Try our new research platform with insights from 80,000+ expert users
Global Cloud Security Architect at a consumer goods company with 5,001-10,000 employees
Real User
Improves security posture, offers real-time assessments, and has great compliance policy features
Pros and Cons
  • "One of the features that I like about the solution is it is both a hybrid cloud and also multi-cloud. We never know what company we're going to buy, and therefore we are ready to go. If they have GCP or AWS, we have support for that as well. It offers a single-panel blast across multiple clouds."
  • "Azure is a complex solution. You have so many moving parts."

What is our primary use case?

It is our main solution for our Azure cloud infrastructure. We do about 1.1 million dollars in cloud spending every year. It's a quite big infrastructure and pretty much in our main system and we are planning on integrating with Microsoft Sentinel, which is going to be our SIM solution. Right now we don't use a Microsoft solution, however, Microsoft Sentinel is very complete and we're excited to dive into a POC. Right after I joined the company, that was one of the first things that I advised them to do and a couple of weeks later, we caught at least two big vulnerabilities that could have caused a catastrophic problem for our business. That's a true testament to the power of the tool.

How has it helped my organization?

The solution has improved how our organization functions. For example, the security score is the biggest improvement, as it's a compilation of all the results. That's where we have been doing established goals. When I joined the company and when we first implemented the product our secure score was about 35%. We are now sitting at 71%.

That gives us a clear direction as that's the most difficult issue. Azure is a complex solution. You have so many moving parts. If you say "I want to improve my security posture," it's hard to know where to start. That metric's going to give you an idea. You're going to take a look at your identity and access management strategy. You go there and you fix those issues.

Once that's done, you can take a look at your malware protection, so you see all the machines. You have the ability with this product. All of these actions compile percentages on a score and they drive up the score. That way, you know how good you're actually doing and how you can continue to progress.

What is most valuable?

We do a lot of mergers and acquisitions. One of the features that I like about the solution is it is both a hybrid cloud and also multi-cloud. We never know what company we're going to buy, and therefore we are ready to go. If they have GCP or AWS, we have support for that as well. It offers a single-panel blast across multiple clouds.

The most valuable aspect of the solution is visibility. You truly have visibility. That’s the first thing that you're going to have in the cloud.

The solution’s capabilities of assessment and real-time assessment is another big thing for us. In terms of remediation and capabilities, most of the time, I even have a quick fix, a quick button that I click and they're going to fix it for me, where they are going to provide me with everything that I need to do to fix that.

The main thing that I like about the tool is that Microsoft collects trillions of data points across their cloud and they leverage that threat intelligence to teach the machine learning AI-driven models to assess for security. We can even see across the cloud, and it’s so much better than going with a third-party product, where you don't have that advantage.

The solution has features that have helped improve our security posture. The security score is one of the biggest pluses. They do have a series of metrics that combine into a security posture score. Netsecure started giving me a good snapshot of where we are when it comes to security posture, and then we can drill down.

If you click on your secure score, you are going to be able to see why you have that calculated score. They have very good documentation surrounding how, for example, if you have 74%, why you do. You are going to be able to drill down and see where your weaknesses are and then you can address those items directly.

The compliance policy feature is great. They do offer support, such as PCIS. You have access and they can compare to your security posture and they can give you your score based on that, for example, how compliant you are with those tenders. That's another great aspect of the tool as well. That's all visual and on a dashboard.

The solution positively affected our end-user experience, however, not in any shape or even form that they can notice. They're getting all the benefits from it in the background. For example, security alerts are one of the main values about the users that I like. You have access to security alerts and those security alerts are giving you a real-time type of reading on how you are doing when it comes to threats. If there's something that can affect a user negatively, you have access to fix it before it becomes an issue. Therefore, while it has affected them positively, they never had to change anything that they're doing.

What needs improvement?

In the past, when you wanted to compile a list of resources that effected a vulnerability, it was kind of hard to do that. You had to use the graphic interface and write some queries for you to get that information from the Microsoft Graph API. Right now, with Microsoft Cloud Defender, they actually have that and you have access to that. Therefore, for me, it's pretty much a problem that has been solved. That was pretty much the only thing that I thought we could use. Then, yesterday, I saw that they included it. Therefore, as of now, I don't have any big issues with the product.

In the beginning, the score was shown using a points system. Now they made it into percentages, which is way better. It's hard to show you your C-level points. It required some explanation. For example, if you show them 2000 points, they're going to ask, "Okay, is this bad or good?" If you show them 75%, on the other hand, that they can understand. That's another thing that they made better as well.

Buyer's Guide
Microsoft Defender for Cloud
March 2025
Learn what your peers think about Microsoft Defender for Cloud. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,651 professionals have used our research since 2012.

For how long have I used the solution?

Within this company, I've used the solution for about 10 months. I was also using the solution with my previous company for around a year and a half.

What do I think about the stability of the solution?

The product is pretty stable. The only thing that you've got to remember is that it takes some time. Some of the variabilities, for example, the remediation processes, when you apply them, it takes a bit. The remediation in order to count it has got to run the vulnerability assessment agent. Sometimes it takes a couple of hours for some resources. That said, it's pretty stable. I've never had any problems. It runs very well.

What do I think about the scalability of the solution?

The scalability potential is one of the biggest aspects that I like, as it works with Microsoft, as an Azure back lane. As you add more subscriptions, all you have to do is just go and enable Azure Defender - in this case now, Azure Defender for all the consumer subscriptions that I have. That's it. It's free scale. It scales out very, very well. You don't have to do anything and you don't have to install anything on the Azure portal - it's already there. That said, you do have to deploy vulnerability agents, however, Azure does that for you due to the fact that the VMs are already being managed by Azure. You have all the security in place. It will deploy the agents and it's going to be seamless. You don't have any downtime either.

Right now, we have about 7,000 users. It's quite a good number, however, we are growing. We're adding companies every month. We're adding tons of companies and plan to expand usage as we grow.

How are customer service and support?

I've been working with Microsoft technical support for more than 15 years. We have really good support, always. We do have an enterprise agreement with Microsoft, which makes support very easy. If you have Azure, you probably have an enterprise type of support. Every single interaction that I have had with them was pleasant. They were very, very precise and effective. We've had no problems.

Which solution did I use previously and why did I switch?

We never had a different cloud solution. For us, choosing this solution right off the bat was a no-brainer.

How was the initial setup?

The initial setup is very straightforward. It comes with the free version. It's out-of-the-box and already enabled for users for the most part. It gives you just a little bit of visibility, so you have to go with the paid version and the cost is not that bad. 

It's pretty much diluted into your Azure bill. It is totally worth the price. You basically go to the portal and choose the option and just enable online subscriptions and give it some time so that it can gain visibility. After that, it's going to deploy the agents. It takes 24 to 48 hours. After that, you're going to have tons of visibility and data coming back. It's pretty straightforward, very simple to set up. For me to roll out was about an hour tops.

You do not need a big maintenance team. I'm an architect and I'm also a very hands-on type of engineer. In most cases, I would say it's good to have at least two people especially if you have a global infrastructure. That way, you can have people in different time zones, such as Europe central time, for example, and in US Eastern time. For most aspects you have auto-remediation and you have automation that you can implement, which is great. I would say that two people would be ideal to manage the solution, especially for the remediation process. With the remediation process, you can engage other people from other teams as you're going to have to talk to the operations guys to say, "Guys, you've got to fix this, this is a liability." Therefore, two people dedicated to Azure would do it. It doesn't need to be dedicated to security, to Defender in this case.

What was our ROI?

I was reading some studies that the ROI is 200%. It's really good, due to the risk prevention and threat remediation processes.

What's my experience with pricing, setup cost, and licensing?

I like the licensing due to the fact that it's simple. In terms of pricing, there's a very good ROI. The ROI is pretty great, and everything is diluted into your overall Azure costs. It's not a product that you buy, it's a contract. If you want to stop using it, you can stop. It's an on-demand type of product. I like that as well. 

It's very cost-effective if you compare it to other products, especially if you want to combine other features from a licensing standpoint. You're going to spend a lot of money if you try to implement various other options.

Which other solutions did I evaluate?

We do have some security, other security that is still in place. For example, we work with CrowdStrike. We work with a team solution. We have another team solution, which is not an apples-to-apples comparison. What Azure center does is very specific. It's very large. For us to do the same thing with any other security solutions out there, would mean we're going to spend a lot of money. Azure does not have competition per se. You would have to onboard tons of other products to do the same thing that they do. It's also simpler than the other solutions. The orchestration features that you have access to are great. It doesn't make a lot of sense to combine several other solutions and try to protect all your resources.

What other advice do I have?

I am just a customer and an end-user.

I'm using the latest version of the solution, which is now the Microsoft Cloud Defender. They just changed the name of the product. They combined Azure Security Center and Azure Defender into Microsoft Cloud Defender and that's the version that I'm using.

For now, we are cloud-only, however, we have plans to enroll our on-prem devices as well, including servers, especially through Azure Arc and we are also looking at Azure Sentinel. We are going to have a complete ecosystem, similar to a Microsoft XVR, truly for our Cloud environments.

I was working with Sentinel in the past with my previous company, however, I was not able to fully roll out the product. Here, we're planning on having a Microsoft partner that's going to help us to onboard our Azure infrastructure and Sentinel, however, we are going to be enrolling a POC first.

I would advise other potential users that they need this, absolutely. If they have Azure, they need this. It's going to give them the visibility and the remediation capabilities that they're looking for and it's going to make them aware of issues that they are not even seeing. 

If a company has resources exposed to the outside, chances are that people are trying to get in. I'm catching people every single day trying to get in. It's really amazing what you see when you have visibility. Businesses that bring this on really need to involve the team. It's got to be a team project. Everybody's got to be playing on the same team. That way, a company can make sure they have effective implementation.

I would say, a company has got to watch very carefully the recommendations and the security alerts, especially recommendations, which is pretty much what's going to drive the score up and increase the positive security posture.

The alerts are going to give them real-time insight, like a temperature reading on security, including what's happening, who's trying to get in, who reports or attacks you and weren't successful, and how many times did they try? What kind of accounts did they use? Recommendations are going to help you look for activity and the security alerts are going to help you with the reactivity. You can react to events that are happening, however, you can't remediate issues that haven't happened yet. 

Overall, I would rate the solution at a ten out of ten. I'm a big fan. It makes my life way easier and gives me some peace of mind so I can sleep at night better.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Daniel Piessens - PeerSpot reviewer
CEO at RevealRx LLC
Real User
Comprehensive, cost-effective, and helpful in identifying the gaps
Pros and Cons
  • "It helps you to identify the gaps in your solution and remediate them. It produces a compliance checklist against known standards such as ISO 27001, HIPAA, iTrust, etc."
  • "Customizing some of the compliance requirements based on individual needs seems like the biggest area of improvement. There should be an option to turn specific controls on and off based on how your solution is configured."

What is our primary use case?

We use it to manage the overall compliance of our products.

What is most valuable?

It helps you to identify the gaps in your solution and remediate them. It produces a compliance checklist against known standards such as ISO 27001, HIPAA, iTrust, etc.

What needs improvement?

Customizing some of the compliance requirements based on individual needs seems like the biggest area of improvement. There should be an option to turn specific controls on and off based on how your solution is configured.

For how long have I used the solution?

I have been using this solution for five or six years. We have been working with it pretty much since it came out.

What do I think about the stability of the solution?

It is a great product. The new security features that emerge in Microsoft products can sometimes be difficult to track. It automatically flags when you don't have what you probably should have.

What do I think about the scalability of the solution?

It is very scalable. We are a small organization with less than 10 people, and at least half of those people are in the solution at any given point in time.

How are customer service and technical support?

Microsoft's tech support is decent. I would rate them a four out of five. We're currently dealing with a ticket mostly on the billing side, and it has been open for over a month, so I'm not going to give them a stellar rating. I feel they should have figured this out a long time ago, but they've resolved technical issues relatively quickly.

How was the initial setup?

It was very easy. It was there by default. It basically turned itself on, and then they gave you a default thing. 

In terms of maintenance, typically, there is one person in there, probably per week, looking at the compliance and things that they can do to improve the bar.

Which other solutions did I evaluate?

It was included with the product. We looked at other solutions, but this was the most comprehensive and cost-effective one.

What other advice do I have?

I would rate Azure Security Center a nine out of 10.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Microsoft Defender for Cloud
March 2025
Learn what your peers think about Microsoft Defender for Cloud. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,651 professionals have used our research since 2012.
MICHEL RACT-MUGNEROT - PeerSpot reviewer
Personal business manager at La Mairic
Real User
Top 5Leaderboard
Has the ability to identify threats using signatures, analyze threat behavior, and good integration
Pros and Cons
  • "The solution is up-to-date with the latest updates and identified threats."
  • "Most customer teams need more training on this type of product."

What is our primary use case?

My role is more on the FinOps side. My customers use it.

How has it helped my organization?

In specific contexts like finance or healthcare area, there are regulations requiring compliance. At this stage, we need to be able to prove we have state-of-the-art endpoint protection and the ability to show that all these tools are up-to-date with the latest updates and identified threats. This is very useful for my customers to be able to prove compliance.

What is most valuable?

Mainly, the ability to identify threats using signatures, analyze threat behavior, and integrate with other cloud services, specifically Azure Log Analytics and other logging projects. These are the features I like. 

What needs improvement?

Customers generally find it satisfactory for their needs. Most organizations struggle with the ability to handle this type of product. Sometimes, it's a lack of knowledge or expertise on Microsoft Defender, which leads to issues with certain tasks. That can be a bit difficult to figure out.

Most customer teams need more training on this type of product.

Due to the lack of expertise or hands-on experience with the product, it's sometimes difficult to determine whether the issue lies with Microsoft Defender or another related project. In the cloud, everything is tightly connected, making it challenging to pinpoint which part is failing. So, the lack of a deep understanding of the product leads to some difficulties.

In future releases, I would like to see integration of artificial intelligence to ease the administrative burden would help a lot, especially when it comes to deploying the product to fit specific contexts, architectures, or infrastructures. That would fill the gap caused by the lack of expertise or knowledge.

There are some promises that Microsoft has made, but I'm not aware if they've been fully implemented.

For how long have I used the solution?

I have been using it for three years. 

Which solution did I use previously and why did I switch?

I worked with Cybereason and other standard antivirus programs, but nothing as full-fledged as Microsoft Defender.

What other advice do I have?

Overall, I would rate the solution as eight out of ten.

My recommendation heavily depends on the context, the customer's IT landscape, the maturity of the team working there, and many other factors that need to be taken into account when selecting a product. 

Microsoft Defender by itself is a good choice, but ultimately, the best option depends on the specific context.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Azure Solution Architect at a tech services company with 10,001+ employees
Real User
Good setting recommendations and regulator compliance with very helpful technical support
Pros and Cons
  • "The solution is very easy to deploy."
  • "You cannot create custom use cases."

What is our primary use case?

We use the solution internally.

Azure Security Center works with Azure Defender. Azure Defender is used for identifying the vulnerabilities and loopholes inside our system that we can deploy on multiple layers either from the subscription level, the source level, or on the devices. You can connect multiple devices to this. That's not specific to only servers. You can connect with ER80 as well as SQL servers. Most of the services are covered within the Microsoft Defender.

What is most valuable?

We find two things inside the Azure Security Center to be quite valuable. One is the recommendations, and the second is the regulatory compliance. Both help to keep everything running smoothly. This will give you the security score as well. You can try to get the highest security score, which is 100%. You can get there just from the recommendations from Microsoft. Not all the recommendations will be applicable on the enrollment side.

Regulatory compliance is PCI compliance. There are multiple compliance options you can follow.

Azure Defender helps improve our security posture. You enable it for each and every server. It is a monthly-based subscription and about $15 per month per server. You can see right on there that the vulnerability is automatically run with the help of a Messages scanner. Messages is running behind Azure Defender. It automatically runs and scans, and that will show up on your portal. You do have to take any necessary steps to run recommendations. Either you can see if any energy port is open, for example, if RDP is open, it will realize, “Okay, just close RDP for outside work." These kinds of recommendations are very helpful from the Azure Security Center.

You have inventory on Azure Security Center, as well as Workbooks. You can create Workbooks. These are automatic playbooks where you can see the entire dashboard. If you prepare a monthly report, or a weekly report, it's better to create it in Azure Security Center instead of Workbooks with the help of JSON, or use drag and drop as an option. That will help you to keep updated more on things.

Inside Azure Security Center, with Workbooks, you can create your own workbooks according to your users. If you have a system update setting inside Azure, with the help of an automation account, if you click it, inside the system update Workbook, you can see all the systems which are taking updates. If that is updated, you can see whether the system is compliant with updates. All the reports are visible. You can see reports on the basis of subscriptions or on the basis of resources if you want.

Azure Security Center does not affect the end-user experience in any way. End users don't feel its presence in the organization.

The solution offers collaborative services. If you enable Azure Defender for servers or any services, basically, you can automatically subscribe for Azure Defender for Endpoints, which is easy.

You can install the EDR on each and every server. That will give you all of the process logs and what a user is doing. You can tell if a URL is open on your system, for example.

You can remediate with automation as well if you want to. That's for malware or any malicious files if they are present on the system. It will detect using the intelligence of the Defender Endpoint. You can take hybrid action on an alert, you can take a fully automated action, or you can take 100% manual action.

With Defender Endpoint, if you find out if one system is compromised, you can actually separate it from the network. If you have to deal with ransomware. If one system is affected by ransomware, you can remove the system from the network.

There is a security alert inside Defender that's per the recommendations and activities that happen inside your network. You will see security events there. If you do not have any other SIEM solution in your environment, you can leverage this. 

What needs improvement?

The team is already working on one of the latest features, which is having migration techniques right on the portal available. It's possible to use it now. That's one good new feature.

For MIM, they are still improving things on Azure Security Center. There are a few flaws in backend technologies. If you do not have the correct access to the system, you cannot access the files and most of the reported resources.

For example, a general huge storage account, which is exposed for public access. If there are ten storage accounts available, you can see the names. You can identify, those storage accounts that are supposed to be accessed from the outside, maybe, due to some feature happening behind the scenes on a storage account, and these are supposed to be exempt from the portal. You shouldn't see them again and again and this should not affect your security score overall. However, they are not easily exempted from the portal. There's no way to exempt them properly.

You cannot create custom use cases. You can use what is already present on the Microsoft side in terms of security alerts. You can, however, customize whitelisting for alerts.

For how long have I used the solution?

I've been using the solution for four years now. For one year, I have been working as an architect on Azure Security Center.

What do I think about the stability of the solution?

The stability is 99.9%. I never have seen any failure. Sometimes you find the service is slow. However, that could be related to an internet connection or something else. Every service has downtime. There is very, very minimal downtime here. I haven't faced any challenges in four years.

What do I think about the scalability of the solution?

The scalability is very good. You don't need to put any extra agent or anything from your side. Everything is automated. It's the easiest security feature, which you can get from Microsoft.

How are customer service and support?

For every project, an architect from the Microsoft side is assigned to the team. You can directly connect with them. You can also create a technical ticket. They will respond immediately. If the issue requires a certain level of severity, you will get a call directly. If it's not as serious and they email you, however, you do not respond to their email, they will call you. Otherwise, they will keep communicating via emails.

I'm in India. When I open a ticket, it may be assigned to the Indian parties and they take time to remediate your problems. If I am routed to the senior team of Microsoft, they won't take much time. They give you new solutions quickly. It's a good thing. 

Which solution did I use previously and why did I switch?

We do use Azure Sentinel. I'm also familiar with Google Cloud Platform, GCP. It's a bit complex as the structure is not as good as Microsoft. Microsoft, from top-down, offers a management group, subscriptions, and tenants under one group. Inside that resource group, you will find resources. That is easy. On the other hand, inside GCP, there are folders inside folders. Then you can create multiple folders inside one folder. That makes things very complex. There are not too many security solutions available on GCP. I do not have too much experience with GCP, however, given the experience I have, according to that, GCP isn't as good.

You can handle many things on Azure with the UI. There's no need to go for the PowerShell if you don't know it. If you know PowerShell best, you can use it if you want to. If you want any report from the GCP, however, you'll have to first understand the shell scripting. It's hard to find projects due to the way GCP is laid out. There's too much complexity.

How was the initial setup?

The solution is very easy to deploy. This is automatically installed on the Portal. There is no need to install anything on the Portal. There are just a few buttons inside the settings if you want to enable the Defender, et cetera. That will automatically install on all the servers. The agents are already present.

The solution takes six seconds to deploy. If you are on the Portal, you can do it in seconds. The first remediation will show within 30 minutes due to the fact that the scan takes time. The message takes a little bit of time to scan the entire infrastructure. That completely depends on how big a company's infrastructure is.

If there is another service, such as Azure Sentinel, you need to install agents on all the machines. If there is a Linux machine, you have to install the OMS agents. However, that's not the case over here.

One person can easily handle maintenance. A single person handles both Azure and Sentinel. Ours is a small environment. 

What was our ROI?

In terms of ROI for Azure Security Center, the solution offers basic security features, which Microsoft is providing. That's the main thing. There's no need to go and get any technical team to handle anything. If you know a little bit about the security, you just go and toggle the button and you install it on all the servers and services. With this product, you will start getting recommendations and security alerts. 

In contrast, if you go on any other products, you need a specialized team for security, especially. You need a complete specialized team for different services and for different actions. It's better to use Azure Security Center. There's no need to go and install anything and it's offering good security.

What's my experience with pricing, setup cost, and licensing?

The licensing cost per server is $15 per month. This is the same for SQL which is also $15 per server. It covers the Defender licensing as well. According to my experience, it's a good deal.

What other advice do I have?

I worked on all the Defenders, ten now, and, right now, we are more focused on Azure Defender, which is a part of the Azure Security Center on the Azure Portal. Defender is actually deployed on servers including other staff services, second path services, servers and community, and SQL databases. On each of these, you can deploy Defender.

This product is a Saas solution that is automatically updated from the Microsoft side. Any clients will not need to update manually.

If you have a hybrid cloud network or hybrid environment inside your organization, this solution will still work for you.

I'd rate the solution at an eight out of ten.

When it comes to Microsoft, the education surrounding Azure services and training is very easily available online without having to make any calls. If you want to join their webinars, you can join. If you want to get any certification, it is almost free for everyone. For a student they offer the training at 50% or 40% of the cost, or if you work at a good company. I did not pay anything for any certification. I have eight certifications from Microsoft. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Head of Cybersecurity at Nawah Energy
Real User
Top 20
Supports cloud-native services like Kubernetes, containers, managed storage, and databases
Pros and Cons
  • "The tool's most valuable feature is its support for cloud-native services like Kubernetes, containers, managed storage, and databases. Protecting these without Microsoft Defender for Cloud would be extremely challenging. For threat protection specifically, I find the signature-based detection and heuristic detection features very effective."
  • "For improvements, I'd like to see more use cases integrated with Microsoft Sentinel and support for multi-cloud environments beyond just Azure."

What is our primary use case?

I use Microsoft Defender for Cloud mainly for cybersecurity, threat prevention and detection, and implementing zero trust principles. It serves as an endpoint security tool for securing our cloud services.

What is most valuable?

The tool's most valuable feature is its support for cloud-native services like Kubernetes, containers, managed storage, and databases. Protecting these without Microsoft Defender for Cloud would be extremely challenging. For threat protection specifically, I find the signature-based detection and heuristic detection features very effective.

The compliance management features integrate well with Cloud Security Posture Management (CSPM), giving a full view of infrastructure compliance with regulations like HIPAA, PCI DSS, and ISO 27001.

What needs improvement?

For improvements, I'd like to see more use cases integrated with Microsoft Sentinel and support for multi-cloud environments beyond just Azure.

For how long have I used the solution?

I have been working with the product for a year. 

What do I think about the stability of the solution?

Regarding the stability of Microsoft Defender for Cloud, I would rate it lower due to some issues. Sometimes, the portal is not easy to access as it's Internet-based. We face delays while accessing the portal, which can be challenging. This could be due to Internet latency or other issues. However, from the solution perspective, it is quite stable.

What do I think about the scalability of the solution?

I rate the solution's scalability an eight out of ten. My company has 4000 users. 

How was the initial setup?

The initial setup was somewhat challenging - I'd rate it a three out of ten in ease of setup. Understanding the solution and ensuring all use cases work with Microsoft Defender for Cloud was challenging, but once you get the hang of the cloud, it's straightforward to set up. It took about a month to deploy, with three to four people involved in the project phase. Now two people manage it.

The deployment process was quite simple, as we're using Microsoft Azure Cloud. It involved activating the subscription as part of the license.

Integration with our existing infrastructure was mostly smooth, with some resolved certificate signing challenges. Overall, it was quite smooth.

What was our ROI?

Regarding return on investment, Microsoft Defender for Cloud is fulfilling its purpose. There's always room for improvement, and Microsoft is working on it. They regularly introduce new features, and their business development team is active in engaging customers about new features and benefits.

What other advice do I have?

We decided to go with Microsoft Defender for Cloud because of its ability to cover cloud applications. No other tool we've seen has such vast coverage for Azure Cloud applications. Also, since it's a Microsoft native tool, it's easier to implement in Azure cloud.

Overall, I would rate Microsoft Defender for Cloud eight out of ten.

My advice for other users using the tool is to first do a proper risk assessment around the cloud, develop use cases based on the protect-identify-detect-defend model, and then implement the solution accordingly.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
reviewer2000310 - PeerSpot reviewer
Information Security Specialist-Associate Consultant at a tech services company with 5,001-10,000 employees
Reseller
Scans for vulnerabilities in a cloud environment, gives recommendations according to the framework, and improves our Secure Score
Pros and Cons
  • "The security policy is the most valuable feature for us. We can go into the environment settings and attach any globally recognized framework like ISO or any benchmark."
  • "After getting a recommendation, it takes time for the solution to refresh properly to show that the problem has been eliminated."

What is our primary use case?

We use Microsoft Defender to scan for vulnerabilities related to any container or server in the cloud environment in Azure. Microsoft Defender suggests recommendations and security alerts according to the default framework. We can also use other frameworks like ISO benchmarks to assess our infrastructure and get recommendations on what can be fixed.

The solution is deployed on a public cloud, and Azure is the cloud provider.

We use Microsoft Defender for Cloud to natively support Azure.

We are resellers. We customize the solution and sell it to clients.

How has it helped my organization?

The solution has improved our organization in terms of benchmarking. Our Secure Score has improved a lot, and we're compliant with particular benchmarks.

The single-pane-of-glass view gives us the Secure Score in a single dashboard. It shows us all of the collective resources we have, including what is on-premises and on the cloud. It's a single graphical representation and a unified view that we can customize according to the client. We can adjust the Secure Score dashboard to show whatever the client wants to see. It can show the Secure Score, security alerts, and compliance score. The compliance score shows how compliant the environment is.

Our current security posture is a combination of the benchmark plus Zero Trust. We have a set of policies in Zero Trust that covers all six layers of the cloud, like the identity network, infrastructure, applications, endpoint, and end data. It's structured to cover every aspect of the cloud using the customized policy in Microsoft Defender.

The solution has improved our Microsoft Security Score a lot. 

Microsoft Defender is set to scan the virtual machines, SQL databases, and private endpoints every 30 minutes. For some of them, we just clicked "quick fix" and it created a private endpoint instantly and showed that it was rectified. Those quick fixes were instantaneous.

For our response time, critical findings take approximately two days while medium findings take three to seven days.

The solution has increased our efficiency.

What is most valuable?

The security policy is the most valuable feature for us. We can go into the environment settings and attach any globally recognized framework like ISO or any benchmark. We can also use our customized benchmark, like Zero Trust, if we want to implement it.

We can deploy different net agents on the on-premises assets, and Defender will scan those on-premises resources and give us recommendations to fix them.

The solution gives us recommendations to enable a DDoS protection plan on our virtual network. Right now, the DDoS, enforcing MFA, and conditional access policies make our organization more secure.

It's a good tool for keeping multi-cloud infrastructure and cloud resources secure. It's a market leader right now.

What needs improvement?

Right now, the solution covers a limited set of resources. If taken into scope, it will improve more.

After getting a recommendation, it takes time for the solution to refresh properly to show that the problem has been eliminated. 

Sometimes we'll receive a recommendation, but the problem still won't be fixed. This could be due to end-of-life machines. If the solution isn't properly refreshed, we need to wait for two or three days to remove those recommendations. Sometimes we have to reach out to Microsoft to check why the problem hasn't been fixed after following the recommendations.

For example, after a recommendation about AML files, it didn't show that the fix had been applied even though it was. It took more than four days to show that the fix had been applied. 

There are some policies that we're not able to use due to some business justifications. For instance, the storage account should be private, but it's public because a third party is interacting with that storage account and we can't limit the public access because there is no whitelisting available in terms of IPs.

For how long have I used the solution?

I have used this solution for three years.

What do I think about the scalability of the solution?

It's scalable, but it's an additional cost to increase the scalability.

How are customer service and support?

I would rate the technical support a seven out of ten. They respond quickly and give us detailed information.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We have also used CSPMs and other tools, but there were some limitations there. Defender gives us more customization in terms of frameworks, which is why we chose it.

How was the initial setup?

The initial setup was straightforward. It took one day. We used two full-time team members for deployment. 

What about the implementation team?

We deployed the solution in-house and designed the architecture.

What was our ROI?

This solution saved us money.

What's my experience with pricing, setup cost, and licensing?

There are two different plans. We're using the secure basic plan, but we have used the end security plan as well. There are additional costs, but it gives us more functionalities compared to the basic plan. It provides threat detection and integration capabilities. We have not enabled that due to the cost, but it's a possibility.

What other advice do I have?

I would rate this solution an eight out of ten. Using this solution gave us confidence.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1881378 - PeerSpot reviewer
Student with 1,001-5,000 employees
Real User
Seamlessly integrated and improves security but should be more tailored to micro-segmentation
Pros and Cons
  • "It works seamlessly on the Azure platform because it's a Microsoft app. Its setup is similar, so if you already have a Microsoft account, it just flows into it."
  • "From my own perspective, they just need a product that is tailored to micro-segmentation so I can configure rules for multiple systems at once and manage it."

What is our primary use case?

I work on micro-segmentation for my master's thesis, and I was looking for ways to implement micro-segmentation using Defender. I work on the assumption that small businesses can't implement expensive virtualization solutions, so I'm looking for alternatives to implement micro-segmentation for their network security.

I use the latest version of the solution.

It's a test deployment. I created the entire network. It's more like a laboratory setup.

How has it helped my organization?

The solution does what I want it to do. If you're already on Microsoft, this solution comes bundled with it. It's seamlessly integrated, and it improves security because I can determine who can access what applications and who or what my applications communicate with. It improves the transparency and visibility of the traffic in and out of the network of each workload on my system.

The benefits were realized almost immediately.

Compared to other products, it hasn't helped save SOC time or increase efficiency. I'm focused on micro-segmentation, so compared to other products, it wasn't built for that, but it can be adapted to it.

I'm not sure that the effect on my overall time for detection can be measured, but for non-threats, it's almost effective. The notification system is effective too. It lets me know as soon as there's a problem.

What is most valuable?

I use this solution to natively support Azure. It works seamlessly on the Azure platform because it's a Microsoft app. Its setup is similar, so if you already have a Microsoft account, it just flows into it.

It's very important to me that the solution has the ability to protect hybrid and multi-cloud environments. 

I'm looking to implement the solution in SMEs that might use different environments. Most SMEs don't have the resources to own their infrastructure entirely, so I can't really predict what environment they will be used in, therefore, I need a solution that is flexible enough to work in multiple environments, both online and offline. The only limiting factor is that I can not this solution use on platforms that aren't Microsoft.

The single pane of glass view is very important for me. It's great to be able to see everything at once and go where I need to very quickly. It's also easy to use if you've used any Microsoft product before. It allows me to see everything I want at a glance. I didn't think it was important until I started to use it, and then I realized how convenient it was.

For micro-segmentation, the unified portal has had an effect on my cloud security posture, but it's a lot of work because I have to configure the rules individually. It's difficult to compare this solution to a product like NSX or any other specialized micro-segmentation product, but because I'm trying to get a solution for small businesses that have about 10 PCs or 10 systems at the most.

It effectively defends against known threats. It also updates regularly, so the threat signatures are updated regularly, but I don't know how often the database is updated on Microsoft, so I can't really quantify its effectiveness against either zero-day threats or new threats.

I've only tried it on Azure cloud and it's effective. I've only used it on a single-cloud structure.

Right now, I'm setting rules for incoming and outgoing traffic for different applications.

What needs improvement?

From my own perspective, they just need a product that is tailored to micro-segmentation so I can configure rules for multiple systems at once and manage it. Instead of having to set up individual rules for individual applications, there should be a system that can allow me to set up multiple rules at once and can automatically update the rules as the infrastructure changes.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

In general, the scalability is good. It wasn't built for my use case, which is micro-segmentation. If I had 100 systems, it would be a lot of work for me.

How are customer service and support?

I have not had to call or get in touch with them, but there's a lot of documentation online. I've found a lot of what I need without having to contact anyone.

The documentation is excellent. There's a lot from Microsoft and other providers. I think it's a fairly popular system.

How was the initial setup?

It was straightforward. I was the only person that deployed and tested the solution.

Initial deployment took a day, but the initial configuration rule setting took a while because it was my first time using the system.

The first step was to set up the cloud, install some test applications that I needed to protect, and then configure rules for traffic between the applications, and then between the application and external networks.

The solution doesn't really require any maintenance. It's fairly automatic. Once it's up and running, it pretty much works.

What's my experience with pricing, setup cost, and licensing?

The cost is fair. There aren't any costs in addition to the standard licensing fee.

Which other solutions did I evaluate?

I didn't evaluate other options because I use this solution for thesis research. I researched which solution was the most used cloud and picked Azure.

What other advice do I have?

I would rate this solution six out of ten. 

As a perimeter defense system, I would rate the solution a seven. As a micro-segmentation system or application, I would rate it a four.

As a perimeter defense solution, it's excellent. As a micro-segmentation product, it's not so great, especially if you have a lot of systems. It's not the product's fault because I don't think that's what it was built for.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Consultant at Independent
Consultant
Top 20
Provides cloud security management, vulnerability management with easy configuration
Pros and Cons
  • "It offers virus management and addresses threats such as viruses, worms, spyware, and other critical security concerns."
  • "Support needs to be highly responsive, especially in large enterprise environments."

What is our primary use case?

We use Microsoft Defender for Cloud primarily for cloud security management, which includes vulnerability management. In a security environment, managing vulnerabilities is a top priority. Defender for Cloud helps identify and mitigate these vulnerabilities and protect against threats like viruses, worms, and spyware.

What is most valuable?

It offers virus management and addresses threats such as viruses, worms, spyware, and other critical security concerns.

What needs improvement?

Support needs to be highly responsive, especially in large enterprise environments. When support is required, it must be immediate, as there could be urgent situations. For instance, prompt resolution is essential if there's a critical issue like a global cyber threat that impacts networks worldwide.

If our team encounters such a problem and needs assistance, we require a support team that can provide immediate, hands-on help to resolve the issue effectively. Quick and expert support is crucial for managing high-level emergencies and ensuring smooth operations.

For how long have I used the solution?

I have been using Microsoft Defender for Cloud for 25 years.

What do I think about the stability of the solution?

It is useful for small companies as well. It provides robust security without requiring a dedicated, highly qualified team to manage it.

What do I think about the scalability of the solution?

The solution is scalable. It is suitable for large enterprises. 

I rate the solution’s scalability a ten out of ten.

How was the initial setup?

The solution is easy to setup and configure.

Deployment of Microsoft Defender for Cloud is typically based on the infrastructure size, including factors such as the footprint, network, and devices that need protection. When deploying Microsoft Defender for Cloud, agents must be installed on various devices within the network, including servers, desktops, and other appliances that require protection.

What other advice do I have?

Specific government protocols and security standards must be followed in a secure environment. Microsoft Defender for Cloud helps manage vulnerabilities in your cloud infrastructure. It offers protection against threats such as worms, spyware, and viruses. The tool provides continuous monitoring and real-time threat detection, which is essential for maintaining a secure network environment.

Overall, I rate the solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Microsoft Defender for Cloud Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Microsoft Defender for Cloud Report and get advice and tips from experienced pros sharing their opinions.