Microsoft Defender for Cloud Reviews

We use Microsoft Defender for Cloud to fill a gap temporarily by providing a platform solution for PaaS scanning, as there wasn't an enterprise-wide product available.

Microsoft Defender for Cloud offers a good range of workload coverage that effectively meets our current needs.

Microsoft Defender for Cloud enhances security operations by providing a prioritized list of remediation for security issues identified through Azure Policy and Sentinel. This integration offers unprecedented visibility into PaaS resources which we have not been able to do before.

It enhanced our security posture by enabling us to scan PaaS resources.

Microsoft Defender for Cloud has worked well coordinating detection and response across our devices, identities, apps, emails, data, and cloud workloads.

Microsoft Defender for Cloud is a valuable tool that integrates seamlessly with Azure Policy and our Security SIEM, simplifying implementation and enhancing security posture. Furthermore, its integration with Sentinel provides prioritized remediation steps for security issues identified through both Azure Policy and Sentinel, increasing visibility into PaaS resources and streamlining our security operations.

Microsoft Defender for Cloud could be improved by adding capabilities for NetApp files and more PaaS resources from other vendors, not just Microsoft.

I have been using Microsoft Defender for Cloud for a year and a half.

Microsoft Defender for Cloud is stable.

Microsoft Defender for Cloud is scalable.

Microsoft customer support has been great so far.

Positive

Microsoft Defender for Cloud is easily deployed using Azure Policy and a workspace.

So far, Microsoft Defender for Cloud essentially plugs the security gap we were looking to fill, so it has shown a return on investment.

Microsoft Defender for Cloud is pricey, especially for Kubernetes clusters. It could be cheaper. Wiz is a little better from a reporting perspective.

We did not evaluate other solutions because Microsoft Defender for Cloud was the easiest to implement under the circumstances and the most readily available. Otherwise, the application would have been subject to the standard intake and other corporate processes.

I would rate Microsoft Defender for Cloud an eight out of ten.

We primarily use Defender for policies, such as compliance checks and vulnerability management. We have introduced a new system for rolling out policies across the organization, monitoring compliance closely.

Microsoft Defender for Cloud has significantly improved vulnerability management by tracking compliance, networking issues, storage accounts that shouldn't be public, etc. 

The most valuable feature is the regulatory compliance aspect, where we utilize predefined initiatives like NIST. Alert management is another useful feature. Alerts are directly integrated with our email or DevOps board for easy viewing, allowing us to identify problem areas efficiently.

Two or three months ago, they released an update that we liked. Now, you can set up control groups based on policies, giving you a clear overview of where you're lacking. Defender covers almost all our workloads. We don't use a multi-cloud environment, but it covers Azure and AWS well. 

Defender could improve how data is represented. It can be unstructured or slow to load. The recent update allowing policy grouping into control groups is beneficial, but further enhancements for speed and clarity are needed. It would be nice if Defender prioritized vulnerabilities more. It provides an overview of what needs improvement, but I don't know if it's correctly prioritized.

I have used Microsoft Defender for Cloud for about two years.

The stability could be improved, as it can be slow to load at times, but overall it provides the expected recommendations.

It is very scalable, especially in a cloud environment, allowing for extensive resource coverage for vulnerability management.

I have not used customer service for Defender for Cloud, but generally, I am satisfied with Microsoft's support. They are quick to respond and effectively resolve issues.

Positive

I rate Microsoft Defender for Cloud eight out of 10. 

Defender acts as a CSPM solution, a post-share management solution for cloud security. We use it to find weak spots in our cloud configuration and strengthen the overall security posture of our cloud environment. With this particular tool, we seek to protect workloads across various environments. We have about 3,000 endpoints and 100 users in the United States alone. 

Defender gave us more substantial visibility into our security, helping us increase our overall security posture and manage risks throughout the entire organization. It helps us make decisions about specific kinds of risks. If we see a glaring vulnerability, we can determine whether this is an acceptable risk or something that requires urgent action. The risk level determines our investment and budgeting, and the amount of work needed to remedy that. It provides a lot of valuable information for informing our comprehensive risk management strategy.

The solution does a pretty good job of finding previously unknown threats. It helps keep us aware of the kinds of threats that are out there and how we could potentially be impacted. Defender gives us a high level of information about unknown or zero-day threats. It's sometimes hard to gauge whether everything is there because the report is customized based on our infrastructure and what might be pertinent to us.

They've always notified us when there was a zero-day threat. I think there have been a few instances where they altered us about a new threat before it was publicized, which is a good sign that they value us as a customer. They've warned us about something before releasing it to the wider public.

Defender improved our SOC efficiency and saved us from having to add more personnel on the SOC side. It definitely improved that whole area, giving us the bandwidth to work on other things. Defender reduced our detection time because they are proactive about notifying us. I haven't seen too much of a time lag. There were a few instances, but it was never something critical where we had to call them out and ask if this was an issue or something. 

Time-to-response has also gone down. The sooner we get the notification, the quicker we can jump on something. It helped us respond to any potential breach or attack faster. 

It also saved us money because we don't need to deploy a second product to get some additional coverage. It also saved us from adding more security staff. Overall, it has had a positive financial impact on the company. 

The vulnerability reporting is helpful. When we initially deployed Defender, it reported many more threats than we currently see. It gave us insight into areas we had not previously considered, so we knew where we needed to act.

Defender's ability to protect multi-cloud environments is essential for us. Our company's offerings are based on tasks, and these cloud service providers are critical infrastructure for us. If anything bad happens, it compromises our services. We need to understand and improve our posture.

It also seamlessly integrates with Sentinel. It was fairly easy because we already leveraged Microsoft 365 earlier, so adding the Sentinel piece was pretty quick. It took a day to figure out and go ahead with the actual deployment. This integration with 365 and Sentinel provided timely intelligence over time. It becomes a problem if we don't get a threat notification in time. They are highly proactive about delivering that information in the initial alert and backing it up with more details as the situation develops.

Microsoft has a relatively sizeable threat-hunting group constantly digging up many things. That helps because it gives us confidence if we face some threats that not many other players are exploring. With this particular product, we're confident they'll let us know where we stand. 

Microsoft sources most of their threat intelligence internally, but I think they should open themselves up to bodies that provide feel intelligence to build a better engine. There may be threats out there that they don't report because their team is not doing anything on that and they don't have arrangements with another party that is involved in that research. 

Opening up to more collaboration with different entities in the private or public sector would help them feed more information to the customers and improve their security posture. More partnerships with other players who can feed them intelligence will help them develop the engine powering this product, ultimately benefiting every customer who uses it. 

I have been using Defender for Cloud for about a year and a half. 

We've had a positive experience overall with Defender's unified portal. We seldom see any bugs. Sometimes, there is a lag in the reporting and some inconsistencies with our searches, but it's rare. There were some periods when their service was not running properly.

While there hasn't been a significant outage, we've experienced some performance degradation where Microsoft notified us that they were having a problem. They informed us ahead of time when there are issues, but I've never had a complete outage thus far. 

Defender for Cloud is scalable, given the licensing model. The performance doesn't suffer under a heavy workload. Many organizations I know have a massive workload, and they're still leveraging Defender without any issues. I rate Defender an eight out of ten for scalability.

I rate Microsoft support an eight out of ten. Their support is great, so we have no complaints. They were responsive when we had issues.

Positive

We used SentinelOne only for endpoint threat detection. That's probably the closest competitor. We haven't used any other solutions besides that. 

Setting up Defender for Cloud was relatively straightforward. We worked with a person assigned from Microsoft, who gave us a walkthrough of the steps we needed to take.

Defender doesn't require much maintenance after deployment other than a few pieces of infrastructure we have internally. We need to monitor the solutions to check alerts and security advisories, but we've never had to deal with any maintenance.

We ended up using a reseller. They were good. I used them for other vendors, and we've had a productive relationship working on multiple initiatives. This one was nothing new. 

They have a free version, but the license for this one isn't too high. It's free to start with, and you're charged for using it beyond 30 days. Some other pieces of Defender are charged based on usage, so you will be charged more for a high volume of transactions. I believe Defender for Cloud is a daily charge based on Azure's App Service Pricing. 

It's a negligible cost if your usage isn't that high, like a few cents. It's appealing for people to try it. If you don't plan to use it much, you won't have a high bill.

Other options were considered, but it came down to the level of value we would get from a holistic vulnerability intelligence product like Defender for Cloud. Also, Microsoft products are pervasive, with a much broader customer base. That was a deciding factor. We saw much more potential from Defender compared to the alternatives. Even though the competition solutions may have functioned better in terms of providing more intelligence, other factors weighed in favor of Microsoft Defender.

I rate Microsoft Defender for Cloud an eight out of ten. I recommend doing a PoC. You shouldn't implement something after only reviewing the documentation and marketing materials. Put it through a PoC for a month at least to get a feel for how it functions and whether it satisfies your requirements. 

Defender for Cloud is a unified platform. Within that, you have Defender for virtual machines, Defender for Servers, Defender for App Services, and Defender for Containers. It is a centralized solution, which you can leverage to bring your security practices in place so centralized security auditing can be done. 

You can use it for approximately 90% to 95% of Azure workloads for infrastructure, platform as a service, or database as a service. You can use it for all these.

I am working for a service-based company. We provide Azure Cloud Services. We are a Gold-Certified partner from Microsoft in the GCC region. We are the only ones for whom Microsoft hands over their business. 

We mostly use it for public cloud, but it can also be used with hybrid cloud and on-premises. We also use private clouds with government entities.

We have had many customers where we deployed this solution. They are secured and guarded by this solution, so they are happy now.

It can be done as a multi-regional deployment.

It can be used to secure GCP, AWS, and your on-premise infrastructure. You need a security solution like Defender to secure any type of workload. Your workload may consist of infrastructure, platform, database, or anything in between those. Obviously, you want it to be secure from day one. When you start from anything on the cloud, you want it secured right away. If it is not secured, then you are at risk of a data breach. There are many security issues, which is why it is important to secure your application infrastructure from day one. This is 100% important.

Most customers have an on-premises ITSM solution. If they want P1 or P2 tickets to be initiated, then within Defender for Cloud, it will trigger the ticket or invoke the ITSM solution. Also, they can use SMS- or email-based ticketing. If they don't have anything, then they can utilize the dashboard provided by Defender for Cloud and get everything from one place.

If you don't have this solution then you will be analyzing things with some sort of algorithm or writing some code, then your team will be monitoring emails or some kind of logs every day. When you have commissioned Defender, you have these things visible already on your dashboard. This gives the efficiency to the people to do their actual work rather than bothering about the email, sorting out the email, or looking at it through an ITSM solution, whey they have to look at the description and use cases. Efficiency increases with this optimized, ready-made solution since you don't need to invest in something externally. You can start using the dashboard and auditing capability provided from day one. Thus, you have fewer costs with a more optimized, easier-to-use solution, providing operational efficiency for your team.

Within a SOC team, you monitor tickets and emails, but you cannot automate them unless your company bought some solutions. In the case of Defender, a solution is already provided. You just need to extend it per your needs.

All of the features are valuable. When you are designing a solution, you are designing not only the infrastructure but designing the application solution and database. On top of that, you are designing the connectivity solution. Defender takes care of all kinds of security, starting from infrastructure to platform to database. All of them are useful, depending on the workload of different clients. 

I work at a service-based company. We use this for almost all our customers. Usually, it will be on your infrastructure, which is a virtual machine and needs an antivirus solution. Then, if you have a platform as a service, you would need OWASP 10 security. All of these are given.

When you commission Defender for Cloud, it provides a portal. The portal has auditing and tracing capabilities. If you want to secure your virtual machines, then you can enable the RDP port by default, if you don't have a security solution. Now, when you are using Defender for Cloud, you can access the machine on an ad-hoc basis through Defender for Server, where you are securing your application. Then, even if someone gets into your account, they still cannot enable RDP. 

The portal provides you with auditing and logging capabilities. Along with that, there is a machine learning algorithm. You can even have your own workbook, where you can write in Python, then you can bring it into Defender for Cloud where you can do the injection, verification, and blocking of IPs. 

It offers a ready-made solution. In addition, you can enable a customized workbook, which will secure your application. Therefore, you are provided a portal, customer facility, and in-built security from day one and can start using it.

Microsoft works day in, and day out to look for new vulnerabilities happening in the market, which cannot be resolved with human intervention. Every day, they keep searching for vulnerability signatures in the market, then adding those. They automatically get built into Defender for Cloud. For example, there are some vulnerabilities that have been going around. If you are on-premises, then you need to download the signatures out there, then your antivirus software should be capable enough to identify them. With the Microsoft platform, the signature is already provided from Microsoft, i.e., Datastore. This is by default enabled as soon as Microsoft figures it out. This is the first thing that it provides.

The solution could extend its capabilities to other cloud providers. Right now, if you want to monitor a virtual machine on another cloud, you can do that. However, this cannot be done with other cloud platform services. I hope once that is available then Defender for Cloud will be a unified solution for all cloud platform services.

I have been using it for more than three years.

The maintenance part is taken care of by Microsoft. The platform's responsibility lies with Microsoft, not with the customer.

Stability-wise, it is stable.

it can be extended to multiple regions as well as to on-premises.

When upgrading the solution, by default, no technical support is required. If it is required, it will then depend on your SLA, i.e., what kind of agreement you have. You may have an eContract, CSP, open agreement, or a normal one by default. Microsoft uses that SLA to deliver the solution at a particular time. 

I would rate the technical support as 6.5 out of 10. In general, you don't need to reach out to Microsoft's support.

Neutral

Before Defender for Cloud, the solution was on-premises or some kind of third-party managed solution that we bought from the Azure portal. This integration had issues because you needed to go through the VPN tunnel, look for your solution, raise a ticket, and then have your teams look at the logs and ticket. If you had some networking issues or a major security issue, your ticket would not be raised.

There have been a couple of customers who start on their own with their own tenants. Then, at a certain time, they figure out that something wrong has happened, e.g., a hacking issue or a security breach. They then come to us through Microsoft because their security appliances and security practices are not proper, asking us, "Can you please help us to secure them?" 

The first step is to start securing their virtual machine. So, you enable Defender for Cloud. From the first instance, all their workloads are automatically added and enabled by default. So, if a customer is not secured enough when they go for Defender for Cloud, then it will automatically enable all kinds of security practices for them. Anyone can enable it. You can have Defender as the front face security for your cloud. Because of this, all our clients are secure.

This is a cloud service. It is provided as a platform as a service. So, it is not infrastructure or something which you deploy. No configuration is required by default.

Azure Sentinel is a SIEM solution. Within the SIEM solution, you get logs. On top of that, you receive some kind of tracing. You then have your runbook. So, the integration is very easy. It is just click, click, and click. You can integrate it within five seconds. Azure Sentinel also takes care of Defender. This means that when you go into Azure Sentinel, you say, "I want Azure Sentinel to have whatever logs you have in Defender." Whatever workload is secure, you want to have the auditing part of that in Azure Sentinel, then you want to trigger or invoke something. Therefore, it just takes five to 10 seconds with three clicks, then it is enabled for you.

The external integration component has been provided. You have a ready-made appliance where you download the appliance and install it onto that particular machine, then it will start monitoring your virtual machine. This is easier on the Azure side to integrate. With on-premises, you need to download something called Agent. You download and execute that, then everything is connected. You just provide the security token already shown on your portal, then you integrate.

We have seen a 50% reduction in costs.

It is a ready-made solution that you just start using from the day one until whenever you want to use it, paying as you go. Or, you can do either a one-year or three-year RI.

Pricing depends on your workload size, but it is very cheap. If you're talking about virtual machines, it is $5 or something for each machine, which is minimal. If you go for some agent-based solution for every virtual machine, then you need to pay the same thing or more than that. For an on-premises solution like this, we were paying around $30 to $50 based on size. With Defender, Microsoft doesn't bother about the size. You pay based on the number of machines. So, if you have 10 virtual machines, and 10 virtual machines are being monitored, you are paying based on that rather than the size of the virtual machine. Thus, you are paying for the number of units rather than paying for the size of your units.

In case you want your own signatures in-built, you have the workbook where you can enable it to couple with your Defender solution. It will start analyzing your specific algorithm or signature. If there is data specific to your organization or your developer knows something that no one else knows, and you want to restrict that. So, you have a free hand to customize it and a standard way is already provided. Every day, you will get a security update by default. You don't need to bother doing it manually. This has already been given to you free of cost. There are no costs other than the Microsoft workload itself.

If you have the solution with Microsoft Azure, then you will not need to look at other products. For on-premises, we were also using F5.

When you are designing the solution, you should activate the solution from day one.

I would rate this solution as 8.5 out of 10.

We typically use Azure Defender for securing our infrastructure-based virtual machines and database solutions on the Azure subscription. We've integrated a couple of the Defender agents into our on-premise servers too.

Azure Defender has improved our overall security posture. In particular, Defender's exploit protection mechanism protects our servers from unseen threats like process memory attacks, hash theft, or any direct script-based attacks.

Defender is just one component because the organization also uses endpoint security solutions and firewalls. This product is not an endpoint solution. It usually operates at the server level, improving the posture of the Azure cloud environment. Our end-users never deal with Azure Defender. It's purely on the administrative level. The server administration team handles it, so the end-user has nothing to do with it.

Defender is a robust platform for dealing with many kinds of threats. We're protected from various threats, like viruses. Attacks can be easily minimized with this solution defending our infrastructure.

The entire Defender family requires a little bit of clarity. There is a lot of confusion in the market, especially on the end-user side but also on the consulting side. Microsoft has launched four or five Defender products, including Azure Defender, which Microsoft renamed Defender for Cloud. They also have Defender for Identity, Defender for Endpoints, and Defender ATP. It isn't very clear.

I would suggest building a single product that addresses endpoint server protection, attack surface, and everything else in one solution. That is the main disadvantage with the product. If we are incorporating some features, we end up in a situation where this solution is for the server, and that one is for the client, or this is for identity, and that is for our application. They're not bundling it. Commercially, we can charge for different licenses, but on the implementation side, it's tough to help our end-customer understand which product they're getting.

I've been using Defender for Cloud for more than a year.

It's hard for me to talk about the stability of Defender because, in my experience, "stability" is not a word that is relevant to security. A security product is either good or bad. It protects me, or it doesn't. There is no middle ground.

If we are talking about crashes or other issues, I don't see any problems, and the scalability is fine. We can protect storage, key vaults, SQL servers, etc. Defender can protect eight or nine Azure services, and it all works fine, but it would be great if all Azure services could come under the umbrella of Azure Defender. 

For example, we use Defender to protect our SQL databases, but not all of our databases are Microsoft. I have to search for another security solution for the same database vertical because it's not a Microsoft database.

I am a solution designer and architect, and I incorporated Defender for Cloud into three different projects. The smallest had more than 200 virtual machines and 20 database servers plus a couple of Kubernetes and container environments. The largest is around 600 virtual machines on-premises and on Azure, and around 10 web applications, a couple of key vaults and databases, and some storage.

I have contacted Microsoft support, but I haven't opened any tickets for Defender so far. Generally speaking, Microsoft Azure support is quite good. 

The time needed for the initial deployment phase depends on the requirements, but generally, the deployment is quite fast because it's a cloud-native tool. They have just upgraded the Azure Security Center to add Defender.

When talking about cost versus value, you have to consider Defender in the context of Microsoft's cloud solutions as a whole. It's a cloud-native tool, so why is Microsoft charging so much? 

The features are good, but Microsoft created Azure, and they provide monitoring and backup solutions. It's also Microsoft's responsibility to offer security solutions, so why do they charge so much? Why isn't it incorporated into the old security center products? It should typically come with the security center. 

Defender for Cloud is pretty costly for a single line. It's incredibly high to pay monthly for security per server. The cost is considerable for an enterprise with 500-plus virtual machines, and the monthly bill can spike. 

If we're just dealing with servers and Azure infrastructure, then Defender for Cloud is the way to go. But if we want to cover endpoints, emails, and other entry-exit points, then we need to think about another solution

Symantec and a few other tools have end-to-end solutions that protect everything in a single console. You can't do that with Defender for Cloud. Depending on the client's requirements, Defender might not be the best option because it might not cover all the use cases that a client needs.

It's good for clients who are mainly or entirely dependent on Azure resources. If a client's infrastructure is more than 70 percent Azure, it's a good product because it has native control by Microsoft only. In other cases, it's a challenge. The product is good if you're working entirely within a Microsoft, like Windows Server, Azure services, or Office 365 services, but you run into a problem the moment you start going into macOS, iOS, Android, Linux, etc. 

The agent installed there for Defender works differently. But on the flip side, a competitor's product never addresses the spatial bias on Windows. Every product line is the same. Their agents behave the same way on Linux, macOS, iOS, Android, and Windows. That is the fundamental difference I see.

I rate Defender for Cloud eight out of ten. I would recommend it depending on your use case. It's a single solution that can address mixed infrastructure that includes on-premises, AWS, GCP, or Azure. Defender can provide security for all four.

We use Microsoft Defender for Cloud primarily as antivirus software. It covers a wide range of use cases, including scanning for threats and malware on servers and checking for alerts. It is integrated with our endpoints, allowing us to track everything in one seamless place.

Defender for Cloud has improved our security posture. We've trained on it, and it's becoming more helpful each time we use it. Viewing all the alerts in a single pane of glass is very handy.

Defender for Cloud is an improvement over Trend Micro, our previous solution. We like integrating our endpoints and visualizing everything in one place. It provides comprehensive coverage for endpoints, servers, and overall environmental security. 

Additionally, we appreciate its capacity to offer alerts and a prioritized list of mediations. It's integrated with our other solutions, including our DLP protections. That helps us protect our HIPAA and PII data. 

However, some Copilot features aren't available in the GCP environment. This is something we hope will be addressed in the future.

I have been using Microsoft Defender for Cloud for about three months since we moved to an E5 license that included this solution.

Defender's stability has been impressive. We have not faced real downtime, but we experienced some hiccups that lasted a few minutes.

Defender's scalability has been pretty good. We are not using many cloud resources for servers, but otherwise, it has been excellent for scalability.

I rate Microsoft support nine out of 10. There have been some issues here and there, but overall, the experience has been good.

Positive

We used various solutions before, including Trend Micro and GroupWise. We switched to Microsoft Defender for Cloud primarily due to cost efficiency. It was cheaper for us to make the switch than to continue with our previous solutions.

Setting up Defender was a bit of a challenge, but after that, everything went smoothly.

We used a company called Novakos for the migration. They provided all the services we needed and got everything set up effectively.

I am not able to comment on the return on investment, as I do not handle the financial aspects. However, I assume the organization is seeing positive results.

The decrease in costs from switching allowed the organization to allocate resources elsewhere.

I rate Defender for Cloud nine out of 10.

We are using the tool for checking for vulnerabilities over my website for my own personal purpose and within my corporate role. This is also a tool that we have deployed. In terms of usage, it's much more related to reporting and vulnerability management rather than setting up from an organizational perspective.

From an efficiency perspective, it has helped with reporting and the self-service availability of security postures.

The most valuable feature for me is the variety of APIs available. Additionally, the suggestions I get from Defender for security levels and recommendations on how to upgrade my security level are very appreciated.

I recommend that they extend the scope for legacy infra assets.

I have been working with it for more than a year now.

I rate the stability an eight out of ten.

There are no complaints about scalability, and I rate it an eight out of ten.

I rate customer support a nine out of ten. The support team was very responsive to queries.

Positive

Rating the setup, I would give it a six out of ten. The setup process took about two to three days due to waiting on support replies.

I had a support team to help with some of the setup aspects, and they were very responsive.

It's difficult to say because the volume of vulnerabilities and threats has increased, making it tough to compare efficiency between usage before and after implementation.

I don't have visibility into the specific costs, but it seems to be a significant concern for our organization. Every time we consider expanding usage, we carefully evaluate the necessity due to cost concerns.

I am familiar with Dataiku and Databricks, and we use SailPoint in conjunction.

Users must first understand the list of assets they have and whether there is out-of-the-box connectivity with them.

I'd rate the solution seven out of ten.

Mostly, it's related to the vulnerability management.

Earlier, we used to do the vulnerability assessment manually, scheduling it based on our timeline, maybe every six months or once a year. Now, it helps us a lot because we can get the vulnerabilities updated and get recommendations.

The MDVM part is very good. While we were doing the POC, Microsoft Defender was using Qualys for the vulnerability. Now, they have switched to their own MDVM, which is Microsoft Defender Vulnerability Management.

The vulnerabilities are duplicated many times. If it reports that the findings are around 30 or 40, or let's say, 100, it is not the exact number as it is possible that there are multiple findings which are duplicated in nature, and actually, the number is only 62 or 67. 

Another issue after Microsoft Defender upgraded and left Qualys is that whenever the load for the report data is too high, we cannot export the report in one go, so we have to do it in batches.

I have been using the solution for two years.

The quality of the MDVM feature, one of the keys which we are getting, is many times duplicated with the same IDs.

I have contacted Microsoft for the quality issue, and they are working with us.

Positive

I did work with something similar, however, not in the same organization. In my earlier organization, I was working with Check Point and Tenable.

The pricing is good. It is license-based, and we are not utilizing all of the features, like API and other functionalities, so the cost is not that high.

I would definitely recommend Microsoft Defender for Cloud, provided they make some improvements in the MDVM part.

I'd rate the solution eight out of ten.