Microsoft Defender for Cloud Reviews

The primary use case for Microsoft Defender for Cloud in our organization is investigating breach or security incidents.

Defender for Cloud has improved our security posture by 20 to 30 percent. With everybody moving to hybrid, it's challenging to maintain a good security posture with so many people working from home. I'm impressed with the solution's coordinated detection and responses across devices, identities, apps, emails, data, and cloud workloads. That's why we're considering using Defender in more areas and integrating it more.

I find Microsoft Defender for Cloud's KQL very flexible and powerful. It's really easy to search through with KQL queries to find the security breaches and incidents and to track down the breach itself. Microsoft Defender for Cloud presents a prioritized list of remediation for security issues, giving us a starting point to begin locking things down and tightening security.

I can't think of anything that needs improvement. It's a pretty good product.

I have been using Microsoft Defender for Cloud for the last year.

Defender's stability has been flawless for us. I haven't noticed any issues.

It's great. It seems perfectly scalable.

I would rate Microsoft customer service and technical support 10 out of 10. They seem quick to respond and get us the answers we need, taking a hands-off approach to helping us integrate.

Positive

I previously used other antivirus products like Kaspersky. Microsoft Defender for Cloud is preferred because it offers cloud ability and is a more trusted partner in the industry.

We used a consultant for the implementation, and the experience was good. No complaints.

Our return on investment is seen through increased productivity. I'm able to get more done with less time.

I evaluated other antivirus products like Kaspersky before switching.

I would rate Microsoft Defender for Cloud a ten. Having this solution alleviates the need to worry about other antivirus products, offering a one-stop solution.

We are using the tool for checking for vulnerabilities over my website for my own personal purpose and within my corporate role. This is also a tool that we have deployed. In terms of usage, it's much more related to reporting and vulnerability management rather than setting up from an organizational perspective.

From an efficiency perspective, it has helped with reporting and the self-service availability of security postures.

The most valuable feature for me is the variety of APIs available. Additionally, the suggestions I get from Defender for security levels and recommendations on how to upgrade my security level are very appreciated.

I recommend that they extend the scope for legacy infra assets.

I have been working with it for more than a year now.

I rate the stability an eight out of ten.

There are no complaints about scalability, and I rate it an eight out of ten.

I rate customer support a nine out of ten. The support team was very responsive to queries.

Positive

Rating the setup, I would give it a six out of ten. The setup process took about two to three days due to waiting on support replies.

I had a support team to help with some of the setup aspects, and they were very responsive.

It's difficult to say because the volume of vulnerabilities and threats has increased, making it tough to compare efficiency between usage before and after implementation.

I don't have visibility into the specific costs, but it seems to be a significant concern for our organization. Every time we consider expanding usage, we carefully evaluate the necessity due to cost concerns.

I am familiar with Dataiku and Databricks, and we use SailPoint in conjunction.

Users must first understand the list of assets they have and whether there is out-of-the-box connectivity with them.

I'd rate the solution seven out of ten.

Defender for Cloud is used for scenarios, including internal threats, threat hunting, in-depth analysis, and scanning the environment. We don't use Microsoft Defender for ATP or Sentinel for our security score, we have a third-party solution.

Defender helps us evaluate our security posture and make it more secure by providing a wider overview of endpoint security and anti-malware technology. We have greater visibility into all the activity happening within the infrastructure and better oversight.

It helps us catch threats that we wouldn't have noticed and also enables us to be more proactive. For example, we can run a script within the environment and provide better insights. Defender increased the efficiency of our SOC by around 65 to 80 percent.

At my previous company, the environment was 100% cloud, so having a cloud-native solution was critical. Also, in a cloud environment, you are exposed to many users with different user behavior patterns also, so it's good to have UEBA features that look at patterns in user behavior.

The unified portal provides a gap analysis of what's going on across the environment with users, and what they do across the environment every day. Having that single pane of glass is essential.

Defender is occasionally unreliable. It isn't 100% efficient in terms of antivirus detection, but it isn't an issue most of the time. It's also somewhat difficult to train new security analysts to use Defender.

I used Microsoft Defender for two years at my previous company.

Defender for Cloud is stable.

Defender for Cloud is scalable. It's easy to use and manage for large environments.

When I joined my last company, they were already using Defender. However, I've worked at several companies that use other solutions such as ESET, CrowdStrike, etc. I've previously worked with EDR and XDR solutions. 

I've done a couple of POCs for Microsoft Defender with the company, and the process is always the same. We don't deploy everything into live environments. It is deployed to a testing environment. After we test a couple of times, we undergo a complete training process. Finally, we organize and deploy it to a section of the company. We usually deploy one segment at a time, like finance, marketing, etc. 

If you have ATP Defender, you must set up a data lake. After deployment, there isn't much maintenance on our end besides managing the logs. You must create scripts for your use cases to inject into the solution. The deployment team typically consists of two people from security, two from infrastructure, and the service desk manager. 

I don't typically handle the licensing. I do POCs and product evaluations. However, I know that Defender for Cloud is packaged with other Microsoft solutions. Most people with Defender ATP also have the E5 or F5 license. It comes with the package, so you only need to activate and configure the solution.

I rate Microsoft Defender for Cloud a seven out of ten. Most of the time, it isn't the most advanced antivirus software on the market. It isn't a highly complex solution. It's something that a lot of analysts can use. Defender gives you a broad overview of what's happening in your environment, and it's a great solution if you're a Microsoft shop. 

For example, the customer wants to restrict USB connections or any output device, or they want to verify any link they open before opening it in their real environment. Mostly, they replace the current security tool they are using, such as Kaspersky, with Defender for Cloud because it integrates well with Office 365.

The biggest advantage is it centralizes management. Customers do not have to manage different vendor products. They feel confident using Microsoft because of the long-recognized technology and detailed technical documentation available online.

The valuable features include the ability to manage devices and the fact that Defender can replace other security tools like SCCM. Since they use Office 365, they need tools that work better in their organization, such as M365 Defender for Cloud.

There are challenges with the licensing policies, which are quite complicated. The documentation is difficult to understand and resellers need proper training to support customers effectively. Microsoft should provide better training for resellers.

I have been working with Defender for Cloud for more than five years.

It is quite stable. It doesn’t have significant stability issues. I would rate it an eight for stability.

I am not the one using it directly yet I haven't heard any complaints, so I would rate it a five.

Working with Microsoft technical support can be challenging. The problem-solving process can be delayed, and not all issues get resolved promptly. If there are ten tickets, maybe only five or six get resolved satisfactorily.

Neutral

Customers are replacing security tools like Kaspersky, Symantec, or Broadcom to use Defender for Cloud because it integrates seamlessly with Office 365.

The initial setup is not very easy yet it is manageable. It is not too difficult for those familiar with the product. It is a medium-complexity setup.

The implementation should be handled by the reseller. Resellers need proper training from Microsoft as the documentation is complicated.

In Vietnam, the cost structure makes it expensive. The licensing is priced publicly on the Microsoft website and it adds up based on the number of users.

The cost is expensive for the Vietnamese market. It is publicly available on the Microsoft website, and the pricing depends on the number of users.

Organizations should ensure resellers are well-trained to support the new technologies. Proper documentation and support are crucial.

I'd rate the solution seven out of ten.

We are working for a major client in the UK. So, we are moving all the products of clients from their on-premises environment to the cloud. One of the biggest challenges we face, “Once the infrastructure is created in the cloud, how can we make sure that the infrastructure is secure enough?” For that purpose, we are using Azure Security Center, which gives us all the security loopholes and vulnerabilities for our infrastructure. That has been helpful for us.

We use the Azure Security Center to scan the entire infrastructure from a security point of view. It gives us all the vulnerabilities, observations, etc. It reports most of the critical issues.

From an organization or security audit point of view, there are few tools available in the market. The output or score of Azure Security Center has really helped the organization from a business point of view by showing that we are secure enough with all our data, networks, or infrastructure in Azure. This helps the organization from a business point of view to promote the score, e.g., we are secure enough because this is our score in Azure Security Center.

We are using it from a security point of view. If there is a threat or vulnerability, the solution will immediately scan, report, or alert us to those issues.

We are using most of the good services in Azure:

• The load balancing options
• Firewall
• Application Gateway
• Azure AD. 

I value Azure Security Center the most from a security point of view. Everybody is concerned about moving data or infrastructure to the cloud. This solution proves that we are secure enough for that infrastructure, which is why I really value the Azure Security Center. We are secure in our infrastructure.

This is a platform as a service provided by Azure. We don't need to install or maintain Azure Security Center. It is a ready-made service available in Azure. This is one of the main things that we like. If you look at similar tools, we have to install, maintain, and update services. Whereas, Azure Security Center manages what we are using. This is a good feature that has helped us a lot.

From a business point of view, the only drawback is that Azure or Microsoft need to come up with flexible pricing/licensing. Then, I would rate it 10 out of 10.

We have been using it in production for the last three years. I have been part of the cloud migration team for Azure Cloud for the last two years.

We started using Azure Cloud from the initial version. Every week or month, there are updates in Azure. For the last three years, we have been using the latest version.

Whenever we increase the number of our resources, Azure Security Center easily copes with it. Since this is a ready-made service, it will automatically scale.

We are working with around 100 to 150 major clients in the UK. Each client has 200 to 500 users.

From an overall infrastructure point of view, we have a five member team.

We are getting adequate support and documentation from Microsoft. We are a Premium customer of Microsoft, so we are getting support in terms of documentation and manual support.

We were using this service from the onset.

This is a PaaS service. It is a ready-made service available in Azure Cloud. It is very easy to use and set up because you are using the platform. We don't want to maintain this service from our end. 

There are different models when it comes to the cloud:

• Infrastructure as a service
• Platform as a service
• Software as a service.

We are using sort of a hybrid, both infrastructure as a service and platform as a service. 

We are using our own team for the deployment.

We consume or subscribe to the service. Azure takes care of the maintenance and deployment, and we don't need to worry about it.

We are securing our customers' infrastructure using Azure Security Center. That internally helps their overall organization meet their goal/score on security.

So far, the feedback from the customer and our team have been really positive. We are very happy and getting return on investment from this product.

Its pricing is a little bit high in terms of Azure Security Center, but the good thing is that we don't need to maintain and deploy it. So, while the pricing is high, it is native to Azure which is why we prefer using this tool.

One of the main challenges that we have been facing with Azure Security Center is the cost. The costs are really a complex calculation, e.g., to calculate the monthly costs. Azure is calculating on an hourly basis for use of the resource. Because of this, we found it really complex to promote what will be our costs for the next couple of months. I think if Azure could reduce the complex calculation and come up with straightforward cost mapping that would be very useful from a product point of view.

Other than Azure Security Center, we did not find a single tool which could analyze all our infrastructure or resources in Azure Cloud.

We were mainly looking for products or tools native to Azure. The other tools that we evaluated were not native to Azure. Azure Security Center is natively attached to Azure. Because other tools were not natively supporting Azure, then we would have to maintain and deploy them separately.

So far, we have received very positive feedback from the team and customers. Because it is a single tool where we list all the problems or vulnerabilities, we are happy as a team. The customer is also happy.

End users are not interacting with Azure Security Center. This is a back-end service that evaluates security.

There are no other good tools in Azure, other than Azure Security Center, which will evaluate and alert you to security vulnerabilities and threats. So, if somebody is really concerned about the security of their infrastructure in Azure, I suggest you use Azure Security Center. The features that it provides from a security point of view are amazing.

I would rate the product as a seven or eight (out of 10) because it is really helping us to improve our security standards.

I have a highly specific use case for Azure Defender, so I don't think I've used most of its features. We primarily use it to secure Kubernetes clusters in other cloud environments. For example, I have Kubernetes in Amazon AWS, and we're trying out Azure Defender to protect those Kubernetes clusters.

We also use Defender to scan the image repositories held in Azure Container Repository or ACR. We use Defender plus Azure ARC and Windows Defender. All three products work in conjunction to give us some security insights into our cluster.

We haven't fully implemented Azure Defender yet. Right now, we're at the POC stage. However, if people have a genuine use case, they should see its value, especially because of its cross-cloud compatibility. I don't think any other tool provides the same cross-cloud compatibility as Azure Defender combined with Arc, so that's a significant selling point for this product.

The security scorecard is something I find helpful. It tells me what's missing and identifies new vulnerabilities inside my registries. Once I publish the image, the scorecards automatically update. I don't need to constantly run a security scan for my images because the scorecards are updated by Azure periodically. That makes my job easier.

I haven't been using Azure Defender for long. It's been around three months. 

Overall, Azure Defender's availability is excellent. However, the Kubernetes security is a new offering that is still under development, so the service's availability and support are not mature at this point and definitely need improvement.

I rate Defender's scalability about eight out of 10. If you compare Azure Defender to a similar product AWS offers, there isn't much difference in scalability. The solution is able to accommodate all your requirements. I don't think I have ever reached a point where the solution couldn't scale to meet my needs. 

I deduct two points because you incur more costs as you increase usage, so it's more expensive when you have lots of logs flowing into the system. That is why I rate it eight. Otherwise, I don't see any technical issues there.

Azure's system could be more on point like AWS support. For example, if I have an issue with AWS, I create a support ticket, then I get a call or a message. With Azure support, you raise a ticket, and somebody calls back depending on their availability and the priority, which might not align with your business priority. 

I can't talk about Microsoft support generally, but I can speak to my experience specifically with Azure Defender support. I would rate it five out of 10. Maybe it's because this is a product that Azure is still developing on the side. I don't think they have made Azure Defender for Kubernetes available to the general public yet, so that could be why their support is not up to par. I don't know the reason, but I haven't had a good experience with the support.

It is just a POC, so I don't have many endpoints. The whole setup took three days for around 10 endpoints. They have an agent-based security system. It's always complex because you need to deploy the agent to all endpoints which is a lot of work to get it set up. 

We have still have not decided to implement Azure Defender because we are also trying out other products in the same line. Once the RFP process is finished, we will know which one we'll implement.

Azure Defender is definitely pricey, but their competitors cost about the same. For example, a Palo Alto solution is the same price per endpoint, but the ground strikes cost a bit more than Azure Defender. Still, it's pricey for a company like ours. Maybe well-established organizations can afford it, but it might be too costly for a startup. They should try some open-source tools. That's how it is today.

Compared to other products, Azure Defender's main advantage is native integration with all Azure services. If your company uses Active Directory and builds everything on Azure, you get it as a complete package. There's no need to buy another tool and set it up in your cloud environment. 

Everything is built into Azure, and if we go for cross-cloud development with Azure Arc, we can use most of the features. While it's possible to deploy and convert third-party applications, it is difficult to maintain, whereas Azure deployments to the cloud are always easier. Also, Microsoft is a big company, so they always provide enough support, and we trust the Microsoft brand. 

I rate Azure Defender eight out of 10. If you're looking for standard Azure Defender services like cloud posture management or application security, these features are all highly mature. Defender also has newer capabilities that they recently introduced, such as endpoint security, cross-cloud integration with Azure Arc, and Kubernetes runtime security. 

These are all new services, so potential users need to think twice before buying into it solely for these features because I don't think the support is there to encourage customers to buy the product. I don't feel confident about Microsoft's support in these particular areas. I would exercise caution before buying Defender for these particular use cases. 

Defender acts as a CSPM solution, a post-share management solution for cloud security. We use it to find weak spots in our cloud configuration and strengthen the overall security posture of our cloud environment. With this particular tool, we seek to protect workloads across various environments. We have about 3,000 endpoints and 100 users in the United States alone. 

Defender gave us more substantial visibility into our security, helping us increase our overall security posture and manage risks throughout the entire organization. It helps us make decisions about specific kinds of risks. If we see a glaring vulnerability, we can determine whether this is an acceptable risk or something that requires urgent action. The risk level determines our investment and budgeting, and the amount of work needed to remedy that. It provides a lot of valuable information for informing our comprehensive risk management strategy.

The solution does a pretty good job of finding previously unknown threats. It helps keep us aware of the kinds of threats that are out there and how we could potentially be impacted. Defender gives us a high level of information about unknown or zero-day threats. It's sometimes hard to gauge whether everything is there because the report is customized based on our infrastructure and what might be pertinent to us.

They've always notified us when there was a zero-day threat. I think there have been a few instances where they altered us about a new threat before it was publicized, which is a good sign that they value us as a customer. They've warned us about something before releasing it to the wider public.

Defender improved our SOC efficiency and saved us from having to add more personnel on the SOC side. It definitely improved that whole area, giving us the bandwidth to work on other things. Defender reduced our detection time because they are proactive about notifying us. I haven't seen too much of a time lag. There were a few instances, but it was never something critical where we had to call them out and ask if this was an issue or something. 

Time-to-response has also gone down. The sooner we get the notification, the quicker we can jump on something. It helped us respond to any potential breach or attack faster. 

It also saved us money because we don't need to deploy a second product to get some additional coverage. It also saved us from adding more security staff. Overall, it has had a positive financial impact on the company. 

The vulnerability reporting is helpful. When we initially deployed Defender, it reported many more threats than we currently see. It gave us insight into areas we had not previously considered, so we knew where we needed to act.

Defender's ability to protect multi-cloud environments is essential for us. Our company's offerings are based on tasks, and these cloud service providers are critical infrastructure for us. If anything bad happens, it compromises our services. We need to understand and improve our posture.

It also seamlessly integrates with Sentinel. It was fairly easy because we already leveraged Microsoft 365 earlier, so adding the Sentinel piece was pretty quick. It took a day to figure out and go ahead with the actual deployment. This integration with 365 and Sentinel provided timely intelligence over time. It becomes a problem if we don't get a threat notification in time. They are highly proactive about delivering that information in the initial alert and backing it up with more details as the situation develops.

Microsoft has a relatively sizeable threat-hunting group constantly digging up many things. That helps because it gives us confidence if we face some threats that not many other players are exploring. With this particular product, we're confident they'll let us know where we stand. 

Microsoft sources most of their threat intelligence internally, but I think they should open themselves up to bodies that provide feel intelligence to build a better engine. There may be threats out there that they don't report because their team is not doing anything on that and they don't have arrangements with another party that is involved in that research. 

Opening up to more collaboration with different entities in the private or public sector would help them feed more information to the customers and improve their security posture. More partnerships with other players who can feed them intelligence will help them develop the engine powering this product, ultimately benefiting every customer who uses it. 

I have been using Defender for Cloud for about a year and a half. 

We've had a positive experience overall with Defender's unified portal. We seldom see any bugs. Sometimes, there is a lag in the reporting and some inconsistencies with our searches, but it's rare. There were some periods when their service was not running properly.

While there hasn't been a significant outage, we've experienced some performance degradation where Microsoft notified us that they were having a problem. They informed us ahead of time when there are issues, but I've never had a complete outage thus far. 

Defender for Cloud is scalable, given the licensing model. The performance doesn't suffer under a heavy workload. Many organizations I know have a massive workload, and they're still leveraging Defender without any issues. I rate Defender an eight out of ten for scalability.

I rate Microsoft support an eight out of ten. Their support is great, so we have no complaints. They were responsive when we had issues.

Positive

We used SentinelOne only for endpoint threat detection. That's probably the closest competitor. We haven't used any other solutions besides that. 

Setting up Defender for Cloud was relatively straightforward. We worked with a person assigned from Microsoft, who gave us a walkthrough of the steps we needed to take.

Defender doesn't require much maintenance after deployment other than a few pieces of infrastructure we have internally. We need to monitor the solutions to check alerts and security advisories, but we've never had to deal with any maintenance.

We ended up using a reseller. They were good. I used them for other vendors, and we've had a productive relationship working on multiple initiatives. This one was nothing new. 

They have a free version, but the license for this one isn't too high. It's free to start with, and you're charged for using it beyond 30 days. Some other pieces of Defender are charged based on usage, so you will be charged more for a high volume of transactions. I believe Defender for Cloud is a daily charge based on Azure's App Service Pricing. 

It's a negligible cost if your usage isn't that high, like a few cents. It's appealing for people to try it. If you don't plan to use it much, you won't have a high bill.

Other options were considered, but it came down to the level of value we would get from a holistic vulnerability intelligence product like Defender for Cloud. Also, Microsoft products are pervasive, with a much broader customer base. That was a deciding factor. We saw much more potential from Defender compared to the alternatives. Even though the competition solutions may have functioned better in terms of providing more intelligence, other factors weighed in favor of Microsoft Defender.

I rate Microsoft Defender for Cloud an eight out of ten. I recommend doing a PoC. You shouldn't implement something after only reviewing the documentation and marketing materials. Put it through a PoC for a month at least to get a feel for how it functions and whether it satisfies your requirements. 

We had multiple use cases at my previous company. I changed companies during their implementation stages of this solution. From what I saw, the solution has a good use case for SIEM.

It helped improve my previous organization's security posture. Their previous solution was running separately in each region. That has now been centralized by moving to the cloud. This was a huge change for their operations because they used to have multiple vendors managing their SIEM. Now, that has been consolidated under a single vendor. This consolidation has improved response times.

We saw improvement from a regulatory compliance perspective due to having a single dashboard.

I felt that there was disconnection in terms of understanding the UI. The communication for moving from the old UI to the new UI could be improved. It was a bit awkward.

I have been using Azure Security Center for five to six years. I was using it as my previous organization up until six months ago.

The stability was good.

The solution was very much scalable.

Overall, there were around 150,000 users beginning to use it at the organization.

We didn't use technical support directly from Microsoft. We used the third-parties' support.

We were previously using multiple solutions that integrated with SAP. For example, one region would be running QRadar and another region would be using Symantec. Each region of the company was just running it in silo mode off their internal Exchange. As part of centralizing a global solution, we chose to go with Azure Security Center, because our on-prem solution was not really working for us. This is why we started using Azure Security Center.

The initial setup was easy; it was not complex.

The deployment took a month.

The transition went well. I didn't see any challenges.

The setup was done by a third-party vendor, Fujitsu, who was very good. There was also another vendor, Microland, who had good knowledge and helped us with building it.

Not too many people were needed for the transition between solutions. I am unsure of the number of people needed because multiple activities were being run during the process, e.g., SharePoint migration.

The solution helped out management a lot. It reduced about 50% of the time needed to spend on this after implementation.

The organization saved money by consolidating into one solution instead of two or three. 

Microsoft's licensing and pricing are sometimes complicated. If someone is new to Microsoft's licensing, they might have difficulty with it.

We might have looked at other competitors. However, Azure Security Center was attractive because of its licensing, which was packaged with the Office 365 licensing, as well as the fact that it is a single solution.

I liked the centralization that it offered. However, I am cautious about the licensing part because I am unsure how you would manage the solution if it wasn't bundled.

When we started, our team didn't make a clear roadmap, which slowed us down. I recommend that you clearly define your roadmap before getting started.

The solution is very good. I would rate it as eight out of 10.