Microsoft Defender for Cloud Reviews

Defender for Cloud is used for scenarios, including internal threats, threat hunting, in-depth analysis, and scanning the environment. We don't use Microsoft Defender for ATP or Sentinel for our security score, we have a third-party solution.

Defender helps us evaluate our security posture and make it more secure by providing a wider overview of endpoint security and anti-malware technology. We have greater visibility into all the activity happening within the infrastructure and better oversight.

It helps us catch threats that we wouldn't have noticed and also enables us to be more proactive. For example, we can run a script within the environment and provide better insights. Defender increased the efficiency of our SOC by around 65 to 80 percent.

At my previous company, the environment was 100% cloud, so having a cloud-native solution was critical. Also, in a cloud environment, you are exposed to many users with different user behavior patterns also, so it's good to have UEBA features that look at patterns in user behavior.

The unified portal provides a gap analysis of what's going on across the environment with users, and what they do across the environment every day. Having that single pane of glass is essential.

Defender is occasionally unreliable. It isn't 100% efficient in terms of antivirus detection, but it isn't an issue most of the time. It's also somewhat difficult to train new security analysts to use Defender.

I used Microsoft Defender for two years at my previous company.

Defender for Cloud is stable.

Defender for Cloud is scalable. It's easy to use and manage for large environments.

When I joined my last company, they were already using Defender. However, I've worked at several companies that use other solutions such as ESET, CrowdStrike, etc. I've previously worked with EDR and XDR solutions. 

I've done a couple of POCs for Microsoft Defender with the company, and the process is always the same. We don't deploy everything into live environments. It is deployed to a testing environment. After we test a couple of times, we undergo a complete training process. Finally, we organize and deploy it to a section of the company. We usually deploy one segment at a time, like finance, marketing, etc. 

If you have ATP Defender, you must set up a data lake. After deployment, there isn't much maintenance on our end besides managing the logs. You must create scripts for your use cases to inject into the solution. The deployment team typically consists of two people from security, two from infrastructure, and the service desk manager. 

I don't typically handle the licensing. I do POCs and product evaluations. However, I know that Defender for Cloud is packaged with other Microsoft solutions. Most people with Defender ATP also have the E5 or F5 license. It comes with the package, so you only need to activate and configure the solution.

I rate Microsoft Defender for Cloud a seven out of ten. Most of the time, it isn't the most advanced antivirus software on the market. It isn't a highly complex solution. It's something that a lot of analysts can use. Defender gives you a broad overview of what's happening in your environment, and it's a great solution if you're a Microsoft shop. 

I have a highly specific use case for Azure Defender, so I don't think I've used most of its features. We primarily use it to secure Kubernetes clusters in other cloud environments. For example, I have Kubernetes in Amazon AWS, and we're trying out Azure Defender to protect those Kubernetes clusters.

We also use Defender to scan the image repositories held in Azure Container Repository or ACR. We use Defender plus Azure ARC and Windows Defender. All three products work in conjunction to give us some security insights into our cluster.

We haven't fully implemented Azure Defender yet. Right now, we're at the POC stage. However, if people have a genuine use case, they should see its value, especially because of its cross-cloud compatibility. I don't think any other tool provides the same cross-cloud compatibility as Azure Defender combined with Arc, so that's a significant selling point for this product.

The security scorecard is something I find helpful. It tells me what's missing and identifies new vulnerabilities inside my registries. Once I publish the image, the scorecards automatically update. I don't need to constantly run a security scan for my images because the scorecards are updated by Azure periodically. That makes my job easier.

I haven't been using Azure Defender for long. It's been around three months. 

Overall, Azure Defender's availability is excellent. However, the Kubernetes security is a new offering that is still under development, so the service's availability and support are not mature at this point and definitely need improvement.

I rate Defender's scalability about eight out of 10. If you compare Azure Defender to a similar product AWS offers, there isn't much difference in scalability. The solution is able to accommodate all your requirements. I don't think I have ever reached a point where the solution couldn't scale to meet my needs. 

I deduct two points because you incur more costs as you increase usage, so it's more expensive when you have lots of logs flowing into the system. That is why I rate it eight. Otherwise, I don't see any technical issues there.

Azure's system could be more on point like AWS support. For example, if I have an issue with AWS, I create a support ticket, then I get a call or a message. With Azure support, you raise a ticket, and somebody calls back depending on their availability and the priority, which might not align with your business priority. 

I can't talk about Microsoft support generally, but I can speak to my experience specifically with Azure Defender support. I would rate it five out of 10. Maybe it's because this is a product that Azure is still developing on the side. I don't think they have made Azure Defender for Kubernetes available to the general public yet, so that could be why their support is not up to par. I don't know the reason, but I haven't had a good experience with the support.

It is just a POC, so I don't have many endpoints. The whole setup took three days for around 10 endpoints. They have an agent-based security system. It's always complex because you need to deploy the agent to all endpoints which is a lot of work to get it set up. 

We have still have not decided to implement Azure Defender because we are also trying out other products in the same line. Once the RFP process is finished, we will know which one we'll implement.

Azure Defender is definitely pricey, but their competitors cost about the same. For example, a Palo Alto solution is the same price per endpoint, but the ground strikes cost a bit more than Azure Defender. Still, it's pricey for a company like ours. Maybe well-established organizations can afford it, but it might be too costly for a startup. They should try some open-source tools. That's how it is today.

Compared to other products, Azure Defender's main advantage is native integration with all Azure services. If your company uses Active Directory and builds everything on Azure, you get it as a complete package. There's no need to buy another tool and set it up in your cloud environment. 

Everything is built into Azure, and if we go for cross-cloud development with Azure Arc, we can use most of the features. While it's possible to deploy and convert third-party applications, it is difficult to maintain, whereas Azure deployments to the cloud are always easier. Also, Microsoft is a big company, so they always provide enough support, and we trust the Microsoft brand. 

I rate Azure Defender eight out of 10. If you're looking for standard Azure Defender services like cloud posture management or application security, these features are all highly mature. Defender also has newer capabilities that they recently introduced, such as endpoint security, cross-cloud integration with Azure Arc, and Kubernetes runtime security. 

These are all new services, so potential users need to think twice before buying into it solely for these features because I don't think the support is there to encourage customers to buy the product. I don't feel confident about Microsoft's support in these particular areas. I would exercise caution before buying Defender for these particular use cases. 

We use Microsoft Defender for Cloud security, including endpoint detection and response, and user monitoring. We utilize every feature and functionality that Defender provides.

The threat detection capabilities of Microsoft Defender for Cloud have positively impacted our overall security posture. We can sleep soundly at night knowing that it is causing the system.

The most valuable features are the monitoring of users, endpoint detection and response, and the adaptability of the AI threat intelligence engine, which quickly adapts to customizations.

The pricing could be better. Additionally, while Microsoft Defender for Cloud adapts well to customizations, it does generate a lot of false positives if the agent is not running. We would also appreciate portion management specifically for Microsoft 365.

We have been working with Microsoft Defender for Cloud for three years.

Most of the features are in preview, which sometimes causes issues, but overall, it works well.

Microsoft Defender for Cloud is highly scalable. We have not faced any challenges with scalability.

Microsoft's documentation is very comprehensive, resolving 95% of issues. Thus, we haven't had much need to engage their support team. The documentation is sufficient for resolving most issues.

Positive

We handled the installation in-house with a team of two engineers.

The solution is subscription-based, and while it is generally affordable, there are often hidden costs. The overall pricing could be more competitive.

I highly recommend the product due to its comprehensive features and easy management, especially if your stack is on Microsoft. I'd rate the solution eight out of ten.

We use Microsoft Defender for Cloud for our cloud security.

I like Defender's bidirectional sync. It's a behind-the-scenes feature, but it's very important. I like how it's integrated with and collaborates with other products by design. This is especially true between Sentinel, Security Center, and Defender.

The entire Defender Suite is tightly coupled, integrated, and collaborative. This allows me to have more flexibility in the roles and responsibilities of my teams, the access to their tooling, and the ability to report accurately on the current threat posture. For example, if I have Sentinel and CloudApp, and someone closes an incident in CloudApp, it will also close in Sentinel. However, if I had CloudApp in Splunk, this would not be the case. This integration is what I like.

The documentation could be much clearer. I also think that Microsoft should stop rebranding everything constantly. I'm tired of every name changing every 90 days. It's ridiculous. I understand that they're coupling tools together but look at AIP. It has had over 14 names in the last five years. That's absurd. Microsoft needs to stop rebranding everything and stick with one brand. They can build them out from there.

I like the fact that the dashboards are integrated, but I don't like that the CloudApp is now mapped to the Security dashboard. I hate that. I should be able to map dashboards myself. Having one dashboard is great for some people, but I have people who do Endpoint Management and they don't do Incident Management. They're two different groups. I should be able to send them to different portals if I want to. They're not all working out of the same portal. I do like that the dashboards have the option to be put into one portal, the Security portal, but I don't like that now I have to figure out where Microsoft moved everything. I liked it better when they were separate, so I could isolate and assign groups to each tool. Now that they're putting all the portals together, it's more complicated. I like the idea of a single pane of glass, but I think they're adding too much change too quickly without explaining the main purpose or mission of each product. And they're not making a clear distinction between them. When we put them all in one portal, it just adds more confusion. For example, in CloudApps, I see incidents in the "Incidents" section, but in the new Security portal, incidents are not in the CloudApp section. People don't need to search for stuff. They knew how to do it before. Microsoft needs to stop changing things so often. I believe in change, but not every other month.

Defenders threat intelligence is useless, I think, because it didn't see SolarWinds coming. After SolarWinds, if we even mention their analytics and threat intelligence, it's just evidence that it doesn't exist. It didn't even see SolarWinds coming. The only value I see in their threat intelligence, from a marketing perspective, is that it allows me to leave logs in their native location and tell clients to leave them longer. So if they find something like SolarWinds later on, they can go back and look through older logs and find it again. After SolarWinds, I'm not impressed at all by anything Microsoft says about their multi-billion dollar login.

I have been using Microsoft Defender for Cloud for over ten years since it was part of the Defender Suite.

We have not had any complaints from our clients about the stability of Microsoft Defender for Cloud.

I've questioned Microsoft's claims about the scalability of Defender for Cloud. I don't think their claims are accurate. I don't think we could scale Defender for Cloud to the level that Microsoft claims. Microsoft tells me that I could let my Log Analytics scale, but I think there must be a limit.

We have always had good experiences with the technical support through the portal.

Positive

The deployment is easy as long as we understand the licensing and what we are doing. The deployment was completed as a team.

Our clients complain about the cost of Microsoft Defender for Cloud. Microsoft needs to bring the cost down. What we're doing to their detriment is simply lowering the amount of log retention we're keeping, which is not what I want to do. Storage is so cheap in every other aspect of Azure except for Log Analytics, which makes it even more difficult to explain to clients why we're charging them so much for terabytes of storage. In comparison, data lakes and storage accounts store terabytes of data for much less cost.

I would rate Microsoft Defender for Cloud eight out of ten, mostly because of documentation and availability of information. The difference between the Azure Active Directory Premium P1 and P2 licenses lies not only in their capabilities but also in the amount of logging that is performed for each user. I need to know what is and is not being logged, and which security events are not being logged. I can't find a list of these events anywhere. What is the difference between a one-year retention license and a 180-day license? What additional logging is performed with the one-year license? Microsoft has mentioned that advanced auditing is occurring, but I don't know which events they are getting. I would like to see a list of all the events that are logged, from least to most. This list would probably look like a triangle, with a few items at the top and more and more items as we go down. I would like to see this list for both the AAD Premium P1 and P2 licenses. I can't get this list. My client has asked me what events we are not capturing, and my answer is that I don't know because I can't find it. Microsoft won't give me a list of the events that are logged, either. They can only reference the services that the events map to. I want to know the events. The uncertainty and doubt around this is a security feature. Microsoft is trying to make me buy the product because they know that if I get hacked, I could be liable for malpractice. But I'm not going to buy it without more details. I'm very upset that they didn't provide more information.

We use Defender for network security.

Defender for Cloud is easy to use and enables us to automate routine security tasks. We save a few hours each week. Defender's single dashboard helps us centrally manage security operations and detect threats faster.

Defender is user-friendly and provides decent visibility into threats. We use multiple solutions in the Microsoft security suite, including Sentinel and Defender for Endpoint. They integrate smoothly to offer coordinated detection and response. 

Sentinel ingests data from our entire environment, allowing us to manage everything from one place. We don't need to go to multiple places to find information. Sentinel's capabilities are quite comprehensive.

Microsoft Defender could be more centralized. For example, I still need to go to another console to do policy management. 

I have used Defender for Cloud for two years. 

I rate Microsoft Defender an eight out of ten for stability. It's highly stable.

Microsoft Defender is scalable. 

I rate Microsoft support an eight out of ten. It isn't too bad. 

Positive

Setting up Microsoft Defender is straightforward. It took us around a month to get it fully deployed. Most of the implementation consisted of onboarding. It doesn't require much maintenance after deployment because it's a cloud solution.  

I don't think we've saved more money than we've spent. Defender is expensive, but we might see a return in the long run. 

I rate Microsoft Defender a three out of ten for affordability. The price could be a little lower. 

I rate Microsoft Defender for Cloud an eight out of ten. Getting all your security solutions from a single vendor makes things easier to manage. However, the Microsoft security suite is quite expensive.

We use Microsoft Defender for Cloud as one of the sources for our Azure environment. We have a managed detection response solution, and we add data sources to it, like SOC, SIEM, and SOAR solutions. We also want to have data in our Azure cloud environment.

We deploy this solution in multiple regions like Europe and Oceania.

We have multiple solutions like our data analytics platform and our system development platform. Our web shops use it. Almost everything is in the cloud.

We have approximately 2,000 end users.

The solution is deployed on the Microsoft Azure cloud.

The solution helps our teams to be more aware of security and protects our environment.

Most importantly, it's an integrated solution. We also use Defender for Endpoint. For Office 365, we use Defender for Identity. 

We have integrated some of these products into our MDR solution. It's not a Microsoft Sentinel SOC, but we have a SOC/SIEM from a third party.

It's really easy to integrate because it's just an interface, a Microsoft Graph security API. We can collect all the data and forward it to our solution.

This solution is for detection and response, so it helps us prepare for potential threats. We have special teams for threat hunting the data.

We use this solution for extra security in our environment. We secured our Azure cloud environment with firewalls and application gateways, but we also want to have trust in our resource groups. That's an extra line of defense for our security.

We don't use the interface a lot because we use it as a data source for our MDR solution. The MDR solution is our main interface.

These solutions work natively together because we don't just use Microsoft products as a data source. We use all kinds of security products as data sources, like our firewalls, gateways, and event collections from Windows and Unix.

Threat protection is comprehensive and simple. We have an enterprise agreement with Microsoft itself, but we also have CSP contracts with several parties, so we can easily get the licenses we need. It's very easy to install.

Sometimes it's very difficult to determine when I need Microsoft Defender for Cloud for a special resource group or a special kind of product.

In Defender for Endpoint, the software is capable of acting immediately if something occurs. If an attacker wants to encrypt the disc, for instance, we're able to react immediately. I don't know if Defender for Cloud has the same capabilities.

I have used this solution for about a year and a half.

At the moment, I think it's a very stable solution. We haven't had any problems with it.

It's scalable.

From Microsoft's perspective, it's fine. We don't have any issues at the moment.

I would rate technical support an eight out of ten. 

The initial setup is straightforward. It took 10 seconds.

We have a Cloud Security Provider, so I don't know how much time they spent on deployment.

The solution hasn't required any maintenance yet. We are trying to innovate each solution. It's an ongoing business process to innovate.

We haven't seen ROI yet, but we plan to. The first sign is safety first. Safety will cost money, so it shouldn't be too much.

Pricing is difficult because each license has its own metrics and cost.

We evaluated other options. We have a lot of other products like McAfee, but we are changing everything to Microsoft Defender.

We decided to switch because we want to have an overall standard that's enterprise-wide so that everything is easier to manage and the data it delivers is all the same. We wanted to have one view of everything.

I would rate this solution an eight out of ten because we don't use all of the capabilities yet. At the moment, we still only use the data sources. I'm happy with it so far.

Instead of a single vendor security suite, I like having at least two so that they can challenge each other.

Microsoft Defender helps us prioritize threats across our enterprise, but we only prioritize our high-risk resources with Defender products.

It's difficult to say if the solution saved us time because we use it for our Azure cloud environment, so we're working in the cloud.

At the moment, we're not saving money. The solution costs our company money. It's like having insurance: It doesn't save costs, but it might save us costs if something happens. It's about risk.

It hasn't decreased our time to detect and respond yet, but it should be because we have our data source on Endpoint and in the cloud. It's an integrated solution. When we find something anywhere, we can act everywhere. We have more possibilities.

I work on micro-segmentation for my master's thesis, and I was looking for ways to implement micro-segmentation using Defender. I work on the assumption that small businesses can't implement expensive virtualization solutions, so I'm looking for alternatives to implement micro-segmentation for their network security.

I use the latest version of the solution.

It's a test deployment. I created the entire network. It's more like a laboratory setup.

The solution does what I want it to do. If you're already on Microsoft, this solution comes bundled with it. It's seamlessly integrated, and it improves security because I can determine who can access what applications and who or what my applications communicate with. It improves the transparency and visibility of the traffic in and out of the network of each workload on my system.

The benefits were realized almost immediately.

Compared to other products, it hasn't helped save SOC time or increase efficiency. I'm focused on micro-segmentation, so compared to other products, it wasn't built for that, but it can be adapted to it.

I'm not sure that the effect on my overall time for detection can be measured, but for non-threats, it's almost effective. The notification system is effective too. It lets me know as soon as there's a problem.

I use this solution to natively support Azure. It works seamlessly on the Azure platform because it's a Microsoft app. Its setup is similar, so if you already have a Microsoft account, it just flows into it.

It's very important to me that the solution has the ability to protect hybrid and multi-cloud environments. 

I'm looking to implement the solution in SMEs that might use different environments. Most SMEs don't have the resources to own their infrastructure entirely, so I can't really predict what environment they will be used in, therefore, I need a solution that is flexible enough to work in multiple environments, both online and offline. The only limiting factor is that I can not this solution use on platforms that aren't Microsoft.

The single pane of glass view is very important for me. It's great to be able to see everything at once and go where I need to very quickly. It's also easy to use if you've used any Microsoft product before. It allows me to see everything I want at a glance. I didn't think it was important until I started to use it, and then I realized how convenient it was.

For micro-segmentation, the unified portal has had an effect on my cloud security posture, but it's a lot of work because I have to configure the rules individually. It's difficult to compare this solution to a product like NSX or any other specialized micro-segmentation product, but because I'm trying to get a solution for small businesses that have about 10 PCs or 10 systems at the most.

It effectively defends against known threats. It also updates regularly, so the threat signatures are updated regularly, but I don't know how often the database is updated on Microsoft, so I can't really quantify its effectiveness against either zero-day threats or new threats.

I've only tried it on Azure cloud and it's effective. I've only used it on a single-cloud structure.

Right now, I'm setting rules for incoming and outgoing traffic for different applications.

From my own perspective, they just need a product that is tailored to micro-segmentation so I can configure rules for multiple systems at once and manage it. Instead of having to set up individual rules for individual applications, there should be a system that can allow me to set up multiple rules at once and can automatically update the rules as the infrastructure changes.

The solution is stable.

In general, the scalability is good. It wasn't built for my use case, which is micro-segmentation. If I had 100 systems, it would be a lot of work for me.

I have not had to call or get in touch with them, but there's a lot of documentation online. I've found a lot of what I need without having to contact anyone.

The documentation is excellent. There's a lot from Microsoft and other providers. I think it's a fairly popular system.

It was straightforward. I was the only person that deployed and tested the solution.

Initial deployment took a day, but the initial configuration rule setting took a while because it was my first time using the system.

The first step was to set up the cloud, install some test applications that I needed to protect, and then configure rules for traffic between the applications, and then between the application and external networks.

The solution doesn't really require any maintenance. It's fairly automatic. Once it's up and running, it pretty much works.

The cost is fair. There aren't any costs in addition to the standard licensing fee.

I didn't evaluate other options because I use this solution for thesis research. I researched which solution was the most used cloud and picked Azure.

I would rate this solution six out of ten. 

As a perimeter defense system, I would rate the solution a seven. As a micro-segmentation system or application, I would rate it a four.

As a perimeter defense solution, it's excellent. As a micro-segmentation product, it's not so great, especially if you have a lot of systems. It's not the product's fault because I don't think that's what it was built for.

We use the solution internally.

Azure Security Center works with Azure Defender. Azure Defender is used for identifying the vulnerabilities and loopholes inside our system that we can deploy on multiple layers either from the subscription level, the source level, or on the devices. You can connect multiple devices to this. That's not specific to only servers. You can connect with ER80 as well as SQL servers. Most of the services are covered within the Microsoft Defender.

We find two things inside the Azure Security Center to be quite valuable. One is the recommendations, and the second is the regulatory compliance. Both help to keep everything running smoothly. This will give you the security score as well. You can try to get the highest security score, which is 100%. You can get there just from the recommendations from Microsoft. Not all the recommendations will be applicable on the enrollment side.

Regulatory compliance is PCI compliance. There are multiple compliance options you can follow.

Azure Defender helps improve our security posture. You enable it for each and every server. It is a monthly-based subscription and about $15 per month per server. You can see right on there that the vulnerability is automatically run with the help of a Messages scanner. Messages is running behind Azure Defender. It automatically runs and scans, and that will show up on your portal. You do have to take any necessary steps to run recommendations. Either you can see if any energy port is open, for example, if RDP is open, it will realize, “Okay, just close RDP for outside work." These kinds of recommendations are very helpful from the Azure Security Center.

You have inventory on Azure Security Center, as well as Workbooks. You can create Workbooks. These are automatic playbooks where you can see the entire dashboard. If you prepare a monthly report, or a weekly report, it's better to create it in Azure Security Center instead of Workbooks with the help of JSON, or use drag and drop as an option. That will help you to keep updated more on things.

Inside Azure Security Center, with Workbooks, you can create your own workbooks according to your users. If you have a system update setting inside Azure, with the help of an automation account, if you click it, inside the system update Workbook, you can see all the systems which are taking updates. If that is updated, you can see whether the system is compliant with updates. All the reports are visible. You can see reports on the basis of subscriptions or on the basis of resources if you want.

Azure Security Center does not affect the end-user experience in any way. End users don't feel its presence in the organization.

The solution offers collaborative services. If you enable Azure Defender for servers or any services, basically, you can automatically subscribe for Azure Defender for Endpoints, which is easy.

You can install the EDR on each and every server. That will give you all of the process logs and what a user is doing. You can tell if a URL is open on your system, for example.

You can remediate with automation as well if you want to. That's for malware or any malicious files if they are present on the system. It will detect using the intelligence of the Defender Endpoint. You can take hybrid action on an alert, you can take a fully automated action, or you can take 100% manual action.

With Defender Endpoint, if you find out if one system is compromised, you can actually separate it from the network. If you have to deal with ransomware. If one system is affected by ransomware, you can remove the system from the network.

There is a security alert inside Defender that's per the recommendations and activities that happen inside your network. You will see security events there. If you do not have any other SIEM solution in your environment, you can leverage this. 

The team is already working on one of the latest features, which is having migration techniques right on the portal available. It's possible to use it now. That's one good new feature.

For MIM, they are still improving things on Azure Security Center. There are a few flaws in backend technologies. If you do not have the correct access to the system, you cannot access the files and most of the reported resources.

For example, a general huge storage account, which is exposed for public access. If there are ten storage accounts available, you can see the names. You can identify, those storage accounts that are supposed to be accessed from the outside, maybe, due to some feature happening behind the scenes on a storage account, and these are supposed to be exempt from the portal. You shouldn't see them again and again and this should not affect your security score overall. However, they are not easily exempted from the portal. There's no way to exempt them properly.

You cannot create custom use cases. You can use what is already present on the Microsoft side in terms of security alerts. You can, however, customize whitelisting for alerts.

I've been using the solution for four years now. For one year, I have been working as an architect on Azure Security Center.

The stability is 99.9%. I never have seen any failure. Sometimes you find the service is slow. However, that could be related to an internet connection or something else. Every service has downtime. There is very, very minimal downtime here. I haven't faced any challenges in four years.

The scalability is very good. You don't need to put any extra agent or anything from your side. Everything is automated. It's the easiest security feature, which you can get from Microsoft.

For every project, an architect from the Microsoft side is assigned to the team. You can directly connect with them. You can also create a technical ticket. They will respond immediately. If the issue requires a certain level of severity, you will get a call directly. If it's not as serious and they email you, however, you do not respond to their email, they will call you. Otherwise, they will keep communicating via emails.

I'm in India. When I open a ticket, it may be assigned to the Indian parties and they take time to remediate your problems. If I am routed to the senior team of Microsoft, they won't take much time. They give you new solutions quickly. It's a good thing. 

We do use Azure Sentinel. I'm also familiar with Google Cloud Platform, GCP. It's a bit complex as the structure is not as good as Microsoft. Microsoft, from top-down, offers a management group, subscriptions, and tenants under one group. Inside that resource group, you will find resources. That is easy. On the other hand, inside GCP, there are folders inside folders. Then you can create multiple folders inside one folder. That makes things very complex. There are not too many security solutions available on GCP. I do not have too much experience with GCP, however, given the experience I have, according to that, GCP isn't as good.

You can handle many things on Azure with the UI. There's no need to go for the PowerShell if you don't know it. If you know PowerShell best, you can use it if you want to. If you want any report from the GCP, however, you'll have to first understand the shell scripting. It's hard to find projects due to the way GCP is laid out. There's too much complexity.

The solution is very easy to deploy. This is automatically installed on the Portal. There is no need to install anything on the Portal. There are just a few buttons inside the settings if you want to enable the Defender, et cetera. That will automatically install on all the servers. The agents are already present.

The solution takes six seconds to deploy. If you are on the Portal, you can do it in seconds. The first remediation will show within 30 minutes due to the fact that the scan takes time. The message takes a little bit of time to scan the entire infrastructure. That completely depends on how big a company's infrastructure is.

If there is another service, such as Azure Sentinel, you need to install agents on all the machines. If there is a Linux machine, you have to install the OMS agents. However, that's not the case over here.

One person can easily handle maintenance. A single person handles both Azure and Sentinel. Ours is a small environment. 

In terms of ROI for Azure Security Center, the solution offers basic security features, which Microsoft is providing. That's the main thing. There's no need to go and get any technical team to handle anything. If you know a little bit about the security, you just go and toggle the button and you install it on all the servers and services. With this product, you will start getting recommendations and security alerts. 

In contrast, if you go on any other products, you need a specialized team for security, especially. You need a complete specialized team for different services and for different actions. It's better to use Azure Security Center. There's no need to go and install anything and it's offering good security.

The licensing cost per server is $15 per month. This is the same for SQL which is also $15 per server. It covers the Defender licensing as well. According to my experience, it's a good deal.

I worked on all the Defenders, ten now, and, right now, we are more focused on Azure Defender, which is a part of the Azure Security Center on the Azure Portal. Defender is actually deployed on servers including other staff services, second path services, servers and community, and SQL databases. On each of these, you can deploy Defender.

This product is a Saas solution that is automatically updated from the Microsoft side. Any clients will not need to update manually.

If you have a hybrid cloud network or hybrid environment inside your organization, this solution will still work for you.

I'd rate the solution at an eight out of ten.

When it comes to Microsoft, the education surrounding Azure services and training is very easily available online without having to make any calls. If you want to join their webinars, you can join. If you want to get any certification, it is almost free for everyone. For a student they offer the training at 50% or 40% of the cost, or if you work at a good company. I did not pay anything for any certification. I have eight certifications from Microsoft.