We just raised a $30M Series A: Read our story

Microsoft Defender for Cloud OverviewUNIXBusinessApplication

Microsoft Defender for Cloud is #2 ranked solution in XDR Security products and #3 ranked solution in Cloud Workload Security Solutions. IT Central Station users give Microsoft Defender for Cloud an average rating of 8 out of 10. Microsoft Defender for Cloud is most commonly compared to Prisma Cloud by Palo Alto Networks:Microsoft Defender for Cloud vs Prisma Cloud by Palo Alto Networks. The top industry researching this solution are professionals from a computer software company, accounting for 31% of all views.
What is Microsoft Defender for Cloud?

Microsoft Defender for Cloud protects your Azure and hybrid resources. Microsoft uses a wide variety of physical, infrastructure, and operational controls to help secure Azure—but there are additional actions you need to take to help safeguard your workloads. Turn on Azure Security Center to strengthen your cloud security posture. Within Azure Security Center, use Azure Defender to protect your hybrid cloud workloads. With Azure Security Center, you can:

- Assess and visualize the security state of your resources in Azure, on-premises, and in other clouds with Azure Secure Score

- Simplify enterprise compliance and view your compliance against regulatory requirements

- Protect all your hybrid cloud workloads with Azure Defender, which is integrated with Security Center

- Use AI and automation to cut through false alarms, quickly identify threats, and streamline threat investigation

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Microsoft Defender for Cloud was previously known as Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender.

Microsoft Defender for Cloud Buyer's Guide

Download the Microsoft Defender for Cloud Buyer's Guide including reviews and more. Updated: November 2021

Microsoft Defender for Cloud Customers

Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.

Microsoft Defender for Cloud Video

Pricing Advice

What users are saying about Microsoft Defender for Cloud pricing:
  • "Security Center charges $15 per resource for any workload that you onboard into it. They charge per VM or per data-base server or per application. It's not like Microsoft 365 licensing, where there are levels like E3 and E5. Security Center is pretty straightforward."
  • "The licensing cost per server is $15 per month."
  • "This solution is more cost-effective than some competing products. My understanding is that it is based on the number of integrations that you have, so if you have fewer subscriptions then you pay less for the service."
  • "Although I am outside of the discussion on budget and costing, I can say that the importance of security provided by this solution is of such importance that whatever the cost is, it is not a factor."
  • "It has global licensing. It comes with multiple licenses since there are around 50,000 people (in our organization) who look at it."
  • "The cost of the license is based on the subscriptions that you have."
  • "I am not involved in this area. However, I believe its price is okay because even small customers are using Azure Security Center. I don't think it is very expensive."

Microsoft Defender for Cloud Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Thiago De Angelo
Global Cloud Security Architect at a consumer goods company with 5,001-10,000 employees
Real User
Improves security posture, offers real-time assessments, and has great compliance policy features

Pros and Cons

  • "One of the features that I like about the solution is it is both a hybrid cloud and also multi-cloud. We never know what company we're going to buy, and therefore we are ready to go. If they have GCP or AWS, we have support for that as well. It offers a single-panel blast across multiple clouds."
  • "Azure is a complex solution. You have so many moving parts."

What is our primary use case?

It is our main solution for our Azure cloud infrastructure. We do about 1.1 million dollars in cloud spending every year. It's a quite big infrastructure and pretty much in our main system and we are planning on integrating with Microsoft Sentinel, which is going to be our SIM solution. Right now we don't use a Microsoft solution, however, Microsoft Sentinel is very complete and we're excited to dive into a POC. Right after I joined the company, that was one of the first things that I advised them to do and a couple of weeks later, we caught at least two big vulnerabilities that could have caused a catastrophic problem for our business. That's a true testament to the power of the tool.

How has it helped my organization?

The solution has improved how our organization functions. For example, the security score is the biggest improvement, as it's a compilation of all the results. That's where we have been doing established goals. When I joined the company and when we first implemented the product our secure score was about 35%. We are now sitting at 71%.

That gives us a clear direction as that's the most difficult issue. Azure is a complex solution. You have so many moving parts. If you say "I want to improve my security posture," it's hard to know where to start. That metric's going to give you an idea. You're going to take a look at your identity and access management strategy. You go there and you fix those issues.

Once that's done, you can take a look at your malware protection, so you see all the machines. You have the ability with this product. All of these actions compile percentages on a score and they drive up the score. That way, you know how good you're actually doing and how you can continue to progress.

What is most valuable?

We do a lot of mergers and acquisitions. One of the features that I like about the solution is it is both a hybrid cloud and also multi-cloud. We never know what company we're going to buy, and therefore we are ready to go. If they have GCP or AWS, we have support for that as well. It offers a single-panel blast across multiple clouds.

The most valuable aspect of the solution is visibility. You truly have visibility. That’s the first thing that you're going to have in the cloud.

The solution’s capabilities of assessment and real-time assessment is another big thing for us. In terms of remediation and capabilities, most of the time, I even have a quick fix, a quick button that I click and they're going to fix it for me, where they are going to provide me with everything that I need to do to fix that.

The main thing that I like about the tool is that Microsoft collects trillions of data points across their cloud and they leverage that threat intelligence to teach the machine learning AI-driven models to assess for security. We can even see across the cloud, and it’s so much better than going with a third-party product, where you don't have that advantage.

The solution has features that have helped improve our security posture. The security score is one of the biggest pluses. They do have a series of metrics that combine into a security posture score. Netsecure started giving me a good snapshot of where we are when it comes to security posture, and then we can drill down.

If you click on your secure score, you are going to be able to see why you have that calculated score. They have very good documentation surrounding how, for example, if you have 74%, why you do. You are going to be able to drill down and see where your weaknesses are and then you can address those items directly.

The compliance policy feature is great. They do offer support, such as PCIS. You have access and they can compare to your security posture and they can give you your score based on that, for example, how compliant you are with those tenders. That's another great aspect of the tool as well. That's all visual and on a dashboard.

The solution positively affected our end-user experience, however, not in any shape or even form that they can notice. They're getting all the benefits from it in the background. For example, security alerts are one of the main values about the users that I like. You have access to security alerts and those security alerts are giving you a real-time type of reading on how you are doing when it comes to threats. If there's something that can affect a user negatively, you have access to fix it before it becomes an issue. Therefore, while it has affected them positively, they never had to change anything that they're doing.

What needs improvement?

In the past, when you wanted to compile a list of resources that effected a vulnerability, it was kind of hard to do that. You had to use the graphic interface and write some queries for you to get that information from the Microsoft Graph API. Right now, with Microsoft Cloud Defender, they actually have that and you have access to that. Therefore, for me, it's pretty much a problem that has been solved. That was pretty much the only thing that I thought we could use. Then, yesterday, I saw that they included it. Therefore, as of now, I don't have any big issues with the product.

In the beginning, the score was shown using a points system. Now they made it into percentages, which is way better. It's hard to show you your C-level points. It required some explanation. For example, if you show them 2000 points, they're going to ask, "Okay, is this bad or good?" If you show them 75%, on the other hand, that they can understand. That's another thing that they made better as well.

For how long have I used the solution?

Within this company, I've used the solution for about 10 months. I was also using the solution with my previous company for around a year and a half.

What do I think about the stability of the solution?

The product is pretty stable. The only thing that you've got to remember is that it takes some time. Some of the variabilities, for example, the remediation processes, when you apply them, it takes a bit. The remediation in order to count it has got to run the vulnerability assessment agent. Sometimes it takes a couple of hours for some resources. That said, it's pretty stable. I've never had any problems. It runs very well.

What do I think about the scalability of the solution?

The scalability potential is one of the biggest aspects that I like, as it works with Microsoft, as an Azure back lane. As you add more subscriptions, all you have to do is just go and enable Azure Defender - in this case now, Azure Defender for all the consumer subscriptions that I have. That's it. It's free scale. It scales out very, very well. You don't have to do anything and you don't have to install anything on the Azure portal - it's already there. That said, you do have to deploy vulnerability agents, however, Azure does that for you due to the fact that the VMs are already being managed by Azure. You have all the security in place. It will deploy the agents and it's going to be seamless. You don't have any downtime either.

Right now, we have about 7,000 users. It's quite a good number, however, we are growing. We're adding companies every month. We're adding tons of companies and plan to expand usage as we grow.

How are customer service and support?

I've been working with Microsoft technical support for more than 15 years. We have really good support, always. We do have an enterprise agreement with Microsoft, which makes support very easy. If you have Azure, you probably have an enterprise type of support. Every single interaction that I have had with them was pleasant. They were very, very precise and effective. We've had no problems.

Which solution did I use previously and why did I switch?

We never had a different cloud solution. For us, choosing this solution right off the bat was a no-brainer.

How was the initial setup?

The initial setup is very straightforward. It comes with the free version. It's out-of-the-box and already enabled for users for the most part. It gives you just a little bit of visibility, so you have to go with the paid version and the cost is not that bad. 

It's pretty much diluted into your Azure bill. It is totally worth the price. You basically go to the portal and choose the option and just enable online subscriptions and give it some time so that it can gain visibility. After that, it's going to deploy the agents. It takes 24 to 48 hours. After that, you're going to have tons of visibility and data coming back. It's pretty straightforward, very simple to set up. For me to roll out was about an hour tops.

You do not need a big maintenance team. I'm an architect and I'm also a very hands-on type of engineer. In most cases, I would say it's good to have at least two people especially if you have a global infrastructure. That way, you can have people in different time zones, such as Europe central time, for example, and in US Eastern time. For most aspects you have auto-remediation and you have automation that you can implement, which is great. I would say that two people would be ideal to manage the solution, especially for the remediation process. With the remediation process, you can engage other people from other teams as you're going to have to talk to the operations guys to say, "Guys, you've got to fix this, this is a liability." Therefore, two people dedicated to Azure would do it. It doesn't need to be dedicated to security, to Defender in this case.

What was our ROI?

I was reading some studies that the ROI is 200%. It's really good, due to the risk prevention and threat remediation processes.

What's my experience with pricing, setup cost, and licensing?

I like the licensing due to the fact that it's simple. In terms of pricing, there's a very good ROI. The ROI is pretty great, and everything is diluted into your overall Azure costs. It's not a product that you buy, it's a contract. If you want to stop using it, you can stop. It's an on-demand type of product. I like that as well. 

It's very cost-effective if you compare it to other products, especially if you want to combine other features from a licensing standpoint. You're going to spend a lot of money if you try to implement various other options.

Which other solutions did I evaluate?

We do have some security, other security that is still in place. For example, we work with CrowdStrike. We work with a team solution. We have another team solution, which is not an apples-to-apples comparison. What Azure center does is very specific. It's very large. For us to do the same thing with any other security solutions out there, would mean we're going to spend a lot of money. Azure does not have competition per se. You would have to onboard tons of other products to do the same thing that they do. It's also simpler than the other solutions. The orchestration features that you have access to are great. It doesn't make a lot of sense to combine several other solutions and try to protect all your resources.

What other advice do I have?

I am just a customer and an end-user.

I'm using the latest version of the solution, which is now the Microsoft Cloud Defender. They just changed the name of the product. They combined Azure Security Center and Azure Defender into Microsoft Cloud Defender and that's the version that I'm using.

For now, we are cloud-only, however, we have plans to enroll our on-prem devices as well, including servers, especially through Azure Arc and we are also looking at Azure Sentinel. We are going to have a complete ecosystem, similar to a Microsoft XVR, truly for our Cloud environments.

I was working with Sentinel in the past with my previous company, however, I was not able to fully roll out the product. Here, we're planning on having a Microsoft partner that's going to help us to onboard our Azure infrastructure and Sentinel, however, we are going to be enrolling a POC first.

I would advise other potential users that they need this, absolutely. If they have Azure, they need this. It's going to give them the visibility and the remediation capabilities that they're looking for and it's going to make them aware of issues that they are not even seeing. 

If a company has resources exposed to the outside, chances are that people are trying to get in. I'm catching people every single day trying to get in. It's really amazing what you see when you have visibility. Businesses that bring this on really need to involve the team. It's got to be a team project. Everybody's got to be playing on the same team. That way, a company can make sure they have effective implementation.

I would say, a company has got to watch very carefully the recommendations and the security alerts, especially recommendations, which is pretty much what's going to drive the score up and increase the positive security posture.

The alerts are going to give them real-time insight, like a temperature reading on security, including what's happening, who's trying to get in, who reports or attacks you and weren't successful, and how many times did they try? What kind of accounts did they use? Recommendations are going to help you look for activity and the security alerts are going to help you with the reactivity. You can react to events that are happening, however, you can't remediate issues that haven't happened yet. 

Overall, I would rate the solution at a ten out of ten. I'm a big fan. It makes my life way easier and gives me some peace of mind so I can sleep at night better.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Shaik Firoz
Network & Security Architect at SNP Technologies, Inc.
Real User
Top 20
Provides us with recommendations for improving security and enables benchmarking of infrastructure for compliance

Pros and Cons

  • "It has seamless integration with any of the services I mentioned, on Azure, such as IaaS platforms, virtual machines, applications, or databases, because it's an in-house product from Microsoft within the Azure ecosystem."
  • "If a customer is already using Okta as an SSO in its entire environment, they will want to continue with it. But Security Center doesn't understand that and keeps making recommendations. It would help if it let us resolve a recommendation, even if it is not implemented."

What is our primary use case?

Typically, when we have a scenario where a client wants to migrate their resources to Azure, they might migrate their IaaS platforms, such as virtual machines; they might migrate their applications or their databases; they could also migrate into Kubernetes services. There are a variety of projects. I work for many types of customers where all these different scenarios are involved, including applications, app services, database as a service, IaaS by default, and Kubernetes.

How has it helped my organization?

With a project that I recently completed for one of our customers, the requirement was around their bidding application on-prem, utilizing different cognitive services and AI modules on Azure. They wanted to containerize this entire application with AKS, Azure Kubernetes Services. They did so, and Security Center was integrated with this entire AKS system. What Security Center provided us with was a solution for how we could better secure this entire environment. It provided some recommendations on pod security and how the pods do not need to communicate with each other. It recommended isolating these pods for better security, so that even if a certain user got access to a pod, or a certain threat was detected for one of the pods, we wouldn't have to worry about the entire system being compromised. By implementing the recommendation, if a pod is compromised, only that pod is affected and can be destroyed anytime by the AKS system.

Another recommendation was for enabling some edge layer WAF services, by leveraging a Microsoft out-of-the-box solution like Front Door. Security Center said, "Okay, now that the application is being accessed over the public internet, it is not as secure as it could be." An edge solution, like an application delivery controller such as a WAF or a CDN service was another option. It could be anything that sits at the edge and manages the traffic so that only authorized access is allowed within the network. Security Center recommended Front Door, or we could leverage other solutions like Cloudflare, or a vendor-specific solution like F5. We could then make sure that any Layer 7 security is handled at the edge and doesn't affect the application inside. SSL offloading is taken care of at the edge. Any region-specific blocking is also taken care of at the edge. If an application is only accessed in the U.S., we can block locations at scale with this solution. That is how Security Center provided us with some recommendations for better securing the environment.

Another way that Security Center can help is that it can benchmark the infrastructure in terms of compliance. Compliance-based infrastructure is one of the norms nowadays. If an application is health-based or it's a Fintech-based application, certain standards like HIPAA, NIST, or PCI need to be followed by default. Auditors or compliance teams used to run through a manual checklist to make sure that the environment was secure. But with Security Center, we can do it via an automated layer, introducing regulatory compliance policies. Security Center performs scanning of the entire environment, in regard to the policies, in real time. Using the example of the bidding system, it's a Fintech environment and, while having NIST is not mandatory, we could enable a benchmark run-through, to make sure the infrastructure is NIST-compliant.

With Security Center, we applied policies that align with these types of compliance. Security Center takes these policies and runs through the infrastructure to see what the gaps are and provides us with a report on what is compliant on the infrastructure and what is non-compliant. We can fix those non-compliant parts.

What is most valuable?

For any type of service, I would recommend the go-to solution for security on Azure is Security Center. The advantage is, firstly, is that it has seamless integration with any of the services I mentioned, on Azure, such as IaaS platforms, virtual machines, applications, or databases, because it's an in-house product from Microsoft within the Azure ecosystem. It has seamless integration with their Log Analytics workspaces, and it also provides some insights into what can be a better solution when it comes to securing their environment.

When it comes to improving the security posture, whenever we have a small project for a customer where they want to migrate their resources into Azure, once the resources are migrated, such as the ones I noted above, we go ahead and integrate Security Center in various ways. One of those ways is to use an agent that can be installed on virtual machines so that we can extensively monitor security alerts or threats that happen on the device. 

But for platforms as a service, we can't have an agent installed, so it integrates with the Log Analytics workspace. For any PaaS services, or a database as a service, or data lakes, we take their Log Analytics workspace and integrate it with Security Center. Once we have integrated it, Security Center discovers the resources, determines what the different configurations are, and provides us with some recommendations for the best practices that Microsoft suggests.

For example, if the Security Center agent is installed on a virtual machine and it scans the environment and identifies that the access to this VM is public and also doesn't have any MFA, it will recommend that blocking public access is one of the best practices to make sure that only safe access is allowed. Along with that, it can also provide us with some insights about enabling MFA solutions that can provide an additional security layer. Those are examples of things that Security Center can recommend for providing a more secure infrastructure

What needs improvement?

There is a slight gap between the real-time monitoring and real-time alerts. While Security Center has the ability to detect sophisticated attacks or understand potential threats, I feel that if the response time could be improved, that would be a good sign.

In addition, when it provides recommendations, those recommendations have a standard structure. But not all the recommendations work for a given environment. For example, if a customer is already using a third-party MFA solution, Microsoft doesn't understand that, because Microsoft looks into its own MFA and, if not, it will provide a recommendation like, "MFA is suggested as a way to improve." But there are already some great solutions out there like Okta or Duo, multi-factor authentication services. If a customer is already using Okta as an SSO in its entire environment, they will want to continue with it. But Security Center doesn't understand that and keeps making recommendations. It would help if it let us resolve a recommendation, even if it is not implemented.

Security Center provides what it calls secure score. This secure score is dependent on the recommendations. It tells you that if you resolve this recommendation, your secure score will be improved. In the case where a client is already using MFA, but the particular recommendation is not resolved, there is no improvement in the secure score. There is a huge mismatch in terms of recommendations and the alignment of secure score. MFA is just one small example, but there are many recommendations that depend on the client environment. There is room for improvement here and it would help a lot.

For how long have I used the solution?

I'm a network and security architect for a Microsoft Gold partner. I have been extensively using Azure for five years and have been involved in multiple security and network projects. I have been using Security Center, specifically, for more than three years on Azure, applying recommendations and working on integrations with other services, etc.

What do I think about the stability of the solution?

The performance is pretty crisp. Because it is a platform service, we don't have to worry about the availability or response time. It's all managed via Microsoft. The performance is good for now, but it can be improved. It could be more real-time. There are many things that Security Center does in the background, so that may make the response time a bit slow. If we apply certain policies, it will run through the entire environment and give us a report after about 30 to 45 minutes. That layer could be improved.

What do I think about the scalability of the solution?

This is a platform service and Microsoft has scalability under its control. It can scale to all of Azure.

How are customer service and technical support?

As a Microsoft Gold partner, most of the time we work directly with the engineering team or with the Microsoft sales team. Because we are working day-in and day-out with Security Center, we are well aware of its issues, capabilities, features, and the depth of its tools. The basic, level-one or level-two support team just follow a standard. 

But there has been a huge improvement in terms of Microsoft support and they provide some really good support for Security Center.

How was the initial setup?

The initial setup is very straightforward. There's nothing complex about it.

Implementation generally doesn't take a huge amount of time. Because Security Center is a service, the agents need to be installed on a virtual machine or servers. If it's an IaaS application or platform services, the log analytics need to be integrated. In an environment with about 30 or 50 servers, we could run the script and complete the onboarding of the servers into Security Center within a day, and the same is true for platform services.

But it's not just about onboarding it because Security Center also provides some recommendations, and we work on those.

I lead a team of four people who work specifically on Security Center. There are other sections of Azure Security that they work on, such as Azure Sentinel, Azure ADP, Microsoft 365 security and compliance for our portals. But for these four people, about 25 to 30 percent of their roles involves managing Security Center.

What was our ROI?

The return on investment is pretty great in terms of the feature set that Security Center provides. There are so many solutions out there that can do similar things, but at the same time, they do not have such seamless integration with other services on Azure. The return of investment is in the ease of management and the great visibility.

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing is a standard process. It's not as complicated as other Microsoft licensing solutions. Security Center charges $15 per resource for any workload that you onboard into it. They charge per VM or per data-base server or per application. It's not like Microsoft 365 licensing, where there are levels like E3 and E5. Security Center is pretty straightforward. With Security Center, there are no other fees in addition to the standard licensing fees.

Which other solutions did I evaluate?

We have other, third-party vendor solutions, but Security Center provides that seamless integration, along with some insights that other platform services do not. There aren't a lot of other vendors out there that can integrate with Azure platform services. It's the only solution that we recommend.

Other solutions include Qualys, Rapid7, Tenable, and Nessus. As system integrators, we generally recommend Security Center. But if a client has already made a huge investment in Tenable or Qualys, they will want to continue with that. If a client does switch, they will see the advantages of all the integrations and services that can all work together. They will have a single plane of control.

The seamless integration is one of the key benefits. It integrates well with the whole Azure ecosystem. A second advantage is not having to worry if Security Center will be able to scale. A third advantage is that it is an all-in-one service. You don't have to have multiple services for threat protection, for endpoint protection, for recommendations, and for compliance. This is one tool that can do a lot.

In terms of the cons of Security Center, there are a lot of things. Vulnerability management is available, but vulnerability assessment is not available within Security Center. That is a huge gap. As of now, Security Center relies on third-party tools in this area and we have to integrate it with them. There is also the lack of custom recommendations for the environment. That is a feature that would be helpful.

When it comes to endpoint solutions, Microsoft ATP is available, but some of our clients already have a solution such as CrowdStrike.

What other advice do I have?

My advice is to go with Security Center. It's a really good tool and provides some good recommendations for the environment. Other tools can provide recommendations, but then we have to do them manually. Security Center does them automatically. That's one of the advantages that stands out compared to other tools. For anyone who asks, "Why Security Center?" I would tell them that if all their resources are being deployed, or all their applications are being hosted on Azure, this is the only solution, the best solution, out there.

I don't think there is much effect on end-user experience here, because whenever you talk about Security Center, the agents or tools are applicable to the underlying infrastructure rather than the end-user. For example, an application is hosted on a server or, for platform services, it's being integrated with these services. While a user is accessing these applications, Security Center just scans the data to understand what the incoming traffic is like. It provides intelligence reports such as where the traffic is coming from and what kind of data is being accessed for the end-user. Apart from that, it doesn't affect anything for the end-user.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Learn what your peers think about Microsoft Defender for Cloud. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
554,586 professionals have used our research since 2012.
Deshant Shukla
Azure Solution Architect at a tech services company with 10,001+ employees
Real User
Good setting recommendations and regulator compliance with very helpful technical support

Pros and Cons

  • "The solution is very easy to deploy."
  • "You cannot create custom use cases."

What is our primary use case?

We use the solution internally.

Azure Security Center works with Azure Defender. Azure Defender is used for identifying the vulnerabilities and loopholes inside our system that we can deploy on multiple layers either from the subscription level, the source level, or on the devices. You can connect multiple devices to this. That's not specific to only servers. You can connect with ER80 as well as SQL servers. Most of the services are covered within the Microsoft Defender.

What is most valuable?

We find two things inside the Azure Security Center to be quite valuable. One is the recommendations, and the second is the regulatory compliance. Both help to keep everything running smoothly. This will give you the security score as well. You can try to get the highest security score, which is 100%. You can get there just from the recommendations from Microsoft. Not all the recommendations will be applicable on the enrollment side.

Regulatory compliance is PCI compliance. There are multiple compliance options you can follow.

Azure Defender helps improve our security posture. You enable it for each and every server. It is a monthly-based subscription and about $15 per month per server. You can see right on there that the vulnerability is automatically run with the help of a Messages scanner. Messages is running behind Azure Defender. It automatically runs and scans, and that will show up on your portal. You do have to take any necessary steps to run recommendations. Either you can see if any energy port is open, for example, if RDP is open, it will realize, “Okay, just close RDP for outside work." These kinds of recommendations are very helpful from the Azure Security Center.

You have inventory on Azure Security Center, as well as Workbooks. You can create Workbooks. These are automatic playbooks where you can see the entire dashboard. If you prepare a monthly report, or a weekly report, it's better to create it in Azure Security Center instead of Workbooks with the help of JSON, or use drag and drop as an option. That will help you to keep updated more on things.

Inside Azure Security Center, with Workbooks, you can create your own workbooks according to your users. If you have a system update setting inside Azure, with the help of an automation account, if you click it, inside the system update Workbook, you can see all the systems which are taking updates. If that is updated, you can see whether the system is compliant with updates. All the reports are visible. You can see reports on the basis of subscriptions or on the basis of resources if you want.

Azure Security Center does not affect the end-user experience in any way. End users don't feel its presence in the organization.

The solution offers collaborative services. If you enable Azure Defender for servers or any services, basically, you can automatically subscribe for Azure Defender for Endpoints, which is easy.

You can install the EDR on each and every server. That will give you all of the process logs and what a user is doing. You can tell if a URL is open on your system, for example.

You can remediate with automation as well if you want to. That's for malware or any malicious files if they are present on the system. It will detect using the intelligence of the Defender Endpoint. You can take hybrid action on an alert, you can take a fully automated action, or you can take 100% manual action.

With Defender Endpoint, if you find out if one system is compromised, you can actually separate it from the network. If you have to deal with ransomware. If one system is affected by ransomware, you can remove the system from the network.

There is a security alert inside Defender that's per the recommendations and activities that happen inside your network. You will see security events there. If you do not have any other SIEM solution in your environment, you can leverage this. 

What needs improvement?

The team is already working on one of the latest features, which is having migration techniques right on the portal available. It's possible to use it now. That's one good new feature.

For MIM, they are still improving things on Azure Security Center. There are a few flaws in backend technologies. If you do not have the correct access to the system, you cannot access the files and most of the reported resources.

For example, a general huge storage account, which is exposed for public access. If there are ten storage accounts available, you can see the names. You can identify, those storage accounts that are supposed to be accessed from the outside, maybe, due to some feature happening behind the scenes on a storage account, and these are supposed to be exempt from the portal. You shouldn't see them again and again and this should not affect your security score overall. However, they are not easily exempted from the portal. There's no way to exempt them properly.

You cannot create custom use cases. You can use what is already present on the Microsoft side in terms of security alerts. You can, however, customize whitelisting for alerts.

For how long have I used the solution?

I've been using the solution for four years now. For one year, I have been working as an architect on Azure Security Center.

What do I think about the stability of the solution?

The stability is 99.9%. I never have seen any failure. Sometimes you find the service is slow. However, that could be related to an internet connection or something else. Every service has downtime. There is very, very minimal downtime here. I haven't faced any challenges in four years.

What do I think about the scalability of the solution?

The scalability is very good. You don't need to put any extra agent or anything from your side. Everything is automated. It's the easiest security feature, which you can get from Microsoft.

How are customer service and support?

For every project, an architect from the Microsoft side is assigned to the team. You can directly connect with them. You can also create a technical ticket. They will respond immediately. If the issue requires a certain level of severity, you will get a call directly. If it's not as serious and they email you, however, you do not respond to their email, they will call you. Otherwise, they will keep communicating via emails.

I'm in India. When I open a ticket, it may be assigned to the Indian parties and they take time to remediate your problems. If I am routed to the senior team of Microsoft, they won't take much time. They give you new solutions quickly. It's a good thing. 

Which solution did I use previously and why did I switch?

We do use Azure Sentinel. I'm also familiar with Google Cloud Platform, GCP. It's a bit complex as the structure is not as good as Microsoft. Microsoft, from top-down, offers a management group, subscriptions, and tenants under one group. Inside that resource group, you will find resources. That is easy. On the other hand, inside GCP, there are folders inside folders. Then you can create multiple folders inside one folder. That makes things very complex. There are not too many security solutions available on GCP. I do not have too much experience with GCP, however, given the experience I have, according to that, GCP isn't as good.

You can handle many things on Azure with the UI. There's no need to go for the PowerShell if you don't know it. If you know PowerShell best, you can use it if you want to. If you want any report from the GCP, however, you'll have to first understand the shell scripting. It's hard to find projects due to the way GCP is laid out. There's too much complexity.

How was the initial setup?

The solution is very easy to deploy. This is automatically installed on the Portal. There is no need to install anything on the Portal. There are just a few buttons inside the settings if you want to enable the Defender, et cetera. That will automatically install on all the servers. The agents are already present.

The solution takes six seconds to deploy. If you are on the Portal, you can do it in seconds. The first remediation will show within 30 minutes due to the fact that the scan takes time. The message takes a little bit of time to scan the entire infrastructure. That completely depends on how big a company's infrastructure is.

If there is another service, such as Azure Sentinel, you need to install agents on all the machines. If there is a Linux machine, you have to install the OMS agents. However, that's not the case over here.

One person can easily handle maintenance. A single person handles both Azure and Sentinel. Ours is a small environment. 

What was our ROI?

In terms of ROI for Azure Security Center, the solution offers basic security features, which Microsoft is providing. That's the main thing. There's no need to go and get any technical team to handle anything. If you know a little bit about the security, you just go and toggle the button and you install it on all the servers and services. With this product, you will start getting recommendations and security alerts. 

In contrast, if you go on any other products, you need a specialized team for security, especially. You need a complete specialized team for different services and for different actions. It's better to use Azure Security Center. There's no need to go and install anything and it's offering good security.

What's my experience with pricing, setup cost, and licensing?

The licensing cost per server is $15 per month. This is the same for SQL which is also $15 per server. It covers the Defender licensing as well. According to my experience, it's a good deal.

What other advice do I have?

I worked on all the Defenders, ten now, and, right now, we are more focused on Azure Defender, which is a part of the Azure Security Center on the Azure Portal. Defender is actually deployed on servers including other staff services, second path services, servers and community, and SQL databases. On each of these, you can deploy Defender.

This product is a Saas solution that is automatically updated from the Microsoft side. Any clients will not need to update manually.

If you have a hybrid cloud network or hybrid environment inside your organization, this solution will still work for you.

I'd rate the solution at an eight out of ten.

When it comes to Microsoft, the education surrounding Azure services and training is very easily available online without having to make any calls. If you want to join their webinars, you can join. If you want to get any certification, it is almost free for everyone. For a student they offer the training at 50% or 40% of the cost, or if you work at a good company. I did not pay anything for any certification. I have eight certifications from Microsoft. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Victor Addison
Senior DevSecOps Engineer at a consumer goods company with 11-50 employees
Real User
Top 20
Provides centralized management and helps with regulatory compliance, but getting the best information requires a lot of work

Pros and Cons

  • "With respect to improving our security posture, it helps us to understand where we are in terms of compliance. We can easily know when we are below the standard because of the scores it calculates."
  • "The overview provides you with good information, but if you want more details, there is a lot more customization to do, which requires knowledge of the other supporting solutions."

What is our primary use case?

I use this solution in two different scenarios. The first is for the security and monitoring of Azure accounts. Another is for SIEM integration and the Azure Gateway WAF. Essentially, it's a one-stop solution where you can integrate all of the other Azure security products. This means that instead of maybe going to Firewall Manager, Azure Defender, or WAF, you can have all of them send statistics or logs to Azure Security Center, and you can do your analysis from there.

How has it helped my organization?

This product helps us with regulatory compliance.

With respect to improving our security posture, it helps us to understand where we are in terms of compliance. We can easily know when we are below the standard because of the scores it calculates.

It helps us with alerts. You're able to automatically channel these alerts to emails and get the team readily looking into the issue.

We don't need a distributed team looking at the various security solutions. Instead, they just look into Azure Security Center and then get everything from one place.

It also supports multiple cloud integration, where you can add other clouds like AWS and GCP. However, we don't use that feature. 

What is most valuable?

The most valuable feature is the help with regulatory compliance, as it gives us security scores and the CVE details.

Centralized management is another feature that is key for me.

What needs improvement?

This product has a lot of features but to get the best out of it, it requires a lot of insight into Azure itself. An example of this is customizing Azure Logic Apps to be able to send the right logs to Security Center.

The overview provides you with good information, but if you want more details, there is a lot more customization to do, which requires knowledge of the other supporting solutions. You can get the best out of it, but then you will also need to do a lot of work.

Improvements are needed with respect to how it integrates the subscriptions in various Azure accounts. You can have a lot of accounts, but you don't get detailed information. Specifically, it gives you overall score statistics, although it's not very intuitive, especially when you want to see information from individual subscriptions.

For example, if there are five subscriptions sending traffic to Azure Security Center, it gives you the summary of everything. If you want to narrow it down to one particular subscription and then get deep into the events, you really have to do some work. This is where they could improve.

In terms of narrowing things down, per account, it is not granular enough. In general, it gives you good summaries of what is happening everywhere, with consolidated views. You're able to get this information on your dashboard. But, if you wanted to narrow down per subscription, you don't want to have to jump into the subscriptions and then look at them one by one. Simply, we should be able to get more insights from within Azure Security Center. It's possible, but this is where it requires a lot more customization.

For how long have I used the solution?

I have been using Azure Security Center for approximately two years.

What do I think about the stability of the solution?

In terms of stability and availability, Security Center is very good. It doesn't change. Because it's cloud-based, you don't actually have to manage infrastructure to get it up. If you are using the SIEM portion of it, it's what you are sending to it that will determine what you get out of it.

If you are using a hybrid solution from your own site then you have to make sure that your internet connection to the cloud is reliable. Your VPNs that are pushing data have to be stable, as well. Also, if you are using a third-party solution, you have to manage your keys well. But in terms of it being stable, I would say it's highly available and highly stable.

What do I think about the scalability of the solution?

This solution is very scalable. You can integrate as many subscriptions as possible. They could be Azure subscriptions, AWS accounts, GCP, and other resources. Because it's cloud-based, I have not actually encountered any limits.

I know that with cloud providers when there are limits, you can request an increase, but in terms of how many, I have not seen any limitations so far. As such, I would say it's highly scalable.

We are using it a lot. For Azure, there are 20-plus subscriptions. We don't really use it for AWS accounts. Instead, we prefer to use AWS Security Hub on AWS, so we don't push AWS account data there. But for Azure, we used it for at least 20 subscriptions.

We have a distributed team. I have used it for the past two years in the company, and it's a huge organization. In the whole of the organization, Microsoft Azure is used as the main cloud. AWS was also used, but that was mostly for specific projects. In terms of the number of people using it, I estimate it is between 50 and 100.

How are customer service and technical support?

Microsoft support is very good, although it may depend on the kind of support you have. We have enterprise-level support, so any time we needed assistance, there was a solution architect to work with us.

With the highest support level, we had sessions with Microsoft engineers and they were always ready to help. I don't know the other levels of support, but ours was quite good.

Which solution did I use previously and why did I switch?

We began with the Security Center because it was for projects on Azure.

How was the initial setup?

The initial setup is somewhat straightforward and of medium complexity. Especially when it comes to integrating subscriptions, I would not say that it's complex. At the same time, it is not as simple as just pressing the Next button several times. There are knowledge prerequisites before you can set it up fully and properly.

Setting this solution up was an ongoing project where we kept integrating subscription after subscription. If you know what you're doing, in a couple of days, or even a few minutes, you can get going.

If you need to build the knowledge as you go, it's something you could do in one day. You would integrate one subscription, and then start getting feedback. It's plug and play, in that sense.

What was our ROI?

The company has seen great returns on investment with this solution. In terms of security, you want to match the spending with how effective it is. Top management generally wants more reports. They want statistics and an analysis of what is happening. For example, reports need to say "We had this number of attempts on our systems."

As additional functionality, it's also able to support the business in terms of knowing and reporting the relevant statistics.

What's my experience with pricing, setup cost, and licensing?

This solution is more cost-effective than some competing products. My understanding is that it is based on the number of integrations that you have, so if you have fewer subscriptions then you pay less for the service.

Which other solutions did I evaluate?

We did not evaluate anything else before choosing this product.

For example, we are now considering different products for SEIM integration. One of them is Palo Alto Prisma Cloud. However, the price is too expensive when compared to Azure. It is also a multi-cloud product, although, in the beginning, it didn't support AWS and GCP. It now has support for those cloud providers, as well as additional features that Azure doesn't have.

What other advice do I have?

My advice for anybody who is implementing this product is to start building knowledge about it. Go to the Microsoft documentation and learn about it. As much as they show all of its great functionalities, you really need knowledge of other supporting resources that work with Azure Security Center, because it is just like a hub. It's what you push into it and how you customize it that determines what you get.

This means that if you don't have knowledge of Firewall Manager and you just want to use Security Center, it becomes a problem for you. This is something that you need to know. So, I advise people to get a holistic knowledge of all of the supporting resources that work with Azure Security Center to be able to maximize its value.

If you are looking to build on Azure then I would recommend the Security Center, mainly because of the cost and you will immediately get all of the functionality that you need.

The biggest lesson that I learned from using this product is that you don't get the best value right out of the box. You need further customization and configuration. The capabilities are there but if you don't have a dedicated security team with good technical know-how, such as scripting skills, or being able to work with the Logic App, or maybe the basic functionalities of security, then when you want more in-depth details into your subscriptions, it will become a problem.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Massimo Strazzeri
Cloud Architect at a legal firm with 5,001-10,000 employees
Real User
Top 20
Insightful recommendations and alerting, reports a security score metric, and the support is good

Pros and Cons

  • "Using Security Center, you have a full view, at any given time, of what's deployed, and that is something that is very useful."
  • "Consistency is the area where the most improvement is needed. For example, there are some areas where the UI is not uniform across the board."

What is our primary use case?

Security is at the forefront of everything that we have been doing, fundamentally. Both in my previous organization and the current one, Azure Security Center has given us a great overview of the current state of security, through the recommendations given by Microsoft. There are potential situations where risk exists because you're not compliant with a specific recommendation, or to specific regulatory compliance. Such guidance is critical for us.

We implement a wide range of solutions in our environment. We have solutions that are purely SaaS. We have some things that are just purely IaaS, and, of course, we have PaaS for services as well. So, we really have a wide range of deployments on all services as a service.

How has it helped my organization?

Overall, Azure Security Center has greatly improved our company's security posture. At a very quick glance, you can see where you are the most vulnerable. I'm greatly oversimplifying what the tool does, but at the very minimum, at a quick glance, even if you are not an expert, or even if you have just started using it, this tool will give you a basic idea of where the biggest problems are.

Security Center has not affected our end-user experience in a negative way. To my thinking, security is something that if your users don't experience it then it's great because there are no problems. Since I have been in this company, there have not been any security incidents. The only experience that the end-users have is the fact that there have not been any disruptions due to security issues. We have been monitoring what has been going on.

What is most valuable?

The most valuable feature is the recommendations. Azure Security Center is a product that can be useful in various grades and stages, depending on the state of maturity of both your application and your organization.

The alerts are also valuable, and they go hand-in-hand with the recommendations.

With respect to our security posture, there are at least two features that have been very useful. The first of these is the inventory section, where you can quickly see everything that you have. Especially in a larger organization where there have been mergers and acquisitions, it can be difficult to readily see everything that has been deployed. Using Security Center, you have a full view, at any given time, of what's deployed, and that is something that is very useful.

The security score has been very useful. This is another numeric metering system that basically tells you how well you have been doing.

What needs improvement?

Consistency is the area where the most improvement is needed. For example, there are some areas where the UI is not uniform across the board. You can create exemptions, but not everywhere are the exemptions the same. In some areas, we can do quick fixes, but that is not true across the board. So in general, consistency is the number one item that needs attention.

For how long have I used the solution?

We have been using Azure Security Center for approximately three years.

What do I think about the stability of the solution?

With respect to stability, so far I have not encountered any specific issues with the way it behaves. I cannot say that it has performed badly in any way.

What do I think about the scalability of the solution?

It's a really scalable product, fundamentally, the way Microsoft designed it. I don't think that scalability is an issue at all.

We have implemented this solution in environments that differ quite significantly in terms of scope and in range but, given the way that it works, within 24 hours it discovers everything in the environment, no matter what it is. 

How are customer service and technical support?

We only used technical support once, and it was for an item that was behaving in a strange way. It ended up being a known issue, and they said that they were going to fix it. Overall, it was a very good interaction.

Which solution did I use previously and why did I switch?

In both companies where I have used this solution, there was no other cloud-based tool that was handling security. It was done using traditional security products that basically examined the logs and raised alerts.

We switched because it gives us an expansive view of everything which is deployed. It is really unparalleled by anything else that you could potentially use. The moment you turn it on for a subscription, it will identify, almost immediately, every component that you have. From there, it will also identify what is at risk in that component.

How was the initial setup?

The initial setup was pretty straightforward, although I came to this product from a network and security background. When I started working with a Security Center, it was not like a tool that I had never seen before.

Fundamentally, it takes 24 hours before you start to see everything accurately. From the moment you turn Security Center on for your subscription, within the 24-hour range, you have a full view of what's going on.

Our implementation strategy includes turning it on for every subscription that we have. Security is critical for us, so the cost, in this case, was not a factor. The benefit was definitely outpacing any potential financial cost. Once we turn the feature on for a subscription, we look at every recommendation that we see in the list. In cases where it is not compliant with our security policy, we fix the issue and have been doing that ever since we started using it.

What about the implementation team?

My in-house team was responsible for the deployment, and this was true for both organizations where I have used it.

On average, three people can deploy it. There should be an architect and principal engineers.

What's my experience with pricing, setup cost, and licensing?

Although I am outside of the discussion on budget and costing, I can say that the importance of security provided by this solution is of such importance that whatever the cost is, it is not a factor.

Microsoft does a good job with respect to the pricing model, so anything comparable will cost almost the same. I don't think that there is really an alternative.

Which other solutions did I evaluate?

We are perfectly satisfied with what this product gives us. So, there's really no reason to even look at anything else.

What other advice do I have?

The first piece of advice that I would give somebody who's going to try to use Security Center is to try to understand their environment as much as possible, and then try to match their environment with the recommendation section of the tool and start remediating from there.

There are going to be recommendations in Security Center that will make sense if the team looking at the security infrastructure understands what is going on. If the team does not have a full understanding then it will be very difficult to know what to do, or how to remedy it.

The fact that I had to deal with many components, of which I don't know very much about, has been really great because it forced me to learn about their security. Typically, I don't have to deal with that. My learning has definitely increased, and of course, that's always good.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Alanjee Tanveer Ahmed
SOC Manager at a tech services company with 10,001+ employees
Real User
Top 5
Its incident alerts have reduced our manual work for a lot of things

Pros and Cons

  • "One important security feature is the incident alerts. Now, with all these cyberattacks, there are a lot of incident alerts that get triggered. It is very difficult to keep monitoring everything automatically, instead our organization is utilizing the automated use case that we get from Microsoft. That has helped bring down the manual work for a lot of things."
  • "Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time."

What is our primary use case?

I work as a SOC manager. We use it for incident security, incident monitoring, threat analysis, and looking at remediation or suppression.

What is most valuable?

Most use cases that come from Microsoft are all automated. Even before any manual effort, the tool is designed in such a way that it just does the threat analysis. It gives us exactly what the incident alert is all about: 

  • The priority
  • The threat 
  • The impact
  • The risk
  • How it can be mitigated. 

Those are the key features of this particular tool.

The solution has features that have definitely helped improve our security posture.

One important security feature is the incident alerts. Now, with all these cyberattacks, there are a lot of incident alerts that get triggered. It is very difficult to keep monitoring everything automatically, instead our organization is utilizing the automated use case that we get from Microsoft. That has helped bring down the manual work for a lot of things. The automation tool does the following (when human interaction is needed): 

  • Identifies what kind of an alert is it. 
  • Whether we have to dismiss it. 
  • When we need to take any action so the team can do it appropriately. 

This is one of its key benefits.

It is easy to use based on my experience. If a newcomer comes in, it is just a matter of time to just learn it because it is not that difficult.

What needs improvement?

Most of the time, we are looking for more automation, e.g., looking to ensure that the real-time risk, threat, and impact are being identified by Microsoft. With the Signature Edition, there is an awareness of the real risks and threats. However, there are a lot of things where we need to go back to Microsoft, and say, "Are you noticing these kinds of alerts as well? Do we have any kind of solution for this?" This is where I find that Microsoft could be more proactive.

For how long have I used the solution?

I have been using it for more than nine years.

What do I think about the stability of the solution?

We have not had issues with tool usage or any hiccups.

There are certain glitches, which are areas of improvement, thus we continuously keep working with Microsoft. Microsoft does acknowledge this, because it's a learning experience for Microsoft as well. They always expect feedback and improvements on their tools, as it is a collaboration effort between Microsoft and the client.

What do I think about the scalability of the solution?

I work for an organization with more than 50,000 users. Under security alone, we have 5,000-plus users. On my team, we have around 400 people who are looking at it.

There are different roles in the company: project management, security operations (the red and blue teams), and pen testing. I lead a security operations center team, where we have L1, L2, L3, and L4 capabilities. All these come under the same umbrella of the security operations center, and they are all rolled up to the Chief Information Security Officer as part of security. 

How are customer service and technical support?

An ongoing improvement for both Microsoft as well as for my organization: We need to work together. Sometimes, the solution doesn't work so we reach out to Microsoft Enterprise support for any help or assistance. If there is any feedback or improvement, then we work together, but they definitely have helped most of the time.

There are certain gray areas. We constantly work with Microsoft to notice whether there is something that only we, as a client, face. Or, if there are other clients who have the same kind of situation, issues, or scenarios where they need help. 

I would rate Azure Security Center anywhere between five to six out of 10. Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time.

Which solution did I use previously and why did I switch?

We use Microsoft Defender and Splunk. We primarily went with Azure Security Center because of client requirements.

How was the initial setup?

The initial setup is pretty easy and straightforward. 

To deploy just Azure Security Center, it took three to four hours. However, there are a lot of things that it depends on.

Different clients have different requirements. If the client says, "We are using Azure Security Center. We want to use Microsoft technology or products." We will go with that. There are clients who are using Cisco products as well. 

What about the implementation team?

The solution architect usually designs it, taking into consideration the initial setup guide, playbook, and documentation. 

We don't use consultants for the deployment.

What's my experience with pricing, setup cost, and licensing?

It has global licensing. It comes with multiple licenses since there are around 50,000 people (in our organization) who look at it.

What other advice do I have?

For organizations who have an on-prem environment and are planning to move to a cloud-based solution, Azure Security Center is definitely one of the best tools that they can use. Year-over-year, I can see a lot of differences and improvements that Microsoft has definitely implemented, in terms of risk analysis, threat impact, and risk impact.

Most of the time, for any action that is performed within an organization or environment, if there is a risk or threat analysis, it is the security operation center who gets to know about it. The end user doesn't get affected at any cost unless there is a ransomware or cyberattack.

I wouldn't say that this is the only tool or product that has helped us out. There are a lot of technologies that Microsoft has come up with, which all together have made a difference. From a score of one to 10 for overall security, I would rate Azure Security Center somewhere between a seven to eight. This is not the only tool that my team depends on. There are other tools, but in terms of threat analysis and threat impact, this particular tool has definitely helped us.

We use a lot of Microsoft technologies, not only Azure Security Center. Apart from Azure Security Center, we use the playbook. We are also moving forward with Azure IoT Central and Log Analytics, which is a SIEM tool. So, I have Azure Security Center, Azure Advanced Threat Protection, Windows Defender, Log Analytics, and Azure IoT Central. 

Using Azure Security Center, there are a lot of things that get automated. So, I am not dependent completely on Azure Security Center. It is a collaboration of different tools and technologies to achieve the end result. That is why I am saying seven to eight out of 10, because I am not dependent on a particular tool. It is also one of the tools that is definitely helpful for checking risk analysis, but there are other tools as well.

I would rate Azure Security Center as seven to eight of 10. If you talk about Microsoft products, I would rate it anywhere between eight to nine out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Abhishek Pancholi
Senior Consultant at a recruiting/HR firm with 51-200 employees
Real User
Top 20
Responsive support, good visibility of security status, and it is easy to set up

Pros and Cons

  • "When we started out, our secure score was pretty low. We adopted some of the recommendations that Security Center set out and we were able to make good progress on improving it. It had been in the low thirties and is now in the upper eighties."
  • "We would like to have better transparency as to how the security score is calculated because as it is now, it is difficult to understand."

What is our primary use case?

We use Azure Security Center in our own company, and we have also deployed it for one of our clients. Our biggest use case is the enforcement of regulatory compliance on our cloud.

How has it helped my organization?

Security Center has helped us really well in terms of regulatory compliance enforcement on our cloud. We were able to deploy the inbuilt policies, and we were also able to build our own initiatives and policies. There were certain things that we wanted to check to see if our VMs were compliant. We also wanted to ensure that our storage and databases are compliant, and Security Center helped us in doing that.

This product has features that have helped us improve our security posture because we have a large estate of servers or VMs in Azure, and with Security Center, we were able to find out that a lot of our VMs were not compliant. This would have caused us a lot of trouble if there was an audit in the near future. The issues that it flagged for us gave us the opportunity to fix the problems, which was really helpful. Essentially, it was a preventative measure that allowed us to identify and rectify issues before they got out of hand.

One way that this solution has helped to improve our organization is that we have a better view of the entire security status, including how compliant our systems are and whether there are any open issues that need our attention. There are also reports that we generate periodically, so everyone is aware of the overall status of the environment.

When we started out, our secure score was pretty low. We adopted some of the recommendations that Security Center set out and we were able to make good progress on improving it. It had been in the low thirties and is now in the upper eighties.

Our overall security posture has been enhanced. A lot of the time, our cloud is accessed by people in the organization and they keep spinning up virtual machines, creating resources. Often, there are ports that open or there are certain security issues that are not handled. Because there are so many people and so many new resources coming up, it is difficult to track all of them. With the help from Security Center, we are able to see exactly what has come up.

If there are new issues that arise, which could happen if someone has not followed the proper protocol before bringing up a VM or another network resource, we can see this because we have a better local view of exactly what is there in the environment. So in that regard, we can say that it has helped us improve our security posture.

Using this product does not affect the end-user in any major way. Its usage is mostly relevant to the backend, and of interest to administrators.

What is most valuable?

The most valuable features are regulatory compliance and security alerts. The security score is very helpful, as well. Together, these let us know the state of each subscription and whether there are any actions that we need to take. This functionality is pretty helpful in audits.

What needs improvement?

We would like to have better transparency as to how the security score is calculated because as it is now, it is difficult to understand. We showed it to a couple of our clients, and they had trouble understanding it and an explanation or breakdown is not readily available. The score includes different weightage for certain controls. For example, if there is a "Control A" and it has a weight of 10 then it would affect the score more than "Control B", which has a weight of five. Being able to see the weights that are assigned to each control would be an improvement.

For how long have I used the solution?

We have been using Azure Security Center for between eight and nine months.

What do I think about the stability of the solution?

This is a pretty stable solution and we haven't run into any issues as of yet.

What do I think about the scalability of the solution?

I don't think there should be problems with scalability. It supports more than a hundred subscriptions, with multiple thousands of resources. I expect that we will be fine in that regard.

There are between 10 to 15 users that are currently using the security center. We have only two to three administrators and the rest of them have a highly localized role. Some of them are working on the policies, whereas others take care of compliance issues. They try to remedy issues and also try to improve our security score.

Our client has data centers that are divided into various regions and various business units. They are onboarding new business owners every couple of months, so it is in the process of expansion. They want all of their business units to be onboarded.

How are customer service and technical support?

I have not had the chance to speak with technical support from Microsoft but from what I have heard from my colleagues, they are pretty responsive and give you good information with respect to fixing issues.

Which solution did I use previously and why did I switch?

We had another tool, Morpheus, which was a multi-cloud manager. We did some work on it but because it wasn't native to Azure, we didn't go any further with it.

How was the initial setup?

The initial setup is pretty straightforward. We just had to enable it for our subscriptions.

Deployment does not take a long time. The maximum is 24 hours if you have a lot of subscriptions but otherwise, it's pretty quick.

We have several subscriptions so we initially started by deploying some for testing. When we were sure that we knew how to go about it, we deployed the remaining ones.

What about the implementation team?

We completed the deployment in-house and two people were required.

There are two other people in charge of maintenance.

What's my experience with pricing, setup cost, and licensing?

The cost of the license is based on the subscriptions that you have.

Which other solutions did I evaluate?

As we were on Azure, we didn't look to other vendors for similar solutions.

What other advice do I have?

We use between 80% and 90% of the functionality within the solution. We don't use workbooks as of now but otherwise, we use pretty much everything.

There are a few options that are included but not enabled out of the box. One example of this is Azure Defender.

Maintenance-wise, one thing that we do is keep up to date on policies and compliance. Microsoft provides a lot of out-of-the-box compliance initiatives, and sometimes they can go out of date and are replaced. We have to make sure that the new ones are correctly enabled and that the older ones are no longer active. Essentially, we want to disregard the old policies and ensure that the new ones are enforced.

The biggest lesson that I have learned is to keep an eye on your resource usage in Azure, because if it's a large environment with a lot of users then you might not know who opens the door to the outside. Using Security Center lets you keep track of what's going on in your environment.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partnership
Flag as inappropriate
JJ
Cyber Security Consultant at a tech services company with 10,001+ employees
Consultant
Top 20
Gives us correlated alerts and helps us in monitoring the complete infrastructure

Pros and Cons

  • "The security alerts and correlated alerts are most valuable. It correlates the logs and gives us correlated alerts, which can be fed into any security information and event management (SIEM) tool. It is an analyzed correlation tool for monitoring security. It gives us alerts when there is any kind of unauthorized access, or when there is any malfunctioning in multifactor authentication (MFA). If our Azure is connected with Azure Security Center, we get to know what types of authentication are happening in our infra."
  • "Agent features need to be improved. They support agents through Azure Arc or Workbench. Sometimes, we are not able to get correct signals from the machines on which we have installed these agents. We are not able to see how many are currently reporting to Azure Security Center, and how many are currently not reporting. For example, we have 1,000 machines, and we have enrolled 1,000 OMS agents on these machines to collect the log. When I look at the status, even though at some places, it shows that it is connected, but when I actually go and check, I'm not getting any alerts from those. There are some discrepancies on the agent, and the agent features are not up to the mark."

What is our primary use case?

I am working in a security domain where Azure Security Center is playing a key role. We are primarily using Azure Security Center to secure our infrastructure. We are also able to use Azure Security Center for many other purposes.

In terms of deployment, we have a hybrid cloud. It is a combination of both on-prem and cloud. Azure Security Center is deployed on-prem, and then there are OMS agents that are provided by Microsoft that can be installed at any location, such as on-prem or on the cloud. These agents collect Windows and Linux logs from the machines on various clouds for Azure Security Center, which is something interesting for me.

How has it helped my organization?

It has improved our security posture a lot. The Azure Security Center provides a score that shows where is your organization at the moment in terms of security. After some time, you can see how much you have improved and where you can improve your score. We are getting this kind of advice from Azure Security Center.

It has definitely affected our end-user experience. With the help of this tool, we can investigate more security incidents in a very good manner. It has also enriched my career and improved me as a professional in terms of understanding various features and security incidents. 

Before implementing Azure Security Center, we had so many issues with our infrastructure in terms of security monitoring. With the implementation of Azure Security Center, we have resolved many issues. One of the issues that we have resolved is that we are now able to do security monitoring of the complete infrastructure. It not only supports cloud security monitoring; it also supports on-prem security monitoring. It has an OMS agent that can be installed on on-prem Windows servers, Linux, or other platforms for collecting logs. These agents can also be used on other cloud platforms, such as AWS, GCP, or Google Cloud. 

What is most valuable?

The security alerts and correlated alerts are most valuable. It correlates the logs and gives us correlated alerts, which can be fed into any security information and event management (SIEM) tool. It is an analyzed correlation tool for monitoring security. It gives us alerts when there is any kind of unauthorized access, or when there is any malfunctioning in multifactor authentication (MFA). If our Azure is connected with Azure Security Center, we get to know what types of authentication are happening in our infra. 

It has so many security monitoring features, such as compromised accounts. For example, if I'm working for abc.com company, and I'm using the same company email address for registering to another hotel or some other place where it gets hacked or something goes wrong, they will alert us. If my credentials are dumped somewhere on the dark web, they trigger an alert stating that you should go and reset your credentials. There are many more interesting alerts, and such features are pretty awesome in terms of security monitoring. In terms of security, it gives a very good overview of our estate. It also has many features from the cloud administration side.

What needs improvement?

Agent features need to be improved. They support agents through Azure Arc or Workbench. Sometimes, we are not able to get correct signals from the machines on which we have installed these agents. We are not able to see how many are currently reporting to Azure Security Center, and how many are currently not reporting. For example, we have 1,000 machines, and we have enrolled 1,000 OMS agents on these machines to collect the log. When I look at the status, even though at some places, it shows that it is connected, but when I actually go and check, I'm not getting any alerts from those. There are some discrepancies on the agent, and the agent features are not up to the mark.

Sometimes, we are getting backdated logs, and there could be more correlation.

What do I think about the stability of the solution?

So far, its stability is good. I don't see any issues with the stability part.

What do I think about the scalability of the solution?

In terms of new features, we are able to scale up to our requirements. New features get added immediately. So far, I don't see any issues in our environment.

Our company is an MNC, and there are around 180,000 endpoints that we are protecting or monitoring with this solution. Currently, its adoption is around 70%. We cannot achieve 100% coverage because of some of the legacy products. There are legacy servers, and then there are some people who are working in customer environments where they are not utilizing our laptops. We still need to cover 20% more.

How are customer service and technical support?

Their support during the implementation was awesome. They provided very good support. After the implementation, they scheduled weekly calls to check with us if everything is going well. They helped us with troubleshooting and more understanding. If there are any product improvements, they have been announcing them over the course.

How was the initial setup?

I was not involved in its implementation, but it was a pretty straightforward process. 

There is a separate cloud team for implementation. We just review whatever they have implemented from the security perspective. We review whether they have implemented it correctly or whether we are getting correct alerts. 

What about the implementation team?

Our admin team had one week of training, and they implemented it with the help of Microsoft. Our environment is a bit complex, but we did it.

What was our ROI?

We have absolutely got a return on the investment. Our company is a managed security service provider (MSSP). When we get more projects, we mention the products that we are currently using to secure our environment. We also do a proof of concept (PoC) or a demo about how we installed such products in our environment and how secure we are. There are so many security scoring systems, and they give the score. Our score is on the highest side, which is useful for providing a security service to our client or customer. We have implemented Azure Security Center at many places for our customers.

What's my experience with pricing, setup cost, and licensing?

I am not involved in this area. However, I believe its price is okay because even small customers are using Azure Security Center. I don't think it is very expensive.

What other advice do I have?

For cloud security posture, Azure Security Center is a good product. It is different from a Security Information and Event Management (SIEM) tool. We are also using a SIEM tool. Microsoft has a SIEM tool called Sentinel, and there are many SIEM tools out there in the market such as Splunk, QRadar, and ArcSight. Azure Security Center is not a replacement for Sentinel. It gives the complete posture of your cloud. It was started with the purpose of finding any anomalies and malfunctioning for Azure AD, which is related to login and logout of employees, but then they elaborated it a bit more.

I would rate Azure Security Center a nine out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Buyer's Guide
Download our free Microsoft Defender for Cloud Report and get advice and tips from experienced pros sharing their opinions.