We performed a comparison between Microsoft Defender Cloud and Prisma Cloud according to four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Microsoft Defender came ahead of Prisma Cloud because our reviewers found Prisma Cloud to be more difficult in terms of licensing.
"I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"I have found the ability to delete unwanted threats beneficial."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"The solution is well integrated with applications. It is easy to maintain and administer."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"The solution's robust security posture is the most valuable feature."
"Defender is a robust platform for dealing with many kinds of threats. We're protected from various threats, like viruses. Attacks can be easily minimized with this solution defending our infrastructure."
"The vulnerability reporting is helpful. When we initially deployed Defender, it reported many more threats than we currently see. It gave us insight into areas we had not previously considered, so we knew where we needed to act."
"The security policy is the most valuable feature for us. We can go into the environment settings and attach any globally recognized framework like ISO or any benchmark."
"Everything is built into Azure, and if we go for cross-cloud development with Azure Arc, we can use most of the features. While it's possible to deploy and convert third-party applications, it is difficult to maintain, whereas Azure deployments to the cloud are always easier. Also, Microsoft is a big company, so they always provide enough support, and we trust the Microsoft brand."
"It works seamlessly on the Azure platform because it's a Microsoft app. Its setup is similar, so if you already have a Microsoft account, it just flows into it."
"We saw improvement from a regulatory compliance perspective due to having a single dashboard."
"The most valuable features of the solution are the insights, meaning the remediation suggestions, as well as the incident alerts."
"The initial setup is seamless."
"The application visibility is amazing. For example, sometimes we don't know what a particular custom port is for and what is running on it. The visibility enables us to identify applications, what the protocol is, and what service is behind it. Within Azure, it is doing a great job of providing visibility. We know exactly what is passing through our network. If there is an issue of any sort we are able to quickly detect it and fix the problem."
"It also provides us with a single tool to manage our entire cloud architecture. In fact, we are using a multi-account strategy with our AWS organization. We use Prisma as a single source of truth to identify high- or medium-severity threats inside our organization."
"I found the network queue sets useful. I also liked the Workload Protection Module, the vulnerability findings, and how the rule sets handle the vulnerabilities based on severity."
"It has improved the overall collaboration between SecOps and DevOps. Now, instead of asking people to do something, it is a default offering in the CI/CD. There is less manual intervention and more seamless integration. It is why we don't have many dependencies across many teams, which is definitely a better state."
"Prisma Cloud's monitoring features such as the compute compliance dashboard and the vulnerability dashboard, where we can get a clear visualization of their docker, have also been valuable. We can get layer-by-layer information that helps us see exactly where it's noncompliant. They update the dashboards quite frequently."
"The first aspect that is important is the fact that Prisma Cloud is cloud-agnostic. It's actually available for the five top cloud providers: AWS, GCP, Azure, Oracle, and Alibaba Cloud. The second aspect is the fact that we can write our own rules to try to detect misconfigurations in those environments."
"The CVEs are valuable because we used to have a tool to scan CVEs, at the language level, for the dependencies that our developers had. What is good about Prisma Cloud is that the CVEs are not only from the software layer, but from all layers: the language, the base image, and you also have CVEs from the host. It covers the full base of security."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"The user interface of Microsoft 365 Defender could improve. They could make it simpler."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"The logs could be better."
"The product was a bit complex to set up earlier, however, it is a bit streamlined now."
"You cannot create custom use cases."
"Azure's system could be more on point like AWS support. For example, if I have an issue with AWS, I create a support ticket, then I get a call or a message. With Azure support, you raise a ticket, and somebody calls back depending on their availability and the priority, which might not align with your business priority."
"Another thing that could be improved was that they could recommend processes on how to react to alerts, or recommend best practices based on how other organizations do things if they receive an alert about XYZ."
"Defender is occasionally unreliable. It isn't 100% efficient in terms of antivirus detection, but it isn't an issue most of the time. It's also somewhat difficult to train new security analysts to use Defender."
"Microsoft can improve the pricing by offering a plan that is more cost-effective for small and medium organizations."
"The solution's portal is very easy to use, but there's one key component that is missing when it comes to managing policies. For example, if I've onboarded my server and I need to specify antivirus policies, there's no option to do that on the portal. I will have to go to Intune to deploy them. That is one main aspect that is missing and it's worrisome."
"Microsoft sources most of their threat intelligence internally, but I think they should open themselves up to bodies that provide feel intelligence to build a better engine. There may be threats out there that they don't report because their team is not doing anything on that and they don't have arrangements with another party that is involved in that research."
"They need to make the settings more flexible to fit our internal policies about data. We didn't want developers to see some data, but we wanted them to have access to the console because it was going to help them... It was a pain to have to set up the access to some languages and some data."
"This solution is more AWS and Azure-centric. It needs to be more specific on the GCP side, which they are working on."
"One of the main backlogs in their development is in the area of integration. For example, we have ServiceNow in place for ticket management and Prisma Cloud is supposed to send closure emails for incidents. But from time to time, it fails to do so. We have several other mismatches between Prisma Cloud and ServiceNow."
"Getting new guys trained on using the solution requires some thought. If someone is already trained on Palo Alto then he's able to adapt quickly. But, if someone is coming from another platform such as Fortinet, or maybe he's from the system side, that is where we need some help. We need to find out if there is an online track or training that they can go to."
"The access controls for our bank roles were not granular enough. We needed specific people to do particular actions, and we often had to give some people way too much access for them to be able to do what they needed in Prisma. They couldn't do their jobs if they didn't have that level of access, so other people had to do that part for them. It would help to have more granular role-based access controls."
"Areas like the deployment of their defenders and their central control need manual intervention. They should focus more on automation. They have a very generic case for small companies. However, for bigger companies to work, we have to do a lot of changes to our system to accommodate it. Therefore, they should change their system or deployment models so it can be easy to integrate into existing architectures."
"Currently, custom reports are available, but I feel that those reports are targeting just the L1 or L2 engineers because they are very verbose. So, for every alert, there is a proper description, but as a security posture management portal, Prisma Cloud should give me a dashboard that I can present to my stakeholders, such as CSO, CRO, or CTO. It should be at a little bit higher level. They should definitely put effort into reporting because the reporting does not reflect the requirements of a dashboard for your stakeholders. There are a couple of things that are present on the portal, but we don't have the option to customize dashboards or widgets. There are a limited set of widgets, and those widgets don't add value from the perspective of a security team or any professional who is above L1 or L2 level. Because of this, the reach of Prisma Cloud in an organization or the access to Prisma Cloud will be limited only to L1 and L2 engineers. This is something that their development team should look into."
"A better correlation between the multiple products Prisma Cloud contains would be crucial. It would reduce the time spent looking at reports and enable you to get all the actionable insights across products. I think that Palo Alto is working on it, but they need to work faster because it doesn't make sense to have all these products in a single pane of glass without any correlation between them."
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
Microsoft 365 Defender, part of Microsoft’s XDR solution, leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, building a complete picture of each attack in a single dashboard. With this breadth and depth of clarity defenders can now focus on critical threats and hunt for sophisticated breaches, trusting that the powerful automation in Microsoft 365 Defender detects and stops attacks anywhere in the kill chain and returns the organization to a secure state.
- Reduce signal noise by viewing prioritized incidents in a single dashboard.
- Use the automated investigation capabilities to spend less time on detection and response.
- Take care of routine and complex remediation with Microsoft 365 Defender by auto-healing affected assets.
- Hunt across all your data, leveraging your organizational knowledge with custom queries.
- Develop custom detection and response tools for long-term protection and improved security posture.
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
Microsoft Defender for Cloud protects your Azure and hybrid resources. Microsoft uses a wide variety of physical, infrastructure, and operational controls to help secure Azure—but there are additional actions you need to take to help safeguard your workloads. Turn on Azure Security Center to strengthen your cloud security posture. Within Azure Security Center, use Azure Defender to protect your hybrid cloud workloads. With Azure Security Center, you can:
- Assess and visualize the security state of your resources in Azure, on-premises, and in other clouds with Azure Secure Score
- Simplify enterprise compliance and view your compliance against regulatory requirements
- Protect all your hybrid cloud workloads with Azure Defender, which is integrated with Security Center
- Use AI and automation to cut through false alarms, quickly identify threats, and streamline threat investigation
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
Prisma Cloud is a comprehensive cloud-native security platform (CNSP) that provides security and compliance coverage for infrastructure, applications, data, and all cloud-native technology stacks throughout the development lifecycle. Prisma Cloud safeguards cloud operations across hybrid and multi-cloud environments, all from a single, unified solution, using a combination of cloud service provider APIs and a unified agent framework.
The move to the cloud has changed all aspects of the application development lifecycle, with security being foremost among them. Security and DevOps teams face a growing number of entities to secure as organizations adopt cloud-native approaches. Constantly changing environments challenge developers to build and deploy at a rapid pace without compromising on security. Prisma Cloud by Palo Alto Networks delivers complete security and compliance coverage across the development lifecycle on any cloud environment, enabling you to develop cloud-native applications with confidence.
Prisma Cloud Features
Prisma Cloud offers comprehensive security coverage in all areas of the cloud development lifecycle:
Benefits of Prisma Cloud
Reviews from Real Users
Prisma Cloud stands out among its competitors for a number of reasons. Two major ones are its integration capabilities, as well as its visibility, which makes it very easy for users to get a full picture of the cloud environment.
Alex J., an information security manager at Cobalt.io, writes, “Prisma Cloud has enabled us to take a very strong preventive approach to cloud security. One of the hardest things with cloud is getting visibility into workloads. With Prisma Cloud, you can go in and get that visibility, then set up policies to alert on risky behavior, e.g., if there are security groups or firewall ports open up. So, it is very helpful in preventing configuration errors in the cloud by having visibility. If there are issues, then you can find them and fix them.”
Luke L., a cloud security specialist for a financial services firm, writes, “You can also integrate with Amazon Managed Services. You can also get a snapshot in time, whether that's over a 24-hour period, seven days, or a month, to determine what the estate might look like at a certain point in time and generate reports from that for vulnerability management forums.”
Microsoft Defender for Cloud is ranked 2nd in CWPP (Cloud Workload Protection Platforms) with 32 reviews while Prisma Cloud by Palo Alto Networks is ranked 1st in CWPP (Cloud Workload Protection Platforms) with 19 reviews. Microsoft Defender for Cloud is rated 8.2, while Prisma Cloud by Palo Alto Networks is rated 7.6. The top reviewer of Microsoft Defender for Cloud writes "Provides good recommendations and makes policy administration easy". On the other hand, the top reviewer of Prisma Cloud by Palo Alto Networks writes "The magic happens with traffic passing through multiple zones and our data center, as we can quickly troubleshoot problems". Microsoft Defender for Cloud is most compared with AWS GuardDuty, Trend Micro Cloud One Workload Security, Cortex XDR by Palo Alto Networks, Wiz and Orca Security, whereas Prisma Cloud by Palo Alto Networks is most compared with Aqua Security, Snyk, Wiz, Check Point CloudGuard Posture Management and AWS GuardDuty. See our Microsoft Defender for Cloud vs. Prisma Cloud by Palo Alto Networks report.
See our list of best CWPP (Cloud Workload Protection Platforms) vendors, best Cloud Security Posture Management (CSPM) vendors, and best Cloud-Native Application Protection Platforms (CNAPP) vendors.
We monitor all CWPP (Cloud Workload Protection Platforms) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.