Microsoft Defender for Cloud Reviews

Typically, when we have a scenario where a client wants to migrate their resources to Azure, they might migrate their IaaS platforms, such as virtual machines; they might migrate their applications or their databases; they could also migrate into Kubernetes services. There are a variety of projects. I work for many types of customers where all these different scenarios are involved, including applications, app services, database as a service, IaaS by default, and Kubernetes.

With a project that I recently completed for one of our customers, the requirement was around their bidding application on-prem, utilizing different cognitive services and AI modules on Azure. They wanted to containerize this entire application with AKS, Azure Kubernetes Services. They did so, and Security Center was integrated with this entire AKS system. What Security Center provided us with was a solution for how we could better secure this entire environment. It provided some recommendations on pod security and how the pods do not need to communicate with each other. It recommended isolating these pods for better security, so that even if a certain user got access to a pod, or a certain threat was detected for one of the pods, we wouldn't have to worry about the entire system being compromised. By implementing the recommendation, if a pod is compromised, only that pod is affected and can be destroyed anytime by the AKS system.

Another recommendation was for enabling some edge layer WAF services, by leveraging a Microsoft out-of-the-box solution like Front Door. Security Center said, "Okay, now that the application is being accessed over the public internet, it is not as secure as it could be." An edge solution, like an application delivery controller such as a WAF or a CDN service was another option. It could be anything that sits at the edge and manages the traffic so that only authorized access is allowed within the network. Security Center recommended Front Door, or we could leverage other solutions like Cloudflare, or a vendor-specific solution like F5. We could then make sure that any Layer 7 security is handled at the edge and doesn't affect the application inside. SSL offloading is taken care of at the edge. Any region-specific blocking is also taken care of at the edge. If an application is only accessed in the U.S., we can block locations at scale with this solution. That is how Security Center provided us with some recommendations for better securing the environment.

Another way that Security Center can help is that it can benchmark the infrastructure in terms of compliance. Compliance-based infrastructure is one of the norms nowadays. If an application is health-based or it's a Fintech-based application, certain standards like HIPAA, NIST, or PCI need to be followed by default. Auditors or compliance teams used to run through a manual checklist to make sure that the environment was secure. But with Security Center, we can do it via an automated layer, introducing regulatory compliance policies. Security Center performs scanning of the entire environment, in regard to the policies, in real time. Using the example of the bidding system, it's a Fintech environment and, while having NIST is not mandatory, we could enable a benchmark run-through, to make sure the infrastructure is NIST-compliant.

With Security Center, we applied policies that align with these types of compliance. Security Center takes these policies and runs through the infrastructure to see what the gaps are and provides us with a report on what is compliant on the infrastructure and what is non-compliant. We can fix those non-compliant parts.

For any type of service, I would recommend the go-to solution for security on Azure is Security Center. The advantage is, firstly, is that it has seamless integration with any of the services I mentioned, on Azure, such as IaaS platforms, virtual machines, applications, or databases, because it's an in-house product from Microsoft within the Azure ecosystem. It has seamless integration with their Log Analytics workspaces, and it also provides some insights into what can be a better solution when it comes to securing their environment.

When it comes to improving the security posture, whenever we have a small project for a customer where they want to migrate their resources into Azure, once the resources are migrated, such as the ones I noted above, we go ahead and integrate Security Center in various ways. One of those ways is to use an agent that can be installed on virtual machines so that we can extensively monitor security alerts or threats that happen on the device. 

But for platforms as a service, we can't have an agent installed, so it integrates with the Log Analytics workspace. For any PaaS services, or a database as a service, or data lakes, we take their Log Analytics workspace and integrate it with Security Center. Once we have integrated it, Security Center discovers the resources, determines what the different configurations are, and provides us with some recommendations for the best practices that Microsoft suggests.

For example, if the Security Center agent is installed on a virtual machine and it scans the environment and identifies that the access to this VM is public and also doesn't have any MFA, it will recommend that blocking public access is one of the best practices to make sure that only safe access is allowed. Along with that, it can also provide us with some insights about enabling MFA solutions that can provide an additional security layer. Those are examples of things that Security Center can recommend for providing a more secure infrastructure

There is a slight gap between the real-time monitoring and real-time alerts. While Security Center has the ability to detect sophisticated attacks or understand potential threats, I feel that if the response time could be improved, that would be a good sign.

In addition, when it provides recommendations, those recommendations have a standard structure. But not all the recommendations work for a given environment. For example, if a customer is already using a third-party MFA solution, Microsoft doesn't understand that, because Microsoft looks into its own MFA and, if not, it will provide a recommendation like, "MFA is suggested as a way to improve." But there are already some great solutions out there like Okta or Duo, multi-factor authentication services. If a customer is already using Okta as an SSO in its entire environment, they will want to continue with it. But Security Center doesn't understand that and keeps making recommendations. It would help if it let us resolve a recommendation, even if it is not implemented.

Security Center provides what it calls secure score. This secure score is dependent on the recommendations. It tells you that if you resolve this recommendation, your secure score will be improved. In the case where a client is already using MFA, but the particular recommendation is not resolved, there is no improvement in the secure score. There is a huge mismatch in terms of recommendations and the alignment of secure score. MFA is just one small example, but there are many recommendations that depend on the client environment. There is room for improvement here and it would help a lot.

I'm a network and security architect for a Microsoft Gold partner. I have been extensively using Azure for five years and have been involved in multiple security and network projects. I have been using Security Center, specifically, for more than three years on Azure, applying recommendations and working on integrations with other services, etc.

The performance is pretty crisp. Because it is a platform service, we don't have to worry about the availability or response time. It's all managed via Microsoft. The performance is good for now, but it can be improved. It could be more real-time. There are many things that Security Center does in the background, so that may make the response time a bit slow. If we apply certain policies, it will run through the entire environment and give us a report after about 30 to 45 minutes. That layer could be improved.

This is a platform service and Microsoft has scalability under its control. It can scale to all of Azure.

As a Microsoft Gold partner, most of the time we work directly with the engineering team or with the Microsoft sales team. Because we are working day-in and day-out with Security Center, we are well aware of its issues, capabilities, features, and the depth of its tools. The basic, level-one or level-two support team just follow a standard. 

But there has been a huge improvement in terms of Microsoft support and they provide some really good support for Security Center.

The initial setup is very straightforward. There's nothing complex about it.

Implementation generally doesn't take a huge amount of time. Because Security Center is a service, the agents need to be installed on a virtual machine or servers. If it's an IaaS application or platform services, the log analytics need to be integrated. In an environment with about 30 or 50 servers, we could run the script and complete the onboarding of the servers into Security Center within a day, and the same is true for platform services.

But it's not just about onboarding it because Security Center also provides some recommendations, and we work on those.

I lead a team of four people who work specifically on Security Center. There are other sections of Azure Security that they work on, such as Azure Sentinel, Azure ADP, Microsoft 365 security and compliance for our portals. But for these four people, about 25 to 30 percent of their roles involves managing Security Center.

The return on investment is pretty great in terms of the feature set that Security Center provides. There are so many solutions out there that can do similar things, but at the same time, they do not have such seamless integration with other services on Azure. The return of investment is in the ease of management and the great visibility.

Pricing and licensing is a standard process. It's not as complicated as other Microsoft licensing solutions. Security Center charges $15 per resource for any workload that you onboard into it. They charge per VM or per data-base server or per application. It's not like Microsoft 365 licensing, where there are levels like E3 and E5. Security Center is pretty straightforward. With Security Center, there are no other fees in addition to the standard licensing fees.

We have other, third-party vendor solutions, but Security Center provides that seamless integration, along with some insights that other platform services do not. There aren't a lot of other vendors out there that can integrate with Azure platform services. It's the only solution that we recommend.

Other solutions include Qualys, Rapid7, Tenable, and Nessus. As system integrators, we generally recommend Security Center. But if a client has already made a huge investment in Tenable or Qualys, they will want to continue with that. If a client does switch, they will see the advantages of all the integrations and services that can all work together. They will have a single plane of control.

The seamless integration is one of the key benefits. It integrates well with the whole Azure ecosystem. A second advantage is not having to worry if Security Center will be able to scale. A third advantage is that it is an all-in-one service. You don't have to have multiple services for threat protection, for endpoint protection, for recommendations, and for compliance. This is one tool that can do a lot.

In terms of the cons of Security Center, there are a lot of things. Vulnerability management is available, but vulnerability assessment is not available within Security Center. That is a huge gap. As of now, Security Center relies on third-party tools in this area and we have to integrate it with them. There is also the lack of custom recommendations for the environment. That is a feature that would be helpful.

When it comes to endpoint solutions, Microsoft ATP is available, but some of our clients already have a solution such as CrowdStrike.

My advice is to go with Security Center. It's a really good tool and provides some good recommendations for the environment. Other tools can provide recommendations, but then we have to do them manually. Security Center does them automatically. That's one of the advantages that stands out compared to other tools. For anyone who asks, "Why Security Center?" I would tell them that if all their resources are being deployed, or all their applications are being hosted on Azure, this is the only solution, the best solution, out there.

I don't think there is much effect on end-user experience here, because whenever you talk about Security Center, the agents or tools are applicable to the underlying infrastructure rather than the end-user. For example, an application is hosted on a server or, for platform services, it's being integrated with these services. While a user is accessing these applications, Security Center just scans the data to understand what the incoming traffic is like. It provides intelligence reports such as where the traffic is coming from and what kind of data is being accessed for the end-user. Apart from that, it doesn't affect anything for the end-user.

I used Defender for Cloud in Azure Kubernetes Service and virtual machines to provide more security to these environments.

We are a financial company, so Defender for Cloud helps us create multiple layers to protect assets and ensure a more secure environment. The solution improves our efficiency. We've increased our security posture by around 30 percent. 

Defender for Cloud's most valuable features are the dashboard and alerts about issues inside virtual machines or containers. It covers a wide range of workloads. Defender provides a prioritized list of remediations that helps us improve our team's capacity. Integrating Defender for Cloud with Sentinel has increased our visibility. The solution's coordinated detection and response across devices and identities is impressive because it is complete.

I would like to see more connectors and plugins with other platforms.

I have used Defender for Cloud for three years.

The stability of the solution is good. I don't have a problem with it.

Its ability to scale is good.

I rate Microsoft support eight out of 10. Customer service is good. I deducted two points because the documentation could be clearer. 

Positive

I did not use a previous solution prior to using Defender for Cloud.

The rollout was good. It was easy.

I am a reseller. I am partnering with TD Synnex and TeleScenics.

The return on investment is high, it's about 20 percent.

I did not consider any other solutions.

I would rate Defender for Cloud an eight out of 10. 

We use Microsoft Defender for Cloud to manage our cloud security posture. We also use Container Protection, which provides additional security for our containerized workloads. This gives us the visibility we need to ensure that our cloud resources are secure.

We use Microsoft Defender for Cloud to natively support Azure Cloud.

Microsoft Defender for Cloud's ability to protect our hybrid environments is definitely critical because we are on the journey of transitioning from hybrid to the cloud. In order to do that, we need a platform that can help us through the transition.

The solution's unified portal is essential for managing and providing visibility across our hybrid and multi-cloud environments. Visibility is something that every security operation needs and it gives us leverage to improve our security posture. This is great.

The single pane of glass view is critical for our organization. This is because we previously used a different platform, so we are all familiar with its features and how to improve upon them. Our heavy investment in Microsoft products made Defender for Cloud a natural choice.

Our goal is to increase our secure score. As we take steps to mitigate risk, our secure score will increase, giving us the feeling that our cloud resources are secure.

Microsoft Defender for Cloud significantly improves security operations. Instead of having to look at multiple windows or portals, it provides a single pane of glass for the investigation and remediation of cloud resource risks.

Microsoft Defender for Cloud helps us proactively discover unknown threats and defend against known threats. It also helps us improve our security posture and defend our cloud resources. We do not normally have external Internet-facing resources, but when we do, Microsoft Defender for Cloud helps us meet compliance requirements.

DSPM is the most valuable feature. It integrates with standard frameworks, so we can easily see if there are any gaps in our compliance with NIST standards. This allows us to identify areas for improvement and ensure that we are meeting all applicable requirements.

I would like to have the ability to customize executive reporting.

I have been using Microsoft Defender for Cloud for five months.

In the short time we have been using Microsoft Defender for Cloud it has been stable.

Microsoft Defender for Cloud is scalable, and we have not yet needed to scale it up.

We previously used Prisma Cloud, but we switched to Microsoft Defender for Cloud due to internal business decisions. We have since merged with a company that also uses Microsoft Defender for Cloud. We want to leverage the licenses from the merged company and also cut costs in our security portfolio.

The implementation was completed in-house. The solution's maintenance is easy.

I give Microsoft Defender for Cloud an eight out of ten. We have not used all the modules yet.

The time to detection has remained relatively the same.

Our time to respond has remained the same because we previously used Prisma Cloud. Prisma Cloud is what we were using before, so we already have an established service level for handling incidents. We are remediating some of the configuration and cloud issues.

The primary users of the solution in our organization are the automation team and the software engineering team. We have also migrated some of our ERP systems to the solution.

I recommend Microsoft Defender for Cloud because it is a mature product that can meet most businesses' security requirements and budgets.

I use Microsoft Defender for Cloud mainly for cybersecurity, threat prevention and detection, and implementing zero trust principles. It serves as an endpoint security tool for securing our cloud services.

The tool's most valuable feature is its support for cloud-native services like Kubernetes, containers, managed storage, and databases. Protecting these without Microsoft Defender for Cloud would be extremely challenging. For threat protection specifically, I find the signature-based detection and heuristic detection features very effective.

The compliance management features integrate well with Cloud Security Posture Management (CSPM), giving a full view of infrastructure compliance with regulations like HIPAA, PCI DSS, and ISO 27001.

For improvements, I'd like to see more use cases integrated with Microsoft Sentinel and support for multi-cloud environments beyond just Azure.

I have been working with the product for a year. 

Regarding the stability of Microsoft Defender for Cloud, I would rate it lower due to some issues. Sometimes, the portal is not easy to access as it's Internet-based. We face delays while accessing the portal, which can be challenging. This could be due to Internet latency or other issues. However, from the solution perspective, it is quite stable.

I rate the solution's scalability an eight out of ten. My company has 4000 users. 

The initial setup was somewhat challenging - I'd rate it a three out of ten in ease of setup. Understanding the solution and ensuring all use cases work with Microsoft Defender for Cloud was challenging, but once you get the hang of the cloud, it's straightforward to set up. It took about a month to deploy, with three to four people involved in the project phase. Now two people manage it.

The deployment process was quite simple, as we're using Microsoft Azure Cloud. It involved activating the subscription as part of the license.

Integration with our existing infrastructure was mostly smooth, with some resolved certificate signing challenges. Overall, it was quite smooth.

Regarding return on investment, Microsoft Defender for Cloud is fulfilling its purpose. There's always room for improvement, and Microsoft is working on it. They regularly introduce new features, and their business development team is active in engaging customers about new features and benefits.

We decided to go with Microsoft Defender for Cloud because of its ability to cover cloud applications. No other tool we've seen has such vast coverage for Azure Cloud applications. Also, since it's a Microsoft native tool, it's easier to implement in Azure cloud.

Overall, I would rate Microsoft Defender for Cloud eight out of ten.

My advice for other users using the tool is to first do a proper risk assessment around the cloud, develop use cases based on the protect-identify-detect-defend model, and then implement the solution accordingly.

We use Microsoft Defender for Cloud primarily for cloud security management, which includes vulnerability management. In a security environment, managing vulnerabilities is a top priority. Defender for Cloud helps identify and mitigate these vulnerabilities and protect against threats like viruses, worms, and spyware.

It offers virus management and addresses threats such as viruses, worms, spyware, and other critical security concerns.

Support needs to be highly responsive, especially in large enterprise environments. When support is required, it must be immediate, as there could be urgent situations. For instance, prompt resolution is essential if there's a critical issue like a global cyber threat that impacts networks worldwide.

If our team encounters such a problem and needs assistance, we require a support team that can provide immediate, hands-on help to resolve the issue effectively. Quick and expert support is crucial for managing high-level emergencies and ensuring smooth operations.

I have been using Microsoft Defender for Cloud for 25 years.

It is useful for small companies as well. It provides robust security without requiring a dedicated, highly qualified team to manage it.

The solution is scalable. It is suitable for large enterprises. 

I rate the solution’s scalability a ten out of ten.

The solution is easy to setup and configure.

Deployment of Microsoft Defender for Cloud is typically based on the infrastructure size, including factors such as the footprint, network, and devices that need protection. When deploying Microsoft Defender for Cloud, agents must be installed on various devices within the network, including servers, desktops, and other appliances that require protection.

Specific government protocols and security standards must be followed in a secure environment. Microsoft Defender for Cloud helps manage vulnerabilities in your cloud infrastructure. It offers protection against threats such as worms, spyware, and viruses. The tool provides continuous monitoring and real-time threat detection, which is essential for maintaining a secure network environment.

Overall, I rate the solution an eight out of ten.

We use Microsoft Defender for Cloud as one of the sources for our Azure environment. We have a managed detection response solution, and we add data sources to it, like SOC, SIEM, and SOAR solutions. We also want to have data in our Azure cloud environment.

We deploy this solution in multiple regions like Europe and Oceania.

We have multiple solutions like our data analytics platform and our system development platform. Our web shops use it. Almost everything is in the cloud.

We have approximately 2,000 end users.

The solution is deployed on the Microsoft Azure cloud.

The solution helps our teams to be more aware of security and protects our environment.

Most importantly, it's an integrated solution. We also use Defender for Endpoint. For Office 365, we use Defender for Identity. 

We have integrated some of these products into our MDR solution. It's not a Microsoft Sentinel SOC, but we have a SOC/SIEM from a third party.

It's really easy to integrate because it's just an interface, a Microsoft Graph security API. We can collect all the data and forward it to our solution.

This solution is for detection and response, so it helps us prepare for potential threats. We have special teams for threat hunting the data.

We use this solution for extra security in our environment. We secured our Azure cloud environment with firewalls and application gateways, but we also want to have trust in our resource groups. That's an extra line of defense for our security.

We don't use the interface a lot because we use it as a data source for our MDR solution. The MDR solution is our main interface.

These solutions work natively together because we don't just use Microsoft products as a data source. We use all kinds of security products as data sources, like our firewalls, gateways, and event collections from Windows and Unix.

Threat protection is comprehensive and simple. We have an enterprise agreement with Microsoft itself, but we also have CSP contracts with several parties, so we can easily get the licenses we need. It's very easy to install.

Sometimes it's very difficult to determine when I need Microsoft Defender for Cloud for a special resource group or a special kind of product.

In Defender for Endpoint, the software is capable of acting immediately if something occurs. If an attacker wants to encrypt the disc, for instance, we're able to react immediately. I don't know if Defender for Cloud has the same capabilities.

I have used this solution for about a year and a half.

At the moment, I think it's a very stable solution. We haven't had any problems with it.

It's scalable.

From Microsoft's perspective, it's fine. We don't have any issues at the moment.

I would rate technical support an eight out of ten. 

The initial setup is straightforward. It took 10 seconds.

We have a Cloud Security Provider, so I don't know how much time they spent on deployment.

The solution hasn't required any maintenance yet. We are trying to innovate each solution. It's an ongoing business process to innovate.

We haven't seen ROI yet, but we plan to. The first sign is safety first. Safety will cost money, so it shouldn't be too much.

Pricing is difficult because each license has its own metrics and cost.

We evaluated other options. We have a lot of other products like McAfee, but we are changing everything to Microsoft Defender.

We decided to switch because we want to have an overall standard that's enterprise-wide so that everything is easier to manage and the data it delivers is all the same. We wanted to have one view of everything.

I would rate this solution an eight out of ten because we don't use all of the capabilities yet. At the moment, we still only use the data sources. I'm happy with it so far.

Instead of a single vendor security suite, I like having at least two so that they can challenge each other.

Microsoft Defender helps us prioritize threats across our enterprise, but we only prioritize our high-risk resources with Defender products.

It's difficult to say if the solution saved us time because we use it for our Azure cloud environment, so we're working in the cloud.

At the moment, we're not saving money. The solution costs our company money. It's like having insurance: It doesn't save costs, but it might save us costs if something happens. It's about risk.

It hasn't decreased our time to detect and respond yet, but it should be because we have our data source on Endpoint and in the cloud. It's an integrated solution. When we find something anywhere, we can act everywhere. We have more possibilities.

We use the solution as a VPN and for endpoint security. 

I've seen benefits since implementing Microsoft Defender for Cloud. It's easy to manage for our large organization as an endpoint security solution. It integrates well with Office 365 and Windows 11, which is better than before. Patching, updates, and threat protection are all handled together now. Its AI features help predict threats. 

We've automated some processes, like batch updating and vulnerability detection, using AI. Our dashboard tracks every machine's IP and identifies vulnerable software. Using AI, we can gather this information and provide it to users. We also use chatbots to provide solution steps.

Microsoft Defender for Cloud is not compatible with Linux machines. 

I have been working with the product for three to four years. 

I rate the tool's stability a ten out of ten.

I rate Microsoft Defender for Cloud's scalability as nine out of ten. My company has more than 300 users. In our environment, we're using it on over 130,000 machines.

The solution's deployment process is not complex and is completed in 20 minutes. 

The solution helps to reduce costs by 20 percent. 

The solution is expensive, and I rate it a five to six out of ten. 

I would recommend the solution to others and rate it a nine out of ten. 

My client, a construction company, needed to replace their antivirus solution, including their Azure and on-prem services. They decided they wanted to use Defender for Cloud, so I started to implement it for them. The license for their antivirus software was about to expire, and they didn't want to spend much money. They opted for Defender for Cloud to replace Symantec. System Center (endpoint protection), Security Center and Advanced Threat Protection were all consolidated into one product called  Defender for Cloud. 

The company I worked for was divided into several teams. We had an Azure Infrastructure team and workplace teams providing local on-premise services. The client was the biggest construction company in the country, with multiple locations. 

The strong point of Defender, especially when using Azure Arc to bring in on-premises systems, is that it doesn't matter where these systems are. They're just resources in the portal. If you see them and can install agents on them, it's fine. It doesn't matter how it's distributed or where the locations are. 

I believe that Microsoft Defender for Cloud raised our client's Microsoft Security Score to around 79 percent. That includes other security components. It's not just antivirus. There are all sorts of things that contribute to the score, for instance, the use of public IP addresses on VMs.

Our clients also saw some financial benefits because they didn't need to renew the Symantec license, but the biggest benefit was the ability to install Defender on Azure and on-premises machines from a single point.

Defender lets you orchestrate the roll-out from a single pane. Using the Azure portal, you can roll it out over all the servers covered by the entire subscription. Having that unified portal was nice, but it was a challenge. We first implemented Azure Arc, which allowed us to incorporate our on-prem machines like they were actual Azure resources. The single-pane-of-glass management is highly practical. We are accustomed to managing systems across different portals or interfaces, so it's convenient to do it from one place. That's a bonus, although it's in no small part thanks to Azure Arc. Defender then takes all the services it finds in Azure Arc and it rolls them out seamlessly as long as they ause Server 2016 version or above.

It's a severe issue when you need to install Defender for Cloud on Microsoft operating systems older than 2016. Operating systems released after 2016 will seamlessly integrate with Defender with no problems. Older operating systems don't integrate smoothly. The 2012 operating systems will continue to be used for years. The 2008 systems will be phased out, so that won't be a problem for long, but you need some quick fixes to install on a 2012 OS.

The older the operating system, the more difficult it is to detect if the solution is working. That was a significant problem. It works fine on a newer OS. On the older ones, we had to do some tricks to determine if it was correctly deployed and working since the integration of Defender in the older OS is a lot less. Microsoft couldn't help us with that.

Another thing is that Defender for Cloud uses more resources than for instance, CrowdStrike, which my current company uses. Defender for Cloud has two or three processes running simultaneously that consume memory and processor time. I had the chance to compare that with CrowdStrike a few days ago, which was significantly less. It would be nice if Defender were a little lighter. It's a relatively large installation that consumes more resources than competitors do.

I have been implementing Microsoft Defender for a large construction company. We started the contract about three or four months ago. I was only responsible for the installation. We aren't the team that monitors or maintains the solution. That was not my task. We were just responsible for installing it and ensuring it worked on every machine.

Defender is relatively stable as far as I can tell. It works great except for the issues with older operating systems. In some cases, you may need to come up with a workaround. 

The solution is scalable if you activate the Defender plan for all servers and containers. When you deploy new ones, it automatically picks them up and installs the components. It's perfectly scalable in that sense.

I rate Microsoft support five out of ten. You can open up a support ticket and get into Microsoft's general support chain. You need to explain the issue, and they'll get back to you. Nine times out of ten, you will get someone new and need to explain the situation again. That doesn't help much. In the end, we had to fix it all ourselves.

We had a contact at Microsoft Amsterdam who was helpful. He was more of a sales contact. He told us the best approach and turned out to be correct.

Neutral

It wasn't my decision to go with Defender for Cloud.  That doesn't mean that I would've chosen anything else per se, but those decisions are made on the managerial level. 

Installing Defender was straightforward as long as you're dealing with a more current operating system. On a post-2016 operating system, it's only a few mouse clicks. That's the beauty of the cloud. It arranges everything for you. The on-premise solution usually works the same. It's seamless. You activate the plan, select for which resource types you want to enable Defender, (including on-prem machines using Azure Arc) then hit "go." All that changes on older operating systems.

We had to create a design, test it, and get approval from management. We first tried it on a 2019 operating system, which was a piece of cake, but we faced challenges deploying it on 2008 and 2012 systems. That's why it ultimately took us three weeks to complete the deployment. If you don't have any older operating systems, it's quite effortless. 

We had four people working on the implementation, including three technicians. I was the only one from our Azure team, and there was another person from the workplace team who had access to the on-premise servers. He could log in to run some scripts and see if everything worked. We also had a project manager and a person from the client's team to test as soon as we were ready. 

I rate Defender for Cloud eight out of ten. It uses more resources than competing solutions, but that's the only issue. If you plan to implement Defender for Cloud, I recommend considering the operating systems you use. 

If there are a lot of Server 2008 and 2012 VMs, it might not be the best solution. It is still possible, but it's harder to monitor and manage. It's tricky to check if everything works. These issues don't exist as long as you use the 2016 version or above.