No more typing reviews! Try our Samantha, our new voice AI agent.

Microsoft Defender for Cloud Apps vs Trellix Advanced Threat Defense comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender for Clou...
Ranking in Advanced Threat Protection (ATP)
15th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
42
Ranking in other categories
Cloud Access Security Brokers (CASB) (5th), Microsoft Security Suite (9th)
Trellix Advanced Threat Def...
Ranking in Advanced Threat Protection (ATP)
23rd
Average Rating
7.8
Reviews Sentiment
5.6
Number of Reviews
9
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Advanced Threat Protection (ATP) category, the mindshare of Microsoft Defender for Cloud Apps is 2.0%, up from 1.3% compared to the previous year. The mindshare of Trellix Advanced Threat Defense is 1.9%, up from 1.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Advanced Threat Protection (ATP) Mindshare Distribution
ProductMindshare (%)
Microsoft Defender for Cloud Apps2.0%
Trellix Advanced Threat Defense1.9%
Other96.1%
Advanced Threat Protection (ATP)
 

Featured Reviews

Abdulrahman Muhammadi - PeerSpot reviewer
information Security and IT Manager at Discover Dollar Technologies Pvt Ltd.
Integration with existing cloud workflows has simplified compliance and threat detection
Licensing cost is a significant concern. With Defender Plan 1, Microsoft Defender for Cloud Apps comes with a pay-per-use model. Each feature has its own pricing when activated on VMs. For example, the vulnerability assessment has separate pricing, the base model including encryptions has separate pricing, and the compliance features have separate pricing. This applies to each VM and Azure resource individually. It is not straightforward where you can take one license and apply it to everything. Each feature has its own pricing model which can be tedious, as the costs keep accumulating. The only lacking feature currently is XDR (extended detection and response). Apart from that, I have only positive experiences with the whole Microsoft suite, except for the pricing structure.
PP
RSSI at SDIS49
Ensuring long-term reliability while seeking internal email management enhancements
Prisma is a commercial name of the firewall now, but we don't work with the cloud product. Only our company is using it and we do not recommend it to customers. For us, it's transparent because it's a cloud product, so we don't really know the version as it's always updated. We have not had any problem, but it's difficult to report on what's going on because some days they can wash out perhaps 100 mails, and then it's difficult to say how many attacks you have reached. The right email has been washed out and then nobody has complained. We do not use the Threat Visualization feature; as we are in MX, the mail is washed out before it is in the mail inbox of the user, thus avoiding any problem requiring a reservation. In fact, there is no integration with existing security frameworks. The only problem we can have is that as we have no API interface, there is no inspection of internal mail. I rate Trellix Advanced Threat Defense a nine out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It gives our clients a sense of confidence that in case there are activities on some of their applications, they will get an alert and the issue will be mitigated, based on the action that has been set."
"The solution is bundled with E3 and E5 licenses; that's the reason it's most commonly deployed, as it's part of the bundle and not a separate cost, and if your business requirements are relatively simple, it can get the job done."
"The discovery function and the discovery catalog are really valuable, and the ability to sanction unsanctioned apps using Secure Score benchmarking, included in Cloud, enhances the organization by helping to manage and control cloud app usage effectively."
"From what I've seen, it's a good product."
"Threat detection is its key feature, and that's why we use this tool. It gives an alert if a PC is attacked or there is any kind of anomaly, such as there is a spike in sending emails or we see an unauthorized website being accessed. So, it keeps us on our toes. We get to know that there is something wrong, and we can isolate the user and find any issues with it. So, threat detection is very robust in this tool."
"All of the features are valuable because all of the features are related."
"One of the most valuable features is auditing. Some of the other protection services have issues with auditing. Microsoft Defender for Cloud has an excellent auditing technique that helps us avoid the risk of filtering or information loss. You can use different tools to guarantee these things. It allows you to conduct an in-depth exploration of applications, users, and files that are harmful or suspicious. You can also enhance your security setup by creating personalized rules or policies that help you better control traffic in the cloud."
"The product’s most valuable feature is SQL database."
"I see ROI, as it stops in excess of twenty-five malware events per month, all of which could be critical to the business."
"If a system admin can put in the patience to read and constantly update the ePO system in terms of rules, enforcing them at regular intervals, you can safely go to sleep every night."
"The features I find most valuable are: the management, the ability for automatic remediation of threats and it can successfully detect a threat, and to act upon it."
"The fact that in 10 years, we have had no problem is the most valuable feature for us; it's really a washing machine, but the only problem we face is that it's difficult to report on this product."
"It is very scalable."
"This solution is very easy to use and requires little to no training."
"It is stable and reliable."
"Provides good exfiltration, and is an all-in-one product."
 

Cons

"There have been instances where the alerts generated have been false positives."
"MCAS doesn't have many reporting capabilities, and it's really an operational nightmare to get all these things done at this point in time by using MCAS."
"It takes some time to scan and apply the policies when there is some sensitive information. After it applies the policies, it works, but there is a delay. This is something for which we are working with Microsoft."
"We would like to get more information from the endpoint. I don't get enough detailed information right now on why something failed. There is not enough visibility."
"There are some features, such as user navigation content filtering, that are disabled by default, and it probably makes sense to enable them by default."
"I would prefer to have filtering options incorporated within the policies, enabling the solution to perform tasks beyond mere blocking or allowing."
"The response time could be better. It will be helpful if the alerts are even more proactive and we can see more data. Currently, the data is a little bit weak. It is not complete. I can't just see it and completely know which user or which device it is. It takes some effort and time on my part to investigate and isolate a user. It would be great if it is more user-friendly or easy for people to understand."
"They should continue integration with all other Microsoft security-related products. The integration with all the other products is still ongoing."
"The only problem we can have is that as we have no API interface, there is no inspection of internal mail."
"Make the ATD system a part of the whole product and take the whole thing onto the cloud. While it is there already, it is not to the same level as the on-premise version."
"Lacks remote capabilities not dependent on the internet."
"Some of our customers have mentioned the lack of a tool that would allow for remote capabilities without being attached to the internet."
"The initial setup was industry standard complex. It takes awhile and has a lot of planning involved. It could be simplified with product redesign."
"It was not complex, but there are things to look out for, because it's an intense product. It scans intensely and there are major obstacles to overcome if it scans while users are using a network, then it is not a good thing."
"This product does the job, but it is not flexible enough to do new environments yet."
"The support on their side is not readily available. It takes a while."
 

Pricing and Cost Advice

"We have an educational licensing agreement. It's a customer agreement for multiple years."
"Where we are right now, this is an acceptable pricing. I would like to see more transparency given to the end user. The end user given to us is via the cloud service provider. There are different programs and license models. Some include this, and some include that. It is all over the place. There can be a little more consistency or simplification in the pricing so that your parts list is not ten pages long, and you are not trying to determine, "If I have an E3, does this cover that?", or "Do I need to pay separately for the license?" Simplification would probably be better."
"The pricing is fair."
"Microsoft offers bundle discounts and a pay-as-you-go option."
"The pricing is a little bit high but right now, we are okay with it because of the compatibility with Office 365, Teams, and Azure AD."
"The product's pricing seems fair."
"We utilize the Microsoft E5 licensing, which encompasses the entire Microsoft suite; however, it is costly."
"This product is not expensive."
"Our licensing fees for this solution are approximately one million dollars per year."
"The product is expensive, but it is better than the rest of them in the industry."
report
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Computer Software Company
9%
Manufacturing Company
9%
Comms Service Provider
6%
Construction Company
17%
Financial Services Firm
12%
Comms Service Provider
10%
Outsourcing Company
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business15
Midsize Enterprise13
Large Enterprise19
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise4
Large Enterprise5
 

Questions from the Community

Which is the better security solution - Cisco Umbrella or Microsoft Cloud App Security?
Cisco Umbrella is an integral component of the Cisco SASE architecture. It integrates security in a single, cloud-native solution, unifying multiple features like DNS-layer security, threat intelli...
What is your experience regarding pricing and costs for Microsoft Cloud App Security?
At the time of implementation, when the size of our organization was small, it was a more affordable product. Since all our productivity applications were on O365, Microsoft Defender for Cloud Apps...
What needs improvement with Microsoft Cloud App Security?
The fidelity of the signal in Microsoft Defender for Cloud Apps has been a challenge in some areas. There have been instances where the alerts generated have been false positives. A lot of work has...
What needs improvement with McAfee Advanced Threat Defense?
I would like to see an API interface for internal email and control of outgoing email to make it closer to 10. It's necessary; today we have an MX interface, and it would be interesting to have an ...
What is your primary use case for McAfee Advanced Threat Defense?
We are working with Palo Alto products, specifically firewalls. We are only using Palo Alto Firewalls and not Cortex. With FireEye and Trellix, we only work with ETP now because the NDR function wh...
What advice do you have for others considering McAfee Advanced Threat Defense?
Prisma is a commercial name of the firewall now, but we don't work with the cloud product. Only our company is using it and we do not recommend it to customers. For us, it's transparent because it'...
 

Also Known As

MS Cloud App Security, Microsoft Cloud App Security
McAfee Advanced Threat Defense
 

Overview

 

Sample Customers

Customers for Microsoft Defender for Cloud Apps include Accenture, St. Luke’s University Health Network, Ansell, and Nakilat.
The Radicati Group, Florida International University, MGM Resorts International, County Durham andDarlington NHS Foundation Trust
Find out what your peers are saying about Microsoft Defender for Cloud Apps vs. Trellix Advanced Threat Defense and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.