Microsoft Defender for Cloud Apps Reviews

We use it to protect our users' devices against attacks. 

We see stories about attacks in the news, including phishing and spam, Defender helps protect us.

It also gives us an ecosystem. We have one portal where we can manage everything. We don't need to log in to another portal to manage the devices, the antivirus, Defender, or Office. It's a single place to manage everything and that's very good.

It's very easy to install and it includes the Intune portal from Microsoft where I can control all the devices from one place. And because it's a Microsoft product, it integrates with Windows 10 and Windows 11. We don't need to buy anything else.

We have an M365 license and we have an Office admin portal. I manage all the users and licenses through the portal, making it very easy to manage. We have a lot of users coming in and going out of the company, and this makes it simple to provide licenses to people.

I would like to see them include more features in the older licenses. There are some features that are not available, such as preventing or analyzing cloud attacks. We have Defender P2 licenses and Microsoft proposed P3. If it included what was in the old package, such as the M365 license and Office, that would be very good.

I have been using Microsoft Defender for Cloud Apps (MDA) for two years.

The stability is very good. We haven't had downtime. When we receive a message that the service is down, it's only for a few minutes and then all is good. That's true for the whole Microsoft universe, since we use Outlook and Teams.

We haven't had any problems with scalability. We moved all devices from Windows 10 to 11 and it was very easy. We didn't need to test the machines. It worked very well.

We have 50 users of the solution.

The support from Microsoft is very good. Their chat system is very good because it's an alternative to phoning and it's very quick. Through the chat we quickly have someone to respond to our questions.

At first we used Panda, and after that we had McAfee. We replaced McAfee with Defender. Panda's client was very heavy on the device and, with McAfee, the benefit versus the cost was not so good.

Also, I spoke to colleagues at other companies that have implemented the solution and they said it's very simple to install.

We have seen ROI because there have been some attacks, but they have always been contained.

It's expensive because we have to pay for an M365 license and it is included in the package.

We tested Cisco Umbrella but the price was a little higher than Defender's price, and it would have been another product to install. Defender was almost "included," meaning it was easy to install.

MCAS was onboarded for the purpose of detecting shadow IT. As the organization moved towards more SaaS solutions, we wanted to make sure that there is a way to monitor and govern the IT services coming up as shadow IT. We are a very big organization where a lot of services get onboarded, and some of the things may go unnoticed. We wanted to detect the shadow IT software being installed or shadow IT happening within a department or business unit.

We also wanted to make sure that the cloud access security broker provides a DLP kind of solution for Office 365. For example, if I am uploading a document with PI data, MCAS should scan and make sure that the right classification is applied. When the right classification is applied, the document gets encrypted, and relevant information protection is applied. If the right classification is not applied, the users are alerted to make sure that they go and remediate the document, task, file, etc.

This is how we started with this solution the last year. Going forward, as a strategic solution, we are also looking at using MCAS to govern the Office environment. We have started onboarding solutions like Microsoft Teams, SharePoint Online, OneDrive, and Exchange Online. 

Our setup is a mixture of on-premises and cloud solutions. At this point in time, the major cloud providers are AWS and Azure, and we also have on-premises products such as Symantec DLP, Doc Scan, etc.

There are certain regulatory requirements in our bank for personal data and confidential information that need to be monitored from a security standpoint. It is a regulatory and standard requirement to have such a solution in place. 

MCAS is a dedicated solution for Office 365 and other productivity-related solutions, and it really helps to automate some of the processes. It would have been difficult for us to find a similar product. It gels well with some of the solutions or technologies that we have, especially with Microsoft Azure and Office 365.

From a security monitoring perspective, there is a productivity improvement and fewer human errors.

In terms of user experience, if users mistakenly put PI information or some kind of data, it can detect and alert them. From that aspect, it is doing the job, but we are using it from a security standpoint. I'm more from a regulatory environment, and there are security requirements that are enforced by regulators. So, we cannot provide some of the end-user experience features, and there should always be a balance between the end-user experience and the security standpoint. MCAS is more of a backend security posture product. I won't position it as enhancing the user experience.

The feature that helps us in detecting the sensitive information being shared has been very useful. In addition, the feature that allows MCAS to apply policies with SharePoint, Teams, and OneDrive is being used predominantly.

It is a kind of unified solution. As compared to other solutions such as Netskope, Symantec, or McAfee, it provides a more unified reporting structure.

It also integrates with other technologies. We have Azure Information Protection, and it goes well with the solutions that we are already using.

It takes some time to scan and apply the policies when there is some sensitive information. After it applies the policies, it works, but there is a delay. This is something for which we are working with Microsoft.

It cannot detect all the things that are required as per our bank's standards. We are working with Microsoft to see how they are going to help us resolve this, and based on NDA, which new features are coming in because we require a unified solution. We have other security solutions that are working on top of it, but we don't want to use multiple solutions and then end up with a human error. From a security perspective, the weakest link is human error. If certain features are monitored by MCAS, certain features are handled by Zscaler, and certain features are handled by Symantec DLP, it becomes difficult to synchronize from an operational standpoint. This is the situation we are in currently, but these issues come with new products or new cloud solutions. We have to slowly orchestrate and see how to unify the solutions. So, at present, it doesn't solve all the problems. There are many problems, but at least, we have other solutions that are currently providing some mitigation.

It doesn't provide any way to scan Microsoft Teams when an external exchange of images is happening. You can always do the filtering on the documents during the chat, but if there is an image, then some kind of OCR capability is required to detect it. At present, there is no way MCAS can go and detect those kinds of images and alert us. They can maybe integrate it with an existing OCR-capable product. This is something that we are absolutely looking into. There should also be a feature to immediately increase the time to detect some PI information being exchanged via chat.

Its reporting capabilities can be better. Currently, to generate reports, you need to have Power Automate in place. If such capabilities are built into the product, it would be easier because when we bring in Power Automate, we need to make sure that Power Automate also gets monitored from the DLP and governance standpoints. MCAS doesn't have many reporting capabilities, and it's really an operational nightmare to get all these things done at this point in time by using MCAS. These are some of the operational capabilities that our engineers require from this solution from the reporting perspective. Symantec and other solutions are more mature in this area. It could be because MCAS is still an upcoming product.

We onboarded Office 365 and cloud services less than two years ago. MCAS was one of the strategic and DLP kind of solutions for Office 365 and other productivity products. Because the onboarding of the cloud services is in phases and not everything can be onboarded at the same time and it requires the involvement of different security and project departments, MCAS was onboarded last year.

From an enterprise perspective, it meets most of the interoperability requirements. So, scalability is there. I don't see an issue from the scalability perspective. Only features are missing here and there.

Currently, it is almost serving the entire bank. In terms of the SaaS products that MCAS is monitoring and the number of users it is serving, we have onboarded around 40,000 users for Office 365 and other SaaS products. Eventually, it will be serving the entire bank, but at this point in time, it is only serving all Office 365 and SaaS product users. 

It is more of a cybersecurity solution for the bank to comply with all the security requirements and meet the security quotient. The end users don't see MCAS as a direct solution, but MCAS is providing security services for the bank behind all the services.

We have proper help desk support. For example, if someone uploads a document that has PI data and there is an issue, it is highlighted to the user asking them to remediate it. The manager is also copied. The help desk takes care of such things. 

Once the solution is implemented, it is almost auto-run. From the support perspective, it is mostly about why did I get this alert, what was wrong with this document, etc. Such things are usually taken care of by the user because users are responsible for what content they are allowed to load on a particular website, SharePoint site, or software. A robust change management process and help desk are already in place, and I don't see a big concern on this aspect.

Previously, we didn't have any cloud product. We only had on-premise products. Our organization joined the cloud around one and a half years ago mainly because of this pandemic situation.

It depends on the requirements. Certain requirements are really complex. The deployment itself is quite fast because MCAS is on the cloud, but there are a lot of requirements from the regulations and the bank's standards perspective.

It took us one week for the architecture and to decide things like whether we need a reverse proxy. To have all the requirements and get all the things done in an enterprise environment, typically, a simple product like MCAS can take three to six months. That's because there are a lot of governance requirements, and we need to make sure there is no PI data, and the keys are encrypted somewhere in the user ID part. 

In terms of the implementation strategy, at the high level, for Office 365 and SaaS solutions, we wanted a unified product to replace our existing one. From the strategy perspective, we wanted to go to the cloud. MCAS was able to integrate with most of our Office productivity tools. We procured the licenses and then went through the strategy of the bank and how the product can meet the needs. This was at a very high level. Of course, when we go into operations, we get operational challenges. That's why we need to have a longer time period to make a product coexist with the existing products.

We have our own department, and they are trained in it. We also engage all sorts of vendors to provide us the results. At least for the interiors, we do not engage a third-party reseller or contractor.  

It was more of an in-house implementation, but Microsoft helped us in coming up with a service design for Azure-related products including Office 365. Based on our requirements and infrastructure, they provided high-level architecture and design documents and told us about the things to be included or considered. We took that service design document and built our operations based on that and got it to work. So, the service design came from Microsoft, but hands-on was by our bank.

In terms of maintenance, this is actually managed by security folks and cybersecurity services. Currently, it is being managed by three people. There are only three operators. Of course, when there are new things to be implemented and new policies to be created, it goes to engineering. For changes, we need one more person on average. So, there are a total of four people.

I can't give a specific number. One of the returns on investment is that we will soon be getting rid of our on-premise infrastructure and maintenance. The CapEx costs and repeated hardware refresh cycle are gone. From that perspective, there are savings. All we need is the skill set to maintain and manage a particular cloud access security broker. Today, we have four people, and tomorrow, it could be eight people because of the increase in the number of applications. The bottom line is that we will get rid of all operational issues in terms of patching and fixing different systems. We don't have to patch the Windows systems, Linux systems, etc. All these are taken care of and are maintained in the cloud.

I'm not totally involved in the pricing part, but I think its pricing is quite aggressive, and its price is quite similar to Netskope. 

Netskope has separate licensing fees or additional charges if you want to monitor certain SaaS services, whereas, with MCAS, you get 5,000 applications with their Office 365. It is all bundled, and there's no cost for using that. You only have the operational costs. In the country I am in, it is a bit difficult to get people with the required skill sets.

I have been here for just around one year.  When I came, they were already using MCAS. In my previous organization, I made the decision to use MCAS for Office 365. For the entire cloud, I decided to use a dedicated cloud access broker like Cisco. It really depends on the organizational requirement and how they want to size their IT department. 

There are pros and cons. If you are totally on Microsoft products, MCAS has an integration. Otherwise, there are other products that may work better. Of course, you may still be dependent on some APIs from the cloud providers. It really depends on the organization's strategy.

My advice would be that an organization should assess where they are today and then map out what do they want from a cloud access security broker product. After that, they should decide whether MCAS or another product meets their requirements. This is important because you may have all the things in terms of interoperability and a solution may be the best fit from an operational perspective, but if all of the requirements are not met, you may end up using multiple products. Therefore, an organization must assess its current IT infrastructure, where do they want to go, and what are the key requirements from a regulatory and IT governance standpoint. They also have to make sure they have the right skillset in the market. For example, in Singapore, if I want to implement Google Cloud, the skillset is very less as compared to the skillset for AWS.

From a vendor perspective, you should assess the reputability of the vendor and what kind of capability the vendor provides. For example, it's very obvious that Microsoft is very good at integrating its own products. They have now also started to integrate with others. These are some of the aspects you should consider before making a decision between product A or B. There is no magic silver bullet.

From a security standpoint, overall, it has satisfied 80% of our requirements in terms of regulatory and bank standards. For 20% of our requirements, we still need additional products or features. They are currently not really there, and we are trying to find the solution for those gaps. In general, MCAS has a long way to go. It is definitely a good product that integrates with Office 365 Suite very well, but from a capability perspective, other products such as SkyHigh, McAfee, or Symantec have more features. It has the potential. A lot of features are lined up in MCAS, and eventually, they'll be there. These features are mentioned on Microsoft's website, and they are in development. I am looking forward to those.

In terms of data governance, we have a very good tool, and we just need to focus on how to govern the data, DLP policies, etc. We don't have to bother about the physical data center, physical network, or physical host. The entire layer below the server is gone, and we just have to focus on the identity and security aspects. We just need to focus on what kind of security we need to put and which policies do we need to implement. We get better visibility by focusing on the key client endpoints by using MCAS. The team is now really focused. Previously, every day, teams used to come up with issues like, "Network has this problem. Data has this problem, and Host has this problem." Now the focus is, "Hey, this MCAS DLP isn't doing the job." The focus is more on the product's capability.

I would rate Microsoft Cloud App Security a seven out of 10.

One thing our clients want to know is what cloud applications their users are using. When you enable Cloud App Security, you can sweep up all the applications that the endpoint is using, such as Dropbox, Box, or OneDrive. 

At Microsoft they use OneDrive and would probably want to restrict it to just that, unless there was a compelling reason to use a third-party application. With Cloud App Security, you can find all the users who are using Dropbox, for example, and then you can sanction those applications and prevent users from using them.

We also use that for alerting and creating policies for notifications and alerts.

The ability to prevent users from using certain applications is one of the most valuable features. It doesn't require any configuration for implementation from the client perspective. It just works right away and gives you the information you need. There are other features that you do need to configure. For example, the capability of the solution to discover the apps.

Another helpful feature is that you can add some connectors, not only from Office 365 and Azure, but external connectors. If you have logs from Palo Alto or Cisco, from  Barracuda, Checkpoint, or SonicWall, you can ingest them into Cloud App Security. It integrates well with third-party vendors.

There were things that were lacking but they are available in the newer version, such as an integration with the threat protection that Microsoft has with Microsoft Defender. However, I believe it's only set to be integrated with Microsoft Defender for identity and identity protection. I would like to see it available for use with something like Office 365 Defender. I don't think it's integrated with that yet.

I have been working with Microsoft Cloud App Security for three or four years.

We're a Microsoft partner, so we do pretty much anything Microsoft, including security, endpoints, and cloud. We don't do website or application development. We focus on architecture, infrastructure, security, and delivery.

It is stable. I haven't seen it go down.

You don't have to worry about the scalability because it's a SaaS application. As you add logs and data sources, it builds up. But you don't have to worry about the scalability because it's in the backend.

It's a little bit hard to deal with Microsoft tech support, especially on Cloud App Security. It's hit and miss. It depends on your type of support. If you have premier support, you get an okay type of response. They definitely need to up their tech support. There should be some improvement in that regard.

The initial setup is simple because it's software as a service. You don't build a server and you don't do upgrades. There is no OS. It's built into the cloud. All you have to do is purchase the license.

In terms of maintenance, it's all Microsoft. All you need it to do is configure it so that it will work for your unique environment, according to your organization's requirements. There is nothing else to worry about.

It comes as part of a bundle. If you have the Microsoft 365 license called E5, it comes with that. Otherwise, if you're going to buy it a la carte, the pricing can vary. Because we're a Microsoft partner, we get discounted pricing.

It doesn't require a long configuration process. There's no testing. You just need to tailor it to suit your organization's needs in terms of the data and the information that you want to get. In terms of discovering apps, it works pretty much out-of-the-box. It presents you with the data. The only decision that you need to make is whether to sanction an application. And then you have to sanction it and set up an alert if users are using a sanctioned application.

We use it in our company for threat detection. My company is into manufacturing, and our IT support is within premises. We don't do client services.

It is a SaaS solution. It is not supported on-premises. The deployment that we have is purely cloud-based.

Cloud App Security is an ever-evolving technology. It is based on artificial intelligence. It uses some data sets that capture all the tools within Office 365 package. It collects all the data majorly in the Office 365 space, and it understands the usage. Across the globe, there might be millions of Microsoft users, and it tries to capture all the data cumulatively and see any anomalies. That is how Microsoft gives you the data. They study different types of organizations in terms of how they behave, what kind of security loopholes can be found in them, and then they give you recommendations. You just implement these recommendations to secure the environment. So, what you get is a tailor-made solution where you can find all recommendations because it is based on artificial intelligence. They give you a tailor-made recommendation to improve your environment. They might recommend multifactor authentication, role-based access, etc. They provide you the classical representation on which users we can target and safeguard more.  All these things are very useful. That's how this tool is helping Microsoft customers, and this is how we have also been using it.

My company relies upon this technology. For us, it is very critical to know any attack beforehand and be prepared for it. In our environment, there are many endpoints, and many devices interact. We have an email system, a storage system, and other systems. The beauty of Cloud App Security is that it can learn data from different applications. For example, Adobe is an application that I'm integrating with Office 365. So, I can expand my horizon of search to that tool and see how that interacts with us. I will get more real-time data, and I will know more use cases about it.

Threat detection is its key feature, and that's why we use this tool. It gives an alert if a PC is attacked or there is any kind of anomaly, such as there is a spike in sending emails or we see an unauthorized website being accessed. So, it keeps us on our toes. We get to know that there is something wrong, and we can isolate the user and find any issues with it. So, threat detection is very robust in this tool.

We can integrate any SaaS-based application with it. It can scan your network and physical devices and the software that you're using. It tries to fetch cumulative data when there are any authentication-related attacks or any network-related attacks and gives us some kind of intimation. We get real-time graphical data, and then we need to do our work to solve the problems.

The product is great. The major benefit is that it is a Microsoft tool. So, if you're in a Microsoft ecosystem, this is the best tool that you can get in the market. In terms of experience, it is unlike any other tool. It is good enough to do all the jobs that other tools are doing. So, you don't need any other tool if you are using it in a Microsoft ecosystem. 

The response time could be better. It will be helpful if the alerts are even more proactive and we can see more data. Currently, the data is a little bit weak. It is not complete. I can't just see it and completely know which user or which device it is. It takes some effort and time on my part to investigate and isolate a user. It would be great if it is more user-friendly or easy for people to understand.

If it is an Office 365 product, I expect it to be in the admin center. That way I would know that this is a part of Office 365. It feels like there is a mismatch, or they are trying to separate the product or do something like that. They should have streamlined the product.

It is not always accurate. Sometimes, there could be some hiccups, and you see false positives, but security is not always reliable, and you cannot depend on one tool to give you all accurate results. It gives me a report that I can see, and if needed, I can act proactively on something. If it is a false positive, it is fine. If it is not, we know that we have done something about it.

We implemented it probably in 2019.

It is a new thing for Microsoft, and it still has a lot of room to improve.

It is completely scalable out-of-the-box. It is completely in interaction with Office 365 services. It can go up to as many users as you have. So, if you have 100,000 users, it is capable of supporting them. I have some 50,000 users, and I'm happy that it is capable of doing that. We have implemented it 100%, and we are happy with what we have got.

It is good for an enterprise company. It is not for a small-scale business. 

We don't require support frequently. I would rate them a seven out of 10. If you have a critical situation, you cannot expect them to give you a call immediately. My experience has not been so great with their paid support in terms of time. Sometimes, they don't even call you back, but when you do get support from them, they are excellent. So, you can't rely on them, and their response time can be improved, but their documentation is good enough. We can read the documentation and help ourselves.

Before this, my company had some tools, but I'm not sure about them. They probably heavily relied upon Splunk and other APM tools. They have had this tool from the time I have been here. Personally, I haven't worked on technologies outside of Microsoft.

It is very easy if you know what you're doing. You just click on the Next button multiple times, and it is complete. It is well-documented in the sense that we know what we can expect from the tool. The documentation is great, and the support is also excellent. So, my experience was very smooth, and it was done in a day.

It does not work on every license. You have to be an Enterprise customer, and you have to have a specific license to have the full benefits of it. So, you require the correct license, and you also need a certain amount of time for it to propagate. It is not immediate. Based on what we were told by Microsoft a few years ago, it takes 24 to 48 hours. They might have improved upon that. It tries to capture the complete environment details, and then it gives you a cumulative experience.

We work around the clock. We have six admins at different time zones who work with this solution.

Its pricing is on the higher side. Its price is definitely very high for a small-scale company.

As an enterprise client, we do get benefits from Microsoft. We get a discounted price because of the number of users we have in our company. We have a premier package, and with that, we do get a lot of discounts. There are no additional costs. It only comes in the top-tier packages. Generally, the top-tier license is the best license that you can get for your organization. If you want, you can buy it separately, but that's not a good idea.

This tool alone is not a great investment, but when you get it as a part of the package from Microsoft, it is good. Along with Microsoft Teams, Office, Exchange, SharePoint, and other solutions, this added feature of an extra layer of security makes a lot of sense. If you are only using this tool, and it is not in a Microsoft ecosystem, then it is not worth it.

For Office 365 environments, there is a great add-on benefit that comes with the Microsoft licensing package. If you have a Microsoft ecosystem, you can get it, and there is no need for any other tool. If you're not in a Microsoft ecosystem, don't bother buying it. It is a good competitor to other products such as Splunk. 

It has not affected our end-user experience in any way. The reason being this is an admin-oriented program, and it does not involve any end user. It just collects data from end-users and gives it to us. After that, it is up to us to act upon it. It does not do anything on its own. It is a threat detection tool, and it doesn't do anything on its own. We have to act to resolve a problem. For example, it will only say, "There is a user who is doing this. Do you want to act upon it? Yes or no?" Based on that, as an admin, we can do certain tasks remotely. The end-user will not know about it. We will see if there is a real threat, and we'll act upon it.

I would rate it a 10 out of 10. It is improving, but it still needs more improvements.

I am not sure if the product has improved our organization yet. However, it certainly gives another level of confidence that the assets are secure. We are aware of the activity in the tenant.

The product’s most valuable feature is SQL database. It notifies us even in case of false positives when people log in after a long time and when we're out of compliance with the security baseline.

Microsoft Defender for Cloud Apps’s technical support services needs improvement.

We have been using Microsoft Defender for Cloud Apps for three years.

The product has good stability.

The product has good scalability.

The technical support services need improvement. They take a while to get responses. Their first-level engineers are generally not skilled. It takes time to get an engineer who can help us. Usually, whenever we come up with a problem, it is something that we can’t figure out on our own. We have to go through the process of submitting a ticket, waiting for a callback, and then finally getting help.

Neutral

I have used other products while working at other places. They all are more expensive than Microsoft Defender for Cloud Apps.

The initial setup process was simple. We had to merge the landing zone and part of a template. Later, we started the portal and selected resources we wanted to protect along with the level of protection. The implementation strategy is to just start using it.

We did the product implementation ourselves.

I haven't tracked an ROI for the product. It was set by default while setting up Azure Tenant. It has been successful in monitoring activities and keeping the network safe. It is less expensive than buying a separate license. It provides ease and convenience of use. We just turn the product on by default.

The product has helped save a medium amount of money. It has pretty good pricing.

I don’t know if the product provides a single pane for managing immune access. We connect it with the Active Directory and other similar tools. It helps save a low amount of time.

I advise others to try using Microsoft Defender for Cloud Apps. I rate it an eight out of ten.

I used to deploy it in the customer's environment and set the requirements. It's used for blocking downloads, for example, and is a security feature for data centers.

The solution is helping a lot. We get a lot of very detailed reporting on security that really shows what users are doing, including what they've opened, what else they're sharing, downloading, viewing, et cetera, as well as when they are logging in. It's a very detailed activity and reporting of my units.

The file policy and activity policy are very useful aspects of the solution.

I can get information, for example, data location, IP address, et cetera. I use it for getting information about what's happening in my environment with certain files. I can see, for example, which user is sharing files externally, and if they're downloading or might be downloading, the documents on their personal device, a corporate device, or if they are sharing any folders with the outside world.

The initial setup is straightforward.

The general usability of the solution is very straightforward.

We've had an issue where an in-session policy was not working. I want them to enhance the in-session policy. It's something I came across while adding the application into MCAS as I wanted to apply some MCAS policies on those applications.

I've been using the solution for about five years now. 

The solution is 99.99% stable.

The solution is extremely scalable. 

I've handled technical support for my customers. 

I've only really worked with this solution. 

The initial setup is straightforward. I already have experience putting the solution into place and therefore I'm pretty adept at setting it up. The implementation simply requires understanding how the customer wants to use it and what they want to monitor. 

It's an ongoing deployment and I've been deploying the solution for almost six years now. 

I basically use authority to integrate all users and exchanges together. We have basically a Microsoft-oriented system.

When I deployed it, I applied it to around 4,000 users. I indirectly did it myself and it took around one month for me to integrate everything and to meet those policies to ensure they were in line and working as to my expectations and that I was getting the expected results that I wanted.

You only need one person to handle the deployment. Maybe two people.

We do not need the assistance of an integrator or consultant. 

I'm not acquainted with the licensing and pricing of the solution. 

I did not evaluate other options previously. 

I don't have a business relationship with Microsoft. I deploy the solution and I am managing MCAS for customers.

If a person has an Office-specific environment and they are looking for a solution, this is a good option. It's a good native application. Even if they were in a different cloud, I'd advise migration to a Microsoft environment. 

I'd rate the solution an eight out of ten.

They were testing Microsoft Defender and performing some checks with Microsoft Defender. On the Microsoft side of the same security cloud app, I believe.

We have a complete portfolio of election solutions. These election solutions, in general, require a high level of security. There are preparations to have within them, such as cloud apps or websites, or even an off-premise or on-premise type of solution. As a result, we must have both types of services and products in order to secure them. For example, we used the Microsoft denial-of-service attack. It's a software subscription service from Asia that you get for a set period of time.

If you are running a live elections operation, you should seriously consider using such a service from them because it is extremely reliable. It essentially protects your entire environment. So you wouldn't be too concerned about someone hacking into your environment or anything because you need to have results that you should be publishing. That is when having a security system becomes extremely important for you. That's on the app side of things, then, on the web, we publish these results. You must also have a system that will never fail due to an attack. That's also one of the things we usually think about when we have an election operation going on.

The most valuable feature of this solution is its monitoring. The monitoring of the application. 

Integration is simple, and you can monitor your applications at the enterprise level. As a result, you can have a holistic view of all applications and their statuses. 

It's very robust and it's very good.

The capabilities are very good. It has a lot of features in it, which is why many people recommend it.

It's not the cheapest. I believe it can be more reasonably priced. 

Sometimes the support is actually lacking. But we are talking about Microsoft.

I have been doing the testing for the past six or eight months.

Because it is a cloud-based solution, I believe that versioning is not a critical factor to consider.

Microsoft Defender for Cloud Apps is a stable product.

Microsoft Defender for Cloud Apps is scalable.

Sometimes you don't get to the appropriate support channel from the start. When you open a ticket, you don't always get what you're looking for right away. We tend to get stuck in loops or go from one support guy to the next until we escalate. That happens quite frequently. I believe that this is one of the areas that should be looked into.

We have an in-house ABAP development team that works on ABT software. I have heard the technical team conducting this evaluation, but I'm not sure which SAP application they're testing.

The price could be better and should be reconsidered.

We're evaluating Microsoft. We're also looking into SAPs, and other options are being considered at the moment.

From what I've seen, it's a good product. We occasionally encounter some, inefficiencies in its performance. But not all of the time, because our country has a lot of internet problems. As a result, the synchronization side tends to disconnect from time to time. So whenever we get disconnected, it causes some problems. You have to have a good connection after all because it is a cloud service, you must have a good internet connection in order to connect to it. We believe it is one of the best on the market. I believe it is a good option for anyone to use. But, once again, there are other players in the mix, which is why we are always doing some benchmarking and continuing with trials for other solutions.

I would rate Microsoft Defender for Cloud Apps an eight out of ten.

The solution is primarily used for cloud visibility and getting a better understanding of what the data footprint is, including what kinds of files are exposed, and getting our heads around compliance. It's a component that adds DLP. Presently, there are two separate DLP policies between Microsoft's traditional DLP and the MCA DLP. 

The solution is bundled with E3 and E5 licenses. That's the reason it's most commonly deployed. It's part of the bundle. It's not a separate cost.

If your business requirements are relatively simple, it can get the job done. 

If you have more elaborate needs or if you have some more sophisticated use cases, for example, if you need an in-line component, or if you need to distinguish between sanctioned and unsanctioned applications, this solution doesn't cut it. You need to have some other solution.

Microsoft seems to want to mitigate that visible gap by deploying Microsoft DTP Defender for the in-line component. If you consume Microsoft, the more pieces you have, the better it is, although that's not necessarily true, technically speaking. They have limited deployment options. You have limited use cases for an endpoint with the firewalls port for IP tunnels for real-time traffic interception. You have to rule the endpoint. It's a less flexible deployment than the more mature players.

There are challenges with detection and there are challenges with false-positive rates.

They're improving it all the time. I haven't looked at it for six months or so, however, the last time I looked at it, they had to be configured in two different spots.

I've been dealing with the solution for a while, on and off. 

A lot of customers that we work with have the solution installed today and we see them running it by themselves as well.

The solution is stable. I haven't bumped any stability issues.

I haven't tested the scalability. I don't have any opinion on the scalability. It seems to me that it fits the customer's needs from a scalability perspective.

I don't work with technical support directly.

The solution is super easy to configure. All it requires is an admin for the various apps. Once it's authorized it can start the scans. Mainly, you need to be mindful of policies and what you're looking for. Tuning policies and making sure that your policies are set properly is important. It's very easy to do, especially the out-of-box stuff. 

You can buy it alone, however, it's not worth it. Nobody buys it alone as it's not that good as a standalone product. It's better as a part of the E3 and E5 suites. We don't sell it.

We're a Microsoft partner.

I'd rate the solution at a seven out of ten.

Mainly you want to just be clear on what your use cases are, and what you're trying to accomplish, as everything's use case driven. If you know what you need to accomplish from a security strategy standpoint, it's better. For example, it might be helpful for compliance or having an understanding of where sensitive data is. It might be part of a broader initiative around classification and data protection. Having those use cases written out first and going from there is better. Then, I suggest taking a measured approach as you go in. Implement it right. Test for or validate that the policies that you have in place are working as expected. However, you have to build out requirements for the policies.