Microsoft Defender for Cloud Apps Reviews

We use Microsoft Defender for Cloud Apps for discovery, data exfiltration, and sensitive data exposure.

Some organizations with E5 or E3 licenses enable Microsoft Defender for Cloud Apps for their users, often with default settings. These organizations typically use OneDrive and SharePoint. With Defender for Cloud Apps, especially when integrated with Defender for Endpoint, they want to monitor which SaaS applications their users are accessing. The primary goal is to discover and track the types of SaaS apps their users use.

Microsoft makes setting up discovery and visibility into cloud app usage easy. I also appreciate its full integration with other Defender and XDR products, such as Defender for Identity, Defender for Office 365, and Defender for Endpoint. You can ingest data from all these endpoints. I especially like the feature that allows you to discover which SaaS applications users access.

Microsoft has been high on implementing Copilot. If it is already integrated for using Copilot for security, that would be great.

I have been using Microsoft Defender for Cloud Apps for three years.

It's pretty stable.

 It has been reliable. I haven't seen it fail. There can be some confusing configuration issues sometimes, but it's quite dependable overall.

It is used by small, large, and government entities.

Improved communication and follow-up would be helpful. Sometimes, we don’t hear back after creating a ticket for a day or two. Even when an engineer is assigned, responding can still take a while despite providing all the necessary logs and information upfront.

Neutral

The deployment process is quick, taking two to three days. The implementation and customization require more time. We need to adjust the setup to fit the client's needs, which involves fine-tuning notifications and alerts to avoid overwhelming them.

First, you need the appropriate licensing. Once you have that, go to security.microsoft.com and integrate with Defender for Endpoints to receive information. While you can ingest logs from different firewalls, such as Palo Alto or Cisco, we usually implement them with Defender for Endpoints. Once a laptop or desktop is set up in Defender for Endpoints, integrating Cloud Apps with the endpoints allows us to collect the data easily.

I rate the initial setup a nine out of ten, where one is difficult and ten is easy.

Taking a proactive approach to keeping your environment secure and informed is key. Microsoft Defender for Cloud Apps helps you monitor what applications your users use and ensures they aren't using any sanctioned by your organization. This proactive control is a significant return on investment.

It's relatively low-cost, especially since it's often bundled with Microsoft 365.

It is also tied to data management. Since it's integrated, it can notify us of potential data exfiltration, like when large amounts of data are leaving the system or the Microsoft Cloud. This feature helps protect intellectual property and sensitive information subject to regulations and compliance standards, such as SOX or NIST. It plays a key role in ensuring data compliance and security.

It's fully integrated with other Microsoft security features. You can even connect it to Microsoft Sentinel, their SIEM product. The integration makes everything work better together, with less deployment effort and a single portal for managing your applications, eliminating the need to switch between different platforms.

Overall, I rate the solution a nine-point out of ten.

Public Cloud

I work with Microsoft Defender for Cloud Apps by monitoring issues users have with applications, creating policies, reviewing incidents notified by Microsoft Defender, and taking measures to mitigate these issues.

Microsoft Defender for Cloud Apps is very comprehensive, providing a complete 360-degree view of applications within an organization. The tool offers a scoring system that helps track progress in securing the network and endpoints, and it alerts users to security issues in applications.

The documentation could be improved as it is not updated immediately when Microsoft makes changes. Users must wait a few weeks for the changes to be reflected in the documentation.

I have been using Microsoft Defender for Cloud Apps for maybe three years.

Deploying Microsoft Defender for Cloud Apps was easy for me, as long as there is an organized approach and a good technology partner to assist during deployment.

Microsoft Defender for Cloud Apps works very well and I have not experienced issues with stability.

Microsoft Defender for Cloud Apps is very scalable, provided you have the right subscription. Without the appropriate license, scalability is limited.

The support is excellent, and the speed of response is commendable.

Positive

I used Sophos before, and although it's a good tool, I prefer Microsoft Defender for its comprehensive integration with endpoints and firewalls.

The initial setup of Microsoft Defender for Cloud Apps was easy, especially with support from a technology partner.

We had assistance from a Microsoft partner and other companies during the implementation.

The pricing for Microsoft Defender for Cloud Apps is acceptable. If a product is of high quality, it justifies the expense.

I evaluated Sophos as an alternative solution.

No further improvements are needed for now because the suite is very complete. I give Microsoft Defender for Cloud Apps an overall rating of eight out of ten.

Other

We use the product mainly to manage the accounts for Single-Sign-On purposes.

Microsoft Entra ID has improved privilege access management for our organization. We can manage who has access to which account.

The product helps us with privileged identity management to control who has access to what and for how long.

There could be more granular roles that are out of the box included in the product. I guess it would help people who aren't as savvy. Right now, I have to create many custom models for different use cases. It would be great if roles were more geared towards specific use cases to cover multiple aspects. In a case where a role is for a security admin, it could grant roles that are needed and not too many unnecessary roles. For example, it gives the security admin some access to the compliance portal, but the executive may not need that access. So it could be more granular.

We have been using Microsoft Entra ID for three to four years.

The product's stability is pretty good. We never really encountered outages. They are very rare.

We have approximately 1000 Microsoft Entra ID users in our organization. The product has great scalability. That's why we moved to the cloud. We need more roles. It will help us a lot as it grows. Microsoft is already adding more roles within the PIM environment, but the more they add, the more users will go to the cloud.

Microsoft's support services are good. They responded quickly whenever I had questions and sent emails or reached out for anything.

Neutral

We have used Azure AD groups initially. Then, we continued grouping within the security groups and only had a designated cloud once we moved to PIM.

The initial setup could have been done better in our organization. That was one of the reasons I was hired. I had to reset and architect the whole process. It was relatively straightforward.

The product is deployed on a hybrid cloud, including Azure, GCP, and AWS clouds. It is used across a few departments, mainly within their IT realm, marketing, and other departments. But for the most part, it's just those two groups currently using it.

I implemented the product myself.

The product's pricing seems fair.

I rate Microsoft Entra ID an eight out of ten.

Set up your environment correctly first. Take your time to figure out how you want to use it, such as PIM and other use cases. Ensure you set it up properly and then create custom roles when needed. Don't overaccess people; that'd be the main advice. It keeps being upgraded by Microsoft. There are constantly new features getting added. If there's some feature you don't see now, it could be there later. We initially wanted a few features that were added later on. Thus, there's always room for growth.

The product provides a single pane of glass for managing user access for the most part. It helps manage the roles better in one area. It becomes easier to use that way. I don't know if we necessarily use verified IDs. But we typically use HRID just to enforce MFA and other processes.

Initially, the product saved a lot of time because we could create dynamic roles for people with the right access. However, as we move more to the cloud, creating more custom roles saves less time. It still has pros in terms of granular roles.

It easily saves two or three daily tasks per person or user we're onboarding. Let's say it's a good amount of time, especially with the dynamic groups. Each PIM role gets activated as well. I would say it saves 20 to 30 minutes per user account activation.

We utilize Microsoft Defender for Cloud Apps in conjunction with Defender for Endpoint. This enables the Cloud App to effectively block unauthorized websites for users. Additionally, it allows us to prevent users from accessing malicious sites, and we can restrict user access based on their device compliance status.

Microsoft Defender for Cloud Apps offers visibility into the usage of enterprise applications and the connections established from both authorized and unauthorized locations and devices.

Microsoft Defender for Cloud Apps, in conjunction with Defender for Endpoint, helps prioritize threats throughout our enterprise by reviewing them, identifying devices with vulnerabilities, and providing us with criticality assessments and recommendations on resolving the issues.

We utilize the complete Microsoft Defender suite, which includes Defender for Endpoint as well as Defender 365. The integration is seamless; we only need to onboard Defender for Endpoint, and it functions exceptionally well.

The integrated solutions work natively together to provide coordinated detection and response across our environment. If Defender detects a malicious email, it will notify me of the detection, block the email, and apply the same actions to all the emails that match the same criteria.

I appreciate the comprehensiveness of the threat protection offered by Microsoft security products due to their functionality and ability to integrate, which other products may not offer.

Microsoft Defender for Cloud Apps has helped improve our visibility and response time.

It helps automate the discovery of high-value alerts. The solution can identify malicious threats and subsequently block the threats while disabling the compromised account automatically.

Microsoft Defender for Cloud Apps has helped us save time through the visibility it provides.

Microsoft Defender for Cloud Apps has significantly reduced our time to detect and respond by several hours through its integration with the rest of the Microsoft Defender suite, thereby reducing our troubleshooting time.

The most valuable feature is its policy implementation. Even public websites are directed to the Microsoft Net proxy, where we can establish policies to determine whether to block, authorize, or manage devices.

Currently, we are only able to utilize the policies for blocking threats. I would prefer to have filtering options incorporated within the policies, enabling the solution to perform tasks beyond mere blocking or allowing.

I have been using Microsoft Defender for Cloud Apps for one year.

Microsoft Defender for Cloud Apps has been stable thus far.

Microsoft Defender for Cloud Apps is scalable. We are not limited by Microsoft in terms of the number of users or devices.

The initial setup is not straightforward due to the numerous meetings beforehand, and the Microsoft documentation can be overwhelming. However, once we familiarized ourselves with the interface, it started making more sense. 

The deployment process took over three months. Initially, we tested the solution to become familiar with it before deploying it to a small number of users. Once we were confident that everything was working correctly, we proceeded to deploy it to all users. Two system engineers were required for the deployment.

The implementation was completed in-house.

We have seen a return on investment with Microsoft Defender for Cloud Apps.

We utilize the Microsoft E5 licensing, which encompasses the entire Microsoft suite; however, it is costly. Furthermore, there are supplementary expenses associated with add-on modules.

I rate Microsoft Defender for Cloud Apps an eight out of ten.

Microsoft Defender for Cloud Apps promptly generates an alert upon detecting a threat. However, I do not believe it has the capability to proactively defend against potential threats.

It is deployed in one environment with 50-plus users.

No maintenance is required from our end.

I recommend that anyone evaluating Microsoft Defender for Cloud Apps should read through all of the documentation first.

Public Cloud

Microsoft Azure

We were looking for protection for cloud applications, specifically for the SharePoint directory. One of the use cases is to monitor employees who are leaving the organization in the next month. We do this by placing them in a separate Active Directory container and monitoring their activity. 

For example, we would monitor if they download a large number of files from cloud applications, delete something, or engage in other abnormal activities. This is one use case for Microsoft Defender for Cloud Apps.

The solution is user-friendly and provides great visibility into threats. There are easy options available for specific workflow inspections. We can also get support by going through the Microsoft documentation, which is straightforward.

Microsoft Defender for Cloud Apps helps us prioritize threats across our enterprise. It covers us from a compliance perspective and protects our organization's data. Data protection is a very important aspect of any new organization, as we need to protect our data from both external attacks and insider threats. Microsoft Defender for Cloud Apps helps us monitor for abnormal activity by insiders, which is one of the most important access points for attackers today. Additionally, the different cloud apps that Defender for Cloud Apps supports provide us with much more visibility into potential threats and activities on the internet.

We have integrated Microsoft Defender for Cloud Apps alerts with Sentinel. The integration is straightforward. We can find the configuration details on Microsoft's official documentation website. If we are familiar with how Microsoft products work, we will be able to follow the instructions clearly.

Microsoft Defender for Cloud Apps and Sentinel work natively together to deliver coordinated detection and response across our environment.

Our integrated Microsoft solutions provide comprehensive threat protection, covering most of the tactics and techniques relevant to the MITRE ATT&CK framework.

Sentinel allows us to ingest data from our entire ecosystem. When implementing an SIEM solution, there are always prerequisites such as Active Directory logs, security logs, firewall logs, and DNS logs. These are important logs that need to be ingested into the environment. Sentinel has many third-party connectors available that make integrations straightforward. Microsoft provides the configuration details in the Sentinel platform. It is important to integrate all relevant log sources into the SIEM solution so that we can detect and be alerted to any type of threat factor, whether it is from an internal or external source.

Integrating third-party solutions into the platform requires a separate configuration, but Microsoft provides the necessary information. However, we need to have the appropriate permissions to execute these setups.

Sentinel provides a centralized dashboard that covers threat management and configuration. It gives us complete insight into what entities are accessing, as well as full details for investigation. We can see how the alerts and threats are relevant to suspicious activities, whether they are related to malicious IP addresses, suspicious ASHAs, or any other indicators of compromise. All of this relevant data can be seen in a single pane. Recently, Microsoft introduced a new investigation experience in a single pane. This means that we can now get a lot of details in a single pane, without having to go there and execute a query. There are a lot of new insights being developed in the Sentinel platform these days.

It has software intelligence. They recently introduced Microsoft Defender Threat Intelligence, which covers almost all IOCs. This protects organizational assets from threats and suspicious traffic associated with IOCs. If a match is found, alerts are generated. This is a very interesting feature. Another great feature is automation and logic apps. We can create a number of operations, such as posting in a team's channel if a severe incident occurs or sending an email notification. There are many operations available, so we can automate a lot of tasks.

Microsoft Defender for Cloud Apps helps us stay compliant. It has predefined mechanisms in place to prevent attacks. For example, if an external user tries to access our SharePoint folders or files, an attack will be blocked. This is why it is important to give appropriate access to guest users. Microsoft Defender for Cloud Apps has many features and benefits. It provides a number of policies that can be configured to meet the specific needs of our security team. These policies can be used to customize cloud applications so that only authorized users can access them and perform operations that benefit the organization. In terms of safety and security, Microsoft Defender for Cloud Apps is top-notch.

Using the solution's automation features, we can suppress false positive alerts. We can also close alerts, lower their severity from "high" to "low" or "informational," or close them immediately with the appropriate commands. This will depend on the configuration automation rule and the perspective from which we are testing.

Microsoft Defender for Cloud Apps provides a single console. We are also provided with Microsoft templates to enable workbooks instantly. Alternatively, we can build our own customized workbooks to provide better insights and improve our SOC efficiency and overall performance.

Consolidating all of our security data into one dashboard has saved our security operations team a significant amount of time. From an analyst's perspective, it is now much easier to correlate events, investigate alerts, and visualize specific entities. For example, an analyst can quickly see all of the alerts associated with a particular IP address, or they can view all of the activity for a specific entity over the past 24 hours or 7 days. This level of detail and insight would not be possible if our data were siloed in multiple dashboards.

The single dashboard saves our operations approximately 20 hours per week by eliminating the need to access multiple consoles and tabs.

Microsoft Defender for Cloud Apps threat intelligence can help us prepare for potential threats before they happen. However, it depends on how we develop the policies for the database to block or ignore things in our environment.

The most valuable feature is the alerting system.

Microsoft Defender for Cloud Apps covers all relevant cloud applications, such as OneDrive, shared drives, and specific directories. If we want to monitor a specific SharePoint directory, specific folder permissions, or specific VIP groups, all inherent features are available.

The technical support team has room for improvement. Their response time is slow.

I have been using Microsoft Defender for Cloud Apps for two and a half years.

Microsoft Defender for Cloud Apps' stability is good because it is cloud-based. We don't face any disruptions.

I would rate the scalability of Microsoft Defender for Cloud Apps a nine out of ten.

The technical support team takes a long time to respond to our tickets.

Positive

Microsoft offers bundle discounts and a pay-as-you-go option. We can also get an additional discount of 30 to 40 percent if we commit to a certain number of GB per day.

I would rate Microsoft Defender for Cloud Apps a nine out of ten.

Compared to other stand-alone SIEM and SOAR solutions, Sentinel is superior. It covers on-premises applications as well as cloud applications. Therefore, it is efficient, fast, reliable, and user-friendly. We do not experience any lag in performance, regardless of the number of queries we run. If we prepare 30 to 40 lines of query to search for data from the past 30 or 90 days, it will return the results in a reasonable time.

Microsoft Defender for Cloud Apps offers a longer retention period of up to 90 days for compliance purposes, compared to other solutions that only offer 30 days. The logs are also available for one year. This means that if an auditor needs to see data from the past six months, such as what critical operations were performed or which sensitive applications were accessed, we can easily access the logs and provide the evidence. This is beneficial from a compliance perspective. In addition, Defender for Cloud Apps is user-friendly and offers automation capabilities, as does Sentinel. This automation can help customers get more value from the solutions by quickly processing alerts and reducing MTTR. The price of Defender for Cloud Apps and Sentinel is also competitive.

No maintenance is required from our end.

I recommend a single vendor security suite over a best-of-breed strategy because of the better support and cost benefits.

Microsoft Defender for Cloud Apps is user-friendly and it is easy to configure the security policies based on the organization's industry standards and framework. 

Public Cloud

Microsoft Azure

We primarily use Microsoft Defender for Cloud to secure and provide controlled access to our applications. We have a few hosted applications in the cloud, including some of our critical applications. We need a solid firewall and security setup in the cloud to protect all those applications. Microsoft Defender for Cloud serves this purpose because it provides efficient security for our cloud applications. Its controlled auditing and other filtering setups also offer uninterrupted access to users. 

We use Defender for Identity and Defender for Cloud. Integrating the two is entirely straightforward. Once we deploy Azure or any other Microsoft services, the integration between each product is released. You can integrate Defender for Cloud and identity management with a click. Both are security features that have to work. If we get a similar log issue from Defender for Cloud, this log is automatically passed to Identity to check if there is any mismatch or identity-based concerns. It'll correlate the logs and easily identify the issues.

These solutions work together natively, each addressing a different security dimension. We prefer this identity-based solution focusing on user identity security, whereas Microsoft Defender for Cloud App concentrates on applications. Application security is the priority in this. Application security also requires identity management because users will be accessing applications based on identity rules. If the identity policies are met, it will easily access these applications hosted in the Cloud. Microsoft Defender Cloud has separate policies to maintain specific access for users based on their privileges, so it is all correlated.

It should work in correlation because we are not using a third-party product for all this security. We expect a solid correlation because everything is the legacy software of Microsoft. We are using multiple Microsoft products with Azure, including OneNote, OneCloud, etc., and every product requires security in each layer. We have numerous layers of protection in Microsoft. Each layer must be correctly oriented and governed by a set of policies so that each level satisfies the user policies and each policy forwards to the next level. So in that way, Microsoft has a different level of setups, and this Microsoft Defender for Cloud is one that last setup.

Our cloud strategy will change as we move more applications to the cloud, and all require security. As we migrate more into the cloud, our security becomes more complex. Once we have applications deployed in the cloud, it is better to have a single vendor for all the security solutions because Microsoft has a solution for each aspect of the application setup. Microsoft provides enough security features that we don't require any third-party applications. Each layer has to complement another layer. Because it is a one-vendor Microsoft solution, it's easy for us to identify and troubleshoot issues. I prefer a single solution rather than a multi-vendor solution.

Defender for Cloud Apps is an efficient option for protecting applications you use when working. They can be controlled to avoid risks or loss of information because most of our activities are pretty confidential. We don't want to share this application with many people. Since it is in the cloud, we have less control over that. After deployment, Microsoft Defender for Cloud Application maintains a stable, secure, and efficient security process in the cloud. 

It has different tools to guarantee this security, including various policies, classic control mechanisms, algorithms, and a threat database. It completely solves our security concerns about our cloud applications.

Defender helps automate security tasks. Traditionally, we would require a SIEM tool or costly antivirus software to implement this solution in the cloud. We would need a SIEM solution to analyze data. Most premium antivirus features and threat database features are included in this solution. 

Defender's dashboard has simplified our operations somewhat, but we still require different dashboards for each security setup because we continue to use traditional antivirus software for our on-premise environment. We will have multiple tabs related to security. Each layer of protection has different accounts, and you can browse the options. We need to browse the options and check everything. 

Microsoft Defender has a fantastic dashboard because every option is available in the dashboard. Most of the alerts are found in the dashboard. We just need to click on that to see their issues. Their highly rated issues can be easily checked from the dashboard. Most of the essential features are covered in the dashboard.

The solution helps us be proactive about threats because it features an updated database of the current threats that are most significant in the industry. Some of the cybersecurity threats have been mitigated by most of the antiviruses. Defender's AI-based mechanism can handle novel threats and malware, whereas many antiviruses use application signatures. 

It has saved us some time spent on configuration. Configuring on-premise and cloud applications separately is time-consuming, but Microsoft Defender for Cloud reflects configuration changes in the cloud to the on-premise applications. Everything mainly works as a single network, so it cuts the time spent on the configuration in half. Financially, it has cut our costs by about 20 percent.

It has also considerably reduced our time to detect and respond to threats. Some antivirus solutions won't catch a threat until it has reached more than half of our network. Still, Microsoft can detect a threat once it comes to the perimeter area with advanced artificial intelligence technology. Defender has reduced our detection and response time by about 60 percent. 

One of the most valuable features is auditing. Some of the other protection services have issues with auditing. Microsoft Defender for Cloud has an excellent auditing technique that helps us avoid the risk of filtering or information loss. You can use different tools to guarantee these things. It allows you to conduct an in-depth exploration of applications, users, and files that are harmful or suspicious. You can also enhance your security setup by creating personalized rules or policies that help you better control traffic in the cloud.

As administrators, we have a clear view of all the threats in the cloud. We can even restrict access or provide limited access to the users, which is an essential way to protect your information. From the dashboard, we can see all the permissions and which users are currently accessing the applications. We can constantly monitor each user and the critical applications.

Defender has a threat database that automatically updates to include the latest threats in the industry. It also helps us prioritize by categorizing the threat levels in the dashboard, so we can act accordingly. Defender tells us the high-level threats that require immediate action, whereas some simple threats can be easily mitigated or ignored. 

Microsoft has bidirectional capabilities. When any changes happen on-premises, they will also be reflected in the cloud, while changes in policies we enact in Microsoft Defender for Cloud will be completely reflected on-premises. It's a great boon. We don't need to configure every step on-premises, which is a time-consuming process.

We sometimes get errors when we create policies, which is somewhat annoying because some policies stop working due to misconfigurations. We find this challenging because it limits our options for troubleshooting an issue. 

A user policy might be disabled due to some minor issue, but it affects the policy for the entire group of users. It takes some time to troubleshoot it, find the issue, and correct it. 

I have been using Defender for Cloud Apps for six years.

Defender for Cloud Apps is completely stable.

Defender for Cloud Apps is highly scalable. I rate it 10 out of 10 for scalability.

I rate Microsoft technical support 10 out of 10. Their technical support is excellent.

Positive

The deployment was simple, and it took around two days.

The implementation strategy was straightforward because we had some on-premise policies we needed to mirror in the cloud. We already had a set of rules for each user we needed to create in our cloud application process. We need about two people to monitor security, take necessary actions against security concerns, and modify application rules.

We see a return on investment because some of these cloud apps are critical and they're restricted. We have payment-related features that require the highest security. Guaranteeing a secure environment for the app users delivers a huge return because there have been no security breaches or unauthorized access in the past few years. I would estimate the ROI is about 60 percent. 

The pricing is in the middle. It isn't too cheap or expensive compared to other antivirus or security products. It is priced according to industry standards.

I rate Defender for Cloud Apps 10 out of 10. I would recommend Defender for Cloud if you are concerned about the security of cloud applications. Azure deployments are easy to protect with Microsoft Defender for Cloud. I suggest trying Defender for Cloud for at least one application. If it works for you, you can scale up to multiple applications.

We have multiple virtual machines that we utilize in the cloud space with different applications on them. We utilize Microsoft Defender for Cloud Apps to monitor those individual application VMs as well as, along with Sentinel, our entire Azure ecostructure.

Microsoft Defender for Cloud Apps helps me, on the executive team, to have awareness and knowledge of what is going on in the environment. If a new administrator is created or one is trying to change their authentication types when they log in, or if new software gets put in there that should not have been there, we will get notifications on that.

Microsoft Defender for Cloud Apps helps automate routine tasks and the finding of high-value alerts. We depend a lot on automation. Some of the things I saw with the XDR window at this Microsoft Event are beautiful. I would like to see that. It ties in Defender, Sentinel, and all that into one pane of glass, which has been a problem at times. We see that as moving in the right direction.

It has helped us meet compliance requirements and has saved us costs. What we have now is an acceptable value.

Cloud Apps helps with detection, but I do not have metrics for how much time it has reduced.

It does a great job of monitoring and maintaining a security baseline. For us, that is a key element. The notifications are pretty good. These are the things that are very useful.

I would like more customization of notifications. Currently, you either get everything or you get limited information. I would like to have something in between where we can customize the data that is included in notifications. That is one thing. 

The comment field also needs improvement. If you want to generate a workflow within the organization for a notification that occurs, the comment field is not visible to the next person who logs in. They should make that a little more visible. They should make the history more available to the next person I assigned a task to.

I have been using Microsoft Defender for Cloud Apps for just over a year and a half.

It is very stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

It is deployed across multiple locations and teams.

When we get a hold of the right people, it is great, but we are still trying to get a hold of the right people.

We were using another solution. It was not Azure. We switched in large part because that was a region-based company, and they ran into some issues, so we were left for a little while without a cloud environment. When I was comparing this with AWS, as an example, I picked Azure because of the general acceptance of the product in our market and in our space. I felt pretty comfortable going into it knowing that it would be there in five years or ten years as we grow.

I was involved in its deployment from an executive managerial position. It was complex. 

There were a lot of elements that were not obvious even to the point where the documentation was not keeping up with the production. So, we would hit a learning page, and the learning page would be about a prior product than the one we were looking at. It was not relevant to what was in production. My biggest recommendation for Microsoft would be that the learning pages need to be kept up-to-date and relevant to what is current in production.

We started with an integrator. We had challenges with that integrator, so we brought it in-house and finished it ourselves.

We have seen an ROI. We are a cloud service provider, so it is necessary.

Where we are right now, this is an acceptable pricing. I would like to see more transparency given to the end user. The end user given to us is via the cloud service provider. 

There are different programs and license models. Some include this, and some include that. It is all over the place. There can be a little more consistency or simplification in the pricing so that your parts list is not ten pages long, and you are not trying to determine, "If I have an E3, does this cover that?", or "Do I need to pay separately for the license?" Simplification would probably be better. 

To those evaluating the solution, I would advise knowing the goals they want to get to before they start. It can grow very quickly if you just build, but if you have a concept of where you want to end up and you stay within those constraints, then it is a great way to get there.

In terms of Microsoft Defender for Cloud Apps helping us to prioritize threats across the enterprise, we prioritize a little differently. I do not know if the solution helps with the prioritization of that, but prioritization is always important.

We get our threat intelligence from multiple sources. Microsoft Defender for Cloud Apps is one input on that, so it is hard to say whether its threat intelligence has helped prepare us for potential threats before they hit and take proactive steps.

I would rate Microsoft Defender for Cloud Apps a nine out of ten.

Private Cloud

Microsoft Azure

We use Defender for Cloud Apps for shadow IT discovery and managing cloud applications. We use all Microsoft security products, including Defender for Endpoint and Sentinel. Our company has a SOC team that investigates and remediates security incidents in the Sentinel portal.

We only need one dashboard for all Microsoft security products. Sentinel acts as a central system for monitoring and investigating all security data. It's a single feed that covers many solutions.

Defender for Cloud Apps saved us about 20 to 30 percent of our time. We've also saved money. I estimate it's about a 10 percent reduction in costs, but I'm unsure. 

Shadow IT discovery is the feature I like the most. Defender for Cloud Apps provides excellent threat visibility. The solution helps us prioritize threats across our enterprise. We use all Microsoft security products. I had no problems integrating or managing them.

Microsoft's security solutions work together natively to deliver coordinated detection and response. We use Sentinel to ingest security data, which is essential. Sentinel allows us to investigate and respond to threats from one place. I like Sentinel because we can collect logs and data to identify suspicious activity in our environments and establish rules for triggering threat alerts. 

Defender for Cloud Apps is primarily useful for Azure apps. It has limited capabilities for applications based on other cloud platforms. Microsoft security products are excellent in the detection phase, but they should have more features for the response component. 

I would like to see a mobile app for managing Defender for Cloud Apps. We currently use the cloud dashboard, but it would be nice if Microsoft offered more solutions for managing the product. 

I have used Defender for Cloud Apps for one year. 

Defender for Cloud Apps is stable. 

Defender for Cloud Apps is scalable. 

I rate Microsoft's support a ten out of ten. 

Positive

Deploying Defender was a little complex, but it only took a few days. Some of the documentation isn't clear, so I'm a little confused. It doesn't require any maintenance after deployment. 

I do not think Defender for Cloud Apps is expensive.

I rate Defender for Cloud Apps a seven out of ten. It's better to go with a single vendor for all of your security products. When I introduce Defender for Cloud Apps to our customers, most of them have the license, but they do not understand the capabilities. The first thing I do is explain Defender's coverage and functionality, so they understand which features they can apply to their environment. You need to generate a list of requirements first. 

Public Cloud

Microsoft Azure