Microsoft Defender for Cloud Reviews

We have been using Azure Security Center for one year. 

I don't know what the issue is but when we do the agent deployment, sometimes it works, and sometimes it fails and we need to go inside the virtual machine and manually install the agent. That's been a bug that we've experienced. 

There are 5000 users.

I do the maintenance. We have 35 engineers who use it. 

Their support is good.

The initial setup is not actually so complex but it feels complex because there are many add-ons. There are many options and my team needs to be aware of all of these changes happening on the backend which is a distraction. 

I would rate Security Center an eight out of ten. Not a ten because of the bugs that we have experienced and because of the cost. 

It's quite a good product. It helps to understand the infections and issues you are facing. 

As a consultant, I implement Microsoft Defender for Cloud for different customers with various use cases. The primary goal is to enhance security for cloud usage in many different ways.

Microsoft Defender for Cloud provides a prioritized list of remediation for security issues. We implemented routines to go through all the recommendations on a weekly basis because there are new recommendations all the time. It has definitely made it easier to stay on top of things.

Microsoft Defender for Cloud has definitely improved the security posture. There is at least a 50% improvement.

The coordinated detection and response across our devices, identities, apps, email, data, and cloud workloads is very good. The implementation of Copilot for security brings it to a whole different level where you can use normal language to ask things.

The most valuable feature is the recommendations provided on how to improve security. It has made the cloud environment more secure, thanks to all the recommendations we can get. They often come with step-by-step instructions, making it easy to implement the suggestions. This greatly increases the security of the cloud environment.

It seems to be very comprehensive in terms of the range of workloads. I have not found anything that is missing. It covers pretty much all the common scenarios.

With the new Copilot functionality available everywhere, it is challenging to pinpoint areas for improvement. If I put in a lot of thought, I might identify things, but right now, nothing significant pops into my mind, but there is always room for more transparency, especially in pricing.

I have been using Microsoft Defender for Cloud for a few years, probably two or three years.

Microsoft Defender for Cloud is very stable. I have never experienced any downtime.

The solution seems scalable. You can use most of these cloud platforms as you need. If you need more of it, you can do that. I appreciate the flexibility of the usage.

Being a Microsoft partner company, we have direct lines into Microsoft. Although Microsoft is a large organization, once you work with something for a while, you know where to go. It is a big company, and all big companies might have problems with communication at times.

Positive

I did not use a different solution before Microsoft Defender for Cloud. 

The initial setup is easy. It is straightforward and well-documented. If you need more information, there is always good information on Microsoft's documentation website.

In terms of the implementation strategy, you need to do some research beforehand. Once you have done that, you know what you want to protect and at what level. After you start using it, you get the recommendations, and then you just follow them. It is quite easy.

I am the consultant who manages the initial deployment.

The biggest return on investment is the rapid improvement of security posture. It takes time to find all these small things and recommendations on my own. The system's ability to provide prioritized lists of issues saves a lot of time, allowing me to focus on other tasks.

Understanding the costs of cloud services can be complicated at first. As with a lot of things in the cloud, it can be quite hard to understand the end cost, but it becomes clearer over time. Early on, the lack of transparency is a challenge. Microsoft does not tell you the cost when they launch something. It is clever marketing, and there is room for improvement there. There should be clarity from the start.

We did not evaluate other solutions before deploying Microsoft Defender for Cloud. We are quite heavily invested in Microsoft's ecosystem.

I would rate Microsoft Defender for Cloud a nine out of ten. There is always room for improvement, but it is a highly effective solution.

I am closely dealing with alerts related to cloud workloads. We are integrating the alerts that pop up for different services to analyze the gaps in our Azure landscape. We then assess what we need to close and what makes sense for our environment because not everything is applicable. It depends on our company's requirements as well. We plan the strategy for how to close those gaps. There are different mechanisms for how you deal with those security alerts.

We are using the Microsoft Azure Security Benchmark along with the CIS Benchmark. We rely quite heavily on these benchmarks, and I would rate the CSPM functionality a nine out of ten. Most recommendations are focused on generic security gaps, but overall, those recommendations are very good from the security aspect, irrespective of the industry.

It is pretty good in terms of the range of workloads covered. It covers most of the IaaS infrastructure that Azure offers and most of the PaaS services that we are using. I cannot recall any service that we are using for which Microsoft Defender for Cloud does not have recommendations.

We have integrated the alerts that we are getting from Microsoft Defender for Cloud with our on-premises Splunk solution. We capture those alerts. They are integrated via Microsoft Events Hub. It acts like a queue and pulls those alerts from Microsoft Defender for Cloud and then sends them to Splunk. This integration helps our global security team to figure out which alerts are critical. They can then reach out to the owner of an asset.

Microsoft Defender for Cloud helps in improving our overall security posture. We have a nice overview of what is missing where and what can be improved.

Without Microsoft Defender for Cloud, we will not have any visibility into our security posture. The way on-premises things work in our company is complex. We have ten different tools for ten different categories. We have one tool for vulnerability assessment and one for patch fixing. Microsoft Defender for Cloud is a single integrated tool. It gives me a holistic overview of my whole security posture.

The most valuable features are the different plans it offers and the visibility within them, such as the Defender for Servers plan includes capabilities for vulnerability findings on machines and configurations at the OS level. They have different plans for different things. We are utilizing all of them, and they are equally good. 

Currently, issues are structured in Microsoft Defender for Cloud at severity levels of high, critical, or warning, but these severity levels are not always right. For example, Microsoft might consider a port being open as critical, but that might not be the case for our company. Similarly, it might suggest closing some management ports, but you might need them to be able to log in, so the severity levels for certain things can be improved. Even though Microsoft Defender for Cloud provides a way to temporarily disable certain alerts or notifications without affecting our security score, it would be better to have more granularized control over these recommendations. Currently, we cannot even disable certain alerts or notifications.

There should be an automated mechanism to design Azure policies based on the recommendations, possibly with AI integration. Instead of an engineer having to write a policy to fix security gaps, which is very time-consuming, there should be an inbuilt capability to auto-remediate everything and have proper control in place.

Additionally, enabling Defender for Cloud at the resource group level, rather than only at the subscription level, would be beneficial.

I have been using Microsoft Defender for Cloud for five years.

Overall, stability is good. However, Microsoft sometimes changes settings or configurations without transparency. These changes, detected as drift by our infrastructure as a code tool, require unnecessary work. I suggest Microsoft maintain default settings as per the existing configurations during updates to save us from having to do unnecessary work.

Scalability is generally good, but it also depends on the customer's implementation. We are using infrastructure as a code, so we do not have any scalability issues with Microsoft Defender for Cloud implementation because our cloud automatically does it.

If a new subscription is created manually, the configuration is manual too. An automatic toggle for new subscriptions would ease scalable deployment.

From a scalable perspective, if your company has hundreds or thousands of subscriptions, there should be some toggle to automatically scan your new subscription and turn different plans on. This is something they can take into consideration.

Customer service and support from Microsoft are very poor. Even for high-severity cases, response or resolution time can extend to three or four weeks. Often, cases are transferred between teams with no resolution, resulting in a negative experience. We end up closing the case or resolving it on our own. I cannot recall any instance where they managed to quickly resolve any issue. 

I even suggested to my top management to give me one percent of what they are paying for Microsoft's enterprise-level support because I anyway end up resolving the issues on my own. Our case just gets transferred from one engineer to another. We have to explain the same thing from scratch. Nobody is checking case details. Nobody is handing over properly on Microsoft's side. The support experience is very bad.

Negative

I did not use any other solutions. Because we use Azure, we prefer to use Microsoft's native, built-in capabilities. That is why we have been using Microsoft Defender for Cloud from the beginning.

The initial setup was simple and straightforward. From a configuration perspective, it is not so complicated. It involves enabling the service at the subscription level, which requires turning on basic toggles.

My team implements these solutions. All new requirements pass through our team.

The pricing model for most plans is generally good, but the cost of the new Defender for Storage plan is high and should be revisited, as it could lead to disabling desirable security features due to cost.

They have introduced a new Defender for Storage plan which they are going to mandate for new workloads. They might already have done that, but it is very costly for users needing additional capabilities. The licensing cost is per storage account irrespective of whether it is enabled or not. Previously, the model for the same service was based on transactions. If you had one million transactions, you were charged according to that. If you had only 10,000, you were charged according to that. Making the new storage plan mandatory is not a good idea from a customer perspective. We did our analysis and compared the new storage plan with the old one. We found that the cost with the new plan is 3.5 times higher. Why would I opt for that as a customer? If it becomes mandatory, we might even disable the plan altogether. We will end up losing certain security alerts that we want to have because of the cost aspect. This new plan should not be enforced, and the customers should have the flexibility to decide.

Another thing is that Microsoft Defender for Cloud is always enabled at the subscription levels. When it is enabled at the subscription level, everybody is charged for it. In the future, there should be more granularity so that under the same subscription, different teams can put their resources. Whoever wants to utilize these capabilities can enable them in their resource group. This will help save costs. Teams will be happy because they will be able to utilize these tools as per their requirements. 

I would rate Microsoft Defender for Cloud an eight out of ten. The solution is quite good and addresses many security gaps. It is the starting point to improve the security of your Azure platform. You can introduce other solutions such as Microsoft Sentinel later. If you start with just Microsoft Defender for Cloud, about 75% of your security gaps will be addressed. After that, you can think of some advanced solutions.

In my experience of working with Azure, teams are not utilizing this solution to its fullest capability. It has so many plans and recommendations to offer, but most of the people do not understand it.