Microsoft Defender for Cloud Reviews

XDR protects our endpoints, but our cloud applications lack this security measure. Microsoft Defender for Cloud provides some protection by monitoring SharePoint and our internal cloud applications for malicious activity.

Recently, there was a widespread cybersecurity incident where systems issued by companies were controlled by insider threats from North Korea and China. Defender for Cloud Apps helped us find associated applications and appropriately tag them.

The range of workloads covered by Defender for Cloud has been satisfactory. As a small organization with a limited number of workloads, the current offerings are sufficient. Our information security office consists of six or seven people, with an additional one or two individuals assisting with SecOps tasks. While the current setup is adequate, a larger organization would likely utilize the diverse workloads and permission sets available.

Defender for Cloud provides a prioritized list of security issue remediations. However, we often find that many items are false positives or not as critical as Defender assesses them to be. Therefore, we manually curate the list to better align with our security priorities.

Our Defender for Cloud platform is integrated with the majority of the Entra and Microsoft 365 suite, including hybrid cloud identity, Entra ID, Azure Virtual Desktop, and SharePoint.

Microsoft Defender for Cloud has significantly enhanced our overall security posture by approximately 20 to 25 percent. It extends beyond our XDR, encompassing all our cloud-based data within SharePoint, Entra, and similar services, thus providing comprehensive protection.

Protecting our hybrid and cloud environments is essential. While Defender is a valuable security solution offering solid benefits, it's not the only option available. Other solutions could effectively fulfill this role, making Defender important but not uniquely critical.

Microsoft Defender for Cloud can find potential phishing links and malicious code in data at rest. It tags cloud apps, allowing us to track them, unsanction or approve them, and maintain a list of what's being used. 

The user interface of Microsoft Defender for Cloud, like many Microsoft portals, undergoes frequent changes and feature relocation. This inconsistency frustrates government clients who receive updates later than other users.

My experience with Microsoft Defender for Cloud has been largely negative due to a poor user experience. Features often appear without adequate explanation or guidance, leaving me feeling lost and confused. The rapid pace of change outstrips even Microsoft's own support resources, making it difficult to stay informed. Consequently, I frequently resort to reverse-engineering features to understand their purpose and functionality. Microsoft, in general, could significantly improve its communication and support.

I have been using Microsoft Defender for Cloud for about one year.

We haven't experienced any stability issues. For a multi-headed solution stored in the cloud, I wouldn't expect any.

Defender won't replace our endpoint XDR, but it will likely adapt and support any growth in the Microsoft Cloud space.

Customer service and technical support have been good so far. They understand their product, but, much like us, they struggle with the finer details, especially with new features.

Positive

We hadn't explored alternative solutions because Defender for Cloud was already in place when we transitioned to the cloud. Its seamless interaction and integration with the Microsoft cloud stack, along with its out-of-the-box functionality and inherent presence, made it the default choice. Disabling it would require more effort than simply utilizing its capabilities.

CrowdStrike is implemented for cloud hygiene. It's not necessarily scanning data at rest.

Our implementation is guided primarily by Microsoft, without additional integrators or resellers.

Scanning cloud-stored content and data at rest is crucial. While solutions like CrowdStrike excel at process and behaviour analytics on endpoints and servers, they may not detect dormant threats. A malicious link within a PDF could remain undetected for years until activated, requiring reactive measures. In contrast, Defender proactively indexes and analyzes documents, identifying potential threats even when inactive, enhancing preventative security.

As a government client, we are licensed to use most of the Microsoft Defender stack. While we pay for any additional features, the pricing seems competitive, though I am not involved in the specific cost details.

I would rate Microsoft Defender for Cloud a seven out of ten. While it effectively fulfills its role, some UI issues detract from the overall experience.

We use Defender for Cloud for workloads that involve large amounts of data.

It's cost-effective to create custom logs in Defender for Cloud. 

Defender for Cloud provides a prioritized list of remediations for security issues, reducing risk and improving security operations.

There is room for improvement in terms of cost-effectiveness when enabling every single log, including custom logs.

I've been using Defender for Cloud for a year and a half.

I have no issues with the stability of Microsoft Defender for Cloud.

Scalability is great, and I would rate it a ten out of ten.

It's hard to reach someone who understands my problems. I haven't had many issues, so I haven't called them.

Positive

I used an unspecified different solution before adopting Microsoft Defender for Cloud.

The solution is really easy to enable.

I interacted with a Microsoft representative for implementation, and the process was straightforward.

The setup costs are low because it's easy to enable. However, I'm not clear on other pricing details.

I didn't evaluate other solutions extensively before choosing this.

I rate Defender for Cloud 10 out of 10.

At the moment, we work with Sophos, SentinelOne, or Microsoft Defender. Most of our customers have Microsoft infrastructure, and they are cloud-only customers with Microsoft business licensing. I primarily recommend Microsoft Defender for customers who already have Microsoft infrastructure.

The most valuable feature is the hunting feature, which integrates well into the entire Microsoft ecosystem. It allows customers to have all security settings in one panel, providing a unified admin site. This feature significantly aids in threat detection and enhances the user experience by streamlining security management.

The pricing could be improved, as it is somewhat high for smaller companies. Additionally, the artificial intelligence features could be expanded to allow the system to autonomously manage security issues without needing intervention from admins.

We have customers on Defender.

I have not had contact with Microsoft technical support at this moment.

Positive

At the moment, we work with Sophos, SentinelOne, or Microsoft Defender. We also work with SentinelOne and other security products integrated in our remote management tools.

The cost savings vary by customer, however, for those with 100 to 150 licenses, there are noticeable savings at a higher level.

Microsoft Defender for Cloud is considered competitive in pricing.

In addition to Microsoft Defender, we evaluate products like SentinelOne.

For smaller companies, the product is too expensive. I usually recommend SentinelOne, as it is included in our remote management tools. I rate Microsoft Defender for Cloud an eight out of ten.

We use Microsoft Defender for Cloud to secure our environments across the company. We have the full E5 suite, including Microsoft Defender for Identity and Endpoint. The solution integrates the total spectrum of Microsoft products. 

We are not a multi-cloud environment. We're entirely on Azure. It's not a hybrid environment. Defender only covers the cloud, and we have a different solution for our on-prem environment. 

Microsoft Defender for Cloud has made our environment more secure. We don't have to worry about it as much, and we've never had a breach, giving us a lot of peace of mind. We've improved our security posture because Defender extends the capabilities of a whole range of products, so we don't have any gaps.

Microsoft Defender for Cloud monitors our entire cloud environment. It enables conditional access and incorporates features like number matching and single sign-on for all our cloud apps. It is great for protecting against ransomware and various security threats.

The solution's native integration with our other Microsoft security solutions gives us security insights. It alerts us to potential breaches, old accounts, and nonhuman identities that we need to be aware of. 

It notifies us in time, and we don't have to worry about it. If something comes up, Defender immediately detects it. It lets us choose what we want to do and remedy the issue from the console, whether that's implementing a conditional access policy or an MFA.

We haven't experienced issues with Microsoft Defender for Cloud for our company size of about five hundred people. However, I've heard there might be issues with scalability for larger enterprises.

I joined the company about two and a half years ago, and Microsoft Defender for Cloud was already installed.

Microsoft Defender for Cloud seems stable from my point of view, so I hope it stays like that.

For our company size, Microsoft Defender for Cloud has been great, but there might be scalability issues as you scale up to large enterprises.

I rate Microsoft support seven out of 10. Customer support has been good. We have a portal to request support, and they typically solve our problems within a week. However, we often need to escalate to the second level, as the first level is mainly contractors without the full security insight. Once escalated, a higher-level technician usually resolves the issue.

Neutral

We have always had Microsoft Defender for Cloud since I've been at the company.

It's hard to quantify an ROI with security, but because we haven't had a breach or serious security incident, which would cost millions of dollars, we can consider it a return on investment

The pricing and licensing of Microsoft Defender for Cloud have been good for us. We appreciate the licensing approach based on employee count rather than a big enterprise license.

We haven't considered another solution. We're a Microsoft Partner of the Year. We're one hundred percent integrated with the Microsoft ecosystem. So we've never even looked to evaluate another solution because Microsoft has been great for us, and we have all our integrations tied up into it. It would be a huge workload to move to another solution.

I rate Microsoft Defender for Cloud eight or 10. While there are areas for improvement, it has been great for a company of our size.

We are a multi-service provider with various clients. We recommend Microsoft Defender for Cloud to clients who have an Azure environment. We advise them to turn Defender on to protect all Azure resources, such as IaaS servers and SQL servers and ensure our clients follow the best security recommendations.

Microsoft Defender for Cloud provides us with all security-based advantages. Getting visibility into our vast and rapidly changing cloud environment is challenging in day-to-day operations. This solution gives us a single pane of glass to view everything involved in security.

Defender for Cloud has improved our security posture by at least 100 percent. We did not have security before that. It's our primary way to protect our hybrid environment, so it's critical to us. It's also crucial to our coordinated detection and response across all our workloads, and we leverage Sentinel with Defender for Cloud.

The most valuable feature of Microsoft Defender for Cloud is its ability to assess an environment and give us a clear idea of what security components are lacking and which are not. 

We have integrated Defender for Cloud with our SOC through Sentinel. This obviously improves the solution by providing better visibility and extended capabilities, such as automated AI intervention. 

Although Microsoft Defender for Cloud is based on security, I wish it went beyond providing assessments, reports, and generic steps. More detailed procedures would be helpful, especially for lower-level support staff. 

I also want to customize our coverage more. We can select all the workloads in our subscriptions, and it expands to all of them, but I wish it would let us focus on specific workloads and have different levels of monitoring security or compliance. Even though I want to cover dev, my dev environment, it's still kind of costly if you cover all the ones in the spectrum.

We have used Defender for about a year and a half.

Microsoft Defender for Cloud is very stable. Being a SaaS product allows it to store any reports or logging effectively, making it a mature and stable product.

The scalability aspect offers us the ability to select all workloads in our subscriptions, but it could improve by allowing us to focus on specific workloads with different levels of monitoring and compliance.

I rate Microsoft support five out of 10. It gets better once you're escalated past the first and second levels.  It's difficult to get the necessary support when tickets are first opened. Since security is critical, we prefer a quicker response time.

Positive

We did not previously use a different solution, as we are an Azure shop and have always focused on Microsoft products, adding features to our security suite.

The initial setup was straightforward. We select the subscriptions and cover everything within them to ensure all aspects are protected.

As a Microsoft partner and reseller, we install and implement the solution ourselves.

We have seen a return on investment with Microsoft Defender for Cloud. We have caught vulnerabilities that would have been more expensive to address after a breach. Although we haven't had any severe incidents, identifying potential vulnerabilities has helped us avoid costly data losses.

The licensing is straightforward but can become expensive if you cover everything. You must balance the cost against the importance of what needs covering.

I would rate Microsoft Defender for Cloud eight out of 10. It's a mature product, and while the pricing can be elevated, and the support requires self-understanding to navigate, we still recommend it to our clients.

We use Microsoft Defender for Cloud primarily to scan storage buckets and ensure no sensitive data, such as PCI or PII data, is present. We also use it for general resources, including resource groups, storage accounts, and Azure Key Vault.

We don't use it for detection and response. It's more for scanning architecture and data to ensure we have the latest infrastructure configuration. I don't think we're using it for Entra ID. Another team does that. I'm more on the operation side. 

Defender works in tandem with Wiz, so we get insights and email alerts if something isn't compliant. For example, we get an alert if TLS 1.2 isn't enabled. It keeps track of what's compliant and what isn't. 

It alerts us to our vulnerabilities and ensures compliance by marking off a compliance tool checklist. We use Defender's free CSPM functionality, including the Microsoft Cloud Security Benchmark. It's not our primary policy compliance tool, but we get some excellent insights. 

Defender covers a wide range of workloads. It's suitable for key vaults for storage accounts and services. However, there are some gaps in terms of covering entire apps. 

Defender could provide more in-depth visibility into vulnerabilities and services. For instance, we wanted to scan Azure NetApp for sensitive data, but they didn't have that feature. It was only for storage accounts. I want Azure Defender features to cover all Azure resources rather than a few.

Defender for Cloud's prioritized list of remediation for security issues is pretty good but not as extensive as Wiz or other third-party tools. 

I have been using Microsoft Defender for Cloud for about two to three years.

Microsoft Defender for Cloud is stable and reliable as advertised.

It is scalable as it integrates seamlessly across services once activated. However, it needs more features across all resources.

I rate Microsoft support seven out of 10. Customer support is decent, but it varies depending on who you get. My main complaint is the you get bounced around a lot, and you have to explain the issue again to the next technician. When you finally get someone good, the service is excellent. 

Neutral

We use multiple solutions, but Wiz and Prisma are among the notable alternatives we've employed. Defender's advantage is that it's native to the cloud, but it's drawback is that the services are limited. While the services it provides are great, they stop at the Azure level. Wiz has wider coverage, but Defender supplements it. 

The initial setup was straightforward, but as we expanded and went through audits, it became more complex.

We did everything in-house without using any third-party assistance.

Our primary return on investment is that we avoid audits and penalties because we're highly regulated. If we're out of compliance, it costs us time and money to remedy the issue. Defender provides proactive, preventative controls. 

Pricing is satisfactory with no significant concerns.

I would rate Microsoft Defender for Cloud a six out of 10 due to its lack of necessary features to operate as a standalone solution.

We use Microsoft Defender for Cloud primarily as antivirus software. It covers a wide range of use cases, including scanning for threats and malware on servers and checking for alerts. It is integrated with our endpoints, allowing us to track everything in one seamless place.

Defender for Cloud has improved our security posture. We've trained on it, and it's becoming more helpful each time we use it. Viewing all the alerts in a single pane of glass is very handy.

Defender for Cloud is an improvement over Trend Micro, our previous solution. We like integrating our endpoints and visualizing everything in one place. It provides comprehensive coverage for endpoints, servers, and overall environmental security. 

Additionally, we appreciate its capacity to offer alerts and a prioritized list of mediations. It's integrated with our other solutions, including our DLP protections. That helps us protect our HIPAA and PII data. 

However, some Copilot features aren't available in the GCP environment. This is something we hope will be addressed in the future.

I have been using Microsoft Defender for Cloud for about three months since we moved to an E5 license that included this solution.

Defender's stability has been impressive. We have not faced real downtime, but we experienced some hiccups that lasted a few minutes.

Defender's scalability has been pretty good. We are not using many cloud resources for servers, but otherwise, it has been excellent for scalability.

I rate Microsoft support nine out of 10. There have been some issues here and there, but overall, the experience has been good.

Positive

We used various solutions before, including Trend Micro and GroupWise. We switched to Microsoft Defender for Cloud primarily due to cost efficiency. It was cheaper for us to make the switch than to continue with our previous solutions.

Setting up Defender was a bit of a challenge, but after that, everything went smoothly.

We used a company called Novakos for the migration. They provided all the services we needed and got everything set up effectively.

I am not able to comment on the return on investment, as I do not handle the financial aspects. However, I assume the organization is seeing positive results.

The decrease in costs from switching allowed the organization to allocate resources elsewhere.

I rate Defender for Cloud nine out of 10.

We primarily use Microsoft Defender for Cloud for cloud security posture management.

Defender for Cloud improves our overall cloud security posture by identifying risks and vulnerabilities. It gave me a perspective on whether we comply with the industry's best practices and benchmarks we are pursuing.

My favorite part of Microsoft Defender for Cloud is the compliance features. Defender covers a wide range of workloads, on par with competing products on the market. I can get information from other cloud platforms and use Defender across AWS, Azure, GCP, containers, servers, etc. One tool provides a view across your entire hybrid environment.

Microsoft Graph needs improvement.

I have been using Microsoft Defender for Cloud for around two years.

The stability of Microsoft Defender for Cloud is good since it sits in the Cloud, and we have not had any challenges regarding stability.

I rate Microsoft support seven out of 10. The documentation about what is covered in the basic support versus premium is unclear. 

Neutral

We use multiple products that perform similar functions in our environment, including Prisma and Wiz. We use Defender for Cloud as our native Azure tool in addition to other third-party tools.

The initial setup is relatively simple and straightforward.

No integrated reseller or custom team was used for the deployment.

We have seen a return on investment because a lot of these native tools provide better reporting, which our team can consume.

Defender's basic version is free, which is good. Many of our teams are evaluating the paid version against third-party products.

We didn't evaluate other solutions before switching as we have multiple products performing similar functionalities.

I rate Microsoft Defender for Cloud eight out of 10. Even though there are many third-party tools with more functionality, using native tools is beneficial, and we use them alongside third-party tools.