Microsoft Defender for Cloud vs Microsoft Entra Permissions Management comparison

"The tool's most valuable feature is its support for cloud-native services like Kubernetes, containers, managed storage, and databases. Protecting these without Microsoft Defender for Cloud would be extremely challenging. For threat protection specifically, I find the signature-based detection and heuristic detection features very effective."

"Microsoft Defender for Cloud has made our environment more secure."

"The technical support is very good."

"The most valuable features offer the latest threat detection and response capabilities."

"The solution is very easy to deploy."

"It has seamless integration with any of the services I mentioned, on Azure, such as IaaS platforms, virtual machines, applications, or databases, because it's an in-house product from Microsoft within the Azure ecosystem."

"Microsoft Defender for Cloud has improved our security poster by at least 100 percent."

"The dashboard is very good. It gives our clients a lot of information and allows them to have a complete overview of the system. Everything is visible in one glance."

"The solution integrates well with our infrastructure and other systems without any issues."

"Multifactor authentication is valuable."

"For Kubernetes, I was using Azure Kubernetes Service (AKS). To see that whatever is getting deployed into AKS goes through the correct checks and balances in terms of affinities and other similar aspects and follows all the policies, we had to use a product called Stackrox. At a granular level, the built-in policies were good for Kubernetes, but to protect our containers from a coding point of view, we had to use a few other products. For example, from a programming point of view, we were using Checkmarx for static code analysis. For CIS compliance, there are no CIS benchmarks for AKS. So, we had to use other plugins to see that the CIS benchmarks are compliant. There are CIS benchmarks for Kubernetes on AWS and GCP, but there are no CIS benchmarks for AKS. So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product. We ended up with two different dashboards. We had Azure Security Center, and we had Stackrox that had its own dashboard. The operations team and the security team had to look at two dashboards, and they couldn't get an integrated piece. That's a drawback of Azure Security Center. Azure Security Center should provide APIs so that we can integrate its dashboard within other enterprise dashboards, such as the PowerBI dashboard. We couldn't get through these aspects, and we ended up giving Reader security permission to too many people, which was okay to some extent, but when we had to administer the users for the Stackrox portal and Azure Security Center, it became painful."

"For improvements, I'd like to see more use cases integrated with Microsoft Sentinel and support for multi-cloud environments beyond just Azure."

"The pricing could be better."

"The pricing could be improved, as it is somewhat high for smaller companies."

"The solution could extend its capabilities to other cloud providers. Right now, if you want to monitor a virtual machine on another cloud, you can do that. However, this cannot be done with other cloud platform services. I hope once that is available then Defender for Cloud will be a unified solution for all cloud platform services."

"An area where Microsoft Defender for Cloud could be improved is in getting away from having multiple menus that do the same thing, which seems imposing when looking at it."

"The range of workloads is broad, but we'd love to add more workloads and make it a single security solution that covers all those workloads."

"Defender could improve how data is represented. It can be unstructured or slow to load."

"The solution's pricing and support services need improvement."

"We use a third-party API called Nebula API to integrate the account for authorization. The time-bound access area in Entra can be a problem. It can be improved in terms of the granularity of the permissions."

"They have a free version, but the license for this one isn't too high. It's free to start with, and you're charged for using it beyond 30 days. Some other pieces of Defender are charged based on usage, so you will be charged more for a high volume of transactions. I believe Defender for Cloud is a daily charge based on Azure's App Service Pricing."

"Defender's basic version is free, which is good. Many of our teams are evaluating the paid version against third-party products."

"The price of the solution is good for the features we receive and there is an additional cost for Microsoft premier support. However, some of my potential customers have found it to be expensive and have gone on to choose another solution."

"The cost of the license is based on the subscriptions that you have."

"The pricing and licensing of Microsoft Defender for Cloud have been good for us. We appreciate the licensing approach based on employee count rather than a big enterprise license."

"Azure Defender is a bit pricey. The price could be lower."

"It has global licensing. It comes with multiple licenses since there are around 50,000 people (in our organization) who look at it."

"There are two different plans. We're using the secure basic plan, but we have used the end security plan as well. There are additional costs, but it gives us more functionalities compared to the basic plan."

"We are a Fortune 500 company, so we always negotiate with Microsoft."

"The product cost is in the mid to high range."