Microsoft Defender for Cloud Reviews

The most valuable features of this solution are the vulnerability assessments and the glossary of compliance.

As an analyst, there is no way to configure or create a playbook to automate the process of flagging suspicious domains. Azure Defender does not have this capability and that is one of the features that is very crucial. 

When we receive an alert on suspicious domains, we have to do it manually. We go to VirusTotal, or AlienVault to confirm. It would be useful to have it done automatically.

I have been using Azure Defender for three months.

We are using the latest version.

It's a stable solution. We have not had any issues.

We have not paid for Azure technical support. We have not contacted technical support.

We have not worked with any other solution.

The initial setup was straightforward. It was easy, very easy.

Azure Defender is a bit pricey. The price could be lower.

We are also researching Darktrace. We wanted to see the capabilities that it offers. 

Azure Defender and Azure Resource Manager are all a part of Microsoft Azure. We use all of them.

This solution has the best security center, security manager dashboard that I have ever seen. I would recommend using this solution. It has everything in one place, and it's easy to configure and easy to deploy.

I would rate Azure Defender an eight out of ten.

We have been using Azure Security Center for one year. 

I don't know what the issue is but when we do the agent deployment, sometimes it works, and sometimes it fails and we need to go inside the virtual machine and manually install the agent. That's been a bug that we've experienced. 

There are 5000 users.

I do the maintenance. We have 35 engineers who use it. 

Their support is good.

The initial setup is not actually so complex but it feels complex because there are many add-ons. There are many options and my team needs to be aware of all of these changes happening on the backend which is a distraction. 

I would rate Security Center an eight out of ten. Not a ten because of the bugs that we have experienced and because of the cost. 

It's quite a good product. It helps to understand the infections and issues you are facing. 

It takes very little effort to integrate it. It also gives very good visibility into what exactly is happening.

From a compliance standpoint, they can include some more metrics and some specific compliances such as GDPR.

I have been using Azure Security Center for one and a half years.

We have seen a few big downtimes in Azure where Office 365 was disconnected. I do see challenges in terms of stability, not just for Azure Security Center but also for Azure.

Microsoft being a big provider, Azure Security Center is quite scalable. 

Microsoft's community support and technical support is very good. They are very quick in their response and very thorough. 

In my previous organization, I have used Palo Alto. It is a pretty cool vendor-agnostic tool.

The initial setup is straightforward. It takes a few hours.

We implemented it ourselves. We have ten members to deploy and manage it, and they all are admins. We use it monthly or weekly for reports, and we also monitor it for alerts.

We are using the latest version, and it is a part of Azure. We keep on updating to the latest version.

I would highly recommend this solution. I would rate Azure Security Center an eight out of ten.

The dashboard is very good. It gives our clients a lot of information and allows them to have a complete overview of the system. Everything is visible in one glance.

The solution is quite complex. A lot of the different policies that actually get applied don't pertain to every client. If you need to have something open for a client application to work, then you get dinged for having a port open or having an older version of TLS available. 

Even though the TLS is only allotted for a single application, single box, and everything else is completely up to date, it just gives us an inaccurate reporting of how secure the environment actually is.

The solution could use a bit more granularity.

I believe we've been using the solution for one and a half to two years at this point.

I haven't had any real problems with the solution's stability. I'm trying to think of any complaints that anybody may have had. It's always worked whenever we needed it to. I'd describe it as reliable.

The solution is actually easy to scale. You'd be surprised how many cloud solutions out there that aren't scalable. I don't even know why some are in the cloud. As far as this solution is concerned, I've taken it up to a higher medium-sized company. I've scaled as high as 4,500 users. I'm just not sure if it is infinitely scalable. I don't know if it would scale into the tens of thousands. 

In terms of increasing usage in the future, we'll use it as required. It all depends on the client for us. We're solely dependent on what they want and which solution they want to go with.

It's like with any vendor, it's hit and miss. Sometimes you get the new person, sometimes you get the person that's been there for five years. You have to go in asking exactly what you want and use probing questions, and if you work with them enough, you learn what the right answer is. However, you ask those same questions, anyway, upfront. It gives you a baseline at least of where their technical expertise is. Just because they're on the help desk doesn't mean that they know what they're doing.

We use Intune for a lot of the app security purposes with Office 365, and then once we actually get into the AD section, it's just that a lot of people are really getting Office Secure Scores right now.

I've had both complex and straightforward implementations. Some of them can be extremely complex. It's all just tailored to what the client wants. I have other setups where everything is very basic ad easy and all the client wants is some basic reporting and a few easy policies. 

If you utilize everything, then it might take a while for deployment, and also the implementation could be extended. It's all very client-specific.

We're an MSP, so we have massive teams all over the place and I couldn't accurately say how many people it takes to maintain the solution. I know that, generally, you have one project manager and then you would have the main admin who was setting up the portal, but then you have other security personnel that goes in there and does the work on the different sections. It takes a couple of people, but I couldn't give you a hard number as to how many people a typical setup would need for maintenance.

I don't have any idea what the cost of the solution is. That aspect of the product is handled by a separate department.

We're a Microsoft partner.

The solution works for us, however, a client has its own needs and requirements. It's not a one-size-fits-all solution.

I'd rate the solution seven out of ten.

The most valuable feature is that it's intuitive. It's very intuitive. The only problem that we're struggling with is that we have 21 different subscriptions we're trying to apply security to. It's impossible to keep everything organized.

We built our hierarchy incorrectly and we're struggling now with some of the features that are up there. Once we straighten our hierarchy out, we are going to applied policies, whether it's through Security Center or any other thing. It's going to be a lot easier once our hierarchy is fixed.

We need to apply things in a certain place and then we realize that we need to apply them to the subscription as well. And next thing we know we also need to apply it to another subscription, it's unmanageable. We're applying different policies across all our different subscriptions, which is fine, but at 21 subscriptions you can have over a dozen policies. We're trying to skinny that down to four or five policies. It's not a defect in a Security Center. It's a defect in how we built it.

We have been using Azure Security Center for two years. It's been a part of the service since we moved up to Azure.

The stability is great. 

I find documentation or any configuration in Azure, in their specific servers, very straightforward, and very intuitive. If you do not set it up correctly, it's difficult, it's like herding cats to get everything that you want.

I would say the biggest advice I'd give to anyone is to make sure that your hierarchy for your subscriptions is done correctly, single management. You can't have 10 different groups managing it. It's got to have a single structure of management and then the hierarchy needs to be set up correctly.

I would give it an eight out of ten. I think it's one of the best in breeds. I'm comparing it to AWS and some of the smaller ones out there, but I find it very intuitive. That's one thing I do like about their products, they're very intuitive. 

Not a perfect ten because we're not using it to its full capacity. 

Primary use case of this solution has changed depending on the company I've been working in. In my previous job they were using it as a CWPP, cloud workload protection. In my current job it's used for the same purpose but we also use it for monitoring security policies, to enforce new policies and audit them. We also use it to meet some of the compliance requirements as well. We're partners with Azure and I'm the cloud security design lead. 

I personally like the features of the daily recommendations because that's a major deal, and it hosts Microsoft products so it has visibility. If you are bringing in a third party to get a high level of visibility, then a lot of work is required to get that level of capability. This product gives a very good view of the entire security setup of your organization which can be used by the security and operation teams. It provides alerts to the security team on the one hand, and all the AI and ML based detections on the other. It's very beneficial for our security and assault teams. In addition, it provides recommendations for the operations teams who need to sustain a high level of security. It's an important capability. 

I'm quite active on the Azure product blogs. We're able to provide recommendations to Microsoft and they work together with Azure towards achieving them. One of the issues with the product is that it's not possible to write or edit any capability. For example, if there is a false positive detection on the security center, the only option I have is to flag it off. I can dismiss the alert, but there is no option to provide comments or reviews, so that somebody else looking into the portal can brief them. 

I'd like to see some additional features that would include an option for the security team to provide comments on the alerts and also to improve the recommendations. I would like to see them fine tuned. We're also getting a lot of false positive alerts and Azure can reduce that using the Microsoft AI and ML feature.

I've been using this solution for two and a half years. 

This is a very stable solution. 

We've never had issues with scalability. We have over 50 engineers using the solution.

Our company has subscribed to premium support from Microsoft so we can open premium tickets. The support team are always available and we haven't come across any issues in the past.

The initial setup is very straightforward. 

We don't have a say in pricing, it's up to the product vendor. When you compare with other CWPP or server cloud protection products, I believe the Center is well priced. The customer has flexibility to choose which modules they want to use. There is a free version and a paid version and the customer makes a choice based on the organization's security strategy. If you're going to use add-ons or anything more feature rich, then you'd have to pay extra, but the standard product is a fixed price.

If you're in the world of cloud and your company is using Azure as their primary cloud, I think Azure Security Center is a must-have feature, because it provides a bird's eye view of the entire security position of the organization. The solution is integrated and there is service from Microsoft. New features are being added regularly and I think it's a great solution. 

I would rate this solution an eight out of 10. 

The solution is used for risks, vulnerabilities, and compliance. The solution helps us with CPS 234 and CIS compliance. We know what is onboarded onto Microsoft Defender, and we can see the compliance around those and how much we are compliant.

The solution is not very effective at integrating with EDR and other integrations. Features like code scanning and pipeline scanning are not included in the solution. The correlation between all the findings is completely missing, and the product is not mature.

Microsoft Defender has other native tools; it is not under one umbrella. You want one umbrella to see everything for your entire cloud posture.

I have been using Microsoft Defender for Cloud for four years.

A couple of products, like Orca and Wiz, are leaders in the CSPM and CNAPP space. I'll rate them way above Microsoft Defender for Cloud. The world is currently moving from CSPM towards CNAPP. That is why we are evaluating other products like Wiz.

The solution is fine for the native resources and native tools. However, it is not that great at integrating with EDR and other integrations.

Overall, I rate the solution a five out of ten.