We performed a comparison between Azure Firewall and Microsoft Defender for Cloud based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's helped us improve our security posture."
"Microsoft's technical support is very good. They're quite knowledgable and responsive."
"Performance and stability are the key features of this product."
"The solution can autoscale."
"The initial setup is straightforward; Azure Firewall does not have a complex implementation process. It is very simple; you just need to enable the service within Azure. It does not require any maintenance because it is managed by Microsoft, that is, it is a fully managed service."
"The feature that I have found the most valuable is the control over the network permissions and the network."
"The solution is stable."
"Network filtering is valuable. The scalability capability from the cloud-native service helps us a lot because it simplifies our day-to-day maintenance activity."
"The most valuable features of the solution are the insights, meaning the remediation suggestions, as well as the incident alerts."
"Everything is built into Azure, and if we go for cross-cloud development with Azure Arc, we can use most of the features. While it's possible to deploy and convert third-party applications, it is difficult to maintain, whereas Azure deployments to the cloud are always easier. Also, Microsoft is a big company, so they always provide enough support, and we trust the Microsoft brand."
"It has seamless integration with any of the services I mentioned, on Azure, such as IaaS platforms, virtual machines, applications, or databases, because it's an in-house product from Microsoft within the Azure ecosystem."
"One important security feature is the incident alerts. Now, with all these cyberattacks, there are a lot of incident alerts that get triggered. It is very difficult to keep monitoring everything automatically, instead our organization is utilizing the automated use case that we get from Microsoft. That has helped bring down the manual work for a lot of things."
"Technical support is helpful."
"The vulnerability reporting is helpful. When we initially deployed Defender, it reported many more threats than we currently see. It gave us insight into areas we had not previously considered, so we knew where we needed to act."
"The main feature is the security posture assessment through the security score. I find that to be very helpful because it gives us guidance on what needs to be secured and recommendations on how to secure the workloads that have been onboarded."
"The most valuable features of this solution are the vulnerability assessments and the glossary of compliance."
"It would be much easier if the on-premises, firewall rules, had some kind of export-import possibility in place, which is not the case right now."
"Azure Firewall definitely needs a broader feature base. It should be able to go all the way up to layer 7 when looking at applications and things like that."
"It has fewer features than you can get from other firewalls, like anti-spam and anti-phishing. Those kinds of things are not included. It only includes IDS and IDB."
"Azure has new versions including a premium firewall. But I would like to see them not put the premium features on Azure Firewall Premium alone because it is quite expensive."
"There are a number of things that need to be simplified, but it's mostly costs. It needs to be simplified because it's pretty expensive."
"Azure Firewall has limited visibility for IDPS, no TLS inspection, no app ID, no user ID, no content ID, no device ID. There is no antivirus or anti-spyware. Azure Firewall doesn't scan traffic for malware unless it triggers an IDPS signature. There is no sandbox or machine learning functionality, meaning we are not protected from Zero-day threats. There is no DNS security and limited web categories."
"There is room for further integration of AI into the system."
"For large organizations, a third-party firewall would be an added advantage, because it would have more advanced features, things that are not in Azure Firewall."
"Customizing some of the compliance requirements based on individual needs seems like the biggest area of improvement. There should be an option to turn specific controls on and off based on how your solution is configured."
"Another thing that could be improved was that they could recommend processes on how to react to alerts, or recommend best practices based on how other organizations do things if they receive an alert about XYZ."
"For Kubernetes, I was using Azure Kubernetes Service (AKS). To see that whatever is getting deployed into AKS goes through the correct checks and balances in terms of affinities and other similar aspects and follows all the policies, we had to use a product called Stackrox. At a granular level, the built-in policies were good for Kubernetes, but to protect our containers from a coding point of view, we had to use a few other products. For example, from a programming point of view, we were using Checkmarx for static code analysis. For CIS compliance, there are no CIS benchmarks for AKS. So, we had to use other plugins to see that the CIS benchmarks are compliant. There are CIS benchmarks for Kubernetes on AWS and GCP, but there are no CIS benchmarks for AKS. So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product. We ended up with two different dashboards. We had Azure Security Center, and we had Stackrox that had its own dashboard. The operations team and the security team had to look at two dashboards, and they couldn't get an integrated piece. That's a drawback of Azure Security Center. Azure Security Center should provide APIs so that we can integrate its dashboard within other enterprise dashboards, such as the PowerBI dashboard. We couldn't get through these aspects, and we ended up giving Reader security permission to too many people, which was okay to some extent, but when we had to administer the users for the Stackrox portal and Azure Security Center, it became painful."
"Microsoft can improve the pricing by offering a plan that is more cost-effective for small and medium organizations."
"I would like to see better automation when it comes to pushing out security features to the recommendations, and better documentation on the step-by-step procedures for enabling certain features."
"Another thing is that Defender for Cloud uses more resources than CrowdStrike, which my current company uses. Defender for Cloud has two or three processes running simultaneously that consume memory and processor time. I had the chance to compare that with CrowdStrike a few days ago, which was significantly less. It would be nice if Defender were a little lighter. It's a relatively large installation that consumes more resources than competitors do."
"Sometimes, it's very difficult to determine when I need Microsoft Defender for Cloud for a special resource group or certain kinds of products. That's not an issue directly with the product, though."
"Consistency is the area where the most improvement is needed. For example, there are some areas where the UI is not uniform across the board."
Azure Firewall is ranked 14th in Microsoft Security Suite with 33 reviews while Microsoft Defender for Cloud is ranked 2nd in Microsoft Security Suite with 46 reviews. Azure Firewall is rated 7.2, while Microsoft Defender for Cloud is rated 8.0. The top reviewer of Azure Firewall writes "Easy to use and configure but could be more robust". On the other hand, the top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". Azure Firewall is most compared with Fortinet FortiGate-VM, Palo Alto Networks NG Firewalls, Palo Alto Networks VM-Series, Fortinet FortiGate and Check Point NGFW, whereas Microsoft Defender for Cloud is most compared with AWS GuardDuty, Prisma Cloud by Palo Alto Networks, Microsoft Defender XDR, Wiz and Microsoft Sentinel. See our Azure Firewall vs. Microsoft Defender for Cloud report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
