Microsoft Defender for Cloud Reviews

We use it to manage the overall compliance of our products.

It helps you to identify the gaps in your solution and remediate them. It produces a compliance checklist against known standards such as ISO 27001, HIPAA, iTrust, etc.

Customizing some of the compliance requirements based on individual needs seems like the biggest area of improvement. There should be an option to turn specific controls on and off based on how your solution is configured.

I have been using this solution for five or six years. We have been working with it pretty much since it came out.

It is a great product. The new security features that emerge in Microsoft products can sometimes be difficult to track. It automatically flags when you don't have what you probably should have.

It is very scalable. We are a small organization with less than 10 people, and at least half of those people are in the solution at any given point in time.

Microsoft's tech support is decent. I would rate them a four out of five. We're currently dealing with a ticket mostly on the billing side, and it has been open for over a month, so I'm not going to give them a stellar rating. I feel they should have figured this out a long time ago, but they've resolved technical issues relatively quickly.

It was very easy. It was there by default. It basically turned itself on, and then they gave you a default thing. 

In terms of maintenance, typically, there is one person in there, probably per week, looking at the compliance and things that they can do to improve the bar.

It was included with the product. We looked at other solutions, but this was the most comprehensive and cost-effective one.

I would rate Azure Security Center a nine out of 10.

Our use case for the solution is focused on cost management and security in a multi-cloud environment. We use it alongside solutions like SIEM tools and deploy it as part of a broader security strategy.

The platform has improved our security posture by providing comprehensive threat detection and response capabilities. It helps in managing security across various environments effectively. However, we occasionally encounter issues when on-site products conflict with this solution.

The product's most valuable features offer the latest threat detection and response capabilities. These features are crucial for our SMB customers, especially given the high inflation in Turkey, which impacts cost considerations.

The product's advanced analytics and reporting features could be improved.

I have been using Microsoft Defender for Cloud for about three to four years.

The product performs reliably across various environments.

The platform's scalability is excellent. It is well-suited for both small and large organizations.

The support team is responsive and offers valuable assistance.

Positive

The initial setup can vary in complexity depending on the existing environment and the number of users. It's relatively straightforward for smaller setups, but larger deployments can be more complex.

We handle the deployment and integration ourselves.

The solution's ROI is positive, given its comprehensive security features and integration capabilities, which justify the investment.

The product's pricing policy is generally favorable.

We evaluated other options, but Microsoft Defender for Cloud was chosen for its strong integration with other Microsoft products and comprehensive feature set.

The solution is robust, but staying updated with the latest features and best practices is crucial to maximize its benefits.

Overall, I rate it a nine out of ten. 

We use Defender for network security.

Defender for Cloud is easy to use and enables us to automate routine security tasks. We save a few hours each week. Defender's single dashboard helps us centrally manage security operations and detect threats faster.

Defender is user-friendly and provides decent visibility into threats. We use multiple solutions in the Microsoft security suite, including Sentinel and Defender for Endpoint. They integrate smoothly to offer coordinated detection and response. 

Sentinel ingests data from our entire environment, allowing us to manage everything from one place. We don't need to go to multiple places to find information. Sentinel's capabilities are quite comprehensive.

Microsoft Defender could be more centralized. For example, I still need to go to another console to do policy management. 

I have used Defender for Cloud for two years. 

I rate Microsoft Defender an eight out of ten for stability. It's highly stable.

Microsoft Defender is scalable. 

I rate Microsoft support an eight out of ten. It isn't too bad. 

Positive

Setting up Microsoft Defender is straightforward. It took us around a month to get it fully deployed. Most of the implementation consisted of onboarding. It doesn't require much maintenance after deployment because it's a cloud solution.  

I don't think we've saved more money than we've spent. Defender is expensive, but we might see a return in the long run. 

I rate Microsoft Defender a three out of ten for affordability. The price could be a little lower. 

I rate Microsoft Defender for Cloud an eight out of ten. Getting all your security solutions from a single vendor makes things easier to manage. However, the Microsoft security suite is quite expensive.

We had multiple use cases at my previous company. I changed companies during their implementation stages of this solution. From what I saw, the solution has a good use case for SIEM.

It helped improve my previous organization's security posture. Their previous solution was running separately in each region. That has now been centralized by moving to the cloud. This was a huge change for their operations because they used to have multiple vendors managing their SIEM. Now, that has been consolidated under a single vendor. This consolidation has improved response times.

We saw improvement from a regulatory compliance perspective due to having a single dashboard.

I felt that there was disconnection in terms of understanding the UI. The communication for moving from the old UI to the new UI could be improved. It was a bit awkward.

I have been using Azure Security Center for five to six years. I was using it as my previous organization up until six months ago.

The stability was good.

The solution was very much scalable.

Overall, there were around 150,000 users beginning to use it at the organization.

We didn't use technical support directly from Microsoft. We used the third-parties' support.

We were previously using multiple solutions that integrated with SAP. For example, one region would be running QRadar and another region would be using Symantec. Each region of the company was just running it in silo mode off their internal Exchange. As part of centralizing a global solution, we chose to go with Azure Security Center, because our on-prem solution was not really working for us. This is why we started using Azure Security Center.

The initial setup was easy; it was not complex.

The deployment took a month.

The transition went well. I didn't see any challenges.

The setup was done by a third-party vendor, Fujitsu, who was very good. There was also another vendor, Microland, who had good knowledge and helped us with building it.

Not too many people were needed for the transition between solutions. I am unsure of the number of people needed because multiple activities were being run during the process, e.g., SharePoint migration.

The solution helped out management a lot. It reduced about 50% of the time needed to spend on this after implementation.

The organization saved money by consolidating into one solution instead of two or three. 

Microsoft's licensing and pricing are sometimes complicated. If someone is new to Microsoft's licensing, they might have difficulty with it.

We might have looked at other competitors. However, Azure Security Center was attractive because of its licensing, which was packaged with the Office 365 licensing, as well as the fact that it is a single solution.

I liked the centralization that it offered. However, I am cautious about the licensing part because I am unsure how you would manage the solution if it wasn't bundled.

When we started, our team didn't make a clear roadmap, which slowed us down. I recommend that you clearly define your roadmap before getting started.

The solution is very good. I would rate it as eight out of 10.

I work as a SOC manager. We use it for incident security, incident monitoring, threat analysis, and looking at remediation or suppression.

Most use cases that come from Microsoft are all automated. Even before any manual effort, the tool is designed in such a way that it just does the threat analysis. It gives us exactly what the incident alert is all about: 

• The priority
• The threat 
• The impact
• The risk
• How it can be mitigated. 

Those are the key features of this particular tool.

The solution has features that have definitely helped improve our security posture.

One important security feature is the incident alerts. Now, with all these cyberattacks, there are a lot of incident alerts that get triggered. It is very difficult to keep monitoring everything automatically, instead our organization is utilizing the automated use case that we get from Microsoft. That has helped bring down the manual work for a lot of things. The automation tool does the following (when human interaction is needed): 

• Identifies what kind of an alert is it. 
• Whether we have to dismiss it. 
• When we need to take any action so the team can do it appropriately. 

This is one of its key benefits.

It is easy to use based on my experience. If a newcomer comes in, it is just a matter of time to just learn it because it is not that difficult.

Most of the time, we are looking for more automation, e.g., looking to ensure that the real-time risk, threat, and impact are being identified by Microsoft. With the Signature Edition, there is an awareness of the real risks and threats. However, there are a lot of things where we need to go back to Microsoft, and say, "Are you noticing these kinds of alerts as well? Do we have any kind of solution for this?" This is where I find that Microsoft could be more proactive.

I have been using it for more than nine years.

We have not had issues with tool usage or any hiccups.

There are certain glitches, which are areas of improvement, thus we continuously keep working with Microsoft. Microsoft does acknowledge this, because it's a learning experience for Microsoft as well. They always expect feedback and improvements on their tools, as it is a collaboration effort between Microsoft and the client.

I work for an organization with more than 50,000 users. Under security alone, we have 5,000-plus users. On my team, we have around 400 people who are looking at it.

There are different roles in the company: project management, security operations (the red and blue teams), and pen testing. I lead a security operations center team, where we have L1, L2, L3, and L4 capabilities. All these come under the same umbrella of the security operations center, and they are all rolled up to the Chief Information Security Officer as part of security. 

An ongoing improvement for both Microsoft as well as for my organization: We need to work together. Sometimes, the solution doesn't work so we reach out to Microsoft Enterprise support for any help or assistance. If there is any feedback or improvement, then we work together, but they definitely have helped most of the time.

There are certain gray areas. We constantly work with Microsoft to notice whether there is something that only we, as a client, face. Or, if there are other clients who have the same kind of situation, issues, or scenarios where they need help. 

I would rate Azure Security Center anywhere between five to six out of 10. Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time.

We use Microsoft Defender and Splunk. We primarily went with Azure Security Center because of client requirements.

The initial setup is pretty easy and straightforward. 

To deploy just Azure Security Center, it took three to four hours. However, there are a lot of things that it depends on.

Different clients have different requirements. If the client says, "We are using Azure Security Center. We want to use Microsoft technology or products." We will go with that. There are clients who are using Cisco products as well. 

The solution architect usually designs it, taking into consideration the initial setup guide, playbook, and documentation. 

We don't use consultants for the deployment.

It has global licensing. It comes with multiple licenses since there are around 50,000 people (in our organization) who look at it.

For organizations who have an on-prem environment and are planning to move to a cloud-based solution, Azure Security Center is definitely one of the best tools that they can use. Year-over-year, I can see a lot of differences and improvements that Microsoft has definitely implemented, in terms of risk analysis, threat impact, and risk impact.

Most of the time, for any action that is performed within an organization or environment, if there is a risk or threat analysis, it is the security operation center who gets to know about it. The end user doesn't get affected at any cost unless there is a ransomware or cyberattack.

I wouldn't say that this is the only tool or product that has helped us out. There are a lot of technologies that Microsoft has come up with, which all together have made a difference. From a score of one to 10 for overall security, I would rate Azure Security Center somewhere between a seven to eight. This is not the only tool that my team depends on. There are other tools, but in terms of threat analysis and threat impact, this particular tool has definitely helped us.

We use a lot of Microsoft technologies, not only Azure Security Center. Apart from Azure Security Center, we use the playbook. We are also moving forward with Azure IoT Central and Log Analytics, which is a SIEM tool. So, I have Azure Security Center, Azure Advanced Threat Protection, Windows Defender, Log Analytics, and Azure IoT Central. 

Using Azure Security Center, there are a lot of things that get automated. So, I am not dependent completely on Azure Security Center. It is a collaboration of different tools and technologies to achieve the end result. That is why I am saying seven to eight out of 10, because I am not dependent on a particular tool. It is also one of the tools that is definitely helpful for checking risk analysis, but there are other tools as well.

I would rate Azure Security Center as seven to eight of 10. If you talk about Microsoft products, I would rate it anywhere between eight to nine out of 10.

We are working for a major client in the UK. So, we are moving all the products of clients from their on-premises environment to the cloud. One of the biggest challenges we face, “Once the infrastructure is created in the cloud, how can we make sure that the infrastructure is secure enough?” For that purpose, we are using Azure Security Center, which gives us all the security loopholes and vulnerabilities for our infrastructure. That has been helpful for us.

We use the Azure Security Center to scan the entire infrastructure from a security point of view. It gives us all the vulnerabilities, observations, etc. It reports most of the critical issues.

From an organization or security audit point of view, there are few tools available in the market. The output or score of Azure Security Center has really helped the organization from a business point of view by showing that we are secure enough with all our data, networks, or infrastructure in Azure. This helps the organization from a business point of view to promote the score, e.g., we are secure enough because this is our score in Azure Security Center.

We are using it from a security point of view. If there is a threat or vulnerability, the solution will immediately scan, report, or alert us to those issues.

We are using most of the good services in Azure:

• The load balancing options
• Firewall
• Application Gateway
• Azure AD. 

I value Azure Security Center the most from a security point of view. Everybody is concerned about moving data or infrastructure to the cloud. This solution proves that we are secure enough for that infrastructure, which is why I really value the Azure Security Center. We are secure in our infrastructure.

This is a platform as a service provided by Azure. We don't need to install or maintain Azure Security Center. It is a ready-made service available in Azure. This is one of the main things that we like. If you look at similar tools, we have to install, maintain, and update services. Whereas, Azure Security Center manages what we are using. This is a good feature that has helped us a lot.

From a business point of view, the only drawback is that Azure or Microsoft need to come up with flexible pricing/licensing. Then, I would rate it 10 out of 10.

We have been using it in production for the last three years. I have been part of the cloud migration team for Azure Cloud for the last two years.

We started using Azure Cloud from the initial version. Every week or month, there are updates in Azure. For the last three years, we have been using the latest version.

Whenever we increase the number of our resources, Azure Security Center easily copes with it. Since this is a ready-made service, it will automatically scale.

We are working with around 100 to 150 major clients in the UK. Each client has 200 to 500 users.

From an overall infrastructure point of view, we have a five member team.

We are getting adequate support and documentation from Microsoft. We are a Premium customer of Microsoft, so we are getting support in terms of documentation and manual support.

We were using this service from the onset.

This is a PaaS service. It is a ready-made service available in Azure Cloud. It is very easy to use and set up because you are using the platform. We don't want to maintain this service from our end. 

There are different models when it comes to the cloud:

• Infrastructure as a service
• Platform as a service
• Software as a service.

We are using sort of a hybrid, both infrastructure as a service and platform as a service. 

We are using our own team for the deployment.

We consume or subscribe to the service. Azure takes care of the maintenance and deployment, and we don't need to worry about it.

We are securing our customers' infrastructure using Azure Security Center. That internally helps their overall organization meet their goal/score on security.

So far, the feedback from the customer and our team have been really positive. We are very happy and getting return on investment from this product.

Its pricing is a little bit high in terms of Azure Security Center, but the good thing is that we don't need to maintain and deploy it. So, while the pricing is high, it is native to Azure which is why we prefer using this tool.

One of the main challenges that we have been facing with Azure Security Center is the cost. The costs are really a complex calculation, e.g., to calculate the monthly costs. Azure is calculating on an hourly basis for use of the resource. Because of this, we found it really complex to promote what will be our costs for the next couple of months. I think if Azure could reduce the complex calculation and come up with straightforward cost mapping that would be very useful from a product point of view.

Other than Azure Security Center, we did not find a single tool which could analyze all our infrastructure or resources in Azure Cloud.

We were mainly looking for products or tools native to Azure. The other tools that we evaluated were not native to Azure. Azure Security Center is natively attached to Azure. Because other tools were not natively supporting Azure, then we would have to maintain and deploy them separately.

So far, we have received very positive feedback from the team and customers. Because it is a single tool where we list all the problems or vulnerabilities, we are happy as a team. The customer is also happy.

End users are not interacting with Azure Security Center. This is a back-end service that evaluates security.

There are no other good tools in Azure, other than Azure Security Center, which will evaluate and alert you to security vulnerabilities and threats. So, if somebody is really concerned about the security of their infrastructure in Azure, I suggest you use Azure Security Center. The features that it provides from a security point of view are amazing.

I would rate the product as a seven or eight (out of 10) because it is really helping us to improve our security standards.

We use Microsoft Defender for Cloud security, including endpoint detection and response, and user monitoring. We utilize every feature and functionality that Defender provides.

The threat detection capabilities of Microsoft Defender for Cloud have positively impacted our overall security posture. We can sleep soundly at night knowing that it is causing the system.

The most valuable features are the monitoring of users, endpoint detection and response, and the adaptability of the AI threat intelligence engine, which quickly adapts to customizations.

The pricing could be better. Additionally, while Microsoft Defender for Cloud adapts well to customizations, it does generate a lot of false positives if the agent is not running. We would also appreciate portion management specifically for Microsoft 365.

We have been working with Microsoft Defender for Cloud for three years.

Most of the features are in preview, which sometimes causes issues, but overall, it works well.

Microsoft Defender for Cloud is highly scalable. We have not faced any challenges with scalability.

Microsoft's documentation is very comprehensive, resolving 95% of issues. Thus, we haven't had much need to engage their support team. The documentation is sufficient for resolving most issues.

Positive

We handled the installation in-house with a team of two engineers.

The solution is subscription-based, and while it is generally affordable, there are often hidden costs. The overall pricing could be more competitive.

I highly recommend the product due to its comprehensive features and easy management, especially if your stack is on Microsoft. I'd rate the solution eight out of ten.

We use Microsoft Defender to scan for vulnerabilities related to any container or server in the cloud environment in Azure. Microsoft Defender suggests recommendations and security alerts according to the default framework. We can also use other frameworks like ISO benchmarks to assess our infrastructure and get recommendations on what can be fixed.

The solution is deployed on a public cloud, and Azure is the cloud provider.

We use Microsoft Defender for Cloud to natively support Azure.

We are resellers. We customize the solution and sell it to clients.

The solution has improved our organization in terms of benchmarking. Our Secure Score has improved a lot, and we're compliant with particular benchmarks.

The single-pane-of-glass view gives us the Secure Score in a single dashboard. It shows us all of the collective resources we have, including what is on-premises and on the cloud. It's a single graphical representation and a unified view that we can customize according to the client. We can adjust the Secure Score dashboard to show whatever the client wants to see. It can show the Secure Score, security alerts, and compliance score. The compliance score shows how compliant the environment is.

Our current security posture is a combination of the benchmark plus Zero Trust. We have a set of policies in Zero Trust that covers all six layers of the cloud, like the identity network, infrastructure, applications, endpoint, and end data. It's structured to cover every aspect of the cloud using the customized policy in Microsoft Defender.

The solution has improved our Microsoft Security Score a lot. 

Microsoft Defender is set to scan the virtual machines, SQL databases, and private endpoints every 30 minutes. For some of them, we just clicked "quick fix" and it created a private endpoint instantly and showed that it was rectified. Those quick fixes were instantaneous.

For our response time, critical findings take approximately two days while medium findings take three to seven days.

The solution has increased our efficiency.

The security policy is the most valuable feature for us. We can go into the environment settings and attach any globally recognized framework like ISO or any benchmark. We can also use our customized benchmark, like Zero Trust, if we want to implement it.

We can deploy different net agents on the on-premises assets, and Defender will scan those on-premises resources and give us recommendations to fix them.

The solution gives us recommendations to enable a DDoS protection plan on our virtual network. Right now, the DDoS, enforcing MFA, and conditional access policies make our organization more secure.

It's a good tool for keeping multi-cloud infrastructure and cloud resources secure. It's a market leader right now.

Right now, the solution covers a limited set of resources. If taken into scope, it will improve more.

After getting a recommendation, it takes time for the solution to refresh properly to show that the problem has been eliminated. 

Sometimes we'll receive a recommendation, but the problem still won't be fixed. This could be due to end-of-life machines. If the solution isn't properly refreshed, we need to wait for two or three days to remove those recommendations. Sometimes we have to reach out to Microsoft to check why the problem hasn't been fixed after following the recommendations.

For example, after a recommendation about AML files, it didn't show that the fix had been applied even though it was. It took more than four days to show that the fix had been applied. 

There are some policies that we're not able to use due to some business justifications. For instance, the storage account should be private, but it's public because a third party is interacting with that storage account and we can't limit the public access because there is no whitelisting available in terms of IPs.

I have used this solution for three years.

It's scalable, but it's an additional cost to increase the scalability.

I would rate the technical support a seven out of ten. They respond quickly and give us detailed information.

Neutral

We have also used CSPMs and other tools, but there were some limitations there. Defender gives us more customization in terms of frameworks, which is why we chose it.

The initial setup was straightforward. It took one day. We used two full-time team members for deployment. 

We deployed the solution in-house and designed the architecture.

This solution saved us money.

There are two different plans. We're using the secure basic plan, but we have used the end security plan as well. There are additional costs, but it gives us more functionalities compared to the basic plan. It provides threat detection and integration capabilities. We have not enabled that due to the cost, but it's a possibility.

I would rate this solution an eight out of ten. Using this solution gave us confidence.