Microsoft Defender for Cloud Reviews

Mostly, it's related to the vulnerability management.

Earlier, we used to do the vulnerability assessment manually, scheduling it based on our timeline, maybe every six months or once a year. Now, it helps us a lot because we can get the vulnerabilities updated and get recommendations.

The MDVM part is very good. While we were doing the POC, Microsoft Defender was using Qualys for the vulnerability. Now, they have switched to their own MDVM, which is Microsoft Defender Vulnerability Management.

The vulnerabilities are duplicated many times. If it reports that the findings are around 30 or 40, or let's say, 100, it is not the exact number as it is possible that there are multiple findings which are duplicated in nature, and actually, the number is only 62 or 67. 

Another issue after Microsoft Defender upgraded and left Qualys is that whenever the load for the report data is too high, we cannot export the report in one go, so we have to do it in batches.

I have been using the solution for two years.

The quality of the MDVM feature, one of the keys which we are getting, is many times duplicated with the same IDs.

I have contacted Microsoft for the quality issue, and they are working with us.

Positive

I did work with something similar, however, not in the same organization. In my earlier organization, I was working with Check Point and Tenable.

The pricing is good. It is license-based, and we are not utilizing all of the features, like API and other functionalities, so the cost is not that high.

I would definitely recommend Microsoft Defender for Cloud, provided they make some improvements in the MDVM part.

I'd rate the solution eight out of ten. 

My role is more on the FinOps side. My customers use it.

In specific contexts like finance or healthcare area, there are regulations requiring compliance. At this stage, we need to be able to prove we have state-of-the-art endpoint protection and the ability to show that all these tools are up-to-date with the latest updates and identified threats. This is very useful for my customers to be able to prove compliance.

Mainly, the ability to identify threats using signatures, analyze threat behavior, and integrate with other cloud services, specifically Azure Log Analytics and other logging projects. These are the features I like. 

Customers generally find it satisfactory for their needs. Most organizations struggle with the ability to handle this type of product. Sometimes, it's a lack of knowledge or expertise on Microsoft Defender, which leads to issues with certain tasks. That can be a bit difficult to figure out.

Most customer teams need more training on this type of product.

Due to the lack of expertise or hands-on experience with the product, it's sometimes difficult to determine whether the issue lies with Microsoft Defender or another related project. In the cloud, everything is tightly connected, making it challenging to pinpoint which part is failing. So, the lack of a deep understanding of the product leads to some difficulties.

In future releases, I would like to see integration of artificial intelligence to ease the administrative burden would help a lot, especially when it comes to deploying the product to fit specific contexts, architectures, or infrastructures. That would fill the gap caused by the lack of expertise or knowledge.

There are some promises that Microsoft has made, but I'm not aware if they've been fully implemented.

I have been using it for three years. 

I worked with Cybereason and other standard antivirus programs, but nothing as full-fledged as Microsoft Defender.

Overall, I would rate the solution as eight out of ten.

My recommendation heavily depends on the context, the customer's IT landscape, the maturity of the team working there, and many other factors that need to be taken into account when selecting a product. 

Microsoft Defender by itself is a good choice, but ultimately, the best option depends on the specific context.

We use the solution as a VPN and for endpoint security. 

I've seen benefits since implementing Microsoft Defender for Cloud. It's easy to manage for our large organization as an endpoint security solution. It integrates well with Office 365 and Windows 11, which is better than before. Patching, updates, and threat protection are all handled together now. Its AI features help predict threats. 

We've automated some processes, like batch updating and vulnerability detection, using AI. Our dashboard tracks every machine's IP and identifies vulnerable software. Using AI, we can gather this information and provide it to users. We also use chatbots to provide solution steps.

Microsoft Defender for Cloud is not compatible with Linux machines. 

I have been working with the product for three to four years. 

I rate the tool's stability a ten out of ten.

I rate Microsoft Defender for Cloud's scalability as nine out of ten. My company has more than 300 users. In our environment, we're using it on over 130,000 machines.

The solution's deployment process is not complex and is completed in 20 minutes. 

The solution helps to reduce costs by 20 percent. 

The solution is expensive, and I rate it a five to six out of ten. 

I would recommend the solution to others and rate it a nine out of ten. 

I use the solution for threat hunting. We've installed it on a lot of devices. I look for specific version numbers or threats within the environment.

The product has given us more insight into potential avenues for attack paths.

I like that the solution shows me recent log-ins for certain servers and devices. It's pretty helpful to track down activities and identify or tie them to specific users.

The product must improve its UI. Looking at multiple devices for the same issue or vulnerability is very cumbersome.

The solution should provide built-in features related to trending and graphing over time. If it’s already present, we haven’t found it. It doesn't seem intuitive to find it quite as easily as some other tools with ready-to-go dashboards.

I have been using the solution for two years.

The tool’s stability seems to be pretty good. I'm sure Microsoft takes care of its backend structure since it is a cloud solution.

Scalability, in general, is fine. We can deploy it on as many devices as we want. However, getting meaningful results and data out of that is not easy, especially when some of the things you're looking for might be across your entire enterprise. For example, if we want to know whether a DLL version is installed on any device, trying to get that information by going one by one through the devices is ridiculously cumbersome.

We used LogRhythm for a little bit. We switched to Microsoft Defender for Cloud because we wanted to do a cloud homogenization. We wanted to bring things away from on-premise and into the cloud because we had cloud assets. It just made more sense to have a cloud solution to manage the tools instead of pulling back into our network and opening the tunnel paths to our on-premise LogRhythm server.

The solution is deployed on-premise as well as on the public cloud. Our cloud providers are Azure and AWS. We also have some GCP assets. We have around 20,000 total devices. They don’t always correspond to an end user. Of those, maybe 12,000 to 13,000 are enrolled in Microsoft Defender for Cloud.

Other devices we have are either outdated Linux or outdated Windows. We’re trying to migrate all the ones we can, and then some of them will be those narrow use-case devices where it wouldn't really make sense or be feasible for them to have a definitive cloud. They're limited processing power devices, like iPads and tablets.

The product certainly requires maintenance.

Just based on costs, I do not see an ROI. However, evaluating a return on investment for something that provides insight into risks and vulnerabilities is not my area of expertise. In my opinion, a lot of it can't be quantified.

We have the full E5 license. The tool is pretty expensive.

We evaluated Splunk. Splunk's really expensive. It would also have been an on-premise solution. We needed a cloud solution.

We use Microsoft Defender for Cloud to support Azure natively. The solution’s ability to protect hybrid and multi-cloud environments is pretty important for us. Just as much as anyone else.

The unified portal for managing and providing visibility across hybrid and multi-cloud environments could be better with some of the ways things are displayed. Overall, it’s all right.

We have had the solution since we started cloud. I cannot provide a comparison for it. I don't pay too much attention to Microsoft Secure Score. However, I’m sure the product has affected it. We use the product to track down vulnerabilities and missing patches. When those get passed, I'm sure that it changes the score.

We have integrated Microsoft 365 and Microsoft Defender for Cloud with Microsoft Sentinel. However, I don't deal with it specifically. The tool’s UI could be better. As it is right now, we can only view information from one device at a time. It is extremely limiting.

The solution is pretty good at keeping our multi-cloud infrastructure and cloud resources secure. We use AWS, and we also have some Windows devices in AWS. We have Microsoft Defender on those.

Microsoft Defender for Cloud has helped save some of our SOC time. The reporting features, being able to search multiple devices for a specific vulnerability or incident and tying it back, are very difficult to do in the UI. There's some scripting that can be done, but that doesn't make it easier for a lot of people.

We have set up alerts in the tool. That, combined with other industry scanners like Tenable Nessus, Invicti, and a couple of others that we utilize in our environment, sends updates and alerts to us so that we can quickly respond to issues. We were not measuring TTR. So, the effect on the overall TTR is negligible.

It is hard to quantify whether the product has saved us money. We haven't seen any attacks from ransomware gangs. Possibly, those are being prevented, and we don't get alerts for some of these attacks. It has not saved us money. It's expensive. However, it is not expensive compared to all our computers being locked up, and someone demanded two million dollars.

People evaluating the product must look at other options to determine what works best for their environment and organization. It may not necessarily be the best option, but it might be. It certainly works well in a wholly Microsoft Windows environment, especially with other Microsoft software as a primary. If they’re using OfficeSuite, like Microsoft Word and Microsoft Excel, it works well. If they have other things within their environment, they must do their homework and research to see if it works.

Overall, I rate the tool a seven out of ten.

I use Microsoft Defender for Cloud mainly for cybersecurity, threat prevention and detection, and implementing zero trust principles. It serves as an endpoint security tool for securing our cloud services.

The tool's most valuable feature is its support for cloud-native services like Kubernetes, containers, managed storage, and databases. Protecting these without Microsoft Defender for Cloud would be extremely challenging. For threat protection specifically, I find the signature-based detection and heuristic detection features very effective.

The compliance management features integrate well with Cloud Security Posture Management (CSPM), giving a full view of infrastructure compliance with regulations like HIPAA, PCI DSS, and ISO 27001.

For improvements, I'd like to see more use cases integrated with Microsoft Sentinel and support for multi-cloud environments beyond just Azure.

I have been working with the product for a year. 

Regarding the stability of Microsoft Defender for Cloud, I would rate it lower due to some issues. Sometimes, the portal is not easy to access as it's Internet-based. We face delays while accessing the portal, which can be challenging. This could be due to Internet latency or other issues. However, from the solution perspective, it is quite stable.

I rate the solution's scalability an eight out of ten. My company has 4000 users. 

The initial setup was somewhat challenging - I'd rate it a three out of ten in ease of setup. Understanding the solution and ensuring all use cases work with Microsoft Defender for Cloud was challenging, but once you get the hang of the cloud, it's straightforward to set up. It took about a month to deploy, with three to four people involved in the project phase. Now two people manage it.

The deployment process was quite simple, as we're using Microsoft Azure Cloud. It involved activating the subscription as part of the license.

Integration with our existing infrastructure was mostly smooth, with some resolved certificate signing challenges. Overall, it was quite smooth.

Regarding return on investment, Microsoft Defender for Cloud is fulfilling its purpose. There's always room for improvement, and Microsoft is working on it. They regularly introduce new features, and their business development team is active in engaging customers about new features and benefits.

We decided to go with Microsoft Defender for Cloud because of its ability to cover cloud applications. No other tool we've seen has such vast coverage for Azure Cloud applications. Also, since it's a Microsoft native tool, it's easier to implement in Azure cloud.

Overall, I would rate Microsoft Defender for Cloud eight out of ten.

My advice for other users using the tool is to first do a proper risk assessment around the cloud, develop use cases based on the protect-identify-detect-defend model, and then implement the solution accordingly.

We use Microsoft Defender for Cloud to manage our cloud security posture. We also use Container Protection, which provides additional security for our containerized workloads. This gives us the visibility we need to ensure that our cloud resources are secure.

We use Microsoft Defender for Cloud to natively support Azure Cloud.

Microsoft Defender for Cloud's ability to protect our hybrid environments is definitely critical because we are on the journey of transitioning from hybrid to the cloud. In order to do that, we need a platform that can help us through the transition.

The solution's unified portal is essential for managing and providing visibility across our hybrid and multi-cloud environments. Visibility is something that every security operation needs and it gives us leverage to improve our security posture. This is great.

The single pane of glass view is critical for our organization. This is because we previously used a different platform, so we are all familiar with its features and how to improve upon them. Our heavy investment in Microsoft products made Defender for Cloud a natural choice.

Our goal is to increase our secure score. As we take steps to mitigate risk, our secure score will increase, giving us the feeling that our cloud resources are secure.

Microsoft Defender for Cloud significantly improves security operations. Instead of having to look at multiple windows or portals, it provides a single pane of glass for the investigation and remediation of cloud resource risks.

Microsoft Defender for Cloud helps us proactively discover unknown threats and defend against known threats. It also helps us improve our security posture and defend our cloud resources. We do not normally have external Internet-facing resources, but when we do, Microsoft Defender for Cloud helps us meet compliance requirements.

DSPM is the most valuable feature. It integrates with standard frameworks, so we can easily see if there are any gaps in our compliance with NIST standards. This allows us to identify areas for improvement and ensure that we are meeting all applicable requirements.

I would like to have the ability to customize executive reporting.

I have been using Microsoft Defender for Cloud for five months.

In the short time we have been using Microsoft Defender for Cloud it has been stable.

Microsoft Defender for Cloud is scalable, and we have not yet needed to scale it up.

We previously used Prisma Cloud, but we switched to Microsoft Defender for Cloud due to internal business decisions. We have since merged with a company that also uses Microsoft Defender for Cloud. We want to leverage the licenses from the merged company and also cut costs in our security portfolio.

The implementation was completed in-house. The solution's maintenance is easy.

I give Microsoft Defender for Cloud an eight out of ten. We have not used all the modules yet.

The time to detection has remained relatively the same.

Our time to respond has remained the same because we previously used Prisma Cloud. Prisma Cloud is what we were using before, so we already have an established service level for handling incidents. We are remediating some of the configuration and cloud issues.

The primary users of the solution in our organization are the automation team and the software engineering team. We have also migrated some of our ERP systems to the solution.

I recommend Microsoft Defender for Cloud because it is a mature product that can meet most businesses' security requirements and budgets.

Our company policy is to onboard all the resources, which are supported by Microsoft Defender because it gives us a good amount of recommendations regarding security and vulnerability issues. We have a lot of new users that are not familiar with security protocols and the solution helps protect our systems. Some people don't have experience with security measures like enabling HTTPS, and FTPS security, setting up encryption on virtual machines, or they don't know how to set up private endpoints. For someone who is new, or doesn't have a lot of experience in this field, it is difficult to monitor everything. Microsoft Defender provides recommendations based on severity. High-severity recommendations are more important, while low-severity recommendations may not be as critical. Security reviewers can review all recommendations to make sure they are appropriate. Microsoft Defender is important for a whole variety of reasons, one of which is that it can help improve the security posture of our environment. This is important for organizations of all sizes but is particularly critical for businesses that are delivering services to customers.

Before Microsoft Defender our external team would give us updates on which ports are opening and which vulnerabilities are being attacked. Now with the recommendations of Microsoft Defender, we can find these vulnerabilities sooner and fix them. Before onboarding those respected resources into Microsoft Defender, we faced a few issues. Once we onboarded those resources, we received prompt recommendations that helped us make the organization's resources more secure. If resources are not secured, it can impact the reputation of the organization. The solution helped identify a lot of the issues, at a high priority that we could resolve.

Microsoft Defender helps any organization that needs to follow security baseline recommendations in order to improve its environment. Regarding threats, I recommend Microsoft Sentinel for detecting and hunting the threats. I can identify what exactly happened at that particular time or particular resource with the help of Microsoft Sentinel.

The solution has significantly reduced the overall time it takes us to detect issues. Most of the resources are scanned every 30 minutes, so it doesn't take much time for the solution to give us the respected recommendations.

Depending on the issue, Microsoft Defender for Cloud has helped reduce our overall time to respond. There are a few recommendations that we can fix immediately by just clicking using the UI. However, the overall time to respond to issues depends upon that respected recommendation list. There are a few things that we need to consider when it comes to the security settings of our virtual machines which can take a long time to identify and fix. 

Microsoft Defender has a lot of features including regulatory compliance and attaching workbooks but the most valuable is the recommendations it provides for each and every resource when we open Microsoft Defender.

The solution provides a security posture score, which indicates how well our environment is protected and what our rating is. It also displays the current percentage of our work that is protected. 

When there is a recommendation by Microsoft Defender that suggests using the Azure Logic App, the remediation step when a user takes action should be created automatically.

Microsoft can improve the pricing by offering a plan that is more cost-effective for small and medium organizations.

I have been using the solution for almost two years.

I give the stability of Microsoft Defender for Cloud an eight out of ten.

Microsoft Defender for Cloud is a tool that is designed to scan our resources regardless of the volume every 30 minutes.

We have the standard support plan. If we need any help, we just raise a support ticket.

Neutral

The initial setup is easy. To enable the solution, we simply need to access Microsoft Defender and enable the on button.

Currently, Microsoft offers only one plan at the enterprise level which is $15 per machine. This plan can be very costly for small and medium businesses and in some parts of the world, it is cheaper for an organization to hire a full-time security engineer instead.

I give the solution a seven out of ten.

Compared to Microsoft Defender, Microsoft Sentinel is a more mature solution. We can connect to Active Directory from Sentinel to identify risky users which is information that we can't get from Defender. If we could establish the connections to Azure Active Directory and Azure Active Threat Production plan, we could define our flow, which would be connected with the workspace. Microsoft Sentinel is more flexible and is ideal for more complex security scenarios.

The solution is applied for resources in the subscription. It does not differentiate the environment. If we select the app services, it will secure all the app services in all the environments. If it's not segregated as per the environment, it can create security issues. We have three different environments: production, QA, and dev and we can only deploy the resources in two regions, which are supported by the geo in India.

We have virtual machines that need to be patched. But the patching analysis isn't done by Defender. Our solutions provide patching recommendations that have to be completed manually.

The solution provides a security score based on the environment and gives recommendations for improving that score. For example, a manual server may require patches to strengthen security, and MS Defender for Cloud informs us. We can also run a vulnerability assessment in the background of work processes to detect server vulnerabilities. We primarily operate a hybrid cloud environment with some specific on-prem integrations.

One of our clients, operating in the electronics industry, has around 1,300 endpoints, 700 users on the Windows server, and 300 other devices. There are also 100-150 users on Unix servers.

We use multiple Microsoft security products, including Defender for Cloud, Sentinel, and Defender for Endpoint. The products are integrated, and there is nothing complicated about integrating them; we provide the APIs or the credentials, and they are automatically integrated.

The product helps us prioritize threats across the enterprise, which is essential when interacting with clients, as we can show them their high-risk vulnerabilities and tackle them first.

The solution helps automate routine tasks and the finding of high-value alerts. Additionally, following the resolution of an issue, we can set up a logic app to trigger an automatic system response if it happens again.

The integrated security suite saves us time, as multiple security solutions work together seamlessly in the cloud, allowing us to take actions that could take 24-48 hours to replicate using third-party products. 

Defender for Cloud reduced our time to detect and respond; if we are faced with an issue known to the threat intelligence database or that occurred before, we don't need to invest any time at all. The solution reduced our time to detect and respond by around 50%. 

Integration with Defender for Endpoint allows us to see the health of our endpoints in terms of workload protection, which is one of the benefits of these integrations.

Microsoft solutions working natively together to provide integrated protection and coordinated detection and response is essential from a business point of view. We don't have to manage multiple tools and services from different dashboards; we can monitor and manage everything from a single point. All the generated alerts from numerous services are ingested into one solution that a single team can monitor. That's one of the best parts of using the integrated Microsoft security suite.

The solution's robust security posture is the most valuable feature.

We have a lot of firewalls, and we can manage them in the solution through the firewall manager. We can set up an Azure firewall and centralize the management policy.

The solution provides excellent visibility into threats, and it's a cloud-based integrated solution, so we don't have to worry about any third-party products or services. Microsoft provides so many options, and that's great.

Defender for Cloud generates reports we can use as an assessment, as it allows us to see the services in our environment and our points of highest risk.

The solution's threat intelligence helps us prepare for threats before they hit and take proactive steps, which is very useful for analysis. 

The most significant areas for improvement are in the security of our identity and endpoints and the posture of the cloud environment. Better protection for our cloud users and cloud apps is always welcome.

Several features are already in the pipeline, including one called External Attack Surface Management, which will be welcome additions.

The solution's stability is impressive; it's very stable.

The scalability is excellent; if we grow or shrink in the future, the scalability is there to accommodate us. I rate the solution ten out of ten in this regard.

When we have a critical issue, customer service is very prompt, and we often get support rapidly. We also get good help in our production environment.

Positive

I previously used Symantec Endpoint Detection and Response and switched because of the benefits of having a cloud-native solution. Additionally, the market is moving towards Microsoft, including many of our customers, so it makes sense for us to go with this trend.

The initial setup consists of three steps for us; first, we conduct an assessment or discovery with a client to determine their requirements and develop an understanding of their environment. Second, we design and plan the deployment to fulfill the client's requirements. Third, we implement and conduct a POC, and if successful, we roll out the entire deployment. The complexity of the setup and the number of staff required depends on the size of the business.

An example of an organization with 500-1,000 staff is that the initial information gathering takes four weeks, the design and planning stage takes two weeks, and the implementation and POC take another two weeks. Therefore, the deployment can take between eight and 15 weeks for a two-person team.

In terms of maintenance, the solution requires monitoring and routine inspection of the details across the services.

I rate the solution nine out of ten. 

DevOps security features are in the preview phase, so we may utilize the solution for that in the future.

We use Microsoft Sentinel, enabling us to ingest data from our entire ecosystem. This data ingestion is important to our security operations because information on our critical applications and services provides us with activity, audit, and application logs. This logging capability means Sentinel allows us to investigate threats and respond holistically from one place. 

To a security colleague who says it's better to go with a best-of-breed strategy rather than a single vendor's security suite, I'd say there are benefits in going with a single vendor.