Microsoft Defender for Cloud Reviews

I am closely dealing with alerts related to cloud workloads. We are integrating the alerts that pop up for different services to analyze the gaps in our Azure landscape. We then assess what we need to close and what makes sense for our environment because not everything is applicable. It depends on our company's requirements as well. We plan the strategy for how to close those gaps. There are different mechanisms for how you deal with those security alerts.

We are using the Microsoft Azure Security Benchmark along with the CIS Benchmark. We rely quite heavily on these benchmarks, and I would rate the CSPM functionality a nine out of ten. Most recommendations are focused on generic security gaps, but overall, those recommendations are very good from the security aspect, irrespective of the industry.

It is pretty good in terms of the range of workloads covered. It covers most of the IaaS infrastructure that Azure offers and most of the PaaS services that we are using. I cannot recall any service that we are using for which Microsoft Defender for Cloud does not have recommendations.

We have integrated the alerts that we are getting from Microsoft Defender for Cloud with our on-premises Splunk solution. We capture those alerts. They are integrated via Microsoft Events Hub. It acts like a queue and pulls those alerts from Microsoft Defender for Cloud and then sends them to Splunk. This integration helps our global security team to figure out which alerts are critical. They can then reach out to the owner of an asset.

Microsoft Defender for Cloud helps in improving our overall security posture. We have a nice overview of what is missing where and what can be improved.

Without Microsoft Defender for Cloud, we will not have any visibility into our security posture. The way on-premises things work in our company is complex. We have ten different tools for ten different categories. We have one tool for vulnerability assessment and one for patch fixing. Microsoft Defender for Cloud is a single integrated tool. It gives me a holistic overview of my whole security posture.

XDR protects our endpoints, but our cloud applications lack this security measure. Microsoft Defender for Cloud provides some protection by monitoring SharePoint and our internal cloud applications for malicious activity.

Recently, there was a widespread cybersecurity incident where systems issued by companies were controlled by insider threats from North Korea and China. Defender for Cloud Apps helped us find associated applications and appropriately tag them.

The range of workloads covered by Defender for Cloud has been satisfactory. As a small organization with a limited number of workloads, the current offerings are sufficient. Our information security office consists of six or seven people, with an additional one or two individuals assisting with SecOps tasks. While the current setup is adequate, a larger organization would likely utilize the diverse workloads and permission sets available.

Defender for Cloud provides a prioritized list of security issue remediations. However, we often find that many items are false positives or not as critical as Defender assesses them to be. Therefore, we manually curate the list to better align with our security priorities.

Our Defender for Cloud platform is integrated with the majority of the Entra and Microsoft 365 suite, including hybrid cloud identity, Entra ID, Azure Virtual Desktop, and SharePoint.

Microsoft Defender for Cloud has significantly enhanced our overall security posture by approximately 20 to 25 percent. It extends beyond our XDR, encompassing all our cloud-based data within SharePoint, Entra, and similar services, thus providing comprehensive protection.

Protecting our hybrid and cloud environments is essential. While Defender is a valuable security solution offering solid benefits, it's not the only option available. Other solutions could effectively fulfill this role, making Defender important but not uniquely critical.

At the moment, we work with Sophos, SentinelOne, or Microsoft Defender. Most of our customers have Microsoft infrastructure, and they are cloud-only customers with Microsoft business licensing. I primarily recommend Microsoft Defender for customers who already have Microsoft infrastructure.

The most valuable feature is the hunting feature, which integrates well into the entire Microsoft ecosystem. It allows customers to have all security settings in one panel, providing a unified admin site. This feature significantly aids in threat detection and enhances the user experience by streamlining security management.

We use Microsoft Defender for Cloud to secure our environments across the company. We have the full E5 suite, including Microsoft Defender for Identity and Endpoint. The solution integrates the total spectrum of Microsoft products. 

We are not a multi-cloud environment. We're entirely on Azure. It's not a hybrid environment. Defender only covers the cloud, and we have a different solution for our on-prem environment. 

Microsoft Defender for Cloud has made our environment more secure. We don't have to worry about it as much, and we've never had a breach, giving us a lot of peace of mind. We've improved our security posture because Defender extends the capabilities of a whole range of products, so we don't have any gaps.

We are a multi-service provider with various clients. We recommend Microsoft Defender for Cloud to clients who have an Azure environment. We advise them to turn Defender on to protect all Azure resources, such as IaaS servers and SQL servers and ensure our clients follow the best security recommendations.

Microsoft Defender for Cloud provides us with all security-based advantages. Getting visibility into our vast and rapidly changing cloud environment is challenging in day-to-day operations. This solution gives us a single pane of glass to view everything involved in security.

Defender for Cloud has improved our security posture by at least 100 percent. We did not have security before that. It's our primary way to protect our hybrid environment, so it's critical to us. It's also crucial to our coordinated detection and response across all our workloads, and we leverage Sentinel with Defender for Cloud.

We use Microsoft Defender for Cloud primarily to scan storage buckets and ensure no sensitive data, such as PCI or PII data, is present. We also use it for general resources, including resource groups, storage accounts, and Azure Key Vault.

We don't use it for detection and response. It's more for scanning architecture and data to ensure we have the latest infrastructure configuration. I don't think we're using it for Entra ID. Another team does that. I'm more on the operation side. 

Defender works in tandem with Wiz, so we get insights and email alerts if something isn't compliant. For example, we get an alert if TLS 1.2 isn't enabled. It keeps track of what's compliant and what isn't. 

My use cases mainly involve protecting our security infrastructure and cloud infrastructure, addressing vulnerabilities, attacks, and that type of stuff for remediation.

The security concerns that we had prior to migrating to this solution were cyberattacks and the remediation of cyberattacks. Microsoft Defender for Cloud makes it easy to find out when we have a vulnerability. We get notified, and the recovery process is easy.

Microsoft Defender for Cloud has definitely helped us manage and secure our multi-cloud environment by providing ease of use. It is much easier to use compared to other cloud security software. It has benefited our organization by saving time, as time equals money. I usually get the report, and then we move on without spending days searching.