category, the mindshare of Azure Firewall is 4.4%, down from 5.0% compared to the previous year. The mindshare of Microsoft Defender for Cloud Apps is 2.8%, up from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Microsoft Security Suite
 

Featured Reviews

AnvarSadique - PeerSpot reviewer
Easy setup and effective traffic routing enhance security
In terms of improvements, I think the price could be a concern as Azure ( /products/microsoft-azure-reviews ) services are often more expensive compared to other firewalls. However, the functional aspects of Azure Firewall met our needs. While I found the interface not particularly user-friendly, this is a common issue across vendors.
Jagadeesh Gunasekaran - PeerSpot reviewer
Saves us time, has good visibility, and a single dashboard
The solution is user-friendly and provides great visibility into threats. There are easy options available for specific workflow inspections. We can also get support by going through the Microsoft documentation, which is straightforward. Microsoft Defender for Cloud Apps helps us prioritize threats across our enterprise. It covers us from a compliance perspective and protects our organization's data. Data protection is a very important aspect of any new organization, as we need to protect our data from both external attacks and insider threats. Microsoft Defender for Cloud Apps helps us monitor for abnormal activity by insiders, which is one of the most important access points for attackers today. Additionally, the different cloud apps that Defender for Cloud Apps supports provide us with much more visibility into potential threats and activities on the internet. We have integrated Microsoft Defender for Cloud Apps alerts with Sentinel. The integration is straightforward. We can find the configuration details on Microsoft's official documentation website. If we are familiar with how Microsoft products work, we will be able to follow the instructions clearly. Microsoft Defender for Cloud Apps and Sentinel work natively together to deliver coordinated detection and response across our environment. Our integrated Microsoft solutions provide comprehensive threat protection, covering most of the tactics and techniques relevant to the MITRE ATT&CK framework. Sentinel allows us to ingest data from our entire ecosystem. When implementing an SIEM solution, there are always prerequisites such as Active Directory logs, security logs, firewall logs, and DNS logs. These are important logs that need to be ingested into the environment. Sentinel has many third-party connectors available that make integrations straightforward. Microsoft provides the configuration details in the Sentinel platform. It is important to integrate all relevant log sources into the SIEM solution so that we can detect and be alerted to any type of threat factor, whether it is from an internal or external source. Integrating third-party solutions into the platform requires a separate configuration, but Microsoft provides the necessary information. However, we need to have the appropriate permissions to execute these setups. Sentinel provides a centralized dashboard that covers threat management and configuration. It gives us complete insight into what entities are accessing, as well as full details for investigation. We can see how the alerts and threats are relevant to suspicious activities, whether they are related to malicious IP addresses, suspicious ASHAs, or any other indicators of compromise. All of this relevant data can be seen in a single pane. Recently, Microsoft introduced a new investigation experience in a single pane. This means that we can now get a lot of details in a single pane, without having to go there and execute a query. There are a lot of new insights being developed in the Sentinel platform these days. It has software intelligence. They recently introduced Microsoft Defender Threat Intelligence, which covers almost all IOCs. This protects organizational assets from threats and suspicious traffic associated with IOCs. If a match is found, alerts are generated. This is a very interesting feature. Another great feature is automation and logic apps. We can create a number of operations, such as posting in a team's channel if a severe incident occurs or sending an email notification. There are many operations available, so we can automate a lot of tasks. Microsoft Defender for Cloud Apps helps us stay compliant. It has predefined mechanisms in place to prevent attacks. For example, if an external user tries to access our SharePoint folders or files, an attack will be blocked. This is why it is important to give appropriate access to guest users. Microsoft Defender for Cloud Apps has many features and benefits. It provides a number of policies that can be configured to meet the specific needs of our security team. These policies can be used to customize cloud applications so that only authorized users can access them and perform operations that benefit the organization. In terms of safety and security, Microsoft Defender for Cloud Apps is top-notch. Using the solution's automation features, we can suppress false positive alerts. We can also close alerts, lower their severity from "high" to "low" or "informational," or close them immediately with the appropriate commands. This will depend on the configuration automation rule and the perspective from which we are testing. Microsoft Defender for Cloud Apps provides a single console. We are also provided with Microsoft templates to enable workbooks instantly. Alternatively, we can build our own customized workbooks to provide better insights and improve our SOC efficiency and overall performance. Consolidating all of our security data into one dashboard has saved our security operations team a significant amount of time. From an analyst's perspective, it is now much easier to correlate events, investigate alerts, and visualize specific entities. For example, an analyst can quickly see all of the alerts associated with a particular IP address, or they can view all of the activity for a specific entity over the past 24 hours or 7 days. This level of detail and insight would not be possible if our data were siloed in multiple dashboards. The single dashboard saves our operations approximately 20 hours per week by eliminating the need to access multiple consoles and tabs. Microsoft Defender for Cloud Apps threat intelligence can help us prepare for potential threats before they happen. However, it depends on how we develop the policies for the database to block or ignore things in our environment.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I find the solution to be very stable, and would rate it a ten out of ten in terms of stability."
"The solution is stable."
"The SIEM that Azure Firewall provides us is very robust."
"With Azure products, customer support is really good."
"It provided ease of maintenance. If a new firewall was needed, we only had to run the pipelines for this. So, the maintenance was very easy."
"It is easy for me to protect certain ports or even the IP addresses, as well as do whitelisting, blacklisting, and the FQDN when we want virtual machines connected and to protect certain websites."
"There is not a single feature or single product that can ensure security."
"One of the best features is that it natively integrates with Azure Services and tools. When you have a third-party offering, that is not the case. But Azure Firewall provides a comprehensive and seamless security solution for your Azure resources."
"Defender for Cloud Apps has given us good visibility regarding what we've allowed in our environment until now. It helps us to know our inventory, understand what our customers are using, and steer them toward safer practices."
"It does a great job of monitoring and maintaining a security baseline. For us, that is a key element. The notifications are pretty good."
"Better logging allows us to find problems and take appropriate steps to lock them out."
"One of the most valuable features is auditing. Some of the other protection services have issues with auditing. Microsoft Defender for Cloud has an excellent auditing technique that helps us avoid the risk of filtering or information loss. You can use different tools to guarantee these things. It allows you to conduct an in-depth exploration of applications, users, and files that are harmful or suspicious. You can also enhance your security setup by creating personalized rules or policies that help you better control traffic in the cloud."
"It is very easy to use, which is what we look for in these types of solutions."
"We have become more aware of what services our users are using, how often they are using them, and what data is being sent out of the organization and to which services. So, it is really a lot about visibility and helping us make decisions based on that. It drives some of our policy decisions for adding extra security controls."
"I like the alert policies because they are quite robust. It has some built-in templates that we can easily pick up. One of them is the alert for mass downloads, when a particular user is running a massive download on your SharePoint site."
"The most valuable feature of Microsoft Defender for Cloud Apps is to stop shadow IT."
 

Cons

"We find it's different implementing it region-to-region. It might help if it was universal across all regions."
"Maybe one of the things in the tool where improvements are needed as there are some shortcomings consist of Azure Firewall Manager."
"The product could be made more customizable."
"I would like the premium and standard features to be available on the basic package. Additionally, it lacks some functionalities when compared to competitors like Check Point and Fortinet, such as WAF or load balancing."
"You have to have a defined IP range within your network to associate it with your network. The problem is you have to plan ahead of time if you expect to use the firewall in the future so that you don't have to reconfigure your subnets or that specific IP range. Other than that, I don't any issues. I use it for basic configuration for a single application, so I really don't try to leverage it for multiple applications where I might find some complexity or challenges."
"An Azure firewall is not a real firewall."
"The product pricing could be more competitive."
"Azure should be able to work better as a balancer also, instead of just being a firewall. It should have a wider mandate."
"It takes some time to scan and apply the policies when there is some sensitive information. After it applies the policies, it works, but there is a delay. This is something for which we are working with Microsoft."
"Currently, reporting is not very straightforward and it needs to be enhanced. Specific reports are not included and you need to run a query, drill down, and then export it and share it. I would love to have reports with more fine-tuning or granularity, and more predefined reports."
"We are having trouble with our continuous reporting configuration and struggling with configuring the collector properly with our log parsing. We've also faced difficulties getting support for this issue. It's taken us months to figure this out after going through a couple of different support channels."
"The integration with macOS operating systems needs to be better."
"Defender could integrate better with multi-cloud and hybrid environments. It requires some additional configuration to ingest data from non-Azure environments and integrate it with Sentinel."
"The technical support team has room for improvement."
"We would like to get more information from the endpoint. I don't get enough detailed information right now on why something failed. There is not enough visibility."
"The documentation could be improved as it is not updated immediately when Microsoft makes changes. Users must wait a few weeks for the changes to be reflected in the documentation."
 

Pricing and Cost Advice

"The licensing module is good."
"The total cost of ownership is much less than Palo Alto, Cisco, or any other brand."
"The solution is cheaper than other brands. My company has an enterprise contract and we finally got a good price with Azure."
"Azure Firewalls operate on a pay-as-you-go model, similar to cloud services."
"It is expensive, especially with the premium functions. For one of the clients, it was very expensive. You have to use it more at an enterprise level, and there, it was not at an enterprise level. So, it was very costly, but security-wise, it was a very wise decision to use it that way."
"Azure Firewall is quite an expensive product."
"Azure Firewall is more expensive. If Microsoft can make Azure Firewall cheaper, I can see that all clients will think of using it. One client used FortiGate because it is much cheaper. Some clients ask me for Cisco, but in the cloud estimate, I found its cost is the same as Azure Firewall."
"Azure Firewall comes with Azure native services. We did not buy any kind of license for it. Whether you have a free subscription or a pay-as-you-go model, you can deploy the Azure Firewall service... The amount that you use will determine how much you pay."
"Its pricing is on the higher side. Its price is definitely very high for a small-scale company. As an enterprise client, we do get benefits from Microsoft. We get a discounted price because of the number of users we have in our company. We have a premier package, and with that, we do get a lot of discounts. There are no additional costs. It only comes in the top-tier packages. Generally, the top-tier license is the best license that you can get for your organization. If you want, you can buy it separately, but that's not a good idea."
"Microsoft offers bundle discounts and a pay-as-you-go option."
"The product's pricing seems fair."
"The E5 license offers everything bundled. People are moving to Microsoft because you buy one license and it gives you everything."
"This product is not expensive."
"I'm not totally involved in the pricing part, but I think its pricing is quite aggressive, and its price is quite similar to Netskope. Netskope has separate licensing fees or additional charges if you want to monitor certain SaaS services, whereas, with MCAS, you get 5,000 applications with their Office 365. It is all bundled, and there's no cost for using that. You only have the operational costs. In the country I am in, it is a bit difficult to get people with the required skill sets."
"We have an educational licensing agreement. It's a customer agreement for multiple years."
"It has fair pricing. You pay for what you get. As far as I know, there are no costs in addition to the standard licensing fee."
report
Use our free recommendation engine to learn which Microsoft Security Suite solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
10%
Government
10%
Manufacturing Company
7%
Computer Software Company
16%
Financial Services Firm
12%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is a better choice, Azure Firewall or Palo Alto Networks NG Firewalls?
Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure Firewall is easy to use and provides excellent support. Valuable features include int...
How does Azure Firewall compare with Palo Alto Networks VM Series?
Both products are very stable and easily scalable. The setup of Azure Firewall is easy and very user-friendly and the overall cost is reasonable. Azure Firewall offers a solid threat awareness, can...
Which would you recommend - FortiGate VM or Azure Firewall?
Both of these solutions are excellent options that provide flexible scalability and solid security. Fortinet Fortigate VM integrates well and has excellent centralized reporting. It is very easy to...
Which is the better security solution - Cisco Umbrella or Microsoft Cloud App Security?
Cisco Umbrella is an integral component of the Cisco SASE architecture. It integrates security in a single, cloud-native solution, unifying multiple features like DNS-layer security, threat intelli...
What do you like most about Microsoft Cloud App Security?
It does a great job of monitoring and maintaining a security baseline. For us, that is a key element. The notifications are pretty good.
What is your experience regarding pricing and costs for Microsoft Cloud App Security?
The pricing for Microsoft Defender for Cloud Apps is acceptable. If a product is of high quality, it justifies the expense.
 

Also Known As

No data available
MS Cloud App Security, Microsoft Cloud App Security
 

Overview

 

Sample Customers

Information Not Available
Customers for Microsoft Defender for Cloud Apps include Accenture, St. Luke’s University Health Network, Ansell, and Nakilat.
Find out what your peers are saying about Azure Firewall vs. Microsoft Defender for Cloud Apps and other solutions. Updated: March 2025.
849,190 professionals have used our research since 2012.