Try our new research platform with insights from 80,000+ expert users

Cortex XDR by Palo Alto Networks vs Microsoft Defender for Cloud comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 20, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.7
Cortex XDR enhances threat prevention, compliance, and cost efficiency, providing rapid ROI and improved security and user satisfaction.
Sentiment score
7.2
Microsoft Defender for Cloud enhances security, reduces costs, and boosts productivity with proactive threat detection and seamless integration.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
I have seen a return on investment with Cortex XDR by Palo Alto Networks, as this product is offered at a minimal cost, and we can find a good ROI from it.
Defender proactively indexes and analyzes documents, identifying potential threats even when inactive, enhancing preventative security.
Identifying potential vulnerabilities has helped us avoid costly data losses.
The biggest return on investment is the rapid improvement of security posture.
 

Customer Service

Sentiment score
6.6
Palo Alto Networks' customer service receives mixed reviews due to language barriers, response times, and inconsistent technical support quality.
Sentiment score
6.6
Microsoft Defender for Cloud support is praised for expertise but criticized for delays, inconsistent service, and ticket handling issues.
Every vendor has similar support; it depends on how the case is handled and raised.
Their support is efficient and responsive whenever I raise a ticket through my portal.
I would rate technical support from Palo Alto on a scale from one to ten as an eight, as I find it good.
Since security is critical, we prefer a quicker response time.
The support team was very responsive to queries.
They understand their product, but much like us, they struggle with the finer details, especially with new features.
 

Scalability Issues

Sentiment score
7.6
Cortex XDR excels in scalability and adaptability across environments, supporting diverse systems with seamless deployment and reliable expansion.
Sentiment score
7.8
Microsoft Defender for Cloud is highly scalable, managing diverse environments smoothly, with seamless integration and flexible subscriptions despite cost concerns.
We are using infrastructure as a code, so we do not have any scalability issues with Microsoft Defender for Cloud implementation because our cloud automatically does it.
It has multiple licenses and features, covering infrastructures from a hundred to five hundred virtual machines, without any issues.
Defender won't replace our endpoint XDR, but it will likely adapt and support any growth in the Microsoft Cloud space.
 

Stability Issues

Sentiment score
8.0
Cortex XDR by Palo Alto Networks is stable and reliable, with quick bug fixes and consistent performance across platforms.
Sentiment score
7.7
Microsoft Defender for Cloud provides a stable, reliable environment with minor performance issues primarily due to outdated systems.
Cortex XDR is stable, offering high quality and reliable performance.
For the last 11 months, we haven't faced any outage issues, so it is a stable product.
Defender's stability has been flawless for us.
Microsoft Defender for Cloud is very stable.
Microsoft sometimes changes settings or configurations without transparency.
 

Room For Improvement

Users find Cortex XDR challenging due to integration issues, high memory usage, limited features, and a need for improvements.
Microsoft Defender for Cloud needs better automation, integration, user-friendliness, documentation, pricing, real-time monitoring, and legacy support.
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
If the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better.
Cortex XDR could improve its sales support team, including better commission structures and referral programs.
Microsoft, in general, could significantly improve its communication and support.
It would be beneficial to streamline recommendations to avoid unnecessary alerts and to refine the severity of alerts based on specific environments or environmental attributes.
The artificial intelligence features could be expanded to allow the system to autonomously manage security issues without needing intervention from admins.
 

Setup Cost

Cortex XDR offers flexible licensing, valued for complex security needs, but perceived as costly and variable in international markets.
Microsoft Defender for Cloud provides flexible pricing with a free version; costs vary by features, region, and enterprise needs.
Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing.
Compared to competitors such as CrowdStrike and Sophos, the pricing of Cortex XDR by Palo Alto Networks is similar to CrowdStrike but more expensive than Sophos.
Every time we consider expanding usage, we carefully evaluate the necessity due to cost concerns.
We appreciate the licensing approach based on employee count rather than a big enterprise license.
Microsoft Defender for Cloud is pricey, especially for Kubernetes clusters.
 

Valuable Features

Cortex XDR ensures comprehensive protection with AI-driven analytics, multi-layered threat detection, and seamless integration, enhancing security management.
Microsoft Defender for Cloud enhances security with AI detection, compliance, seamless Azure integration, and multi-cloud support for streamlined protection.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
If a user doesn't click any link within 30 days and on the 31st day clicks a new link, Cortex XDR immediately alerts us that this user has clicked on an uncommon link or their behavior is uncommon.
The most valuable feature for me is the variety of APIs available.
This feature significantly aids in threat detection and enhances the user experience by streamlining security management.
The most valuable feature is the recommendations provided on how to improve security.
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
91
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (7th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (4th)
Microsoft Defender for Cloud
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
78
Ranking in other categories
Vulnerability Management (7th), Container Management (8th), Container Security (7th), Cloud Workload Protection Platforms (CWPP) (2nd), Cloud Security Posture Management (CSPM) (4th), Cloud-Native Application Protection Platforms (CNAPP) (4th), Data Security Posture Management (DSPM) (5th), Microsoft Security Suite (7th), Compliance Management (5th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Cortex XDR by Palo Alto Networks is designed for Endpoint Protection Platform (EPP) and holds a mindshare of 3.7%, down 4.9% compared to last year.
Microsoft Defender for Cloud, on the other hand, focuses on Cloud Workload Protection Platforms (CWPP), holds 13.4% mindshare, down 16.7% since last year.
Endpoint Protection Platform (EPP)
Cloud Workload Protection Platforms (CWPP)
 

Featured Reviews

NiteshSharma - PeerSpot reviewer
Automated threat response and behavioral control improve security measures
I recommend adding a data loss prevention (DLP ( /categories/data-loss-prevention-dlp )) solution to Cortex XDR ( /categories/extended-detection-and-response-xdr ) by Palo Alto Networks. The inclusion of this feature would allow the application of DLP ( /categories/data-loss-prevention-dlp ) policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products. Additionally, multi-tenancy and multi-cloud features are not available and should be considered for inclusion.
Vibhor Goel - PeerSpot reviewer
A single tool for complete visibility and addressing security gaps
Currently, issues are structured in Microsoft Defender for Cloud at severity levels of high, critical, or warning, but these severity levels are not always right. For example, Microsoft might consider a port being open as critical, but that might not be the case for our company. Similarly, it might suggest closing some management ports, but you might need them to be able to log in, so the severity levels for certain things can be improved. Even though Microsoft Defender for Cloud provides a way to temporarily disable certain alerts or notifications without affecting our security score, it would be better to have more granularized control over these recommendations. Currently, we cannot even disable certain alerts or notifications. There should be an automated mechanism to design Azure policies based on the recommendations, possibly with AI integration. Instead of an engineer having to write a policy to fix security gaps, which is very time-consuming, there should be an inbuilt capability to auto-remediate everything and have proper control in place. Additionally, enabling Defender for Cloud at the resource group level, rather than only at the subscription level, would be beneficial.
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
861,524 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
9%
Manufacturing Company
8%
Government
7%
Computer Software Company
13%
Financial Services Firm
13%
Manufacturing Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
How is Prisma Cloud vs Azure Security Center for security?
Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening across your ecosystem. It also has great remote workforce capabilities and supports a...
What do you like most about Microsoft Defender for Cloud?
The entire Defender Suite is tightly coupled, integrated, and collaborative.
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Cloud and other solutions. Updated: September 2023.
861,524 professionals have used our research since 2012.