Microsoft Defender for Cloud Reviews

We use Microsoft Defender for Cloud primarily for security reasons, particularly focusing on cyber threats. It is utilized in the manufacturing industry.

The most valuable features of Microsoft Defender for Cloud include vulnerability management and threat intelligence. Additionally, security recommendations and attack surface reduction (ASR) rules are significant. ASR rules play a crucial role in attack surface reduction, where they ensure that asset devices are well-protected and streamlined for enhanced security.

There needs to be improvement in the security recommendations, particularly in attack path mapping. Sometimes, it misleads users about the real exposure of external-facing assets. It would be beneficial to streamline recommendations to avoid unnecessary alerts and to refine the severity of alerts based on specific environments or environmental attributes.

I have been using the solution for three years.

I have not experienced any difficulties or issues with the stability of Microsoft Defender for Cloud.

I would rate the scalability of Microsoft Defender for Cloud between eight and nine out of ten for our company.

I would rate Microsoft's technical support around seven to eight out of ten. They are supportive but sometimes slow, especially regarding new feature additions and managing their backlog.

Positive

I have not evaluated other solutions in this company before using Microsoft Defender for Cloud.

The setup is generally easy, particularly for Windows native operating systems. On a scale of one to ten, I would rate the setup an eight for Windows and a seven to eight for Linux devices.

Initially, the cost was reasonable, but additional services from Microsoft sometimes incur extra expenses that seem higher than expected.

Microsoft Defender for Cloud is compatible with the Microsoft ecosystem and provides decent integration with third-party tools. Overall, I would rate the solution an eight out of ten for its effectiveness and support.

Other

Defender for Cloud is a unified platform. Within that, you have Defender for virtual machines, Defender for Servers, Defender for App Services, and Defender for Containers. It is a centralized solution, which you can leverage to bring your security practices in place so centralized security auditing can be done. 

You can use it for approximately 90% to 95% of Azure workloads for infrastructure, platform as a service, or database as a service. You can use it for all these.

I am working for a service-based company. We provide Azure Cloud Services. We are a Gold-Certified partner from Microsoft in the GCC region. We are the only ones for whom Microsoft hands over their business. 

We mostly use it for public cloud, but it can also be used with hybrid cloud and on-premises. We also use private clouds with government entities.

We have had many customers where we deployed this solution. They are secured and guarded by this solution, so they are happy now.

It can be done as a multi-regional deployment.

It can be used to secure GCP, AWS, and your on-premise infrastructure. You need a security solution like Defender to secure any type of workload. Your workload may consist of infrastructure, platform, database, or anything in between those. Obviously, you want it to be secure from day one. When you start from anything on the cloud, you want it secured right away. If it is not secured, then you are at risk of a data breach. There are many security issues, which is why it is important to secure your application infrastructure from day one. This is 100% important.

Most customers have an on-premises ITSM solution. If they want P1 or P2 tickets to be initiated, then within Defender for Cloud, it will trigger the ticket or invoke the ITSM solution. Also, they can use SMS- or email-based ticketing. If they don't have anything, then they can utilize the dashboard provided by Defender for Cloud and get everything from one place.

If you don't have this solution then you will be analyzing things with some sort of algorithm or writing some code, then your team will be monitoring emails or some kind of logs every day. When you have commissioned Defender, you have these things visible already on your dashboard. This gives the efficiency to the people to do their actual work rather than bothering about the email, sorting out the email, or looking at it through an ITSM solution, whey they have to look at the description and use cases. Efficiency increases with this optimized, ready-made solution since you don't need to invest in something externally. You can start using the dashboard and auditing capability provided from day one. Thus, you have fewer costs with a more optimized, easier-to-use solution, providing operational efficiency for your team.

Within a SOC team, you monitor tickets and emails, but you cannot automate them unless your company bought some solutions. In the case of Defender, a solution is already provided. You just need to extend it per your needs.

All of the features are valuable. When you are designing a solution, you are designing not only the infrastructure but designing the application solution and database. On top of that, you are designing the connectivity solution. Defender takes care of all kinds of security, starting from infrastructure to platform to database. All of them are useful, depending on the workload of different clients. 

I work at a service-based company. We use this for almost all our customers. Usually, it will be on your infrastructure, which is a virtual machine and needs an antivirus solution. Then, if you have a platform as a service, you would need OWASP 10 security. All of these are given.

When you commission Defender for Cloud, it provides a portal. The portal has auditing and tracing capabilities. If you want to secure your virtual machines, then you can enable the RDP port by default, if you don't have a security solution. Now, when you are using Defender for Cloud, you can access the machine on an ad-hoc basis through Defender for Server, where you are securing your application. Then, even if someone gets into your account, they still cannot enable RDP. 

The portal provides you with auditing and logging capabilities. Along with that, there is a machine learning algorithm. You can even have your own workbook, where you can write in Python, then you can bring it into Defender for Cloud where you can do the injection, verification, and blocking of IPs. 

It offers a ready-made solution. In addition, you can enable a customized workbook, which will secure your application. Therefore, you are provided a portal, customer facility, and in-built security from day one and can start using it.

Microsoft works day in, and day out to look for new vulnerabilities happening in the market, which cannot be resolved with human intervention. Every day, they keep searching for vulnerability signatures in the market, then adding those. They automatically get built into Defender for Cloud. For example, there are some vulnerabilities that have been going around. If you are on-premises, then you need to download the signatures out there, then your antivirus software should be capable enough to identify them. With the Microsoft platform, the signature is already provided from Microsoft, i.e., Datastore. This is by default enabled as soon as Microsoft figures it out. This is the first thing that it provides.

The solution could extend its capabilities to other cloud providers. Right now, if you want to monitor a virtual machine on another cloud, you can do that. However, this cannot be done with other cloud platform services. I hope once that is available then Defender for Cloud will be a unified solution for all cloud platform services.

I have been using it for more than three years.

The maintenance part is taken care of by Microsoft. The platform's responsibility lies with Microsoft, not with the customer.

Stability-wise, it is stable.

it can be extended to multiple regions as well as to on-premises.

When upgrading the solution, by default, no technical support is required. If it is required, it will then depend on your SLA, i.e., what kind of agreement you have. You may have an eContract, CSP, open agreement, or a normal one by default. Microsoft uses that SLA to deliver the solution at a particular time. 

I would rate the technical support as 6.5 out of 10. In general, you don't need to reach out to Microsoft's support.

Neutral

Before Defender for Cloud, the solution was on-premises or some kind of third-party managed solution that we bought from the Azure portal. This integration had issues because you needed to go through the VPN tunnel, look for your solution, raise a ticket, and then have your teams look at the logs and ticket. If you had some networking issues or a major security issue, your ticket would not be raised.

There have been a couple of customers who start on their own with their own tenants. Then, at a certain time, they figure out that something wrong has happened, e.g., a hacking issue or a security breach. They then come to us through Microsoft because their security appliances and security practices are not proper, asking us, "Can you please help us to secure them?" 

The first step is to start securing their virtual machine. So, you enable Defender for Cloud. From the first instance, all their workloads are automatically added and enabled by default. So, if a customer is not secured enough when they go for Defender for Cloud, then it will automatically enable all kinds of security practices for them. Anyone can enable it. You can have Defender as the front face security for your cloud. Because of this, all our clients are secure.

This is a cloud service. It is provided as a platform as a service. So, it is not infrastructure or something which you deploy. No configuration is required by default.

Azure Sentinel is a SIEM solution. Within the SIEM solution, you get logs. On top of that, you receive some kind of tracing. You then have your runbook. So, the integration is very easy. It is just click, click, and click. You can integrate it within five seconds. Azure Sentinel also takes care of Defender. This means that when you go into Azure Sentinel, you say, "I want Azure Sentinel to have whatever logs you have in Defender." Whatever workload is secure, you want to have the auditing part of that in Azure Sentinel, then you want to trigger or invoke something. Therefore, it just takes five to 10 seconds with three clicks, then it is enabled for you.

The external integration component has been provided. You have a ready-made appliance where you download the appliance and install it onto that particular machine, then it will start monitoring your virtual machine. This is easier on the Azure side to integrate. With on-premises, you need to download something called Agent. You download and execute that, then everything is connected. You just provide the security token already shown on your portal, then you integrate.

We have seen a 50% reduction in costs.

It is a ready-made solution that you just start using from the day one until whenever you want to use it, paying as you go. Or, you can do either a one-year or three-year RI.

Pricing depends on your workload size, but it is very cheap. If you're talking about virtual machines, it is $5 or something for each machine, which is minimal. If you go for some agent-based solution for every virtual machine, then you need to pay the same thing or more than that. For an on-premises solution like this, we were paying around $30 to $50 based on size. With Defender, Microsoft doesn't bother about the size. You pay based on the number of machines. So, if you have 10 virtual machines, and 10 virtual machines are being monitored, you are paying based on that rather than the size of the virtual machine. Thus, you are paying for the number of units rather than paying for the size of your units.

In case you want your own signatures in-built, you have the workbook where you can enable it to couple with your Defender solution. It will start analyzing your specific algorithm or signature. If there is data specific to your organization or your developer knows something that no one else knows, and you want to restrict that. So, you have a free hand to customize it and a standard way is already provided. Every day, you will get a security update by default. You don't need to bother doing it manually. This has already been given to you free of cost. There are no costs other than the Microsoft workload itself.

If you have the solution with Microsoft Azure, then you will not need to look at other products. For on-premises, we were also using F5.

When you are designing the solution, you should activate the solution from day one.

I would rate this solution as 8.5 out of 10.

Public Cloud

Microsoft Azure

We use Microsoft Defender for Cloud primarily as antivirus software. It covers a wide range of use cases, including scanning for threats and malware on servers and checking for alerts. It is integrated with our endpoints, allowing us to track everything in one seamless place.

Defender for Cloud has improved our security posture. We've trained on it, and it's becoming more helpful each time we use it. Viewing all the alerts in a single pane of glass is very handy.

Defender for Cloud is an improvement over Trend Micro, our previous solution. We like integrating our endpoints and visualizing everything in one place. It provides comprehensive coverage for endpoints, servers, and overall environmental security. 

Additionally, we appreciate its capacity to offer alerts and a prioritized list of mediations. It's integrated with our other solutions, including our DLP protections. That helps us protect our HIPAA and PII data. 

However, some Copilot features aren't available in the GCP environment. This is something we hope will be addressed in the future.

I have been using Microsoft Defender for Cloud for about three months since we moved to an E5 license that included this solution.

Defender's stability has been impressive. We have not faced real downtime, but we experienced some hiccups that lasted a few minutes.

Defender's scalability has been pretty good. We are not using many cloud resources for servers, but otherwise, it has been excellent for scalability.

I rate Microsoft support nine out of 10. There have been some issues here and there, but overall, the experience has been good.

Positive

We used various solutions before, including Trend Micro and GroupWise. We switched to Microsoft Defender for Cloud primarily due to cost efficiency. It was cheaper for us to make the switch than to continue with our previous solutions.

Setting up Defender was a bit of a challenge, but after that, everything went smoothly.

We used a company called Novakos for the migration. They provided all the services we needed and got everything set up effectively.

I am not able to comment on the return on investment, as I do not handle the financial aspects. However, I assume the organization is seeing positive results.

The decrease in costs from switching allowed the organization to allocate resources elsewhere.

I rate Defender for Cloud nine out of 10.

Hybrid Cloud

Other

As a consultant, I implement Microsoft Defender for Cloud for different customers with various use cases. The primary goal is to enhance security for cloud usage in many different ways.

Microsoft Defender for Cloud provides a prioritized list of remediation for security issues. We implemented routines to go through all the recommendations on a weekly basis because there are new recommendations all the time. It has definitely made it easier to stay on top of things.

Microsoft Defender for Cloud has definitely improved the security posture. There is at least a 50% improvement.

The coordinated detection and response across our devices, identities, apps, email, data, and cloud workloads is very good. The implementation of Copilot for security brings it to a whole different level where you can use normal language to ask things.

The most valuable feature is the recommendations provided on how to improve security. It has made the cloud environment more secure, thanks to all the recommendations we can get. They often come with step-by-step instructions, making it easy to implement the suggestions. This greatly increases the security of the cloud environment.

It seems to be very comprehensive in terms of the range of workloads. I have not found anything that is missing. It covers pretty much all the common scenarios.

With the new Copilot functionality available everywhere, it is challenging to pinpoint areas for improvement. If I put in a lot of thought, I might identify things, but right now, nothing significant pops into my mind, but there is always room for more transparency, especially in pricing.

I have been using Microsoft Defender for Cloud for a few years, probably two or three years.

Microsoft Defender for Cloud is very stable. I have never experienced any downtime.

The solution seems scalable. You can use most of these cloud platforms as you need. If you need more of it, you can do that. I appreciate the flexibility of the usage.

Being a Microsoft partner company, we have direct lines into Microsoft. Although Microsoft is a large organization, once you work with something for a while, you know where to go. It is a big company, and all big companies might have problems with communication at times.

Positive

I did not use a different solution before Microsoft Defender for Cloud. 

The initial setup is easy. It is straightforward and well-documented. If you need more information, there is always good information on Microsoft's documentation website.

In terms of the implementation strategy, you need to do some research beforehand. Once you have done that, you know what you want to protect and at what level. After you start using it, you get the recommendations, and then you just follow them. It is quite easy.

I am the consultant who manages the initial deployment.

The biggest return on investment is the rapid improvement of security posture. It takes time to find all these small things and recommendations on my own. The system's ability to provide prioritized lists of issues saves a lot of time, allowing me to focus on other tasks.

Understanding the costs of cloud services can be complicated at first. As with a lot of things in the cloud, it can be quite hard to understand the end cost, but it becomes clearer over time. Early on, the lack of transparency is a challenge. Microsoft does not tell you the cost when they launch something. It is clever marketing, and there is room for improvement there. There should be clarity from the start.

We did not evaluate other solutions before deploying Microsoft Defender for Cloud. We are quite heavily invested in Microsoft's ecosystem.

I would rate Microsoft Defender for Cloud a nine out of ten. There is always room for improvement, but it is a highly effective solution.

We are a managed service provider. We use Microsoft Defender for Cloud to provide services to our customers.

Defender for Cloud provides a complete DevOps security package for cloud services. Defender covers a broad range of workloads. It helps us prioritize because it identifies critical alerts that we work to resolve. 

Microsoft Defender for Cloud has enhanced our security process by providing insights and critical alerts. We use it on our own managed platform. It has helped us gain some insights and realize areas for improvement. We have worked to resolve the issues highlighted by the alerts, improving our overall security posture.

While we are satisfied with Defender for Cloud's features, an AI enhancement could potentially provide better advice and adapt more effectively to our environment.

I have been using Defender for Cloud for about three or four months.

I haven't observed any outages with Microsoft Defender for Cloud. The stability is excellent.

The scalability of Microsoft Defender for Cloud is very good. I haven't experienced any issues.

I rate Microsoft support eight out of 10. Technical support is generally satisfactory, though call response times can occasionally be slow.

Positive

The initial setup was straightforward and easy.

We acted as the integrator, being a managed service provider. We haven't yet developed a strategy for implementing it in other companies.

Defender for Cloud provides an invaluable return on investment by preventing potential security breaches. The peace of mind it offers is difficult to quantify.

Pricing is a consideration, but we strive to keep costs low by enabling only necessary services.

We evaluated other products but focused on adopting a more cloud-native approach with Microsoft's platform.

I rate Microsoft Defender for Cloud nine out of 10. It's progressing well, although perfection takes time.

Public Cloud

Our primary use case for Microsoft Defender for Cloud is mostly security posture management.

Defender for Cloud has improved our security posture. Defender provides us with a prioritized list of security issues to remedy, which improves our security operations because we know what to tackle first.

The most valuable feature is the comprehensive overview across different workloads. It allows us to see protection not just across one workload, such as virtual machines, containers, infrastructure, or data, but across all our workloads. This overall visibility is really helpful. The recommendations and prioritizations help us understand what to address first.

I use the free CSPM functionality. I don't always use the recommendations because I'm sometimes scared to implement those immediately.

The range of workloads is broad, but we'd love to add more workloads and make it a single security solution that covers all those workloads. Covering more would allow us to see and protect more workloads from a single pane of glass. Additional features should include protection for more AI workloads as it currently focuses primarily on OpenAI.

We have been using Microsoft Defender for Cloud for two years.

The sustainability of Microsoft Defender for Cloud is quite stable, especially with the free tier we're using. It provides a lot of value for being free.

Scalability is still to be determined. We have deployed it across several workloads, but we'll need to see how it performs as we expand to more resources and workloads.

We haven't had to reach out to customer service or technical support yet. Therefore, I can't rate it at this moment.

Positive

I didn't use any different solutions previously. We opted for Microsoft Defender for Cloud due to easy integration with our other Microsoft products.

It was easy to set up as we enabled it across our workloads in Azure.

We handled the deployment ourselves without any integrator, reseller, or consultant.

Being a free tool, it provides visibility and insights into workloads that we wouldn't have had otherwise. This is definitely a good return on investment.

We only use the free tier, so we haven't faced any pricing, setup costs, or licensing challenges.

We didn't evaluate any other solutions as Microsoft Defender for Cloud integrated easily with our existing Microsoft products.

I would rate Microsoft Defender for Cloud a nine out of 10. It offers free insights and extensive visibility into workloads for a free product, which is great for us.

Public Cloud

Microsoft Azure

We use Microsoft Defender for Cloud to fill a gap temporarily by providing a platform solution for PaaS scanning, as there wasn't an enterprise-wide product available.

Microsoft Defender for Cloud offers a good range of workload coverage that effectively meets our current needs.

Microsoft Defender for Cloud enhances security operations by providing a prioritized list of remediation for security issues identified through Azure Policy and Sentinel. This integration offers unprecedented visibility into PaaS resources which we have not been able to do before.

It enhanced our security posture by enabling us to scan PaaS resources.

Microsoft Defender for Cloud has worked well coordinating detection and response across our devices, identities, apps, emails, data, and cloud workloads.

Microsoft Defender for Cloud is a valuable tool that integrates seamlessly with Azure Policy and our Security SIEM, simplifying implementation and enhancing security posture. Furthermore, its integration with Sentinel provides prioritized remediation steps for security issues identified through both Azure Policy and Sentinel, increasing visibility into PaaS resources and streamlining our security operations.

Microsoft Defender for Cloud could be improved by adding capabilities for NetApp files and more PaaS resources from other vendors, not just Microsoft.

I have been using Microsoft Defender for Cloud for a year and a half.

Microsoft Defender for Cloud is stable.

Microsoft Defender for Cloud is scalable.

Microsoft customer support has been great so far.

Positive

Microsoft Defender for Cloud is easily deployed using Azure Policy and a workspace.

So far, Microsoft Defender for Cloud essentially plugs the security gap we were looking to fill, so it has shown a return on investment.

Microsoft Defender for Cloud is pricey, especially for Kubernetes clusters. It could be cheaper. Wiz is a little better from a reporting perspective.

We did not evaluate other solutions because Microsoft Defender for Cloud was the easiest to implement under the circumstances and the most readily available. Otherwise, the application would have been subject to the standard intake and other corporate processes.

I would rate Microsoft Defender for Cloud an eight out of ten.

Public Cloud

Microsoft Azure

We use Defender for Cloud for workloads that involve large amounts of data.

It's cost-effective to create custom logs in Defender for Cloud. 

Defender for Cloud provides a prioritized list of remediations for security issues, reducing risk and improving security operations.

There is room for improvement in terms of cost-effectiveness when enabling every single log, including custom logs.

I've been using Defender for Cloud for a year and a half.

I have no issues with the stability of Microsoft Defender for Cloud.

Scalability is great, and I would rate it a ten out of ten.

It's hard to reach someone who understands my problems. I haven't had many issues, so I haven't called them.

Positive

I used an unspecified different solution before adopting Microsoft Defender for Cloud.

The solution is really easy to enable.

I interacted with a Microsoft representative for implementation, and the process was straightforward.

The setup costs are low because it's easy to enable. However, I'm not clear on other pricing details.

I didn't evaluate other solutions extensively before choosing this.

I rate Defender for Cloud 10 out of 10.

Hybrid Cloud