I am not sure if the product has improved our organization yet. However, it certainly gives another level of confidence that the assets are secure. We are aware of the activity in the tenant.
Architect at a tech services company with 11-50 employees
Provides good stability and a valuable SQL database
Pros and Cons
- "The product’s most valuable feature is SQL database."
- "Microsoft Defender for Cloud Apps’s technical support services needs improvement."
How has it helped my organization?
What is most valuable?
The product’s most valuable feature is SQL database. It notifies us even in case of false positives when people log in after a long time and when we're out of compliance with the security baseline.
What needs improvement?
Microsoft Defender for Cloud Apps’s technical support services needs improvement.
For how long have I used the solution?
We have been using Microsoft Defender for Cloud Apps for three years.
Buyer's Guide
Microsoft Defender for Cloud Apps
December 2024
Learn what your peers think about Microsoft Defender for Cloud Apps. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
What do I think about the stability of the solution?
The product has good stability.
What do I think about the scalability of the solution?
The product has good scalability.
How are customer service and support?
The technical support services need improvement. They take a while to get responses. Their first-level engineers are generally not skilled. It takes time to get an engineer who can help us. Usually, whenever we come up with a problem, it is something that we can’t figure out on our own. We have to go through the process of submitting a ticket, waiting for a callback, and then finally getting help.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have used other products while working at other places. They all are more expensive than Microsoft Defender for Cloud Apps.
How was the initial setup?
The initial setup process was simple. We had to merge the landing zone and part of a template. Later, we started the portal and selected resources we wanted to protect along with the level of protection. The implementation strategy is to just start using it.
What about the implementation team?
We did the product implementation ourselves.
What was our ROI?
I haven't tracked an ROI for the product. It was set by default while setting up Azure Tenant. It has been successful in monitoring activities and keeping the network safe. It is less expensive than buying a separate license. It provides ease and convenience of use. We just turn the product on by default.
What's my experience with pricing, setup cost, and licensing?
The product has helped save a medium amount of money. It has pretty good pricing.
What other advice do I have?
I don’t know if the product provides a single pane for managing immune access. We connect it with the Active Directory and other similar tools. It helps save a low amount of time.
I advise others to try using Microsoft Defender for Cloud Apps. I rate it an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Modern Workplace Solution Architect at a tech consulting company with 11-50 employees
Built-in alerts help create robust policies, but delays in triggering alert emails is an issue
Pros and Cons
- "I like the alert policies because they are quite robust. It has some built-in templates that we can easily pick up. One of them is the alert for mass downloads, when a particular user is running a massive download on your SharePoint site."
- "It doesn't actually decrease the time to respond. This has been an issue with Microsoft recently. Sometimes, there is a delay when it comes to getting an alert policy email... Sometimes it takes two or three hours for that email to be sent."
What is our primary use case?
We use it for security and compliance. We use it for alert policies on activities happening on some of our on-premises and cloud applications. We also use it to restrict some users from downloading files from OneDrive or from some of the applications that we have. In addition, we integrate it with the Azure Active Directory Conditional Access policy.
How has it helped my organization?
It gives our clients a sense of confidence that in case there are activities on some of their applications, they will get an alert and the issue will be mitigated, based on the action that has been set. It gives them a sense of comfort that the product helps them secure some of their applications. It depends on the admin who is managing the product. If the admin is not knowledgeable, it might be an issue. But if the admin is knowledgeable, the organization can rest assured that it is covered when it comes to malicious activities on some of its applications.
What is most valuable?
I like the alert policies because they are quite robust. It has some built-in templates that we can easily pick up. One of them is the alert for mass downloads when a particular user is running a massive download on your SharePoint site. If a user is downloading multiple files in an unusual manner you get an alert.
Another built-in alert is what we call an "impossible traveler alert." If a user logs on from a US IP address at 10:00 AM and, less than 30 minutes later, the same user shows as being logged on from an IP address in the United Kingdom, there is no way you can travel from the US to the UK in 30 minutes. That alert will be triggered.
You can also input an action to be triggered for an alert. You block the user or just alert the admin or manager of that user.
It also comes with in-depth visibility, whereby it creates a pattern. If a user has been flagged multiple times, you can see that pattern. It shows you the IP addresses from which that user has been signing in recently. And it provides you with the kind of suspicious pattern that this particular user has been using over time. So it has very robust visibility.
It also gives you a graphic interface, which is something that I enjoy. If an alert is a very high risk, you see it in red, while if it's medium, you see it in yellow. A low risk doesn't come with any color. It gives me an appreciable pattern of user activities. It covers one month in case you want to deep dive to see the login pattern for your user.
Also, we currently use Defender for Identity, Defender for Endpoint, and Defender for Microsoft 365. All of them have been integrated into our plans. It was quite easy to integrate them. It's just the click of a button to activate it and then a matter of configuring your alert policies. Defender for Cloud Apps works together with Defender for Endpoint as well as with Azure Active Directory. With the latter, you can use the Conditional Access policy to integrate them so that they work together seamlessly.
The fact that these solutions work natively together gives us the advantage of having multiple security solutions doing different things. It's very important for them to work seamlessly together.
What needs improvement?
One challenge is integrating the cloud apps with third-party and on-premises systems. We have had some scenarios where some third-party systems were not compatible with them. Apart from that, it's quite easy to integrate.
Microsoft has also been able to bring all the security features to a particular portal, so you don't have to look around. But I've heard about some negative effects as a result, as the portal is now cumbersome. You have a whole lot of products there and it makes the whole portal jumbled. It's not bad for me because I just have to go to that particular portal and check whatever I have to check.
It doesn't actually decrease the time to respond. This has been an issue with Microsoft recently. Sometimes, there is a delay when it comes to getting an alert policy email. I can't stay on the portal all day looking through alerts that have been triggered. So we create a flow whereby, if an alert is triggered, an email should be sent. Sometimes it takes two or three hours for that email to be sent. The response time, sometimes, can be very slow.
For how long have I used the solution?
I have been using Microsoft Defender for Cloud Apps for three to four years.
What do I think about the stability of the solution?
Performance-wise, the stability is good, but I wouldn't say very good because of the email alert delay issue I mentioned. But when you configure action and particular parameters, the option is carried out, more or less like an automaton.
What do I think about the scalability of the solution?
It's scalable. Once you have acquired the license, you can easily deploy it and add more users to the policies you have configured.
We run a hybrid environment. We have four sites on the domain controller. It is deployed both for users on the cloud and on-premises in different locations. We have some located in the US and some in Europe. So we have the product across multiple locations.
Some of the policies we have configured cover 500 users and one of them covers over 500 users.
I've seen an improvement, over time, in the comprehensiveness of the protection our Microsoft products provide. They are improving on the products year over year. I remember quite well when Defender for Cloud Apps started, there were limited third-party applications that you could integrate with it. But now, there are multiple options for third-party applications that you can integrate with. There are also features that have been added to it. Microsoft is working to improve on it.
Which solution did I use previously and why did I switch?
We did not have a previous solution.
What was our ROI?
Since it is embedded with some of the Microsoft 365 licenses, it is like an add-on, and you can create robust configurations with it. You're getting an additional value for the license you have. To me, that is a return on investment.
What's my experience with pricing, setup cost, and licensing?
The pricing is fair. One good thing about Defender for Cloud Apps is that it comes with some of the Microsoft licenses: Microsoft 365 E3 and E5. It also comes with EMS, the Enterprise Mobility & Security.
What other advice do I have?
My advice would be to do an assessment of whether you actually need this particular product. Some people confuse Defender for Cloud Apps with Defender for Microsoft 365, but they are two different products. You also need to confirm if it supports the applications you want to protect because there are some applications that have yet to be integrated with it. Apart from that, it's a good product for any security admin to use.
When it comes to helping prioritize threats, it depends on the angle you're looking at the results from. It can help 50 percent. When you look at the pattern of alerts over time, it can help you prioritize. But if you're looking at it in general, it is not going to give you that visibility into prioritizing.
Defender for Cloud Apps has a little bit of automation for routine tasks, but it doesn't really give an admin automated processes. And when it comes to taking proactive steps, it's more Defender for Endpoint that helps there. Defender for Cloud Apps doesn't help you to prevent an impending attack.
If you are looking to protect your environment, you need to spend more money. I wouldn't say that this solution helps to save money. But by protecting your financial documents from fraud or from an angry worker that is about to leave, it helps in saving money, but not in terms of cutting costs.
The maintenance is not significant because you don't need to update anything. All you have to do is go to your portal and check for and investigate any alerts. Maintenance is handled by Microsoft.
And in the "best of breed versus a single vendor" debate, you should just have a single vendor. In this case you know, "Okay, it's Microsoft," and it's best to just stick with what you know. It depends on what works for you though. For somebody who is comfortable using third-party products with Microsoft, maybe that will work for them. But for me, what is comfortable is using Microsoft products.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Microsoft Defender for Cloud Apps
December 2024
Learn what your peers think about Microsoft Defender for Cloud Apps. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
IT Planning Manager at a construction company with 5,001-10,000 employees
Robust, straightforward integration with strong capabilities and a vast number of features
Pros and Cons
- "The most valuable feature of this solution is its monitoring."
- "Sometimes the support is actually lacking."
What is our primary use case?
They were testing Microsoft Defender and performing some checks with Microsoft Defender. On the Microsoft side of the same security cloud app, I believe.
We have a complete portfolio of election solutions. These election solutions, in general, require a high level of security. There are preparations to have within them, such as cloud apps or websites, or even an off-premise or on-premise type of solution. As a result, we must have both types of services and products in order to secure them. For example, we used the Microsoft denial-of-service attack. It's a software subscription service from Asia that you get for a set period of time.
If you are running a live elections operation, you should seriously consider using such a service from them because it is extremely reliable. It essentially protects your entire environment. So you wouldn't be too concerned about someone hacking into your environment or anything because you need to have results that you should be publishing. That is when having a security system becomes extremely important for you. That's on the app side of things, then, on the web, we publish these results. You must also have a system that will never fail due to an attack. That's also one of the things we usually think about when we have an election operation going on.
What is most valuable?
The most valuable feature of this solution is its monitoring. The monitoring of the application.
Integration is simple, and you can monitor your applications at the enterprise level. As a result, you can have a holistic view of all applications and their statuses.
It's very robust and it's very good.
The capabilities are very good. It has a lot of features in it, which is why many people recommend it.
What needs improvement?
It's not the cheapest. I believe it can be more reasonably priced.
Sometimes the support is actually lacking. But we are talking about Microsoft.
For how long have I used the solution?
I have been doing the testing for the past six or eight months.
Because it is a cloud-based solution, I believe that versioning is not a critical factor to consider.
What do I think about the stability of the solution?
Microsoft Defender for Cloud Apps is a stable product.
What do I think about the scalability of the solution?
Microsoft Defender for Cloud Apps is scalable.
How are customer service and support?
Sometimes you don't get to the appropriate support channel from the start. When you open a ticket, you don't always get what you're looking for right away. We tend to get stuck in loops or go from one support guy to the next until we escalate. That happens quite frequently. I believe that this is one of the areas that should be looked into.
Which solution did I use previously and why did I switch?
We have an in-house ABAP development team that works on ABT software. I have heard the technical team conducting this evaluation, but I'm not sure which SAP application they're testing.
What's my experience with pricing, setup cost, and licensing?
The price could be better and should be reconsidered.
Which other solutions did I evaluate?
We're evaluating Microsoft. We're also looking into SAPs, and other options are being considered at the moment.
What other advice do I have?
From what I've seen, it's a good product. We occasionally encounter some, inefficiencies in its performance. But not all of the time, because our country has a lot of internet problems. As a result, the synchronization side tends to disconnect from time to time. So whenever we get disconnected, it causes some problems. You have to have a good connection after all because it is a cloud service, you must have a good internet connection in order to connect to it. We believe it is one of the best on the market. I believe it is a good option for anyone to use. But, once again, there are other players in the mix, which is why we are always doing some benchmarking and continuing with trials for other solutions.
I would rate Microsoft Defender for Cloud Apps an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Software Security Specialist at a tech vendor with 51-200 employees
It helps us discover shadow IT, but it isn't as effective on applications from non-Azure platforms
Pros and Cons
- "Shadow IT discovery is the feature I like the most."
- "Defender for Cloud apps is primarily useful for Azure apps. It has limited capabilities for applications based on other cloud platforms."
What is our primary use case?
We use Defender for Cloud Apps for shadow IT discovery and managing cloud applications. We use all Microsoft security products, including Defender for Endpoint and Sentinel. Our company has a SOC team that investigates and remediates security incidents in the Sentinel portal.
How has it helped my organization?
We only need one dashboard for all Microsoft security products. Sentinel acts as a central system for monitoring and investigating all security data. It's a single feed that covers many solutions.
Defender for Cloud Apps saved us about 20 to 30 percent of our time. We've also saved money. I estimate it's about a 10 percent reduction in costs, but I'm unsure.
What is most valuable?
Shadow IT discovery is the feature I like the most. Defender for Cloud Apps provides excellent threat visibility. The solution helps us prioritize threats across our enterprise. We use all Microsoft security products. I had no problems integrating or managing them.
Microsoft's security solutions work together natively to deliver coordinated detection and response. We use Sentinel to ingest security data, which is essential. Sentinel allows us to investigate and respond to threats from one place. I like Sentinel because we can collect logs and data to identify suspicious activity in our environments and establish rules for triggering threat alerts.
What needs improvement?
Defender for Cloud Apps is primarily useful for Azure apps. It has limited capabilities for applications based on other cloud platforms. Microsoft security products are excellent in the detection phase, but they should have more features for the response component.
I would like to see a mobile app for managing Defender for Cloud Apps. We currently use the cloud dashboard, but it would be nice if Microsoft offered more solutions for managing the product.
For how long have I used the solution?
I have used Defender for Cloud Apps for one year.
What do I think about the stability of the solution?
Defender for Cloud Apps is stable.
What do I think about the scalability of the solution?
Defender for Cloud Apps is scalable.
How are customer service and support?
I rate Microsoft's support a ten out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
Deploying Defender was a little complex, but it only took a few days. Some of the documentation isn't clear, so I'm a little confused. It doesn't require any maintenance after deployment.
What's my experience with pricing, setup cost, and licensing?
I do not think Defender for Cloud Apps is expensive.
What other advice do I have?
I rate Defender for Cloud Apps a seven out of ten. It's better to go with a single vendor for all of your security products. When I introduce Defender for Cloud Apps to our customers, most of them have the license, but they do not understand the capabilities. The first thing I do is explain Defender's coverage and functionality, so they understand which features they can apply to their environment. You need to generate a list of requirements first.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Senior Solutions Engineer at a tech vendor with 1,001-5,000 employees
Stable and meets business requirements but provides too many false positives
Pros and Cons
- "If your business requirements are relatively simple, it can get the job done."
- "There are challenges with detection and there are challenges with false-positive rates."
What is our primary use case?
The solution is primarily used for cloud visibility and getting a better understanding of what the data footprint is, including what kinds of files are exposed, and getting our heads around compliance. It's a component that adds DLP. Presently, there are two separate DLP policies between Microsoft's traditional DLP and the MCA DLP.
What is most valuable?
The solution is bundled with E3 and E5 licenses. That's the reason it's most commonly deployed. It's part of the bundle. It's not a separate cost.
If your business requirements are relatively simple, it can get the job done.
What needs improvement?
If you have more elaborate needs or if you have some more sophisticated use cases, for example, if you need an in-line component, or if you need to distinguish between sanctioned and unsanctioned applications, this solution doesn't cut it. You need to have some other solution.
Microsoft seems to want to mitigate that visible gap by deploying Microsoft DTP Defender for the in-line component. If you consume Microsoft, the more pieces you have, the better it is, although that's not necessarily true, technically speaking. They have limited deployment options. You have limited use cases for an endpoint with the firewalls port for IP tunnels for real-time traffic interception. You have to rule the endpoint. It's a less flexible deployment than the more mature players.
There are challenges with detection and there are challenges with false-positive rates.
They're improving it all the time. I haven't looked at it for six months or so, however, the last time I looked at it, they had to be configured in two different spots.
For how long have I used the solution?
I've been dealing with the solution for a while, on and off.
A lot of customers that we work with have the solution installed today and we see them running it by themselves as well.
What do I think about the stability of the solution?
The solution is stable. I haven't bumped any stability issues.
What do I think about the scalability of the solution?
I haven't tested the scalability. I don't have any opinion on the scalability. It seems to me that it fits the customer's needs from a scalability perspective.
How are customer service and support?
I don't work with technical support directly.
How was the initial setup?
The solution is super easy to configure. All it requires is an admin for the various apps. Once it's authorized it can start the scans. Mainly, you need to be mindful of policies and what you're looking for. Tuning policies and making sure that your policies are set properly is important. It's very easy to do, especially the out-of-box stuff.
What's my experience with pricing, setup cost, and licensing?
You can buy it alone, however, it's not worth it. Nobody buys it alone as it's not that good as a standalone product. It's better as a part of the E3 and E5 suites. We don't sell it.
What other advice do I have?
We're a Microsoft partner.
I'd rate the solution at a seven out of ten.
Mainly you want to just be clear on what your use cases are, and what you're trying to accomplish, as everything's use case driven. If you know what you need to accomplish from a security strategy standpoint, it's better. For example, it might be helpful for compliance or having an understanding of where sensitive data is. It might be part of a broader initiative around classification and data protection. Having those use cases written out first and going from there is better. Then, I suggest taking a measured approach as you go in. Implement it right. Test for or validate that the policies that you have in place are working as expected. However, you have to build out requirements for the policies.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Support Engineer at Microsoft
Integrates with many applications and provides robust threat protection and tailor-made recommendations to improve your environment
Pros and Cons
- "Threat detection is its key feature, and that's why we use this tool. It gives an alert if a PC is attacked or there is any kind of anomaly, such as there is a spike in sending emails or we see an unauthorized website being accessed. So, it keeps us on our toes. We get to know that there is something wrong, and we can isolate the user and find any issues with it. So, threat detection is very robust in this tool."
- "The response time could be better. It will be helpful if the alerts are even more proactive and we can see more data. Currently, the data is a little bit weak. It is not complete. I can't just see it and completely know which user or which device it is. It takes some effort and time on my part to investigate and isolate a user. It would be great if it is more user-friendly or easy for people to understand."
What is our primary use case?
We use it in our company for threat detection. My company is into manufacturing, and our IT support is within premises. We don't do client services.
It is a SaaS solution. It is not supported on-premises. The deployment that we have is purely cloud-based.
How has it helped my organization?
Cloud App Security is an ever-evolving technology. It is based on artificial intelligence. It uses some data sets that capture all the tools within Office 365 package. It collects all the data majorly in the Office 365 space, and it understands the usage. Across the globe, there might be millions of Microsoft users, and it tries to capture all the data cumulatively and see any anomalies. That is how Microsoft gives you the data. They study different types of organizations in terms of how they behave, what kind of security loopholes can be found in them, and then they give you recommendations. You just implement these recommendations to secure the environment. So, what you get is a tailor-made solution where you can find all recommendations because it is based on artificial intelligence. They give you a tailor-made recommendation to improve your environment. They might recommend multifactor authentication, role-based access, etc. They provide you the classical representation on which users we can target and safeguard more. All these things are very useful. That's how this tool is helping Microsoft customers, and this is how we have also been using it.
My company relies upon this technology. For us, it is very critical to know any attack beforehand and be prepared for it. In our environment, there are many endpoints, and many devices interact. We have an email system, a storage system, and other systems. The beauty of Cloud App Security is that it can learn data from different applications. For example, Adobe is an application that I'm integrating with Office 365. So, I can expand my horizon of search to that tool and see how that interacts with us. I will get more real-time data, and I will know more use cases about it.
What is most valuable?
Threat detection is its key feature, and that's why we use this tool. It gives an alert if a PC is attacked or there is any kind of anomaly, such as there is a spike in sending emails or we see an unauthorized website being accessed. So, it keeps us on our toes. We get to know that there is something wrong, and we can isolate the user and find any issues with it. So, threat detection is very robust in this tool.
We can integrate any SaaS-based application with it. It can scan your network and physical devices and the software that you're using. It tries to fetch cumulative data when there are any authentication-related attacks or any network-related attacks and gives us some kind of intimation. We get real-time graphical data, and then we need to do our work to solve the problems.
The product is great. The major benefit is that it is a Microsoft tool. So, if you're in a Microsoft ecosystem, this is the best tool that you can get in the market. In terms of experience, it is unlike any other tool. It is good enough to do all the jobs that other tools are doing. So, you don't need any other tool if you are using it in a Microsoft ecosystem.
What needs improvement?
The response time could be better. It will be helpful if the alerts are even more proactive and we can see more data. Currently, the data is a little bit weak. It is not complete. I can't just see it and completely know which user or which device it is. It takes some effort and time on my part to investigate and isolate a user. It would be great if it is more user-friendly or easy for people to understand.
If it is an Office 365 product, I expect it to be in the admin center. That way I would know that this is a part of Office 365. It feels like there is a mismatch, or they are trying to separate the product or do something like that. They should have streamlined the product.
It is not always accurate. Sometimes, there could be some hiccups, and you see false positives, but security is not always reliable, and you cannot depend on one tool to give you all accurate results. It gives me a report that I can see, and if needed, I can act proactively on something. If it is a false positive, it is fine. If it is not, we know that we have done something about it.
For how long have I used the solution?
We implemented it probably in 2019.
What do I think about the stability of the solution?
It is a new thing for Microsoft, and it still has a lot of room to improve.
What do I think about the scalability of the solution?
It is completely scalable out-of-the-box. It is completely in interaction with Office 365 services. It can go up to as many users as you have. So, if you have 100,000 users, it is capable of supporting them. I have some 50,000 users, and I'm happy that it is capable of doing that. We have implemented it 100%, and we are happy with what we have got.
It is good for an enterprise company. It is not for a small-scale business.
How are customer service and support?
We don't require support frequently. I would rate them a seven out of 10. If you have a critical situation, you cannot expect them to give you a call immediately. My experience has not been so great with their paid support in terms of time. Sometimes, they don't even call you back, but when you do get support from them, they are excellent. So, you can't rely on them, and their response time can be improved, but their documentation is good enough. We can read the documentation and help ourselves.
Which solution did I use previously and why did I switch?
Before this, my company had some tools, but I'm not sure about them. They probably heavily relied upon Splunk and other APM tools. They have had this tool from the time I have been here. Personally, I haven't worked on technologies outside of Microsoft.
How was the initial setup?
It is very easy if you know what you're doing. You just click on the Next button multiple times, and it is complete. It is well-documented in the sense that we know what we can expect from the tool. The documentation is great, and the support is also excellent. So, my experience was very smooth, and it was done in a day.
It does not work on every license. You have to be an Enterprise customer, and you have to have a specific license to have the full benefits of it. So, you require the correct license, and you also need a certain amount of time for it to propagate. It is not immediate. Based on what we were told by Microsoft a few years ago, it takes 24 to 48 hours. They might have improved upon that. It tries to capture the complete environment details, and then it gives you a cumulative experience.
We work around the clock. We have six admins at different time zones who work with this solution.
What's my experience with pricing, setup cost, and licensing?
Its pricing is on the higher side. Its price is definitely very high for a small-scale company.
As an enterprise client, we do get benefits from Microsoft. We get a discounted price because of the number of users we have in our company. We have a premier package, and with that, we do get a lot of discounts. There are no additional costs. It only comes in the top-tier packages. Generally, the top-tier license is the best license that you can get for your organization. If you want, you can buy it separately, but that's not a good idea.
This tool alone is not a great investment, but when you get it as a part of the package from Microsoft, it is good. Along with Microsoft Teams, Office, Exchange, SharePoint, and other solutions, this added feature of an extra layer of security makes a lot of sense. If you are only using this tool, and it is not in a Microsoft ecosystem, then it is not worth it.
What other advice do I have?
For Office 365 environments, there is a great add-on benefit that comes with the Microsoft licensing package. If you have a Microsoft ecosystem, you can get it, and there is no need for any other tool. If you're not in a Microsoft ecosystem, don't bother buying it. It is a good competitor to other products such as Splunk.
It has not affected our end-user experience in any way. The reason being this is an admin-oriented program, and it does not involve any end user. It just collects data from end-users and gives it to us. After that, it is up to us to act upon it. It does not do anything on its own. It is a threat detection tool, and it doesn't do anything on its own. We have to act to resolve a problem. For example, it will only say, "There is a user who is doing this. Do you want to act upon it? Yes or no?" Based on that, as an admin, we can do certain tasks remotely. The end-user will not know about it. We will see if there is a real threat, and we'll act upon it.
I would rate it a 10 out of 10. It is improving, but it still needs more improvements.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cloud Security Architect at a tech services company with 501-1,000 employees
Easy to use, scales well, and is good for our clients who are transitioning to the cloud
Pros and Cons
- "It is very easy to use, which is what we look for in these types of solutions."
- "This service would be better if it had a separate license, only for this service, that could be used to track usage."
What is our primary use case?
We are a consulting firm and we configure this service for our clients.
Our clients use it for Shadow IT systems and processes. It is used specifically for cloud services, such as services that reside in Microsoft Azure.
What is most valuable?
It is very easy to use, which is what we look for in these types of solutions.
What needs improvement?
This service would be better if it had a separate license, only for this service, that could be used to track usage.
For how long have I used the solution?
We have been using Microsoft Cloud App Security for the past month.
What do I think about the stability of the solution?
This is a stable product.
What do I think about the scalability of the solution?
This solution is scalable. You simply buy licenses and access the platform.
Currently, we have five people in the company who are using it. With new clients using our service and other clients moving to the cloud, I want to have a security broker in place so I expect to increase our usage.
How are customer service and technical support?
I have not contacted technical support yet.
How was the initial setup?
As a cloud-based service, there is no installation.
What's my experience with pricing, setup cost, and licensing?
Our clients normally use the Microsoft E1 licensing, which is renewed yearly. It gives them access to many Microsoft services, and one of them is Microsoft Cloud App Security.
Which other solutions did I evaluate?
We are currently evaluating other products such as Netskope, to see what it can offer us. We primarily want to see if it is easier for our clients to use. It seems that the integration with the cloud service is much more difficult.
Licensing for this product is not as expensive as Netskope.
What other advice do I have?
This is a pretty good service and I definitely recommend it if you are using Microsoft Azure or Microsoft services.
I would rate this solution an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Senior Cloud & Security Consultant at a tech services company with 11-50 employees
Great for monitoring user activity and protecting data while integrating well with other applications
Pros and Cons
- "The solution does not affect a user's workflow."
- "The integration with macOS operating systems needs to be better."
What is our primary use case?
If there's any data that is taken out from their corporate applications, on their managed devices, and being taken out and stored somewhere else, on an application that is not managed, they don't have visibility on that.
Therefore, with Cloud App Security, the main use case is to identify information about applications that are way beyond their boundaries and to understand what people are accessing them as well as if those applications are safe or not. It's a Shadow IT discovery solution.
Apart from that, it's a solution used to protect corporate data from being taken out of those applications and being shared externally with people who are not meant to have those documents or data. It's a solution designed to prevent exfiltration and data filtration of corporate data from those applications to unknown people that may happen without proper visibility.
Basically, it's used for two purposes: providing control of the data that is in cloud applications, and shadow IT discovery. That's the major purpose of Cloud App Security.
What is most valuable?
This solution acts as an identity and posture management assessment solution also. When you have your on-prem AD integrated with Defender for Identity, it can understand your identity posture.
It can understand things like your Active Directory spread or the current state of your Active Directory on certain recommended practices. For example, if users in your organization are not using secure log-in methods. If their LDAP authentication is not secure, you'll get that information. That's identity and posture management. For your on-prem AD, if you have the solution deployed, which is Defender for Identity, it'll give you an understanding of your identity state, of your on-prem AD state, and give you recommendations accordingly, on what needs to be changed and managed, to make sure that you're secure.
Apart from that, it also integrates with third-party solutions and services. For example, in an organization with multiple cloud applications. Typically, you don't have visibility over user activities or logs. You don't have control over the data. If a user logs in from one location and then the user logs into that application from another location, you don't have the visibility as you don't have ML and AI capabilities inbuilt. With this solution, once it integrates with those applications, it has inbuilt default functionality of ML and automation. It is able to understand the user's behavior and identify inconsistencies in user accounts, for those applications, and can give you suggestions or raise alerts.
The solution does not affect a user's workflow. It is not a user-specific solution. Users would not see the change in their usual behavior and their usual activities as such. The user does not really know what's happening in the background. The Cloud App Security is a solution for your whole organization, to make sure that you're monitoring the right activities - for example, those activities that are really uncommon - or specific activities that you want to monitor. The company has the ability to create Cloud App Security policies for sets of users, however, the users themselves do not see or feel the impact.
An IT administrator manages the solution and it gives them a lot of information. They can see a lot of detail around how other users interact with data and applications across the company, and if anything unusual happens.
What needs improvement?
The integration with macOS operating systems needs to be better. The Cloud App Security integrates with Windows Defender for Endpoint, which is able to monitor the traffic from Windows 10 operating systems. When it integrates with Defender for Endpoints, the macOS capability does not let you directly see the shadow IT discovery. You have to be in your network, to be able to see if any activity from a macOS operating system is happening. If you're working from home without a VPN connection nowadays, which is the usual case for a remote workplace, you can't really monitor or track the activities in the shadow IT that users are using offsite on macOS operating systems.
The Cloud App Security integration with external DLP solutions is not so seamless. There are solutions that you can integrate with Cloud App Security as an external DLP solution, however, it's not so seamless that you can have the integration with the endpoint. It's there, yet, it's not so seamless and integrable.
For how long have I used the solution?
I've been using the solution for the past five years.
What do I think about the stability of the solution?
It's been stable for the past little while. The improvement has been immense, however, overall, it's a stable solution. It has not changed so much. Of course, the implementation of feature sets and improvements have happened, although they're almost similar. I would say it's a stable solution in general.
What do I think about the scalability of the solution?
An average organization would almost utilize 100 to over 150 applications. They wouldn't really have an understanding of what activities are happening across those corporate applications. You can integrate N number of applications. There are approximately 16,000 plus applications that you can monitor and integrate with Cloud App Security. Then, based on those applications, you can understand the users' behavior.
The benefit you get is that you are able to monitor all your applications and control the data that goes out of those applications. You can also control any sort of activity, which you feel should not be happening on that application. The user can be prevented from doing certain activities. Cloud App Security helps you do that across as many apps as you want.
In terms of users. the default Cloud App Security is just a license-based solution. As long as you have users in your organization, you just buy licenses from Microsoft and assign those licenses to your user accounts. It's very scalable.
There are a few parts to it. For example, shadow IT discovery, which is an added feature that allows you to be able to implement additional users in your organization. The Cloud App Security will also require additional infrastructure. Let's say if the data set that Cloud App Security is absorbing at a particular time span, if it increases, then you probably have to implement additional on-prem resources or cloud resources for it to be able to track all of the network data.
Depending on the data set that you're ingesting in Cloud App Security, you might have to increase your workload on-prem. Other than that, Cloud App Security itself is a very scalable solution.
When it comes to the size of organizations I've worked with, I should note I am personally a Microsoft consultant only. I work on Microsoft projects and with Microsoft's clients only. I've worked with organizations with 15,000 users and an organization that has approximately 6,000 users. I've worked with organizations that have 500 users. The size of the company varies.
How are customer service and support?
Microsoft has different support tiers. If it's Pro support I would rate it at a seven or seven-and-a-half at a maximum. There are Premier support services and there are Professional supports, another type of support service. Premier support service is very good. I would rate that at an eight-and-a-half or nine.
Pro support is if you buy a basic license for an organization. It's not so great and yet still good. For Pro support, you usually do not get routed to Microsoft people. Those are generally people who are third-party support service providers.
The problem is, specifically in India, it's also specific to locations, as sometimes if you're working in a different location, you get different support. As I mentioned, it's third-party support usually that you get with Cloud App Security or any Microsoft solution Pro support.
The level of knowledge you get is totally dependent on how the organization and how the third-party service provider is. Usually, there are time delays. Sometimes their initial response will happen, and then they will take time in responding back and/or aligning a resource. Sometimes that resource is not technically advanced or technically skilled and can't fully understand the problems at hand. In that case, they require escalating most of those cases to the technical consultants. If it's a typical question, a typical scenario, I would say it's good. Cloud App Security is a beast of a product, so the major issue is with the Pro support.
If it would have been directly with Microsoft, this help has been really good, however, it's a third-party service provider who's helping you out, and they just don't have the insights an actual Microsoft user has.
Which solution did I use previously and why did I switch?
I don't have any experience working with a third party or a competitor of Cloud App Security, however, I know there is one called McAfee, which is supposed to be equally good.
McAfee offers a cloud app security service that is very, very good and close to what Microsoft offers. That is what I understand from customers and the discussions I've had surrounding it, though I have not really worked on McAfee. What I understand from customers is, Cloud App Security, the integration, the capabilities that it has to offer, are much more advanced. For example, Microsoft's identity posture assessment. There is no solution in Europe, anywhere, which offers such a capability. It's an integrated solution with Defender for Identity, however, it's a service that Cloud App Security at least offers, which otherwise would not be available.
Similarly, integration with the number of applications, as I mentioned, is great with Microsoft. The capability for you to monitor and route your traffic for all of these different applications, and to be able to analyze the traffic from those corporate applications is important.
The reverse proxy capability that Microsoft Cloud App Security offers is really good. It lets you track anything in real-time, and monitor all those things, which is not possible using other solutions.
How was the initial setup?
The initial onboarding of Cloud App Security with Office 365 is pretty straightforward. For an organization that does not use Office 365 as its primary SaaS application, you will still have to follow a few steps, however, those are also straightforward steps.
In general, I would say, Cloud App Security implementation, within the initial adoption of an application, is very seamless.
The time it takes to deploy depends on the use cases. If you're talking about a simple activation of Cloud App Security, and enabling and monitoring the activities of certain basic applications, it shouldn't take more than a few hours for integration. If there are more complex situations, more complex scenarios, depending on what the scenarios are, then there may be a little bit more effort and time required. Other than that, if the default integration with applications is already there, it should not take more than a few hours to have it up and running.
What's my experience with pricing, setup cost, and licensing?
I've worked with almost eight to 10 customers using Cloud App Security. This is Microsoft Cloud App Security. Cloud App Security has two offerings. One is Office 365 Cloud App Security, which is a basic cloud app security. Then there is Advanced Cloud App Security which is called Microsoft Cloud App Security.
The Office 365 one, the one which you get with E5 licenses, it'll give you basic Office 365 monitoring and snapshot reports, but not a whole lot of capabilities.
That said, I don't have any information about the actual costs of the license themselves.
What other advice do I have?
I deploy this solution. I don't utilize this solution as a solution for my organization, and instead, deploy this solution for clients. I'm a consultant for this product. My company is a Microsoft partner.
This is a SaaS application.
I would advise new users to first try to identify the applications which are corporate-owned applications, be it if it's an on-prem application or if it's a cloud application. Once you identify all those applications which you're using in your organizations as a whole, you should try to integrate all those applications with Cloud App Security.
Once you've started integrating and planning ahead what applications are needed to be monitored first, start integrating those applications and monitoring them. Slowly, integration after integration, all the monitoring will start happening.
Once the integration for those applications has happened, you should go ahead and start implementing what kind of policies you want. If you want activity monitoring policies, then you should start creating those activity monitoring policies. Let's say you want to apply DLP policies for third-party applications. You will need to reach out to those different teams who'll be able to give you better answers as to how to approach the data that is being shared or being uploaded from those applications to any other applications.
Based on that, create those policies in Cloud App Security. The correct and the right approach is to use the network appliances that you have in your organization. Once you have identified that information, you can go ahead and start implementing the Cloud App Security and start integrating those network appliances and those applications with Cloud App Security.
Overall, I would rate the solution at an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free Microsoft Defender for Cloud Apps Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Cloud Access Security Brokers (CASB) Advanced Threat Protection (ATP) Microsoft Security SuitePopular Comparisons
Cisco Umbrella
Prisma Access by Palo Alto Networks
Zscaler Zero Trust Exchange Platform
Cato SASE Cloud Platform
Skyhigh Security
Akamai Enterprise Application Access
Forcepoint ONE
Obsidian CDR Platform
Forcepoint CASB
Proofpoint Cloud App Security Broker
Symantec CloudSOC CASB
Buyer's Guide
Download our free Microsoft Defender for Cloud Apps Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which is the better security solution - Cisco Umbrella or Microsoft Cloud App Security?
- Evaluating CASBs. Looking for community feedback on some vendors.
- What are your best practices for Identity and Access Management (IAM) in the Cloud?
- CloudLock vs. Skyhigh
- Why do organizations need CASB?
- When evaluating Cloud Security, what aspect do you think is the most important to look for?
- What is Unified Cloud Security? Can you define the scope and use cases of the term?
- Adallom vs. Cloudlock
- What is the difference between SASE and CASB?
- What are your recommended best practices and tools to prevent cloud jacking in your organization?