Microsoft Defender for Cloud Apps Reviews

I am not sure if the product has improved our organization yet. However, it certainly gives another level of confidence that the assets are secure. We are aware of the activity in the tenant.

The product’s most valuable feature is SQL database. It notifies us even in case of false positives when people log in after a long time and when we're out of compliance with the security baseline.

Microsoft Defender for Cloud Apps’s technical support services needs improvement.

We have been using Microsoft Defender for Cloud Apps for three years.

The product has good stability.

The product has good scalability.

The technical support services need improvement. They take a while to get responses. Their first-level engineers are generally not skilled. It takes time to get an engineer who can help us. Usually, whenever we come up with a problem, it is something that we can’t figure out on our own. We have to go through the process of submitting a ticket, waiting for a callback, and then finally getting help.

Neutral

I have used other products while working at other places. They all are more expensive than Microsoft Defender for Cloud Apps.

The initial setup process was simple. We had to merge the landing zone and part of a template. Later, we started the portal and selected resources we wanted to protect along with the level of protection. The implementation strategy is to just start using it.

We did the product implementation ourselves.

I haven't tracked an ROI for the product. It was set by default while setting up Azure Tenant. It has been successful in monitoring activities and keeping the network safe. It is less expensive than buying a separate license. It provides ease and convenience of use. We just turn the product on by default.

The product has helped save a medium amount of money. It has pretty good pricing.

I don’t know if the product provides a single pane for managing immune access. We connect it with the Active Directory and other similar tools. It helps save a low amount of time.

I advise others to try using Microsoft Defender for Cloud Apps. I rate it an eight out of ten.

We use it to protect our users' devices against attacks. 

We see stories about attacks in the news, including phishing and spam, Defender helps protect us.

It also gives us an ecosystem. We have one portal where we can manage everything. We don't need to log in to another portal to manage the devices, the antivirus, Defender, or Office. It's a single place to manage everything and that's very good.

It's very easy to install and it includes the Intune portal from Microsoft where I can control all the devices from one place. And because it's a Microsoft product, it integrates with Windows 10 and Windows 11. We don't need to buy anything else.

We have an M365 license and we have an Office admin portal. I manage all the users and licenses through the portal, making it very easy to manage. We have a lot of users coming in and going out of the company, and this makes it simple to provide licenses to people.

I would like to see them include more features in the older licenses. There are some features that are not available, such as preventing or analyzing cloud attacks. We have Defender P2 licenses and Microsoft proposed P3. If it included what was in the old package, such as the M365 license and Office, that would be very good.

I have been using Microsoft Defender for Cloud Apps (MDA) for two years.

The stability is very good. We haven't had downtime. When we receive a message that the service is down, it's only for a few minutes and then all is good. That's true for the whole Microsoft universe, since we use Outlook and Teams.

We haven't had any problems with scalability. We moved all devices from Windows 10 to 11 and it was very easy. We didn't need to test the machines. It worked very well.

We have 50 users of the solution.

The support from Microsoft is very good. Their chat system is very good because it's an alternative to phoning and it's very quick. Through the chat we quickly have someone to respond to our questions.

Positive

At first we used Panda, and after that we had McAfee. We replaced McAfee with Defender. Panda's client was very heavy on the device and, with McAfee, the benefit versus the cost was not so good.

Also, I spoke to colleagues at other companies that have implemented the solution and they said it's very simple to install.

We have seen ROI because there have been some attacks, but they have always been contained.

It's expensive because we have to pay for an M365 license and it is included in the package.

We tested Cisco Umbrella but the price was a little higher than Defender's price, and it would have been another product to install. Defender was almost "included," meaning it was easy to install.

The solution is primarily used for cloud visibility and getting a better understanding of what the data footprint is, including what kinds of files are exposed, and getting our heads around compliance. It's a component that adds DLP. Presently, there are two separate DLP policies between Microsoft's traditional DLP and the MCA DLP. 

The solution is bundled with E3 and E5 licenses. That's the reason it's most commonly deployed. It's part of the bundle. It's not a separate cost.

If your business requirements are relatively simple, it can get the job done. 

If you have more elaborate needs or if you have some more sophisticated use cases, for example, if you need an in-line component, or if you need to distinguish between sanctioned and unsanctioned applications, this solution doesn't cut it. You need to have some other solution.

Microsoft seems to want to mitigate that visible gap by deploying Microsoft DTP Defender for the in-line component. If you consume Microsoft, the more pieces you have, the better it is, although that's not necessarily true, technically speaking. They have limited deployment options. You have limited use cases for an endpoint with the firewalls port for IP tunnels for real-time traffic interception. You have to rule the endpoint. It's a less flexible deployment than the more mature players.

There are challenges with detection and there are challenges with false-positive rates.

They're improving it all the time. I haven't looked at it for six months or so, however, the last time I looked at it, they had to be configured in two different spots.

I've been dealing with the solution for a while, on and off. 

A lot of customers that we work with have the solution installed today and we see them running it by themselves as well.

The solution is stable. I haven't bumped any stability issues.

I haven't tested the scalability. I don't have any opinion on the scalability. It seems to me that it fits the customer's needs from a scalability perspective.

I don't work with technical support directly.

The solution is super easy to configure. All it requires is an admin for the various apps. Once it's authorized it can start the scans. Mainly, you need to be mindful of policies and what you're looking for. Tuning policies and making sure that your policies are set properly is important. It's very easy to do, especially the out-of-box stuff. 

You can buy it alone, however, it's not worth it. Nobody buys it alone as it's not that good as a standalone product. It's better as a part of the E3 and E5 suites. We don't sell it.

We're a Microsoft partner.

I'd rate the solution at a seven out of ten.

Mainly you want to just be clear on what your use cases are, and what you're trying to accomplish, as everything's use case driven. If you know what you need to accomplish from a security strategy standpoint, it's better. For example, it might be helpful for compliance or having an understanding of where sensitive data is. It might be part of a broader initiative around classification and data protection. Having those use cases written out first and going from there is better. Then, I suggest taking a measured approach as you go in. Implement it right. Test for or validate that the policies that you have in place are working as expected. However, you have to build out requirements for the policies. 

If there's any data that is taken out from their corporate applications, on their managed devices, and being taken out and stored somewhere else, on an application that is not managed, they don't have visibility on that.

Therefore, with Cloud App Security, the main use case is to identify information about applications that are way beyond their boundaries and to understand what people are accessing them as well as if those applications are safe or not. It's a Shadow IT discovery solution.

Apart from that, it's a solution used to protect corporate data from being taken out of those applications and being shared externally with people who are not meant to have those documents or data. It's a solution designed to prevent exfiltration and data filtration of corporate data from those applications to unknown people that may happen without proper visibility.

Basically, it's used for two purposes: providing control of the data that is in cloud applications, and shadow IT discovery. That's the major purpose of Cloud App Security.

This solution acts as an identity and posture management assessment solution also. When you have your on-prem AD integrated with Defender for Identity, it can understand your identity posture.

It can understand things like your Active Directory spread or the current state of your Active Directory on certain recommended practices. For example, if users in your organization are not using secure log-in methods. If their LDAP authentication is not secure, you'll get that information. That's identity and posture management. For your on-prem AD, if you have the solution deployed, which is Defender for Identity, it'll give you an understanding of your identity state, of your on-prem AD state, and give you recommendations accordingly, on what needs to be changed and managed, to make sure that you're secure.

Apart from that, it also integrates with third-party solutions and services. For example, in an organization with multiple cloud applications. Typically, you don't have visibility over user activities or logs. You don't have control over the data. If a user logs in from one location and then the user logs into that application from another location, you don't have the visibility as you don't have ML and AI capabilities inbuilt. With this solution, once it integrates with those applications, it has inbuilt default functionality of ML and automation. It is able to understand the user's behavior and identify inconsistencies in user accounts, for those applications, and can give you suggestions or raise alerts. 

The solution does not affect a user's workflow. It is not a user-specific solution. Users would not see the change in their usual behavior and their usual activities as such. The user does not really know what's happening in the background. The Cloud App Security is a solution for your whole organization, to make sure that you're monitoring the right activities - for example, those activities that are really uncommon - or specific activities that you want to monitor. The company has the ability to create Cloud App Security policies for sets of users, however, the users themselves do not see or feel the impact. 

An IT administrator manages the solution and it gives them a lot of information. They can see a lot of detail around how other users interact with data and applications across the company, and if anything unusual happens. 

The integration with macOS operating systems needs to be better. The Cloud App Security integrates with Windows Defender for Endpoint, which is able to monitor the traffic from Windows 10 operating systems. When it integrates with Defender for Endpoints, the macOS capability does not let you directly see the shadow IT discovery. You have to be in your network, to be able to see if any activity from a macOS operating system is happening. If you're working from home without a VPN connection nowadays, which is the usual case for a remote workplace, you can't really monitor or track the activities in the shadow IT that users are using offsite on macOS operating systems.

The Cloud App Security integration with external DLP solutions is not so seamless. There are solutions that you can integrate with Cloud App Security as an external DLP solution, however, it's not so seamless that you can have the integration with the endpoint. It's there, yet, it's not so seamless and integrable.

I've been using the solution for the past five years.

It's been stable for the past little while. The improvement has been immense, however, overall, it's a stable solution. It has not changed so much. Of course, the implementation of feature sets and improvements have happened, although they're almost similar. I would say it's a stable solution in general.

An average organization would almost utilize 100 to over 150 applications. They wouldn't really have an understanding of what activities are happening across those corporate applications. You can integrate N number of applications. There are approximately 16,000 plus applications that you can monitor and integrate with Cloud App Security. Then, based on those applications, you can understand the users' behavior.

The benefit you get is that you are able to monitor all your applications and control the data that goes out of those applications. You can also control any sort of activity, which you feel should not be happening on that application. The user can be prevented from doing certain activities. Cloud App Security helps you do that across as many apps as you want.

In terms of users. the default Cloud App Security is just a license-based solution. As long as you have users in your organization, you just buy licenses from Microsoft and assign those licenses to your user accounts. It's very scalable. 

There are a few parts to it. For example, shadow IT discovery, which is an added feature that allows you to be able to implement additional users in your organization. The Cloud App Security will also require additional infrastructure. Let's say if the data set that Cloud App Security is absorbing at a particular time span, if it increases, then you probably have to implement additional on-prem resources or cloud resources for it to be able to track all of the network data.

Depending on the data set that you're ingesting in Cloud App Security, you might have to increase your workload on-prem. Other than that, Cloud App Security itself is a very scalable solution.

When it comes to the size of organizations I've worked with, I should note I am personally a Microsoft consultant only. I work on Microsoft projects and with Microsoft's clients only. I've worked with organizations with 15,000 users and an organization that has approximately 6,000 users. I've worked with organizations that have 500 users. The size of the company varies.

Microsoft has different support tiers. If it's Pro support I would rate it at a seven or seven-and-a-half at a maximum. There are Premier support services and there are Professional supports, another type of support service. Premier support service is very good. I would rate that at an eight-and-a-half or nine. 

Pro support is if you buy a basic license for an organization. It's not so great and yet still good. For Pro support, you usually do not get routed to Microsoft people. Those are generally people who are third-party support service providers.

The problem is, specifically in India, it's also specific to locations, as sometimes if you're working in a different location, you get different support. As I mentioned, it's third-party support usually that you get with Cloud App Security or any Microsoft solution Pro support.

The level of knowledge you get is totally dependent on how the organization and how the third-party service provider is. Usually, there are time delays. Sometimes their initial response will happen, and then they will take time in responding back and/or aligning a resource. Sometimes that resource is not technically advanced or technically skilled and can't fully understand the problems at hand. In that case, they require escalating most of those cases to the technical consultants. If it's a typical question, a typical scenario, I would say it's good. Cloud App Security is a beast of a product, so the major issue is with the Pro support.

If it would have been directly with Microsoft, this help has been really good, however, it's a third-party service provider who's helping you out, and they just don't have the insights an actual Microsoft user has. 

I don't have any experience working with a third party or a competitor of Cloud App Security, however, I know there is one called McAfee, which is supposed to be equally good.

McAfee offers a cloud app security service that is very, very good and close to what Microsoft offers. That is what I understand from customers and the discussions I've had surrounding it, though I have not really worked on McAfee. What I understand from customers is, Cloud App Security, the integration, the capabilities that it has to offer, are much more advanced. For example, Microsoft's identity posture assessment. There is no solution in Europe, anywhere, which offers such a capability. It's an integrated solution with Defender for Identity, however, it's a service that Cloud App Security at least offers, which otherwise would not be available.

Similarly, integration with the number of applications, as I mentioned, is great with Microsoft. The capability for you to monitor and route your traffic for all of these different applications, and to be able to analyze the traffic from those corporate applications is important.

The reverse proxy capability that Microsoft Cloud App Security offers is really good. It lets you track anything in real-time, and monitor all those things, which is not possible using other solutions.

The initial onboarding of Cloud App Security with Office 365 is pretty straightforward. For an organization that does not use Office 365 as its primary SaaS application, you will still have to follow a few steps, however, those are also straightforward steps.

In general, I would say, Cloud App Security implementation, within the initial adoption of an application, is very seamless. 

The time it takes to deploy depends on the use cases. If you're talking about a simple activation of Cloud App Security, and enabling and monitoring the activities of certain basic applications, it shouldn't take more than a few hours for integration. If there are more complex situations, more complex scenarios, depending on what the scenarios are, then there may be a little bit more effort and time required. Other than that, if the default integration with applications is already there, it should not take more than a few hours to have it up and running.

I've worked with almost eight to 10 customers using Cloud App Security. This is Microsoft Cloud App Security. Cloud App Security has two offerings. One is Office 365 Cloud App Security, which is a basic cloud app security. Then there is Advanced Cloud App Security which is called Microsoft Cloud App Security.

The Office 365 one, the one which you get with E5 licenses, it'll give you basic Office 365 monitoring and snapshot reports, but not a whole lot of capabilities.

That said, I don't have any information about the actual costs of the license themselves. 

I deploy this solution. I don't utilize this solution as a solution for my organization, and instead, deploy this solution for clients. I'm a consultant for this product. My company is a Microsoft partner. 

This is a SaaS application.

I would advise new users to first try to identify the applications which are corporate-owned applications, be it if it's an on-prem application or if it's a cloud application. Once you identify all those applications which you're using in your organizations as a whole, you should try to integrate all those applications with Cloud App Security. 

Once you've started integrating and planning ahead what applications are needed to be monitored first, start integrating those applications and monitoring them. Slowly, integration after integration, all the monitoring will start happening.

Once the integration for those applications has happened, you should go ahead and start implementing what kind of policies you want. If you want activity monitoring policies, then you should start creating those activity monitoring policies. Let's say you want to apply DLP policies for third-party applications. You will need to reach out to those different teams who'll be able to give you better answers as to how to approach the data that is being shared or being uploaded from those applications to any other applications.

Based on that, create those policies in Cloud App Security. The correct and the right approach is to use the network appliances that you have in your organization. Once you have identified that information, you can go ahead and start implementing the Cloud App Security and start integrating those network appliances and those applications with Cloud App Security.

Overall, I would rate the solution at an eight out of ten.

We use it for security alerts for any possible trouble for users. 

In terms of deployment, we have on-prem servers for now for one of the customers. We also have several customers on the Azure cloud.

I like the web GUI/the management interface. I also like the security of Microsoft. As compared to other manufacturers, it's less complex and easy to understand and work with.

There are some features, such as user navigation content filtering, that are disabled by default, and it probably makes sense to enable them by default.

I have been using this solution for about six months. 

It is stable.

It is scalable. We have 100 licenses for one company, and we probably have 1,000 licenses for another company.

I haven't used it yet.

The customer with 100 licenses used Sophos EDR. Microsoft Defender is more manageable. Sophos EDR is not a bad product. It is a complete product, but the Microsoft Defender is better.

It was more or less straightforward. 

It was implemented in-house.

It is a little bit expensive. When you want to have the complete package with Office 365, Defender, and everything else, it is expensive.

My advice would be to try it first and compare it with other solutions.

I would rate it an eight out of ten.

I used to deploy it in the customer's environment and set the requirements. It's used for blocking downloads, for example, and is a security feature for data centers.

The solution is helping a lot. We get a lot of very detailed reporting on security that really shows what users are doing, including what they've opened, what else they're sharing, downloading, viewing, et cetera, as well as when they are logging in. It's a very detailed activity and reporting of my units.

The file policy and activity policy are very useful aspects of the solution.

I can get information, for example, data location, IP address, et cetera. I use it for getting information about what's happening in my environment with certain files. I can see, for example, which user is sharing files externally, and if they're downloading or might be downloading, the documents on their personal device, a corporate device, or if they are sharing any folders with the outside world.

The initial setup is straightforward.

The general usability of the solution is very straightforward.

We've had an issue where an in-session policy was not working. I want them to enhance the in-session policy. It's something I came across while adding the application into MCAS as I wanted to apply some MCAS policies on those applications.

I've been using the solution for about five years now. 

The solution is 99.99% stable.

The solution is extremely scalable. 

I've handled technical support for my customers. 

I've only really worked with this solution. 

The initial setup is straightforward. I already have experience putting the solution into place and therefore I'm pretty adept at setting it up. The implementation simply requires understanding how the customer wants to use it and what they want to monitor. 

It's an ongoing deployment and I've been deploying the solution for almost six years now. 

I basically use authority to integrate all users and exchanges together. We have basically a Microsoft-oriented system.

When I deployed it, I applied it to around 4,000 users. I indirectly did it myself and it took around one month for me to integrate everything and to meet those policies to ensure they were in line and working as to my expectations and that I was getting the expected results that I wanted.

You only need one person to handle the deployment. Maybe two people.

We do not need the assistance of an integrator or consultant. 

I'm not acquainted with the licensing and pricing of the solution. 

I did not evaluate other options previously. 

I don't have a business relationship with Microsoft. I deploy the solution and I am managing MCAS for customers.

If a person has an Office-specific environment and they are looking for a solution, this is a good option. It's a good native application. Even if they were in a different cloud, I'd advise migration to a Microsoft environment. 

I'd rate the solution an eight out of ten.

They were testing Microsoft Defender and performing some checks with Microsoft Defender. On the Microsoft side of the same security cloud app, I believe.

We have a complete portfolio of election solutions. These election solutions, in general, require a high level of security. There are preparations to have within them, such as cloud apps or websites, or even an off-premise or on-premise type of solution. As a result, we must have both types of services and products in order to secure them. For example, we used the Microsoft denial-of-service attack. It's a software subscription service from Asia that you get for a set period of time.

If you are running a live elections operation, you should seriously consider using such a service from them because it is extremely reliable. It essentially protects your entire environment. So you wouldn't be too concerned about someone hacking into your environment or anything because you need to have results that you should be publishing. That is when having a security system becomes extremely important for you. That's on the app side of things, then, on the web, we publish these results. You must also have a system that will never fail due to an attack. That's also one of the things we usually think about when we have an election operation going on.

The most valuable feature of this solution is its monitoring. The monitoring of the application. 

Integration is simple, and you can monitor your applications at the enterprise level. As a result, you can have a holistic view of all applications and their statuses. 

It's very robust and it's very good.

The capabilities are very good. It has a lot of features in it, which is why many people recommend it.

It's not the cheapest. I believe it can be more reasonably priced. 

Sometimes the support is actually lacking. But we are talking about Microsoft.

I have been doing the testing for the past six or eight months.

Because it is a cloud-based solution, I believe that versioning is not a critical factor to consider.

Microsoft Defender for Cloud Apps is a stable product.

Microsoft Defender for Cloud Apps is scalable.

Sometimes you don't get to the appropriate support channel from the start. When you open a ticket, you don't always get what you're looking for right away. We tend to get stuck in loops or go from one support guy to the next until we escalate. That happens quite frequently. I believe that this is one of the areas that should be looked into.

We have an in-house ABAP development team that works on ABT software. I have heard the technical team conducting this evaluation, but I'm not sure which SAP application they're testing.

The price could be better and should be reconsidered.

We're evaluating Microsoft. We're also looking into SAPs, and other options are being considered at the moment.

From what I've seen, it's a good product. We occasionally encounter some, inefficiencies in its performance. But not all of the time, because our country has a lot of internet problems. As a result, the synchronization side tends to disconnect from time to time. So whenever we get disconnected, it causes some problems. You have to have a good connection after all because it is a cloud service, you must have a good internet connection in order to connect to it. We believe it is one of the best on the market. I believe it is a good option for anyone to use. But, once again, there are other players in the mix, which is why we are always doing some benchmarking and continuing with trials for other solutions.

I would rate Microsoft Defender for Cloud Apps an eight out of ten.

It's used for data governance and security. It's a cloud security tool providing very good discovery around whatever is happening in your organization, such as what users are doing on the internet and how data is flowing out of your organization. It is then used to put controls around what information can go out, who downloads what, and how much they can download. It helps put controls around these types of things to create secure collaboration between your organization and its partners, customers, and vendors.

It's a SaaS platform. It's not like hardware or software where you install new updates or new versions. It's controlled by Microsoft in the backend.

They have made built-in templates. If you integrate your AWS account with Microsoft MCAS, using the predefined templates it will scan all the functionalities that are available or accessible after the integration. It will then provide security posture recommendations around issues such as how many buckets you have publicly available, what data is not encrypted, what is publicly available and insecure, and which devices are not backed up. It helps you to understand your security posture and to enhance it.

And when it comes to secure collaboration, if you have information that you have already restricted and you don't want it to be shared outside of your organization, with the help of MCAS session policies you can put controls around it. It's integrated with storage solutions and you can put the controls around things using labels such "classified," "restricted," or "confidential."

Another scenario where MCAS is helpful is when people are leaving your organization soon. It can happen that they hide and start downloading certain documents and files. MCAS can help identify mass downloads or mass uploads and what the user is doing. That kind of detailed analysis is available to senior management or the security team so that they can take whatever steps are necessary.

There are a lot of features with benefits, including

• discovery 
• investigation
• putting controls around things.

You can't say that you like the investigation part but not the discovery. Everything is correlated; that's how the tool works. Once the discovery of everything you feed into it is done, it gives you a nice dashboard. You can then plan what needs to be controlled and governed, and what should not be accessible in your environment.

It's quite well integrated with all Microsoft services, like Information Protection, Azure Portal, and Azure IoT, among other things. There are also integrations with AWS and Salesforce.

Although they are already doing it, I would like to see more integration with market leaders like Slack.

Another area that can be improved is to provide more reporting functionality. Currently, reporting is not very straightforward and it needs to be enhanced. Specific reports are not included and you need to run a query, drill down, and then export it and share it. I would love to have reports with more fine-tuning or granularity, and more predefined reports.

We have been using Microsoft Cloud App Security for at least the last two and a half years. We are a Microsoft partner. We do everything for their products, from design to implementation.

It's stable. It's more stable than other Microsoft services. In my two and a half years of experience with MCAS, there have only been two times that it went down and was not accessible to us. The services, policies, and controls were there. It was just that we were not able to access them. 

Whatever Microsoft has committed to in terms of stability, "99 point something," is pretty much true.

It's a SaaS solution so the scalability depends purely on the organization: How many applications do they want to integrate with it and do they have the corporate licenses? MCAS itself is scalable. You don't need to deal with servers, or RAM, or finding a new data center. Scaling it is purely up to you and depends on how much data you want to feed it and on the use cases you want to use it for.

I use Microsoft tech support at the highest levels. The experience with their tech support, as a partner, purely depends on what kind of contract you have and what kind of a relationship you have. If you have a very good relationship, you get responses when you need them. But when you talk about bugs or you are asking for a feature, you have to wait for their product life cycle. Overall, their support is good. Not average, but not excellent.

Neutral

The initial setup of Cloud App Security is quite straightforward. It's not complex. Microsoft's documentation around it is absolutely great. It guides you through the settings you need to configure and whatever apps you need to integrate. There is no difficulty in getting it up and running. It is more seamless than any other solution. It is even easier to run on Windows machines because the documentation is very good. They have very clearly described what needs to be done.

Once you have all the requirements, like your user account and license, a person can configure it in a day because it's a SaaS solution. But the time it will take depends on the fine-tuning, and that is determined by why you are using MCAS. That's the important part. If you're looking at user behavior, or if you're looking at data, or if you're looking at infrastructure security posture, each of these will affect the time it takes. If it's just for shadow IT, it will take one or two days to configure. If you're integrating it with AWS to help with your security posture, it will take three or four days.

One engineer who has prior experience is more than enough, but having two guys for setup might be better.

Day-to-day maintenance, again, depends on how you are going to utilize it. If you already have a SOC running with four or five people in it and your environment is small to medium in size, five people can use this tool and get value out of it. If you are talking about an organization like Walmart or Microsoft or a multinational company that has users across regions, you will need more people to support it. MCAS is a tool. It will have the data, but you will need to use it.

I'm not involved with the cost side of the solution so I don't know how much has been invested in MCAS. But where it's adding value is around the controls. I'm sure there are savings in that regard.

I have not implemented any other solutions, but I looked into Zscaler cloud security. Because Zscaler is an independent company, it doesn't have that many solutions with Microsoft. A cloud app security solution should have native products as well as integration with many other products. On that point, Microsoft is way ahead. For example, 80 percent of the world is using Office 365 for email services and 60 percent are using SharePoint for information sharing. Because these tools are Windows products, the controls become easy to implement.

My advice is to use it to its fullest capabilities. It has a lot of features and it is being enhanced daily. It's a full engine that you can use to discover all your assets in the cloud, whether they are on a public cloud or a private cloud. Every month or every quarter, look at what's new and how you can leverage it. You're already paying for those enhancements so use them, fine-tune them, and optimize them. The tool has a lot of capabilities. A lot of people only utilize it for information protection or tracking user activity or for their cloud-based security posture. Use it all. There's a lot in it.

MCAS is not a tool that interacts with end-users because there is no client. They don't know that MCAS is in the picture, so it doesn't impact the end-user.

The biggest lesson I would take from the use of Microsoft Cloud App Security is that you are being monitored. Do not use your professional device for personal use because there are more eyes and controls around.

In addition, the way you use MCAS is that you discover and then you put the controls in place to govern things. That's how any other security tool works. You first put it in learning mode to see what will happen. For example, If I put in this or that control, how much will it impact my end-users? In those terms, MCAS has been really nice.

If you have a lot in the Microsoft environment or AWS or Google Cloud, it's going to help you a lot.