Microsoft Defender for Cloud Reviews

Our company policy is to onboard all the resources, which are supported by Microsoft Defender because it gives us a good amount of recommendations regarding security and vulnerability issues. We have a lot of new users that are not familiar with security protocols and the solution helps protect our systems. Some people don't have experience with security measures like enabling HTTPS, and FTPS security, setting up encryption on virtual machines, or they don't know how to set up private endpoints. For someone who is new, or doesn't have a lot of experience in this field, it is difficult to monitor everything. Microsoft Defender provides recommendations based on severity. High-severity recommendations are more important, while low-severity recommendations may not be as critical. Security reviewers can review all recommendations to make sure they are appropriate. Microsoft Defender is important for a whole variety of reasons, one of which is that it can help improve the security posture of our environment. This is important for organizations of all sizes but is particularly critical for businesses that are delivering services to customers.

Before Microsoft Defender our external team would give us updates on which ports are opening and which vulnerabilities are being attacked. Now with the recommendations of Microsoft Defender, we can find these vulnerabilities sooner and fix them. Before onboarding those respected resources into Microsoft Defender, we faced a few issues. Once we onboarded those resources, we received prompt recommendations that helped us make the organization's resources more secure. If resources are not secured, it can impact the reputation of the organization. The solution helped identify a lot of the issues, at a high priority that we could resolve.

Microsoft Defender helps any organization that needs to follow security baseline recommendations in order to improve its environment. Regarding threats, I recommend Microsoft Sentinel for detecting and hunting the threats. I can identify what exactly happened at that particular time or particular resource with the help of Microsoft Sentinel.

The solution has significantly reduced the overall time it takes us to detect issues. Most of the resources are scanned every 30 minutes, so it doesn't take much time for the solution to give us the respected recommendations.

Depending on the issue, Microsoft Defender for Cloud has helped reduce our overall time to respond. There are a few recommendations that we can fix immediately by just clicking using the UI. However, the overall time to respond to issues depends upon that respected recommendation list. There are a few things that we need to consider when it comes to the security settings of our virtual machines which can take a long time to identify and fix. 

Microsoft Defender has a lot of features including regulatory compliance and attaching workbooks but the most valuable is the recommendations it provides for each and every resource when we open Microsoft Defender.

The solution provides a security posture score, which indicates how well our environment is protected and what our rating is. It also displays the current percentage of our work that is protected. 

When there is a recommendation by Microsoft Defender that suggests using the Azure Logic App, the remediation step when a user takes action should be created automatically.

Microsoft can improve the pricing by offering a plan that is more cost-effective for small and medium organizations.

I have been using the solution for almost two years.

I give the stability of Microsoft Defender for Cloud an eight out of ten.

Microsoft Defender for Cloud is a tool that is designed to scan our resources regardless of the volume every 30 minutes.

We have the standard support plan. If we need any help, we just raise a support ticket.

Neutral

The initial setup is easy. To enable the solution, we simply need to access Microsoft Defender and enable the on button.

Currently, Microsoft offers only one plan at the enterprise level which is $15 per machine. This plan can be very costly for small and medium businesses and in some parts of the world, it is cheaper for an organization to hire a full-time security engineer instead.

I give the solution a seven out of ten.

Compared to Microsoft Defender, Microsoft Sentinel is a more mature solution. We can connect to Active Directory from Sentinel to identify risky users which is information that we can't get from Defender. If we could establish the connections to Azure Active Directory and Azure Active Threat Production plan, we could define our flow, which would be connected with the workspace. Microsoft Sentinel is more flexible and is ideal for more complex security scenarios.

The solution is applied for resources in the subscription. It does not differentiate the environment. If we select the app services, it will secure all the app services in all the environments. If it's not segregated as per the environment, it can create security issues. We have three different environments: production, QA, and dev and we can only deploy the resources in two regions, which are supported by the geo in India.

We have virtual machines that need to be patched. But the patching analysis isn't done by Defender. Our solutions provide patching recommendations that have to be completed manually.

We typically use Azure Defender for securing our infrastructure-based virtual machines and database solutions on the Azure subscription. We've integrated a couple of the Defender agents into our on-premise servers too.

Azure Defender has improved our overall security posture. In particular, Defender's exploit protection mechanism protects our servers from unseen threats like process memory attacks, hash theft, or any direct script-based attacks.

Defender is just one component because the organization also uses endpoint security solutions and firewalls. This product is not an endpoint solution. It usually operates at the server level, improving the posture of the Azure cloud environment. Our end-users never deal with Azure Defender. It's purely on the administrative level. The server administration team handles it, so the end-user has nothing to do with it.

Defender is a robust platform for dealing with many kinds of threats. We're protected from various threats, like viruses. Attacks can be easily minimized with this solution defending our infrastructure.

The entire Defender family requires a little bit of clarity. There is a lot of confusion in the market, especially on the end-user side but also on the consulting side. Microsoft has launched four or five Defender products, including Azure Defender, which Microsoft renamed Defender for Cloud. They also have Defender for Identity, Defender for Endpoints, and Defender ATP. It isn't very clear.

I would suggest building a single product that addresses endpoint server protection, attack surface, and everything else in one solution. That is the main disadvantage with the product. If we are incorporating some features, we end up in a situation where this solution is for the server, and that one is for the client, or this is for identity, and that is for our application. They're not bundling it. Commercially, we can charge for different licenses, but on the implementation side, it's tough to help our end-customer understand which product they're getting.

I've been using Defender for Cloud for more than a year.

It's hard for me to talk about the stability of Defender because, in my experience, "stability" is not a word that is relevant to security. A security product is either good or bad. It protects me, or it doesn't. There is no middle ground.

If we are talking about crashes or other issues, I don't see any problems, and the scalability is fine. We can protect storage, key vaults, SQL servers, etc. Defender can protect eight or nine Azure services, and it all works fine, but it would be great if all Azure services could come under the umbrella of Azure Defender. 

For example, we use Defender to protect our SQL databases, but not all of our databases are Microsoft. I have to search for another security solution for the same database vertical because it's not a Microsoft database.

I am a solution designer and architect, and I incorporated Defender for Cloud into three different projects. The smallest had more than 200 virtual machines and 20 database servers plus a couple of Kubernetes and container environments. The largest is around 600 virtual machines on-premises and on Azure, and around 10 web applications, a couple of key vaults and databases, and some storage.

I have contacted Microsoft support, but I haven't opened any tickets for Defender so far. Generally speaking, Microsoft Azure support is quite good. 

The time needed for the initial deployment phase depends on the requirements, but generally, the deployment is quite fast because it's a cloud-native tool. They have just upgraded the Azure Security Center to add Defender.

When talking about cost versus value, you have to consider Defender in the context of Microsoft's cloud solutions as a whole. It's a cloud-native tool, so why is Microsoft charging so much? 

The features are good, but Microsoft created Azure, and they provide monitoring and backup solutions. It's also Microsoft's responsibility to offer security solutions, so why do they charge so much? Why isn't it incorporated into the old security center products? It should typically come with the security center. 

Defender for Cloud is pretty costly for a single line. It's incredibly high to pay monthly for security per server. The cost is considerable for an enterprise with 500-plus virtual machines, and the monthly bill can spike. 

If we're just dealing with servers and Azure infrastructure, then Defender for Cloud is the way to go. But if we want to cover endpoints, emails, and other entry-exit points, then we need to think about another solution

Symantec and a few other tools have end-to-end solutions that protect everything in a single console. You can't do that with Defender for Cloud. Depending on the client's requirements, Defender might not be the best option because it might not cover all the use cases that a client needs.

It's good for clients who are mainly or entirely dependent on Azure resources. If a client's infrastructure is more than 70 percent Azure, it's a good product because it has native control by Microsoft only. In other cases, it's a challenge. The product is good if you're working entirely within a Microsoft, like Windows Server, Azure services, or Office 365 services, but you run into a problem the moment you start going into macOS, iOS, Android, Linux, etc. 

The agent installed there for Defender works differently. But on the flip side, a competitor's product never addresses the spatial bias on Windows. Every product line is the same. Their agents behave the same way on Linux, macOS, iOS, Android, and Windows. That is the fundamental difference I see.

I rate Defender for Cloud eight out of ten. I would recommend it depending on your use case. It's a single solution that can address mixed infrastructure that includes on-premises, AWS, GCP, or Azure. Defender can provide security for all four.

My client, a construction company, needed to replace their antivirus solution, including their Azure and on-prem services. They decided they wanted to use Defender for Cloud, so I started to implement it for them. The license for their antivirus software was about to expire, and they didn't want to spend much money. They opted for Defender for Cloud to replace Symantec. System Center (endpoint protection), Security Center and Advanced Threat Protection were all consolidated into one product called  Defender for Cloud. 

The company I worked for was divided into several teams. We had an Azure Infrastructure team and workplace teams providing local on-premise services. The client was the biggest construction company in the country, with multiple locations. 

The strong point of Defender, especially when using Azure Arc to bring in on-premises systems, is that it doesn't matter where these systems are. They're just resources in the portal. If you see them and can install agents on them, it's fine. It doesn't matter how it's distributed or where the locations are. 

I believe that Microsoft Defender for Cloud raised our client's Microsoft Security Score to around 79 percent. That includes other security components. It's not just antivirus. There are all sorts of things that contribute to the score, for instance, the use of public IP addresses on VMs.

Our clients also saw some financial benefits because they didn't need to renew the Symantec license, but the biggest benefit was the ability to install Defender on Azure and on-premises machines from a single point.

Defender lets you orchestrate the roll-out from a single pane. Using the Azure portal, you can roll it out over all the servers covered by the entire subscription. Having that unified portal was nice, but it was a challenge. We first implemented Azure Arc, which allowed us to incorporate our on-prem machines like they were actual Azure resources. The single-pane-of-glass management is highly practical. We are accustomed to managing systems across different portals or interfaces, so it's convenient to do it from one place. That's a bonus, although it's in no small part thanks to Azure Arc. Defender then takes all the services it finds in Azure Arc and it rolls them out seamlessly as long as they ause Server 2016 version or above.

It's a severe issue when you need to install Defender for Cloud on Microsoft operating systems older than 2016. Operating systems released after 2016 will seamlessly integrate with Defender with no problems. Older operating systems don't integrate smoothly. The 2012 operating systems will continue to be used for years. The 2008 systems will be phased out, so that won't be a problem for long, but you need some quick fixes to install on a 2012 OS.

The older the operating system, the more difficult it is to detect if the solution is working. That was a significant problem. It works fine on a newer OS. On the older ones, we had to do some tricks to determine if it was correctly deployed and working since the integration of Defender in the older OS is a lot less. Microsoft couldn't help us with that.

Another thing is that Defender for Cloud uses more resources than for instance, CrowdStrike, which my current company uses. Defender for Cloud has two or three processes running simultaneously that consume memory and processor time. I had the chance to compare that with CrowdStrike a few days ago, which was significantly less. It would be nice if Defender were a little lighter. It's a relatively large installation that consumes more resources than competitors do.

I have been implementing Microsoft Defender for a large construction company. We started the contract about three or four months ago. I was only responsible for the installation. We aren't the team that monitors or maintains the solution. That was not my task. We were just responsible for installing it and ensuring it worked on every machine.

Defender is relatively stable as far as I can tell. It works great except for the issues with older operating systems. In some cases, you may need to come up with a workaround. 

The solution is scalable if you activate the Defender plan for all servers and containers. When you deploy new ones, it automatically picks them up and installs the components. It's perfectly scalable in that sense.

I rate Microsoft support five out of ten. You can open up a support ticket and get into Microsoft's general support chain. You need to explain the issue, and they'll get back to you. Nine times out of ten, you will get someone new and need to explain the situation again. That doesn't help much. In the end, we had to fix it all ourselves.

We had a contact at Microsoft Amsterdam who was helpful. He was more of a sales contact. He told us the best approach and turned out to be correct.

Neutral

It wasn't my decision to go with Defender for Cloud.  That doesn't mean that I would've chosen anything else per se, but those decisions are made on the managerial level. 

Installing Defender was straightforward as long as you're dealing with a more current operating system. On a post-2016 operating system, it's only a few mouse clicks. That's the beauty of the cloud. It arranges everything for you. The on-premise solution usually works the same. It's seamless. You activate the plan, select for which resource types you want to enable Defender, (including on-prem machines using Azure Arc) then hit "go." All that changes on older operating systems.

We had to create a design, test it, and get approval from management. We first tried it on a 2019 operating system, which was a piece of cake, but we faced challenges deploying it on 2008 and 2012 systems. That's why it ultimately took us three weeks to complete the deployment. If you don't have any older operating systems, it's quite effortless. 

We had four people working on the implementation, including three technicians. I was the only one from our Azure team, and there was another person from the workplace team who had access to the on-premise servers. He could log in to run some scripts and see if everything worked. We also had a project manager and a person from the client's team to test as soon as we were ready. 

I rate Defender for Cloud eight out of ten. It uses more resources than competing solutions, but that's the only issue. If you plan to implement Defender for Cloud, I recommend considering the operating systems you use. 

If there are a lot of Server 2008 and 2012 VMs, it might not be the best solution. It is still possible, but it's harder to monitor and manage. It's tricky to check if everything works. These issues don't exist as long as you use the 2016 version or above. 

The solution provides a security score based on the environment and gives recommendations for improving that score. For example, a manual server may require patches to strengthen security, and MS Defender for Cloud informs us. We can also run a vulnerability assessment in the background of work processes to detect server vulnerabilities. We primarily operate a hybrid cloud environment with some specific on-prem integrations.

One of our clients, operating in the electronics industry, has around 1,300 endpoints, 700 users on the Windows server, and 300 other devices. There are also 100-150 users on Unix servers.

We use multiple Microsoft security products, including Defender for Cloud, Sentinel, and Defender for Endpoint. The products are integrated, and there is nothing complicated about integrating them; we provide the APIs or the credentials, and they are automatically integrated.

The product helps us prioritize threats across the enterprise, which is essential when interacting with clients, as we can show them their high-risk vulnerabilities and tackle them first.

The solution helps automate routine tasks and the finding of high-value alerts. Additionally, following the resolution of an issue, we can set up a logic app to trigger an automatic system response if it happens again.

The integrated security suite saves us time, as multiple security solutions work together seamlessly in the cloud, allowing us to take actions that could take 24-48 hours to replicate using third-party products. 

Defender for Cloud reduced our time to detect and respond; if we are faced with an issue known to the threat intelligence database or that occurred before, we don't need to invest any time at all. The solution reduced our time to detect and respond by around 50%. 

Integration with Defender for Endpoint allows us to see the health of our endpoints in terms of workload protection, which is one of the benefits of these integrations.

Microsoft solutions working natively together to provide integrated protection and coordinated detection and response is essential from a business point of view. We don't have to manage multiple tools and services from different dashboards; we can monitor and manage everything from a single point. All the generated alerts from numerous services are ingested into one solution that a single team can monitor. That's one of the best parts of using the integrated Microsoft security suite.

The solution's robust security posture is the most valuable feature.

We have a lot of firewalls, and we can manage them in the solution through the firewall manager. We can set up an Azure firewall and centralize the management policy.

The solution provides excellent visibility into threats, and it's a cloud-based integrated solution, so we don't have to worry about any third-party products or services. Microsoft provides so many options, and that's great.

Defender for Cloud generates reports we can use as an assessment, as it allows us to see the services in our environment and our points of highest risk.

The solution's threat intelligence helps us prepare for threats before they hit and take proactive steps, which is very useful for analysis. 

The most significant areas for improvement are in the security of our identity and endpoints and the posture of the cloud environment. Better protection for our cloud users and cloud apps is always welcome.

Several features are already in the pipeline, including one called External Attack Surface Management, which will be welcome additions.

The solution's stability is impressive; it's very stable.

The scalability is excellent; if we grow or shrink in the future, the scalability is there to accommodate us. I rate the solution ten out of ten in this regard.

When we have a critical issue, customer service is very prompt, and we often get support rapidly. We also get good help in our production environment.

Positive

I previously used Symantec Endpoint Detection and Response and switched because of the benefits of having a cloud-native solution. Additionally, the market is moving towards Microsoft, including many of our customers, so it makes sense for us to go with this trend.

The initial setup consists of three steps for us; first, we conduct an assessment or discovery with a client to determine their requirements and develop an understanding of their environment. Second, we design and plan the deployment to fulfill the client's requirements. Third, we implement and conduct a POC, and if successful, we roll out the entire deployment. The complexity of the setup and the number of staff required depends on the size of the business.

An example of an organization with 500-1,000 staff is that the initial information gathering takes four weeks, the design and planning stage takes two weeks, and the implementation and POC take another two weeks. Therefore, the deployment can take between eight and 15 weeks for a two-person team.

In terms of maintenance, the solution requires monitoring and routine inspection of the details across the services.

I rate the solution nine out of ten. 

DevOps security features are in the preview phase, so we may utilize the solution for that in the future.

We use Microsoft Sentinel, enabling us to ingest data from our entire ecosystem. This data ingestion is important to our security operations because information on our critical applications and services provides us with activity, audit, and application logs. This logging capability means Sentinel allows us to investigate threats and respond holistically from one place. 

To a security colleague who says it's better to go with a best-of-breed strategy rather than a single vendor's security suite, I'd say there are benefits in going with a single vendor.

Defender for Cloud is used for scenarios, including internal threats, threat hunting, in-depth analysis, and scanning the environment. We don't use Microsoft Defender for ATP or Sentinel for our security score, we have a third-party solution.

Defender helps us evaluate our security posture and make it more secure by providing a wider overview of endpoint security and anti-malware technology. We have greater visibility into all the activity happening within the infrastructure and better oversight.

It helps us catch threats that we wouldn't have noticed and also enables us to be more proactive. For example, we can run a script within the environment and provide better insights. Defender increased the efficiency of our SOC by around 65 to 80 percent.

At my previous company, the environment was 100% cloud, so having a cloud-native solution was critical. Also, in a cloud environment, you are exposed to many users with different user behavior patterns also, so it's good to have UEBA features that look at patterns in user behavior.

The unified portal provides a gap analysis of what's going on across the environment with users, and what they do across the environment every day. Having that single pane of glass is essential.

Defender is occasionally unreliable. It isn't 100% efficient in terms of antivirus detection, but it isn't an issue most of the time. It's also somewhat difficult to train new security analysts to use Defender.

I used Microsoft Defender for two years at my previous company.

Defender for Cloud is stable.

Defender for Cloud is scalable. It's easy to use and manage for large environments.

When I joined my last company, they were already using Defender. However, I've worked at several companies that use other solutions such as ESET, CrowdStrike, etc. I've previously worked with EDR and XDR solutions. 

I've done a couple of POCs for Microsoft Defender with the company, and the process is always the same. We don't deploy everything into live environments. It is deployed to a testing environment. After we test a couple of times, we undergo a complete training process. Finally, we organize and deploy it to a section of the company. We usually deploy one segment at a time, like finance, marketing, etc. 

If you have ATP Defender, you must set up a data lake. After deployment, there isn't much maintenance on our end besides managing the logs. You must create scripts for your use cases to inject into the solution. The deployment team typically consists of two people from security, two from infrastructure, and the service desk manager. 

I don't typically handle the licensing. I do POCs and product evaluations. However, I know that Defender for Cloud is packaged with other Microsoft solutions. Most people with Defender ATP also have the E5 or F5 license. It comes with the package, so you only need to activate and configure the solution.

I rate Microsoft Defender for Cloud a seven out of ten. Most of the time, it isn't the most advanced antivirus software on the market. It isn't a highly complex solution. It's something that a lot of analysts can use. Defender gives you a broad overview of what's happening in your environment, and it's a great solution if you're a Microsoft shop. 

Defender acts as a CSPM solution, a post-share management solution for cloud security. We use it to find weak spots in our cloud configuration and strengthen the overall security posture of our cloud environment. With this particular tool, we seek to protect workloads across various environments. We have about 3,000 endpoints and 100 users in the United States alone. 

Defender gave us more substantial visibility into our security, helping us increase our overall security posture and manage risks throughout the entire organization. It helps us make decisions about specific kinds of risks. If we see a glaring vulnerability, we can determine whether this is an acceptable risk or something that requires urgent action. The risk level determines our investment and budgeting, and the amount of work needed to remedy that. It provides a lot of valuable information for informing our comprehensive risk management strategy.

The solution does a pretty good job of finding previously unknown threats. It helps keep us aware of the kinds of threats that are out there and how we could potentially be impacted. Defender gives us a high level of information about unknown or zero-day threats. It's sometimes hard to gauge whether everything is there because the report is customized based on our infrastructure and what might be pertinent to us.

They've always notified us when there was a zero-day threat. I think there have been a few instances where they altered us about a new threat before it was publicized, which is a good sign that they value us as a customer. They've warned us about something before releasing it to the wider public.

Defender improved our SOC efficiency and saved us from having to add more personnel on the SOC side. It definitely improved that whole area, giving us the bandwidth to work on other things. Defender reduced our detection time because they are proactive about notifying us. I haven't seen too much of a time lag. There were a few instances, but it was never something critical where we had to call them out and ask if this was an issue or something. 

Time-to-response has also gone down. The sooner we get the notification, the quicker we can jump on something. It helped us respond to any potential breach or attack faster. 

It also saved us money because we don't need to deploy a second product to get some additional coverage. It also saved us from adding more security staff. Overall, it has had a positive financial impact on the company. 

The vulnerability reporting is helpful. When we initially deployed Defender, it reported many more threats than we currently see. It gave us insight into areas we had not previously considered, so we knew where we needed to act.

Defender's ability to protect multi-cloud environments is essential for us. Our company's offerings are based on tasks, and these cloud service providers are critical infrastructure for us. If anything bad happens, it compromises our services. We need to understand and improve our posture.

It also seamlessly integrates with Sentinel. It was fairly easy because we already leveraged Microsoft 365 earlier, so adding the Sentinel piece was pretty quick. It took a day to figure out and go ahead with the actual deployment. This integration with 365 and Sentinel provided timely intelligence over time. It becomes a problem if we don't get a threat notification in time. They are highly proactive about delivering that information in the initial alert and backing it up with more details as the situation develops.

Microsoft has a relatively sizeable threat-hunting group constantly digging up many things. That helps because it gives us confidence if we face some threats that not many other players are exploring. With this particular product, we're confident they'll let us know where we stand. 

Microsoft sources most of their threat intelligence internally, but I think they should open themselves up to bodies that provide feel intelligence to build a better engine. There may be threats out there that they don't report because their team is not doing anything on that and they don't have arrangements with another party that is involved in that research. 

Opening up to more collaboration with different entities in the private or public sector would help them feed more information to the customers and improve their security posture. More partnerships with other players who can feed them intelligence will help them develop the engine powering this product, ultimately benefiting every customer who uses it. 

I have been using Defender for Cloud for about a year and a half. 

We've had a positive experience overall with Defender's unified portal. We seldom see any bugs. Sometimes, there is a lag in the reporting and some inconsistencies with our searches, but it's rare. There were some periods when their service was not running properly.

While there hasn't been a significant outage, we've experienced some performance degradation where Microsoft notified us that they were having a problem. They informed us ahead of time when there are issues, but I've never had a complete outage thus far. 

Defender for Cloud is scalable, given the licensing model. The performance doesn't suffer under a heavy workload. Many organizations I know have a massive workload, and they're still leveraging Defender without any issues. I rate Defender an eight out of ten for scalability.

I rate Microsoft support an eight out of ten. Their support is great, so we have no complaints. They were responsive when we had issues.

Positive

We used SentinelOne only for endpoint threat detection. That's probably the closest competitor. We haven't used any other solutions besides that. 

Setting up Defender for Cloud was relatively straightforward. We worked with a person assigned from Microsoft, who gave us a walkthrough of the steps we needed to take.

Defender doesn't require much maintenance after deployment other than a few pieces of infrastructure we have internally. We need to monitor the solutions to check alerts and security advisories, but we've never had to deal with any maintenance.

We ended up using a reseller. They were good. I used them for other vendors, and we've had a productive relationship working on multiple initiatives. This one was nothing new. 

They have a free version, but the license for this one isn't too high. It's free to start with, and you're charged for using it beyond 30 days. Some other pieces of Defender are charged based on usage, so you will be charged more for a high volume of transactions. I believe Defender for Cloud is a daily charge based on Azure's App Service Pricing. 

It's a negligible cost if your usage isn't that high, like a few cents. It's appealing for people to try it. If you don't plan to use it much, you won't have a high bill.

Other options were considered, but it came down to the level of value we would get from a holistic vulnerability intelligence product like Defender for Cloud. Also, Microsoft products are pervasive, with a much broader customer base. That was a deciding factor. We saw much more potential from Defender compared to the alternatives. Even though the competition solutions may have functioned better in terms of providing more intelligence, other factors weighed in favor of Microsoft Defender.

I rate Microsoft Defender for Cloud an eight out of ten. I recommend doing a PoC. You shouldn't implement something after only reviewing the documentation and marketing materials. Put it through a PoC for a month at least to get a feel for how it functions and whether it satisfies your requirements. 

We use Microsoft Defender for Cloud security, including endpoint detection and response, and user monitoring. We utilize every feature and functionality that Defender provides.

The threat detection capabilities of Microsoft Defender for Cloud have positively impacted our overall security posture. We can sleep soundly at night knowing that it is causing the system.

The most valuable features are the monitoring of users, endpoint detection and response, and the adaptability of the AI threat intelligence engine, which quickly adapts to customizations.

The pricing could be better. Additionally, while Microsoft Defender for Cloud adapts well to customizations, it does generate a lot of false positives if the agent is not running. We would also appreciate portion management specifically for Microsoft 365.

We have been working with Microsoft Defender for Cloud for three years.

Most of the features are in preview, which sometimes causes issues, but overall, it works well.

Microsoft Defender for Cloud is highly scalable. We have not faced any challenges with scalability.

Microsoft's documentation is very comprehensive, resolving 95% of issues. Thus, we haven't had much need to engage their support team. The documentation is sufficient for resolving most issues.

Positive

We handled the installation in-house with a team of two engineers.

The solution is subscription-based, and while it is generally affordable, there are often hidden costs. The overall pricing could be more competitive.

I highly recommend the product due to its comprehensive features and easy management, especially if your stack is on Microsoft. I'd rate the solution eight out of ten.

I use it for managing our customers' server vulnerability assessments for regular and SQL servers. I also use it to get a security score for the resources of our customers that are on Azure, as well as security posture management. 

We also have regulatory benchmarks to audit our customers' resources that are on Azure to check whether they're meeting regulatory standards like ISO 27000.

It has enabled our organization to have an organized approach to, and quick visibility, or a bird's-eye view, of the current security portion. The way the portal organizes things has allowed us to focus on the specific vulnerabilities and security gaps that have to be fixed quickly. It gives us flexibility on what we should be checking on.

Defender for Cloud has helped us reduce or close some of the key security gaps of our main assets on the cloud. It has also helped us comply with some of the regulatory compliance standards, like CIS and ISO 27000 because of its main features. And it has also helped us in terms of threat detection and vulnerability management.

Another benefit is that it has really helped detect some of the Zero-day-model threats. We've also been able to utilize the automation features to investigate and remediate some of the threats that have been discovered. It has improved the time it takes to remediate threats, mainly because of automation. The logic apps that we've been able to set in either Sentinel or Defender for Cloud are the main components that have really improved that efficiency, and the time needed for remediating threats.

The time to respond is near real time, if the logic apps are in use, because it's just a matter of putting the playbooks into action. This is something that we've tested and found is quite effective for remediation.

The solution has also saved us money over going with a standalone solution where you purchase licenses for servers for a whole year. Now, we pay only for the servers in use. With the subscription-based model for servers, you're only paying per hour and only when the server is being utilized.

The main feature is the security posture assessment through the security score. I find that to be very helpful because it gives us guidance on what needs to be secured and recommendations on how to secure the workloads that have been onboarded.

Another component, although I can't say it's specific to Defender for Cloud, is that the onboarding process is easy. I find that helpful compared with the competitors' solutions. Onboarding the resources into Defender for Cloud is quite easy.

Also, we have integrated Microsoft 365 and Microsoft Defender for Cloud with Microsoft Sentinel and the integration is actually just a click of a button. It's very easy. You just click to connect the data sources and Microsoft Sentinel. Having them work together is an advantage. I like the fact that the main threat notification console has moved to Security Center so that we don't have to go into each of these solutions. It's beneficial having the three solutions working together in terms of the investigations that we have been doing with them.

The threat intelligence is quite good at detecting multi-level threats. If, for example, you integrate Defender for Endpoint and 365 and Defender for Identity, the threat intelligence is able to grab these two signals and provide good insights into, and a good, positive view of the threats.

The solution's portal is very easy to use, but there's one key component that is missing when it comes to managing policies. For example, if I've onboarded my server and I need to specify antivirus policies, there's no option to do that on the portal. I will have to go to Intune to deploy them. That is one main aspect that is missing and it's worrisome.

Defender for Cloud, as a solution, allows you to manage and protect servers from vulnerabilities without using Defender for Servers. I find it a bit weird, if you are to manage the antivirus for servers on the portal, that you can't deploy the antivirus policies on the same portal. For instance, if you want to exclude a particular folder from an antivirus scan or if you want to disable the antivirus from the portal, you'll not ideally do it on the portal. That's a huge part that is currently missing.

Also, some thought has to be put into the issue of false positives. We've been seeing false positives that are related to Sentinel through the integration. We have been giving them this feedback, but I don't know if that is something that Microsoft is working on.

The time for detection is one of the things that we were also supposed to raise with the Microsoft team. There is a slight delay in terms of detection. That "immediate" factor isn't there. There's a need to improve the time to detection. When malware has been detected by Defender for Endpoint, we find that it takes approximately one to two minutes before the signal reaches Defender for Cloud. If that could be reduced to near-real-time, that would be helpful. That's one of the key areas that should be improved because we've done some simulations on that.

I have been using Microsoft Defender for Cloud for three years.

It's quite stable. In my experience, there have been no issues with the stability.

Because we have Premium Support, the support is quite okay. We are able to get answers to most of the queries that we raise.

Positive

The initial setup is quite easy, especially if it's for non-servers. It's just a matter of enabling and disabling servers, using the Azure app.

And the solution doesn't require any maintenance on our side.

There are improvements that have to be made to the licensing. Currently, for servers, it has to be done by grouping the servers on a single subscription and that means that each server is subject to the same planning. We don't have an option whereby, if all those resources are in one subscription, we can have each of the individual servers subject to different planning.

There's no option for specifying that "Server A should be in Plan 1 and server B should be in Plan 2," because the servers are in the same subscription. That's something that can be fixed. 

Also, there needs to be a clear description by Microsoft for those customers who have Defender for Endpoint for Servers and Defender for Servers because now they don't know which subscription they should purchase.

I've used many solutions, but Defender for Cloud is in its own class. You can't compare it with third-party solutions because those solutions either have a third-party antivirus or they're not integrated in the same way as Defender for Cloud is. Because Defender for Cloud integrates multiple solutions within it, like Defender for Endpoint, other workloads, and the firewall manager, it stands on its own as a single solution that contains all these solutions.