Microsoft Defender for Cloud Reviews

We use Microsoft Defender for Cloud primarily for security reasons, particularly focusing on cyber threats. It is utilized in the manufacturing industry.

The most valuable features of Microsoft Defender for Cloud include vulnerability management and threat intelligence. Additionally, security recommendations and attack surface reduction (ASR) rules are significant. ASR rules play a crucial role in attack surface reduction, where they ensure that asset devices are well-protected and streamlined for enhanced security.

There needs to be improvement in the security recommendations, particularly in attack path mapping. Sometimes, it misleads users about the real exposure of external-facing assets. It would be beneficial to streamline recommendations to avoid unnecessary alerts and to refine the severity of alerts based on specific environments or environmental attributes.

I have been using the solution for three years.

I have not experienced any difficulties or issues with the stability of Microsoft Defender for Cloud.

I would rate the scalability of Microsoft Defender for Cloud between eight and nine out of ten for our company.

I would rate Microsoft's technical support around seven to eight out of ten. They are supportive but sometimes slow, especially regarding new feature additions and managing their backlog.

Positive

I have not evaluated other solutions in this company before using Microsoft Defender for Cloud.

The setup is generally easy, particularly for Windows native operating systems. On a scale of one to ten, I would rate the setup an eight for Windows and a seven to eight for Linux devices.

Initially, the cost was reasonable, but additional services from Microsoft sometimes incur extra expenses that seem higher than expected.

Microsoft Defender for Cloud is compatible with the Microsoft ecosystem and provides decent integration with third-party tools. Overall, I would rate the solution an eight out of ten for its effectiveness and support.

Our main use cases for Microsoft Defender for Cloud involve scanning PCs.

I doubt that we are using the unified AI-powered security feature offered by Microsoft Defender for Cloud.

Microsoft Defender for Cloud's integrated XDR feature is not being used.

The GenAI threat protection features for Microsoft Defender for Cloud are not being utilized.

I don't appreciate Microsoft Defender for Cloud because it seems to interfere with many things. That's the problem I've been experiencing with it. Before Defender, we had McAfee, which was much better at granular exceptions and changing what it does. Microsoft Defender for Cloud doesn't have that granularity. I can't tell it to leave certain items alone while scanning others. Microsoft Defender for Cloud doesn't really provide that capability, which is a significant problem. It's been causing far more issues than McAfee did.

I think it's too new to have major concerns regarding security when deploying AI applications, at least from my perspective. Regarding scanning a PC, I'm uncertain about the concerns. The actions it takes on those scans might be part of it, but they already have defined policies. For example, if Microsoft Defender for Cloud thinks a piece of software is malicious, it deletes it. I don't believe that's necessarily the best approach. I would prefer it to quarantine the software instead. I think the option for quarantine might exist, but I'm uncertain if it could be modified for that. It probably depends on the threat level or what Microsoft Defender for Cloud perceives as a threat level.

Microsoft Defender for Cloud can be improved with more granular control. They need to examine what McAfee can do.

I think we've been using Microsoft Defender for Cloud for about four years now.

I've experienced performance issues with Microsoft Defender for Cloud.

In my opinion, Microsoft Defender for Cloud doesn't scale well with the growing needs of the organization. But again, it's just my experience.

Since I don't talk directly to Microsoft support for Defender, we just talk to our internal people who are supposedly the experts in it at the bank. I couldn't give an opinion on Microsoft's support.

I would prefer to bypass our internal people and actually go to Microsoft to get answers, but they won't allow us to do that.

Neutral

Prior to adopting Microsoft Defender for Cloud, we were using McAfee. Money is always a factor.

I didn't deploy Microsoft Defender for Cloud.

Agentless scanning for the cloud environment has not been enabled with Microsoft Defender for Cloud.

I don't know if I've seen a return on investment with Microsoft Defender for Cloud.

I have no idea about the pricing, setup cost, and licensing because I don't handle that.

I don't think anything else was considered before choosing Microsoft Defender for Cloud.

I would advise another organization that's considering Microsoft Defender for Cloud to shop around and make sure it's the best solution. This review has a rating of 5.

Information regarding the deployment model is not provided in the review.

Information regarding the cloud provider is not provided in the review.

My main use cases for Microsoft Defender for Cloud are client-end, as we are replacing our Sophos agents on our client computers with Microsoft Defender.

The feature of Microsoft Defender for Cloud that I appreciate most is the ability to view logs of applications, as I find it much clearer to understand what is running.

That feature benefits my company because we are a small company. Previously, we were running a Sophos agent that ran heavily on our computers, and switching over to Defender has made it lighter for us.

Microsoft Defender for Cloud has helped me manage and secure my multi-cloud environments, as we are hybrid-joined, and the insights it has provided are significant. For instance, we were able to identify sub-hosted IPs that were not even part of our segment from another client that our managed service provider was handling.

Microsoft Defender for Cloud can be improved because many of the functions involve multiple places to accomplish the same task, which can make it convoluted. It performs the same functions, but you have to navigate to different areas for different tasks, making it confusing at times.

I have been using Microsoft Defender for Cloud for approximately one year.

As for the stability and reliability of the platform, everything has been going well. I have no complaints and would rate it about an eight.

I would rate Microsoft Defender for Cloud's scalability with the growing needs of my company as approximately an eight.

I have not had to reach out much regarding customer service and technical support, so my thoughts are limited.

Neutral

The main differences between Microsoft Defender for Cloud and the other platform I was using involve deployment. Microsoft Defender for Cloud is not on the client-end, so it is not noticeable and not as taxing on system performance.

My experience with the deployment of Microsoft Defender for Cloud has been straightforward, as it went smoothly.

The biggest return on investment for me when using Microsoft Defender for Cloud is seen with end-users, as they do not reach out to us regarding issues where the underlying cause was our Sophos agent.

Regarding the pricing, setup cost, and licensing of the platform, what we have paid for is still to be determined, as we are about to renew our licensing at the end of this year.

So far, it has been affordable. In comparison to Sophos that we were running, we have found that it will wind up being approximately the same amount of cost.

I am currently considering Windows Defender.

I am not using the unified AI-powered security feature offered by Microsoft Defender for Cloud at this time.

I am not using Microsoft Defender for Cloud's integrated XDR features at this time.

I am not utilizing the enhanced AI threat protection features of Microsoft Defender for Cloud, as there are many AI features we have not explored yet.

I have enabled agentless scanning in my cloud environment.

It has been with Microsoft Defender for Cloud.

I assess the impact on my workload protection without the need for installing agents as really good, considering that it is running smoothly on the client machines without lag or any performance impact.

My advice to other companies considering Microsoft Defender for Cloud is to be aware that there is a lot involved and a lot of what it can do, meaning that you will need to conduct a lot of research and study training material. I rate my overall experience with Microsoft Defender for Cloud an eight.

Hybrid Cloud

Other

My main use cases for Microsoft Defender for Cloud cover several Azure solutions.

Microsoft Defender for Cloud is integrated with the entire Microsoft suite and does not require purchasing extra add-ons or additional applications.

Microsoft Defender for Cloud has benefited my organization by reducing the overall cost of the Azure package and providing greater peace of mind during off-hours to prevent problems.

Microsoft Defender for Cloud has helped me manage and secure my multi-cloud environment.

Microsoft Defender for Cloud has helped keep our environment secure.

Comparing Microsoft Defender for Cloud to other solutions on the market, Microsoft needs to push a little bit to improve it. It works and does what it needs to do, but other companies are offering more.

I have been using Microsoft Defender for Cloud for approximately two and a half years.

Microsoft Defender for Cloud is reliable and stable.

I have not experienced any malfunctions with Microsoft Defender for Cloud. We have never had issues. At the beginning, about three years ago, there were several issues, but currently we do not have any.

Before we started using Microsoft Defender for Cloud, we had been using other applications from third-party companies.

The experience of deploying Microsoft Defender for Cloud is very easy. It is basically only a matter of enabling it and specifying where you want to apply it. There is a basic customization option on the left side for focusing on what you want.

We are not using the unified AI-powered security posture feature.

We are using the XDR, but only for a specific solution due to the cost. If it is needed, we evaluate whether the cost benefits justify enabling and using the XDR.

When we enable the feature, we enable it to perform an analysis. It can provide you with a background check.

We are concerned about the information that the application can provide when deploying AI applications. We worry about any information the solution may give that it cannot usually provide in a correct way.

I would rate this product an 8 overall.

Microsoft Azure

My current use case for Microsoft Defender for Cloud is that we use it primarily for policy. In terms of migrating to Azure, our organization hasn't migrated fully. It has increased the attack surface, so our main use for Microsoft Defender for Cloud is specifically for policy.

The feature of Microsoft Defender for Cloud that I have found most valuable is the alerts, which are pretty standard for security. Microsoft Defender has this built in, so more people are coming to it. It's a very recognized brand and more people are coming through it.

We have a large number of customers in Azure, and using Defender means having less variable solutions.

It helps manage attack surface and security posture.

The UX and UI leave something to be desired. Users have more of a taste for Microsoft UI.

The value of Microsoft Defender for Cloud for our organization is notable, especially for our customers that are very security-conscious, as it's beneficial to have it there.

Microsoft Defender for Cloud's CSPM capability has helped our organization assess and manage security posture. The UX and UI is typical Microsoft, the access control takes some time getting used to, and now we just use it on those platforms.

An area where Microsoft Defender for Cloud could be improved is in getting away from having multiple menus that do the same thing, which seems imposing when looking at it. It has its upsides and downsides.

I have been using Microsoft Defender for Cloud for just over a year.

I've never directly dealt with technical support. 

Neutral

We did not use other solutions.

The setup is okay. In terms of ease, it's maybe the best out of the major three. 

I have seen a return on investment with Microsoft Defender for Cloud, as our posture is intact. While it may be somewhat confusing, it has decent feature parity among the major three providers, and businesses have been gradually discovering its potential.

The pricing is pretty standard. 

We use the stock option on a given cloud platform.

We use it just for customers on Azure. 

On a scale of one to ten, I rate Microsoft Defender for Cloud a seven.

Hybrid Cloud

We are a managed service provider. We use Microsoft Defender for Cloud to provide services to our customers.

Defender for Cloud provides a complete DevOps security package for cloud services. Defender covers a broad range of workloads. It helps us prioritize because it identifies critical alerts that we work to resolve. 

Microsoft Defender for Cloud has enhanced our security process by providing insights and critical alerts. We use it on our own managed platform. It has helped us gain some insights and realize areas for improvement. We have worked to resolve the issues highlighted by the alerts, improving our overall security posture.

While we are satisfied with Defender for Cloud's features, an AI enhancement could potentially provide better advice and adapt more effectively to our environment.

I have been using Defender for Cloud for about three or four months.

I haven't observed any outages with Microsoft Defender for Cloud. The stability is excellent.

The scalability of Microsoft Defender for Cloud is very good. I haven't experienced any issues.

I rate Microsoft support eight out of 10. Technical support is generally satisfactory, though call response times can occasionally be slow.

Positive

The initial setup was straightforward and easy.

We acted as the integrator, being a managed service provider. We haven't yet developed a strategy for implementing it in other companies.

Defender for Cloud provides an invaluable return on investment by preventing potential security breaches. The peace of mind it offers is difficult to quantify.

Pricing is a consideration, but we strive to keep costs low by enabling only necessary services.

We evaluated other products but focused on adopting a more cloud-native approach with Microsoft's platform.

I rate Microsoft Defender for Cloud nine out of 10. It's progressing well, although perfection takes time.

Public Cloud

We are using Defender for Cloud to check in on security and vulnerability management.

When we were switching from on-prem to the cloud, we did not have the vulnerability management tool to give us alerts on that. We were using Tenable Security Center on-prem. When we moved to the cloud, we needed a solution and chose Defender for Cloud. Now, when we do our vulnerability management meetings, we refer to Defender for Cloud recommendations. We can assign them to technicians or security personnel in case we need to change policies or make exceptions. It is set up to ensure only security personnel can dismiss a recommendation.

It lists the criticality that is the most insecure for our environment and the criticality score for it. This is helpful for us to know what we need to deal with first.

Defender for Cloud has improved our security posture. 

The most valuable features are the security recommendations provided by Defender for Cloud.

Tenable Security Center has a list of all of our vulnerabilities. I can sort it by vulnerability or by machine. Defender for Cloud does do that, but it is just not as clean and easy to get to. It sometimes gets too deep in the weeds, and I do not know how I got to that point. If they had an easier way to display all the vulnerabilities of the machines affected and remediation steps on one screen rather than having to dive deep into each of them, that would be a lot easier.

There can be an easier-to-read dashboard. It would be nice to be able to see the top ten vulnerabilities that we have specific to a system on the dashboard. We can view the security score currently, but a cleaner and simpler display would be good.

I have been using Defender for Cloud for three years.

It is pretty stable and feels solid.

We have struggled with Microsoft customer service quite a bit. While experts are a ten, the overall experience is not always positive and we have had to make a complaint. When we are able to get to a call with their experts, it is great, but it can take time to get to that level. We have had to raise a ticket for the same thing about three times.

Positive

We were using Tenable Security Center on-prem. We switched because we were moving to a Microsoft-centric cloud solution.

It was easy. The setup was handled by a technician who did not report any significant issues.

We did not use any third party for deployment.

We have seen a return on investment, but I cannot quantify it.

We did not evaluate other solutions because we were only looking for a Microsoft-centric solution.

I would rate Defender for Cloud an eight out of ten.

I am closely dealing with alerts related to cloud workloads. We are integrating the alerts that pop up for different services to analyze the gaps in our Azure landscape. We then assess what we need to close and what makes sense for our environment because not everything is applicable. It depends on our company's requirements as well. We plan the strategy for how to close those gaps. There are different mechanisms for how you deal with those security alerts.

We are using the Microsoft Azure Security Benchmark along with the CIS Benchmark. We rely quite heavily on these benchmarks, and I would rate the CSPM functionality a nine out of ten. Most recommendations are focused on generic security gaps, but overall, those recommendations are very good from the security aspect, irrespective of the industry.

It is pretty good in terms of the range of workloads covered. It covers most of the IaaS infrastructure that Azure offers and most of the PaaS services that we are using. I cannot recall any service that we are using for which Microsoft Defender for Cloud does not have recommendations.

We have integrated the alerts that we are getting from Microsoft Defender for Cloud with our on-premises Splunk solution. We capture those alerts. They are integrated via Microsoft Events Hub. It acts like a queue and pulls those alerts from Microsoft Defender for Cloud and then sends them to Splunk. This integration helps our global security team to figure out which alerts are critical. They can then reach out to the owner of an asset.

Microsoft Defender for Cloud helps in improving our overall security posture. We have a nice overview of what is missing where and what can be improved.

Without Microsoft Defender for Cloud, we will not have any visibility into our security posture. The way on-premises things work in our company is complex. We have ten different tools for ten different categories. We have one tool for vulnerability assessment and one for patch fixing. Microsoft Defender for Cloud is a single integrated tool. It gives me a holistic overview of my whole security posture.

The most valuable features are the different plans it offers and the visibility within them, such as the Defender for Servers plan includes capabilities for vulnerability findings on machines and configurations at the OS level. They have different plans for different things. We are utilizing all of them, and they are equally good. 

Currently, issues are structured in Microsoft Defender for Cloud at severity levels of high, critical, or warning, but these severity levels are not always right. For example, Microsoft might consider a port being open as critical, but that might not be the case for our company. Similarly, it might suggest closing some management ports, but you might need them to be able to log in, so the severity levels for certain things can be improved. Even though Microsoft Defender for Cloud provides a way to temporarily disable certain alerts or notifications without affecting our security score, it would be better to have more granularized control over these recommendations. Currently, we cannot even disable certain alerts or notifications.

There should be an automated mechanism to design Azure policies based on the recommendations, possibly with AI integration. Instead of an engineer having to write a policy to fix security gaps, which is very time-consuming, there should be an inbuilt capability to auto-remediate everything and have proper control in place.

Additionally, enabling Defender for Cloud at the resource group level, rather than only at the subscription level, would be beneficial.

I have been using Microsoft Defender for Cloud for five years.

Overall, stability is good. However, Microsoft sometimes changes settings or configurations without transparency. These changes, detected as drift by our infrastructure as a code tool, require unnecessary work. I suggest Microsoft maintain default settings as per the existing configurations during updates to save us from having to do unnecessary work.

Scalability is generally good, but it also depends on the customer's implementation. We are using infrastructure as a code, so we do not have any scalability issues with Microsoft Defender for Cloud implementation because our cloud automatically does it.

If a new subscription is created manually, the configuration is manual too. An automatic toggle for new subscriptions would ease scalable deployment.

From a scalable perspective, if your company has hundreds or thousands of subscriptions, there should be some toggle to automatically scan your new subscription and turn different plans on. This is something they can take into consideration.

Customer service and support from Microsoft are very poor. Even for high-severity cases, response or resolution time can extend to three or four weeks. Often, cases are transferred between teams with no resolution, resulting in a negative experience. We end up closing the case or resolving it on our own. I cannot recall any instance where they managed to quickly resolve any issue. 

I even suggested to my top management to give me one percent of what they are paying for Microsoft's enterprise-level support because I anyway end up resolving the issues on my own. Our case just gets transferred from one engineer to another. We have to explain the same thing from scratch. Nobody is checking case details. Nobody is handing over properly on Microsoft's side. The support experience is very bad.

Negative

I did not use any other solutions. Because we use Azure, we prefer to use Microsoft's native, built-in capabilities. That is why we have been using Microsoft Defender for Cloud from the beginning.

The initial setup was simple and straightforward. From a configuration perspective, it is not so complicated. It involves enabling the service at the subscription level, which requires turning on basic toggles.

My team implements these solutions. All new requirements pass through our team.

The pricing model for most plans is generally good, but the cost of the new Defender for Storage plan is high and should be revisited, as it could lead to disabling desirable security features due to cost.

They have introduced a new Defender for Storage plan which they are going to mandate for new workloads. They might already have done that, but it is very costly for users needing additional capabilities. The licensing cost is per storage account irrespective of whether it is enabled or not. Previously, the model for the same service was based on transactions. If you had one million transactions, you were charged according to that. If you had only 10,000, you were charged according to that. Making the new storage plan mandatory is not a good idea from a customer perspective. We did our analysis and compared the new storage plan with the old one. We found that the cost with the new plan is 3.5 times higher. Why would I opt for that as a customer? If it becomes mandatory, we might even disable the plan altogether. We will end up losing certain security alerts that we want to have because of the cost aspect. This new plan should not be enforced, and the customers should have the flexibility to decide.

Another thing is that Microsoft Defender for Cloud is always enabled at the subscription levels. When it is enabled at the subscription level, everybody is charged for it. In the future, there should be more granularity so that under the same subscription, different teams can put their resources. Whoever wants to utilize these capabilities can enable them in their resource group. This will help save costs. Teams will be happy because they will be able to utilize these tools as per their requirements. 

I would rate Microsoft Defender for Cloud an eight out of ten. The solution is quite good and addresses many security gaps. It is the starting point to improve the security of your Azure platform. You can introduce other solutions such as Microsoft Sentinel later. If you start with just Microsoft Defender for Cloud, about 75% of your security gaps will be addressed. After that, you can think of some advanced solutions.

In my experience of working with Azure, teams are not utilizing this solution to its fullest capability. It has so many plans and recommendations to offer, but most of the people do not understand it.

Public Cloud

Microsoft Azure