Microsoft Defender for Cloud Reviews

We are using Defender for Cloud to check in on security and vulnerability management.

When we were switching from on-prem to the cloud, we did not have the vulnerability management tool to give us alerts on that. We were using Tenable Security Center on-prem. When we moved to the cloud, we needed a solution and chose Defender for Cloud. Now, when we do our vulnerability management meetings, we refer to Defender for Cloud recommendations. We can assign them to technicians or security personnel in case we need to change policies or make exceptions. It is set up to ensure only security personnel can dismiss a recommendation.

It lists the criticality that is the most insecure for our environment and the criticality score for it. This is helpful for us to know what we need to deal with first.

Defender for Cloud has improved our security posture. 

The most valuable features are the security recommendations provided by Defender for Cloud.

Tenable Security Center has a list of all of our vulnerabilities. I can sort it by vulnerability or by machine. Defender for Cloud does do that, but it is just not as clean and easy to get to. It sometimes gets too deep in the weeds, and I do not know how I got to that point. If they had an easier way to display all the vulnerabilities of the machines affected and remediation steps on one screen rather than having to dive deep into each of them, that would be a lot easier.

There can be an easier-to-read dashboard. It would be nice to be able to see the top ten vulnerabilities that we have specific to a system on the dashboard. We can view the security score currently, but a cleaner and simpler display would be good.

I have been using Defender for Cloud for three years.

It is pretty stable and feels solid.

We have struggled with Microsoft customer service quite a bit. While experts are a ten, the overall experience is not always positive and we have had to make a complaint. When we are able to get to a call with their experts, it is great, but it can take time to get to that level. We have had to raise a ticket for the same thing about three times.

Positive

We were using Tenable Security Center on-prem. We switched because we were moving to a Microsoft-centric cloud solution.

It was easy. The setup was handled by a technician who did not report any significant issues.

We did not use any third party for deployment.

We have seen a return on investment, but I cannot quantify it.

We did not evaluate other solutions because we were only looking for a Microsoft-centric solution.

I would rate Defender for Cloud an eight out of ten.

I am closely dealing with alerts related to cloud workloads. We are integrating the alerts that pop up for different services to analyze the gaps in our Azure landscape. We then assess what we need to close and what makes sense for our environment because not everything is applicable. It depends on our company's requirements as well. We plan the strategy for how to close those gaps. There are different mechanisms for how you deal with those security alerts.

We are using the Microsoft Azure Security Benchmark along with the CIS Benchmark. We rely quite heavily on these benchmarks, and I would rate the CSPM functionality a nine out of ten. Most recommendations are focused on generic security gaps, but overall, those recommendations are very good from the security aspect, irrespective of the industry.

It is pretty good in terms of the range of workloads covered. It covers most of the IaaS infrastructure that Azure offers and most of the PaaS services that we are using. I cannot recall any service that we are using for which Microsoft Defender for Cloud does not have recommendations.

We have integrated the alerts that we are getting from Microsoft Defender for Cloud with our on-premises Splunk solution. We capture those alerts. They are integrated via Microsoft Events Hub. It acts like a queue and pulls those alerts from Microsoft Defender for Cloud and then sends them to Splunk. This integration helps our global security team to figure out which alerts are critical. They can then reach out to the owner of an asset.

Microsoft Defender for Cloud helps in improving our overall security posture. We have a nice overview of what is missing where and what can be improved.

Without Microsoft Defender for Cloud, we will not have any visibility into our security posture. The way on-premises things work in our company is complex. We have ten different tools for ten different categories. We have one tool for vulnerability assessment and one for patch fixing. Microsoft Defender for Cloud is a single integrated tool. It gives me a holistic overview of my whole security posture.

The most valuable features are the different plans it offers and the visibility within them, such as the Defender for Servers plan includes capabilities for vulnerability findings on machines and configurations at the OS level. They have different plans for different things. We are utilizing all of them, and they are equally good. 

Currently, issues are structured in Microsoft Defender for Cloud at severity levels of high, critical, or warning, but these severity levels are not always right. For example, Microsoft might consider a port being open as critical, but that might not be the case for our company. Similarly, it might suggest closing some management ports, but you might need them to be able to log in, so the severity levels for certain things can be improved. Even though Microsoft Defender for Cloud provides a way to temporarily disable certain alerts or notifications without affecting our security score, it would be better to have more granularized control over these recommendations. Currently, we cannot even disable certain alerts or notifications.

There should be an automated mechanism to design Azure policies based on the recommendations, possibly with AI integration. Instead of an engineer having to write a policy to fix security gaps, which is very time-consuming, there should be an inbuilt capability to auto-remediate everything and have proper control in place.

Additionally, enabling Defender for Cloud at the resource group level, rather than only at the subscription level, would be beneficial.

I have been using Microsoft Defender for Cloud for five years.

Overall, stability is good. However, Microsoft sometimes changes settings or configurations without transparency. These changes, detected as drift by our infrastructure as a code tool, require unnecessary work. I suggest Microsoft maintain default settings as per the existing configurations during updates to save us from having to do unnecessary work.

Scalability is generally good, but it also depends on the customer's implementation. We are using infrastructure as a code, so we do not have any scalability issues with Microsoft Defender for Cloud implementation because our cloud automatically does it.

If a new subscription is created manually, the configuration is manual too. An automatic toggle for new subscriptions would ease scalable deployment.

From a scalable perspective, if your company has hundreds or thousands of subscriptions, there should be some toggle to automatically scan your new subscription and turn different plans on. This is something they can take into consideration.

Customer service and support from Microsoft are very poor. Even for high-severity cases, response or resolution time can extend to three or four weeks. Often, cases are transferred between teams with no resolution, resulting in a negative experience. We end up closing the case or resolving it on our own. I cannot recall any instance where they managed to quickly resolve any issue. 

I even suggested to my top management to give me one percent of what they are paying for Microsoft's enterprise-level support because I anyway end up resolving the issues on my own. Our case just gets transferred from one engineer to another. We have to explain the same thing from scratch. Nobody is checking case details. Nobody is handing over properly on Microsoft's side. The support experience is very bad.

Negative

I did not use any other solutions. Because we use Azure, we prefer to use Microsoft's native, built-in capabilities. That is why we have been using Microsoft Defender for Cloud from the beginning.

The initial setup was simple and straightforward. From a configuration perspective, it is not so complicated. It involves enabling the service at the subscription level, which requires turning on basic toggles.

My team implements these solutions. All new requirements pass through our team.

The pricing model for most plans is generally good, but the cost of the new Defender for Storage plan is high and should be revisited, as it could lead to disabling desirable security features due to cost.

They have introduced a new Defender for Storage plan which they are going to mandate for new workloads. They might already have done that, but it is very costly for users needing additional capabilities. The licensing cost is per storage account irrespective of whether it is enabled or not. Previously, the model for the same service was based on transactions. If you had one million transactions, you were charged according to that. If you had only 10,000, you were charged according to that. Making the new storage plan mandatory is not a good idea from a customer perspective. We did our analysis and compared the new storage plan with the old one. We found that the cost with the new plan is 3.5 times higher. Why would I opt for that as a customer? If it becomes mandatory, we might even disable the plan altogether. We will end up losing certain security alerts that we want to have because of the cost aspect. This new plan should not be enforced, and the customers should have the flexibility to decide.

Another thing is that Microsoft Defender for Cloud is always enabled at the subscription levels. When it is enabled at the subscription level, everybody is charged for it. In the future, there should be more granularity so that under the same subscription, different teams can put their resources. Whoever wants to utilize these capabilities can enable them in their resource group. This will help save costs. Teams will be happy because they will be able to utilize these tools as per their requirements. 

I would rate Microsoft Defender for Cloud an eight out of ten. The solution is quite good and addresses many security gaps. It is the starting point to improve the security of your Azure platform. You can introduce other solutions such as Microsoft Sentinel later. If you start with just Microsoft Defender for Cloud, about 75% of your security gaps will be addressed. After that, you can think of some advanced solutions.

In my experience of working with Azure, teams are not utilizing this solution to its fullest capability. It has so many plans and recommendations to offer, but most of the people do not understand it.

XDR protects our endpoints, but our cloud applications lack this security measure. Microsoft Defender for Cloud provides some protection by monitoring SharePoint and our internal cloud applications for malicious activity.

Recently, there was a widespread cybersecurity incident where systems issued by companies were controlled by insider threats from North Korea and China. Defender for Cloud Apps helped us find associated applications and appropriately tag them.

The range of workloads covered by Defender for Cloud has been satisfactory. As a small organization with a limited number of workloads, the current offerings are sufficient. Our information security office consists of six or seven people, with an additional one or two individuals assisting with SecOps tasks. While the current setup is adequate, a larger organization would likely utilize the diverse workloads and permission sets available.

Defender for Cloud provides a prioritized list of security issue remediations. However, we often find that many items are false positives or not as critical as Defender assesses them to be. Therefore, we manually curate the list to better align with our security priorities.

Our Defender for Cloud platform is integrated with the majority of the Entra and Microsoft 365 suite, including hybrid cloud identity, Entra ID, Azure Virtual Desktop, and SharePoint.

Microsoft Defender for Cloud has significantly enhanced our overall security posture by approximately 20 to 25 percent. It extends beyond our XDR, encompassing all our cloud-based data within SharePoint, Entra, and similar services, thus providing comprehensive protection.

Protecting our hybrid and cloud environments is essential. While Defender is a valuable security solution offering solid benefits, it's not the only option available. Other solutions could effectively fulfill this role, making Defender important but not uniquely critical.

Microsoft Defender for Cloud can find potential phishing links and malicious code in data at rest. It tags cloud apps, allowing us to track them, unsanction or approve them, and maintain a list of what's being used. 

The user interface of Microsoft Defender for Cloud, like many Microsoft portals, undergoes frequent changes and feature relocation. This inconsistency frustrates government clients who receive updates later than other users.

My experience with Microsoft Defender for Cloud has been largely negative due to a poor user experience. Features often appear without adequate explanation or guidance, leaving me feeling lost and confused. The rapid pace of change outstrips even Microsoft's own support resources, making it difficult to stay informed. Consequently, I frequently resort to reverse-engineering features to understand their purpose and functionality. Microsoft, in general, could significantly improve its communication and support.

I have been using Microsoft Defender for Cloud for about one year.

We haven't experienced any stability issues. For a multi-headed solution stored in the cloud, I wouldn't expect any.

Defender won't replace our endpoint XDR, but it will likely adapt and support any growth in the Microsoft Cloud space.

Customer service and technical support have been good so far. They understand their product, but, much like us, they struggle with the finer details, especially with new features.

Positive

We hadn't explored alternative solutions because Defender for Cloud was already in place when we transitioned to the cloud. Its seamless interaction and integration with the Microsoft cloud stack, along with its out-of-the-box functionality and inherent presence, made it the default choice. Disabling it would require more effort than simply utilizing its capabilities.

CrowdStrike is implemented for cloud hygiene. It's not necessarily scanning data at rest.

Our implementation is guided primarily by Microsoft, without additional integrators or resellers.

Scanning cloud-stored content and data at rest is crucial. While solutions like CrowdStrike excel at process and behaviour analytics on endpoints and servers, they may not detect dormant threats. A malicious link within a PDF could remain undetected for years until activated, requiring reactive measures. In contrast, Defender proactively indexes and analyzes documents, identifying potential threats even when inactive, enhancing preventative security.

As a government client, we are licensed to use most of the Microsoft Defender stack. While we pay for any additional features, the pricing seems competitive, though I am not involved in the specific cost details.

I would rate Microsoft Defender for Cloud a seven out of ten. While it effectively fulfills its role, some UI issues detract from the overall experience.

We use Defender for Cloud for workloads that involve large amounts of data.

It's cost-effective to create custom logs in Defender for Cloud. 

Defender for Cloud provides a prioritized list of remediations for security issues, reducing risk and improving security operations.

There is room for improvement in terms of cost-effectiveness when enabling every single log, including custom logs.

I've been using Defender for Cloud for a year and a half.

I have no issues with the stability of Microsoft Defender for Cloud.

Scalability is great, and I would rate it a ten out of ten.

It's hard to reach someone who understands my problems. I haven't had many issues, so I haven't called them.

Positive

I used an unspecified different solution before adopting Microsoft Defender for Cloud.

The solution is really easy to enable.

I interacted with a Microsoft representative for implementation, and the process was straightforward.

The setup costs are low because it's easy to enable. However, I'm not clear on other pricing details.

I didn't evaluate other solutions extensively before choosing this.

I rate Defender for Cloud 10 out of 10.

At the moment, we work with Sophos, SentinelOne, or Microsoft Defender. Most of our customers have Microsoft infrastructure, and they are cloud-only customers with Microsoft business licensing. I primarily recommend Microsoft Defender for customers who already have Microsoft infrastructure.

The most valuable feature is the hunting feature, which integrates well into the entire Microsoft ecosystem. It allows customers to have all security settings in one panel, providing a unified admin site. This feature significantly aids in threat detection and enhances the user experience by streamlining security management.

The pricing could be improved, as it is somewhat high for smaller companies. Additionally, the artificial intelligence features could be expanded to allow the system to autonomously manage security issues without needing intervention from admins.

We have customers on Defender.

I have not had contact with Microsoft technical support at this moment.

Positive

At the moment, we work with Sophos, SentinelOne, or Microsoft Defender. We also work with SentinelOne and other security products integrated in our remote management tools.

The cost savings vary by customer, however, for those with 100 to 150 licenses, there are noticeable savings at a higher level.

Microsoft Defender for Cloud is considered competitive in pricing.

In addition to Microsoft Defender, we evaluate products like SentinelOne.

For smaller companies, the product is too expensive. I usually recommend SentinelOne, as it is included in our remote management tools. I rate Microsoft Defender for Cloud an eight out of ten.

We use Microsoft Defender for Cloud to secure our environments across the company. We have the full E5 suite, including Microsoft Defender for Identity and Endpoint. The solution integrates the total spectrum of Microsoft products. 

We are not a multi-cloud environment. We're entirely on Azure. It's not a hybrid environment. Defender only covers the cloud, and we have a different solution for our on-prem environment. 

Microsoft Defender for Cloud has made our environment more secure. We don't have to worry about it as much, and we've never had a breach, giving us a lot of peace of mind. We've improved our security posture because Defender extends the capabilities of a whole range of products, so we don't have any gaps.

Microsoft Defender for Cloud monitors our entire cloud environment. It enables conditional access and incorporates features like number matching and single sign-on for all our cloud apps. It is great for protecting against ransomware and various security threats.

The solution's native integration with our other Microsoft security solutions gives us security insights. It alerts us to potential breaches, old accounts, and nonhuman identities that we need to be aware of. 

It notifies us in time, and we don't have to worry about it. If something comes up, Defender immediately detects it. It lets us choose what we want to do and remedy the issue from the console, whether that's implementing a conditional access policy or an MFA.

We haven't experienced issues with Microsoft Defender for Cloud for our company size of about five hundred people. However, I've heard there might be issues with scalability for larger enterprises.

I joined the company about two and a half years ago, and Microsoft Defender for Cloud was already installed.

Microsoft Defender for Cloud seems stable from my point of view, so I hope it stays like that.

For our company size, Microsoft Defender for Cloud has been great, but there might be scalability issues as you scale up to large enterprises.

I rate Microsoft support seven out of 10. Customer support has been good. We have a portal to request support, and they typically solve our problems within a week. However, we often need to escalate to the second level, as the first level is mainly contractors without the full security insight. Once escalated, a higher-level technician usually resolves the issue.

Neutral

We have always had Microsoft Defender for Cloud since I've been at the company.

It's hard to quantify an ROI with security, but because we haven't had a breach or serious security incident, which would cost millions of dollars, we can consider it a return on investment

The pricing and licensing of Microsoft Defender for Cloud have been good for us. We appreciate the licensing approach based on employee count rather than a big enterprise license.

We haven't considered another solution. We're a Microsoft Partner of the Year. We're one hundred percent integrated with the Microsoft ecosystem. So we've never even looked to evaluate another solution because Microsoft has been great for us, and we have all our integrations tied up into it. It would be a huge workload to move to another solution.

I rate Microsoft Defender for Cloud eight or 10. While there are areas for improvement, it has been great for a company of our size.

We are a multi-service provider with various clients. We recommend Microsoft Defender for Cloud to clients who have an Azure environment. We advise them to turn Defender on to protect all Azure resources, such as IaaS servers and SQL servers and ensure our clients follow the best security recommendations.

Microsoft Defender for Cloud provides us with all security-based advantages. Getting visibility into our vast and rapidly changing cloud environment is challenging in day-to-day operations. This solution gives us a single pane of glass to view everything involved in security.

Defender for Cloud has improved our security posture by at least 100 percent. We did not have security before that. It's our primary way to protect our hybrid environment, so it's critical to us. It's also crucial to our coordinated detection and response across all our workloads, and we leverage Sentinel with Defender for Cloud.

The most valuable feature of Microsoft Defender for Cloud is its ability to assess an environment and give us a clear idea of what security components are lacking and which are not. 

We have integrated Defender for Cloud with our SOC through Sentinel. This obviously improves the solution by providing better visibility and extended capabilities, such as automated AI intervention. 

Although Microsoft Defender for Cloud is based on security, I wish it went beyond providing assessments, reports, and generic steps. More detailed procedures would be helpful, especially for lower-level support staff. 

I also want to customize our coverage more. We can select all the workloads in our subscriptions, and it expands to all of them, but I wish it would let us focus on specific workloads and have different levels of monitoring security or compliance. Even though I want to cover dev, my dev environment, it's still kind of costly if you cover all the ones in the spectrum.

We have used Defender for about a year and a half.

Microsoft Defender for Cloud is very stable. Being a SaaS product allows it to store any reports or logging effectively, making it a mature and stable product.

The scalability aspect offers us the ability to select all workloads in our subscriptions, but it could improve by allowing us to focus on specific workloads with different levels of monitoring and compliance.

I rate Microsoft support five out of 10. It gets better once you're escalated past the first and second levels.  It's difficult to get the necessary support when tickets are first opened. Since security is critical, we prefer a quicker response time.

Positive

We did not previously use a different solution, as we are an Azure shop and have always focused on Microsoft products, adding features to our security suite.

The initial setup was straightforward. We select the subscriptions and cover everything within them to ensure all aspects are protected.

As a Microsoft partner and reseller, we install and implement the solution ourselves.

We have seen a return on investment with Microsoft Defender for Cloud. We have caught vulnerabilities that would have been more expensive to address after a breach. Although we haven't had any severe incidents, identifying potential vulnerabilities has helped us avoid costly data losses.

The licensing is straightforward but can become expensive if you cover everything. You must balance the cost against the importance of what needs covering.

I would rate Microsoft Defender for Cloud eight out of 10. It's a mature product, and while the pricing can be elevated, and the support requires self-understanding to navigate, we still recommend it to our clients.

We use Microsoft Defender for Cloud primarily to scan storage buckets and ensure no sensitive data, such as PCI or PII data, is present. We also use it for general resources, including resource groups, storage accounts, and Azure Key Vault.

We don't use it for detection and response. It's more for scanning architecture and data to ensure we have the latest infrastructure configuration. I don't think we're using it for Entra ID. Another team does that. I'm more on the operation side. 

Defender works in tandem with Wiz, so we get insights and email alerts if something isn't compliant. For example, we get an alert if TLS 1.2 isn't enabled. It keeps track of what's compliant and what isn't. 

It alerts us to our vulnerabilities and ensures compliance by marking off a compliance tool checklist. We use Defender's free CSPM functionality, including the Microsoft Cloud Security Benchmark. It's not our primary policy compliance tool, but we get some excellent insights. 

Defender covers a wide range of workloads. It's suitable for key vaults for storage accounts and services. However, there are some gaps in terms of covering entire apps. 

Defender could provide more in-depth visibility into vulnerabilities and services. For instance, we wanted to scan Azure NetApp for sensitive data, but they didn't have that feature. It was only for storage accounts. I want Azure Defender features to cover all Azure resources rather than a few.

Defender for Cloud's prioritized list of remediation for security issues is pretty good but not as extensive as Wiz or other third-party tools. 

I have been using Microsoft Defender for Cloud for about two to three years.

Microsoft Defender for Cloud is stable and reliable as advertised.

It is scalable as it integrates seamlessly across services once activated. However, it needs more features across all resources.

I rate Microsoft support seven out of 10. Customer support is decent, but it varies depending on who you get. My main complaint is the you get bounced around a lot, and you have to explain the issue again to the next technician. When you finally get someone good, the service is excellent. 

Neutral

We use multiple solutions, but Wiz and Prisma are among the notable alternatives we've employed. Defender's advantage is that it's native to the cloud, but it's drawback is that the services are limited. While the services it provides are great, they stop at the Azure level. Wiz has wider coverage, but Defender supplements it. 

The initial setup was straightforward, but as we expanded and went through audits, it became more complex.

We did everything in-house without using any third-party assistance.

Our primary return on investment is that we avoid audits and penalties because we're highly regulated. If we're out of compliance, it costs us time and money to remedy the issue. Defender provides proactive, preventative controls. 

Pricing is satisfactory with no significant concerns.

I would rate Microsoft Defender for Cloud a six out of 10 due to its lack of necessary features to operate as a standalone solution.