Microsoft Defender for Cloud Reviews

We use Microsoft Defender for Cloud primarily for cloud security management, which includes vulnerability management. In a security environment, managing vulnerabilities is a top priority. Defender for Cloud helps identify and mitigate these vulnerabilities and protect against threats like viruses, worms, and spyware.

It offers virus management and addresses threats such as viruses, worms, spyware, and other critical security concerns.

Support needs to be highly responsive, especially in large enterprise environments. When support is required, it must be immediate, as there could be urgent situations. For instance, prompt resolution is essential if there's a critical issue like a global cyber threat that impacts networks worldwide.

If our team encounters such a problem and needs assistance, we require a support team that can provide immediate, hands-on help to resolve the issue effectively. Quick and expert support is crucial for managing high-level emergencies and ensuring smooth operations.

I have been using Microsoft Defender for Cloud for 25 years.

It is useful for small companies as well. It provides robust security without requiring a dedicated, highly qualified team to manage it.

The solution is scalable. It is suitable for large enterprises. 

I rate the solution’s scalability a ten out of ten.

The solution is easy to setup and configure.

Deployment of Microsoft Defender for Cloud is typically based on the infrastructure size, including factors such as the footprint, network, and devices that need protection. When deploying Microsoft Defender for Cloud, agents must be installed on various devices within the network, including servers, desktops, and other appliances that require protection.

Specific government protocols and security standards must be followed in a secure environment. Microsoft Defender for Cloud helps manage vulnerabilities in your cloud infrastructure. It offers protection against threats such as worms, spyware, and viruses. The tool provides continuous monitoring and real-time threat detection, which is essential for maintaining a secure network environment.

Overall, I rate the solution an eight out of ten.

We use Microsoft Defender for Cloud as one of the sources for our Azure environment. We have a managed detection response solution, and we add data sources to it, like SOC, SIEM, and SOAR solutions. We also want to have data in our Azure cloud environment.

We deploy this solution in multiple regions like Europe and Oceania.

We have multiple solutions like our data analytics platform and our system development platform. Our web shops use it. Almost everything is in the cloud.

We have approximately 2,000 end users.

The solution is deployed on the Microsoft Azure cloud.

The solution helps our teams to be more aware of security and protects our environment.

Most importantly, it's an integrated solution. We also use Defender for Endpoint. For Office 365, we use Defender for Identity. 

We have integrated some of these products into our MDR solution. It's not a Microsoft Sentinel SOC, but we have a SOC/SIEM from a third party.

It's really easy to integrate because it's just an interface, a Microsoft Graph security API. We can collect all the data and forward it to our solution.

This solution is for detection and response, so it helps us prepare for potential threats. We have special teams for threat hunting the data.

We use this solution for extra security in our environment. We secured our Azure cloud environment with firewalls and application gateways, but we also want to have trust in our resource groups. That's an extra line of defense for our security.

We don't use the interface a lot because we use it as a data source for our MDR solution. The MDR solution is our main interface.

These solutions work natively together because we don't just use Microsoft products as a data source. We use all kinds of security products as data sources, like our firewalls, gateways, and event collections from Windows and Unix.

Threat protection is comprehensive and simple. We have an enterprise agreement with Microsoft itself, but we also have CSP contracts with several parties, so we can easily get the licenses we need. It's very easy to install.

Sometimes it's very difficult to determine when I need Microsoft Defender for Cloud for a special resource group or a special kind of product.

In Defender for Endpoint, the software is capable of acting immediately if something occurs. If an attacker wants to encrypt the disc, for instance, we're able to react immediately. I don't know if Defender for Cloud has the same capabilities.

I have used this solution for about a year and a half.

At the moment, I think it's a very stable solution. We haven't had any problems with it.

It's scalable.

From Microsoft's perspective, it's fine. We don't have any issues at the moment.

I would rate technical support an eight out of ten. 

The initial setup is straightforward. It took 10 seconds.

We have a Cloud Security Provider, so I don't know how much time they spent on deployment.

The solution hasn't required any maintenance yet. We are trying to innovate each solution. It's an ongoing business process to innovate.

We haven't seen ROI yet, but we plan to. The first sign is safety first. Safety will cost money, so it shouldn't be too much.

Pricing is difficult because each license has its own metrics and cost.

We evaluated other options. We have a lot of other products like McAfee, but we are changing everything to Microsoft Defender.

We decided to switch because we want to have an overall standard that's enterprise-wide so that everything is easier to manage and the data it delivers is all the same. We wanted to have one view of everything.

I would rate this solution an eight out of ten because we don't use all of the capabilities yet. At the moment, we still only use the data sources. I'm happy with it so far.

Instead of a single vendor security suite, I like having at least two so that they can challenge each other.

Microsoft Defender helps us prioritize threats across our enterprise, but we only prioritize our high-risk resources with Defender products.

It's difficult to say if the solution saved us time because we use it for our Azure cloud environment, so we're working in the cloud.

At the moment, we're not saving money. The solution costs our company money. It's like having insurance: It doesn't save costs, but it might save us costs if something happens. It's about risk.

It hasn't decreased our time to detect and respond yet, but it should be because we have our data source on Endpoint and in the cloud. It's an integrated solution. When we find something anywhere, we can act everywhere. We have more possibilities.

We use the solution as a VPN and for endpoint security. 

I've seen benefits since implementing Microsoft Defender for Cloud. It's easy to manage for our large organization as an endpoint security solution. It integrates well with Office 365 and Windows 11, which is better than before. Patching, updates, and threat protection are all handled together now. Its AI features help predict threats. 

We've automated some processes, like batch updating and vulnerability detection, using AI. Our dashboard tracks every machine's IP and identifies vulnerable software. Using AI, we can gather this information and provide it to users. We also use chatbots to provide solution steps.

Microsoft Defender for Cloud is not compatible with Linux machines. 

I have been working with the product for three to four years. 

I rate the tool's stability a ten out of ten.

I rate Microsoft Defender for Cloud's scalability as nine out of ten. My company has more than 300 users. In our environment, we're using it on over 130,000 machines.

The solution's deployment process is not complex and is completed in 20 minutes. 

The solution helps to reduce costs by 20 percent. 

The solution is expensive, and I rate it a five to six out of ten. 

I would recommend the solution to others and rate it a nine out of ten. 

My client, a construction company, needed to replace their antivirus solution, including their Azure and on-prem services. They decided they wanted to use Defender for Cloud, so I started to implement it for them. The license for their antivirus software was about to expire, and they didn't want to spend much money. They opted for Defender for Cloud to replace Symantec. System Center (endpoint protection), Security Center and Advanced Threat Protection were all consolidated into one product called  Defender for Cloud. 

The company I worked for was divided into several teams. We had an Azure Infrastructure team and workplace teams providing local on-premise services. The client was the biggest construction company in the country, with multiple locations. 

The strong point of Defender, especially when using Azure Arc to bring in on-premises systems, is that it doesn't matter where these systems are. They're just resources in the portal. If you see them and can install agents on them, it's fine. It doesn't matter how it's distributed or where the locations are. 

I believe that Microsoft Defender for Cloud raised our client's Microsoft Security Score to around 79 percent. That includes other security components. It's not just antivirus. There are all sorts of things that contribute to the score, for instance, the use of public IP addresses on VMs.

Our clients also saw some financial benefits because they didn't need to renew the Symantec license, but the biggest benefit was the ability to install Defender on Azure and on-premises machines from a single point.

Defender lets you orchestrate the roll-out from a single pane. Using the Azure portal, you can roll it out over all the servers covered by the entire subscription. Having that unified portal was nice, but it was a challenge. We first implemented Azure Arc, which allowed us to incorporate our on-prem machines like they were actual Azure resources. The single-pane-of-glass management is highly practical. We are accustomed to managing systems across different portals or interfaces, so it's convenient to do it from one place. That's a bonus, although it's in no small part thanks to Azure Arc. Defender then takes all the services it finds in Azure Arc and it rolls them out seamlessly as long as they ause Server 2016 version or above.

It's a severe issue when you need to install Defender for Cloud on Microsoft operating systems older than 2016. Operating systems released after 2016 will seamlessly integrate with Defender with no problems. Older operating systems don't integrate smoothly. The 2012 operating systems will continue to be used for years. The 2008 systems will be phased out, so that won't be a problem for long, but you need some quick fixes to install on a 2012 OS.

The older the operating system, the more difficult it is to detect if the solution is working. That was a significant problem. It works fine on a newer OS. On the older ones, we had to do some tricks to determine if it was correctly deployed and working since the integration of Defender in the older OS is a lot less. Microsoft couldn't help us with that.

Another thing is that Defender for Cloud uses more resources than for instance, CrowdStrike, which my current company uses. Defender for Cloud has two or three processes running simultaneously that consume memory and processor time. I had the chance to compare that with CrowdStrike a few days ago, which was significantly less. It would be nice if Defender were a little lighter. It's a relatively large installation that consumes more resources than competitors do.

I have been implementing Microsoft Defender for a large construction company. We started the contract about three or four months ago. I was only responsible for the installation. We aren't the team that monitors or maintains the solution. That was not my task. We were just responsible for installing it and ensuring it worked on every machine.

Defender is relatively stable as far as I can tell. It works great except for the issues with older operating systems. In some cases, you may need to come up with a workaround. 

The solution is scalable if you activate the Defender plan for all servers and containers. When you deploy new ones, it automatically picks them up and installs the components. It's perfectly scalable in that sense.

I rate Microsoft support five out of ten. You can open up a support ticket and get into Microsoft's general support chain. You need to explain the issue, and they'll get back to you. Nine times out of ten, you will get someone new and need to explain the situation again. That doesn't help much. In the end, we had to fix it all ourselves.

We had a contact at Microsoft Amsterdam who was helpful. He was more of a sales contact. He told us the best approach and turned out to be correct.

Neutral

It wasn't my decision to go with Defender for Cloud.  That doesn't mean that I would've chosen anything else per se, but those decisions are made on the managerial level. 

Installing Defender was straightforward as long as you're dealing with a more current operating system. On a post-2016 operating system, it's only a few mouse clicks. That's the beauty of the cloud. It arranges everything for you. The on-premise solution usually works the same. It's seamless. You activate the plan, select for which resource types you want to enable Defender, (including on-prem machines using Azure Arc) then hit "go." All that changes on older operating systems.

We had to create a design, test it, and get approval from management. We first tried it on a 2019 operating system, which was a piece of cake, but we faced challenges deploying it on 2008 and 2012 systems. That's why it ultimately took us three weeks to complete the deployment. If you don't have any older operating systems, it's quite effortless. 

We had four people working on the implementation, including three technicians. I was the only one from our Azure team, and there was another person from the workplace team who had access to the on-premise servers. He could log in to run some scripts and see if everything worked. We also had a project manager and a person from the client's team to test as soon as we were ready. 

I rate Defender for Cloud eight out of ten. It uses more resources than competing solutions, but that's the only issue. If you plan to implement Defender for Cloud, I recommend considering the operating systems you use. 

If there are a lot of Server 2008 and 2012 VMs, it might not be the best solution. It is still possible, but it's harder to monitor and manage. It's tricky to check if everything works. These issues don't exist as long as you use the 2016 version or above. 

We use the solution internally.

Azure Security Center works with Azure Defender. Azure Defender is used for identifying the vulnerabilities and loopholes inside our system that we can deploy on multiple layers either from the subscription level, the source level, or on the devices. You can connect multiple devices to this. That's not specific to only servers. You can connect with ER80 as well as SQL servers. Most of the services are covered within the Microsoft Defender.

We find two things inside the Azure Security Center to be quite valuable. One is the recommendations, and the second is the regulatory compliance. Both help to keep everything running smoothly. This will give you the security score as well. You can try to get the highest security score, which is 100%. You can get there just from the recommendations from Microsoft. Not all the recommendations will be applicable on the enrollment side.

Regulatory compliance is PCI compliance. There are multiple compliance options you can follow.

Azure Defender helps improve our security posture. You enable it for each and every server. It is a monthly-based subscription and about $15 per month per server. You can see right on there that the vulnerability is automatically run with the help of a Messages scanner. Messages is running behind Azure Defender. It automatically runs and scans, and that will show up on your portal. You do have to take any necessary steps to run recommendations. Either you can see if any energy port is open, for example, if RDP is open, it will realize, “Okay, just close RDP for outside work." These kinds of recommendations are very helpful from the Azure Security Center.

You have inventory on Azure Security Center, as well as Workbooks. You can create Workbooks. These are automatic playbooks where you can see the entire dashboard. If you prepare a monthly report, or a weekly report, it's better to create it in Azure Security Center instead of Workbooks with the help of JSON, or use drag and drop as an option. That will help you to keep updated more on things.

Inside Azure Security Center, with Workbooks, you can create your own workbooks according to your users. If you have a system update setting inside Azure, with the help of an automation account, if you click it, inside the system update Workbook, you can see all the systems which are taking updates. If that is updated, you can see whether the system is compliant with updates. All the reports are visible. You can see reports on the basis of subscriptions or on the basis of resources if you want.

Azure Security Center does not affect the end-user experience in any way. End users don't feel its presence in the organization.

The solution offers collaborative services. If you enable Azure Defender for servers or any services, basically, you can automatically subscribe for Azure Defender for Endpoints, which is easy.

You can install the EDR on each and every server. That will give you all of the process logs and what a user is doing. You can tell if a URL is open on your system, for example.

You can remediate with automation as well if you want to. That's for malware or any malicious files if they are present on the system. It will detect using the intelligence of the Defender Endpoint. You can take hybrid action on an alert, you can take a fully automated action, or you can take 100% manual action.

With Defender Endpoint, if you find out if one system is compromised, you can actually separate it from the network. If you have to deal with ransomware. If one system is affected by ransomware, you can remove the system from the network.

There is a security alert inside Defender that's per the recommendations and activities that happen inside your network. You will see security events there. If you do not have any other SIEM solution in your environment, you can leverage this. 

The team is already working on one of the latest features, which is having migration techniques right on the portal available. It's possible to use it now. That's one good new feature.

For MIM, they are still improving things on Azure Security Center. There are a few flaws in backend technologies. If you do not have the correct access to the system, you cannot access the files and most of the reported resources.

For example, a general huge storage account, which is exposed for public access. If there are ten storage accounts available, you can see the names. You can identify, those storage accounts that are supposed to be accessed from the outside, maybe, due to some feature happening behind the scenes on a storage account, and these are supposed to be exempt from the portal. You shouldn't see them again and again and this should not affect your security score overall. However, they are not easily exempted from the portal. There's no way to exempt them properly.

You cannot create custom use cases. You can use what is already present on the Microsoft side in terms of security alerts. You can, however, customize whitelisting for alerts.

I've been using the solution for four years now. For one year, I have been working as an architect on Azure Security Center.

The stability is 99.9%. I never have seen any failure. Sometimes you find the service is slow. However, that could be related to an internet connection or something else. Every service has downtime. There is very, very minimal downtime here. I haven't faced any challenges in four years.

The scalability is very good. You don't need to put any extra agent or anything from your side. Everything is automated. It's the easiest security feature, which you can get from Microsoft.

For every project, an architect from the Microsoft side is assigned to the team. You can directly connect with them. You can also create a technical ticket. They will respond immediately. If the issue requires a certain level of severity, you will get a call directly. If it's not as serious and they email you, however, you do not respond to their email, they will call you. Otherwise, they will keep communicating via emails.

I'm in India. When I open a ticket, it may be assigned to the Indian parties and they take time to remediate your problems. If I am routed to the senior team of Microsoft, they won't take much time. They give you new solutions quickly. It's a good thing. 

We do use Azure Sentinel. I'm also familiar with Google Cloud Platform, GCP. It's a bit complex as the structure is not as good as Microsoft. Microsoft, from top-down, offers a management group, subscriptions, and tenants under one group. Inside that resource group, you will find resources. That is easy. On the other hand, inside GCP, there are folders inside folders. Then you can create multiple folders inside one folder. That makes things very complex. There are not too many security solutions available on GCP. I do not have too much experience with GCP, however, given the experience I have, according to that, GCP isn't as good.

You can handle many things on Azure with the UI. There's no need to go for the PowerShell if you don't know it. If you know PowerShell best, you can use it if you want to. If you want any report from the GCP, however, you'll have to first understand the shell scripting. It's hard to find projects due to the way GCP is laid out. There's too much complexity.

The solution is very easy to deploy. This is automatically installed on the Portal. There is no need to install anything on the Portal. There are just a few buttons inside the settings if you want to enable the Defender, et cetera. That will automatically install on all the servers. The agents are already present.

The solution takes six seconds to deploy. If you are on the Portal, you can do it in seconds. The first remediation will show within 30 minutes due to the fact that the scan takes time. The message takes a little bit of time to scan the entire infrastructure. That completely depends on how big a company's infrastructure is.

If there is another service, such as Azure Sentinel, you need to install agents on all the machines. If there is a Linux machine, you have to install the OMS agents. However, that's not the case over here.

One person can easily handle maintenance. A single person handles both Azure and Sentinel. Ours is a small environment. 

In terms of ROI for Azure Security Center, the solution offers basic security features, which Microsoft is providing. That's the main thing. There's no need to go and get any technical team to handle anything. If you know a little bit about the security, you just go and toggle the button and you install it on all the servers and services. With this product, you will start getting recommendations and security alerts. 

In contrast, if you go on any other products, you need a specialized team for security, especially. You need a complete specialized team for different services and for different actions. It's better to use Azure Security Center. There's no need to go and install anything and it's offering good security.

The licensing cost per server is $15 per month. This is the same for SQL which is also $15 per server. It covers the Defender licensing as well. According to my experience, it's a good deal.

I worked on all the Defenders, ten now, and, right now, we are more focused on Azure Defender, which is a part of the Azure Security Center on the Azure Portal. Defender is actually deployed on servers including other staff services, second path services, servers and community, and SQL databases. On each of these, you can deploy Defender.

This product is a Saas solution that is automatically updated from the Microsoft side. Any clients will not need to update manually.

If you have a hybrid cloud network or hybrid environment inside your organization, this solution will still work for you.

I'd rate the solution at an eight out of ten.

When it comes to Microsoft, the education surrounding Azure services and training is very easily available online without having to make any calls. If you want to join their webinars, you can join. If you want to get any certification, it is almost free for everyone. For a student they offer the training at 50% or 40% of the cost, or if you work at a good company. I did not pay anything for any certification. I have eight certifications from Microsoft. 

There were many use cases. We were monitoring auto IT applications and creating internal processes to understand which ones were going to be allowed and which were going to be blocked. We created the policies internally. 

It's an IT tool to monitor employees' usage on the internet and of web apps. We created policies so that, for example, when employees reached certain websites, like games, they would be blocked. We created a message for the email that they would receive, and there were links for whom to contact if they needed to override it. We created all the processes behind it.

From a security perspective, it reduced the amount of risk for employees, contractors, and users who might try to go to dangerous sites, as we blocked them. It helped us to identify dangerous sites so that we could make decisions on blocking them or not.

The effect on time to detection using Microsoft Defender for Cloud was very positive. The policies we created were providing information as threats arrived. When someone clicked on a website or on a link that was dangerous, it detected that and our team was able to control the situation right away. It was very highly effective because they got a live notification as soon as it happened. It improved things very positively.

It also had a positive effect on time to respond. As soon as an alert was received or something potentially dangerous happened, a process behind the scenes that we created helped them to react immediately.

The first valuable feature was the fact that it gave us a list of everything that users were surfing on the web. Having the list, we could make decisions about those sites. 

Second, it tried to categorize the apps, from riskier to less risky, with a behind-the-scenes algorithm. Even though we didn't use that, it was a starting point for our first review of the applications. We started with the riskiest ones and decided whether each one should be blocked or not. The fact that it provided a risk rating was very valuable. 

And it's very easy to use. Those are the top three.

Six months to a year ago, which was the last time I used the solution, the algorithm that was designed to define whether or not a site is dangerous or not needed to be improved. It didn't have enough variables to make the decision. 

Another thing that could be improved was that they could recommend processes on how to react to alerts, or recommend best practices based on how other organizations do things if they receive an alert about XYZ. 

Also, the complexity in the amount of information for this process could be reduced to facilitate those of us who are implementing and using the system, and guide us as to exactly what is needed.

I used Microsoft Defender for Cloud for a year and a half.

The stability was very high. We never had any issues with it.

With Microsoft products, you can keep adding more information if needed. For the purposes of the tool, it covers everything.

We never used their technical support.

We didn't replace anything with this solution. It was something we added to what was already in place. Our threat department continued to use all the products that it had been using. This one was additional and brought more alerts.

The initial setup was straightforward because the platform was already in place. It comes with the system and you just activate it.

The first phase was creating all of the policies. Then we did a total review of the more than 10,000 apps and we started categorizing them in a different way than the tool does. It was a challenge because what the tool recommended was different from what we wanted to implement. We created our own policies.

We used a security consultant to help us, but that was for the processes we put in place, not for the tool, per se. It was along the lines of, "Okay, when we receive this, what do we do?" They helped us create policies and told us what the best practices are; everything that the tool doesn't give you.

It's very expensive in terms of the need to maintain it actively. You need a group of people in the organization to do the job because if the tool is sending information, a bunch of alerts on policies that we created, and nobody is reviewing it, it is doing nothing. Once you create policies, you have to have a very established group that, based on the design of all of the policies, will follow a process to take action on each of them. Some of them were very complex and some of them were very simple. Some of them were automated and others were escalated, depending on the danger. So it can be very complex, depending on how you implement it in your organization.

The tool doesn't solve the problem, it just gives you the information so that you can solve the problem. Solving the problem takes a lot of resources, a lot of time and, it turns out, money. So it's expensive.

I don't think it saves time because it discovers things that would never have been discovered in any other way.

I have a highly specific use case for Azure Defender, so I don't think I've used most of its features. We primarily use it to secure Kubernetes clusters in other cloud environments. For example, I have Kubernetes in Amazon AWS, and we're trying out Azure Defender to protect those Kubernetes clusters.

We also use Defender to scan the image repositories held in Azure Container Repository or ACR. We use Defender plus Azure ARC and Windows Defender. All three products work in conjunction to give us some security insights into our cluster.

We haven't fully implemented Azure Defender yet. Right now, we're at the POC stage. However, if people have a genuine use case, they should see its value, especially because of its cross-cloud compatibility. I don't think any other tool provides the same cross-cloud compatibility as Azure Defender combined with Arc, so that's a significant selling point for this product.

The security scorecard is something I find helpful. It tells me what's missing and identifies new vulnerabilities inside my registries. Once I publish the image, the scorecards automatically update. I don't need to constantly run a security scan for my images because the scorecards are updated by Azure periodically. That makes my job easier.

I haven't been using Azure Defender for long. It's been around three months. 

Overall, Azure Defender's availability is excellent. However, the Kubernetes security is a new offering that is still under development, so the service's availability and support are not mature at this point and definitely need improvement.

I rate Defender's scalability about eight out of 10. If you compare Azure Defender to a similar product AWS offers, there isn't much difference in scalability. The solution is able to accommodate all your requirements. I don't think I have ever reached a point where the solution couldn't scale to meet my needs. 

I deduct two points because you incur more costs as you increase usage, so it's more expensive when you have lots of logs flowing into the system. That is why I rate it eight. Otherwise, I don't see any technical issues there.

Azure's system could be more on point like AWS support. For example, if I have an issue with AWS, I create a support ticket, then I get a call or a message. With Azure support, you raise a ticket, and somebody calls back depending on their availability and the priority, which might not align with your business priority. 

I can't talk about Microsoft support generally, but I can speak to my experience specifically with Azure Defender support. I would rate it five out of 10. Maybe it's because this is a product that Azure is still developing on the side. I don't think they have made Azure Defender for Kubernetes available to the general public yet, so that could be why their support is not up to par. I don't know the reason, but I haven't had a good experience with the support.

It is just a POC, so I don't have many endpoints. The whole setup took three days for around 10 endpoints. They have an agent-based security system. It's always complex because you need to deploy the agent to all endpoints which is a lot of work to get it set up. 

We have still have not decided to implement Azure Defender because we are also trying out other products in the same line. Once the RFP process is finished, we will know which one we'll implement.

Azure Defender is definitely pricey, but their competitors cost about the same. For example, a Palo Alto solution is the same price per endpoint, but the ground strikes cost a bit more than Azure Defender. Still, it's pricey for a company like ours. Maybe well-established organizations can afford it, but it might be too costly for a startup. They should try some open-source tools. That's how it is today.

Compared to other products, Azure Defender's main advantage is native integration with all Azure services. If your company uses Active Directory and builds everything on Azure, you get it as a complete package. There's no need to buy another tool and set it up in your cloud environment. 

Everything is built into Azure, and if we go for cross-cloud development with Azure Arc, we can use most of the features. While it's possible to deploy and convert third-party applications, it is difficult to maintain, whereas Azure deployments to the cloud are always easier. Also, Microsoft is a big company, so they always provide enough support, and we trust the Microsoft brand. 

I rate Azure Defender eight out of 10. If you're looking for standard Azure Defender services like cloud posture management or application security, these features are all highly mature. Defender also has newer capabilities that they recently introduced, such as endpoint security, cross-cloud integration with Azure Arc, and Kubernetes runtime security. 

These are all new services, so potential users need to think twice before buying into it solely for these features because I don't think the support is there to encourage customers to buy the product. I don't feel confident about Microsoft's support in these particular areas. I would exercise caution before buying Defender for these particular use cases. 

It is our main solution for our Azure cloud infrastructure. We do about 1.1 million dollars in cloud spending every year. It's a quite big infrastructure and pretty much in our main system and we are planning on integrating with Microsoft Sentinel, which is going to be our SIM solution. Right now we don't use a Microsoft solution, however, Microsoft Sentinel is very complete and we're excited to dive into a POC. Right after I joined the company, that was one of the first things that I advised them to do and a couple of weeks later, we caught at least two big vulnerabilities that could have caused a catastrophic problem for our business. That's a true testament to the power of the tool.

The solution has improved how our organization functions. For example, the security score is the biggest improvement, as it's a compilation of all the results. That's where we have been doing established goals. When I joined the company and when we first implemented the product our secure score was about 35%. We are now sitting at 71%.

That gives us a clear direction as that's the most difficult issue. Azure is a complex solution. You have so many moving parts. If you say "I want to improve my security posture," it's hard to know where to start. That metric's going to give you an idea. You're going to take a look at your identity and access management strategy. You go there and you fix those issues.

Once that's done, you can take a look at your malware protection, so you see all the machines. You have the ability with this product. All of these actions compile percentages on a score and they drive up the score. That way, you know how good you're actually doing and how you can continue to progress.

We do a lot of mergers and acquisitions. One of the features that I like about the solution is it is both a hybrid cloud and also multi-cloud. We never know what company we're going to buy, and therefore we are ready to go. If they have GCP or AWS, we have support for that as well. It offers a single-panel blast across multiple clouds.

The most valuable aspect of the solution is visibility. You truly have visibility. That’s the first thing that you're going to have in the cloud.

The solution’s capabilities of assessment and real-time assessment is another big thing for us. In terms of remediation and capabilities, most of the time, I even have a quick fix, a quick button that I click and they're going to fix it for me, where they are going to provide me with everything that I need to do to fix that.

The main thing that I like about the tool is that Microsoft collects trillions of data points across their cloud and they leverage that threat intelligence to teach the machine learning AI-driven models to assess for security. We can even see across the cloud, and it’s so much better than going with a third-party product, where you don't have that advantage.

The solution has features that have helped improve our security posture. The security score is one of the biggest pluses. They do have a series of metrics that combine into a security posture score. Netsecure started giving me a good snapshot of where we are when it comes to security posture, and then we can drill down.

If you click on your secure score, you are going to be able to see why you have that calculated score. They have very good documentation surrounding how, for example, if you have 74%, why you do. You are going to be able to drill down and see where your weaknesses are and then you can address those items directly.

The compliance policy feature is great. They do offer support, such as PCIS. You have access and they can compare to your security posture and they can give you your score based on that, for example, how compliant you are with those tenders. That's another great aspect of the tool as well. That's all visual and on a dashboard.

The solution positively affected our end-user experience, however, not in any shape or even form that they can notice. They're getting all the benefits from it in the background. For example, security alerts are one of the main values about the users that I like. You have access to security alerts and those security alerts are giving you a real-time type of reading on how you are doing when it comes to threats. If there's something that can affect a user negatively, you have access to fix it before it becomes an issue. Therefore, while it has affected them positively, they never had to change anything that they're doing.

In the past, when you wanted to compile a list of resources that effected a vulnerability, it was kind of hard to do that. You had to use the graphic interface and write some queries for you to get that information from the Microsoft Graph API. Right now, with Microsoft Cloud Defender, they actually have that and you have access to that. Therefore, for me, it's pretty much a problem that has been solved. That was pretty much the only thing that I thought we could use. Then, yesterday, I saw that they included it. Therefore, as of now, I don't have any big issues with the product.

In the beginning, the score was shown using a points system. Now they made it into percentages, which is way better. It's hard to show you your C-level points. It required some explanation. For example, if you show them 2000 points, they're going to ask, "Okay, is this bad or good?" If you show them 75%, on the other hand, that they can understand. That's another thing that they made better as well.

Within this company, I've used the solution for about 10 months. I was also using the solution with my previous company for around a year and a half.

The product is pretty stable. The only thing that you've got to remember is that it takes some time. Some of the variabilities, for example, the remediation processes, when you apply them, it takes a bit. The remediation in order to count it has got to run the vulnerability assessment agent. Sometimes it takes a couple of hours for some resources. That said, it's pretty stable. I've never had any problems. It runs very well.

The scalability potential is one of the biggest aspects that I like, as it works with Microsoft, as an Azure back lane. As you add more subscriptions, all you have to do is just go and enable Azure Defender - in this case now, Azure Defender for all the consumer subscriptions that I have. That's it. It's free scale. It scales out very, very well. You don't have to do anything and you don't have to install anything on the Azure portal - it's already there. That said, you do have to deploy vulnerability agents, however, Azure does that for you due to the fact that the VMs are already being managed by Azure. You have all the security in place. It will deploy the agents and it's going to be seamless. You don't have any downtime either.

Right now, we have about 7,000 users. It's quite a good number, however, we are growing. We're adding companies every month. We're adding tons of companies and plan to expand usage as we grow.

I've been working with Microsoft technical support for more than 15 years. We have really good support, always. We do have an enterprise agreement with Microsoft, which makes support very easy. If you have Azure, you probably have an enterprise type of support. Every single interaction that I have had with them was pleasant. They were very, very precise and effective. We've had no problems.

We never had a different cloud solution. For us, choosing this solution right off the bat was a no-brainer.

The initial setup is very straightforward. It comes with the free version. It's out-of-the-box and already enabled for users for the most part. It gives you just a little bit of visibility, so you have to go with the paid version and the cost is not that bad. 

It's pretty much diluted into your Azure bill. It is totally worth the price. You basically go to the portal and choose the option and just enable online subscriptions and give it some time so that it can gain visibility. After that, it's going to deploy the agents. It takes 24 to 48 hours. After that, you're going to have tons of visibility and data coming back. It's pretty straightforward, very simple to set up. For me to roll out was about an hour tops.

You do not need a big maintenance team. I'm an architect and I'm also a very hands-on type of engineer. In most cases, I would say it's good to have at least two people especially if you have a global infrastructure. That way, you can have people in different time zones, such as Europe central time, for example, and in US Eastern time. For most aspects you have auto-remediation and you have automation that you can implement, which is great. I would say that two people would be ideal to manage the solution, especially for the remediation process. With the remediation process, you can engage other people from other teams as you're going to have to talk to the operations guys to say, "Guys, you've got to fix this, this is a liability." Therefore, two people dedicated to Azure would do it. It doesn't need to be dedicated to security, to Defender in this case.

I was reading some studies that the ROI is 200%. It's really good, due to the risk prevention and threat remediation processes.

I like the licensing due to the fact that it's simple. In terms of pricing, there's a very good ROI. The ROI is pretty great, and everything is diluted into your overall Azure costs. It's not a product that you buy, it's a contract. If you want to stop using it, you can stop. It's an on-demand type of product. I like that as well. 

It's very cost-effective if you compare it to other products, especially if you want to combine other features from a licensing standpoint. You're going to spend a lot of money if you try to implement various other options.

We do have some security, other security that is still in place. For example, we work with CrowdStrike. We work with a team solution. We have another team solution, which is not an apples-to-apples comparison. What Azure center does is very specific. It's very large. For us to do the same thing with any other security solutions out there, would mean we're going to spend a lot of money. Azure does not have competition per se. You would have to onboard tons of other products to do the same thing that they do. It's also simpler than the other solutions. The orchestration features that you have access to are great. It doesn't make a lot of sense to combine several other solutions and try to protect all your resources.

I am just a customer and an end-user.

I'm using the latest version of the solution, which is now the Microsoft Cloud Defender. They just changed the name of the product. They combined Azure Security Center and Azure Defender into Microsoft Cloud Defender and that's the version that I'm using.

For now, we are cloud-only, however, we have plans to enroll our on-prem devices as well, including servers, especially through Azure Arc and we are also looking at Azure Sentinel. We are going to have a complete ecosystem, similar to a Microsoft XVR, truly for our Cloud environments.

I was working with Sentinel in the past with my previous company, however, I was not able to fully roll out the product. Here, we're planning on having a Microsoft partner that's going to help us to onboard our Azure infrastructure and Sentinel, however, we are going to be enrolling a POC first.

I would advise other potential users that they need this, absolutely. If they have Azure, they need this. It's going to give them the visibility and the remediation capabilities that they're looking for and it's going to make them aware of issues that they are not even seeing. 

If a company has resources exposed to the outside, chances are that people are trying to get in. I'm catching people every single day trying to get in. It's really amazing what you see when you have visibility. Businesses that bring this on really need to involve the team. It's got to be a team project. Everybody's got to be playing on the same team. That way, a company can make sure they have effective implementation.

I would say, a company has got to watch very carefully the recommendations and the security alerts, especially recommendations, which is pretty much what's going to drive the score up and increase the positive security posture.

The alerts are going to give them real-time insight, like a temperature reading on security, including what's happening, who's trying to get in, who reports or attacks you and weren't successful, and how many times did they try? What kind of accounts did they use? Recommendations are going to help you look for activity and the security alerts are going to help you with the reactivity. You can react to events that are happening, however, you can't remediate issues that haven't happened yet. 

Overall, I would rate the solution at a ten out of ten. I'm a big fan. It makes my life way easier and gives me some peace of mind so I can sleep at night better.