Microsoft Defender for Cloud Reviews

The most valuable feature is that it's intuitive. It's very intuitive. The only problem that we're struggling with is that we have 21 different subscriptions we're trying to apply security to. It's impossible to keep everything organized.

We built our hierarchy incorrectly and we're struggling now with some of the features that are up there. Once we straighten our hierarchy out, we are going to applied policies, whether it's through Security Center or any other thing. It's going to be a lot easier once our hierarchy is fixed.

We need to apply things in a certain place and then we realize that we need to apply them to the subscription as well. And next thing we know we also need to apply it to another subscription, it's unmanageable. We're applying different policies across all our different subscriptions, which is fine, but at 21 subscriptions you can have over a dozen policies. We're trying to skinny that down to four or five policies. It's not a defect in a Security Center. It's a defect in how we built it.

We have been using Azure Security Center for two years. It's been a part of the service since we moved up to Azure.

The stability is great. 

I find documentation or any configuration in Azure, in their specific servers, very straightforward, and very intuitive. If you do not set it up correctly, it's difficult, it's like herding cats to get everything that you want.

I would say the biggest advice I'd give to anyone is to make sure that your hierarchy for your subscriptions is done correctly, single management. You can't have 10 different groups managing it. It's got to have a single structure of management and then the hierarchy needs to be set up correctly.

I would give it an eight out of ten. I think it's one of the best in breeds. I'm comparing it to AWS and some of the smaller ones out there, but I find it very intuitive. That's one thing I do like about their products, they're very intuitive. 

Not a perfect ten because we're not using it to its full capacity. 

Primary use case of this solution has changed depending on the company I've been working in. In my previous job they were using it as a CWPP, cloud workload protection. In my current job it's used for the same purpose but we also use it for monitoring security policies, to enforce new policies and audit them. We also use it to meet some of the compliance requirements as well. We're partners with Azure and I'm the cloud security design lead. 

I personally like the features of the daily recommendations because that's a major deal, and it hosts Microsoft products so it has visibility. If you are bringing in a third party to get a high level of visibility, then a lot of work is required to get that level of capability. This product gives a very good view of the entire security setup of your organization which can be used by the security and operation teams. It provides alerts to the security team on the one hand, and all the AI and ML based detections on the other. It's very beneficial for our security and assault teams. In addition, it provides recommendations for the operations teams who need to sustain a high level of security. It's an important capability. 

I'm quite active on the Azure product blogs. We're able to provide recommendations to Microsoft and they work together with Azure towards achieving them. One of the issues with the product is that it's not possible to write or edit any capability. For example, if there is a false positive detection on the security center, the only option I have is to flag it off. I can dismiss the alert, but there is no option to provide comments or reviews, so that somebody else looking into the portal can brief them. 

I'd like to see some additional features that would include an option for the security team to provide comments on the alerts and also to improve the recommendations. I would like to see them fine tuned. We're also getting a lot of false positive alerts and Azure can reduce that using the Microsoft AI and ML feature.

I've been using this solution for two and a half years. 

This is a very stable solution. 

We've never had issues with scalability. We have over 50 engineers using the solution.

Our company has subscribed to premium support from Microsoft so we can open premium tickets. The support team are always available and we haven't come across any issues in the past.

The initial setup is very straightforward. 

We don't have a say in pricing, it's up to the product vendor. When you compare with other CWPP or server cloud protection products, I believe the Center is well priced. The customer has flexibility to choose which modules they want to use. There is a free version and a paid version and the customer makes a choice based on the organization's security strategy. If you're going to use add-ons or anything more feature rich, then you'd have to pay extra, but the standard product is a fixed price.

If you're in the world of cloud and your company is using Azure as their primary cloud, I think Azure Security Center is a must-have feature, because it provides a bird's eye view of the entire security position of the organization. The solution is integrated and there is service from Microsoft. New features are being added regularly and I think it's a great solution. 

I would rate this solution an eight out of 10. 

The solution is used for risks, vulnerabilities, and compliance. The solution helps us with CPS 234 and CIS compliance. We know what is onboarded onto Microsoft Defender, and we can see the compliance around those and how much we are compliant.

The solution is not very effective at integrating with EDR and other integrations. Features like code scanning and pipeline scanning are not included in the solution. The correlation between all the findings is completely missing, and the product is not mature.

Microsoft Defender has other native tools; it is not under one umbrella. You want one umbrella to see everything for your entire cloud posture.

I have been using Microsoft Defender for Cloud for four years.

A couple of products, like Orca and Wiz, are leaders in the CSPM and CNAPP space. I'll rate them way above Microsoft Defender for Cloud. The world is currently moving from CSPM towards CNAPP. That is why we are evaluating other products like Wiz.

The solution is fine for the native resources and native tools. However, it is not that great at integrating with EDR and other integrations.

Overall, I rate the solution a five out of ten.

Security is at the forefront of everything that we have been doing, fundamentally. Both in my previous organization and the current one, Azure Security Center has given us a great overview of the current state of security, through the recommendations given by Microsoft. There are potential situations where risk exists because you're not compliant with a specific recommendation, or to specific regulatory compliance. Such guidance is critical for us.

We implement a wide range of solutions in our environment. We have solutions that are purely SaaS. We have some things that are just purely IaaS, and, of course, we have PaaS for services as well. So, we really have a wide range of deployments on all services as a service.

Overall, Azure Security Center has greatly improved our company's security posture. At a very quick glance, you can see where you are the most vulnerable. I'm greatly oversimplifying what the tool does, but at the very minimum, at a quick glance, even if you are not an expert, or even if you have just started using it, this tool will give you a basic idea of where the biggest problems are.

Security Center has not affected our end-user experience in a negative way. To my thinking, security is something that if your users don't experience it then it's great because there are no problems. Since I have been in this company, there have not been any security incidents. The only experience that the end-users have is the fact that there have not been any disruptions due to security issues. We have been monitoring what has been going on.

The most valuable feature is the recommendations. Azure Security Center is a product that can be useful in various grades and stages, depending on the state of maturity of both your application and your organization.

The alerts are also valuable, and they go hand-in-hand with the recommendations.

With respect to our security posture, there are at least two features that have been very useful. The first of these is the inventory section, where you can quickly see everything that you have. Especially in a larger organization where there have been mergers and acquisitions, it can be difficult to readily see everything that has been deployed. Using Security Center, you have a full view, at any given time, of what's deployed, and that is something that is very useful.

The security score has been very useful. This is another numeric metering system that basically tells you how well you have been doing.

Consistency is the area where the most improvement is needed. For example, there are some areas where the UI is not uniform across the board. You can create exemptions, but not everywhere are the exemptions the same. In some areas, we can do quick fixes, but that is not true across the board. So in general, consistency is the number one item that needs attention.

We have been using Azure Security Center for approximately three years.

With respect to stability, so far I have not encountered any specific issues with the way it behaves. I cannot say that it has performed badly in any way.

It's a really scalable product, fundamentally, the way Microsoft designed it. I don't think that scalability is an issue at all.

We have implemented this solution in environments that differ quite significantly in terms of scope and in range but, given the way that it works, within 24 hours it discovers everything in the environment, no matter what it is. 

We only used technical support once, and it was for an item that was behaving in a strange way. It ended up being a known issue, and they said that they were going to fix it. Overall, it was a very good interaction.

In both companies where I have used this solution, there was no other cloud-based tool that was handling security. It was done using traditional security products that basically examined the logs and raised alerts.

We switched because it gives us an expansive view of everything which is deployed. It is really unparalleled by anything else that you could potentially use. The moment you turn it on for a subscription, it will identify, almost immediately, every component that you have. From there, it will also identify what is at risk in that component.

The initial setup was pretty straightforward, although I came to this product from a network and security background. When I started working with a Security Center, it was not like a tool that I had never seen before.

Fundamentally, it takes 24 hours before you start to see everything accurately. From the moment you turn Security Center on for your subscription, within the 24-hour range, you have a full view of what's going on.

Our implementation strategy includes turning it on for every subscription that we have. Security is critical for us, so the cost, in this case, was not a factor. The benefit was definitely outpacing any potential financial cost. Once we turn the feature on for a subscription, we look at every recommendation that we see in the list. In cases where it is not compliant with our security policy, we fix the issue and have been doing that ever since we started using it.

My in-house team was responsible for the deployment, and this was true for both organizations where I have used it.

On average, three people can deploy it. There should be an architect and principal engineers.

Although I am outside of the discussion on budget and costing, I can say that the importance of security provided by this solution is of such importance that whatever the cost is, it is not a factor.

Microsoft does a good job with respect to the pricing model, so anything comparable will cost almost the same. I don't think that there is really an alternative.

We are perfectly satisfied with what this product gives us. So, there's really no reason to even look at anything else.

The first piece of advice that I would give somebody who's going to try to use Security Center is to try to understand their environment as much as possible, and then try to match their environment with the recommendation section of the tool and start remediating from there.

There are going to be recommendations in Security Center that will make sense if the team looking at the security infrastructure understands what is going on. If the team does not have a full understanding then it will be very difficult to know what to do, or how to remedy it.

The fact that I had to deal with many components, of which I don't know very much about, has been really great because it forced me to learn about their security. Typically, I don't have to deal with that. My learning has definitely increased, and of course, that's always good.

I would rate this solution a nine out of ten.

This solution replaces, in many ways, the on-premises operations manager that used to be part of the System Center.

The most valuable feature of this solution is the support for a multi-cloud environment.

The policy-related features are good. For example, there is a compliance policy that is related to PCI and another related to NIST.

The support for dynamic networking is good.

Alerting and incident management are valuable features.

The integration with Logic Apps allows for automated responses to incidents. It is also integrated with Microsoft Defender.

They added new functionality into the pretty long list of features and it is constantly being updated. 

There is no perfect product in the world and there are always features that can be added. Innovation is something that is always on the table.

I have been working with Azure Security Center for more than four years.

This product is much more stable than anything else. The SLA has four nines of stability and it is impossible to compare it with anything that is on-premises. Cloud systems are much more stable.

Scalability is not something that we talk about because this product only exists in the cloud. We talk about it in terms of regions. There are approximately 50 zones across the globe, where for example, Canada has three zones that are split into Central, East, and West.

This is an example of Software as a Service, so scalability is out of the question.

If you need tech support, you need to go to the support site, find the proper program, and subscribe to it. Only basic support is included. If you need premium support or if you need a developer, the support is available, you just need to go to the site and find it.

It is extremely easy to subscribe, and extremely easy to understand. It depends on your requirements and on exactly what you need but a description of every program is readily available.

If you have questions, go to the FAQ, and on the same page, you will have access to the documentation. The documentation is crystal clear. It's very practical and actionable. It explains in simple phrases, or words, what the action is, what the purpose is, and what the benefit or value of it is. 

There is no need to find anything else. You start from the price calculator, and then click and get more information, and from the same page, you find what you need. 

You don't need to do anything else.

With respect to implementation, you just switch it on.

If you need to deploy something else then there are step-by-step instructions available. Setup and deployment will be easy for those who have experience working with this type of solution.

For those not used to this type of operation or not working in this area, it is absolutely possible to talk to their partners, such as the one that I work for, and they will help you.

If you hire the consulting service from a partner then they will help you to plan and design, including performing a capacity review to see what is required and what services need to be integrated. You will identify needs such as an on-premises data center versus using a third-party cloud.

This is a worldwide service and depending on the country, there will be different prices. 

There is a price calculator for Azure Services. You select the service that you are interested in, and the basic or the standard is there immediately, which has support options. Different levels of support are available for different prices. A subscription is part of the Azure Service. You will need to find what type of service you need.

If you need to negotiate the price, based on the enterprise agreement or per commitment, the price schema is available. You just need to speak with a partner.

You can also pay with your credit card, but you will need to read the documentation online.

In summary, if you would like to work with a product that addresses security in the cloud, or in a multi-cloud environment then this is exactly the product. There is no need to implement anything else.

There are multiple things that are absolutely nice about this product. That said, there is no such thing as a perfect product.

I would rate Azure Security Center a nine out of ten.

I am from a Citrix background and in our organization, we implement solutions and provide them to end-users. In our past couple of deployments, we have been using hybrid cloud scenarios where the complete workload is on the Azure platform and the management is done on the Citrix cloud.

The workloads include tasks for Windows 7, Windows 8, and Windows 10 devices, and they are all running on Azure. We have to make sure that they are compliant with our organization's security standards, which is why we are using the Azure Security Center.

We integrate each workload with the Azure Security Center, where we can use things like Azure Defender and use the Azure Log Analytics Workspace.

Our environment is completely virtual. We have a virtual desktop infrastructure, like a Desktop as a Service.

Azure Security Center has helped to improve our security posture. Before we implemented it, we used to have to install the agent manually for each and every workload. For example, if I have 40 machines in my environment, I have to go to all of them and install the agent. This manual process not only required a lot of human effort but created more opportunities for error. By using the Azure Security Center, I can integrate it just by selecting the subscription. It will take care of everything.

This solution has improved our end-user experience in cases, for example, where Microsoft Defender is not implemented, Azure Defender can be integrated. When an end-user runs an EXE file or any malicious activities are running on the device, Azure Security Center will capture them and send an alert to the administrator.

The most valuable features related to my involvement are Azure Defender and enabling log analytics on the workloads. This helps to integrate the workload suite with the analytics repository. For example, if I want to capture any logs from a Windows 10 workload, then this allows me to do so.

The Log Analytics Workspace acts as a repository where it captures all of the data from Windows 10 and Windows 8 workloads. In order to implement it, an agent needs to be installed. With Azure Security Center, we can configure a policy that accounts for different subscription levels. It automatically installs the agent and begins capturing data.

This product provides us with many features including auto-provisioning of dependency agents for Azure Log Analytics, as well as for Azure Defender.

We can create alerts that trigger if there is any malicious activity happening in the workflow and these alerts can be retrieved using the query language.

Azure Security Center takes a long time to update, compared to the on-premises version of Microsoft Defender. It has most of the features for monitoring end-user machines for security updates or malicious activity but, for example, the latest DAT files are slow to arrive compared to Microsoft Defender.

I would rate the stability a four out of five. Once we enable it, the Azure Security Center will push security updates to all of the end-user machines and start capturing the logs. It helps in many ways.

There is no limitation to the scalability. For example, if I have 10 subscriptions in my Azure environment, it is my choice if I have to use five in production and five for non-production. If I require more, I can upgrade it as needed. It's very flexible.

The people who work with this product hands-on are our administrators. Apart from them, nobody has the access required to make changes.

If we face any issue with Azure Security Center, where we are unable to solve it ourselves, we raise a support ticket with Microsoft directly. We describe the issue and they will come back to us with support.

Usually, we are happy with the support that we receive.

Prior to this product, we worked on a solution from McAfee. However, it was a legacy application and when it came time to upgrade, we opted to use one from Azure because we were using Azure already.

In the case of an on-premises workload, we instead use a SQUAM solution by Microsoft.

The initial setup is a straightforward process. We just need to go into the security center and select the substrates. The deployment takes less than one hour to complete.

In terms of an implementation strategy, we simply follow the Microsoft documentation.

There is a helpful cost-reducing option that allows you to integrate production subscriptions with non-production subscriptions. 

My advice for anyone who is considering Azure Security Center is that it has similar features to the on-premises Microsoft Defender, as well as other software security tools. If you are already using an Azure environment then I recommend implementing Azure Security Center versus having security solutions from different vendors.

I would rate this solution a seven out of ten.

We are using Azure Security Center for software development.

It's a cloud service that includes the security center and tailoring certain options.

The most valuable features of this solution are the remote workforce capabilities and the general experience of the remote workforce.

Pricing could be improved. There are limited options based on pricing for the government.

The initial setup could be simplified.

In the next release, I would like to see more development in the area of NECES scanning or Splunk, or Universal Forwarding. 

I have been working with Azure Security Center for six months.

We are working with Microsoft Azure for the government version of the cloud.

This solution is stable. It's 100% guaranteed and I've never had any problems with it other than some planned IT downtime.

Azure Security Center is scalable. We've been able to scale pretty well for a workforce that has over 400 developers.

My experience with technical support was more like a consultation. "Tell us what you need and we'll see if we can do that for you."

In some cases, they had to develop on top of the commercial product just to conform to certain government regulations and cybersecurity requirements.

Previously, we did not use a different solution, this is the first option.

It was pretty complex. We had to go back and negotiate with Azure on a few of the options that were commercially available, but not in the government products.

I'm not privy to pricing information, but I know it's probably close to a million dollars a year.

The pricing is comparable. The features that we're getting are tailored to what we need.

It was the best fit for us.

In the future, we will be looking at government brands of the same thing that are part of the DISA.

After looking at DISA's product options, they usually select commercial versions and government versions of commercial products like Azure. For example, Amazon Web Services, and Google cloud.

This was our first option or our first go-to solution because we were considering not only Microsoft but Amazon and Google as well.

Microsoft seemed to have most of what we need.

I am currently working on my Cloud Security Certification.

For anyone who is considering this solution, from a cybersecurity standpoint, if they are doing any kind of scanning, vulnerability scanning for software or systems and they're feeding into the cloud, make sure to check whether the security center doesn't offer adequate options for them to work with. If not, then look into other software like Spunk. They look into everything and they have plenty of conversations with the staff. That's the cloud security provider.

I would rate Azure Security Center an eight out of ten.

I am working in a security domain where Azure Security Center is playing a key role. We are primarily using Azure Security Center to secure our infrastructure. We are also able to use Azure Security Center for many other purposes.

In terms of deployment, we have a hybrid cloud. It is a combination of both on-prem and cloud. Azure Security Center is deployed on-prem, and then there are OMS agents that are provided by Microsoft that can be installed at any location, such as on-prem or on the cloud. These agents collect Windows and Linux logs from the machines on various clouds for Azure Security Center, which is something interesting for me.

It has improved our security posture a lot. The Azure Security Center provides a score that shows where is your organization at the moment in terms of security. After some time, you can see how much you have improved and where you can improve your score. We are getting this kind of advice from Azure Security Center.

It has definitely affected our end-user experience. With the help of this tool, we can investigate more security incidents in a very good manner. It has also enriched my career and improved me as a professional in terms of understanding various features and security incidents. 

Before implementing Azure Security Center, we had so many issues with our infrastructure in terms of security monitoring. With the implementation of Azure Security Center, we have resolved many issues. One of the issues that we have resolved is that we are now able to do security monitoring of the complete infrastructure. It not only supports cloud security monitoring; it also supports on-prem security monitoring. It has an OMS agent that can be installed on on-prem Windows servers, Linux, or other platforms for collecting logs. These agents can also be used on other cloud platforms, such as AWS, GCP, or Google Cloud. 

The security alerts and correlated alerts are most valuable. It correlates the logs and gives us correlated alerts, which can be fed into any security information and event management (SIEM) tool. It is an analyzed correlation tool for monitoring security. It gives us alerts when there is any kind of unauthorized access, or when there is any malfunctioning in multifactor authentication (MFA). If our Azure is connected with Azure Security Center, we get to know what types of authentication are happening in our infra. 

It has so many security monitoring features, such as compromised accounts. For example, if I'm working for abc.com company, and I'm using the same company email address for registering to another hotel or some other place where it gets hacked or something goes wrong, they will alert us. If my credentials are dumped somewhere on the dark web, they trigger an alert stating that you should go and reset your credentials. There are many more interesting alerts, and such features are pretty awesome in terms of security monitoring. In terms of security, it gives a very good overview of our estate. It also has many features from the cloud administration side.

Agent features need to be improved. They support agents through Azure Arc or Workbench. Sometimes, we are not able to get correct signals from the machines on which we have installed these agents. We are not able to see how many are currently reporting to Azure Security Center, and how many are currently not reporting. For example, we have 1,000 machines, and we have enrolled 1,000 OMS agents on these machines to collect the log. When I look at the status, even though at some places, it shows that it is connected, but when I actually go and check, I'm not getting any alerts from those. There are some discrepancies on the agent, and the agent features are not up to the mark.

Sometimes, we are getting backdated logs, and there could be more correlation.

So far, its stability is good. I don't see any issues with the stability part.

In terms of new features, we are able to scale up to our requirements. New features get added immediately. So far, I don't see any issues in our environment.

Our company is an MNC, and there are around 180,000 endpoints that we are protecting or monitoring with this solution. Currently, its adoption is around 70%. We cannot achieve 100% coverage because of some of the legacy products. There are legacy servers, and then there are some people who are working in customer environments where they are not utilizing our laptops. We still need to cover 20% more.

Their support during the implementation was awesome. They provided very good support. After the implementation, they scheduled weekly calls to check with us if everything is going well. They helped us with troubleshooting and more understanding. If there are any product improvements, they have been announcing them over the course.

I was not involved in its implementation, but it was a pretty straightforward process. 

There is a separate cloud team for implementation. We just review whatever they have implemented from the security perspective. We review whether they have implemented it correctly or whether we are getting correct alerts. 

Our admin team had one week of training, and they implemented it with the help of Microsoft. Our environment is a bit complex, but we did it.

We have absolutely got a return on the investment. Our company is a managed security service provider (MSSP). When we get more projects, we mention the products that we are currently using to secure our environment. We also do a proof of concept (PoC) or a demo about how we installed such products in our environment and how secure we are. There are so many security scoring systems, and they give the score. Our score is on the highest side, which is useful for providing a security service to our client or customer. We have implemented Azure Security Center at many places for our customers.

I am not involved in this area. However, I believe its price is okay because even small customers are using Azure Security Center. I don't think it is very expensive.

For cloud security posture, Azure Security Center is a good product. It is different from a Security Information and Event Management (SIEM) tool. We are also using a SIEM tool. Microsoft has a SIEM tool called Sentinel, and there are many SIEM tools out there in the market such as Splunk, QRadar, and ArcSight. Azure Security Center is not a replacement for Sentinel. It gives the complete posture of your cloud. It was started with the purpose of finding any anomalies and malfunctioning for Azure AD, which is related to login and logout of employees, but then they elaborated it a bit more.

I would rate Azure Security Center a nine out of 10.