Microsoft Defender for Cloud Reviews

I use Microsoft Defender for Cloud mainly for cybersecurity, threat prevention and detection, and implementing zero trust principles. It serves as an endpoint security tool for securing our cloud services.

The tool's most valuable feature is its support for cloud-native services like Kubernetes, containers, managed storage, and databases. Protecting these without Microsoft Defender for Cloud would be extremely challenging. For threat protection specifically, I find the signature-based detection and heuristic detection features very effective.

The compliance management features integrate well with Cloud Security Posture Management (CSPM), giving a full view of infrastructure compliance with regulations like HIPAA, PCI DSS, and ISO 27001.

For improvements, I'd like to see more use cases integrated with Microsoft Sentinel and support for multi-cloud environments beyond just Azure.

I have been working with the product for a year. 

Regarding the stability of Microsoft Defender for Cloud, I would rate it lower due to some issues. Sometimes, the portal is not easy to access as it's Internet-based. We face delays while accessing the portal, which can be challenging. This could be due to Internet latency or other issues. However, from the solution perspective, it is quite stable.

I rate the solution's scalability an eight out of ten. My company has 4000 users. 

The initial setup was somewhat challenging - I'd rate it a three out of ten in ease of setup. Understanding the solution and ensuring all use cases work with Microsoft Defender for Cloud was challenging, but once you get the hang of the cloud, it's straightforward to set up. It took about a month to deploy, with three to four people involved in the project phase. Now two people manage it.

The deployment process was quite simple, as we're using Microsoft Azure Cloud. It involved activating the subscription as part of the license.

Integration with our existing infrastructure was mostly smooth, with some resolved certificate signing challenges. Overall, it was quite smooth.

Regarding return on investment, Microsoft Defender for Cloud is fulfilling its purpose. There's always room for improvement, and Microsoft is working on it. They regularly introduce new features, and their business development team is active in engaging customers about new features and benefits.

We decided to go with Microsoft Defender for Cloud because of its ability to cover cloud applications. No other tool we've seen has such vast coverage for Azure Cloud applications. Also, since it's a Microsoft native tool, it's easier to implement in Azure cloud.

Overall, I would rate Microsoft Defender for Cloud eight out of ten.

My advice for other users using the tool is to first do a proper risk assessment around the cloud, develop use cases based on the protect-identify-detect-defend model, and then implement the solution accordingly.

We use Microsoft Defender for Cloud to manage our cloud security posture. We also use Container Protection, which provides additional security for our containerized workloads. This gives us the visibility we need to ensure that our cloud resources are secure.

We use Microsoft Defender for Cloud to natively support Azure Cloud.

Microsoft Defender for Cloud's ability to protect our hybrid environments is definitely critical because we are on the journey of transitioning from hybrid to the cloud. In order to do that, we need a platform that can help us through the transition.

The solution's unified portal is essential for managing and providing visibility across our hybrid and multi-cloud environments. Visibility is something that every security operation needs and it gives us leverage to improve our security posture. This is great.

The single pane of glass view is critical for our organization. This is because we previously used a different platform, so we are all familiar with its features and how to improve upon them. Our heavy investment in Microsoft products made Defender for Cloud a natural choice.

Our goal is to increase our secure score. As we take steps to mitigate risk, our secure score will increase, giving us the feeling that our cloud resources are secure.

Microsoft Defender for Cloud significantly improves security operations. Instead of having to look at multiple windows or portals, it provides a single pane of glass for the investigation and remediation of cloud resource risks.

Microsoft Defender for Cloud helps us proactively discover unknown threats and defend against known threats. It also helps us improve our security posture and defend our cloud resources. We do not normally have external Internet-facing resources, but when we do, Microsoft Defender for Cloud helps us meet compliance requirements.

DSPM is the most valuable feature. It integrates with standard frameworks, so we can easily see if there are any gaps in our compliance with NIST standards. This allows us to identify areas for improvement and ensure that we are meeting all applicable requirements.

I would like to have the ability to customize executive reporting.

I have been using Microsoft Defender for Cloud for five months.

In the short time we have been using Microsoft Defender for Cloud it has been stable.

Microsoft Defender for Cloud is scalable, and we have not yet needed to scale it up.

We previously used Prisma Cloud, but we switched to Microsoft Defender for Cloud due to internal business decisions. We have since merged with a company that also uses Microsoft Defender for Cloud. We want to leverage the licenses from the merged company and also cut costs in our security portfolio.

The implementation was completed in-house. The solution's maintenance is easy.

I give Microsoft Defender for Cloud an eight out of ten. We have not used all the modules yet.

The time to detection has remained relatively the same.

Our time to respond has remained the same because we previously used Prisma Cloud. Prisma Cloud is what we were using before, so we already have an established service level for handling incidents. We are remediating some of the configuration and cloud issues.

The primary users of the solution in our organization are the automation team and the software engineering team. We have also migrated some of our ERP systems to the solution.

I recommend Microsoft Defender for Cloud because it is a mature product that can meet most businesses' security requirements and budgets.

We use Microsoft Defender for Cloud primarily for cloud security management, which includes vulnerability management. In a security environment, managing vulnerabilities is a top priority. Defender for Cloud helps identify and mitigate these vulnerabilities and protect against threats like viruses, worms, and spyware.

It offers virus management and addresses threats such as viruses, worms, spyware, and other critical security concerns.

Support needs to be highly responsive, especially in large enterprise environments. When support is required, it must be immediate, as there could be urgent situations. For instance, prompt resolution is essential if there's a critical issue like a global cyber threat that impacts networks worldwide.

If our team encounters such a problem and needs assistance, we require a support team that can provide immediate, hands-on help to resolve the issue effectively. Quick and expert support is crucial for managing high-level emergencies and ensuring smooth operations.

I have been using Microsoft Defender for Cloud for 25 years.

It is useful for small companies as well. It provides robust security without requiring a dedicated, highly qualified team to manage it.

The solution is scalable. It is suitable for large enterprises. 

I rate the solution’s scalability a ten out of ten.

The solution is easy to setup and configure.

Deployment of Microsoft Defender for Cloud is typically based on the infrastructure size, including factors such as the footprint, network, and devices that need protection. When deploying Microsoft Defender for Cloud, agents must be installed on various devices within the network, including servers, desktops, and other appliances that require protection.

Specific government protocols and security standards must be followed in a secure environment. Microsoft Defender for Cloud helps manage vulnerabilities in your cloud infrastructure. It offers protection against threats such as worms, spyware, and viruses. The tool provides continuous monitoring and real-time threat detection, which is essential for maintaining a secure network environment.

Overall, I rate the solution an eight out of ten.

Defender acts as a CSPM solution, a post-share management solution for cloud security. We use it to find weak spots in our cloud configuration and strengthen the overall security posture of our cloud environment. With this particular tool, we seek to protect workloads across various environments. We have about 3,000 endpoints and 100 users in the United States alone. 

Defender gave us more substantial visibility into our security, helping us increase our overall security posture and manage risks throughout the entire organization. It helps us make decisions about specific kinds of risks. If we see a glaring vulnerability, we can determine whether this is an acceptable risk or something that requires urgent action. The risk level determines our investment and budgeting, and the amount of work needed to remedy that. It provides a lot of valuable information for informing our comprehensive risk management strategy.

The solution does a pretty good job of finding previously unknown threats. It helps keep us aware of the kinds of threats that are out there and how we could potentially be impacted. Defender gives us a high level of information about unknown or zero-day threats. It's sometimes hard to gauge whether everything is there because the report is customized based on our infrastructure and what might be pertinent to us.

They've always notified us when there was a zero-day threat. I think there have been a few instances where they altered us about a new threat before it was publicized, which is a good sign that they value us as a customer. They've warned us about something before releasing it to the wider public.

Defender improved our SOC efficiency and saved us from having to add more personnel on the SOC side. It definitely improved that whole area, giving us the bandwidth to work on other things. Defender reduced our detection time because they are proactive about notifying us. I haven't seen too much of a time lag. There were a few instances, but it was never something critical where we had to call them out and ask if this was an issue or something. 

Time-to-response has also gone down. The sooner we get the notification, the quicker we can jump on something. It helped us respond to any potential breach or attack faster. 

It also saved us money because we don't need to deploy a second product to get some additional coverage. It also saved us from adding more security staff. Overall, it has had a positive financial impact on the company. 

The vulnerability reporting is helpful. When we initially deployed Defender, it reported many more threats than we currently see. It gave us insight into areas we had not previously considered, so we knew where we needed to act.

Defender's ability to protect multi-cloud environments is essential for us. Our company's offerings are based on tasks, and these cloud service providers are critical infrastructure for us. If anything bad happens, it compromises our services. We need to understand and improve our posture.

It also seamlessly integrates with Sentinel. It was fairly easy because we already leveraged Microsoft 365 earlier, so adding the Sentinel piece was pretty quick. It took a day to figure out and go ahead with the actual deployment. This integration with 365 and Sentinel provided timely intelligence over time. It becomes a problem if we don't get a threat notification in time. They are highly proactive about delivering that information in the initial alert and backing it up with more details as the situation develops.

Microsoft has a relatively sizeable threat-hunting group constantly digging up many things. That helps because it gives us confidence if we face some threats that not many other players are exploring. With this particular product, we're confident they'll let us know where we stand. 

Microsoft sources most of their threat intelligence internally, but I think they should open themselves up to bodies that provide feel intelligence to build a better engine. There may be threats out there that they don't report because their team is not doing anything on that and they don't have arrangements with another party that is involved in that research. 

Opening up to more collaboration with different entities in the private or public sector would help them feed more information to the customers and improve their security posture. More partnerships with other players who can feed them intelligence will help them develop the engine powering this product, ultimately benefiting every customer who uses it. 

I have been using Defender for Cloud for about a year and a half. 

We've had a positive experience overall with Defender's unified portal. We seldom see any bugs. Sometimes, there is a lag in the reporting and some inconsistencies with our searches, but it's rare. There were some periods when their service was not running properly.

While there hasn't been a significant outage, we've experienced some performance degradation where Microsoft notified us that they were having a problem. They informed us ahead of time when there are issues, but I've never had a complete outage thus far. 

Defender for Cloud is scalable, given the licensing model. The performance doesn't suffer under a heavy workload. Many organizations I know have a massive workload, and they're still leveraging Defender without any issues. I rate Defender an eight out of ten for scalability.

I rate Microsoft support an eight out of ten. Their support is great, so we have no complaints. They were responsive when we had issues.

Positive

We used SentinelOne only for endpoint threat detection. That's probably the closest competitor. We haven't used any other solutions besides that. 

Setting up Defender for Cloud was relatively straightforward. We worked with a person assigned from Microsoft, who gave us a walkthrough of the steps we needed to take.

Defender doesn't require much maintenance after deployment other than a few pieces of infrastructure we have internally. We need to monitor the solutions to check alerts and security advisories, but we've never had to deal with any maintenance.

We ended up using a reseller. They were good. I used them for other vendors, and we've had a productive relationship working on multiple initiatives. This one was nothing new. 

They have a free version, but the license for this one isn't too high. It's free to start with, and you're charged for using it beyond 30 days. Some other pieces of Defender are charged based on usage, so you will be charged more for a high volume of transactions. I believe Defender for Cloud is a daily charge based on Azure's App Service Pricing. 

It's a negligible cost if your usage isn't that high, like a few cents. It's appealing for people to try it. If you don't plan to use it much, you won't have a high bill.

Other options were considered, but it came down to the level of value we would get from a holistic vulnerability intelligence product like Defender for Cloud. Also, Microsoft products are pervasive, with a much broader customer base. That was a deciding factor. We saw much more potential from Defender compared to the alternatives. Even though the competition solutions may have functioned better in terms of providing more intelligence, other factors weighed in favor of Microsoft Defender.

I rate Microsoft Defender for Cloud an eight out of ten. I recommend doing a PoC. You shouldn't implement something after only reviewing the documentation and marketing materials. Put it through a PoC for a month at least to get a feel for how it functions and whether it satisfies your requirements. 

Defender for Cloud is a unified platform. Within that, you have Defender for virtual machines, Defender for Servers, Defender for App Services, and Defender for Containers. It is a centralized solution, which you can leverage to bring your security practices in place so centralized security auditing can be done. 

You can use it for approximately 90% to 95% of Azure workloads for infrastructure, platform as a service, or database as a service. You can use it for all these.

I am working for a service-based company. We provide Azure Cloud Services. We are a Gold-Certified partner from Microsoft in the GCC region. We are the only ones for whom Microsoft hands over their business. 

We mostly use it for public cloud, but it can also be used with hybrid cloud and on-premises. We also use private clouds with government entities.

We have had many customers where we deployed this solution. They are secured and guarded by this solution, so they are happy now.

It can be done as a multi-regional deployment.

It can be used to secure GCP, AWS, and your on-premise infrastructure. You need a security solution like Defender to secure any type of workload. Your workload may consist of infrastructure, platform, database, or anything in between those. Obviously, you want it to be secure from day one. When you start from anything on the cloud, you want it secured right away. If it is not secured, then you are at risk of a data breach. There are many security issues, which is why it is important to secure your application infrastructure from day one. This is 100% important.

Most customers have an on-premises ITSM solution. If they want P1 or P2 tickets to be initiated, then within Defender for Cloud, it will trigger the ticket or invoke the ITSM solution. Also, they can use SMS- or email-based ticketing. If they don't have anything, then they can utilize the dashboard provided by Defender for Cloud and get everything from one place.

If you don't have this solution then you will be analyzing things with some sort of algorithm or writing some code, then your team will be monitoring emails or some kind of logs every day. When you have commissioned Defender, you have these things visible already on your dashboard. This gives the efficiency to the people to do their actual work rather than bothering about the email, sorting out the email, or looking at it through an ITSM solution, whey they have to look at the description and use cases. Efficiency increases with this optimized, ready-made solution since you don't need to invest in something externally. You can start using the dashboard and auditing capability provided from day one. Thus, you have fewer costs with a more optimized, easier-to-use solution, providing operational efficiency for your team.

Within a SOC team, you monitor tickets and emails, but you cannot automate them unless your company bought some solutions. In the case of Defender, a solution is already provided. You just need to extend it per your needs.

All of the features are valuable. When you are designing a solution, you are designing not only the infrastructure but designing the application solution and database. On top of that, you are designing the connectivity solution. Defender takes care of all kinds of security, starting from infrastructure to platform to database. All of them are useful, depending on the workload of different clients. 

I work at a service-based company. We use this for almost all our customers. Usually, it will be on your infrastructure, which is a virtual machine and needs an antivirus solution. Then, if you have a platform as a service, you would need OWASP 10 security. All of these are given.

When you commission Defender for Cloud, it provides a portal. The portal has auditing and tracing capabilities. If you want to secure your virtual machines, then you can enable the RDP port by default, if you don't have a security solution. Now, when you are using Defender for Cloud, you can access the machine on an ad-hoc basis through Defender for Server, where you are securing your application. Then, even if someone gets into your account, they still cannot enable RDP. 

The portal provides you with auditing and logging capabilities. Along with that, there is a machine learning algorithm. You can even have your own workbook, where you can write in Python, then you can bring it into Defender for Cloud where you can do the injection, verification, and blocking of IPs. 

It offers a ready-made solution. In addition, you can enable a customized workbook, which will secure your application. Therefore, you are provided a portal, customer facility, and in-built security from day one and can start using it.

Microsoft works day in, and day out to look for new vulnerabilities happening in the market, which cannot be resolved with human intervention. Every day, they keep searching for vulnerability signatures in the market, then adding those. They automatically get built into Defender for Cloud. For example, there are some vulnerabilities that have been going around. If you are on-premises, then you need to download the signatures out there, then your antivirus software should be capable enough to identify them. With the Microsoft platform, the signature is already provided from Microsoft, i.e., Datastore. This is by default enabled as soon as Microsoft figures it out. This is the first thing that it provides.

The solution could extend its capabilities to other cloud providers. Right now, if you want to monitor a virtual machine on another cloud, you can do that. However, this cannot be done with other cloud platform services. I hope once that is available then Defender for Cloud will be a unified solution for all cloud platform services.

I have been using it for more than three years.

The maintenance part is taken care of by Microsoft. The platform's responsibility lies with Microsoft, not with the customer.

Stability-wise, it is stable.

it can be extended to multiple regions as well as to on-premises.

When upgrading the solution, by default, no technical support is required. If it is required, it will then depend on your SLA, i.e., what kind of agreement you have. You may have an eContract, CSP, open agreement, or a normal one by default. Microsoft uses that SLA to deliver the solution at a particular time. 

I would rate the technical support as 6.5 out of 10. In general, you don't need to reach out to Microsoft's support.

Neutral

Before Defender for Cloud, the solution was on-premises or some kind of third-party managed solution that we bought from the Azure portal. This integration had issues because you needed to go through the VPN tunnel, look for your solution, raise a ticket, and then have your teams look at the logs and ticket. If you had some networking issues or a major security issue, your ticket would not be raised.

There have been a couple of customers who start on their own with their own tenants. Then, at a certain time, they figure out that something wrong has happened, e.g., a hacking issue or a security breach. They then come to us through Microsoft because their security appliances and security practices are not proper, asking us, "Can you please help us to secure them?" 

The first step is to start securing their virtual machine. So, you enable Defender for Cloud. From the first instance, all their workloads are automatically added and enabled by default. So, if a customer is not secured enough when they go for Defender for Cloud, then it will automatically enable all kinds of security practices for them. Anyone can enable it. You can have Defender as the front face security for your cloud. Because of this, all our clients are secure.

This is a cloud service. It is provided as a platform as a service. So, it is not infrastructure or something which you deploy. No configuration is required by default.

Azure Sentinel is a SIEM solution. Within the SIEM solution, you get logs. On top of that, you receive some kind of tracing. You then have your runbook. So, the integration is very easy. It is just click, click, and click. You can integrate it within five seconds. Azure Sentinel also takes care of Defender. This means that when you go into Azure Sentinel, you say, "I want Azure Sentinel to have whatever logs you have in Defender." Whatever workload is secure, you want to have the auditing part of that in Azure Sentinel, then you want to trigger or invoke something. Therefore, it just takes five to 10 seconds with three clicks, then it is enabled for you.

The external integration component has been provided. You have a ready-made appliance where you download the appliance and install it onto that particular machine, then it will start monitoring your virtual machine. This is easier on the Azure side to integrate. With on-premises, you need to download something called Agent. You download and execute that, then everything is connected. You just provide the security token already shown on your portal, then you integrate.

We have seen a 50% reduction in costs.

It is a ready-made solution that you just start using from the day one until whenever you want to use it, paying as you go. Or, you can do either a one-year or three-year RI.

Pricing depends on your workload size, but it is very cheap. If you're talking about virtual machines, it is $5 or something for each machine, which is minimal. If you go for some agent-based solution for every virtual machine, then you need to pay the same thing or more than that. For an on-premises solution like this, we were paying around $30 to $50 based on size. With Defender, Microsoft doesn't bother about the size. You pay based on the number of machines. So, if you have 10 virtual machines, and 10 virtual machines are being monitored, you are paying based on that rather than the size of the virtual machine. Thus, you are paying for the number of units rather than paying for the size of your units.

In case you want your own signatures in-built, you have the workbook where you can enable it to couple with your Defender solution. It will start analyzing your specific algorithm or signature. If there is data specific to your organization or your developer knows something that no one else knows, and you want to restrict that. So, you have a free hand to customize it and a standard way is already provided. Every day, you will get a security update by default. You don't need to bother doing it manually. This has already been given to you free of cost. There are no costs other than the Microsoft workload itself.

If you have the solution with Microsoft Azure, then you will not need to look at other products. For on-premises, we were also using F5.

When you are designing the solution, you should activate the solution from day one.

I would rate this solution as 8.5 out of 10.

We typically use Azure Defender for securing our infrastructure-based virtual machines and database solutions on the Azure subscription. We've integrated a couple of the Defender agents into our on-premise servers too.

Azure Defender has improved our overall security posture. In particular, Defender's exploit protection mechanism protects our servers from unseen threats like process memory attacks, hash theft, or any direct script-based attacks.

Defender is just one component because the organization also uses endpoint security solutions and firewalls. This product is not an endpoint solution. It usually operates at the server level, improving the posture of the Azure cloud environment. Our end-users never deal with Azure Defender. It's purely on the administrative level. The server administration team handles it, so the end-user has nothing to do with it.

Defender is a robust platform for dealing with many kinds of threats. We're protected from various threats, like viruses. Attacks can be easily minimized with this solution defending our infrastructure.

The entire Defender family requires a little bit of clarity. There is a lot of confusion in the market, especially on the end-user side but also on the consulting side. Microsoft has launched four or five Defender products, including Azure Defender, which Microsoft renamed Defender for Cloud. They also have Defender for Identity, Defender for Endpoints, and Defender ATP. It isn't very clear.

I would suggest building a single product that addresses endpoint server protection, attack surface, and everything else in one solution. That is the main disadvantage with the product. If we are incorporating some features, we end up in a situation where this solution is for the server, and that one is for the client, or this is for identity, and that is for our application. They're not bundling it. Commercially, we can charge for different licenses, but on the implementation side, it's tough to help our end-customer understand which product they're getting.

I've been using Defender for Cloud for more than a year.

It's hard for me to talk about the stability of Defender because, in my experience, "stability" is not a word that is relevant to security. A security product is either good or bad. It protects me, or it doesn't. There is no middle ground.

If we are talking about crashes or other issues, I don't see any problems, and the scalability is fine. We can protect storage, key vaults, SQL servers, etc. Defender can protect eight or nine Azure services, and it all works fine, but it would be great if all Azure services could come under the umbrella of Azure Defender. 

For example, we use Defender to protect our SQL databases, but not all of our databases are Microsoft. I have to search for another security solution for the same database vertical because it's not a Microsoft database.

I am a solution designer and architect, and I incorporated Defender for Cloud into three different projects. The smallest had more than 200 virtual machines and 20 database servers plus a couple of Kubernetes and container environments. The largest is around 600 virtual machines on-premises and on Azure, and around 10 web applications, a couple of key vaults and databases, and some storage.

I have contacted Microsoft support, but I haven't opened any tickets for Defender so far. Generally speaking, Microsoft Azure support is quite good. 

The time needed for the initial deployment phase depends on the requirements, but generally, the deployment is quite fast because it's a cloud-native tool. They have just upgraded the Azure Security Center to add Defender.

When talking about cost versus value, you have to consider Defender in the context of Microsoft's cloud solutions as a whole. It's a cloud-native tool, so why is Microsoft charging so much? 

The features are good, but Microsoft created Azure, and they provide monitoring and backup solutions. It's also Microsoft's responsibility to offer security solutions, so why do they charge so much? Why isn't it incorporated into the old security center products? It should typically come with the security center. 

Defender for Cloud is pretty costly for a single line. It's incredibly high to pay monthly for security per server. The cost is considerable for an enterprise with 500-plus virtual machines, and the monthly bill can spike. 

If we're just dealing with servers and Azure infrastructure, then Defender for Cloud is the way to go. But if we want to cover endpoints, emails, and other entry-exit points, then we need to think about another solution

Symantec and a few other tools have end-to-end solutions that protect everything in a single console. You can't do that with Defender for Cloud. Depending on the client's requirements, Defender might not be the best option because it might not cover all the use cases that a client needs.

It's good for clients who are mainly or entirely dependent on Azure resources. If a client's infrastructure is more than 70 percent Azure, it's a good product because it has native control by Microsoft only. In other cases, it's a challenge. The product is good if you're working entirely within a Microsoft, like Windows Server, Azure services, or Office 365 services, but you run into a problem the moment you start going into macOS, iOS, Android, Linux, etc. 

The agent installed there for Defender works differently. But on the flip side, a competitor's product never addresses the spatial bias on Windows. Every product line is the same. Their agents behave the same way on Linux, macOS, iOS, Android, and Windows. That is the fundamental difference I see.

I rate Defender for Cloud eight out of ten. I would recommend it depending on your use case. It's a single solution that can address mixed infrastructure that includes on-premises, AWS, GCP, or Azure. Defender can provide security for all four.

My client, a construction company, needed to replace their antivirus solution, including their Azure and on-prem services. They decided they wanted to use Defender for Cloud, so I started to implement it for them. The license for their antivirus software was about to expire, and they didn't want to spend much money. They opted for Defender for Cloud to replace Symantec. System Center (endpoint protection), Security Center and Advanced Threat Protection were all consolidated into one product called  Defender for Cloud. 

The company I worked for was divided into several teams. We had an Azure Infrastructure team and workplace teams providing local on-premise services. The client was the biggest construction company in the country, with multiple locations. 

The strong point of Defender, especially when using Azure Arc to bring in on-premises systems, is that it doesn't matter where these systems are. They're just resources in the portal. If you see them and can install agents on them, it's fine. It doesn't matter how it's distributed or where the locations are. 

I believe that Microsoft Defender for Cloud raised our client's Microsoft Security Score to around 79 percent. That includes other security components. It's not just antivirus. There are all sorts of things that contribute to the score, for instance, the use of public IP addresses on VMs.

Our clients also saw some financial benefits because they didn't need to renew the Symantec license, but the biggest benefit was the ability to install Defender on Azure and on-premises machines from a single point.

Defender lets you orchestrate the roll-out from a single pane. Using the Azure portal, you can roll it out over all the servers covered by the entire subscription. Having that unified portal was nice, but it was a challenge. We first implemented Azure Arc, which allowed us to incorporate our on-prem machines like they were actual Azure resources. The single-pane-of-glass management is highly practical. We are accustomed to managing systems across different portals or interfaces, so it's convenient to do it from one place. That's a bonus, although it's in no small part thanks to Azure Arc. Defender then takes all the services it finds in Azure Arc and it rolls them out seamlessly as long as they ause Server 2016 version or above.

It's a severe issue when you need to install Defender for Cloud on Microsoft operating systems older than 2016. Operating systems released after 2016 will seamlessly integrate with Defender with no problems. Older operating systems don't integrate smoothly. The 2012 operating systems will continue to be used for years. The 2008 systems will be phased out, so that won't be a problem for long, but you need some quick fixes to install on a 2012 OS.

The older the operating system, the more difficult it is to detect if the solution is working. That was a significant problem. It works fine on a newer OS. On the older ones, we had to do some tricks to determine if it was correctly deployed and working since the integration of Defender in the older OS is a lot less. Microsoft couldn't help us with that.

Another thing is that Defender for Cloud uses more resources than for instance, CrowdStrike, which my current company uses. Defender for Cloud has two or three processes running simultaneously that consume memory and processor time. I had the chance to compare that with CrowdStrike a few days ago, which was significantly less. It would be nice if Defender were a little lighter. It's a relatively large installation that consumes more resources than competitors do.

I have been implementing Microsoft Defender for a large construction company. We started the contract about three or four months ago. I was only responsible for the installation. We aren't the team that monitors or maintains the solution. That was not my task. We were just responsible for installing it and ensuring it worked on every machine.

Defender is relatively stable as far as I can tell. It works great except for the issues with older operating systems. In some cases, you may need to come up with a workaround. 

The solution is scalable if you activate the Defender plan for all servers and containers. When you deploy new ones, it automatically picks them up and installs the components. It's perfectly scalable in that sense.

I rate Microsoft support five out of ten. You can open up a support ticket and get into Microsoft's general support chain. You need to explain the issue, and they'll get back to you. Nine times out of ten, you will get someone new and need to explain the situation again. That doesn't help much. In the end, we had to fix it all ourselves.

We had a contact at Microsoft Amsterdam who was helpful. He was more of a sales contact. He told us the best approach and turned out to be correct.

Neutral

It wasn't my decision to go with Defender for Cloud.  That doesn't mean that I would've chosen anything else per se, but those decisions are made on the managerial level. 

Installing Defender was straightforward as long as you're dealing with a more current operating system. On a post-2016 operating system, it's only a few mouse clicks. That's the beauty of the cloud. It arranges everything for you. The on-premise solution usually works the same. It's seamless. You activate the plan, select for which resource types you want to enable Defender, (including on-prem machines using Azure Arc) then hit "go." All that changes on older operating systems.

We had to create a design, test it, and get approval from management. We first tried it on a 2019 operating system, which was a piece of cake, but we faced challenges deploying it on 2008 and 2012 systems. That's why it ultimately took us three weeks to complete the deployment. If you don't have any older operating systems, it's quite effortless. 

We had four people working on the implementation, including three technicians. I was the only one from our Azure team, and there was another person from the workplace team who had access to the on-premise servers. He could log in to run some scripts and see if everything worked. We also had a project manager and a person from the client's team to test as soon as we were ready. 

I rate Defender for Cloud eight out of ten. It uses more resources than competing solutions, but that's the only issue. If you plan to implement Defender for Cloud, I recommend considering the operating systems you use. 

If there are a lot of Server 2008 and 2012 VMs, it might not be the best solution. It is still possible, but it's harder to monitor and manage. It's tricky to check if everything works. These issues don't exist as long as you use the 2016 version or above. 

There were many use cases. We were monitoring auto IT applications and creating internal processes to understand which ones were going to be allowed and which were going to be blocked. We created the policies internally. 

It's an IT tool to monitor employees' usage on the internet and of web apps. We created policies so that, for example, when employees reached certain websites, like games, they would be blocked. We created a message for the email that they would receive, and there were links for whom to contact if they needed to override it. We created all the processes behind it.

From a security perspective, it reduced the amount of risk for employees, contractors, and users who might try to go to dangerous sites, as we blocked them. It helped us to identify dangerous sites so that we could make decisions on blocking them or not.

The effect on time to detection using Microsoft Defender for Cloud was very positive. The policies we created were providing information as threats arrived. When someone clicked on a website or on a link that was dangerous, it detected that and our team was able to control the situation right away. It was very highly effective because they got a live notification as soon as it happened. It improved things very positively.

It also had a positive effect on time to respond. As soon as an alert was received or something potentially dangerous happened, a process behind the scenes that we created helped them to react immediately.

The first valuable feature was the fact that it gave us a list of everything that users were surfing on the web. Having the list, we could make decisions about those sites. 

Second, it tried to categorize the apps, from riskier to less risky, with a behind-the-scenes algorithm. Even though we didn't use that, it was a starting point for our first review of the applications. We started with the riskiest ones and decided whether each one should be blocked or not. The fact that it provided a risk rating was very valuable. 

And it's very easy to use. Those are the top three.

Six months to a year ago, which was the last time I used the solution, the algorithm that was designed to define whether or not a site is dangerous or not needed to be improved. It didn't have enough variables to make the decision. 

Another thing that could be improved was that they could recommend processes on how to react to alerts, or recommend best practices based on how other organizations do things if they receive an alert about XYZ. 

Also, the complexity in the amount of information for this process could be reduced to facilitate those of us who are implementing and using the system, and guide us as to exactly what is needed.

I used Microsoft Defender for Cloud for a year and a half.

The stability was very high. We never had any issues with it.

With Microsoft products, you can keep adding more information if needed. For the purposes of the tool, it covers everything.

We never used their technical support.

We didn't replace anything with this solution. It was something we added to what was already in place. Our threat department continued to use all the products that it had been using. This one was additional and brought more alerts.

The initial setup was straightforward because the platform was already in place. It comes with the system and you just activate it.

The first phase was creating all of the policies. Then we did a total review of the more than 10,000 apps and we started categorizing them in a different way than the tool does. It was a challenge because what the tool recommended was different from what we wanted to implement. We created our own policies.

We used a security consultant to help us, but that was for the processes we put in place, not for the tool, per se. It was along the lines of, "Okay, when we receive this, what do we do?" They helped us create policies and told us what the best practices are; everything that the tool doesn't give you.

It's very expensive in terms of the need to maintain it actively. You need a group of people in the organization to do the job because if the tool is sending information, a bunch of alerts on policies that we created, and nobody is reviewing it, it is doing nothing. Once you create policies, you have to have a very established group that, based on the design of all of the policies, will follow a process to take action on each of them. Some of them were very complex and some of them were very simple. Some of them were automated and others were escalated, depending on the danger. So it can be very complex, depending on how you implement it in your organization.

The tool doesn't solve the problem, it just gives you the information so that you can solve the problem. Solving the problem takes a lot of resources, a lot of time and, it turns out, money. So it's expensive.

I don't think it saves time because it discovers things that would never have been discovered in any other way.