Microsoft Defender for Cloud vs Microsoft Entra Permissions Management comparison

"Most importantly, it's an integrated solution. We not only have Defender for Cloud, but we also have Defender for Endpoint, Defender for Office 365, and Defender for Identity. It's an integrated, holistic solution."

"I would like to see more connectors and plugins with other platforms."

"The most valuable feature of Microsoft Defender for Cloud is its ability to assess an environment and give us a clear idea of what security components are lacking and which are not."

"The entire Defender Suite is tightly coupled, integrated, and collaborative."

"Threat protection is comprehensive and simple."

"One important security feature is the incident alerts. Now, with all these cyberattacks, there are a lot of incident alerts that get triggered. It is very difficult to keep monitoring everything automatically, instead our organization is utilizing the automated use case that we get from Microsoft. That has helped bring down the manual work for a lot of things."

"The notification process of Microsoft Defender for Cloud has been the most valuable feature. The notification process is effortless, as it can tell me right there and then locate issues pretty fast, saving us a lot of time by not having to dig through all the warnings."

"The tool's most valuable feature is its support for cloud-native services like Kubernetes, containers, managed storage, and databases. Protecting these without Microsoft Defender for Cloud would be extremely challenging. For threat protection specifically, I find the signature-based detection and heuristic detection features very effective."

"Multifactor authentication is valuable."

"The solution integrates well with our infrastructure and other systems without any issues."

"We would like to have better transparency as to how the security score is calculated because as it is now, it is difficult to understand."

"I would suggest building a single product that addresses endpoint server protection, attack surface, and everything else in one solution. That is the main disadvantage with the product. If we are incorporating some features, we end up in a situation where this solution is for the server, and that one is for the client, or this is for identity, and that is for our application. They're not bundling it. Commercially, we can charge for different licenses, but on the implementation side, it's tough to help our end-customer understand which product they're getting."

"However, some Copilot features aren't available in the GCP environment. This is something we hope will be addressed in the future."

"An area where Microsoft Defender for Cloud could be improved is in getting away from having multiple menus that do the same thing, which seems imposing when looking at it."

"The pricing could be improved, as it is somewhat high for smaller companies."

"For Kubernetes, I was using Azure Kubernetes Service (AKS). To see that whatever is getting deployed into AKS goes through the correct checks and balances in terms of affinities and other similar aspects and follows all the policies, we had to use a product called Stackrox. At a granular level, the built-in policies were good for Kubernetes, but to protect our containers from a coding point of view, we had to use a few other products. For example, from a programming point of view, we were using Checkmarx for static code analysis. For CIS compliance, there are no CIS benchmarks for AKS. So, we had to use other plugins to see that the CIS benchmarks are compliant. There are CIS benchmarks for Kubernetes on AWS and GCP, but there are no CIS benchmarks for AKS. So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product. We ended up with two different dashboards. We had Azure Security Center, and we had Stackrox that had its own dashboard. The operations team and the security team had to look at two dashboards, and they couldn't get an integrated piece. That's a drawback of Azure Security Center. Azure Security Center should provide APIs so that we can integrate its dashboard within other enterprise dashboards, such as the PowerBI dashboard. We couldn't get through these aspects, and we ended up giving Reader security permission to too many people, which was okay to some extent, but when we had to administer the users for the Stackrox portal and Azure Security Center, it became painful."

"I would like to see better automation when it comes to pushing out security features to the recommendations, and better documentation on the step-by-step procedures for enabling certain features."

"Defender could provide more in-depth visibility into vulnerabilities and services. For instance, we wanted to scan Azure NetApp for sensitive data, but they didn't have that feature. It was only for storage accounts. I want Azure Defender features to cover all Azure resources rather than a few."

"The solution's pricing and support services need improvement."

"We use a third-party API called Nebula API to integrate the account for authorization. The time-bound access area in Entra can be a problem. It can be improved in terms of the granularity of the permissions."

"Azure Defender is a bit pricey. The price could be lower."

"While we pay for any additional features, the pricing seems competitive, though I am not involved in the specific cost details."

"Our clients complain about the cost of Microsoft Defender for Cloud."

"The pricing is very difficult because every type of Defender for Cloud has its own metrics and pricing. If you have Cloud for Key Vault, the pricing is different than it is for storage. Every type has its own pricing list and rules."

"This is a worldwide service and depending on the country, there will be different prices."

"The solution is expensive, and I rate it a five to six out of ten."

"It is bundled with our enterprise subscription, which makes it easy to go for it. It is available by default, and there is no extra cost for using the standard features."

"The cost of the license is based on the subscriptions that you have."

"The product cost is in the mid to high range."

"We are a Fortune 500 company, so we always negotiate with Microsoft."