Microsoft Defender for Cloud Reviews

I use this solution in two different scenarios. The first is for the security and monitoring of Azure accounts. Another is for SIEM integration and the Azure Gateway WAF. Essentially, it's a one-stop solution where you can integrate all of the other Azure security products. This means that instead of maybe going to Firewall Manager, Azure Defender, or WAF, you can have all of them send statistics or logs to Azure Security Center, and you can do your analysis from there.

This product helps us with regulatory compliance.

With respect to improving our security posture, it helps us to understand where we are in terms of compliance. We can easily know when we are below the standard because of the scores it calculates.

It helps us with alerts. You're able to automatically channel these alerts to emails and get the team readily looking into the issue.

We don't need a distributed team looking at the various security solutions. Instead, they just look into Azure Security Center and then get everything from one place.

It also supports multiple cloud integration, where you can add other clouds like AWS and GCP. However, we don't use that feature. 

The most valuable feature is the help with regulatory compliance, as it gives us security scores and the CVE details.

Centralized management is another feature that is key for me.

This product has a lot of features but to get the best out of it, it requires a lot of insight into Azure itself. An example of this is customizing Azure Logic Apps to be able to send the right logs to Security Center.

The overview provides you with good information, but if you want more details, there is a lot more customization to do, which requires knowledge of the other supporting solutions. You can get the best out of it, but then you will also need to do a lot of work.

Improvements are needed with respect to how it integrates the subscriptions in various Azure accounts. You can have a lot of accounts, but you don't get detailed information. Specifically, it gives you overall score statistics, although it's not very intuitive, especially when you want to see information from individual subscriptions.

For example, if there are five subscriptions sending traffic to Azure Security Center, it gives you the summary of everything. If you want to narrow it down to one particular subscription and then get deep into the events, you really have to do some work. This is where they could improve.

In terms of narrowing things down, per account, it is not granular enough. In general, it gives you good summaries of what is happening everywhere, with consolidated views. You're able to get this information on your dashboard. But, if you wanted to narrow down per subscription, you don't want to have to jump into the subscriptions and then look at them one by one. Simply, we should be able to get more insights from within Azure Security Center. It's possible, but this is where it requires a lot more customization.

I have been using Azure Security Center for approximately two years.

In terms of stability and availability, Security Center is very good. It doesn't change. Because it's cloud-based, you don't actually have to manage infrastructure to get it up. If you are using the SIEM portion of it, it's what you are sending to it that will determine what you get out of it.

If you are using a hybrid solution from your own site then you have to make sure that your internet connection to the cloud is reliable. Your VPNs that are pushing data have to be stable, as well. Also, if you are using a third-party solution, you have to manage your keys well. But in terms of it being stable, I would say it's highly available and highly stable.

This solution is very scalable. You can integrate as many subscriptions as possible. They could be Azure subscriptions, AWS accounts, GCP, and other resources. Because it's cloud-based, I have not actually encountered any limits.

I know that with cloud providers when there are limits, you can request an increase, but in terms of how many, I have not seen any limitations so far. As such, I would say it's highly scalable.

We are using it a lot. For Azure, there are 20-plus subscriptions. We don't really use it for AWS accounts. Instead, we prefer to use AWS Security Hub on AWS, so we don't push AWS account data there. But for Azure, we used it for at least 20 subscriptions.

We have a distributed team. I have used it for the past two years in the company, and it's a huge organization. In the whole of the organization, Microsoft Azure is used as the main cloud. AWS was also used, but that was mostly for specific projects. In terms of the number of people using it, I estimate it is between 50 and 100.

Microsoft support is very good, although it may depend on the kind of support you have. We have enterprise-level support, so any time we needed assistance, there was a solution architect to work with us.

With the highest support level, we had sessions with Microsoft engineers and they were always ready to help. I don't know the other levels of support, but ours was quite good.

We began with the Security Center because it was for projects on Azure.

The initial setup is somewhat straightforward and of medium complexity. Especially when it comes to integrating subscriptions, I would not say that it's complex. At the same time, it is not as simple as just pressing the Next button several times. There are knowledge prerequisites before you can set it up fully and properly.

Setting this solution up was an ongoing project where we kept integrating subscription after subscription. If you know what you're doing, in a couple of days, or even a few minutes, you can get going.

If you need to build the knowledge as you go, it's something you could do in one day. You would integrate one subscription, and then start getting feedback. It's plug and play, in that sense.

The company has seen great returns on investment with this solution. In terms of security, you want to match the spending with how effective it is. Top management generally wants more reports. They want statistics and an analysis of what is happening. For example, reports need to say "We had this number of attempts on our systems."

As additional functionality, it's also able to support the business in terms of knowing and reporting the relevant statistics.

This solution is more cost-effective than some competing products. My understanding is that it is based on the number of integrations that you have, so if you have fewer subscriptions then you pay less for the service.

We did not evaluate anything else before choosing this product.

For example, we are now considering different products for SEIM integration. One of them is Palo Alto Prisma Cloud. However, the price is too expensive when compared to Azure. It is also a multi-cloud product, although, in the beginning, it didn't support AWS and GCP. It now has support for those cloud providers, as well as additional features that Azure doesn't have.

My advice for anybody who is implementing this product is to start building knowledge about it. Go to the Microsoft documentation and learn about it. As much as they show all of its great functionalities, you really need knowledge of other supporting resources that work with Azure Security Center, because it is just like a hub. It's what you push into it and how you customize it that determines what you get.

This means that if you don't have knowledge of Firewall Manager and you just want to use Security Center, it becomes a problem for you. This is something that you need to know. So, I advise people to get a holistic knowledge of all of the supporting resources that work with Azure Security Center to be able to maximize its value.

If you are looking to build on Azure then I would recommend the Security Center, mainly because of the cost and you will immediately get all of the functionality that you need.

The biggest lesson that I learned from using this product is that you don't get the best value right out of the box. You need further customization and configuration. The capabilities are there but if you don't have a dedicated security team with good technical know-how, such as scripting skills, or being able to work with the Logic App, or maybe the basic functionalities of security, then when you want more in-depth details into your subscriptions, it will become a problem.

I would rate this solution a seven out of ten.

We are working for a major client in the UK. So, we are moving all the products of clients from their on-premises environment to the cloud. One of the biggest challenges we face, “Once the infrastructure is created in the cloud, how can we make sure that the infrastructure is secure enough?” For that purpose, we are using Azure Security Center, which gives us all the security loopholes and vulnerabilities for our infrastructure. That has been helpful for us.

We use the Azure Security Center to scan the entire infrastructure from a security point of view. It gives us all the vulnerabilities, observations, etc. It reports most of the critical issues.

From an organization or security audit point of view, there are few tools available in the market. The output or score of Azure Security Center has really helped the organization from a business point of view by showing that we are secure enough with all our data, networks, or infrastructure in Azure. This helps the organization from a business point of view to promote the score, e.g., we are secure enough because this is our score in Azure Security Center.

We are using it from a security point of view. If there is a threat or vulnerability, the solution will immediately scan, report, or alert us to those issues.

We are using most of the good services in Azure:

• The load balancing options
• Firewall
• Application Gateway
• Azure AD. 

I value Azure Security Center the most from a security point of view. Everybody is concerned about moving data or infrastructure to the cloud. This solution proves that we are secure enough for that infrastructure, which is why I really value the Azure Security Center. We are secure in our infrastructure.

This is a platform as a service provided by Azure. We don't need to install or maintain Azure Security Center. It is a ready-made service available in Azure. This is one of the main things that we like. If you look at similar tools, we have to install, maintain, and update services. Whereas, Azure Security Center manages what we are using. This is a good feature that has helped us a lot.

From a business point of view, the only drawback is that Azure or Microsoft need to come up with flexible pricing/licensing. Then, I would rate it 10 out of 10.

We have been using it in production for the last three years. I have been part of the cloud migration team for Azure Cloud for the last two years.

We started using Azure Cloud from the initial version. Every week or month, there are updates in Azure. For the last three years, we have been using the latest version.

Whenever we increase the number of our resources, Azure Security Center easily copes with it. Since this is a ready-made service, it will automatically scale.

We are working with around 100 to 150 major clients in the UK. Each client has 200 to 500 users.

From an overall infrastructure point of view, we have a five member team.

We are getting adequate support and documentation from Microsoft. We are a Premium customer of Microsoft, so we are getting support in terms of documentation and manual support.

We were using this service from the onset.

This is a PaaS service. It is a ready-made service available in Azure Cloud. It is very easy to use and set up because you are using the platform. We don't want to maintain this service from our end. 

There are different models when it comes to the cloud:

• Infrastructure as a service
• Platform as a service
• Software as a service.

We are using sort of a hybrid, both infrastructure as a service and platform as a service. 

We are using our own team for the deployment.

We consume or subscribe to the service. Azure takes care of the maintenance and deployment, and we don't need to worry about it.

We are securing our customers' infrastructure using Azure Security Center. That internally helps their overall organization meet their goal/score on security.

So far, the feedback from the customer and our team have been really positive. We are very happy and getting return on investment from this product.

Its pricing is a little bit high in terms of Azure Security Center, but the good thing is that we don't need to maintain and deploy it. So, while the pricing is high, it is native to Azure which is why we prefer using this tool.

One of the main challenges that we have been facing with Azure Security Center is the cost. The costs are really a complex calculation, e.g., to calculate the monthly costs. Azure is calculating on an hourly basis for use of the resource. Because of this, we found it really complex to promote what will be our costs for the next couple of months. I think if Azure could reduce the complex calculation and come up with straightforward cost mapping that would be very useful from a product point of view.

Other than Azure Security Center, we did not find a single tool which could analyze all our infrastructure or resources in Azure Cloud.

We were mainly looking for products or tools native to Azure. The other tools that we evaluated were not native to Azure. Azure Security Center is natively attached to Azure. Because other tools were not natively supporting Azure, then we would have to maintain and deploy them separately.

So far, we have received very positive feedback from the team and customers. Because it is a single tool where we list all the problems or vulnerabilities, we are happy as a team. The customer is also happy.

End users are not interacting with Azure Security Center. This is a back-end service that evaluates security.

There are no other good tools in Azure, other than Azure Security Center, which will evaluate and alert you to security vulnerabilities and threats. So, if somebody is really concerned about the security of their infrastructure in Azure, I suggest you use Azure Security Center. The features that it provides from a security point of view are amazing.

I would rate the product as a seven or eight (out of 10) because it is really helping us to improve our security standards.

Typically, when we have a scenario where a client wants to migrate their resources to Azure, they might migrate their IaaS platforms, such as virtual machines; they might migrate their applications or their databases; they could also migrate into Kubernetes services. There are a variety of projects. I work for many types of customers where all these different scenarios are involved, including applications, app services, database as a service, IaaS by default, and Kubernetes.

With a project that I recently completed for one of our customers, the requirement was around their bidding application on-prem, utilizing different cognitive services and AI modules on Azure. They wanted to containerize this entire application with AKS, Azure Kubernetes Services. They did so, and Security Center was integrated with this entire AKS system. What Security Center provided us with was a solution for how we could better secure this entire environment. It provided some recommendations on pod security and how the pods do not need to communicate with each other. It recommended isolating these pods for better security, so that even if a certain user got access to a pod, or a certain threat was detected for one of the pods, we wouldn't have to worry about the entire system being compromised. By implementing the recommendation, if a pod is compromised, only that pod is affected and can be destroyed anytime by the AKS system.

Another recommendation was for enabling some edge layer WAF services, by leveraging a Microsoft out-of-the-box solution like Front Door. Security Center said, "Okay, now that the application is being accessed over the public internet, it is not as secure as it could be." An edge solution, like an application delivery controller such as a WAF or a CDN service was another option. It could be anything that sits at the edge and manages the traffic so that only authorized access is allowed within the network. Security Center recommended Front Door, or we could leverage other solutions like Cloudflare, or a vendor-specific solution like F5. We could then make sure that any Layer 7 security is handled at the edge and doesn't affect the application inside. SSL offloading is taken care of at the edge. Any region-specific blocking is also taken care of at the edge. If an application is only accessed in the U.S., we can block locations at scale with this solution. That is how Security Center provided us with some recommendations for better securing the environment.

Another way that Security Center can help is that it can benchmark the infrastructure in terms of compliance. Compliance-based infrastructure is one of the norms nowadays. If an application is health-based or it's a Fintech-based application, certain standards like HIPAA, NIST, or PCI need to be followed by default. Auditors or compliance teams used to run through a manual checklist to make sure that the environment was secure. But with Security Center, we can do it via an automated layer, introducing regulatory compliance policies. Security Center performs scanning of the entire environment, in regard to the policies, in real time. Using the example of the bidding system, it's a Fintech environment and, while having NIST is not mandatory, we could enable a benchmark run-through, to make sure the infrastructure is NIST-compliant.

With Security Center, we applied policies that align with these types of compliance. Security Center takes these policies and runs through the infrastructure to see what the gaps are and provides us with a report on what is compliant on the infrastructure and what is non-compliant. We can fix those non-compliant parts.

For any type of service, I would recommend the go-to solution for security on Azure is Security Center. The advantage is, firstly, is that it has seamless integration with any of the services I mentioned, on Azure, such as IaaS platforms, virtual machines, applications, or databases, because it's an in-house product from Microsoft within the Azure ecosystem. It has seamless integration with their Log Analytics workspaces, and it also provides some insights into what can be a better solution when it comes to securing their environment.

When it comes to improving the security posture, whenever we have a small project for a customer where they want to migrate their resources into Azure, once the resources are migrated, such as the ones I noted above, we go ahead and integrate Security Center in various ways. One of those ways is to use an agent that can be installed on virtual machines so that we can extensively monitor security alerts or threats that happen on the device. 

But for platforms as a service, we can't have an agent installed, so it integrates with the Log Analytics workspace. For any PaaS services, or a database as a service, or data lakes, we take their Log Analytics workspace and integrate it with Security Center. Once we have integrated it, Security Center discovers the resources, determines what the different configurations are, and provides us with some recommendations for the best practices that Microsoft suggests.

For example, if the Security Center agent is installed on a virtual machine and it scans the environment and identifies that the access to this VM is public and also doesn't have any MFA, it will recommend that blocking public access is one of the best practices to make sure that only safe access is allowed. Along with that, it can also provide us with some insights about enabling MFA solutions that can provide an additional security layer. Those are examples of things that Security Center can recommend for providing a more secure infrastructure

There is a slight gap between the real-time monitoring and real-time alerts. While Security Center has the ability to detect sophisticated attacks or understand potential threats, I feel that if the response time could be improved, that would be a good sign.

In addition, when it provides recommendations, those recommendations have a standard structure. But not all the recommendations work for a given environment. For example, if a customer is already using a third-party MFA solution, Microsoft doesn't understand that, because Microsoft looks into its own MFA and, if not, it will provide a recommendation like, "MFA is suggested as a way to improve." But there are already some great solutions out there like Okta or Duo, multi-factor authentication services. If a customer is already using Okta as an SSO in its entire environment, they will want to continue with it. But Security Center doesn't understand that and keeps making recommendations. It would help if it let us resolve a recommendation, even if it is not implemented.

Security Center provides what it calls secure score. This secure score is dependent on the recommendations. It tells you that if you resolve this recommendation, your secure score will be improved. In the case where a client is already using MFA, but the particular recommendation is not resolved, there is no improvement in the secure score. There is a huge mismatch in terms of recommendations and the alignment of secure score. MFA is just one small example, but there are many recommendations that depend on the client environment. There is room for improvement here and it would help a lot.

I'm a network and security architect for a Microsoft Gold partner. I have been extensively using Azure for five years and have been involved in multiple security and network projects. I have been using Security Center, specifically, for more than three years on Azure, applying recommendations and working on integrations with other services, etc.

The performance is pretty crisp. Because it is a platform service, we don't have to worry about the availability or response time. It's all managed via Microsoft. The performance is good for now, but it can be improved. It could be more real-time. There are many things that Security Center does in the background, so that may make the response time a bit slow. If we apply certain policies, it will run through the entire environment and give us a report after about 30 to 45 minutes. That layer could be improved.

This is a platform service and Microsoft has scalability under its control. It can scale to all of Azure.

As a Microsoft Gold partner, most of the time we work directly with the engineering team or with the Microsoft sales team. Because we are working day-in and day-out with Security Center, we are well aware of its issues, capabilities, features, and the depth of its tools. The basic, level-one or level-two support team just follow a standard. 

But there has been a huge improvement in terms of Microsoft support and they provide some really good support for Security Center.

The initial setup is very straightforward. There's nothing complex about it.

Implementation generally doesn't take a huge amount of time. Because Security Center is a service, the agents need to be installed on a virtual machine or servers. If it's an IaaS application or platform services, the log analytics need to be integrated. In an environment with about 30 or 50 servers, we could run the script and complete the onboarding of the servers into Security Center within a day, and the same is true for platform services.

But it's not just about onboarding it because Security Center also provides some recommendations, and we work on those.

I lead a team of four people who work specifically on Security Center. There are other sections of Azure Security that they work on, such as Azure Sentinel, Azure ADP, Microsoft 365 security and compliance for our portals. But for these four people, about 25 to 30 percent of their roles involves managing Security Center.

The return on investment is pretty great in terms of the feature set that Security Center provides. There are so many solutions out there that can do similar things, but at the same time, they do not have such seamless integration with other services on Azure. The return of investment is in the ease of management and the great visibility.

Pricing and licensing is a standard process. It's not as complicated as other Microsoft licensing solutions. Security Center charges $15 per resource for any workload that you onboard into it. They charge per VM or per data-base server or per application. It's not like Microsoft 365 licensing, where there are levels like E3 and E5. Security Center is pretty straightforward. With Security Center, there are no other fees in addition to the standard licensing fees.

We have other, third-party vendor solutions, but Security Center provides that seamless integration, along with some insights that other platform services do not. There aren't a lot of other vendors out there that can integrate with Azure platform services. It's the only solution that we recommend.

Other solutions include Qualys, Rapid7, Tenable, and Nessus. As system integrators, we generally recommend Security Center. But if a client has already made a huge investment in Tenable or Qualys, they will want to continue with that. If a client does switch, they will see the advantages of all the integrations and services that can all work together. They will have a single plane of control.

The seamless integration is one of the key benefits. It integrates well with the whole Azure ecosystem. A second advantage is not having to worry if Security Center will be able to scale. A third advantage is that it is an all-in-one service. You don't have to have multiple services for threat protection, for endpoint protection, for recommendations, and for compliance. This is one tool that can do a lot.

In terms of the cons of Security Center, there are a lot of things. Vulnerability management is available, but vulnerability assessment is not available within Security Center. That is a huge gap. As of now, Security Center relies on third-party tools in this area and we have to integrate it with them. There is also the lack of custom recommendations for the environment. That is a feature that would be helpful.

When it comes to endpoint solutions, Microsoft ATP is available, but some of our clients already have a solution such as CrowdStrike.

My advice is to go with Security Center. It's a really good tool and provides some good recommendations for the environment. Other tools can provide recommendations, but then we have to do them manually. Security Center does them automatically. That's one of the advantages that stands out compared to other tools. For anyone who asks, "Why Security Center?" I would tell them that if all their resources are being deployed, or all their applications are being hosted on Azure, this is the only solution, the best solution, out there.

I don't think there is much effect on end-user experience here, because whenever you talk about Security Center, the agents or tools are applicable to the underlying infrastructure rather than the end-user. For example, an application is hosted on a server or, for platform services, it's being integrated with these services. While a user is accessing these applications, Security Center just scans the data to understand what the incoming traffic is like. It provides intelligence reports such as where the traffic is coming from and what kind of data is being accessed for the end-user. Apart from that, it doesn't affect anything for the end-user.

The log analysis and threat prevention analysis are good.

Technical support is helpful.

We haven't really received any customer feedback yet. Once we have some, we'll be able to better discuss areas of improvement.

The solution needs to keep improving its log analysis and threat mechanisms.

The product was a bit complex to set up earlier, however, it is a bit streamlined now.

Basically, we are looking at unique specimens. Linux works best with ONELAB. With Linux, we have a lot of Metasploit, however, it is undetectable sometimes. We want to improve that particular aspect of the Defender.

We've been using the solution for the last four and a half years. 

While, right now, the solution, in terms of size, is fine, one year or two years down the line, we will need to scale up and we will need to check that particular scale-up process then. As of now, we haven't done so.

Technical support has been good.

Neutral

The initial setup was hard at first. It's gotten easier. It gets simpler with time. 

In terms of maintenance, we are in a hybrid culture. There are data center staff, as well as cloud-centric staff which defaults as per the client requirement. We as a service company, need to rigorously go through cloud solutions, even with the clients and their compliance. We have to honor that compliance.

We have a channel partner with Microsoft. They have consulted with some other third-party people from their end.

The solution has a license renewal on a yearly basis.

The licensing part is not my area of interest. It is a different team that looks after that.

We are channel partners for Microsoft. We are a gold partner and a channel partner.

We earlier were using the on-premises deployment. Then we moved to the cloud for the last two-and-a-half years. It's a hybrid cloud.

I'd advise new users that they can implement it, however, it is complex in nature. No doubt it is useful as per the log analysis and threat protection analysis. 

I would rate the solution a seven out of ten.

I primarily use the solution just for the networking of virtual machines.

It is very scalable.

The product has been very easy to use and simple set up. 

The maintenance and updating are part of the service, so that brings great value.

It's a stable product.

Technical support is helpful.

It's got a lot of great features. 

I can't speak to any features that are missing. I need time to get a little bit more into it before making any kinds of suggestions. 

They could always work to make the pricing a bit lower.

I've been using the solution for a few months. 

The stability is great. There are no bugs or glitches. It doesn't crash or freeze. It's reliable and the performance has been quite good in general.

Its ability to scale is impressive. It's one of the main selling points. If a company needs to expand it, it can do so. It's not a problem.

We have about 25 or so people using the solution. Some of them are new.

From my experience, technical support is good. They're quick to respond and knowledgeable. I haven't seen a need for improvement in any aspect of their support services. We are quite satisfied with them.

We did use other solutions, however, they were more for training or educational purposes. 

The setup is extremely straightforward and simple. It's not a complex or difficult process. You can get as involved as you want in it, or you can keep it simple.

The maintenance is also part of their service, which means we don't have to worry about it at all. They take care of everything. It doesn't require personnel watching over it. 

The pricing is mid to high. It's not the cheapest or least expensive option.

It's a good solution for, I'd say, small to medium business startups. It's also viable for enterprise solutions.

I'd rate the solution at a ten out of ten. We have been very happy with its capabilities. 

Security is at the forefront of everything that we have been doing, fundamentally. Both in my previous organization and the current one, Azure Security Center has given us a great overview of the current state of security, through the recommendations given by Microsoft. There are potential situations where risk exists because you're not compliant with a specific recommendation, or to specific regulatory compliance. Such guidance is critical for us.

We implement a wide range of solutions in our environment. We have solutions that are purely SaaS. We have some things that are just purely IaaS, and, of course, we have PaaS for services as well. So, we really have a wide range of deployments on all services as a service.

Overall, Azure Security Center has greatly improved our company's security posture. At a very quick glance, you can see where you are the most vulnerable. I'm greatly oversimplifying what the tool does, but at the very minimum, at a quick glance, even if you are not an expert, or even if you have just started using it, this tool will give you a basic idea of where the biggest problems are.

Security Center has not affected our end-user experience in a negative way. To my thinking, security is something that if your users don't experience it then it's great because there are no problems. Since I have been in this company, there have not been any security incidents. The only experience that the end-users have is the fact that there have not been any disruptions due to security issues. We have been monitoring what has been going on.

The most valuable feature is the recommendations. Azure Security Center is a product that can be useful in various grades and stages, depending on the state of maturity of both your application and your organization.

The alerts are also valuable, and they go hand-in-hand with the recommendations.

With respect to our security posture, there are at least two features that have been very useful. The first of these is the inventory section, where you can quickly see everything that you have. Especially in a larger organization where there have been mergers and acquisitions, it can be difficult to readily see everything that has been deployed. Using Security Center, you have a full view, at any given time, of what's deployed, and that is something that is very useful.

The security score has been very useful. This is another numeric metering system that basically tells you how well you have been doing.

Consistency is the area where the most improvement is needed. For example, there are some areas where the UI is not uniform across the board. You can create exemptions, but not everywhere are the exemptions the same. In some areas, we can do quick fixes, but that is not true across the board. So in general, consistency is the number one item that needs attention.

We have been using Azure Security Center for approximately three years.

With respect to stability, so far I have not encountered any specific issues with the way it behaves. I cannot say that it has performed badly in any way.

It's a really scalable product, fundamentally, the way Microsoft designed it. I don't think that scalability is an issue at all.

We have implemented this solution in environments that differ quite significantly in terms of scope and in range but, given the way that it works, within 24 hours it discovers everything in the environment, no matter what it is. 

We only used technical support once, and it was for an item that was behaving in a strange way. It ended up being a known issue, and they said that they were going to fix it. Overall, it was a very good interaction.

In both companies where I have used this solution, there was no other cloud-based tool that was handling security. It was done using traditional security products that basically examined the logs and raised alerts.

We switched because it gives us an expansive view of everything which is deployed. It is really unparalleled by anything else that you could potentially use. The moment you turn it on for a subscription, it will identify, almost immediately, every component that you have. From there, it will also identify what is at risk in that component.

The initial setup was pretty straightforward, although I came to this product from a network and security background. When I started working with a Security Center, it was not like a tool that I had never seen before.

Fundamentally, it takes 24 hours before you start to see everything accurately. From the moment you turn Security Center on for your subscription, within the 24-hour range, you have a full view of what's going on.

Our implementation strategy includes turning it on for every subscription that we have. Security is critical for us, so the cost, in this case, was not a factor. The benefit was definitely outpacing any potential financial cost. Once we turn the feature on for a subscription, we look at every recommendation that we see in the list. In cases where it is not compliant with our security policy, we fix the issue and have been doing that ever since we started using it.

My in-house team was responsible for the deployment, and this was true for both organizations where I have used it.

On average, three people can deploy it. There should be an architect and principal engineers.

Although I am outside of the discussion on budget and costing, I can say that the importance of security provided by this solution is of such importance that whatever the cost is, it is not a factor.

Microsoft does a good job with respect to the pricing model, so anything comparable will cost almost the same. I don't think that there is really an alternative.

We are perfectly satisfied with what this product gives us. So, there's really no reason to even look at anything else.

The first piece of advice that I would give somebody who's going to try to use Security Center is to try to understand their environment as much as possible, and then try to match their environment with the recommendation section of the tool and start remediating from there.

There are going to be recommendations in Security Center that will make sense if the team looking at the security infrastructure understands what is going on. If the team does not have a full understanding then it will be very difficult to know what to do, or how to remedy it.

The fact that I had to deal with many components, of which I don't know very much about, has been really great because it forced me to learn about their security. Typically, I don't have to deal with that. My learning has definitely increased, and of course, that's always good.

I would rate this solution a nine out of ten.

I am working in a security domain where Azure Security Center is playing a key role. We are primarily using Azure Security Center to secure our infrastructure. We are also able to use Azure Security Center for many other purposes.

In terms of deployment, we have a hybrid cloud. It is a combination of both on-prem and cloud. Azure Security Center is deployed on-prem, and then there are OMS agents that are provided by Microsoft that can be installed at any location, such as on-prem or on the cloud. These agents collect Windows and Linux logs from the machines on various clouds for Azure Security Center, which is something interesting for me.

It has improved our security posture a lot. The Azure Security Center provides a score that shows where is your organization at the moment in terms of security. After some time, you can see how much you have improved and where you can improve your score. We are getting this kind of advice from Azure Security Center.

It has definitely affected our end-user experience. With the help of this tool, we can investigate more security incidents in a very good manner. It has also enriched my career and improved me as a professional in terms of understanding various features and security incidents. 

Before implementing Azure Security Center, we had so many issues with our infrastructure in terms of security monitoring. With the implementation of Azure Security Center, we have resolved many issues. One of the issues that we have resolved is that we are now able to do security monitoring of the complete infrastructure. It not only supports cloud security monitoring; it also supports on-prem security monitoring. It has an OMS agent that can be installed on on-prem Windows servers, Linux, or other platforms for collecting logs. These agents can also be used on other cloud platforms, such as AWS, GCP, or Google Cloud. 

The security alerts and correlated alerts are most valuable. It correlates the logs and gives us correlated alerts, which can be fed into any security information and event management (SIEM) tool. It is an analyzed correlation tool for monitoring security. It gives us alerts when there is any kind of unauthorized access, or when there is any malfunctioning in multifactor authentication (MFA). If our Azure is connected with Azure Security Center, we get to know what types of authentication are happening in our infra. 

It has so many security monitoring features, such as compromised accounts. For example, if I'm working for abc.com company, and I'm using the same company email address for registering to another hotel or some other place where it gets hacked or something goes wrong, they will alert us. If my credentials are dumped somewhere on the dark web, they trigger an alert stating that you should go and reset your credentials. There are many more interesting alerts, and such features are pretty awesome in terms of security monitoring. In terms of security, it gives a very good overview of our estate. It also has many features from the cloud administration side.

Agent features need to be improved. They support agents through Azure Arc or Workbench. Sometimes, we are not able to get correct signals from the machines on which we have installed these agents. We are not able to see how many are currently reporting to Azure Security Center, and how many are currently not reporting. For example, we have 1,000 machines, and we have enrolled 1,000 OMS agents on these machines to collect the log. When I look at the status, even though at some places, it shows that it is connected, but when I actually go and check, I'm not getting any alerts from those. There are some discrepancies on the agent, and the agent features are not up to the mark.

Sometimes, we are getting backdated logs, and there could be more correlation.

So far, its stability is good. I don't see any issues with the stability part.

In terms of new features, we are able to scale up to our requirements. New features get added immediately. So far, I don't see any issues in our environment.

Our company is an MNC, and there are around 180,000 endpoints that we are protecting or monitoring with this solution. Currently, its adoption is around 70%. We cannot achieve 100% coverage because of some of the legacy products. There are legacy servers, and then there are some people who are working in customer environments where they are not utilizing our laptops. We still need to cover 20% more.

Their support during the implementation was awesome. They provided very good support. After the implementation, they scheduled weekly calls to check with us if everything is going well. They helped us with troubleshooting and more understanding. If there are any product improvements, they have been announcing them over the course.

I was not involved in its implementation, but it was a pretty straightforward process. 

There is a separate cloud team for implementation. We just review whatever they have implemented from the security perspective. We review whether they have implemented it correctly or whether we are getting correct alerts. 

Our admin team had one week of training, and they implemented it with the help of Microsoft. Our environment is a bit complex, but we did it.

We have absolutely got a return on the investment. Our company is a managed security service provider (MSSP). When we get more projects, we mention the products that we are currently using to secure our environment. We also do a proof of concept (PoC) or a demo about how we installed such products in our environment and how secure we are. There are so many security scoring systems, and they give the score. Our score is on the highest side, which is useful for providing a security service to our client or customer. We have implemented Azure Security Center at many places for our customers.

I am not involved in this area. However, I believe its price is okay because even small customers are using Azure Security Center. I don't think it is very expensive.

For cloud security posture, Azure Security Center is a good product. It is different from a Security Information and Event Management (SIEM) tool. We are also using a SIEM tool. Microsoft has a SIEM tool called Sentinel, and there are many SIEM tools out there in the market such as Splunk, QRadar, and ArcSight. Azure Security Center is not a replacement for Sentinel. It gives the complete posture of your cloud. It was started with the purpose of finding any anomalies and malfunctioning for Azure AD, which is related to login and logout of employees, but then they elaborated it a bit more.

I would rate Azure Security Center a nine out of 10.

We use Azure Security Center in our own company, and we have also deployed it for one of our clients. Our biggest use case is the enforcement of regulatory compliance on our cloud.

Security Center has helped us really well in terms of regulatory compliance enforcement on our cloud. We were able to deploy the inbuilt policies, and we were also able to build our own initiatives and policies. There were certain things that we wanted to check to see if our VMs were compliant. We also wanted to ensure that our storage and databases are compliant, and Security Center helped us in doing that.

This product has features that have helped us improve our security posture because we have a large estate of servers or VMs in Azure, and with Security Center, we were able to find out that a lot of our VMs were not compliant. This would have caused us a lot of trouble if there was an audit in the near future. The issues that it flagged for us gave us the opportunity to fix the problems, which was really helpful. Essentially, it was a preventative measure that allowed us to identify and rectify issues before they got out of hand.

One way that this solution has helped to improve our organization is that we have a better view of the entire security status, including how compliant our systems are and whether there are any open issues that need our attention. There are also reports that we generate periodically, so everyone is aware of the overall status of the environment.

When we started out, our secure score was pretty low. We adopted some of the recommendations that Security Center set out and we were able to make good progress on improving it. It had been in the low thirties and is now in the upper eighties.

Our overall security posture has been enhanced. A lot of the time, our cloud is accessed by people in the organization and they keep spinning up virtual machines, creating resources. Often, there are ports that open or there are certain security issues that are not handled. Because there are so many people and so many new resources coming up, it is difficult to track all of them. With the help from Security Center, we are able to see exactly what has come up.

If there are new issues that arise, which could happen if someone has not followed the proper protocol before bringing up a VM or another network resource, we can see this because we have a better local view of exactly what is there in the environment. So in that regard, we can say that it has helped us improve our security posture.

Using this product does not affect the end-user in any major way. Its usage is mostly relevant to the backend, and of interest to administrators.

The most valuable features are regulatory compliance and security alerts. The security score is very helpful, as well. Together, these let us know the state of each subscription and whether there are any actions that we need to take. This functionality is pretty helpful in audits.

We would like to have better transparency as to how the security score is calculated because as it is now, it is difficult to understand. We showed it to a couple of our clients, and they had trouble understanding it and an explanation or breakdown is not readily available. The score includes different weightage for certain controls. For example, if there is a "Control A" and it has a weight of 10 then it would affect the score more than "Control B", which has a weight of five. Being able to see the weights that are assigned to each control would be an improvement.

We have been using Azure Security Center for between eight and nine months.

This is a pretty stable solution and we haven't run into any issues as of yet.

I don't think there should be problems with scalability. It supports more than a hundred subscriptions, with multiple thousands of resources. I expect that we will be fine in that regard.

There are between 10 to 15 users that are currently using the security center. We have only two to three administrators and the rest of them have a highly localized role. Some of them are working on the policies, whereas others take care of compliance issues. They try to remedy issues and also try to improve our security score.

Our client has data centers that are divided into various regions and various business units. They are onboarding new business owners every couple of months, so it is in the process of expansion. They want all of their business units to be onboarded.

I have not had the chance to speak with technical support from Microsoft but from what I have heard from my colleagues, they are pretty responsive and give you good information with respect to fixing issues.

We had another tool, Morpheus, which was a multi-cloud manager. We did some work on it but because it wasn't native to Azure, we didn't go any further with it.

The initial setup is pretty straightforward. We just had to enable it for our subscriptions.

Deployment does not take a long time. The maximum is 24 hours if you have a lot of subscriptions but otherwise, it's pretty quick.

We have several subscriptions so we initially started by deploying some for testing. When we were sure that we knew how to go about it, we deployed the remaining ones.

We completed the deployment in-house and two people were required.

There are two other people in charge of maintenance.

The cost of the license is based on the subscriptions that you have.

As we were on Azure, we didn't look to other vendors for similar solutions.

We use between 80% and 90% of the functionality within the solution. We don't use workbooks as of now but otherwise, we use pretty much everything.

There are a few options that are included but not enabled out of the box. One example of this is Azure Defender.

Maintenance-wise, one thing that we do is keep up to date on policies and compliance. Microsoft provides a lot of out-of-the-box compliance initiatives, and sometimes they can go out of date and are replaced. We have to make sure that the new ones are correctly enabled and that the older ones are no longer active. Essentially, we want to disregard the old policies and ensure that the new ones are enforced.

The biggest lesson that I have learned is to keep an eye on your resource usage in Azure, because if it's a large environment with a lot of users then you might not know who opens the door to the outside. Using Security Center lets you keep track of what's going on in your environment.

I would rate this solution an eight out of ten.