Microsoft Defender for Cloud Reviews

Defender for Cloud is a unified platform. Within that, you have Defender for virtual machines, Defender for Servers, Defender for App Services, and Defender for Containers. It is a centralized solution, which you can leverage to bring your security practices in place so centralized security auditing can be done. 

You can use it for approximately 90% to 95% of Azure workloads for infrastructure, platform as a service, or database as a service. You can use it for all these.

I am working for a service-based company. We provide Azure Cloud Services. We are a Gold-Certified partner from Microsoft in the GCC region. We are the only ones for whom Microsoft hands over their business. 

We mostly use it for public cloud, but it can also be used with hybrid cloud and on-premises. We also use private clouds with government entities.

We have had many customers where we deployed this solution. They are secured and guarded by this solution, so they are happy now.

It can be done as a multi-regional deployment.

It can be used to secure GCP, AWS, and your on-premise infrastructure. You need a security solution like Defender to secure any type of workload. Your workload may consist of infrastructure, platform, database, or anything in between those. Obviously, you want it to be secure from day one. When you start from anything on the cloud, you want it secured right away. If it is not secured, then you are at risk of a data breach. There are many security issues, which is why it is important to secure your application infrastructure from day one. This is 100% important.

Most customers have an on-premises ITSM solution. If they want P1 or P2 tickets to be initiated, then within Defender for Cloud, it will trigger the ticket or invoke the ITSM solution. Also, they can use SMS- or email-based ticketing. If they don't have anything, then they can utilize the dashboard provided by Defender for Cloud and get everything from one place.

If you don't have this solution then you will be analyzing things with some sort of algorithm or writing some code, then your team will be monitoring emails or some kind of logs every day. When you have commissioned Defender, you have these things visible already on your dashboard. This gives the efficiency to the people to do their actual work rather than bothering about the email, sorting out the email, or looking at it through an ITSM solution, whey they have to look at the description and use cases. Efficiency increases with this optimized, ready-made solution since you don't need to invest in something externally. You can start using the dashboard and auditing capability provided from day one. Thus, you have fewer costs with a more optimized, easier-to-use solution, providing operational efficiency for your team.

Within a SOC team, you monitor tickets and emails, but you cannot automate them unless your company bought some solutions. In the case of Defender, a solution is already provided. You just need to extend it per your needs.

All of the features are valuable. When you are designing a solution, you are designing not only the infrastructure but designing the application solution and database. On top of that, you are designing the connectivity solution. Defender takes care of all kinds of security, starting from infrastructure to platform to database. All of them are useful, depending on the workload of different clients. 

I work at a service-based company. We use this for almost all our customers. Usually, it will be on your infrastructure, which is a virtual machine and needs an antivirus solution. Then, if you have a platform as a service, you would need OWASP 10 security. All of these are given.

When you commission Defender for Cloud, it provides a portal. The portal has auditing and tracing capabilities. If you want to secure your virtual machines, then you can enable the RDP port by default, if you don't have a security solution. Now, when you are using Defender for Cloud, you can access the machine on an ad-hoc basis through Defender for Server, where you are securing your application. Then, even if someone gets into your account, they still cannot enable RDP. 

The portal provides you with auditing and logging capabilities. Along with that, there is a machine learning algorithm. You can even have your own workbook, where you can write in Python, then you can bring it into Defender for Cloud where you can do the injection, verification, and blocking of IPs. 

It offers a ready-made solution. In addition, you can enable a customized workbook, which will secure your application. Therefore, you are provided a portal, customer facility, and in-built security from day one and can start using it.

Microsoft works day in, and day out to look for new vulnerabilities happening in the market, which cannot be resolved with human intervention. Every day, they keep searching for vulnerability signatures in the market, then adding those. They automatically get built into Defender for Cloud. For example, there are some vulnerabilities that have been going around. If you are on-premises, then you need to download the signatures out there, then your antivirus software should be capable enough to identify them. With the Microsoft platform, the signature is already provided from Microsoft, i.e., Datastore. This is by default enabled as soon as Microsoft figures it out. This is the first thing that it provides.

The solution could extend its capabilities to other cloud providers. Right now, if you want to monitor a virtual machine on another cloud, you can do that. However, this cannot be done with other cloud platform services. I hope once that is available then Defender for Cloud will be a unified solution for all cloud platform services.

I have been using it for more than three years.

The maintenance part is taken care of by Microsoft. The platform's responsibility lies with Microsoft, not with the customer.

Stability-wise, it is stable.

it can be extended to multiple regions as well as to on-premises.

When upgrading the solution, by default, no technical support is required. If it is required, it will then depend on your SLA, i.e., what kind of agreement you have. You may have an eContract, CSP, open agreement, or a normal one by default. Microsoft uses that SLA to deliver the solution at a particular time. 

I would rate the technical support as 6.5 out of 10. In general, you don't need to reach out to Microsoft's support.

Neutral

Before Defender for Cloud, the solution was on-premises or some kind of third-party managed solution that we bought from the Azure portal. This integration had issues because you needed to go through the VPN tunnel, look for your solution, raise a ticket, and then have your teams look at the logs and ticket. If you had some networking issues or a major security issue, your ticket would not be raised.

There have been a couple of customers who start on their own with their own tenants. Then, at a certain time, they figure out that something wrong has happened, e.g., a hacking issue or a security breach. They then come to us through Microsoft because their security appliances and security practices are not proper, asking us, "Can you please help us to secure them?" 

The first step is to start securing their virtual machine. So, you enable Defender for Cloud. From the first instance, all their workloads are automatically added and enabled by default. So, if a customer is not secured enough when they go for Defender for Cloud, then it will automatically enable all kinds of security practices for them. Anyone can enable it. You can have Defender as the front face security for your cloud. Because of this, all our clients are secure.

This is a cloud service. It is provided as a platform as a service. So, it is not infrastructure or something which you deploy. No configuration is required by default.

Azure Sentinel is a SIEM solution. Within the SIEM solution, you get logs. On top of that, you receive some kind of tracing. You then have your runbook. So, the integration is very easy. It is just click, click, and click. You can integrate it within five seconds. Azure Sentinel also takes care of Defender. This means that when you go into Azure Sentinel, you say, "I want Azure Sentinel to have whatever logs you have in Defender." Whatever workload is secure, you want to have the auditing part of that in Azure Sentinel, then you want to trigger or invoke something. Therefore, it just takes five to 10 seconds with three clicks, then it is enabled for you.

The external integration component has been provided. You have a ready-made appliance where you download the appliance and install it onto that particular machine, then it will start monitoring your virtual machine. This is easier on the Azure side to integrate. With on-premises, you need to download something called Agent. You download and execute that, then everything is connected. You just provide the security token already shown on your portal, then you integrate.

We have seen a 50% reduction in costs.

It is a ready-made solution that you just start using from the day one until whenever you want to use it, paying as you go. Or, you can do either a one-year or three-year RI.

Pricing depends on your workload size, but it is very cheap. If you're talking about virtual machines, it is $5 or something for each machine, which is minimal. If you go for some agent-based solution for every virtual machine, then you need to pay the same thing or more than that. For an on-premises solution like this, we were paying around $30 to $50 based on size. With Defender, Microsoft doesn't bother about the size. You pay based on the number of machines. So, if you have 10 virtual machines, and 10 virtual machines are being monitored, you are paying based on that rather than the size of the virtual machine. Thus, you are paying for the number of units rather than paying for the size of your units.

In case you want your own signatures in-built, you have the workbook where you can enable it to couple with your Defender solution. It will start analyzing your specific algorithm or signature. If there is data specific to your organization or your developer knows something that no one else knows, and you want to restrict that. So, you have a free hand to customize it and a standard way is already provided. Every day, you will get a security update by default. You don't need to bother doing it manually. This has already been given to you free of cost. There are no costs other than the Microsoft workload itself.

If you have the solution with Microsoft Azure, then you will not need to look at other products. For on-premises, we were also using F5.

When you are designing the solution, you should activate the solution from day one.

I would rate this solution as 8.5 out of 10.

We use Microsoft Defender for Cloud primarily as antivirus software. It covers a wide range of use cases, including scanning for threats and malware on servers and checking for alerts. It is integrated with our endpoints, allowing us to track everything in one seamless place.

Defender for Cloud has improved our security posture. We've trained on it, and it's becoming more helpful each time we use it. Viewing all the alerts in a single pane of glass is very handy.

Defender for Cloud is an improvement over Trend Micro, our previous solution. We like integrating our endpoints and visualizing everything in one place. It provides comprehensive coverage for endpoints, servers, and overall environmental security. 

Additionally, we appreciate its capacity to offer alerts and a prioritized list of mediations. It's integrated with our other solutions, including our DLP protections. That helps us protect our HIPAA and PII data. 

However, some Copilot features aren't available in the GCP environment. This is something we hope will be addressed in the future.

I have been using Microsoft Defender for Cloud for about three months since we moved to an E5 license that included this solution.

Defender's stability has been impressive. We have not faced real downtime, but we experienced some hiccups that lasted a few minutes.

Defender's scalability has been pretty good. We are not using many cloud resources for servers, but otherwise, it has been excellent for scalability.

I rate Microsoft support nine out of 10. There have been some issues here and there, but overall, the experience has been good.

Positive

We used various solutions before, including Trend Micro and GroupWise. We switched to Microsoft Defender for Cloud primarily due to cost efficiency. It was cheaper for us to make the switch than to continue with our previous solutions.

Setting up Defender was a bit of a challenge, but after that, everything went smoothly.

We used a company called Novakos for the migration. They provided all the services we needed and got everything set up effectively.

I am not able to comment on the return on investment, as I do not handle the financial aspects. However, I assume the organization is seeing positive results.

The decrease in costs from switching allowed the organization to allocate resources elsewhere.

I rate Defender for Cloud nine out of 10.

We are a managed service provider. We use Microsoft Defender for Cloud to provide services to our customers.

Defender for Cloud provides a complete DevOps security package for cloud services. Defender covers a broad range of workloads. It helps us prioritize because it identifies critical alerts that we work to resolve. 

Microsoft Defender for Cloud has enhanced our security process by providing insights and critical alerts. We use it on our own managed platform. It has helped us gain some insights and realize areas for improvement. We have worked to resolve the issues highlighted by the alerts, improving our overall security posture.

While we are satisfied with Defender for Cloud's features, an AI enhancement could potentially provide better advice and adapt more effectively to our environment.

I have been using Defender for Cloud for about three or four months.

I haven't observed any outages with Microsoft Defender for Cloud. The stability is excellent.

The scalability of Microsoft Defender for Cloud is very good. I haven't experienced any issues.

I rate Microsoft support eight out of 10. Technical support is generally satisfactory, though call response times can occasionally be slow.

Positive

The initial setup was straightforward and easy.

We acted as the integrator, being a managed service provider. We haven't yet developed a strategy for implementing it in other companies.

Defender for Cloud provides an invaluable return on investment by preventing potential security breaches. The peace of mind it offers is difficult to quantify.

Pricing is a consideration, but we strive to keep costs low by enabling only necessary services.

We evaluated other products but focused on adopting a more cloud-native approach with Microsoft's platform.

I rate Microsoft Defender for Cloud nine out of 10. It's progressing well, although perfection takes time.

Our primary use case for Microsoft Defender for Cloud is mostly security posture management.

Defender for Cloud has improved our security posture. Defender provides us with a prioritized list of security issues to remedy, which improves our security operations because we know what to tackle first.

The most valuable feature is the comprehensive overview across different workloads. It allows us to see protection not just across one workload, such as virtual machines, containers, infrastructure, or data, but across all our workloads. This overall visibility is really helpful. The recommendations and prioritizations help us understand what to address first.

I use the free CSPM functionality. I don't always use the recommendations because I'm sometimes scared to implement those immediately.

The range of workloads is broad, but we'd love to add more workloads and make it a single security solution that covers all those workloads. Covering more would allow us to see and protect more workloads from a single pane of glass. Additional features should include protection for more AI workloads as it currently focuses primarily on OpenAI.

We have been using Microsoft Defender for Cloud for two years.

The sustainability of Microsoft Defender for Cloud is quite stable, especially with the free tier we're using. It provides a lot of value for being free.

Scalability is still to be determined. We have deployed it across several workloads, but we'll need to see how it performs as we expand to more resources and workloads.

We haven't had to reach out to customer service or technical support yet. Therefore, I can't rate it at this moment.

Positive

I didn't use any different solutions previously. We opted for Microsoft Defender for Cloud due to easy integration with our other Microsoft products.

It was easy to set up as we enabled it across our workloads in Azure.

We handled the deployment ourselves without any integrator, reseller, or consultant.

Being a free tool, it provides visibility and insights into workloads that we wouldn't have had otherwise. This is definitely a good return on investment.

We only use the free tier, so we haven't faced any pricing, setup costs, or licensing challenges.

We didn't evaluate any other solutions as Microsoft Defender for Cloud integrated easily with our existing Microsoft products.

I would rate Microsoft Defender for Cloud a nine out of 10. It offers free insights and extensive visibility into workloads for a free product, which is great for us.

We use Microsoft Defender for Cloud to fill a gap temporarily by providing a platform solution for PaaS scanning, as there wasn't an enterprise-wide product available.

Microsoft Defender for Cloud offers a good range of workload coverage that effectively meets our current needs.

Microsoft Defender for Cloud enhances security operations by providing a prioritized list of remediation for security issues identified through Azure Policy and Sentinel. This integration offers unprecedented visibility into PaaS resources which we have not been able to do before.

It enhanced our security posture by enabling us to scan PaaS resources.

Microsoft Defender for Cloud has worked well coordinating detection and response across our devices, identities, apps, emails, data, and cloud workloads.

Microsoft Defender for Cloud is a valuable tool that integrates seamlessly with Azure Policy and our Security SIEM, simplifying implementation and enhancing security posture. Furthermore, its integration with Sentinel provides prioritized remediation steps for security issues identified through both Azure Policy and Sentinel, increasing visibility into PaaS resources and streamlining our security operations.

Microsoft Defender for Cloud could be improved by adding capabilities for NetApp files and more PaaS resources from other vendors, not just Microsoft.

I have been using Microsoft Defender for Cloud for a year and a half.

Microsoft Defender for Cloud is stable.

Microsoft Defender for Cloud is scalable.

Microsoft customer support has been great so far.

Positive

Microsoft Defender for Cloud is easily deployed using Azure Policy and a workspace.

So far, Microsoft Defender for Cloud essentially plugs the security gap we were looking to fill, so it has shown a return on investment.

Microsoft Defender for Cloud is pricey, especially for Kubernetes clusters. It could be cheaper. Wiz is a little better from a reporting perspective.

We did not evaluate other solutions because Microsoft Defender for Cloud was the easiest to implement under the circumstances and the most readily available. Otherwise, the application would have been subject to the standard intake and other corporate processes.

I would rate Microsoft Defender for Cloud an eight out of ten.

We use Defender for Cloud for workloads that involve large amounts of data.

It's cost-effective to create custom logs in Defender for Cloud. 

Defender for Cloud provides a prioritized list of remediations for security issues, reducing risk and improving security operations.

There is room for improvement in terms of cost-effectiveness when enabling every single log, including custom logs.

I've been using Defender for Cloud for a year and a half.

I have no issues with the stability of Microsoft Defender for Cloud.

Scalability is great, and I would rate it a ten out of ten.

It's hard to reach someone who understands my problems. I haven't had many issues, so I haven't called them.

Positive

I used an unspecified different solution before adopting Microsoft Defender for Cloud.

The solution is really easy to enable.

I interacted with a Microsoft representative for implementation, and the process was straightforward.

The setup costs are low because it's easy to enable. However, I'm not clear on other pricing details.

I didn't evaluate other solutions extensively before choosing this.

I rate Defender for Cloud 10 out of 10.

We primarily use Defender for policies, such as compliance checks and vulnerability management. We have introduced a new system for rolling out policies across the organization, monitoring compliance closely.

Microsoft Defender for Cloud has significantly improved vulnerability management by tracking compliance, networking issues, storage accounts that shouldn't be public, etc. 

The most valuable feature is the regulatory compliance aspect, where we utilize predefined initiatives like NIST. Alert management is another useful feature. Alerts are directly integrated with our email or DevOps board for easy viewing, allowing us to identify problem areas efficiently.

Two or three months ago, they released an update that we liked. Now, you can set up control groups based on policies, giving you a clear overview of where you're lacking. Defender covers almost all our workloads. We don't use a multi-cloud environment, but it covers Azure and AWS well. 

Defender could improve how data is represented. It can be unstructured or slow to load. The recent update allowing policy grouping into control groups is beneficial, but further enhancements for speed and clarity are needed. It would be nice if Defender prioritized vulnerabilities more. It provides an overview of what needs improvement, but I don't know if it's correctly prioritized.

I have used Microsoft Defender for Cloud for about two years.

The stability could be improved, as it can be slow to load at times, but overall it provides the expected recommendations.

It is very scalable, especially in a cloud environment, allowing for extensive resource coverage for vulnerability management.

I have not used customer service for Defender for Cloud, but generally, I am satisfied with Microsoft's support. They are quick to respond and effectively resolve issues.

Positive

I rate Microsoft Defender for Cloud eight out of 10. 

We are using Defender for Cloud to check in on security and vulnerability management.

When we were switching from on-prem to the cloud, we did not have the vulnerability management tool to give us alerts on that. We were using Tenable Security Center on-prem. When we moved to the cloud, we needed a solution and chose Defender for Cloud. Now, when we do our vulnerability management meetings, we refer to Defender for Cloud recommendations. We can assign them to technicians or security personnel in case we need to change policies or make exceptions. It is set up to ensure only security personnel can dismiss a recommendation.

It lists the criticality that is the most insecure for our environment and the criticality score for it. This is helpful for us to know what we need to deal with first.

Defender for Cloud has improved our security posture. 

The most valuable features are the security recommendations provided by Defender for Cloud.

Tenable Security Center has a list of all of our vulnerabilities. I can sort it by vulnerability or by machine. Defender for Cloud does do that, but it is just not as clean and easy to get to. It sometimes gets too deep in the weeds, and I do not know how I got to that point. If they had an easier way to display all the vulnerabilities of the machines affected and remediation steps on one screen rather than having to dive deep into each of them, that would be a lot easier.

There can be an easier-to-read dashboard. It would be nice to be able to see the top ten vulnerabilities that we have specific to a system on the dashboard. We can view the security score currently, but a cleaner and simpler display would be good.

I have been using Defender for Cloud for three years.

It is pretty stable and feels solid.

We have struggled with Microsoft customer service quite a bit. While experts are a ten, the overall experience is not always positive and we have had to make a complaint. When we are able to get to a call with their experts, it is great, but it can take time to get to that level. We have had to raise a ticket for the same thing about three times.

Positive

We were using Tenable Security Center on-prem. We switched because we were moving to a Microsoft-centric cloud solution.

It was easy. The setup was handled by a technician who did not report any significant issues.

We did not use any third party for deployment.

We have seen a return on investment, but I cannot quantify it.

We did not evaluate other solutions because we were only looking for a Microsoft-centric solution.

I would rate Defender for Cloud an eight out of ten.