The feature that helps us in detecting the sensitive information being shared has been very useful. In addition, the feature that allows MCAS to apply policies with SharePoint, Teams, and OneDrive is being used predominantly.

It is a kind of unified solution. As compared to other solutions such as Netskope, Symantec, or McAfee, it provides a more unified reporting structure.

It also integrates with other technologies. We have Azure Information Protection, and it goes well with the solutions that we are already using.

The most valuable feature is the alerting system.

Microsoft Defender for Cloud Apps covers all relevant cloud applications, such as OneDrive, shared drives, and specific directories. If we want to monitor a specific SharePoint directory, specific folder permissions, or specific VIP groups, all inherent features are available.

One of the most valuable features is auditing. Some of the other protection services have issues with auditing. Microsoft Defender for Cloud has an excellent auditing technique that helps us avoid the risk of filtering or information loss. You can use different tools to guarantee these things. It allows you to conduct an in-depth exploration of applications, users, and files that are harmful or suspicious. You can also enhance your security setup by creating personalized rules or policies that help you better control traffic in the cloud.

As administrators, we have a clear view of all the threats in the cloud. We can even restrict access or provide limited access to the users, which is an essential way to protect your information. From the dashboard, we can see all the permissions and which users are currently accessing the applications. We can constantly monitor each user and the critical applications.

Defender has a threat database that automatically updates to include the latest threats in the industry. It also helps us prioritize by categorizing the threat levels in the dashboard, so we can act accordingly. Defender tells us the high-level threats that require immediate action, whereas some simple threats can be easily mitigated or ignored. 

Microsoft has bidirectional capabilities. When any changes happen on-premises, they will also be reflected in the cloud, while changes in policies we enact in Microsoft Defender for Cloud will be completely reflected on-premises. It's a great boon. We don't need to configure every step on-premises, which is a time-consuming process.

Defender integrates with MDE, and there's no agent, so everything happening on the endpoint is reported back to Defender. Defender for Cloud Apps is tightly integrated with Defender for Identity.

The solution provides excellent visibility into threats. I rate Defender for Cloud Apps an eight and a half out of ten for visibility. 

I use all of Microsoft's security products, and they work together natively to deliver coordinated detection and response. Each solution is outstanding by itself, and I can coordinate between them by pumping the alerts and incidents into my SIEM. 

Bidirectional sync is crucial because I'm a consultant, and I have yet to find a customer who uses only one cloud. 

We use Defender with Microsoft Sentinel, which ingests data from our entire ecosystem. This functionality is essential because I can investigate threats and respond from one place. I can respond directly from Sentinel about 50-60 percent of the time using its SOAR capabilities. 

Sentinel's built-in UEBA and threat intelligence are excellent and getting better every day. In terms of cost and ease of use, Sentinel is the best cloud SIEM and better than 90 percent of on-premise solutions. Even Google products can't compete. 

In Microsoft Defender for Cloud Apps, there is an option to enable files. Once you enable that, it will give you all the files in your organization and where they are located in the cloud. If you are investigating a data breach and you want to get ahead of the investigation, the first thing you can do is a filename search: Where was it located? What was the file movement? What activity happened with the file? You get all the logs. That feature is very useful for investigation purposes.

It also shows user activity. If we are investigating a user for possible data breaches, we can enter the user's name and see the activities that the user has done. Based on that, you can take the necessary action. It gives you all the logs for that particular user. That feature is also very interesting and useful.

I use more than one Microsoft security product, including Defender for Endpoint as well as the Microsoft compliance portal, which is called Microsoft Purview now. It is integrated with Microsoft Data Loss Prevention. I also use Microsoft Defender for Identity. It is used to see if there is any suspicious traffic coming through your domain controller. In total, I use four Microsoft tools and all of these products are integrated. Internal integration of Microsoft products is quite simple. You just need to create one instance and that's it.

They are like the same product. Whatever information you'll get from one tool is the same information you are going to get from another tool. There will be no inconsistency in the data. They are getting logs from one place, not from different sources, so they are coordinated. If they did not work together, there would be a lot of confusion. If one tool is sent an alert and another sent an alert for the same file, that would be a complete ruckus. It has to be well coordinated.

These solutions are quite comprehensive. Most of the time, they provide alerts in a very detailed manner and it is very easy to investigate. While there is some scope for improvement, it is a very good tool for investigating the security threats we are getting. It's quite comprehensive and really good.

The ability to prevent users from using certain applications is one of the most valuable features. It doesn't require any configuration for implementation from the client perspective. It just works right away and gives you the information you need. There are other features that you do need to configure. For example, the capability of the solution to discover the apps.

Another helpful feature is that you can add some connectors, not only from Office 365 and Azure, but external connectors. If you have logs from Palo Alto or Cisco, from  Barracuda, Checkpoint, or SonicWall, you can ingest them into Cloud App Security. It integrates well with third-party vendors.

The product helps us with privileged identity management to control who has access to what and for how long.

Defender's integration with our Identity solutions is critical in our current setup. It also integrates with Microsoft Sentinel to provide threat visibility. However, there's a delay of about 10 to 15 minutes from when Sentinel detects an incident, and it appears in Defender. We're trying to fix that. 

Defender allows us to prioritize threats across our enterprise, which is crucial. It's easy to integrate Defender with other Microsoft solutions. For example, we use Defender with Sentinel and set conditional access policies in Azure Active Directory. We're currently participating in Microsoft training to learn how to utilize these solutions better.

On-demand scanning is the most valuable feature. In addition, it's a fairly fluid product. It syncs back to the cloud and provides metrics. It's pretty intelligent.

The most valuable feature is its policy implementation. Even public websites are directed to the Microsoft Net proxy, where we can establish policies to determine whether to block, authorize, or manage devices.

There are security settings that report and advise you on your security settings. The governance reports give you guidance on security vulnerabilities and how to remedy them.

It tells you whether something is high, middle, or low risk, giving you a risk profile. It lets you know which one to handle first.

Everything from Microsoft is integrated. You receive regular reports on them all. You can push your reports, logs, and security alerts, which are all integrated. It is crucial that these solutions work natively together to deliver coordinated detection and response across our environment.

This Microsoft security solution has helped eliminate the need to look at multiple dashboards and given us a single XDR dashboard. This is one of the main features that we like about the solution. We have one dashboard. Anybody who is a part of the security team can look at it and say, "Okay, this is what I noticed." Then, we can have a short discussion on how to remediate or enhance services.

I would give the comprehensiveness of the threat-protection that these Microsoft security products provide a high score. 

Sometimes, Microsoft sends us information and recommendations about changing all our configurations due to something they noticed. So, their reports improve our uptime availability and provide a seamless service for our clients. 

It does a great job of monitoring and maintaining a security baseline. For us, that is a key element. The notifications are pretty good. These are the things that are very useful.

It's very easy to install and it includes the Intune portal from Microsoft where I can control all the devices from one place. And because it's a Microsoft product, it integrates with Windows 10 and Windows 11. We don't need to buy anything else.

We have an M365 license and we have an Office admin portal. I manage all the users and licenses through the portal, making it very easy to manage. We have a lot of users coming in and going out of the company, and this makes it simple to provide licenses to people.

I like the web GUI/the management interface. I also like the security of Microsoft. As compared to other manufacturers, it's less complex and easy to understand and work with.

I like the alert policies because they are quite robust. It has some built-in templates that we can easily pick up. One of them is the alert for mass downloads when a particular user is running a massive download on your SharePoint site. If a user is downloading multiple files in an unusual manner you get an alert.

Another built-in alert is what we call an "impossible traveler alert." If a user logs on from a US IP address at 10:00 AM and, less than 30 minutes later, the same user shows as being logged on from an IP address in the United Kingdom, there is no way you can travel from the US to the UK in 30 minutes. That alert will be triggered.

You can also input an action to be triggered for an alert. You block the user or just alert the admin or manager of that user.

It also comes with in-depth visibility, whereby it creates a pattern. If a user has been flagged multiple times, you can see that pattern. It shows you the IP addresses from which that user has been signing in recently. And it provides you with the kind of suspicious pattern that this particular user has been using over time. So it has very robust visibility.

It also gives you a graphic interface, which is something that I enjoy. If an alert is a very high risk, you see it in red, while if it's medium, you see it in yellow. A low risk doesn't come with any color. It gives me an appreciable pattern of user activities. It covers one month in case you want to deep dive to see the login pattern for your user.

Also, we currently use Defender for Identity, Defender for Endpoint, and Defender for Microsoft 365. All of them have been integrated into our plans. It was quite easy to integrate them. It's just the click of a button to activate it and then a matter of configuring your alert policies. Defender for Cloud Apps works together with Defender for Endpoint as well as with Azure Active Directory. With the latter, you can use the Conditional Access policy to integrate them so that they work together seamlessly.

The fact that these solutions work natively together gives us the advantage of having multiple security solutions doing different things. It's very important for them to work seamlessly together.

The file policy and activity policy are very useful aspects of the solution.

I can get information, for example, data location, IP address, et cetera. I use it for getting information about what's happening in my environment with certain files. I can see, for example, which user is sharing files externally, and if they're downloading or might be downloading, the documents on their personal device, a corporate device, or if they are sharing any folders with the outside world.

The initial setup is straightforward.

The general usability of the solution is very straightforward.

Shadow IT discovery is the feature I like the most. Defender for Cloud Apps provides excellent threat visibility. The solution helps us prioritize threats across our enterprise. We use all Microsoft security products. I had no problems integrating or managing them.

Microsoft's security solutions work together natively to deliver coordinated detection and response. We use Sentinel to ingest security data, which is essential. Sentinel allows us to investigate and respond to threats from one place. I like Sentinel because we can collect logs and data to identify suspicious activity in our environments and establish rules for triggering threat alerts. 

Threat detection is its key feature, and that's why we use this tool. It gives an alert if a PC is attacked or there is any kind of anomaly, such as there is a spike in sending emails or we see an unauthorized website being accessed. So, it keeps us on our toes. We get to know that there is something wrong, and we can isolate the user and find any issues with it. So, threat detection is very robust in this tool.

We can integrate any SaaS-based application with it. It can scan your network and physical devices and the software that you're using. It tries to fetch cumulative data when there are any authentication-related attacks or any network-related attacks and gives us some kind of intimation. We get real-time graphical data, and then we need to do our work to solve the problems.

The product is great. The major benefit is that it is a Microsoft tool. So, if you're in a Microsoft ecosystem, this is the best tool that you can get in the market. In terms of experience, it is unlike any other tool. It is good enough to do all the jobs that other tools are doing. So, you don't need any other tool if you are using it in a Microsoft ecosystem. 

The product’s most valuable feature is SQL database. It notifies us even in case of false positives when people log in after a long time and when we're out of compliance with the security baseline.

The solution is bundled with E3 and E5 licenses. That's the reason it's most commonly deployed. It's part of the bundle. It's not a separate cost.

If your business requirements are relatively simple, it can get the job done. 

This solution acts as an identity and posture management assessment solution also. When you have your on-prem AD integrated with Defender for Identity, it can understand your identity posture.

It can understand things like your Active Directory spread or the current state of your Active Directory on certain recommended practices. For example, if users in your organization are not using secure log-in methods. If their LDAP authentication is not secure, you'll get that information. That's identity and posture management. For your on-prem AD, if you have the solution deployed, which is Defender for Identity, it'll give you an understanding of your identity state, of your on-prem AD state, and give you recommendations accordingly, on what needs to be changed and managed, to make sure that you're secure.

Apart from that, it also integrates with third-party solutions and services. For example, in an organization with multiple cloud applications. Typically, you don't have visibility over user activities or logs. You don't have control over the data. If a user logs in from one location and then the user logs into that application from another location, you don't have the visibility as you don't have ML and AI capabilities inbuilt. With this solution, once it integrates with those applications, it has inbuilt default functionality of ML and automation. It is able to understand the user's behavior and identify inconsistencies in user accounts, for those applications, and can give you suggestions or raise alerts. 

The solution does not affect a user's workflow. It is not a user-specific solution. Users would not see the change in their usual behavior and their usual activities as such. The user does not really know what's happening in the background. The Cloud App Security is a solution for your whole organization, to make sure that you're monitoring the right activities - for example, those activities that are really uncommon - or specific activities that you want to monitor. The company has the ability to create Cloud App Security policies for sets of users, however, the users themselves do not see or feel the impact. 

An IT administrator manages the solution and it gives them a lot of information. They can see a lot of detail around how other users interact with data and applications across the company, and if anything unusual happens. 

The most valuable feature of this solution is its monitoring. The monitoring of the application. 

Integration is simple, and you can monitor your applications at the enterprise level. As a result, you can have a holistic view of all applications and their statuses. 

It's very robust and it's very good.

The capabilities are very good. It has a lot of features in it, which is why many people recommend it.

It is very easy to use, which is what we look for in these types of solutions. 

The most valuable feature is the anti-spam capabilities.

There are a lot of features with benefits, including

• discovery 
• investigation
• putting controls around things.

You can't say that you like the investigation part but not the discovery. Everything is correlated; that's how the tool works. Once the discovery of everything you feed into it is done, it gives you a nice dashboard. You can then plan what needs to be controlled and governed, and what should not be accessible in your environment.

It's quite well integrated with all Microsoft services, like Information Protection, Azure Portal, and Azure IoT, among other things. There are also integrations with AWS and Salesforce.

The most valuable feature is the seamless integration across different clouds.

• Helps us have a view into our overall security posture and how we can improve it. 
  
• The ability to perform investigations is very useful. 
• Identifying the number of applications, particularly connected via OAuth. 
• Has great, general overall visibility of who is using what and how. 
• We are using it as an indicator for any indicators of compromise that might be coming up.

Identity security posture points out a preset number of security posture improvements, or areas of focus, and whether they are being met. It also points out what changes need to be made in order to meet them. Therefore, we can have better security posture.

There is a feature called security configuration. This is across the whole Microsoft set of products regarding what changes can be done. Specifically within a product, we use it to improve the security posture by making changes.

The most valuable feature is the ease of management. It's important. The management is cloud-based and we can work inside or outside on public networks.

All of the features are valuable because all of the features are related. 

The most valuable feature of Microsoft Defender for Cloud Apps is to stop shadow IT.