Microsoft Defender for Cloud Reviews

We use Microsoft Defender for Cloud to manage our cloud security posture. We also use Container Protection, which provides additional security for our containerized workloads. This gives us the visibility we need to ensure that our cloud resources are secure.

We use Microsoft Defender for Cloud to natively support Azure Cloud.

Microsoft Defender for Cloud's ability to protect our hybrid environments is definitely critical because we are on the journey of transitioning from hybrid to the cloud. In order to do that, we need a platform that can help us through the transition.

The solution's unified portal is essential for managing and providing visibility across our hybrid and multi-cloud environments. Visibility is something that every security operation needs and it gives us leverage to improve our security posture. This is great.

The single pane of glass view is critical for our organization. This is because we previously used a different platform, so we are all familiar with its features and how to improve upon them. Our heavy investment in Microsoft products made Defender for Cloud a natural choice.

Our goal is to increase our secure score. As we take steps to mitigate risk, our secure score will increase, giving us the feeling that our cloud resources are secure.

Microsoft Defender for Cloud significantly improves security operations. Instead of having to look at multiple windows or portals, it provides a single pane of glass for the investigation and remediation of cloud resource risks.

Microsoft Defender for Cloud helps us proactively discover unknown threats and defend against known threats. It also helps us improve our security posture and defend our cloud resources. We do not normally have external Internet-facing resources, but when we do, Microsoft Defender for Cloud helps us meet compliance requirements.

DSPM is the most valuable feature. It integrates with standard frameworks, so we can easily see if there are any gaps in our compliance with NIST standards. This allows us to identify areas for improvement and ensure that we are meeting all applicable requirements.

I would like to have the ability to customize executive reporting.

I have been using Microsoft Defender for Cloud for five months.

In the short time we have been using Microsoft Defender for Cloud it has been stable.

Microsoft Defender for Cloud is scalable, and we have not yet needed to scale it up.

We previously used Prisma Cloud, but we switched to Microsoft Defender for Cloud due to internal business decisions. We have since merged with a company that also uses Microsoft Defender for Cloud. We want to leverage the licenses from the merged company and also cut costs in our security portfolio.

The implementation was completed in-house. The solution's maintenance is easy.

I give Microsoft Defender for Cloud an eight out of ten. We have not used all the modules yet.

The time to detection has remained relatively the same.

Our time to respond has remained the same because we previously used Prisma Cloud. Prisma Cloud is what we were using before, so we already have an established service level for handling incidents. We are remediating some of the configuration and cloud issues.

The primary users of the solution in our organization are the automation team and the software engineering team. We have also migrated some of our ERP systems to the solution.

I recommend Microsoft Defender for Cloud because it is a mature product that can meet most businesses' security requirements and budgets.

I use it for managing our customers' server vulnerability assessments for regular and SQL servers. I also use it to get a security score for the resources of our customers that are on Azure, as well as security posture management. 

We also have regulatory benchmarks to audit our customers' resources that are on Azure to check whether they're meeting regulatory standards like ISO 27000.

It has enabled our organization to have an organized approach to, and quick visibility, or a bird's-eye view, of the current security portion. The way the portal organizes things has allowed us to focus on the specific vulnerabilities and security gaps that have to be fixed quickly. It gives us flexibility on what we should be checking on.

Defender for Cloud has helped us reduce or close some of the key security gaps of our main assets on the cloud. It has also helped us comply with some of the regulatory compliance standards, like CIS and ISO 27000 because of its main features. And it has also helped us in terms of threat detection and vulnerability management.

Another benefit is that it has really helped detect some of the Zero-day-model threats. We've also been able to utilize the automation features to investigate and remediate some of the threats that have been discovered. It has improved the time it takes to remediate threats, mainly because of automation. The logic apps that we've been able to set in either Sentinel or Defender for Cloud are the main components that have really improved that efficiency, and the time needed for remediating threats.

The time to respond is near real time, if the logic apps are in use, because it's just a matter of putting the playbooks into action. This is something that we've tested and found is quite effective for remediation.

The solution has also saved us money over going with a standalone solution where you purchase licenses for servers for a whole year. Now, we pay only for the servers in use. With the subscription-based model for servers, you're only paying per hour and only when the server is being utilized.

The main feature is the security posture assessment through the security score. I find that to be very helpful because it gives us guidance on what needs to be secured and recommendations on how to secure the workloads that have been onboarded.

Another component, although I can't say it's specific to Defender for Cloud, is that the onboarding process is easy. I find that helpful compared with the competitors' solutions. Onboarding the resources into Defender for Cloud is quite easy.

Also, we have integrated Microsoft 365 and Microsoft Defender for Cloud with Microsoft Sentinel and the integration is actually just a click of a button. It's very easy. You just click to connect the data sources and Microsoft Sentinel. Having them work together is an advantage. I like the fact that the main threat notification console has moved to Security Center so that we don't have to go into each of these solutions. It's beneficial having the three solutions working together in terms of the investigations that we have been doing with them.

The threat intelligence is quite good at detecting multi-level threats. If, for example, you integrate Defender for Endpoint and 365 and Defender for Identity, the threat intelligence is able to grab these two signals and provide good insights into, and a good, positive view of the threats.

The solution's portal is very easy to use, but there's one key component that is missing when it comes to managing policies. For example, if I've onboarded my server and I need to specify antivirus policies, there's no option to do that on the portal. I will have to go to Intune to deploy them. That is one main aspect that is missing and it's worrisome.

Defender for Cloud, as a solution, allows you to manage and protect servers from vulnerabilities without using Defender for Servers. I find it a bit weird, if you are to manage the antivirus for servers on the portal, that you can't deploy the antivirus policies on the same portal. For instance, if you want to exclude a particular folder from an antivirus scan or if you want to disable the antivirus from the portal, you'll not ideally do it on the portal. That's a huge part that is currently missing.

Also, some thought has to be put into the issue of false positives. We've been seeing false positives that are related to Sentinel through the integration. We have been giving them this feedback, but I don't know if that is something that Microsoft is working on.

The time for detection is one of the things that we were also supposed to raise with the Microsoft team. There is a slight delay in terms of detection. That "immediate" factor isn't there. There's a need to improve the time to detection. When malware has been detected by Defender for Endpoint, we find that it takes approximately one to two minutes before the signal reaches Defender for Cloud. If that could be reduced to near-real-time, that would be helpful. That's one of the key areas that should be improved because we've done some simulations on that.

I have been using Microsoft Defender for Cloud for three years.

It's quite stable. In my experience, there have been no issues with the stability.

Because we have Premium Support, the support is quite okay. We are able to get answers to most of the queries that we raise.

Positive

The initial setup is quite easy, especially if it's for non-servers. It's just a matter of enabling and disabling servers, using the Azure app.

And the solution doesn't require any maintenance on our side.

There are improvements that have to be made to the licensing. Currently, for servers, it has to be done by grouping the servers on a single subscription and that means that each server is subject to the same planning. We don't have an option whereby, if all those resources are in one subscription, we can have each of the individual servers subject to different planning.

There's no option for specifying that "Server A should be in Plan 1 and server B should be in Plan 2," because the servers are in the same subscription. That's something that can be fixed. 

Also, there needs to be a clear description by Microsoft for those customers who have Defender for Endpoint for Servers and Defender for Servers because now they don't know which subscription they should purchase.

I've used many solutions, but Defender for Cloud is in its own class. You can't compare it with third-party solutions because those solutions either have a third-party antivirus or they're not integrated in the same way as Defender for Cloud is. Because Defender for Cloud integrates multiple solutions within it, like Defender for Endpoint, other workloads, and the firewall manager, it stands on its own as a single solution that contains all these solutions. 

I use this solution in two different scenarios. The first is for the security and monitoring of Azure accounts. Another is for SIEM integration and the Azure Gateway WAF. Essentially, it's a one-stop solution where you can integrate all of the other Azure security products. This means that instead of maybe going to Firewall Manager, Azure Defender, or WAF, you can have all of them send statistics or logs to Azure Security Center, and you can do your analysis from there.

This product helps us with regulatory compliance.

With respect to improving our security posture, it helps us to understand where we are in terms of compliance. We can easily know when we are below the standard because of the scores it calculates.

It helps us with alerts. You're able to automatically channel these alerts to emails and get the team readily looking into the issue.

We don't need a distributed team looking at the various security solutions. Instead, they just look into Azure Security Center and then get everything from one place.

It also supports multiple cloud integration, where you can add other clouds like AWS and GCP. However, we don't use that feature. 

The most valuable feature is the help with regulatory compliance, as it gives us security scores and the CVE details.

Centralized management is another feature that is key for me.

This product has a lot of features but to get the best out of it, it requires a lot of insight into Azure itself. An example of this is customizing Azure Logic Apps to be able to send the right logs to Security Center.

The overview provides you with good information, but if you want more details, there is a lot more customization to do, which requires knowledge of the other supporting solutions. You can get the best out of it, but then you will also need to do a lot of work.

Improvements are needed with respect to how it integrates the subscriptions in various Azure accounts. You can have a lot of accounts, but you don't get detailed information. Specifically, it gives you overall score statistics, although it's not very intuitive, especially when you want to see information from individual subscriptions.

For example, if there are five subscriptions sending traffic to Azure Security Center, it gives you the summary of everything. If you want to narrow it down to one particular subscription and then get deep into the events, you really have to do some work. This is where they could improve.

In terms of narrowing things down, per account, it is not granular enough. In general, it gives you good summaries of what is happening everywhere, with consolidated views. You're able to get this information on your dashboard. But, if you wanted to narrow down per subscription, you don't want to have to jump into the subscriptions and then look at them one by one. Simply, we should be able to get more insights from within Azure Security Center. It's possible, but this is where it requires a lot more customization.

I have been using Azure Security Center for approximately two years.

In terms of stability and availability, Security Center is very good. It doesn't change. Because it's cloud-based, you don't actually have to manage infrastructure to get it up. If you are using the SIEM portion of it, it's what you are sending to it that will determine what you get out of it.

If you are using a hybrid solution from your own site then you have to make sure that your internet connection to the cloud is reliable. Your VPNs that are pushing data have to be stable, as well. Also, if you are using a third-party solution, you have to manage your keys well. But in terms of it being stable, I would say it's highly available and highly stable.

This solution is very scalable. You can integrate as many subscriptions as possible. They could be Azure subscriptions, AWS accounts, GCP, and other resources. Because it's cloud-based, I have not actually encountered any limits.

I know that with cloud providers when there are limits, you can request an increase, but in terms of how many, I have not seen any limitations so far. As such, I would say it's highly scalable.

We are using it a lot. For Azure, there are 20-plus subscriptions. We don't really use it for AWS accounts. Instead, we prefer to use AWS Security Hub on AWS, so we don't push AWS account data there. But for Azure, we used it for at least 20 subscriptions.

We have a distributed team. I have used it for the past two years in the company, and it's a huge organization. In the whole of the organization, Microsoft Azure is used as the main cloud. AWS was also used, but that was mostly for specific projects. In terms of the number of people using it, I estimate it is between 50 and 100.

Microsoft support is very good, although it may depend on the kind of support you have. We have enterprise-level support, so any time we needed assistance, there was a solution architect to work with us.

With the highest support level, we had sessions with Microsoft engineers and they were always ready to help. I don't know the other levels of support, but ours was quite good.

We began with the Security Center because it was for projects on Azure.

The initial setup is somewhat straightforward and of medium complexity. Especially when it comes to integrating subscriptions, I would not say that it's complex. At the same time, it is not as simple as just pressing the Next button several times. There are knowledge prerequisites before you can set it up fully and properly.

Setting this solution up was an ongoing project where we kept integrating subscription after subscription. If you know what you're doing, in a couple of days, or even a few minutes, you can get going.

If you need to build the knowledge as you go, it's something you could do in one day. You would integrate one subscription, and then start getting feedback. It's plug and play, in that sense.

The company has seen great returns on investment with this solution. In terms of security, you want to match the spending with how effective it is. Top management generally wants more reports. They want statistics and an analysis of what is happening. For example, reports need to say "We had this number of attempts on our systems."

As additional functionality, it's also able to support the business in terms of knowing and reporting the relevant statistics.

This solution is more cost-effective than some competing products. My understanding is that it is based on the number of integrations that you have, so if you have fewer subscriptions then you pay less for the service.

We did not evaluate anything else before choosing this product.

For example, we are now considering different products for SEIM integration. One of them is Palo Alto Prisma Cloud. However, the price is too expensive when compared to Azure. It is also a multi-cloud product, although, in the beginning, it didn't support AWS and GCP. It now has support for those cloud providers, as well as additional features that Azure doesn't have.

My advice for anybody who is implementing this product is to start building knowledge about it. Go to the Microsoft documentation and learn about it. As much as they show all of its great functionalities, you really need knowledge of other supporting resources that work with Azure Security Center, because it is just like a hub. It's what you push into it and how you customize it that determines what you get.

This means that if you don't have knowledge of Firewall Manager and you just want to use Security Center, it becomes a problem for you. This is something that you need to know. So, I advise people to get a holistic knowledge of all of the supporting resources that work with Azure Security Center to be able to maximize its value.

If you are looking to build on Azure then I would recommend the Security Center, mainly because of the cost and you will immediately get all of the functionality that you need.

The biggest lesson that I learned from using this product is that you don't get the best value right out of the box. You need further customization and configuration. The capabilities are there but if you don't have a dedicated security team with good technical know-how, such as scripting skills, or being able to work with the Logic App, or maybe the basic functionalities of security, then when you want more in-depth details into your subscriptions, it will become a problem.

I would rate this solution a seven out of ten.

We use the solution as a VPN and for endpoint security. 

I've seen benefits since implementing Microsoft Defender for Cloud. It's easy to manage for our large organization as an endpoint security solution. It integrates well with Office 365 and Windows 11, which is better than before. Patching, updates, and threat protection are all handled together now. Its AI features help predict threats. 

We've automated some processes, like batch updating and vulnerability detection, using AI. Our dashboard tracks every machine's IP and identifies vulnerable software. Using AI, we can gather this information and provide it to users. We also use chatbots to provide solution steps.

Microsoft Defender for Cloud is not compatible with Linux machines. 

I have been working with the product for three to four years. 

I rate the tool's stability a ten out of ten.

I rate Microsoft Defender for Cloud's scalability as nine out of ten. My company has more than 300 users. In our environment, we're using it on over 130,000 machines.

The solution's deployment process is not complex and is completed in 20 minutes. 

The solution helps to reduce costs by 20 percent. 

The solution is expensive, and I rate it a five to six out of ten. 

I would recommend the solution to others and rate it a nine out of ten. 

I work as a SOC manager. We use it for incident security, incident monitoring, threat analysis, and looking at remediation or suppression.

Most use cases that come from Microsoft are all automated. Even before any manual effort, the tool is designed in such a way that it just does the threat analysis. It gives us exactly what the incident alert is all about: 

• The priority
• The threat 
• The impact
• The risk
• How it can be mitigated. 

Those are the key features of this particular tool.

The solution has features that have definitely helped improve our security posture.

One important security feature is the incident alerts. Now, with all these cyberattacks, there are a lot of incident alerts that get triggered. It is very difficult to keep monitoring everything automatically, instead our organization is utilizing the automated use case that we get from Microsoft. That has helped bring down the manual work for a lot of things. The automation tool does the following (when human interaction is needed): 

• Identifies what kind of an alert is it. 
• Whether we have to dismiss it. 
• When we need to take any action so the team can do it appropriately. 

This is one of its key benefits.

It is easy to use based on my experience. If a newcomer comes in, it is just a matter of time to just learn it because it is not that difficult.

Most of the time, we are looking for more automation, e.g., looking to ensure that the real-time risk, threat, and impact are being identified by Microsoft. With the Signature Edition, there is an awareness of the real risks and threats. However, there are a lot of things where we need to go back to Microsoft, and say, "Are you noticing these kinds of alerts as well? Do we have any kind of solution for this?" This is where I find that Microsoft could be more proactive.

I have been using it for more than nine years.

We have not had issues with tool usage or any hiccups.

There are certain glitches, which are areas of improvement, thus we continuously keep working with Microsoft. Microsoft does acknowledge this, because it's a learning experience for Microsoft as well. They always expect feedback and improvements on their tools, as it is a collaboration effort between Microsoft and the client.

I work for an organization with more than 50,000 users. Under security alone, we have 5,000-plus users. On my team, we have around 400 people who are looking at it.

There are different roles in the company: project management, security operations (the red and blue teams), and pen testing. I lead a security operations center team, where we have L1, L2, L3, and L4 capabilities. All these come under the same umbrella of the security operations center, and they are all rolled up to the Chief Information Security Officer as part of security. 

An ongoing improvement for both Microsoft as well as for my organization: We need to work together. Sometimes, the solution doesn't work so we reach out to Microsoft Enterprise support for any help or assistance. If there is any feedback or improvement, then we work together, but they definitely have helped most of the time.

There are certain gray areas. We constantly work with Microsoft to notice whether there is something that only we, as a client, face. Or, if there are other clients who have the same kind of situation, issues, or scenarios where they need help. 

I would rate Azure Security Center anywhere between five to six out of 10. Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time.

We use Microsoft Defender and Splunk. We primarily went with Azure Security Center because of client requirements.

The initial setup is pretty easy and straightforward. 

To deploy just Azure Security Center, it took three to four hours. However, there are a lot of things that it depends on.

Different clients have different requirements. If the client says, "We are using Azure Security Center. We want to use Microsoft technology or products." We will go with that. There are clients who are using Cisco products as well. 

The solution architect usually designs it, taking into consideration the initial setup guide, playbook, and documentation. 

We don't use consultants for the deployment.

It has global licensing. It comes with multiple licenses since there are around 50,000 people (in our organization) who look at it.

For organizations who have an on-prem environment and are planning to move to a cloud-based solution, Azure Security Center is definitely one of the best tools that they can use. Year-over-year, I can see a lot of differences and improvements that Microsoft has definitely implemented, in terms of risk analysis, threat impact, and risk impact.

Most of the time, for any action that is performed within an organization or environment, if there is a risk or threat analysis, it is the security operation center who gets to know about it. The end user doesn't get affected at any cost unless there is a ransomware or cyberattack.

I wouldn't say that this is the only tool or product that has helped us out. There are a lot of technologies that Microsoft has come up with, which all together have made a difference. From a score of one to 10 for overall security, I would rate Azure Security Center somewhere between a seven to eight. This is not the only tool that my team depends on. There are other tools, but in terms of threat analysis and threat impact, this particular tool has definitely helped us.

We use a lot of Microsoft technologies, not only Azure Security Center. Apart from Azure Security Center, we use the playbook. We are also moving forward with Azure IoT Central and Log Analytics, which is a SIEM tool. So, I have Azure Security Center, Azure Advanced Threat Protection, Windows Defender, Log Analytics, and Azure IoT Central. 

Using Azure Security Center, there are a lot of things that get automated. So, I am not dependent completely on Azure Security Center. It is a collaboration of different tools and technologies to achieve the end result. That is why I am saying seven to eight out of 10, because I am not dependent on a particular tool. It is also one of the tools that is definitely helpful for checking risk analysis, but there are other tools as well.

I would rate Azure Security Center as seven to eight of 10. If you talk about Microsoft products, I would rate it anywhere between eight to nine out of 10.

Mostly, it's related to the vulnerability management.

Earlier, we used to do the vulnerability assessment manually, scheduling it based on our timeline, maybe every six months or once a year. Now, it helps us a lot because we can get the vulnerabilities updated and get recommendations.

The MDVM part is very good. While we were doing the POC, Microsoft Defender was using Qualys for the vulnerability. Now, they have switched to their own MDVM, which is Microsoft Defender Vulnerability Management.

The vulnerabilities are duplicated many times. If it reports that the findings are around 30 or 40, or let's say, 100, it is not the exact number as it is possible that there are multiple findings which are duplicated in nature, and actually, the number is only 62 or 67. 

Another issue after Microsoft Defender upgraded and left Qualys is that whenever the load for the report data is too high, we cannot export the report in one go, so we have to do it in batches.

I have been using the solution for two years.

The quality of the MDVM feature, one of the keys which we are getting, is many times duplicated with the same IDs.

I have contacted Microsoft for the quality issue, and they are working with us.

Positive

I did work with something similar, however, not in the same organization. In my earlier organization, I was working with Check Point and Tenable.

The pricing is good. It is license-based, and we are not utilizing all of the features, like API and other functionalities, so the cost is not that high.

I would definitely recommend Microsoft Defender for Cloud, provided they make some improvements in the MDVM part.

I'd rate the solution eight out of ten. 

We use Microsoft Defender for Cloud as one of the sources for our Azure environment. We have a managed detection response solution, and we add data sources to it, like SOC, SIEM, and SOAR solutions. We also want to have data in our Azure cloud environment.

We deploy this solution in multiple regions like Europe and Oceania.

We have multiple solutions like our data analytics platform and our system development platform. Our web shops use it. Almost everything is in the cloud.

We have approximately 2,000 end users.

The solution is deployed on the Microsoft Azure cloud.

The solution helps our teams to be more aware of security and protects our environment.

Most importantly, it's an integrated solution. We also use Defender for Endpoint. For Office 365, we use Defender for Identity. 

We have integrated some of these products into our MDR solution. It's not a Microsoft Sentinel SOC, but we have a SOC/SIEM from a third party.

It's really easy to integrate because it's just an interface, a Microsoft Graph security API. We can collect all the data and forward it to our solution.

This solution is for detection and response, so it helps us prepare for potential threats. We have special teams for threat hunting the data.

We use this solution for extra security in our environment. We secured our Azure cloud environment with firewalls and application gateways, but we also want to have trust in our resource groups. That's an extra line of defense for our security.

We don't use the interface a lot because we use it as a data source for our MDR solution. The MDR solution is our main interface.

These solutions work natively together because we don't just use Microsoft products as a data source. We use all kinds of security products as data sources, like our firewalls, gateways, and event collections from Windows and Unix.

Threat protection is comprehensive and simple. We have an enterprise agreement with Microsoft itself, but we also have CSP contracts with several parties, so we can easily get the licenses we need. It's very easy to install.

Sometimes it's very difficult to determine when I need Microsoft Defender for Cloud for a special resource group or a special kind of product.

In Defender for Endpoint, the software is capable of acting immediately if something occurs. If an attacker wants to encrypt the disc, for instance, we're able to react immediately. I don't know if Defender for Cloud has the same capabilities.

I have used this solution for about a year and a half.

At the moment, I think it's a very stable solution. We haven't had any problems with it.

It's scalable.

From Microsoft's perspective, it's fine. We don't have any issues at the moment.

I would rate technical support an eight out of ten. 

The initial setup is straightforward. It took 10 seconds.

We have a Cloud Security Provider, so I don't know how much time they spent on deployment.

The solution hasn't required any maintenance yet. We are trying to innovate each solution. It's an ongoing business process to innovate.

We haven't seen ROI yet, but we plan to. The first sign is safety first. Safety will cost money, so it shouldn't be too much.

Pricing is difficult because each license has its own metrics and cost.

We evaluated other options. We have a lot of other products like McAfee, but we are changing everything to Microsoft Defender.

We decided to switch because we want to have an overall standard that's enterprise-wide so that everything is easier to manage and the data it delivers is all the same. We wanted to have one view of everything.

I would rate this solution an eight out of ten because we don't use all of the capabilities yet. At the moment, we still only use the data sources. I'm happy with it so far.

Instead of a single vendor security suite, I like having at least two so that they can challenge each other.

Microsoft Defender helps us prioritize threats across our enterprise, but we only prioritize our high-risk resources with Defender products.

It's difficult to say if the solution saved us time because we use it for our Azure cloud environment, so we're working in the cloud.

At the moment, we're not saving money. The solution costs our company money. It's like having insurance: It doesn't save costs, but it might save us costs if something happens. It's about risk.

It hasn't decreased our time to detect and respond yet, but it should be because we have our data source on Endpoint and in the cloud. It's an integrated solution. When we find something anywhere, we can act everywhere. We have more possibilities.

It is our main solution for our Azure cloud infrastructure. We do about 1.1 million dollars in cloud spending every year. It's a quite big infrastructure and pretty much in our main system and we are planning on integrating with Microsoft Sentinel, which is going to be our SIM solution. Right now we don't use a Microsoft solution, however, Microsoft Sentinel is very complete and we're excited to dive into a POC. Right after I joined the company, that was one of the first things that I advised them to do and a couple of weeks later, we caught at least two big vulnerabilities that could have caused a catastrophic problem for our business. That's a true testament to the power of the tool.

The solution has improved how our organization functions. For example, the security score is the biggest improvement, as it's a compilation of all the results. That's where we have been doing established goals. When I joined the company and when we first implemented the product our secure score was about 35%. We are now sitting at 71%.

That gives us a clear direction as that's the most difficult issue. Azure is a complex solution. You have so many moving parts. If you say "I want to improve my security posture," it's hard to know where to start. That metric's going to give you an idea. You're going to take a look at your identity and access management strategy. You go there and you fix those issues.

Once that's done, you can take a look at your malware protection, so you see all the machines. You have the ability with this product. All of these actions compile percentages on a score and they drive up the score. That way, you know how good you're actually doing and how you can continue to progress.

We do a lot of mergers and acquisitions. One of the features that I like about the solution is it is both a hybrid cloud and also multi-cloud. We never know what company we're going to buy, and therefore we are ready to go. If they have GCP or AWS, we have support for that as well. It offers a single-panel blast across multiple clouds.

The most valuable aspect of the solution is visibility. You truly have visibility. That’s the first thing that you're going to have in the cloud.

The solution’s capabilities of assessment and real-time assessment is another big thing for us. In terms of remediation and capabilities, most of the time, I even have a quick fix, a quick button that I click and they're going to fix it for me, where they are going to provide me with everything that I need to do to fix that.

The main thing that I like about the tool is that Microsoft collects trillions of data points across their cloud and they leverage that threat intelligence to teach the machine learning AI-driven models to assess for security. We can even see across the cloud, and it’s so much better than going with a third-party product, where you don't have that advantage.

The solution has features that have helped improve our security posture. The security score is one of the biggest pluses. They do have a series of metrics that combine into a security posture score. Netsecure started giving me a good snapshot of where we are when it comes to security posture, and then we can drill down.

If you click on your secure score, you are going to be able to see why you have that calculated score. They have very good documentation surrounding how, for example, if you have 74%, why you do. You are going to be able to drill down and see where your weaknesses are and then you can address those items directly.

The compliance policy feature is great. They do offer support, such as PCIS. You have access and they can compare to your security posture and they can give you your score based on that, for example, how compliant you are with those tenders. That's another great aspect of the tool as well. That's all visual and on a dashboard.

The solution positively affected our end-user experience, however, not in any shape or even form that they can notice. They're getting all the benefits from it in the background. For example, security alerts are one of the main values about the users that I like. You have access to security alerts and those security alerts are giving you a real-time type of reading on how you are doing when it comes to threats. If there's something that can affect a user negatively, you have access to fix it before it becomes an issue. Therefore, while it has affected them positively, they never had to change anything that they're doing.

In the past, when you wanted to compile a list of resources that effected a vulnerability, it was kind of hard to do that. You had to use the graphic interface and write some queries for you to get that information from the Microsoft Graph API. Right now, with Microsoft Cloud Defender, they actually have that and you have access to that. Therefore, for me, it's pretty much a problem that has been solved. That was pretty much the only thing that I thought we could use. Then, yesterday, I saw that they included it. Therefore, as of now, I don't have any big issues with the product.

In the beginning, the score was shown using a points system. Now they made it into percentages, which is way better. It's hard to show you your C-level points. It required some explanation. For example, if you show them 2000 points, they're going to ask, "Okay, is this bad or good?" If you show them 75%, on the other hand, that they can understand. That's another thing that they made better as well.

Within this company, I've used the solution for about 10 months. I was also using the solution with my previous company for around a year and a half.

The product is pretty stable. The only thing that you've got to remember is that it takes some time. Some of the variabilities, for example, the remediation processes, when you apply them, it takes a bit. The remediation in order to count it has got to run the vulnerability assessment agent. Sometimes it takes a couple of hours for some resources. That said, it's pretty stable. I've never had any problems. It runs very well.

The scalability potential is one of the biggest aspects that I like, as it works with Microsoft, as an Azure back lane. As you add more subscriptions, all you have to do is just go and enable Azure Defender - in this case now, Azure Defender for all the consumer subscriptions that I have. That's it. It's free scale. It scales out very, very well. You don't have to do anything and you don't have to install anything on the Azure portal - it's already there. That said, you do have to deploy vulnerability agents, however, Azure does that for you due to the fact that the VMs are already being managed by Azure. You have all the security in place. It will deploy the agents and it's going to be seamless. You don't have any downtime either.

Right now, we have about 7,000 users. It's quite a good number, however, we are growing. We're adding companies every month. We're adding tons of companies and plan to expand usage as we grow.

I've been working with Microsoft technical support for more than 15 years. We have really good support, always. We do have an enterprise agreement with Microsoft, which makes support very easy. If you have Azure, you probably have an enterprise type of support. Every single interaction that I have had with them was pleasant. They were very, very precise and effective. We've had no problems.

We never had a different cloud solution. For us, choosing this solution right off the bat was a no-brainer.

The initial setup is very straightforward. It comes with the free version. It's out-of-the-box and already enabled for users for the most part. It gives you just a little bit of visibility, so you have to go with the paid version and the cost is not that bad. 

It's pretty much diluted into your Azure bill. It is totally worth the price. You basically go to the portal and choose the option and just enable online subscriptions and give it some time so that it can gain visibility. After that, it's going to deploy the agents. It takes 24 to 48 hours. After that, you're going to have tons of visibility and data coming back. It's pretty straightforward, very simple to set up. For me to roll out was about an hour tops.

You do not need a big maintenance team. I'm an architect and I'm also a very hands-on type of engineer. In most cases, I would say it's good to have at least two people especially if you have a global infrastructure. That way, you can have people in different time zones, such as Europe central time, for example, and in US Eastern time. For most aspects you have auto-remediation and you have automation that you can implement, which is great. I would say that two people would be ideal to manage the solution, especially for the remediation process. With the remediation process, you can engage other people from other teams as you're going to have to talk to the operations guys to say, "Guys, you've got to fix this, this is a liability." Therefore, two people dedicated to Azure would do it. It doesn't need to be dedicated to security, to Defender in this case.

I was reading some studies that the ROI is 200%. It's really good, due to the risk prevention and threat remediation processes.

I like the licensing due to the fact that it's simple. In terms of pricing, there's a very good ROI. The ROI is pretty great, and everything is diluted into your overall Azure costs. It's not a product that you buy, it's a contract. If you want to stop using it, you can stop. It's an on-demand type of product. I like that as well. 

It's very cost-effective if you compare it to other products, especially if you want to combine other features from a licensing standpoint. You're going to spend a lot of money if you try to implement various other options.

We do have some security, other security that is still in place. For example, we work with CrowdStrike. We work with a team solution. We have another team solution, which is not an apples-to-apples comparison. What Azure center does is very specific. It's very large. For us to do the same thing with any other security solutions out there, would mean we're going to spend a lot of money. Azure does not have competition per se. You would have to onboard tons of other products to do the same thing that they do. It's also simpler than the other solutions. The orchestration features that you have access to are great. It doesn't make a lot of sense to combine several other solutions and try to protect all your resources.

I am just a customer and an end-user.

I'm using the latest version of the solution, which is now the Microsoft Cloud Defender. They just changed the name of the product. They combined Azure Security Center and Azure Defender into Microsoft Cloud Defender and that's the version that I'm using.

For now, we are cloud-only, however, we have plans to enroll our on-prem devices as well, including servers, especially through Azure Arc and we are also looking at Azure Sentinel. We are going to have a complete ecosystem, similar to a Microsoft XVR, truly for our Cloud environments.

I was working with Sentinel in the past with my previous company, however, I was not able to fully roll out the product. Here, we're planning on having a Microsoft partner that's going to help us to onboard our Azure infrastructure and Sentinel, however, we are going to be enrolling a POC first.

I would advise other potential users that they need this, absolutely. If they have Azure, they need this. It's going to give them the visibility and the remediation capabilities that they're looking for and it's going to make them aware of issues that they are not even seeing. 

If a company has resources exposed to the outside, chances are that people are trying to get in. I'm catching people every single day trying to get in. It's really amazing what you see when you have visibility. Businesses that bring this on really need to involve the team. It's got to be a team project. Everybody's got to be playing on the same team. That way, a company can make sure they have effective implementation.

I would say, a company has got to watch very carefully the recommendations and the security alerts, especially recommendations, which is pretty much what's going to drive the score up and increase the positive security posture.

The alerts are going to give them real-time insight, like a temperature reading on security, including what's happening, who's trying to get in, who reports or attacks you and weren't successful, and how many times did they try? What kind of accounts did they use? Recommendations are going to help you look for activity and the security alerts are going to help you with the reactivity. You can react to events that are happening, however, you can't remediate issues that haven't happened yet. 

Overall, I would rate the solution at a ten out of ten. I'm a big fan. It makes my life way easier and gives me some peace of mind so I can sleep at night better.