My advice would be that an organization should assess where they are today and then map out what do they want from a cloud access security broker product. After that, they should decide whether MCAS or another product meets their requirements. This is important because you may have all the things in terms of interoperability and a solution may be the best fit from an operational perspective, but if all of the requirements are not met, you may end up using multiple products. Therefore, an organization must assess its current IT infrastructure, where do they want to go, and what are the key requirements from a regulatory and IT governance standpoint. They also have to make sure they have the right skillset in the market. For example, in Singapore, if I want to implement Google Cloud, the skillset is very less as compared to the skillset for AWS.

From a vendor perspective, you should assess the reputability of the vendor and what kind of capability the vendor provides. For example, it's very obvious that Microsoft is very good at integrating its own products. They have now also started to integrate with others. These are some of the aspects you should consider before making a decision between product A or B. There is no magic silver bullet.

From a security standpoint, overall, it has satisfied 80% of our requirements in terms of regulatory and bank standards. For 20% of our requirements, we still need additional products or features. They are currently not really there, and we are trying to find the solution for those gaps. In general, MCAS has a long way to go. It is definitely a good product that integrates with Office 365 Suite very well, but from a capability perspective, other products such as SkyHigh, McAfee, or Symantec have more features. It has the potential. A lot of features are lined up in MCAS, and eventually, they'll be there. These features are mentioned on Microsoft's website, and they are in development. I am looking forward to those.

In terms of data governance, we have a very good tool, and we just need to focus on how to govern the data, DLP policies, etc. We don't have to bother about the physical data center, physical network, or physical host. The entire layer below the server is gone, and we just have to focus on the identity and security aspects. We just need to focus on what kind of security we need to put and which policies do we need to implement. We get better visibility by focusing on the key client endpoints by using MCAS. The team is now really focused. Previously, every day, teams used to come up with issues like, "Network has this problem. Data has this problem, and Host has this problem." Now the focus is, "Hey, this MCAS DLP isn't doing the job." The focus is more on the product's capability.

I would rate Microsoft Cloud App Security a seven out of 10.

I would rate Microsoft Defender for Cloud Apps a nine out of ten.

Compared to other stand-alone SIEM and SOAR solutions, Sentinel is superior. It covers on-premises applications as well as cloud applications. Therefore, it is efficient, fast, reliable, and user-friendly. We do not experience any lag in performance, regardless of the number of queries we run. If we prepare 30 to 40 lines of query to search for data from the past 30 or 90 days, it will return the results in a reasonable time.

Microsoft Defender for Cloud Apps offers a longer retention period of up to 90 days for compliance purposes, compared to other solutions that only offer 30 days. The logs are also available for one year. This means that if an auditor needs to see data from the past six months, such as what critical operations were performed or which sensitive applications were accessed, we can easily access the logs and provide the evidence. This is beneficial from a compliance perspective. In addition, Defender for Cloud Apps is user-friendly and offers automation capabilities, as does Sentinel. This automation can help customers get more value from the solutions by quickly processing alerts and reducing MTTR. The price of Defender for Cloud Apps and Sentinel is also competitive.

No maintenance is required from our end.

I recommend a single vendor security suite over a best-of-breed strategy because of the better support and cost benefits.

Microsoft Defender for Cloud Apps is user-friendly and it is easy to configure the security policies based on the organization's industry standards and framework. 

I rate Defender for Cloud Apps 10 out of 10. I would recommend Defender for Cloud if you are concerned about the security of cloud applications. Azure deployments are easy to protect with Microsoft Defender for Cloud. I suggest trying Defender for Cloud for at least one application. If it works for you, you can scale up to multiple applications.

I rate Microsoft Defender for Cloud Apps a nine out of ten. Give it a shot. It's easy to deploy and doing a PoC is easy, and you'll get good insights into where to direct your efforts as far as doing your mind produces.

I'm a firm believer in getting all of my security solutions from one vendor. A best-of-breed strategy introduces an entirely different security risk from integrating products that were not designed to work together. They don't produce cross-actionable intelligence insights with the products. You also need to have an expert in all of the vendors you use, and you will be in a difficult position when that person leaves until you can find a replacement.

If you are keen on keeping your enterprise safe from external users, so that your files are confidential and external users don't have access to them, you can create a rule in Microsoft Defender for Cloud Apps. If it detects an external user has been added to that file or is collaborating on it, an automated governance action can remove that access in near real-time. We are not using the automation feature at the moment because it can create unwanted results. The scope of the exclusion is very limited in the policy.

In terms of a single dashboard, you need a SIEM tool like Microsoft Sentinel to integrate everything into a single dashboard. But at the moment, without that suite, we need to look at our four tools separately.

Potential threats are mainly detected in terms of hash values, malicious IP addresses, and malicious domain names. If you are looking to protect your environment, you can enter these details into Microsoft Defender for Endpoint. Microsoft Defender for Endpoint enables you to add indicators of compromise and it will protect against those entities.

Regarding going with a best-of-breed strategy rather than a single vendor security suite, both have pros and cons. It's not a black-and-white area. If you are going with one vendor, it will collect the logs in a single way. Everyone who looks at them will say, "This is the issue." It won't give you a different point of view. But if you are using another security product, it will have another methodology to collect and integrate the logs and present the information to you. One security tool can miss something that another security tool will catch. Having more than one will give you diversity in terms of alerts and analysis. But on the negative side, when you have more than one solution, you need to purchase separate licenses and spend some more money.

It depends on the budget of your organization for the security team. If you have a big budget, of course, you can diversify. You will benefit more from having different tools as they will, obviously, decrease the chances of getting hit by malware. But it will cost you more. If you have a limited budget, then you should go with a single tool. If you take the financial considerations out of the discussion, Microsoft pretty much covers everything and you should go for a single solution.

Overall, Microsoft Defender for Cloud Apps is very convenient for investigation, in terms of security breaches, or if there is file exfiltration. It's a handy tool.

It doesn't require a long configuration process. There's no testing. You just need to tailor it to suit your organization's needs in terms of the data and the information that you want to get. In terms of discovering apps, it works pretty much out-of-the-box. It presents you with the data. The only decision that you need to make is whether to sanction an application. And then you have to sanction it and set up an alert if users are using a sanctioned application.

I rate Microsoft Entra ID an eight out of ten.

Set up your environment correctly first. Take your time to figure out how you want to use it, such as PIM and other use cases. Ensure you set it up properly and then create custom roles when needed. Don't overaccess people; that'd be the main advice. It keeps being upgraded by Microsoft. There are constantly new features getting added. If there's some feature you don't see now, it could be there later. We initially wanted a few features that were added later on. Thus, there's always room for growth.

The product provides a single pane of glass for managing user access for the most part. It helps manage the roles better in one area. It becomes easier to use that way. I don't know if we necessarily use verified IDs. But we typically use HRID just to enforce MFA and other processes.

Initially, the product saved a lot of time because we could create dynamic roles for people with the right access. However, as we move more to the cloud, creating more custom roles saves less time. It still has pros in terms of granular roles.

It easily saves two or three daily tasks per person or user we're onboarding. Let's say it's a good amount of time, especially with the dynamic groups. Each PIM role gets activated as well. I would say it saves 20 to 30 minutes per user account activation.

I rate Microsoft Defender for Cloud Apps nine out of 10. As a security architect, I would generally recommend a multi-vendor solution with a zero-trust model. However, if you are mostly using Microsoft products, it might make sense to use the Microsoft security suite because of the native integration.

I would recommend implementing it. It's the number one product in the market. The only thing they should automate is to put AI on their virus scanner recommendations rather than having to enable them by default. They might already have done that, but from what I've seen, generally, they do things manually.

At the moment, we are not using other Microsoft Security products. We are mainly using Defender. I have previously made use of the Defender for Cloud's bidirectional sync capabilities, which I'd rate a 10 out of 10.  

Overall, I would rate it a 10 out of 10.

I rate Microsoft Defender for Cloud Apps an eight out of ten.

Microsoft Defender for Cloud Apps promptly generates an alert upon detecting a threat. However, I do not believe it has the capability to proactively defend against potential threats.

It is deployed in one environment with 50-plus users.

No maintenance is required from our end.

I recommend that anyone evaluating Microsoft Defender for Cloud Apps should read through all of the documentation first.

Microsoft makes sense because it integrates with many applications and provides. However, it depends on your infrastructure.

Endpoint Security is part of the Microsoft Defender suite. We use it to manage systems and force them to update. They can also revoke access to a tenant.

Microsoft Sentinel logs all our reports. This gives us better visibility. This enables us to ingest data from our entire ecosystem. It also allows us to provide security posture reports to our clients. Before starting a contract with a business, we create a report and give that to clients, showing how we handle and solve problems. The report shows our environment and uptime. 

Sentinel enables us to investigate threats and respond holistically from one place. From there, we can now troubleshoot where the issue is coming from. This is for our endpoint or when my external users are trying to access the service. This is very important to us because it makes life easier. We don't have to start running around checking this interface with another interface and a third or fourth interface. It is a single interface and we can get more raw data than what we configured Sentinel to ingest.

The comprehensiveness of Sentinel’s security protection is very high. We don't really use other providers. We use it to connect to AWS or Google Cloud Platform infrastructure to get information on how deployed loads are performing.

I would rate them as nine out of 10.

To those evaluating the solution, I would advise knowing the goals they want to get to before they start. It can grow very quickly if you just build, but if you have a concept of where you want to end up and you stay within those constraints, then it is a great way to get there.

In terms of Microsoft Defender for Cloud Apps helping us to prioritize threats across the enterprise, we prioritize a little differently. I do not know if the solution helps with the prioritization of that, but prioritization is always important.

We get our threat intelligence from multiple sources. Microsoft Defender for Cloud Apps is one input on that, so it is hard to say whether its threat intelligence has helped prepare us for potential threats before they hit and take proactive steps.

I would rate Microsoft Defender for Cloud Apps a nine out of ten.

My advice would be to try it first and compare it with other solutions.

I would rate it an eight out of ten.

My advice would be to do an assessment of whether you actually need this particular product. Some people confuse Defender for Cloud Apps with Defender for Microsoft 365, but they are two different products. You also need to confirm if it supports the applications you want to protect because there are some applications that have yet to be integrated with it. Apart from that, it's a good product for any security admin to use.

When it comes to helping prioritize threats, it depends on the angle you're looking at the results from. It can help 50 percent. When you look at the pattern of alerts over time, it can help you prioritize. But if you're looking at it in general, it is not going to give you that visibility into prioritizing.

Defender for Cloud Apps has a little bit of automation for routine tasks, but it doesn't really give an admin automated processes. And when it comes to taking proactive steps, it's more Defender for Endpoint that helps there. Defender for Cloud Apps doesn't help you to prevent an impending attack.

If you are looking to protect your environment, you need to spend more money. I wouldn't say that this solution helps to save money. But by protecting your financial documents from fraud or from an angry worker that is about to leave, it helps in saving money, but not in terms of cutting costs.

The maintenance is not significant because you don't need to update anything. All you have to do is go to your portal and check for and investigate any alerts. Maintenance is handled by Microsoft.

And in the "best of breed versus a single vendor" debate, you should just have a single vendor. In this case you know, "Okay, it's Microsoft," and it's best to just stick with what you know. It depends on what works for you though. For somebody who is comfortable using third-party products with Microsoft, maybe that will work for them. But for me, what is comfortable is using Microsoft products.

I don't have a business relationship with Microsoft. I deploy the solution and I am managing MCAS for customers.

If a person has an Office-specific environment and they are looking for a solution, this is a good option. It's a good native application. Even if they were in a different cloud, I'd advise migration to a Microsoft environment. 

I'd rate the solution an eight out of ten.

I rate Defender for Cloud Apps a seven out of ten. It's better to go with a single vendor for all of your security products. When I introduce Defender for Cloud Apps to our customers, most of them have the license, but they do not understand the capabilities. The first thing I do is explain Defender's coverage and functionality, so they understand which features they can apply to their environment. You need to generate a list of requirements first. 

For Office 365 environments, there is a great add-on benefit that comes with the Microsoft licensing package. If you have a Microsoft ecosystem, you can get it, and there is no need for any other tool. If you're not in a Microsoft ecosystem, don't bother buying it. It is a good competitor to other products such as Splunk. 

It has not affected our end-user experience in any way. The reason being this is an admin-oriented program, and it does not involve any end user. It just collects data from end-users and gives it to us. After that, it is up to us to act upon it. It does not do anything on its own. It is a threat detection tool, and it doesn't do anything on its own. We have to act to resolve a problem. For example, it will only say, "There is a user who is doing this. Do you want to act upon it? Yes or no?" Based on that, as an admin, we can do certain tasks remotely. The end-user will not know about it. We will see if there is a real threat, and we'll act upon it.

I would rate it a 10 out of 10. It is improving, but it still needs more improvements.

I don’t know if the product provides a single pane for managing immune access. We connect it with the Active Directory and other similar tools. It helps save a low amount of time.

I advise others to try using Microsoft Defender for Cloud Apps. I rate it an eight out of ten.

We're a Microsoft partner.

I'd rate the solution at a seven out of ten.

Mainly you want to just be clear on what your use cases are, and what you're trying to accomplish, as everything's use case driven. If you know what you need to accomplish from a security strategy standpoint, it's better. For example, it might be helpful for compliance or having an understanding of where sensitive data is. It might be part of a broader initiative around classification and data protection. Having those use cases written out first and going from there is better. Then, I suggest taking a measured approach as you go in. Implement it right. Test for or validate that the policies that you have in place are working as expected. However, you have to build out requirements for the policies. 

I deploy this solution. I don't utilize this solution as a solution for my organization, and instead, deploy this solution for clients. I'm a consultant for this product. My company is a Microsoft partner. 

This is a SaaS application.

I would advise new users to first try to identify the applications which are corporate-owned applications, be it if it's an on-prem application or if it's a cloud application. Once you identify all those applications which you're using in your organizations as a whole, you should try to integrate all those applications with Cloud App Security. 

Once you've started integrating and planning ahead what applications are needed to be monitored first, start integrating those applications and monitoring them. Slowly, integration after integration, all the monitoring will start happening.

Once the integration for those applications has happened, you should go ahead and start implementing what kind of policies you want. If you want activity monitoring policies, then you should start creating those activity monitoring policies. Let's say you want to apply DLP policies for third-party applications. You will need to reach out to those different teams who'll be able to give you better answers as to how to approach the data that is being shared or being uploaded from those applications to any other applications.

Based on that, create those policies in Cloud App Security. The correct and the right approach is to use the network appliances that you have in your organization. Once you have identified that information, you can go ahead and start implementing the Cloud App Security and start integrating those network appliances and those applications with Cloud App Security.

Overall, I would rate the solution at an eight out of ten.

From what I've seen, it's a good product. We occasionally encounter some, inefficiencies in its performance. But not all of the time, because our country has a lot of internet problems. As a result, the synchronization side tends to disconnect from time to time. So whenever we get disconnected, it causes some problems. You have to have a good connection after all because it is a cloud service, you must have a good internet connection in order to connect to it. We believe it is one of the best on the market. I believe it is a good option for anyone to use. But, once again, there are other players in the mix, which is why we are always doing some benchmarking and continuing with trials for other solutions.

I would rate Microsoft Defender for Cloud Apps an eight out of ten.

This is a pretty good service and I definitely recommend it if you are using Microsoft Azure or Microsoft services.

I would rate this solution an eight out of ten.

My advice for anybody who is implementing this product is to get assistance with deployment from somebody who can help you. Don't do it by yourself, if you're not a reseller for it. As a company, get somebody who has experience with the product.

In summary, we have just begun using this product but so far, it works well and we are satisfied with it.

I would rate this solution an eight out of ten.

My advice is to use it to its fullest capabilities. It has a lot of features and it is being enhanced daily. It's a full engine that you can use to discover all your assets in the cloud, whether they are on a public cloud or a private cloud. Every month or every quarter, look at what's new and how you can leverage it. You're already paying for those enhancements so use them, fine-tune them, and optimize them. The tool has a lot of capabilities. A lot of people only utilize it for information protection or tracking user activity or for their cloud-based security posture. Use it all. There's a lot in it.

MCAS is not a tool that interacts with end-users because there is no client. They don't know that MCAS is in the picture, so it doesn't impact the end-user.

The biggest lesson I would take from the use of Microsoft Cloud App Security is that you are being monitored. Do not use your professional device for personal use because there are more eyes and controls around.

In addition, the way you use MCAS is that you discover and then you put the controls in place to govern things. That's how any other security tool works. You first put it in learning mode to see what will happen. For example, If I put in this or that control, how much will it impact my end-users? In those terms, MCAS has been really nice.

If you have a lot in the Microsoft environment or AWS or Google Cloud, it's going to help you a lot.

This is a product that I recommend.

Overall, it is a good product but the robustness should be improved.

I would rate this solution an eight out of ten.

Make full use of all the options available and focus a lot on policies. There are a lot of policies and alerts available which might not be used to their fullest extent. 

We are pretty happy with how it all works and fits together.

I would rate this solution as a solid nine (out of 10). The product is constantly improving. It has a low amount of false positives, i.e., true alerts identified as requiring attention.

We have experience with Microsoft products, Windows Server Data Centers, Microsoft Office 365, and they have a new branch called M365 products, Cloud systems, and Branch Management systems.

We are working on implementing the MDM system and we are looking for alternatives.

We are using an Apple-based system as well as Microsoft.

Generally, there is always room for improvement. It can always be better.

I would rate this solution a seven out of ten.

It is certainly a good product. It is important to get a cloud-based product so that if you want to manage it remotely, you can work on a PC that is ready for that mission then.

I would rate it an eight out of ten. 

I would recommend this solution to others.

I rate Microsoft Defender for Cloud Apps a nine out of ten.