Try our new research platform with insights from 80,000+ expert users
COO at Floating-Dot Technology LTD
Real User
Top 20
Our reaction time is now faster when eliminating problems
Pros and Cons
  • "Everything from Microsoft is integrated. You receive regular reports on them all. You can push your reports, logs, and security alerts, which are all integrated. It is crucial that these solutions work natively together to deliver coordinated detection and response across our environment."
  • "We would like to get more information from the endpoint. I don't get enough detailed information right now on why something failed. There is not enough visibility."

What is our primary use case?

We help develop and mostly support applications for clients. It creates reports for clients. It works with Microsoft SQL Server and can tell clients if they need some governance standards for user security profiles. For example, if they are using Linux VM, then there are some security updates that come up. If they haven't been updated, they get a prompt telling them, "Look at this CSV security vulnerability. It should be updated as this part of your application."

We have our main office in Lagos with other offices in the UK and America. Due to COVID, we are mostly working remotely and having meetings online. There are 55 endpoints.

How has it helped my organization?

Due to COVID, most of my users are remote. Because of that, we need to manage their applications and let them log on from home. They also have their own personal devices that they are using. So, we have to give them access to those.

My staff uses personal devices that seem to always have issues with malware. So, it notifies me if there is an issue. I can check their usage and the audit logs, e.g., when people logged in last and if they are logged onto a tenant, to see where the issues are. We might tell them to change their login details or reset their two-factor authentication if there is an issue.

They don't have access to the desktop Microsoft Defender Antivirus suite. I need to manage it from the cloud, where I restrict access to the account. They can download a zip file to a folder, then do whatever they want, but I don't give them freedom anymore because the users are always having issues.

When our CEO travels, someone is always trying to hack into his account. We have banned Russian IP addresses, as this is where most of the threats are coming from.

What is most valuable?

There are security settings that report and advise you on your security settings. The governance reports give you guidance on security vulnerabilities and how to remedy them.

It tells you whether something is high, middle, or low risk, giving you a risk profile. It lets you know which one to handle first.

Everything from Microsoft is integrated. You receive regular reports on them all. You can push your reports, logs, and security alerts, which are all integrated. It is crucial that these solutions work natively together to deliver coordinated detection and response across our environment.

This Microsoft security solution has helped eliminate the need to look at multiple dashboards and given us a single XDR dashboard. This is one of the main features that we like about the solution. We have one dashboard. Anybody who is a part of the security team can look at it and say, "Okay, this is what I noticed." Then, we can have a short discussion on how to remediate or enhance services.

I would give the comprehensiveness of the threat-protection that these Microsoft security products provide a high score. 

Sometimes, Microsoft sends us information and recommendations about changing all our configurations due to something they noticed. So, their reports improve our uptime availability and provide a seamless service for our clients. 

What needs improvement?

The visibility is 85%. Sometimes, it takes too long to load your page because Microsoft is having issues. There are a certain amount of hours in a day to solve and rectify issues. If you deploy this solution for a client, you need to be able to respond or rectify issues. Because if the solution goes down, your clients won't be happy with you.

We would like to get more information from the endpoint. I don't get enough detailed information right now on why something failed. There is not enough visibility.

The cost could be improved when you need to pay for anything. For example, refreshing files takes time to load, though it may be my Internet. To improve the refresh time, Microsoft says that we need to pay for a Premium license, and I don't like paying for things that help make a solution better.

Buyer's Guide
Microsoft Defender for Cloud Apps
April 2025
Learn what your peers think about Microsoft Defender for Cloud Apps. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,576 professionals have used our research since 2012.

For how long have I used the solution?

I have been using it for three years.

What do I think about the stability of the solution?

The stability is about 95%. I have called and complained to Microsoft about the downtime.

It doesn't require any maintenance.

How are customer service and support?

Sometimes it will take time for Microsoft to respond to technical issues. However, once they start working on an issue, they will try to resolve it. I would rate the technical support as eight out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We didn't use another solution prior to this one. We have always used Microsoft.

How was the initial setup?

The initial deployment was straightforward. Afterward, there were issues due to licensing issues moving from Google to Microsoft. It was not free.

It took a couple of hours to make everything work to our specifications. I tried to automate as much as I could with scripts.

What about the implementation team?

I migrated my clients from Google to Microsoft.

What was our ROI?

Our reaction time is now faster when eliminating problems. We see the generated reports and logs much faster than before when we have to go to different places.

It reduces support calls for internal users. For example, it reduces the number of times that internal callers contact support for password issues.

Issues that frequently used to take support an hour are now only happening every blue moon. This is largely due to the predictive trend reports from the solution.

We have seen a 35% to 45% cost reduction with this solution.

What's my experience with pricing, setup cost, and licensing?

You can activate a free tier of use for a period of time.

When the SolarWinds vulnerability came up, that caused a lot of issues. Our clients got regular updates. It did a scan for them, so they didn't have to start worrying. That was the free tier. 

With the other tiers, you pay more for each feature it gives you, e.g., the security push or regulatory compliance, without you paying extra for that too, which has been advantageous.

We also use Microsoft Defender for Cloud. With other models, you need to pay for an agent, and there is a cost. I don't like spending money. So, we use the free ones a lot. We evaluate the solutions that we need to pay for on a case-by-case basis, then we can decide if we really need them at all.

Sentinel would probably be the cheapest of all SIEM and SOAR solutions. I am not paying for everything because it is hosted by Microsoft. I am not paying the infrastructure costs. The app of this solution is updated regularly. I don't have to worry about that. So, the cost is very cheap for me, except when I have to pay for specific agents. Then, I have to think about the cost.

There are costs associated with SQL Server and Linux as well as their agents.

What other advice do I have?

Microsoft makes sense because it integrates with many applications and provides. However, it depends on your infrastructure.

Endpoint Security is part of the Microsoft Defender suite. We use it to manage systems and force them to update. They can also revoke access to a tenant.

Microsoft Sentinel logs all our reports. This gives us better visibility. This enables us to ingest data from our entire ecosystem. It also allows us to provide security posture reports to our clients. Before starting a contract with a business, we create a report and give that to clients, showing how we handle and solve problems. The report shows our environment and uptime. 

Sentinel enables us to investigate threats and respond holistically from one place. From there, we can now troubleshoot where the issue is coming from. This is for our endpoint or when my external users are trying to access the service. This is very important to us because it makes life easier. We don't have to start running around checking this interface with another interface and a third or fourth interface. It is a single interface and we can get more raw data than what we configured Sentinel to ingest.

The comprehensiveness of Sentinel’s security protection is very high. We don't really use other providers. We use it to connect to AWS or Google Cloud Platform infrastructure to get information on how deployed loads are performing.

I would rate them as nine out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Principal at Trifecta Cloud Security Solutions
Real User
It helps us control which applications are used and gain more security insight into remote and hybrid users based on user identity and login location
Pros and Cons
  • "Defender helps us control which applications are being used and gain more security insight into remote and hybrid users based on user identity and log in location. You can also integrate Defender for Cloud Apps with Defender for Endpoint to extend its capabilities."
  • "Defender for Cloud Apps could come with more configured policies out of the box. Also, integration could be easier. Integration is moderately difficult because Microsoft hasn't developed a solution that unifies device onboarding and management. You have to use Intune to manage devices and Defender for Endpoint to enforce policies. They need to fix their integration, but I believe they will straighten it out by the end of the year."

What is our primary use case?

We use Defender for governance, discovery, and application awareness. It's also useful for detecting shadow IT and anomalous user behavior. 

How has it helped my organization?

Defender helps us control which applications are being used and gain more security insight into remote and hybrid users based on user identity and login location. You can also integrate Defender for Cloud Apps with Defender for Endpoint to extend its capabilities.  

Defender saves us time. I can't quantify that because I never track it, but it has helped me quickly discover issues and get a sense of the users' applications, locations, etc. Defender saves money because I've eliminated some tools and tasks that I previously completed manually. I can do some tasks in one hour that used to take me three. 

What is most valuable?

Defender integrates with MDE, and there's no agent, so everything happening on the endpoint is reported back to Defender. Defender for Cloud Apps is tightly integrated with Defender for Identity.

The solution provides excellent visibility into threats. I rate Defender for Cloud Apps an eight and a half out of ten for visibility. 

I use all of Microsoft's security products, and they work together natively to deliver coordinated detection and response. Each solution is outstanding by itself, and I can coordinate between them by pumping the alerts and incidents into my SIEM. 

Bidirectional sync is crucial because I'm a consultant, and I have yet to find a customer who uses only one cloud. 

We use Defender with Microsoft Sentinel, which ingests data from our entire ecosystem. This functionality is essential because I can investigate threats and respond from one place. I can respond directly from Sentinel about 50-60 percent of the time using its SOAR capabilities. 

Sentinel's built-in UEBA and threat intelligence are excellent and getting better every day. In terms of cost and ease of use, Sentinel is the best cloud SIEM and better than 90 percent of on-premise solutions. Even Google products can't compete. 

What needs improvement?

Defender for Cloud Apps could come with more configured policies out of the box. Also, integration could be easier. Integration is moderately difficult because Microsoft hasn't developed a solution that unifies device onboarding and management. You have to use Intune to manage devices and Defender for Endpoint to enforce policies. They need to fix their integration, but I believe they will straighten it out by the end of the year.

What do I think about the stability of the solution?

Defender has become more stable over the last year.

What do I think about the scalability of the solution?

I've never faced any limits on scalability. 

How are customer service and support?

I rate Defender's support a seven out of ten for responsiveness, but a ten out of ten for their knowledge of the product. Once you finally get someone, they're an expert. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We switched to an all-Microsoft shop because they're integrated.

How was the initial setup?

Deploying Defender is easy. You subscribe to it and enable it within your cloud tenant. I got it deployed in one day. Defender requires no maintenance because it's a SaaS product.

What was our ROI?

Defender is cheaper than the product we replaced.

What's my experience with pricing, setup cost, and licensing?

Defender is built into the E5 license, so it's simple. 

What other advice do I have?

I rate Microsoft Defender for Cloud Apps a nine out of ten. Give it a shot. It's easy to deploy and doing a PoC is easy, and you'll get good insights into where to direct your efforts as far as doing your mind produces.

I'm a firm believer in getting all of my security solutions from one vendor. A best-of-breed strategy introduces an entirely different security risk from integrating products that were not designed to work together. They don't produce cross-actionable intelligence insights with the products. You also need to have an expert in all of the vendors you use, and you will be in a difficult position when that person leaves until you can find a replacement.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Microsoft Defender for Cloud Apps
April 2025
Learn what your peers think about Microsoft Defender for Cloud Apps. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,576 professionals have used our research since 2012.
Anthony Alvarico - PeerSpot reviewer
Deliver Practice Director at DynTek
MSP
Top 10Leaderboard
Provides discovery, data exfiltration, and sensitive data exposure at low cost

What is our primary use case?

We use Microsoft Defender for Cloud Apps for discovery, data exfiltration, and sensitive data exposure.

How has it helped my organization?

Some organizations with E5 or E3 licenses enable Microsoft Defender for Cloud Apps for their users, often with default settings. These organizations typically use OneDrive and SharePoint. With Defender for Cloud Apps, especially when integrated with Defender for Endpoint, they want to monitor which SaaS applications their users are accessing. The primary goal is to discover and track the types of SaaS apps their users use.

What is most valuable?

Microsoft makes setting up discovery and visibility into cloud app usage easy. I also appreciate its full integration with other Defender and XDR products, such as Defender for Identity, Defender for Office 365, and Defender for Endpoint. You can ingest data from all these endpoints. I especially like the feature that allows you to discover which SaaS applications users access.

What needs improvement?

Microsoft has been high on implementing Copilot. If it is already integrated for using Copilot for security, that would be great.

For how long have I used the solution?

I have been using Microsoft Defender for Cloud Apps for three years.

What do I think about the stability of the solution?

It's pretty stable.

What do I think about the scalability of the solution?

 It has been reliable. I haven't seen it fail. There can be some confusing configuration issues sometimes, but it's quite dependable overall.

It is used by small, large, and government entities.

How are customer service and support?

Improved communication and follow-up would be helpful. Sometimes, we don’t hear back after creating a ticket for a day or two. Even when an engineer is assigned, responding can still take a while despite providing all the necessary logs and information upfront.

How would you rate customer service and support?

Neutral

How was the initial setup?

The deployment process is quick, taking two to three days. The implementation and customization require more time. We need to adjust the setup to fit the client's needs, which involves fine-tuning notifications and alerts to avoid overwhelming them.

First, you need the appropriate licensing. Once you have that, go to security.microsoft.com and integrate with Defender for Endpoints to receive information. While you can ingest logs from different firewalls, such as Palo Alto or Cisco, we usually implement them with Defender for Endpoints. Once a laptop or desktop is set up in Defender for Endpoints, integrating Cloud Apps with the endpoints allows us to collect the data easily.

I rate the initial setup a nine out of ten, where one is difficult and ten is easy.

What was our ROI?

Taking a proactive approach to keeping your environment secure and informed is key. Microsoft Defender for Cloud Apps helps you monitor what applications your users use and ensures they aren't using any sanctioned by your organization. This proactive control is a significant return on investment.

What's my experience with pricing, setup cost, and licensing?

It's relatively low-cost, especially since it's often bundled with Microsoft 365.

What other advice do I have?

It is also tied to data management. Since it's integrated, it can notify us of potential data exfiltration, like when large amounts of data are leaving the system or the Microsoft Cloud. This feature helps protect intellectual property and sensitive information subject to regulations and compliance standards, such as SOX or NIST. It plays a key role in ensuring data compliance and security.

It's fully integrated with other Microsoft security features. You can even connect it to Microsoft Sentinel, their SIEM product. The integration makes everything work better together, with less deployment effort and a single portal for managing your applications, eliminating the need to switch between different platforms.

Overall, I rate the solution a nine-point out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Sunil V Jainapur - PeerSpot reviewer
Associate Architect at Virtusa Global
MSP
Enables us to determine the root cause of critical incidents much faster
Pros and Cons
  • "Defender's integration with our identity solutions is critical in our current setup."
  • "Defender could integrate better with multi-cloud and hybrid environments. It requires some additional configuration to ingest data from non-Azure environments and integrate it with Sentinel."

What is our primary use case?

We primarily use Defender for Cloud Apps to authenticate users of our cloud applications. Defender validates the identity and allows the user to access the application. 

How has it helped my organization?

Defender helps us automate routine tasks. We can use templates to deploy various security solutions. It also consolidates our dashboards, so we can view everything from one console. 

Defender saves us time when responding to critical incidents. Typically, it takes about two or three days to find the root cause, but we can do this in four or five hours with Microsoft security solutions. Our detection time remains unchanged, but the response time is much faster. 

What is most valuable?

Defender's integration with our Identity solutions is critical in our current setup. It also integrates with Microsoft Sentinel to provide threat visibility. However, there's a delay of about 10 to 15 minutes from when Sentinel detects an incident, and it appears in Defender. We're trying to fix that. 

Defender allows us to prioritize threats across our enterprise, which is crucial. It's easy to integrate Defender with other Microsoft solutions. For example, we use Defender with Sentinel and set conditional access policies in Azure Active Directory. We're currently participating in Microsoft training to learn how to utilize these solutions better.

What needs improvement?

Defender could integrate better with multi-cloud and hybrid environments. It requires some additional configuration to ingest data from non-Azure environments and integrate it with Sentinel.

For how long have I used the solution?

We have used Defender for Cloud Apps for a year.

What do I think about the stability of the solution?

Defender is stable.

What do I think about the scalability of the solution?

Defender is scalable.

How are customer service and support?

I rate Microsoft support eight out of 10. 

How would you rate customer service and support?

Positive

How was the initial setup?

Defender is a cloud-based solution, but our deployment was complex because we have a massive environment. It took us about a month to fully deploy it, including testing and evaluation. I had a five-person team, including engineers, administrators, and management. There is no maintenance after deployment because it runs on Azure infrastructure.

What was our ROI?

We haven't saved money, but we save time because the integration with Microsoft products is seamless. 

What's my experience with pricing, setup cost, and licensing?

Defender is costly. Still, we get a lot of features, and it's easier to integrate with our other solutions, so it's worth what we pay for it.

What other advice do I have?

I rate Microsoft Defender for Cloud Apps nine out of 10. As a security architect, I would generally recommend a multi-vendor solution with a zero-trust model. However, if you are mostly using Microsoft products, it might make sense to use the Microsoft security suite because of the native integration.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer2176125 - PeerSpot reviewer
Manager Information Security at a venture capital & private equity firm with 11-50 employees
Real User
Top 20
Allows for policy implementation, provides excellent visibility, and integrates well
Pros and Cons
  • "The most valuable feature is its policy implementation."
  • "I would prefer to have filtering options incorporated within the policies, enabling the solution to perform tasks beyond mere blocking or allowing."

What is our primary use case?

We utilize Microsoft Defender for Cloud Apps in conjunction with Defender for Endpoint. This enables the Cloud App to effectively block unauthorized websites for users. Additionally, it allows us to prevent users from accessing malicious sites, and we can restrict user access based on their device compliance status.

How has it helped my organization?

Microsoft Defender for Cloud Apps offers visibility into the usage of enterprise applications and the connections established from both authorized and unauthorized locations and devices.

Microsoft Defender for Cloud Apps, in conjunction with Defender for Endpoint, helps prioritize threats throughout our enterprise by reviewing them, identifying devices with vulnerabilities, and providing us with criticality assessments and recommendations on resolving the issues.

We utilize the complete Microsoft Defender suite, which includes Defender for Endpoint as well as Defender 365. The integration is seamless; we only need to onboard Defender for Endpoint, and it functions exceptionally well.

The integrated solutions work natively together to provide coordinated detection and response across our environment. If Defender detects a malicious email, it will notify me of the detection, block the email, and apply the same actions to all the emails that match the same criteria.

I appreciate the comprehensiveness of the threat protection offered by Microsoft security products due to their functionality and ability to integrate, which other products may not offer.

Microsoft Defender for Cloud Apps has helped improve our visibility and response time.

It helps automate the discovery of high-value alerts. The solution can identify malicious threats and subsequently block the threats while disabling the compromised account automatically.

Microsoft Defender for Cloud Apps has helped us save time through the visibility it provides.

Microsoft Defender for Cloud Apps has significantly reduced our time to detect and respond by several hours through its integration with the rest of the Microsoft Defender suite, thereby reducing our troubleshooting time.

What is most valuable?

The most valuable feature is its policy implementation. Even public websites are directed to the Microsoft Net proxy, where we can establish policies to determine whether to block, authorize, or manage devices.

What needs improvement?

Currently, we are only able to utilize the policies for blocking threats. I would prefer to have filtering options incorporated within the policies, enabling the solution to perform tasks beyond mere blocking or allowing.

For how long have I used the solution?

I have been using Microsoft Defender for Cloud Apps for one year.

What do I think about the stability of the solution?

Microsoft Defender for Cloud Apps has been stable thus far.

What do I think about the scalability of the solution?

Microsoft Defender for Cloud Apps is scalable. We are not limited by Microsoft in terms of the number of users or devices.

How was the initial setup?

The initial setup is not straightforward due to the numerous meetings beforehand, and the Microsoft documentation can be overwhelming. However, once we familiarized ourselves with the interface, it started making more sense. 

The deployment process took over three months. Initially, we tested the solution to become familiar with it before deploying it to a small number of users. Once we were confident that everything was working correctly, we proceeded to deploy it to all users. Two system engineers were required for the deployment.

What about the implementation team?

The implementation was completed in-house.

What was our ROI?

We have seen a return on investment with Microsoft Defender for Cloud Apps.

What's my experience with pricing, setup cost, and licensing?

We utilize the Microsoft E5 licensing, which encompasses the entire Microsoft suite; however, it is costly. Furthermore, there are supplementary expenses associated with add-on modules.

What other advice do I have?

I rate Microsoft Defender for Cloud Apps an eight out of ten.

Microsoft Defender for Cloud Apps promptly generates an alert upon detecting a threat. However, I do not believe it has the capability to proactively defend against potential threats.

It is deployed in one environment with 50-plus users.

No maintenance is required from our end.

I recommend that anyone evaluating Microsoft Defender for Cloud Apps should read through all of the documentation first.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Waseem Alchaar - PeerSpot reviewer
Security architect at a energy/utilities company with 10,001+ employees
Real User
Top 10
Stable product with efficient privilege identity management features
Pros and Cons
  • "The product helps us with privileged identity management to control who has access to what and for how long."
  • "There could be more granular roles that are out of the box included in the product."

What is our primary use case?

We use the product mainly to manage the accounts for Single-Sign-On purposes.

How has it helped my organization?

Microsoft Entra ID has improved privilege access management for our organization. We can manage who has access to which account.

What is most valuable?

The product helps us with privileged identity management to control who has access to what and for how long.

What needs improvement?

There could be more granular roles that are out of the box included in the product. I guess it would help people who aren't as savvy. Right now, I have to create many custom models for different use cases. It would be great if roles were more geared towards specific use cases to cover multiple aspects. In a case where a role is for a security admin, it could grant roles that are needed and not too many unnecessary roles. For example, it gives the security admin some access to the compliance portal, but the executive may not need that access. So it could be more granular.

For how long have I used the solution?

We have been using Microsoft Entra ID for three to four years.

What do I think about the stability of the solution?

The product's stability is pretty good. We never really encountered outages. They are very rare.

What do I think about the scalability of the solution?

We have approximately 1000 Microsoft Entra ID users in our organization. The product has great scalability. That's why we moved to the cloud. We need more roles. It will help us a lot as it grows. Microsoft is already adding more roles within the PIM environment, but the more they add, the more users will go to the cloud.

How are customer service and support?

Microsoft's support services are good. They responded quickly whenever I had questions and sent emails or reached out for anything.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We have used Azure AD groups initially. Then, we continued grouping within the security groups and only had a designated cloud once we moved to PIM.

How was the initial setup?

The initial setup could have been done better in our organization. That was one of the reasons I was hired. I had to reset and architect the whole process. It was relatively straightforward.

The product is deployed on a hybrid cloud, including Azure, GCP, and AWS clouds. It is used across a few departments, mainly within their IT realm, marketing, and other departments. But for the most part, it's just those two groups currently using it.

What about the implementation team?

I implemented the product myself.

What's my experience with pricing, setup cost, and licensing?

The product's pricing seems fair.

What other advice do I have?

I rate Microsoft Entra ID an eight out of ten.

Set up your environment correctly first. Take your time to figure out how you want to use it, such as PIM and other use cases. Ensure you set it up properly and then create custom roles when needed. Don't overaccess people; that'd be the main advice. It keeps being upgraded by Microsoft. There are constantly new features getting added. If there's some feature you don't see now, it could be there later. We initially wanted a few features that were added later on. Thus, there's always room for growth.

The product provides a single pane of glass for managing user access for the most part. It helps manage the roles better in one area. It becomes easier to use that way. I don't know if we necessarily use verified IDs. But we typically use HRID just to enforce MFA and other processes.

Initially, the product saved a lot of time because we could create dynamic roles for people with the right access. However, as we move more to the cloud, creating more custom roles saves less time. It still has pros in terms of granular roles.

It easily saves two or three daily tasks per person or user we're onboarding. Let's say it's a good amount of time, especially with the dynamic groups. Each PIM role gets activated as well. I would say it saves 20 to 30 minutes per user account activation.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Support Engineer at Microsoft
Real User
Integrates with many applications and provides robust threat protection and tailor-made recommendations to improve your environment
Pros and Cons
  • "Threat detection is its key feature, and that's why we use this tool. It gives an alert if a PC is attacked or there is any kind of anomaly, such as there is a spike in sending emails or we see an unauthorized website being accessed. So, it keeps us on our toes. We get to know that there is something wrong, and we can isolate the user and find any issues with it. So, threat detection is very robust in this tool."
  • "The response time could be better. It will be helpful if the alerts are even more proactive and we can see more data. Currently, the data is a little bit weak. It is not complete. I can't just see it and completely know which user or which device it is. It takes some effort and time on my part to investigate and isolate a user. It would be great if it is more user-friendly or easy for people to understand."

What is our primary use case?

We use it in our company for threat detection. My company is into manufacturing, and our IT support is within premises. We don't do client services.

It is a SaaS solution. It is not supported on-premises. The deployment that we have is purely cloud-based.

How has it helped my organization?

Cloud App Security is an ever-evolving technology. It is based on artificial intelligence. It uses some data sets that capture all the tools within Office 365 package. It collects all the data majorly in the Office 365 space, and it understands the usage. Across the globe, there might be millions of Microsoft users, and it tries to capture all the data cumulatively and see any anomalies. That is how Microsoft gives you the data. They study different types of organizations in terms of how they behave, what kind of security loopholes can be found in them, and then they give you recommendations. You just implement these recommendations to secure the environment. So, what you get is a tailor-made solution where you can find all recommendations because it is based on artificial intelligence. They give you a tailor-made recommendation to improve your environment. They might recommend multifactor authentication, role-based access, etc. They provide you the classical representation on which users we can target and safeguard more.  All these things are very useful. That's how this tool is helping Microsoft customers, and this is how we have also been using it.

My company relies upon this technology. For us, it is very critical to know any attack beforehand and be prepared for it. In our environment, there are many endpoints, and many devices interact. We have an email system, a storage system, and other systems. The beauty of Cloud App Security is that it can learn data from different applications. For example, Adobe is an application that I'm integrating with Office 365. So, I can expand my horizon of search to that tool and see how that interacts with us. I will get more real-time data, and I will know more use cases about it.

What is most valuable?

Threat detection is its key feature, and that's why we use this tool. It gives an alert if a PC is attacked or there is any kind of anomaly, such as there is a spike in sending emails or we see an unauthorized website being accessed. So, it keeps us on our toes. We get to know that there is something wrong, and we can isolate the user and find any issues with it. So, threat detection is very robust in this tool.

We can integrate any SaaS-based application with it. It can scan your network and physical devices and the software that you're using. It tries to fetch cumulative data when there are any authentication-related attacks or any network-related attacks and gives us some kind of intimation. We get real-time graphical data, and then we need to do our work to solve the problems.

The product is great. The major benefit is that it is a Microsoft tool. So, if you're in a Microsoft ecosystem, this is the best tool that you can get in the market. In terms of experience, it is unlike any other tool. It is good enough to do all the jobs that other tools are doing. So, you don't need any other tool if you are using it in a Microsoft ecosystem. 

What needs improvement?

The response time could be better. It will be helpful if the alerts are even more proactive and we can see more data. Currently, the data is a little bit weak. It is not complete. I can't just see it and completely know which user or which device it is. It takes some effort and time on my part to investigate and isolate a user. It would be great if it is more user-friendly or easy for people to understand.

If it is an Office 365 product, I expect it to be in the admin center. That way I would know that this is a part of Office 365. It feels like there is a mismatch, or they are trying to separate the product or do something like that. They should have streamlined the product.

It is not always accurate. Sometimes, there could be some hiccups, and you see false positives, but security is not always reliable, and you cannot depend on one tool to give you all accurate results. It gives me a report that I can see, and if needed, I can act proactively on something. If it is a false positive, it is fine. If it is not, we know that we have done something about it.

For how long have I used the solution?

We implemented it probably in 2019.

What do I think about the stability of the solution?

It is a new thing for Microsoft, and it still has a lot of room to improve.

What do I think about the scalability of the solution?

It is completely scalable out-of-the-box. It is completely in interaction with Office 365 services. It can go up to as many users as you have. So, if you have 100,000 users, it is capable of supporting them. I have some 50,000 users, and I'm happy that it is capable of doing that. We have implemented it 100%, and we are happy with what we have got.

It is good for an enterprise company. It is not for a small-scale business. 

How are customer service and support?

We don't require support frequently. I would rate them a seven out of 10. If you have a critical situation, you cannot expect them to give you a call immediately. My experience has not been so great with their paid support in terms of time. Sometimes, they don't even call you back, but when you do get support from them, they are excellent. So, you can't rely on them, and their response time can be improved, but their documentation is good enough. We can read the documentation and help ourselves.

Which solution did I use previously and why did I switch?

Before this, my company had some tools, but I'm not sure about them. They probably heavily relied upon Splunk and other APM tools. They have had this tool from the time I have been here. Personally, I haven't worked on technologies outside of Microsoft.

How was the initial setup?

It is very easy if you know what you're doing. You just click on the Next button multiple times, and it is complete. It is well-documented in the sense that we know what we can expect from the tool. The documentation is great, and the support is also excellent. So, my experience was very smooth, and it was done in a day.

It does not work on every license. You have to be an Enterprise customer, and you have to have a specific license to have the full benefits of it. So, you require the correct license, and you also need a certain amount of time for it to propagate. It is not immediate. Based on what we were told by Microsoft a few years ago, it takes 24 to 48 hours. They might have improved upon that. It tries to capture the complete environment details, and then it gives you a cumulative experience.

We work around the clock. We have six admins at different time zones who work with this solution.

What's my experience with pricing, setup cost, and licensing?

Its pricing is on the higher side. Its price is definitely very high for a small-scale company.

As an enterprise client, we do get benefits from Microsoft. We get a discounted price because of the number of users we have in our company. We have a premier package, and with that, we do get a lot of discounts. There are no additional costs. It only comes in the top-tier packages. Generally, the top-tier license is the best license that you can get for your organization. If you want, you can buy it separately, but that's not a good idea.

This tool alone is not a great investment, but when you get it as a part of the package from Microsoft, it is good. Along with Microsoft Teams, Office, Exchange, SharePoint, and other solutions, this added feature of an extra layer of security makes a lot of sense. If you are only using this tool, and it is not in a Microsoft ecosystem, then it is not worth it.

What other advice do I have?

For Office 365 environments, there is a great add-on benefit that comes with the Microsoft licensing package. If you have a Microsoft ecosystem, you can get it, and there is no need for any other tool. If you're not in a Microsoft ecosystem, don't bother buying it. It is a good competitor to other products such as Splunk. 

It has not affected our end-user experience in any way. The reason being this is an admin-oriented program, and it does not involve any end user. It just collects data from end-users and gives it to us. After that, it is up to us to act upon it. It does not do anything on its own. It is a threat detection tool, and it doesn't do anything on its own. We have to act to resolve a problem. For example, it will only say, "There is a user who is doing this. Do you want to act upon it? Yes or no?" Based on that, as an admin, we can do certain tasks remotely. The end-user will not know about it. We will see if there is a real threat, and we'll act upon it.

I would rate it a 10 out of 10. It is improving, but it still needs more improvements.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1710705 - PeerSpot reviewer
Solutions Architect at a university with 51-200 employees
Reseller
Top 10
Offers comprehensive application monitoring and security alerts with beneficial response support
Pros and Cons
  • "Microsoft Defender for Cloud Apps is very comprehensive, providing a complete 360-degree view of applications within an organization."
  • "The documentation could be improved as it is not updated immediately when Microsoft makes changes. Users must wait a few weeks for the changes to be reflected in the documentation."

What is our primary use case?

I work with Microsoft Defender for Cloud Apps by monitoring issues users have with applications, creating policies, reviewing incidents notified by Microsoft Defender, and taking measures to mitigate these issues.

What is most valuable?

Microsoft Defender for Cloud Apps is very comprehensive, providing a complete 360-degree view of applications within an organization. The tool offers a scoring system that helps track progress in securing the network and endpoints, and it alerts users to security issues in applications.

What needs improvement?

The documentation could be improved as it is not updated immediately when Microsoft makes changes. Users must wait a few weeks for the changes to be reflected in the documentation.

For how long have I used the solution?

I have been using Microsoft Defender for Cloud Apps for maybe three years.

What was my experience with deployment of the solution?

Deploying Microsoft Defender for Cloud Apps was easy for me, as long as there is an organized approach and a good technology partner to assist during deployment.

What do I think about the stability of the solution?

Microsoft Defender for Cloud Apps works very well and I have not experienced issues with stability.

What do I think about the scalability of the solution?

Microsoft Defender for Cloud Apps is very scalable, provided you have the right subscription. Without the appropriate license, scalability is limited.

How are customer service and support?

The support is excellent, and the speed of response is commendable.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I used Sophos before, and although it's a good tool, I prefer Microsoft Defender for its comprehensive integration with endpoints and firewalls.

How was the initial setup?

The initial setup of Microsoft Defender for Cloud Apps was easy, especially with support from a technology partner.

What about the implementation team?

We had assistance from a Microsoft partner and other companies during the implementation.

What's my experience with pricing, setup cost, and licensing?

The pricing for Microsoft Defender for Cloud Apps is acceptable. If a product is of high quality, it justifies the expense.

Which other solutions did I evaluate?

I evaluated Sophos as an alternative solution.

What other advice do I have?

No further improvements are needed for now because the suite is very complete. I give Microsoft Defender for Cloud Apps an overall rating of eight out of ten.

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Microsoft Defender for Cloud Apps Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2025
Buyer's Guide
Download our free Microsoft Defender for Cloud Apps Report and get advice and tips from experienced pros sharing their opinions.