We performed a comparison between Azure Bastion and Microsoft Defender for Cloud based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most significant advantage lies in its runbook features, particularly beneficial for our infrastructure team."
"The product's setup is easy."
"Azure Bastion makes it easy to provide quick virtual machine access to our customers."
"The interface is available in the edit portal."
"It provides all the security to us. Without getting on the internet, we can access our servers. We can access our desktop through our web browser. We don't need to run the mstsc command and login to the VM. All those things are not required."
"The connection to virtual machines is very useful."
"The ability to operate the product with scripting is excellent."
"As an Azure consultant, for me, it is the best way to give the administrator access as you can manage the permission - including who can access Bastion."
"The most valuable feature is that it's intuitive. It's very intuitive."
"When you have commissioned Defender, you have these things visible already on your dashboard. This gives the efficiency to the people to do their actual work rather than bothering about the email, sorting out the email, or looking at it through an ITSM solution, whey they have to look at the description and use cases. Efficiency increases with this optimized, ready-made solution since you don't need to invest in something externally. You can start using the dashboard and auditing capability provided from day one. Thus, you have fewer costs with a more optimized, easier-to-use solution, providing operational efficiency for your team."
"When we started out, our secure score was pretty low. We adopted some of the recommendations that Security Center set out and we were able to make good progress on improving it. It had been in the low thirties and is now in the upper eighties."
"The vulnerability reporting is helpful. When we initially deployed Defender, it reported many more threats than we currently see. It gave us insight into areas we had not previously considered, so we knew where we needed to act."
"Everything is built into Azure, and if we go for cross-cloud development with Azure Arc, we can use most of the features. While it's possible to deploy and convert third-party applications, it is difficult to maintain, whereas Azure deployments to the cloud are always easier. Also, Microsoft is a big company, so they always provide enough support, and we trust the Microsoft brand."
"Defender lets you orchestrate the roll-out from a single pane. Using the Azure portal, you can roll it out over all the servers covered by the entire subscription."
"The technical support is very good."
"The product has given us more insight into potential avenues for attack paths."
"While general support is valuable, having a detailed breakdown of the specific issues would contribute to a more streamlined and efficient resolution process."
"There are some challenges because Bastion is more compatible with Edge but not with the other browsers. As an organization, it doesn't make sense that we have to use only Edge. We should be able to access Bastion over Chrome, Mozilla, or Opera. It should be our choice."
"You are charged for retrieving your own data."
"The protocol speed could be faster."
"The solution breaks down sometimes."
"We are not able to copy and paste files directly into the server over the patch host. We have to transfer files over to Azure Storage."
"When you have a boot issue on Windows, you cannot use Azure Bastion to fix it. You have to use the Azure console or the VM console, and it is very limited."
"Microsoft can improve the pricing by offering a plan that is more cost-effective for small and medium organizations."
"It needs to be simplified and made more user-friendly for a non-technical person."
"From my own perspective, they just need a product that is tailored to micro-segmentation so I can configure rules for multiple systems at once and manage it."
"The solution is quite complex. A lot of the different policies that actually get applied don't pertain to every client. If you need to have something open for a client application to work, then you get dinged for having a port open or having an older version of TLS available."
"Another thing is that Defender for Cloud uses more resources than CrowdStrike, which my current company uses. Defender for Cloud has two or three processes running simultaneously that consume memory and processor time. I had the chance to compare that with CrowdStrike a few days ago, which was significantly less. It would be nice if Defender were a little lighter. It's a relatively large installation that consumes more resources than competitors do."
"For Kubernetes, I was using Azure Kubernetes Service (AKS). To see that whatever is getting deployed into AKS goes through the correct checks and balances in terms of affinities and other similar aspects and follows all the policies, we had to use a product called Stackrox. At a granular level, the built-in policies were good for Kubernetes, but to protect our containers from a coding point of view, we had to use a few other products. For example, from a programming point of view, we were using Checkmarx for static code analysis. For CIS compliance, there are no CIS benchmarks for AKS. So, we had to use other plugins to see that the CIS benchmarks are compliant. There are CIS benchmarks for Kubernetes on AWS and GCP, but there are no CIS benchmarks for AKS. So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product. We ended up with two different dashboards. We had Azure Security Center, and we had Stackrox that had its own dashboard. The operations team and the security team had to look at two dashboards, and they couldn't get an integrated piece. That's a drawback of Azure Security Center. Azure Security Center should provide APIs so that we can integrate its dashboard within other enterprise dashboards, such as the PowerBI dashboard. We couldn't get through these aspects, and we ended up giving Reader security permission to too many people, which was okay to some extent, but when we had to administer the users for the Stackrox portal and Azure Security Center, it became painful."
"After getting a recommendation, it takes time for the solution to refresh properly to show that the problem has been eliminated."
"The documentation could be much clearer."
Azure Bastion is ranked 17th in Microsoft Security Suite with 8 reviews while Microsoft Defender for Cloud is ranked 2nd in Microsoft Security Suite with 46 reviews. Azure Bastion is rated 8.8, while Microsoft Defender for Cloud is rated 8.0. The top reviewer of Azure Bastion writes "Has good scalability and provides secure access to the virtual machines ". On the other hand, the top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". Azure Bastion is most compared with Azure Firewall, Azure Front Door, TeamViewer Remote Management, Microsoft Sentinel and Microsoft Entra ID, whereas Microsoft Defender for Cloud is most compared with AWS GuardDuty, Prisma Cloud by Palo Alto Networks, Microsoft Defender XDR, Wiz and Microsoft Defender for Endpoint. See our Azure Bastion vs. Microsoft Defender for Cloud report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.