Microsoft Defender for Cloud Apps Reviews

I work with Microsoft Defender for Cloud Apps by monitoring issues users have with applications, creating policies, reviewing incidents notified by Microsoft Defender, and taking measures to mitigate these issues.

Microsoft Defender for Cloud Apps is very comprehensive, providing a complete 360-degree view of applications within an organization. The tool offers a scoring system that helps track progress in securing the network and endpoints, and it alerts users to security issues in applications.

The documentation could be improved as it is not updated immediately when Microsoft makes changes. Users must wait a few weeks for the changes to be reflected in the documentation.

I have been using Microsoft Defender for Cloud Apps for maybe three years.

Deploying Microsoft Defender for Cloud Apps was easy for me, as long as there is an organized approach and a good technology partner to assist during deployment.

Microsoft Defender for Cloud Apps works very well and I have not experienced issues with stability.

Microsoft Defender for Cloud Apps is very scalable, provided you have the right subscription. Without the appropriate license, scalability is limited.

The support is excellent, and the speed of response is commendable.

Positive

I used Sophos before, and although it's a good tool, I prefer Microsoft Defender for its comprehensive integration with endpoints and firewalls.

The initial setup of Microsoft Defender for Cloud Apps was easy, especially with support from a technology partner.

We had assistance from a Microsoft partner and other companies during the implementation.

The pricing for Microsoft Defender for Cloud Apps is acceptable. If a product is of high quality, it justifies the expense.

I evaluated Sophos as an alternative solution.

No further improvements are needed for now because the suite is very complete. I give Microsoft Defender for Cloud Apps an overall rating of eight out of ten.

Other

We use it in our company for threat detection. My company is into manufacturing, and our IT support is within premises. We don't do client services.

It is a SaaS solution. It is not supported on-premises. The deployment that we have is purely cloud-based.

Cloud App Security is an ever-evolving technology. It is based on artificial intelligence. It uses some data sets that capture all the tools within Office 365 package. It collects all the data majorly in the Office 365 space, and it understands the usage. Across the globe, there might be millions of Microsoft users, and it tries to capture all the data cumulatively and see any anomalies. That is how Microsoft gives you the data. They study different types of organizations in terms of how they behave, what kind of security loopholes can be found in them, and then they give you recommendations. You just implement these recommendations to secure the environment. So, what you get is a tailor-made solution where you can find all recommendations because it is based on artificial intelligence. They give you a tailor-made recommendation to improve your environment. They might recommend multifactor authentication, role-based access, etc. They provide you the classical representation on which users we can target and safeguard more.  All these things are very useful. That's how this tool is helping Microsoft customers, and this is how we have also been using it.

My company relies upon this technology. For us, it is very critical to know any attack beforehand and be prepared for it. In our environment, there are many endpoints, and many devices interact. We have an email system, a storage system, and other systems. The beauty of Cloud App Security is that it can learn data from different applications. For example, Adobe is an application that I'm integrating with Office 365. So, I can expand my horizon of search to that tool and see how that interacts with us. I will get more real-time data, and I will know more use cases about it.

Threat detection is its key feature, and that's why we use this tool. It gives an alert if a PC is attacked or there is any kind of anomaly, such as there is a spike in sending emails or we see an unauthorized website being accessed. So, it keeps us on our toes. We get to know that there is something wrong, and we can isolate the user and find any issues with it. So, threat detection is very robust in this tool.

We can integrate any SaaS-based application with it. It can scan your network and physical devices and the software that you're using. It tries to fetch cumulative data when there are any authentication-related attacks or any network-related attacks and gives us some kind of intimation. We get real-time graphical data, and then we need to do our work to solve the problems.

The product is great. The major benefit is that it is a Microsoft tool. So, if you're in a Microsoft ecosystem, this is the best tool that you can get in the market. In terms of experience, it is unlike any other tool. It is good enough to do all the jobs that other tools are doing. So, you don't need any other tool if you are using it in a Microsoft ecosystem. 

The response time could be better. It will be helpful if the alerts are even more proactive and we can see more data. Currently, the data is a little bit weak. It is not complete. I can't just see it and completely know which user or which device it is. It takes some effort and time on my part to investigate and isolate a user. It would be great if it is more user-friendly or easy for people to understand.

If it is an Office 365 product, I expect it to be in the admin center. That way I would know that this is a part of Office 365. It feels like there is a mismatch, or they are trying to separate the product or do something like that. They should have streamlined the product.

It is not always accurate. Sometimes, there could be some hiccups, and you see false positives, but security is not always reliable, and you cannot depend on one tool to give you all accurate results. It gives me a report that I can see, and if needed, I can act proactively on something. If it is a false positive, it is fine. If it is not, we know that we have done something about it.

We implemented it probably in 2019.

It is a new thing for Microsoft, and it still has a lot of room to improve.

It is completely scalable out-of-the-box. It is completely in interaction with Office 365 services. It can go up to as many users as you have. So, if you have 100,000 users, it is capable of supporting them. I have some 50,000 users, and I'm happy that it is capable of doing that. We have implemented it 100%, and we are happy with what we have got.

It is good for an enterprise company. It is not for a small-scale business. 

We don't require support frequently. I would rate them a seven out of 10. If you have a critical situation, you cannot expect them to give you a call immediately. My experience has not been so great with their paid support in terms of time. Sometimes, they don't even call you back, but when you do get support from them, they are excellent. So, you can't rely on them, and their response time can be improved, but their documentation is good enough. We can read the documentation and help ourselves.

Before this, my company had some tools, but I'm not sure about them. They probably heavily relied upon Splunk and other APM tools. They have had this tool from the time I have been here. Personally, I haven't worked on technologies outside of Microsoft.

It is very easy if you know what you're doing. You just click on the Next button multiple times, and it is complete. It is well-documented in the sense that we know what we can expect from the tool. The documentation is great, and the support is also excellent. So, my experience was very smooth, and it was done in a day.

It does not work on every license. You have to be an Enterprise customer, and you have to have a specific license to have the full benefits of it. So, you require the correct license, and you also need a certain amount of time for it to propagate. It is not immediate. Based on what we were told by Microsoft a few years ago, it takes 24 to 48 hours. They might have improved upon that. It tries to capture the complete environment details, and then it gives you a cumulative experience.

We work around the clock. We have six admins at different time zones who work with this solution.

Its pricing is on the higher side. Its price is definitely very high for a small-scale company.

As an enterprise client, we do get benefits from Microsoft. We get a discounted price because of the number of users we have in our company. We have a premier package, and with that, we do get a lot of discounts. There are no additional costs. It only comes in the top-tier packages. Generally, the top-tier license is the best license that you can get for your organization. If you want, you can buy it separately, but that's not a good idea.

This tool alone is not a great investment, but when you get it as a part of the package from Microsoft, it is good. Along with Microsoft Teams, Office, Exchange, SharePoint, and other solutions, this added feature of an extra layer of security makes a lot of sense. If you are only using this tool, and it is not in a Microsoft ecosystem, then it is not worth it.

For Office 365 environments, there is a great add-on benefit that comes with the Microsoft licensing package. If you have a Microsoft ecosystem, you can get it, and there is no need for any other tool. If you're not in a Microsoft ecosystem, don't bother buying it. It is a good competitor to other products such as Splunk. 

It has not affected our end-user experience in any way. The reason being this is an admin-oriented program, and it does not involve any end user. It just collects data from end-users and gives it to us. After that, it is up to us to act upon it. It does not do anything on its own. It is a threat detection tool, and it doesn't do anything on its own. We have to act to resolve a problem. For example, it will only say, "There is a user who is doing this. Do you want to act upon it? Yes or no?" Based on that, as an admin, we can do certain tasks remotely. The end-user will not know about it. We will see if there is a real threat, and we'll act upon it.

I would rate it a 10 out of 10. It is improving, but it still needs more improvements.

Public Cloud

We use Defender for Cloud Apps for shadow IT discovery and managing cloud applications. We use all Microsoft security products, including Defender for Endpoint and Sentinel. Our company has a SOC team that investigates and remediates security incidents in the Sentinel portal.

We only need one dashboard for all Microsoft security products. Sentinel acts as a central system for monitoring and investigating all security data. It's a single feed that covers many solutions.

Defender for Cloud Apps saved us about 20 to 30 percent of our time. We've also saved money. I estimate it's about a 10 percent reduction in costs, but I'm unsure. 

Shadow IT discovery is the feature I like the most. Defender for Cloud Apps provides excellent threat visibility. The solution helps us prioritize threats across our enterprise. We use all Microsoft security products. I had no problems integrating or managing them.

Microsoft's security solutions work together natively to deliver coordinated detection and response. We use Sentinel to ingest security data, which is essential. Sentinel allows us to investigate and respond to threats from one place. I like Sentinel because we can collect logs and data to identify suspicious activity in our environments and establish rules for triggering threat alerts. 

Defender for Cloud Apps is primarily useful for Azure apps. It has limited capabilities for applications based on other cloud platforms. Microsoft security products are excellent in the detection phase, but they should have more features for the response component. 

I would like to see a mobile app for managing Defender for Cloud Apps. We currently use the cloud dashboard, but it would be nice if Microsoft offered more solutions for managing the product. 

I have used Defender for Cloud Apps for one year. 

Defender for Cloud Apps is stable. 

Defender for Cloud Apps is scalable. 

I rate Microsoft's support a ten out of ten. 

Positive

Deploying Defender was a little complex, but it only took a few days. Some of the documentation isn't clear, so I'm a little confused. It doesn't require any maintenance after deployment. 

I do not think Defender for Cloud Apps is expensive.

I rate Defender for Cloud Apps a seven out of ten. It's better to go with a single vendor for all of your security products. When I introduce Defender for Cloud Apps to our customers, most of them have the license, but they do not understand the capabilities. The first thing I do is explain Defender's coverage and functionality, so they understand which features they can apply to their environment. You need to generate a list of requirements first. 

Public Cloud

Microsoft Azure

We use it for security and compliance. We use it for alert policies on activities happening on some of our on-premises and cloud applications. We also use it to restrict some users from downloading files from OneDrive or from some of the applications that we have. In addition, we integrate it with the Azure Active Directory Conditional Access policy.

It gives our clients a sense of confidence that in case there are activities on some of their applications, they will get an alert and the issue will be mitigated, based on the action that has been set. It gives them a sense of comfort that the product helps them secure some of their applications. It depends on the admin who is managing the product. If the admin is not knowledgeable, it might be an issue. But if the admin is knowledgeable, the organization can rest assured that it is covered when it comes to malicious activities on some of its applications.

I like the alert policies because they are quite robust. It has some built-in templates that we can easily pick up. One of them is the alert for mass downloads when a particular user is running a massive download on your SharePoint site. If a user is downloading multiple files in an unusual manner you get an alert.

Another built-in alert is what we call an "impossible traveler alert." If a user logs on from a US IP address at 10:00 AM and, less than 30 minutes later, the same user shows as being logged on from an IP address in the United Kingdom, there is no way you can travel from the US to the UK in 30 minutes. That alert will be triggered.

You can also input an action to be triggered for an alert. You block the user or just alert the admin or manager of that user.

It also comes with in-depth visibility, whereby it creates a pattern. If a user has been flagged multiple times, you can see that pattern. It shows you the IP addresses from which that user has been signing in recently. And it provides you with the kind of suspicious pattern that this particular user has been using over time. So it has very robust visibility.

It also gives you a graphic interface, which is something that I enjoy. If an alert is a very high risk, you see it in red, while if it's medium, you see it in yellow. A low risk doesn't come with any color. It gives me an appreciable pattern of user activities. It covers one month in case you want to deep dive to see the login pattern for your user.

Also, we currently use Defender for Identity, Defender for Endpoint, and Defender for Microsoft 365. All of them have been integrated into our plans. It was quite easy to integrate them. It's just the click of a button to activate it and then a matter of configuring your alert policies. Defender for Cloud Apps works together with Defender for Endpoint as well as with Azure Active Directory. With the latter, you can use the Conditional Access policy to integrate them so that they work together seamlessly.

The fact that these solutions work natively together gives us the advantage of having multiple security solutions doing different things. It's very important for them to work seamlessly together.

One challenge is integrating the cloud apps with third-party and on-premises systems. We have had some scenarios where some third-party systems were not compatible with them. Apart from that, it's quite easy to integrate.

Microsoft has also been able to bring all the security features to a particular portal, so you don't have to look around. But I've heard about some negative effects as a result, as the portal is now cumbersome. You have a whole lot of products there and it makes the whole portal jumbled. It's not bad for me because I just have to go to that particular portal and check whatever I have to check.

It doesn't actually decrease the time to respond. This has been an issue with Microsoft recently. Sometimes, there is a delay when it comes to getting an alert policy email. I can't stay on the portal all day looking through alerts that have been triggered. So we create a flow whereby, if an alert is triggered, an email should be sent. Sometimes it takes two or three hours for that email to be sent. The response time, sometimes, can be very slow.

I have been using Microsoft Defender for Cloud Apps for three to four years.

Performance-wise, the stability is good, but I wouldn't say very good because of the email alert delay issue I mentioned. But when you configure action and particular parameters, the option is carried out, more or less like an automaton.

It's scalable. Once you have acquired the license, you can easily deploy it and add more users to the policies you have configured.

We run a hybrid environment. We have four sites on the domain controller. It is deployed both for users on the cloud and on-premises in different locations. We have some located in the US and some in Europe. So we have the product across multiple locations.

Some of the policies we have configured cover 500 users and one of them covers over 500 users.

I've seen an improvement, over time, in the comprehensiveness of the protection our Microsoft products provide. They are improving on the products year over year. I remember quite well when Defender for Cloud Apps started, there were limited third-party applications that you could integrate with it. But now, there are multiple options for third-party applications that you can integrate with. There are also features that have been added to it. Microsoft is working to improve on it.

We did not have a previous solution.

Since it is embedded with some of the Microsoft 365 licenses, it is like an add-on, and you can create robust configurations with it. You're getting an additional value for the license you have. To me, that is a return on investment.

The pricing is fair. One good thing about Defender for Cloud Apps is that it comes with some of the Microsoft licenses: Microsoft 365 E3 and E5. It also comes with EMS, the Enterprise Mobility & Security.

My advice would be to do an assessment of whether you actually need this particular product. Some people confuse Defender for Cloud Apps with Defender for Microsoft 365, but they are two different products. You also need to confirm if it supports the applications you want to protect because there are some applications that have yet to be integrated with it. Apart from that, it's a good product for any security admin to use.

When it comes to helping prioritize threats, it depends on the angle you're looking at the results from. It can help 50 percent. When you look at the pattern of alerts over time, it can help you prioritize. But if you're looking at it in general, it is not going to give you that visibility into prioritizing.

Defender for Cloud Apps has a little bit of automation for routine tasks, but it doesn't really give an admin automated processes. And when it comes to taking proactive steps, it's more Defender for Endpoint that helps there. Defender for Cloud Apps doesn't help you to prevent an impending attack.

If you are looking to protect your environment, you need to spend more money. I wouldn't say that this solution helps to save money. But by protecting your financial documents from fraud or from an angry worker that is about to leave, it helps in saving money, but not in terms of cutting costs.

The maintenance is not significant because you don't need to update anything. All you have to do is go to your portal and check for and investigate any alerts. Maintenance is handled by Microsoft.

And in the "best of breed versus a single vendor" debate, you should just have a single vendor. In this case you know, "Okay, it's Microsoft," and it's best to just stick with what you know. It depends on what works for you though. For somebody who is comfortable using third-party products with Microsoft, maybe that will work for them. But for me, what is comfortable is using Microsoft products.

We use it to protect our users' devices against attacks. 

We see stories about attacks in the news, including phishing and spam, Defender helps protect us.

It also gives us an ecosystem. We have one portal where we can manage everything. We don't need to log in to another portal to manage the devices, the antivirus, Defender, or Office. It's a single place to manage everything and that's very good.

It's very easy to install and it includes the Intune portal from Microsoft where I can control all the devices from one place. And because it's a Microsoft product, it integrates with Windows 10 and Windows 11. We don't need to buy anything else.

We have an M365 license and we have an Office admin portal. I manage all the users and licenses through the portal, making it very easy to manage. We have a lot of users coming in and going out of the company, and this makes it simple to provide licenses to people.

I would like to see them include more features in the older licenses. There are some features that are not available, such as preventing or analyzing cloud attacks. We have Defender P2 licenses and Microsoft proposed P3. If it included what was in the old package, such as the M365 license and Office, that would be very good.

I have been using Microsoft Defender for Cloud Apps (MDA) for two years.

The stability is very good. We haven't had downtime. When we receive a message that the service is down, it's only for a few minutes and then all is good. That's true for the whole Microsoft universe, since we use Outlook and Teams.

We haven't had any problems with scalability. We moved all devices from Windows 10 to 11 and it was very easy. We didn't need to test the machines. It worked very well.

We have 50 users of the solution.

The support from Microsoft is very good. Their chat system is very good because it's an alternative to phoning and it's very quick. Through the chat we quickly have someone to respond to our questions.

Positive

At first we used Panda, and after that we had McAfee. We replaced McAfee with Defender. Panda's client was very heavy on the device and, with McAfee, the benefit versus the cost was not so good.

Also, I spoke to colleagues at other companies that have implemented the solution and they said it's very simple to install.

We have seen ROI because there have been some attacks, but they have always been contained.

It's expensive because we have to pay for an M365 license and it is included in the package.

We tested Cisco Umbrella but the price was a little higher than Defender's price, and it would have been another product to install. Defender was almost "included," meaning it was easy to install.

One thing our clients want to know is what cloud applications their users are using. When you enable Cloud App Security, you can sweep up all the applications that the endpoint is using, such as Dropbox, Box, or OneDrive. 

At Microsoft they use OneDrive and would probably want to restrict it to just that, unless there was a compelling reason to use a third-party application. With Cloud App Security, you can find all the users who are using Dropbox, for example, and then you can sanction those applications and prevent users from using them.

We also use that for alerting and creating policies for notifications and alerts.

The ability to prevent users from using certain applications is one of the most valuable features. It doesn't require any configuration for implementation from the client perspective. It just works right away and gives you the information you need. There are other features that you do need to configure. For example, the capability of the solution to discover the apps.

Another helpful feature is that you can add some connectors, not only from Office 365 and Azure, but external connectors. If you have logs from Palo Alto or Cisco, from  Barracuda, Checkpoint, or SonicWall, you can ingest them into Cloud App Security. It integrates well with third-party vendors.

There were things that were lacking but they are available in the newer version, such as an integration with the threat protection that Microsoft has with Microsoft Defender. However, I believe it's only set to be integrated with Microsoft Defender for identity and identity protection. I would like to see it available for use with something like Office 365 Defender. I don't think it's integrated with that yet.

I have been working with Microsoft Cloud App Security for three or four years.

We're a Microsoft partner, so we do pretty much anything Microsoft, including security, endpoints, and cloud. We don't do website or application development. We focus on architecture, infrastructure, security, and delivery.

It is stable. I haven't seen it go down.

You don't have to worry about the scalability because it's a SaaS application. As you add logs and data sources, it builds up. But you don't have to worry about the scalability because it's in the backend.

It's a little bit hard to deal with Microsoft tech support, especially on Cloud App Security. It's hit and miss. It depends on your type of support. If you have premier support, you get an okay type of response. They definitely need to up their tech support. There should be some improvement in that regard.

The initial setup is simple because it's software as a service. You don't build a server and you don't do upgrades. There is no OS. It's built into the cloud. All you have to do is purchase the license.

In terms of maintenance, it's all Microsoft. All you need it to do is configure it so that it will work for your unique environment, according to your organization's requirements. There is nothing else to worry about.

It comes as part of a bundle. If you have the Microsoft 365 license called E5, it comes with that. Otherwise, if you're going to buy it a la carte, the pricing can vary. Because we're a Microsoft partner, we get discounted pricing.

It doesn't require a long configuration process. There's no testing. You just need to tailor it to suit your organization's needs in terms of the data and the information that you want to get. In terms of discovering apps, it works pretty much out-of-the-box. It presents you with the data. The only decision that you need to make is whether to sanction an application. And then you have to sanction it and set up an alert if users are using a sanctioned application.

We have several use cases including file monitoring, unusual travel activities, user investigation, and activity. It pretty much covers every activity based on the cloud.

It helps prioritize insider threats. You can take the necessary actions once you get the logs. And when it comes to malware, if a file is uploaded that potentially has malware, the solution is also very useful. It gives you an alarm on the basis of the hash value of that file.

It is very useful for investigating file exfiltration threats. When it comes to data that is stored in the cloud, you really need to know what is stored there—the contents. You can create many protocols or rules in the tool to know the contents and who the owner is of a file. If we are investigating a threat or alert, it has a really good scope. You get really good details from it.

Overall, the solution has saved us time. For malware, it has an automated investigation feature integrated with Microsoft Defender for Endpoint. If there is suspicious behavior or a malicious file in your computer, it will give you a complete timeline showing how it behaved, how it was executed, and how the file has interacted with the other entities on your machine. You don't need to hunt for the logs. You can just look at the storyline of execution and that saves a lot of time.

It provides real-time detection, most of the time, for malware and other threats. Sometimes, the automated investigation takes some time, although not too long. It provides a smooth flow of investigation, giving you precise data. It saves time compared to manual investigation and the precision is good. On average, it will save one or two hours compared to a manual investigation, depending on the experience and proficiency of the analyst who would do the manual investigation.

In Microsoft Defender for Cloud Apps, there is an option to enable files. Once you enable that, it will give you all the files in your organization and where they are located in the cloud. If you are investigating a data breach and you want to get ahead of the investigation, the first thing you can do is a filename search: Where was it located? What was the file movement? What activity happened with the file? You get all the logs. That feature is very useful for investigation purposes.

It also shows user activity. If we are investigating a user for possible data breaches, we can enter the user's name and see the activities that the user has done. Based on that, you can take the necessary action. It gives you all the logs for that particular user. That feature is also very interesting and useful.

I use more than one Microsoft security product, including Defender for Endpoint as well as the Microsoft compliance portal, which is called Microsoft Purview now. It is integrated with Microsoft Data Loss Prevention. I also use Microsoft Defender for Identity. It is used to see if there is any suspicious traffic coming through your domain controller. In total, I use four Microsoft tools and all of these products are integrated. Internal integration of Microsoft products is quite simple. You just need to create one instance and that's it.

They are like the same product. Whatever information you'll get from one tool is the same information you are going to get from another tool. There will be no inconsistency in the data. They are getting logs from one place, not from different sources, so they are coordinated. If they did not work together, there would be a lot of confusion. If one tool is sent an alert and another sent an alert for the same file, that would be a complete ruckus. It has to be well coordinated.

These solutions are quite comprehensive. Most of the time, they provide alerts in a very detailed manner and it is very easy to investigate. While there is some scope for improvement, it is a very good tool for investigating the security threats we are getting. It's quite comprehensive and really good.

The visibility it provides is quite good. You get all the logs for investigation purposes. But there should be more clarity on what is happening with a file. Sometimes, we'll get false positive alarms. For example, when a SharePoint path has no file sharing, but there is an external user, it will trigger an alarm that the file has been shared with an external user. It happens because an external user has access to it but, in reality, he doesn't access it. But you need to check whether anyone has accessed the file and that takes some time. While giving the alert, if it could be more precise in terms of what happened with that file—why it is giving the alert—it would be more convenient for the investigation and save a lot of time.

The alerting mechanism should be more precise when giving you an alert about what activity has been done with the file, whether it was shared or whether it was in a path where an external user had access to it.

Also, Microsoft should provide more automation features. At this time, they are limited.

We have been using Microsoft Defender for Cloud Apps for about one and a half years.

There is no downtime. The tool is always available.

It's scalable. You need to purchase more licenses if you want to deploy more.

Microsoft technical support depends on the individual who responds. Some Microsoft SMEs have the knowledge and some don't, to be very frank. They'll just go according to a template but they don't have really good investigation skills.

Microsoft could offer much more proficiency in terms of support. They need more individuals with the ability to resolve issues. At the moment, I would rate it as average.

Neutral

I did not work with a previous solution for cloud apps. For antivirus, I worked with McAfee.

I didn't deploy it, but in my experience, it takes time to learn how the features work because most things are not covered in the Knowledge Base that Microsoft has provided. They don't mention what these things are and how they work in the background. It takes an appreciable amount of time to understand how these tools work.

Microsoft Defender for Cloud Apps is only deployed through the cloud. You need to integrate your Azure AD with Cloud Apps. Once you have done that, you don't require a separate deployment model.

In terms of Microsoft Defender for Endpoint, you need to onboard it to your devices through a script. To do that, you can use Intune, SCCM, or many other tools. Intune is native to Microsoft, but SCCM is a third-party tool. You can even deploy it manually.

There is some maintenance involved. The onboarding package can have communication issues and sometimes the antivirus services stop due to malfunction. There are many things that require maintenance. The number of people needed to handle the maintenance depends on the volume of devices you are maintaining.

The E5 license offers everything bundled. People are moving to Microsoft because you buy one license and it gives you everything. That's the reason many companies are attracted to these tools. That is much more beneficial than buying all the suites separately. It's quite economical.

If you are keen on keeping your enterprise safe from external users, so that your files are confidential and external users don't have access to them, you can create a rule in Microsoft Defender for Cloud Apps. If it detects an external user has been added to that file or is collaborating on it, an automated governance action can remove that access in near real-time. We are not using the automation feature at the moment because it can create unwanted results. The scope of the exclusion is very limited in the policy.

In terms of a single dashboard, you need a SIEM tool like Microsoft Sentinel to integrate everything into a single dashboard. But at the moment, without that suite, we need to look at our four tools separately.

Potential threats are mainly detected in terms of hash values, malicious IP addresses, and malicious domain names. If you are looking to protect your environment, you can enter these details into Microsoft Defender for Endpoint. Microsoft Defender for Endpoint enables you to add indicators of compromise and it will protect against those entities.

Regarding going with a best-of-breed strategy rather than a single vendor security suite, both have pros and cons. It's not a black-and-white area. If you are going with one vendor, it will collect the logs in a single way. Everyone who looks at them will say, "This is the issue." It won't give you a different point of view. But if you are using another security product, it will have another methodology to collect and integrate the logs and present the information to you. One security tool can miss something that another security tool will catch. Having more than one will give you diversity in terms of alerts and analysis. But on the negative side, when you have more than one solution, you need to purchase separate licenses and spend some more money.

It depends on the budget of your organization for the security team. If you have a big budget, of course, you can diversify. You will benefit more from having different tools as they will, obviously, decrease the chances of getting hit by malware. But it will cost you more. If you have a limited budget, then you should go with a single tool. If you take the financial considerations out of the discussion, Microsoft pretty much covers everything and you should go for a single solution.

Overall, Microsoft Defender for Cloud Apps is very convenient for investigation, in terms of security breaches, or if there is file exfiltration. It's a handy tool.

We use Microsoft Defender for Cloud Apps for endpoint management.

It is good for compliance and is effective from the standpoint of risk management.

The most effective features for data protection are data loss prevention (DLP) and data classification.

The product is very good so far, however, it would be better if it could include more up-to-date threat protection.

I have used it for almost two to three years.

The solution is stable, and I would rate it a nine out of ten.

The solution is scalable, but I would rate it between six to seven out of ten.

Microsoft technical support is very good, and I would rate it nine out of ten.

Positive

The setup process usually takes five to six hours. However, from installation to configuration, it took a lot of time in our case.

The maintenance is done by a different team, and we support that maintenance.

There is financial benefit from using the product, however, I don't have the numbers currently.

Honestly, it is expensive. I would rate the price as eight out of ten.

It is always better to contact the technical team for any feedback because they are the engineering team.

I'd rate the solution nine out of ten.

Hybrid Cloud

Other