Microsoft Defender for Cloud Reviews

I am working in a security domain where Azure Security Center is playing a key role. We are primarily using Azure Security Center to secure our infrastructure. We are also able to use Azure Security Center for many other purposes.

In terms of deployment, we have a hybrid cloud. It is a combination of both on-prem and cloud. Azure Security Center is deployed on-prem, and then there are OMS agents that are provided by Microsoft that can be installed at any location, such as on-prem or on the cloud. These agents collect Windows and Linux logs from the machines on various clouds for Azure Security Center, which is something interesting for me.

It has improved our security posture a lot. The Azure Security Center provides a score that shows where is your organization at the moment in terms of security. After some time, you can see how much you have improved and where you can improve your score. We are getting this kind of advice from Azure Security Center.

It has definitely affected our end-user experience. With the help of this tool, we can investigate more security incidents in a very good manner. It has also enriched my career and improved me as a professional in terms of understanding various features and security incidents. 

Before implementing Azure Security Center, we had so many issues with our infrastructure in terms of security monitoring. With the implementation of Azure Security Center, we have resolved many issues. One of the issues that we have resolved is that we are now able to do security monitoring of the complete infrastructure. It not only supports cloud security monitoring; it also supports on-prem security monitoring. It has an OMS agent that can be installed on on-prem Windows servers, Linux, or other platforms for collecting logs. These agents can also be used on other cloud platforms, such as AWS, GCP, or Google Cloud. 

The security alerts and correlated alerts are most valuable. It correlates the logs and gives us correlated alerts, which can be fed into any security information and event management (SIEM) tool. It is an analyzed correlation tool for monitoring security. It gives us alerts when there is any kind of unauthorized access, or when there is any malfunctioning in multifactor authentication (MFA). If our Azure is connected with Azure Security Center, we get to know what types of authentication are happening in our infra. 

It has so many security monitoring features, such as compromised accounts. For example, if I'm working for abc.com company, and I'm using the same company email address for registering to another hotel or some other place where it gets hacked or something goes wrong, they will alert us. If my credentials are dumped somewhere on the dark web, they trigger an alert stating that you should go and reset your credentials. There are many more interesting alerts, and such features are pretty awesome in terms of security monitoring. In terms of security, it gives a very good overview of our estate. It also has many features from the cloud administration side.

Agent features need to be improved. They support agents through Azure Arc or Workbench. Sometimes, we are not able to get correct signals from the machines on which we have installed these agents. We are not able to see how many are currently reporting to Azure Security Center, and how many are currently not reporting. For example, we have 1,000 machines, and we have enrolled 1,000 OMS agents on these machines to collect the log. When I look at the status, even though at some places, it shows that it is connected, but when I actually go and check, I'm not getting any alerts from those. There are some discrepancies on the agent, and the agent features are not up to the mark.

Sometimes, we are getting backdated logs, and there could be more correlation.

So far, its stability is good. I don't see any issues with the stability part.

In terms of new features, we are able to scale up to our requirements. New features get added immediately. So far, I don't see any issues in our environment.

Our company is an MNC, and there are around 180,000 endpoints that we are protecting or monitoring with this solution. Currently, its adoption is around 70%. We cannot achieve 100% coverage because of some of the legacy products. There are legacy servers, and then there are some people who are working in customer environments where they are not utilizing our laptops. We still need to cover 20% more.

Their support during the implementation was awesome. They provided very good support. After the implementation, they scheduled weekly calls to check with us if everything is going well. They helped us with troubleshooting and more understanding. If there are any product improvements, they have been announcing them over the course.

I was not involved in its implementation, but it was a pretty straightforward process. 

There is a separate cloud team for implementation. We just review whatever they have implemented from the security perspective. We review whether they have implemented it correctly or whether we are getting correct alerts. 

Our admin team had one week of training, and they implemented it with the help of Microsoft. Our environment is a bit complex, but we did it.

We have absolutely got a return on the investment. Our company is a managed security service provider (MSSP). When we get more projects, we mention the products that we are currently using to secure our environment. We also do a proof of concept (PoC) or a demo about how we installed such products in our environment and how secure we are. There are so many security scoring systems, and they give the score. Our score is on the highest side, which is useful for providing a security service to our client or customer. We have implemented Azure Security Center at many places for our customers.

I am not involved in this area. However, I believe its price is okay because even small customers are using Azure Security Center. I don't think it is very expensive.

For cloud security posture, Azure Security Center is a good product. It is different from a Security Information and Event Management (SIEM) tool. We are also using a SIEM tool. Microsoft has a SIEM tool called Sentinel, and there are many SIEM tools out there in the market such as Splunk, QRadar, and ArcSight. Azure Security Center is not a replacement for Sentinel. It gives the complete posture of your cloud. It was started with the purpose of finding any anomalies and malfunctioning for Azure AD, which is related to login and logout of employees, but then they elaborated it a bit more.

I would rate Azure Security Center a nine out of 10.

We use Azure Security Center in our own company, and we have also deployed it for one of our clients. Our biggest use case is the enforcement of regulatory compliance on our cloud.

Security Center has helped us really well in terms of regulatory compliance enforcement on our cloud. We were able to deploy the inbuilt policies, and we were also able to build our own initiatives and policies. There were certain things that we wanted to check to see if our VMs were compliant. We also wanted to ensure that our storage and databases are compliant, and Security Center helped us in doing that.

This product has features that have helped us improve our security posture because we have a large estate of servers or VMs in Azure, and with Security Center, we were able to find out that a lot of our VMs were not compliant. This would have caused us a lot of trouble if there was an audit in the near future. The issues that it flagged for us gave us the opportunity to fix the problems, which was really helpful. Essentially, it was a preventative measure that allowed us to identify and rectify issues before they got out of hand.

One way that this solution has helped to improve our organization is that we have a better view of the entire security status, including how compliant our systems are and whether there are any open issues that need our attention. There are also reports that we generate periodically, so everyone is aware of the overall status of the environment.

When we started out, our secure score was pretty low. We adopted some of the recommendations that Security Center set out and we were able to make good progress on improving it. It had been in the low thirties and is now in the upper eighties.

Our overall security posture has been enhanced. A lot of the time, our cloud is accessed by people in the organization and they keep spinning up virtual machines, creating resources. Often, there are ports that open or there are certain security issues that are not handled. Because there are so many people and so many new resources coming up, it is difficult to track all of them. With the help from Security Center, we are able to see exactly what has come up.

If there are new issues that arise, which could happen if someone has not followed the proper protocol before bringing up a VM or another network resource, we can see this because we have a better local view of exactly what is there in the environment. So in that regard, we can say that it has helped us improve our security posture.

Using this product does not affect the end-user in any major way. Its usage is mostly relevant to the backend, and of interest to administrators.

The most valuable features are regulatory compliance and security alerts. The security score is very helpful, as well. Together, these let us know the state of each subscription and whether there are any actions that we need to take. This functionality is pretty helpful in audits.

We would like to have better transparency as to how the security score is calculated because as it is now, it is difficult to understand. We showed it to a couple of our clients, and they had trouble understanding it and an explanation or breakdown is not readily available. The score includes different weightage for certain controls. For example, if there is a "Control A" and it has a weight of 10 then it would affect the score more than "Control B", which has a weight of five. Being able to see the weights that are assigned to each control would be an improvement.

We have been using Azure Security Center for between eight and nine months.

This is a pretty stable solution and we haven't run into any issues as of yet.

I don't think there should be problems with scalability. It supports more than a hundred subscriptions, with multiple thousands of resources. I expect that we will be fine in that regard.

There are between 10 to 15 users that are currently using the security center. We have only two to three administrators and the rest of them have a highly localized role. Some of them are working on the policies, whereas others take care of compliance issues. They try to remedy issues and also try to improve our security score.

Our client has data centers that are divided into various regions and various business units. They are onboarding new business owners every couple of months, so it is in the process of expansion. They want all of their business units to be onboarded.

I have not had the chance to speak with technical support from Microsoft but from what I have heard from my colleagues, they are pretty responsive and give you good information with respect to fixing issues.

We had another tool, Morpheus, which was a multi-cloud manager. We did some work on it but because it wasn't native to Azure, we didn't go any further with it.

The initial setup is pretty straightforward. We just had to enable it for our subscriptions.

Deployment does not take a long time. The maximum is 24 hours if you have a lot of subscriptions but otherwise, it's pretty quick.

We have several subscriptions so we initially started by deploying some for testing. When we were sure that we knew how to go about it, we deployed the remaining ones.

We completed the deployment in-house and two people were required.

There are two other people in charge of maintenance.

The cost of the license is based on the subscriptions that you have.

As we were on Azure, we didn't look to other vendors for similar solutions.

We use between 80% and 90% of the functionality within the solution. We don't use workbooks as of now but otherwise, we use pretty much everything.

There are a few options that are included but not enabled out of the box. One example of this is Azure Defender.

Maintenance-wise, one thing that we do is keep up to date on policies and compliance. Microsoft provides a lot of out-of-the-box compliance initiatives, and sometimes they can go out of date and are replaced. We have to make sure that the new ones are correctly enabled and that the older ones are no longer active. Essentially, we want to disregard the old policies and ensure that the new ones are enforced.

The biggest lesson that I have learned is to keep an eye on your resource usage in Azure, because if it's a large environment with a lot of users then you might not know who opens the door to the outside. Using Security Center lets you keep track of what's going on in your environment.

I would rate this solution an eight out of ten.

I am from a Citrix background and in our organization, we implement solutions and provide them to end-users. In our past couple of deployments, we have been using hybrid cloud scenarios where the complete workload is on the Azure platform and the management is done on the Citrix cloud.

The workloads include tasks for Windows 7, Windows 8, and Windows 10 devices, and they are all running on Azure. We have to make sure that they are compliant with our organization's security standards, which is why we are using the Azure Security Center.

We integrate each workload with the Azure Security Center, where we can use things like Azure Defender and use the Azure Log Analytics Workspace.

Our environment is completely virtual. We have a virtual desktop infrastructure, like a Desktop as a Service.

Azure Security Center has helped to improve our security posture. Before we implemented it, we used to have to install the agent manually for each and every workload. For example, if I have 40 machines in my environment, I have to go to all of them and install the agent. This manual process not only required a lot of human effort but created more opportunities for error. By using the Azure Security Center, I can integrate it just by selecting the subscription. It will take care of everything.

This solution has improved our end-user experience in cases, for example, where Microsoft Defender is not implemented, Azure Defender can be integrated. When an end-user runs an EXE file or any malicious activities are running on the device, Azure Security Center will capture them and send an alert to the administrator.

The most valuable features related to my involvement are Azure Defender and enabling log analytics on the workloads. This helps to integrate the workload suite with the analytics repository. For example, if I want to capture any logs from a Windows 10 workload, then this allows me to do so.

The Log Analytics Workspace acts as a repository where it captures all of the data from Windows 10 and Windows 8 workloads. In order to implement it, an agent needs to be installed. With Azure Security Center, we can configure a policy that accounts for different subscription levels. It automatically installs the agent and begins capturing data.

This product provides us with many features including auto-provisioning of dependency agents for Azure Log Analytics, as well as for Azure Defender.

We can create alerts that trigger if there is any malicious activity happening in the workflow and these alerts can be retrieved using the query language.

Azure Security Center takes a long time to update, compared to the on-premises version of Microsoft Defender. It has most of the features for monitoring end-user machines for security updates or malicious activity but, for example, the latest DAT files are slow to arrive compared to Microsoft Defender.

I would rate the stability a four out of five. Once we enable it, the Azure Security Center will push security updates to all of the end-user machines and start capturing the logs. It helps in many ways.

There is no limitation to the scalability. For example, if I have 10 subscriptions in my Azure environment, it is my choice if I have to use five in production and five for non-production. If I require more, I can upgrade it as needed. It's very flexible.

The people who work with this product hands-on are our administrators. Apart from them, nobody has the access required to make changes.

If we face any issue with Azure Security Center, where we are unable to solve it ourselves, we raise a support ticket with Microsoft directly. We describe the issue and they will come back to us with support.

Usually, we are happy with the support that we receive.

Prior to this product, we worked on a solution from McAfee. However, it was a legacy application and when it came time to upgrade, we opted to use one from Azure because we were using Azure already.

In the case of an on-premises workload, we instead use a SQUAM solution by Microsoft.

The initial setup is a straightforward process. We just need to go into the security center and select the substrates. The deployment takes less than one hour to complete.

In terms of an implementation strategy, we simply follow the Microsoft documentation.

There is a helpful cost-reducing option that allows you to integrate production subscriptions with non-production subscriptions. 

My advice for anyone who is considering Azure Security Center is that it has similar features to the on-premises Microsoft Defender, as well as other software security tools. If you are already using an Azure environment then I recommend implementing Azure Security Center versus having security solutions from different vendors.

I would rate this solution a seven out of ten.

This solution replaces, in many ways, the on-premises operations manager that used to be part of the System Center.

The most valuable feature of this solution is the support for a multi-cloud environment.

The policy-related features are good. For example, there is a compliance policy that is related to PCI and another related to NIST.

The support for dynamic networking is good.

Alerting and incident management are valuable features.

The integration with Logic Apps allows for automated responses to incidents. It is also integrated with Microsoft Defender.

They added new functionality into the pretty long list of features and it is constantly being updated. 

There is no perfect product in the world and there are always features that can be added. Innovation is something that is always on the table.

I have been working with Azure Security Center for more than four years.

This product is much more stable than anything else. The SLA has four nines of stability and it is impossible to compare it with anything that is on-premises. Cloud systems are much more stable.

Scalability is not something that we talk about because this product only exists in the cloud. We talk about it in terms of regions. There are approximately 50 zones across the globe, where for example, Canada has three zones that are split into Central, East, and West.

This is an example of Software as a Service, so scalability is out of the question.

If you need tech support, you need to go to the support site, find the proper program, and subscribe to it. Only basic support is included. If you need premium support or if you need a developer, the support is available, you just need to go to the site and find it.

It is extremely easy to subscribe, and extremely easy to understand. It depends on your requirements and on exactly what you need but a description of every program is readily available.

If you have questions, go to the FAQ, and on the same page, you will have access to the documentation. The documentation is crystal clear. It's very practical and actionable. It explains in simple phrases, or words, what the action is, what the purpose is, and what the benefit or value of it is. 

There is no need to find anything else. You start from the price calculator, and then click and get more information, and from the same page, you find what you need. 

You don't need to do anything else.

With respect to implementation, you just switch it on.

If you need to deploy something else then there are step-by-step instructions available. Setup and deployment will be easy for those who have experience working with this type of solution.

For those not used to this type of operation or not working in this area, it is absolutely possible to talk to their partners, such as the one that I work for, and they will help you.

If you hire the consulting service from a partner then they will help you to plan and design, including performing a capacity review to see what is required and what services need to be integrated. You will identify needs such as an on-premises data center versus using a third-party cloud.

This is a worldwide service and depending on the country, there will be different prices. 

There is a price calculator for Azure Services. You select the service that you are interested in, and the basic or the standard is there immediately, which has support options. Different levels of support are available for different prices. A subscription is part of the Azure Service. You will need to find what type of service you need.

If you need to negotiate the price, based on the enterprise agreement or per commitment, the price schema is available. You just need to speak with a partner.

You can also pay with your credit card, but you will need to read the documentation online.

In summary, if you would like to work with a product that addresses security in the cloud, or in a multi-cloud environment then this is exactly the product. There is no need to implement anything else.

There are multiple things that are absolutely nice about this product. That said, there is no such thing as a perfect product.

I would rate Azure Security Center a nine out of ten.

We are consultants and we have customers using Azure Defender for the protection of their businesses. Many of our customers are in the financial industry.

The most valuable features are ransomware protection and access controls. The solution has helped us secure some folders on our systems from unauthorized modifications. 

This solution has been very useful for securing core funds and preventing them from being hijacked by any application or spyware for our banking customers. People can be susceptible to scams easily because they are not aware of the current threat trends. We are able to scan for threats which have helped us limit the risks in the future.

The solution could improve by being more intuitive and easier to use requiring less technical knowledge.

In a future release, the solution could improve by providing more automation and clarity in the autoanalysis. When we provide our customers with a Microsoft solution for security, Microsoft has to go beyond the basic expectations to impress the customers.

I have been using Azure Defender for approximately one year.

The solution is very stable.

Azure Defender is scalable. We have not found any issue.

The technical support has been responsive. However, we need to be connected to the right level of support. For example, if you are a customer or if you purchased this solution as part of a certification, your level of satisfaction for support will depend on the provider you purchased it from. Microsoft will not be the one doing support for you. If you do not have premier support with Microsoft, as a cloud provider, you will have to support your customers when they are in need. Without Microsoft's premier support you only have break-fix support and if there is a major issue you will not have the help to understand what is happening, or how to prevent it from happening in the future.

The implementation can be difficult if there is not any prior training. There is a lot of elements that have to be understood.

We have an advisor that provides us with information to help us control and configure the solution. Additionally, they have assisted us with automation.

The price of the solution is good for the features we receive and there is an additional cost for Microsoft premier support. However, some of my potential customers have found it to be expensive and have gone on to choose another solution. Additionally, if the customer does not take the full package from Azure Defender it makes it difficult for us to manage the solution for them.

I rate Azure Defender an eight out of ten.

The most valuable features of this solution are the vulnerability assessments and the glossary of compliance.

As an analyst, there is no way to configure or create a playbook to automate the process of flagging suspicious domains. Azure Defender does not have this capability and that is one of the features that is very crucial. 

When we receive an alert on suspicious domains, we have to do it manually. We go to VirusTotal, or AlienVault to confirm. It would be useful to have it done automatically.

I have been using Azure Defender for three months.

We are using the latest version.

It's a stable solution. We have not had any issues.

We have not paid for Azure technical support. We have not contacted technical support.

We have not worked with any other solution.

The initial setup was straightforward. It was easy, very easy.

Azure Defender is a bit pricey. The price could be lower.

We are also researching Darktrace. We wanted to see the capabilities that it offers. 

Azure Defender and Azure Resource Manager are all a part of Microsoft Azure. We use all of them.

This solution has the best security center, security manager dashboard that I have ever seen. I would recommend using this solution. It has everything in one place, and it's easy to configure and easy to deploy.

I would rate Azure Defender an eight out of ten.

Our primary use case of this solution is to monitor infrastructure. I'm a senior security architect and we are customers of Azure Security Center. 

The most valuable feature for me are the compliance policies.

I think that the documentation and implementation guides could be improved. It would make the implementation process easier.

I've been using this solution for a couple of years. 

This solution is stable. 

The solution is scalable, we have a couple of hundred people using it. 

The technical support is fine. 

The initial setup was reasonably straightforward. Implementation took a couple of months and was carried out internally. It required four or five staff, including engineers, managers and admins.

The licensing costs are included and wrapped up in a suite of other products that we are also using. 

I would recommend this product. 

I would rate this solution an eight out of 10. 

We have been using Azure Security Center for one year. 

I don't know what the issue is but when we do the agent deployment, sometimes it works, and sometimes it fails and we need to go inside the virtual machine and manually install the agent. That's been a bug that we've experienced. 

There are 5000 users.

I do the maintenance. We have 35 engineers who use it. 

Their support is good.

The initial setup is not actually so complex but it feels complex because there are many add-ons. There are many options and my team needs to be aware of all of these changes happening on the backend which is a distraction. 

I would rate Security Center an eight out of ten. Not a ten because of the bugs that we have experienced and because of the cost. 

It's quite a good product. It helps to understand the infections and issues you are facing.