Microsoft Defender for Cloud Reviews

Our company policy is to onboard all the resources, which are supported by Microsoft Defender because it gives us a good amount of recommendations regarding security and vulnerability issues. We have a lot of new users that are not familiar with security protocols and the solution helps protect our systems. Some people don't have experience with security measures like enabling HTTPS, and FTPS security, setting up encryption on virtual machines, or they don't know how to set up private endpoints. For someone who is new, or doesn't have a lot of experience in this field, it is difficult to monitor everything. Microsoft Defender provides recommendations based on severity. High-severity recommendations are more important, while low-severity recommendations may not be as critical. Security reviewers can review all recommendations to make sure they are appropriate. Microsoft Defender is important for a whole variety of reasons, one of which is that it can help improve the security posture of our environment. This is important for organizations of all sizes but is particularly critical for businesses that are delivering services to customers.

Before Microsoft Defender our external team would give us updates on which ports are opening and which vulnerabilities are being attacked. Now with the recommendations of Microsoft Defender, we can find these vulnerabilities sooner and fix them. Before onboarding those respected resources into Microsoft Defender, we faced a few issues. Once we onboarded those resources, we received prompt recommendations that helped us make the organization's resources more secure. If resources are not secured, it can impact the reputation of the organization. The solution helped identify a lot of the issues, at a high priority that we could resolve.

Microsoft Defender helps any organization that needs to follow security baseline recommendations in order to improve its environment. Regarding threats, I recommend Microsoft Sentinel for detecting and hunting the threats. I can identify what exactly happened at that particular time or particular resource with the help of Microsoft Sentinel.

The solution has significantly reduced the overall time it takes us to detect issues. Most of the resources are scanned every 30 minutes, so it doesn't take much time for the solution to give us the respected recommendations.

Depending on the issue, Microsoft Defender for Cloud has helped reduce our overall time to respond. There are a few recommendations that we can fix immediately by just clicking using the UI. However, the overall time to respond to issues depends upon that respected recommendation list. There are a few things that we need to consider when it comes to the security settings of our virtual machines which can take a long time to identify and fix. 

Microsoft Defender has a lot of features including regulatory compliance and attaching workbooks but the most valuable is the recommendations it provides for each and every resource when we open Microsoft Defender.

The solution provides a security posture score, which indicates how well our environment is protected and what our rating is. It also displays the current percentage of our work that is protected. 

When there is a recommendation by Microsoft Defender that suggests using the Azure Logic App, the remediation step when a user takes action should be created automatically.

Microsoft can improve the pricing by offering a plan that is more cost-effective for small and medium organizations.

I have been using the solution for almost two years.

I give the stability of Microsoft Defender for Cloud an eight out of ten.

Microsoft Defender for Cloud is a tool that is designed to scan our resources regardless of the volume every 30 minutes.

We have the standard support plan. If we need any help, we just raise a support ticket.

Neutral

The initial setup is easy. To enable the solution, we simply need to access Microsoft Defender and enable the on button.

Currently, Microsoft offers only one plan at the enterprise level which is $15 per machine. This plan can be very costly for small and medium businesses and in some parts of the world, it is cheaper for an organization to hire a full-time security engineer instead.

I give the solution a seven out of ten.

Compared to Microsoft Defender, Microsoft Sentinel is a more mature solution. We can connect to Active Directory from Sentinel to identify risky users which is information that we can't get from Defender. If we could establish the connections to Azure Active Directory and Azure Active Threat Production plan, we could define our flow, which would be connected with the workspace. Microsoft Sentinel is more flexible and is ideal for more complex security scenarios.

The solution is applied for resources in the subscription. It does not differentiate the environment. If we select the app services, it will secure all the app services in all the environments. If it's not segregated as per the environment, it can create security issues. We have three different environments: production, QA, and dev and we can only deploy the resources in two regions, which are supported by the geo in India.

We have virtual machines that need to be patched. But the patching analysis isn't done by Defender. Our solutions provide patching recommendations that have to be completed manually.

I use the solution for threat hunting. We've installed it on a lot of devices. I look for specific version numbers or threats within the environment.

The product has given us more insight into potential avenues for attack paths.

I like that the solution shows me recent log-ins for certain servers and devices. It's pretty helpful to track down activities and identify or tie them to specific users.

The product must improve its UI. Looking at multiple devices for the same issue or vulnerability is very cumbersome.

The solution should provide built-in features related to trending and graphing over time. If it’s already present, we haven’t found it. It doesn't seem intuitive to find it quite as easily as some other tools with ready-to-go dashboards.

I have been using the solution for two years.

The tool’s stability seems to be pretty good. I'm sure Microsoft takes care of its backend structure since it is a cloud solution.

Scalability, in general, is fine. We can deploy it on as many devices as we want. However, getting meaningful results and data out of that is not easy, especially when some of the things you're looking for might be across your entire enterprise. For example, if we want to know whether a DLL version is installed on any device, trying to get that information by going one by one through the devices is ridiculously cumbersome.

We used LogRhythm for a little bit. We switched to Microsoft Defender for Cloud because we wanted to do a cloud homogenization. We wanted to bring things away from on-premise and into the cloud because we had cloud assets. It just made more sense to have a cloud solution to manage the tools instead of pulling back into our network and opening the tunnel paths to our on-premise LogRhythm server.

The solution is deployed on-premise as well as on the public cloud. Our cloud providers are Azure and AWS. We also have some GCP assets. We have around 20,000 total devices. They don’t always correspond to an end user. Of those, maybe 12,000 to 13,000 are enrolled in Microsoft Defender for Cloud.

Other devices we have are either outdated Linux or outdated Windows. We’re trying to migrate all the ones we can, and then some of them will be those narrow use-case devices where it wouldn't really make sense or be feasible for them to have a definitive cloud. They're limited processing power devices, like iPads and tablets.

The product certainly requires maintenance.

Just based on costs, I do not see an ROI. However, evaluating a return on investment for something that provides insight into risks and vulnerabilities is not my area of expertise. In my opinion, a lot of it can't be quantified.

We have the full E5 license. The tool is pretty expensive.

We evaluated Splunk. Splunk's really expensive. It would also have been an on-premise solution. We needed a cloud solution.

We use Microsoft Defender for Cloud to support Azure natively. The solution’s ability to protect hybrid and multi-cloud environments is pretty important for us. Just as much as anyone else.

The unified portal for managing and providing visibility across hybrid and multi-cloud environments could be better with some of the ways things are displayed. Overall, it’s all right.

We have had the solution since we started cloud. I cannot provide a comparison for it. I don't pay too much attention to Microsoft Secure Score. However, I’m sure the product has affected it. We use the product to track down vulnerabilities and missing patches. When those get passed, I'm sure that it changes the score.

We have integrated Microsoft 365 and Microsoft Defender for Cloud with Microsoft Sentinel. However, I don't deal with it specifically. The tool’s UI could be better. As it is right now, we can only view information from one device at a time. It is extremely limiting.

The solution is pretty good at keeping our multi-cloud infrastructure and cloud resources secure. We use AWS, and we also have some Windows devices in AWS. We have Microsoft Defender on those.

Microsoft Defender for Cloud has helped save some of our SOC time. The reporting features, being able to search multiple devices for a specific vulnerability or incident and tying it back, are very difficult to do in the UI. There's some scripting that can be done, but that doesn't make it easier for a lot of people.

We have set up alerts in the tool. That, combined with other industry scanners like Tenable Nessus, Invicti, and a couple of others that we utilize in our environment, sends updates and alerts to us so that we can quickly respond to issues. We were not measuring TTR. So, the effect on the overall TTR is negligible.

It is hard to quantify whether the product has saved us money. We haven't seen any attacks from ransomware gangs. Possibly, those are being prevented, and we don't get alerts for some of these attacks. It has not saved us money. It's expensive. However, it is not expensive compared to all our computers being locked up, and someone demanded two million dollars.

People evaluating the product must look at other options to determine what works best for their environment and organization. It may not necessarily be the best option, but it might be. It certainly works well in a wholly Microsoft Windows environment, especially with other Microsoft software as a primary. If they’re using OfficeSuite, like Microsoft Word and Microsoft Excel, it works well. If they have other things within their environment, they must do their homework and research to see if it works.

Overall, I rate the tool a seven out of ten.

I used Defender for Cloud in Azure Kubernetes Service and virtual machines to provide more security to these environments.

We are a financial company, so Defender for Cloud helps us create multiple layers to protect assets and ensure a more secure environment. The solution improves our efficiency. We've increased our security posture by around 30 percent. 

Defender for Cloud's most valuable features are the dashboard and alerts about issues inside virtual machines or containers. It covers a wide range of workloads. Defender provides a prioritized list of remediations that helps us improve our team's capacity. Integrating Defender for Cloud with Sentinel has increased our visibility. The solution's coordinated detection and response across devices and identities is impressive because it is complete.

I would like to see more connectors and plugins with other platforms.

I have used Defender for Cloud for three years.

The stability of the solution is good. I don't have a problem with it.

Its ability to scale is good.

I rate Microsoft support eight out of 10. Customer service is good. I deducted two points because the documentation could be clearer. 

Positive

I did not use a previous solution prior to using Defender for Cloud.

The rollout was good. It was easy.

I am a reseller. I am partnering with TD Synnex and TeleScenics.

The return on investment is high, it's about 20 percent.

I did not consider any other solutions.

I would rate Defender for Cloud an eight out of 10. 

We primarily use Microsoft Defender for Cloud for cloud security posture management.

Defender for Cloud improves our overall cloud security posture by identifying risks and vulnerabilities. It gave me a perspective on whether we comply with the industry's best practices and benchmarks we are pursuing.

My favorite part of Microsoft Defender for Cloud is the compliance features. Defender covers a wide range of workloads, on par with competing products on the market. I can get information from other cloud platforms and use Defender across AWS, Azure, GCP, containers, servers, etc. One tool provides a view across your entire hybrid environment.

Microsoft Graph needs improvement.

I have been using Microsoft Defender for Cloud for around two years.

The stability of Microsoft Defender for Cloud is good since it sits in the Cloud, and we have not had any challenges regarding stability.

I rate Microsoft support seven out of 10. The documentation about what is covered in the basic support versus premium is unclear. 

Neutral

We use multiple products that perform similar functions in our environment, including Prisma and Wiz. We use Defender for Cloud as our native Azure tool in addition to other third-party tools.

The initial setup is relatively simple and straightforward.

No integrated reseller or custom team was used for the deployment.

We have seen a return on investment because a lot of these native tools provide better reporting, which our team can consume.

Defender's basic version is free, which is good. Many of our teams are evaluating the paid version against third-party products.

We didn't evaluate other solutions before switching as we have multiple products performing similar functionalities.

I rate Microsoft Defender for Cloud eight out of 10. Even though there are many third-party tools with more functionality, using native tools is beneficial, and we use them alongside third-party tools.

We typically use Azure Defender for securing our infrastructure-based virtual machines and database solutions on the Azure subscription. We've integrated a couple of the Defender agents into our on-premise servers too.

Azure Defender has improved our overall security posture. In particular, Defender's exploit protection mechanism protects our servers from unseen threats like process memory attacks, hash theft, or any direct script-based attacks.

Defender is just one component because the organization also uses endpoint security solutions and firewalls. This product is not an endpoint solution. It usually operates at the server level, improving the posture of the Azure cloud environment. Our end-users never deal with Azure Defender. It's purely on the administrative level. The server administration team handles it, so the end-user has nothing to do with it.

Defender is a robust platform for dealing with many kinds of threats. We're protected from various threats, like viruses. Attacks can be easily minimized with this solution defending our infrastructure.

The entire Defender family requires a little bit of clarity. There is a lot of confusion in the market, especially on the end-user side but also on the consulting side. Microsoft has launched four or five Defender products, including Azure Defender, which Microsoft renamed Defender for Cloud. They also have Defender for Identity, Defender for Endpoints, and Defender ATP. It isn't very clear.

I would suggest building a single product that addresses endpoint server protection, attack surface, and everything else in one solution. That is the main disadvantage with the product. If we are incorporating some features, we end up in a situation where this solution is for the server, and that one is for the client, or this is for identity, and that is for our application. They're not bundling it. Commercially, we can charge for different licenses, but on the implementation side, it's tough to help our end-customer understand which product they're getting.

I've been using Defender for Cloud for more than a year.

It's hard for me to talk about the stability of Defender because, in my experience, "stability" is not a word that is relevant to security. A security product is either good or bad. It protects me, or it doesn't. There is no middle ground.

If we are talking about crashes or other issues, I don't see any problems, and the scalability is fine. We can protect storage, key vaults, SQL servers, etc. Defender can protect eight or nine Azure services, and it all works fine, but it would be great if all Azure services could come under the umbrella of Azure Defender. 

For example, we use Defender to protect our SQL databases, but not all of our databases are Microsoft. I have to search for another security solution for the same database vertical because it's not a Microsoft database.

I am a solution designer and architect, and I incorporated Defender for Cloud into three different projects. The smallest had more than 200 virtual machines and 20 database servers plus a couple of Kubernetes and container environments. The largest is around 600 virtual machines on-premises and on Azure, and around 10 web applications, a couple of key vaults and databases, and some storage.

I have contacted Microsoft support, but I haven't opened any tickets for Defender so far. Generally speaking, Microsoft Azure support is quite good. 

The time needed for the initial deployment phase depends on the requirements, but generally, the deployment is quite fast because it's a cloud-native tool. They have just upgraded the Azure Security Center to add Defender.

When talking about cost versus value, you have to consider Defender in the context of Microsoft's cloud solutions as a whole. It's a cloud-native tool, so why is Microsoft charging so much? 

The features are good, but Microsoft created Azure, and they provide monitoring and backup solutions. It's also Microsoft's responsibility to offer security solutions, so why do they charge so much? Why isn't it incorporated into the old security center products? It should typically come with the security center. 

Defender for Cloud is pretty costly for a single line. It's incredibly high to pay monthly for security per server. The cost is considerable for an enterprise with 500-plus virtual machines, and the monthly bill can spike. 

If we're just dealing with servers and Azure infrastructure, then Defender for Cloud is the way to go. But if we want to cover endpoints, emails, and other entry-exit points, then we need to think about another solution

Symantec and a few other tools have end-to-end solutions that protect everything in a single console. You can't do that with Defender for Cloud. Depending on the client's requirements, Defender might not be the best option because it might not cover all the use cases that a client needs.

It's good for clients who are mainly or entirely dependent on Azure resources. If a client's infrastructure is more than 70 percent Azure, it's a good product because it has native control by Microsoft only. In other cases, it's a challenge. The product is good if you're working entirely within a Microsoft, like Windows Server, Azure services, or Office 365 services, but you run into a problem the moment you start going into macOS, iOS, Android, Linux, etc. 

The agent installed there for Defender works differently. But on the flip side, a competitor's product never addresses the spatial bias on Windows. Every product line is the same. Their agents behave the same way on Linux, macOS, iOS, Android, and Windows. That is the fundamental difference I see.

I rate Defender for Cloud eight out of ten. I would recommend it depending on your use case. It's a single solution that can address mixed infrastructure that includes on-premises, AWS, GCP, or Azure. Defender can provide security for all four.

My client, a construction company, needed to replace their antivirus solution, including their Azure and on-prem services. They decided they wanted to use Defender for Cloud, so I started to implement it for them. The license for their antivirus software was about to expire, and they didn't want to spend much money. They opted for Defender for Cloud to replace Symantec. System Center (endpoint protection), Security Center and Advanced Threat Protection were all consolidated into one product called  Defender for Cloud. 

The company I worked for was divided into several teams. We had an Azure Infrastructure team and workplace teams providing local on-premise services. The client was the biggest construction company in the country, with multiple locations. 

The strong point of Defender, especially when using Azure Arc to bring in on-premises systems, is that it doesn't matter where these systems are. They're just resources in the portal. If you see them and can install agents on them, it's fine. It doesn't matter how it's distributed or where the locations are. 

I believe that Microsoft Defender for Cloud raised our client's Microsoft Security Score to around 79 percent. That includes other security components. It's not just antivirus. There are all sorts of things that contribute to the score, for instance, the use of public IP addresses on VMs.

Our clients also saw some financial benefits because they didn't need to renew the Symantec license, but the biggest benefit was the ability to install Defender on Azure and on-premises machines from a single point.

Defender lets you orchestrate the roll-out from a single pane. Using the Azure portal, you can roll it out over all the servers covered by the entire subscription. Having that unified portal was nice, but it was a challenge. We first implemented Azure Arc, which allowed us to incorporate our on-prem machines like they were actual Azure resources. The single-pane-of-glass management is highly practical. We are accustomed to managing systems across different portals or interfaces, so it's convenient to do it from one place. That's a bonus, although it's in no small part thanks to Azure Arc. Defender then takes all the services it finds in Azure Arc and it rolls them out seamlessly as long as they ause Server 2016 version or above.

It's a severe issue when you need to install Defender for Cloud on Microsoft operating systems older than 2016. Operating systems released after 2016 will seamlessly integrate with Defender with no problems. Older operating systems don't integrate smoothly. The 2012 operating systems will continue to be used for years. The 2008 systems will be phased out, so that won't be a problem for long, but you need some quick fixes to install on a 2012 OS.

The older the operating system, the more difficult it is to detect if the solution is working. That was a significant problem. It works fine on a newer OS. On the older ones, we had to do some tricks to determine if it was correctly deployed and working since the integration of Defender in the older OS is a lot less. Microsoft couldn't help us with that.

Another thing is that Defender for Cloud uses more resources than for instance, CrowdStrike, which my current company uses. Defender for Cloud has two or three processes running simultaneously that consume memory and processor time. I had the chance to compare that with CrowdStrike a few days ago, which was significantly less. It would be nice if Defender were a little lighter. It's a relatively large installation that consumes more resources than competitors do.

I have been implementing Microsoft Defender for a large construction company. We started the contract about three or four months ago. I was only responsible for the installation. We aren't the team that monitors or maintains the solution. That was not my task. We were just responsible for installing it and ensuring it worked on every machine.

Defender is relatively stable as far as I can tell. It works great except for the issues with older operating systems. In some cases, you may need to come up with a workaround. 

The solution is scalable if you activate the Defender plan for all servers and containers. When you deploy new ones, it automatically picks them up and installs the components. It's perfectly scalable in that sense.

I rate Microsoft support five out of ten. You can open up a support ticket and get into Microsoft's general support chain. You need to explain the issue, and they'll get back to you. Nine times out of ten, you will get someone new and need to explain the situation again. That doesn't help much. In the end, we had to fix it all ourselves.

We had a contact at Microsoft Amsterdam who was helpful. He was more of a sales contact. He told us the best approach and turned out to be correct.

Neutral

It wasn't my decision to go with Defender for Cloud.  That doesn't mean that I would've chosen anything else per se, but those decisions are made on the managerial level. 

Installing Defender was straightforward as long as you're dealing with a more current operating system. On a post-2016 operating system, it's only a few mouse clicks. That's the beauty of the cloud. It arranges everything for you. The on-premise solution usually works the same. It's seamless. You activate the plan, select for which resource types you want to enable Defender, (including on-prem machines using Azure Arc) then hit "go." All that changes on older operating systems.

We had to create a design, test it, and get approval from management. We first tried it on a 2019 operating system, which was a piece of cake, but we faced challenges deploying it on 2008 and 2012 systems. That's why it ultimately took us three weeks to complete the deployment. If you don't have any older operating systems, it's quite effortless. 

We had four people working on the implementation, including three technicians. I was the only one from our Azure team, and there was another person from the workplace team who had access to the on-premise servers. He could log in to run some scripts and see if everything worked. We also had a project manager and a person from the client's team to test as soon as we were ready. 

I rate Defender for Cloud eight out of ten. It uses more resources than competing solutions, but that's the only issue. If you plan to implement Defender for Cloud, I recommend considering the operating systems you use. 

If there are a lot of Server 2008 and 2012 VMs, it might not be the best solution. It is still possible, but it's harder to monitor and manage. It's tricky to check if everything works. These issues don't exist as long as you use the 2016 version or above. 

The solution provides a security score based on the environment and gives recommendations for improving that score. For example, a manual server may require patches to strengthen security, and MS Defender for Cloud informs us. We can also run a vulnerability assessment in the background of work processes to detect server vulnerabilities. We primarily operate a hybrid cloud environment with some specific on-prem integrations.

One of our clients, operating in the electronics industry, has around 1,300 endpoints, 700 users on the Windows server, and 300 other devices. There are also 100-150 users on Unix servers.

We use multiple Microsoft security products, including Defender for Cloud, Sentinel, and Defender for Endpoint. The products are integrated, and there is nothing complicated about integrating them; we provide the APIs or the credentials, and they are automatically integrated.

The product helps us prioritize threats across the enterprise, which is essential when interacting with clients, as we can show them their high-risk vulnerabilities and tackle them first.

The solution helps automate routine tasks and the finding of high-value alerts. Additionally, following the resolution of an issue, we can set up a logic app to trigger an automatic system response if it happens again.

The integrated security suite saves us time, as multiple security solutions work together seamlessly in the cloud, allowing us to take actions that could take 24-48 hours to replicate using third-party products. 

Defender for Cloud reduced our time to detect and respond; if we are faced with an issue known to the threat intelligence database or that occurred before, we don't need to invest any time at all. The solution reduced our time to detect and respond by around 50%. 

Integration with Defender for Endpoint allows us to see the health of our endpoints in terms of workload protection, which is one of the benefits of these integrations.

Microsoft solutions working natively together to provide integrated protection and coordinated detection and response is essential from a business point of view. We don't have to manage multiple tools and services from different dashboards; we can monitor and manage everything from a single point. All the generated alerts from numerous services are ingested into one solution that a single team can monitor. That's one of the best parts of using the integrated Microsoft security suite.

The solution's robust security posture is the most valuable feature.

We have a lot of firewalls, and we can manage them in the solution through the firewall manager. We can set up an Azure firewall and centralize the management policy.

The solution provides excellent visibility into threats, and it's a cloud-based integrated solution, so we don't have to worry about any third-party products or services. Microsoft provides so many options, and that's great.

Defender for Cloud generates reports we can use as an assessment, as it allows us to see the services in our environment and our points of highest risk.

The solution's threat intelligence helps us prepare for threats before they hit and take proactive steps, which is very useful for analysis. 

The most significant areas for improvement are in the security of our identity and endpoints and the posture of the cloud environment. Better protection for our cloud users and cloud apps is always welcome.

Several features are already in the pipeline, including one called External Attack Surface Management, which will be welcome additions.

The solution's stability is impressive; it's very stable.

The scalability is excellent; if we grow or shrink in the future, the scalability is there to accommodate us. I rate the solution ten out of ten in this regard.

When we have a critical issue, customer service is very prompt, and we often get support rapidly. We also get good help in our production environment.

Positive

I previously used Symantec Endpoint Detection and Response and switched because of the benefits of having a cloud-native solution. Additionally, the market is moving towards Microsoft, including many of our customers, so it makes sense for us to go with this trend.

The initial setup consists of three steps for us; first, we conduct an assessment or discovery with a client to determine their requirements and develop an understanding of their environment. Second, we design and plan the deployment to fulfill the client's requirements. Third, we implement and conduct a POC, and if successful, we roll out the entire deployment. The complexity of the setup and the number of staff required depends on the size of the business.

An example of an organization with 500-1,000 staff is that the initial information gathering takes four weeks, the design and planning stage takes two weeks, and the implementation and POC take another two weeks. Therefore, the deployment can take between eight and 15 weeks for a two-person team.

In terms of maintenance, the solution requires monitoring and routine inspection of the details across the services.

I rate the solution nine out of ten. 

DevOps security features are in the preview phase, so we may utilize the solution for that in the future.

We use Microsoft Sentinel, enabling us to ingest data from our entire ecosystem. This data ingestion is important to our security operations because information on our critical applications and services provides us with activity, audit, and application logs. This logging capability means Sentinel allows us to investigate threats and respond holistically from one place. 

To a security colleague who says it's better to go with a best-of-breed strategy rather than a single vendor's security suite, I'd say there are benefits in going with a single vendor.

I work as a SOC manager. We use it for incident security, incident monitoring, threat analysis, and looking at remediation or suppression.

Most use cases that come from Microsoft are all automated. Even before any manual effort, the tool is designed in such a way that it just does the threat analysis. It gives us exactly what the incident alert is all about: 

• The priority
• The threat 
• The impact
• The risk
• How it can be mitigated. 

Those are the key features of this particular tool.

The solution has features that have definitely helped improve our security posture.

One important security feature is the incident alerts. Now, with all these cyberattacks, there are a lot of incident alerts that get triggered. It is very difficult to keep monitoring everything automatically, instead our organization is utilizing the automated use case that we get from Microsoft. That has helped bring down the manual work for a lot of things. The automation tool does the following (when human interaction is needed): 

• Identifies what kind of an alert is it. 
• Whether we have to dismiss it. 
• When we need to take any action so the team can do it appropriately. 

This is one of its key benefits.

It is easy to use based on my experience. If a newcomer comes in, it is just a matter of time to just learn it because it is not that difficult.

Most of the time, we are looking for more automation, e.g., looking to ensure that the real-time risk, threat, and impact are being identified by Microsoft. With the Signature Edition, there is an awareness of the real risks and threats. However, there are a lot of things where we need to go back to Microsoft, and say, "Are you noticing these kinds of alerts as well? Do we have any kind of solution for this?" This is where I find that Microsoft could be more proactive.

I have been using it for more than nine years.

We have not had issues with tool usage or any hiccups.

There are certain glitches, which are areas of improvement, thus we continuously keep working with Microsoft. Microsoft does acknowledge this, because it's a learning experience for Microsoft as well. They always expect feedback and improvements on their tools, as it is a collaboration effort between Microsoft and the client.

I work for an organization with more than 50,000 users. Under security alone, we have 5,000-plus users. On my team, we have around 400 people who are looking at it.

There are different roles in the company: project management, security operations (the red and blue teams), and pen testing. I lead a security operations center team, where we have L1, L2, L3, and L4 capabilities. All these come under the same umbrella of the security operations center, and they are all rolled up to the Chief Information Security Officer as part of security. 

An ongoing improvement for both Microsoft as well as for my organization: We need to work together. Sometimes, the solution doesn't work so we reach out to Microsoft Enterprise support for any help or assistance. If there is any feedback or improvement, then we work together, but they definitely have helped most of the time.

There are certain gray areas. We constantly work with Microsoft to notice whether there is something that only we, as a client, face. Or, if there are other clients who have the same kind of situation, issues, or scenarios where they need help. 

I would rate Azure Security Center anywhere between five to six out of 10. Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time.

We use Microsoft Defender and Splunk. We primarily went with Azure Security Center because of client requirements.

The initial setup is pretty easy and straightforward. 

To deploy just Azure Security Center, it took three to four hours. However, there are a lot of things that it depends on.

Different clients have different requirements. If the client says, "We are using Azure Security Center. We want to use Microsoft technology or products." We will go with that. There are clients who are using Cisco products as well. 

The solution architect usually designs it, taking into consideration the initial setup guide, playbook, and documentation. 

We don't use consultants for the deployment.

It has global licensing. It comes with multiple licenses since there are around 50,000 people (in our organization) who look at it.

For organizations who have an on-prem environment and are planning to move to a cloud-based solution, Azure Security Center is definitely one of the best tools that they can use. Year-over-year, I can see a lot of differences and improvements that Microsoft has definitely implemented, in terms of risk analysis, threat impact, and risk impact.

Most of the time, for any action that is performed within an organization or environment, if there is a risk or threat analysis, it is the security operation center who gets to know about it. The end user doesn't get affected at any cost unless there is a ransomware or cyberattack.

I wouldn't say that this is the only tool or product that has helped us out. There are a lot of technologies that Microsoft has come up with, which all together have made a difference. From a score of one to 10 for overall security, I would rate Azure Security Center somewhere between a seven to eight. This is not the only tool that my team depends on. There are other tools, but in terms of threat analysis and threat impact, this particular tool has definitely helped us.

We use a lot of Microsoft technologies, not only Azure Security Center. Apart from Azure Security Center, we use the playbook. We are also moving forward with Azure IoT Central and Log Analytics, which is a SIEM tool. So, I have Azure Security Center, Azure Advanced Threat Protection, Windows Defender, Log Analytics, and Azure IoT Central. 

Using Azure Security Center, there are a lot of things that get automated. So, I am not dependent completely on Azure Security Center. It is a collaboration of different tools and technologies to achieve the end result. That is why I am saying seven to eight out of 10, because I am not dependent on a particular tool. It is also one of the tools that is definitely helpful for checking risk analysis, but there are other tools as well.

I would rate Azure Security Center as seven to eight of 10. If you talk about Microsoft products, I would rate it anywhere between eight to nine out of 10.