Microsoft Defender for Cloud Reviews

We use Microsoft Defender for Cloud to manage our cloud security posture. We also use Container Protection, which provides additional security for our containerized workloads. This gives us the visibility we need to ensure that our cloud resources are secure.

We use Microsoft Defender for Cloud to natively support Azure Cloud.

Microsoft Defender for Cloud's ability to protect our hybrid environments is definitely critical because we are on the journey of transitioning from hybrid to the cloud. In order to do that, we need a platform that can help us through the transition.

The solution's unified portal is essential for managing and providing visibility across our hybrid and multi-cloud environments. Visibility is something that every security operation needs and it gives us leverage to improve our security posture. This is great.

The single pane of glass view is critical for our organization. This is because we previously used a different platform, so we are all familiar with its features and how to improve upon them. Our heavy investment in Microsoft products made Defender for Cloud a natural choice.

Our goal is to increase our secure score. As we take steps to mitigate risk, our secure score will increase, giving us the feeling that our cloud resources are secure.

Microsoft Defender for Cloud significantly improves security operations. Instead of having to look at multiple windows or portals, it provides a single pane of glass for the investigation and remediation of cloud resource risks.

Microsoft Defender for Cloud helps us proactively discover unknown threats and defend against known threats. It also helps us improve our security posture and defend our cloud resources. We do not normally have external Internet-facing resources, but when we do, Microsoft Defender for Cloud helps us meet compliance requirements.

DSPM is the most valuable feature. It integrates with standard frameworks, so we can easily see if there are any gaps in our compliance with NIST standards. This allows us to identify areas for improvement and ensure that we are meeting all applicable requirements.

I would like to have the ability to customize executive reporting.

I have been using Microsoft Defender for Cloud for five months.

In the short time we have been using Microsoft Defender for Cloud it has been stable.

Microsoft Defender for Cloud is scalable, and we have not yet needed to scale it up.

We previously used Prisma Cloud, but we switched to Microsoft Defender for Cloud due to internal business decisions. We have since merged with a company that also uses Microsoft Defender for Cloud. We want to leverage the licenses from the merged company and also cut costs in our security portfolio.

The implementation was completed in-house. The solution's maintenance is easy.

I give Microsoft Defender for Cloud an eight out of ten. We have not used all the modules yet.

The time to detection has remained relatively the same.

Our time to respond has remained the same because we previously used Prisma Cloud. Prisma Cloud is what we were using before, so we already have an established service level for handling incidents. We are remediating some of the configuration and cloud issues.

The primary users of the solution in our organization are the automation team and the software engineering team. We have also migrated some of our ERP systems to the solution.

I recommend Microsoft Defender for Cloud because it is a mature product that can meet most businesses' security requirements and budgets.

I use it for managing our customers' server vulnerability assessments for regular and SQL servers. I also use it to get a security score for the resources of our customers that are on Azure, as well as security posture management. 

We also have regulatory benchmarks to audit our customers' resources that are on Azure to check whether they're meeting regulatory standards like ISO 27000.

It has enabled our organization to have an organized approach to, and quick visibility, or a bird's-eye view, of the current security portion. The way the portal organizes things has allowed us to focus on the specific vulnerabilities and security gaps that have to be fixed quickly. It gives us flexibility on what we should be checking on.

Defender for Cloud has helped us reduce or close some of the key security gaps of our main assets on the cloud. It has also helped us comply with some of the regulatory compliance standards, like CIS and ISO 27000 because of its main features. And it has also helped us in terms of threat detection and vulnerability management.

Another benefit is that it has really helped detect some of the Zero-day-model threats. We've also been able to utilize the automation features to investigate and remediate some of the threats that have been discovered. It has improved the time it takes to remediate threats, mainly because of automation. The logic apps that we've been able to set in either Sentinel or Defender for Cloud are the main components that have really improved that efficiency, and the time needed for remediating threats.

The time to respond is near real time, if the logic apps are in use, because it's just a matter of putting the playbooks into action. This is something that we've tested and found is quite effective for remediation.

The solution has also saved us money over going with a standalone solution where you purchase licenses for servers for a whole year. Now, we pay only for the servers in use. With the subscription-based model for servers, you're only paying per hour and only when the server is being utilized.

The main feature is the security posture assessment through the security score. I find that to be very helpful because it gives us guidance on what needs to be secured and recommendations on how to secure the workloads that have been onboarded.

Another component, although I can't say it's specific to Defender for Cloud, is that the onboarding process is easy. I find that helpful compared with the competitors' solutions. Onboarding the resources into Defender for Cloud is quite easy.

Also, we have integrated Microsoft 365 and Microsoft Defender for Cloud with Microsoft Sentinel and the integration is actually just a click of a button. It's very easy. You just click to connect the data sources and Microsoft Sentinel. Having them work together is an advantage. I like the fact that the main threat notification console has moved to Security Center so that we don't have to go into each of these solutions. It's beneficial having the three solutions working together in terms of the investigations that we have been doing with them.

The threat intelligence is quite good at detecting multi-level threats. If, for example, you integrate Defender for Endpoint and 365 and Defender for Identity, the threat intelligence is able to grab these two signals and provide good insights into, and a good, positive view of the threats.

The solution's portal is very easy to use, but there's one key component that is missing when it comes to managing policies. For example, if I've onboarded my server and I need to specify antivirus policies, there's no option to do that on the portal. I will have to go to Intune to deploy them. That is one main aspect that is missing and it's worrisome.

Defender for Cloud, as a solution, allows you to manage and protect servers from vulnerabilities without using Defender for Servers. I find it a bit weird, if you are to manage the antivirus for servers on the portal, that you can't deploy the antivirus policies on the same portal. For instance, if you want to exclude a particular folder from an antivirus scan or if you want to disable the antivirus from the portal, you'll not ideally do it on the portal. That's a huge part that is currently missing.

Also, some thought has to be put into the issue of false positives. We've been seeing false positives that are related to Sentinel through the integration. We have been giving them this feedback, but I don't know if that is something that Microsoft is working on.

The time for detection is one of the things that we were also supposed to raise with the Microsoft team. There is a slight delay in terms of detection. That "immediate" factor isn't there. There's a need to improve the time to detection. When malware has been detected by Defender for Endpoint, we find that it takes approximately one to two minutes before the signal reaches Defender for Cloud. If that could be reduced to near-real-time, that would be helpful. That's one of the key areas that should be improved because we've done some simulations on that.

I have been using Microsoft Defender for Cloud for three years.

It's quite stable. In my experience, there have been no issues with the stability.

Because we have Premium Support, the support is quite okay. We are able to get answers to most of the queries that we raise.

Positive

The initial setup is quite easy, especially if it's for non-servers. It's just a matter of enabling and disabling servers, using the Azure app.

And the solution doesn't require any maintenance on our side.

There are improvements that have to be made to the licensing. Currently, for servers, it has to be done by grouping the servers on a single subscription and that means that each server is subject to the same planning. We don't have an option whereby, if all those resources are in one subscription, we can have each of the individual servers subject to different planning.

There's no option for specifying that "Server A should be in Plan 1 and server B should be in Plan 2," because the servers are in the same subscription. That's something that can be fixed. 

Also, there needs to be a clear description by Microsoft for those customers who have Defender for Endpoint for Servers and Defender for Servers because now they don't know which subscription they should purchase.

I've used many solutions, but Defender for Cloud is in its own class. You can't compare it with third-party solutions because those solutions either have a third-party antivirus or they're not integrated in the same way as Defender for Cloud is. Because Defender for Cloud integrates multiple solutions within it, like Defender for Endpoint, other workloads, and the firewall manager, it stands on its own as a single solution that contains all these solutions. 

We use Microsoft Defender for Cloud as one of the sources for our Azure environment. We have a managed detection response solution, and we add data sources to it, like SOC, SIEM, and SOAR solutions. We also want to have data in our Azure cloud environment.

We deploy this solution in multiple regions like Europe and Oceania.

We have multiple solutions like our data analytics platform and our system development platform. Our web shops use it. Almost everything is in the cloud.

We have approximately 2,000 end users.

The solution is deployed on the Microsoft Azure cloud.

The solution helps our teams to be more aware of security and protects our environment.

Most importantly, it's an integrated solution. We also use Defender for Endpoint. For Office 365, we use Defender for Identity. 

We have integrated some of these products into our MDR solution. It's not a Microsoft Sentinel SOC, but we have a SOC/SIEM from a third party.

It's really easy to integrate because it's just an interface, a Microsoft Graph security API. We can collect all the data and forward it to our solution.

This solution is for detection and response, so it helps us prepare for potential threats. We have special teams for threat hunting the data.

We use this solution for extra security in our environment. We secured our Azure cloud environment with firewalls and application gateways, but we also want to have trust in our resource groups. That's an extra line of defense for our security.

We don't use the interface a lot because we use it as a data source for our MDR solution. The MDR solution is our main interface.

These solutions work natively together because we don't just use Microsoft products as a data source. We use all kinds of security products as data sources, like our firewalls, gateways, and event collections from Windows and Unix.

Threat protection is comprehensive and simple. We have an enterprise agreement with Microsoft itself, but we also have CSP contracts with several parties, so we can easily get the licenses we need. It's very easy to install.

Sometimes it's very difficult to determine when I need Microsoft Defender for Cloud for a special resource group or a special kind of product.

In Defender for Endpoint, the software is capable of acting immediately if something occurs. If an attacker wants to encrypt the disc, for instance, we're able to react immediately. I don't know if Defender for Cloud has the same capabilities.

I have used this solution for about a year and a half.

At the moment, I think it's a very stable solution. We haven't had any problems with it.

It's scalable.

From Microsoft's perspective, it's fine. We don't have any issues at the moment.

I would rate technical support an eight out of ten. 

The initial setup is straightforward. It took 10 seconds.

We have a Cloud Security Provider, so I don't know how much time they spent on deployment.

The solution hasn't required any maintenance yet. We are trying to innovate each solution. It's an ongoing business process to innovate.

We haven't seen ROI yet, but we plan to. The first sign is safety first. Safety will cost money, so it shouldn't be too much.

Pricing is difficult because each license has its own metrics and cost.

We evaluated other options. We have a lot of other products like McAfee, but we are changing everything to Microsoft Defender.

We decided to switch because we want to have an overall standard that's enterprise-wide so that everything is easier to manage and the data it delivers is all the same. We wanted to have one view of everything.

I would rate this solution an eight out of ten because we don't use all of the capabilities yet. At the moment, we still only use the data sources. I'm happy with it so far.

Instead of a single vendor security suite, I like having at least two so that they can challenge each other.

Microsoft Defender helps us prioritize threats across our enterprise, but we only prioritize our high-risk resources with Defender products.

It's difficult to say if the solution saved us time because we use it for our Azure cloud environment, so we're working in the cloud.

At the moment, we're not saving money. The solution costs our company money. It's like having insurance: It doesn't save costs, but it might save us costs if something happens. It's about risk.

It hasn't decreased our time to detect and respond yet, but it should be because we have our data source on Endpoint and in the cloud. It's an integrated solution. When we find something anywhere, we can act everywhere. We have more possibilities.

My client, a construction company, needed to replace their antivirus solution, including their Azure and on-prem services. They decided they wanted to use Defender for Cloud, so I started to implement it for them. The license for their antivirus software was about to expire, and they didn't want to spend much money. They opted for Defender for Cloud to replace Symantec. System Center (endpoint protection), Security Center and Advanced Threat Protection were all consolidated into one product called  Defender for Cloud. 

The company I worked for was divided into several teams. We had an Azure Infrastructure team and workplace teams providing local on-premise services. The client was the biggest construction company in the country, with multiple locations. 

The strong point of Defender, especially when using Azure Arc to bring in on-premises systems, is that it doesn't matter where these systems are. They're just resources in the portal. If you see them and can install agents on them, it's fine. It doesn't matter how it's distributed or where the locations are. 

I believe that Microsoft Defender for Cloud raised our client's Microsoft Security Score to around 79 percent. That includes other security components. It's not just antivirus. There are all sorts of things that contribute to the score, for instance, the use of public IP addresses on VMs.

Our clients also saw some financial benefits because they didn't need to renew the Symantec license, but the biggest benefit was the ability to install Defender on Azure and on-premises machines from a single point.

Defender lets you orchestrate the roll-out from a single pane. Using the Azure portal, you can roll it out over all the servers covered by the entire subscription. Having that unified portal was nice, but it was a challenge. We first implemented Azure Arc, which allowed us to incorporate our on-prem machines like they were actual Azure resources. The single-pane-of-glass management is highly practical. We are accustomed to managing systems across different portals or interfaces, so it's convenient to do it from one place. That's a bonus, although it's in no small part thanks to Azure Arc. Defender then takes all the services it finds in Azure Arc and it rolls them out seamlessly as long as they ause Server 2016 version or above.

It's a severe issue when you need to install Defender for Cloud on Microsoft operating systems older than 2016. Operating systems released after 2016 will seamlessly integrate with Defender with no problems. Older operating systems don't integrate smoothly. The 2012 operating systems will continue to be used for years. The 2008 systems will be phased out, so that won't be a problem for long, but you need some quick fixes to install on a 2012 OS.

The older the operating system, the more difficult it is to detect if the solution is working. That was a significant problem. It works fine on a newer OS. On the older ones, we had to do some tricks to determine if it was correctly deployed and working since the integration of Defender in the older OS is a lot less. Microsoft couldn't help us with that.

Another thing is that Defender for Cloud uses more resources than for instance, CrowdStrike, which my current company uses. Defender for Cloud has two or three processes running simultaneously that consume memory and processor time. I had the chance to compare that with CrowdStrike a few days ago, which was significantly less. It would be nice if Defender were a little lighter. It's a relatively large installation that consumes more resources than competitors do.

I have been implementing Microsoft Defender for a large construction company. We started the contract about three or four months ago. I was only responsible for the installation. We aren't the team that monitors or maintains the solution. That was not my task. We were just responsible for installing it and ensuring it worked on every machine.

Defender is relatively stable as far as I can tell. It works great except for the issues with older operating systems. In some cases, you may need to come up with a workaround. 

The solution is scalable if you activate the Defender plan for all servers and containers. When you deploy new ones, it automatically picks them up and installs the components. It's perfectly scalable in that sense.

I rate Microsoft support five out of ten. You can open up a support ticket and get into Microsoft's general support chain. You need to explain the issue, and they'll get back to you. Nine times out of ten, you will get someone new and need to explain the situation again. That doesn't help much. In the end, we had to fix it all ourselves.

We had a contact at Microsoft Amsterdam who was helpful. He was more of a sales contact. He told us the best approach and turned out to be correct.

Neutral

It wasn't my decision to go with Defender for Cloud.  That doesn't mean that I would've chosen anything else per se, but those decisions are made on the managerial level. 

Installing Defender was straightforward as long as you're dealing with a more current operating system. On a post-2016 operating system, it's only a few mouse clicks. That's the beauty of the cloud. It arranges everything for you. The on-premise solution usually works the same. It's seamless. You activate the plan, select for which resource types you want to enable Defender, (including on-prem machines using Azure Arc) then hit "go." All that changes on older operating systems.

We had to create a design, test it, and get approval from management. We first tried it on a 2019 operating system, which was a piece of cake, but we faced challenges deploying it on 2008 and 2012 systems. That's why it ultimately took us three weeks to complete the deployment. If you don't have any older operating systems, it's quite effortless. 

We had four people working on the implementation, including three technicians. I was the only one from our Azure team, and there was another person from the workplace team who had access to the on-premise servers. He could log in to run some scripts and see if everything worked. We also had a project manager and a person from the client's team to test as soon as we were ready. 

I rate Defender for Cloud eight out of ten. It uses more resources than competing solutions, but that's the only issue. If you plan to implement Defender for Cloud, I recommend considering the operating systems you use. 

If there are a lot of Server 2008 and 2012 VMs, it might not be the best solution. It is still possible, but it's harder to monitor and manage. It's tricky to check if everything works. These issues don't exist as long as you use the 2016 version or above. 

Typically, when we have a scenario where a client wants to migrate their resources to Azure, they might migrate their IaaS platforms, such as virtual machines; they might migrate their applications or their databases; they could also migrate into Kubernetes services. There are a variety of projects. I work for many types of customers where all these different scenarios are involved, including applications, app services, database as a service, IaaS by default, and Kubernetes.

With a project that I recently completed for one of our customers, the requirement was around their bidding application on-prem, utilizing different cognitive services and AI modules on Azure. They wanted to containerize this entire application with AKS, Azure Kubernetes Services. They did so, and Security Center was integrated with this entire AKS system. What Security Center provided us with was a solution for how we could better secure this entire environment. It provided some recommendations on pod security and how the pods do not need to communicate with each other. It recommended isolating these pods for better security, so that even if a certain user got access to a pod, or a certain threat was detected for one of the pods, we wouldn't have to worry about the entire system being compromised. By implementing the recommendation, if a pod is compromised, only that pod is affected and can be destroyed anytime by the AKS system.

Another recommendation was for enabling some edge layer WAF services, by leveraging a Microsoft out-of-the-box solution like Front Door. Security Center said, "Okay, now that the application is being accessed over the public internet, it is not as secure as it could be." An edge solution, like an application delivery controller such as a WAF or a CDN service was another option. It could be anything that sits at the edge and manages the traffic so that only authorized access is allowed within the network. Security Center recommended Front Door, or we could leverage other solutions like Cloudflare, or a vendor-specific solution like F5. We could then make sure that any Layer 7 security is handled at the edge and doesn't affect the application inside. SSL offloading is taken care of at the edge. Any region-specific blocking is also taken care of at the edge. If an application is only accessed in the U.S., we can block locations at scale with this solution. That is how Security Center provided us with some recommendations for better securing the environment.

Another way that Security Center can help is that it can benchmark the infrastructure in terms of compliance. Compliance-based infrastructure is one of the norms nowadays. If an application is health-based or it's a Fintech-based application, certain standards like HIPAA, NIST, or PCI need to be followed by default. Auditors or compliance teams used to run through a manual checklist to make sure that the environment was secure. But with Security Center, we can do it via an automated layer, introducing regulatory compliance policies. Security Center performs scanning of the entire environment, in regard to the policies, in real time. Using the example of the bidding system, it's a Fintech environment and, while having NIST is not mandatory, we could enable a benchmark run-through, to make sure the infrastructure is NIST-compliant.

With Security Center, we applied policies that align with these types of compliance. Security Center takes these policies and runs through the infrastructure to see what the gaps are and provides us with a report on what is compliant on the infrastructure and what is non-compliant. We can fix those non-compliant parts.

For any type of service, I would recommend the go-to solution for security on Azure is Security Center. The advantage is, firstly, is that it has seamless integration with any of the services I mentioned, on Azure, such as IaaS platforms, virtual machines, applications, or databases, because it's an in-house product from Microsoft within the Azure ecosystem. It has seamless integration with their Log Analytics workspaces, and it also provides some insights into what can be a better solution when it comes to securing their environment.

When it comes to improving the security posture, whenever we have a small project for a customer where they want to migrate their resources into Azure, once the resources are migrated, such as the ones I noted above, we go ahead and integrate Security Center in various ways. One of those ways is to use an agent that can be installed on virtual machines so that we can extensively monitor security alerts or threats that happen on the device. 

But for platforms as a service, we can't have an agent installed, so it integrates with the Log Analytics workspace. For any PaaS services, or a database as a service, or data lakes, we take their Log Analytics workspace and integrate it with Security Center. Once we have integrated it, Security Center discovers the resources, determines what the different configurations are, and provides us with some recommendations for the best practices that Microsoft suggests.

For example, if the Security Center agent is installed on a virtual machine and it scans the environment and identifies that the access to this VM is public and also doesn't have any MFA, it will recommend that blocking public access is one of the best practices to make sure that only safe access is allowed. Along with that, it can also provide us with some insights about enabling MFA solutions that can provide an additional security layer. Those are examples of things that Security Center can recommend for providing a more secure infrastructure

There is a slight gap between the real-time monitoring and real-time alerts. While Security Center has the ability to detect sophisticated attacks or understand potential threats, I feel that if the response time could be improved, that would be a good sign.

In addition, when it provides recommendations, those recommendations have a standard structure. But not all the recommendations work for a given environment. For example, if a customer is already using a third-party MFA solution, Microsoft doesn't understand that, because Microsoft looks into its own MFA and, if not, it will provide a recommendation like, "MFA is suggested as a way to improve." But there are already some great solutions out there like Okta or Duo, multi-factor authentication services. If a customer is already using Okta as an SSO in its entire environment, they will want to continue with it. But Security Center doesn't understand that and keeps making recommendations. It would help if it let us resolve a recommendation, even if it is not implemented.

Security Center provides what it calls secure score. This secure score is dependent on the recommendations. It tells you that if you resolve this recommendation, your secure score will be improved. In the case where a client is already using MFA, but the particular recommendation is not resolved, there is no improvement in the secure score. There is a huge mismatch in terms of recommendations and the alignment of secure score. MFA is just one small example, but there are many recommendations that depend on the client environment. There is room for improvement here and it would help a lot.

I'm a network and security architect for a Microsoft Gold partner. I have been extensively using Azure for five years and have been involved in multiple security and network projects. I have been using Security Center, specifically, for more than three years on Azure, applying recommendations and working on integrations with other services, etc.

The performance is pretty crisp. Because it is a platform service, we don't have to worry about the availability or response time. It's all managed via Microsoft. The performance is good for now, but it can be improved. It could be more real-time. There are many things that Security Center does in the background, so that may make the response time a bit slow. If we apply certain policies, it will run through the entire environment and give us a report after about 30 to 45 minutes. That layer could be improved.

This is a platform service and Microsoft has scalability under its control. It can scale to all of Azure.

As a Microsoft Gold partner, most of the time we work directly with the engineering team or with the Microsoft sales team. Because we are working day-in and day-out with Security Center, we are well aware of its issues, capabilities, features, and the depth of its tools. The basic, level-one or level-two support team just follow a standard. 

But there has been a huge improvement in terms of Microsoft support and they provide some really good support for Security Center.

The initial setup is very straightforward. There's nothing complex about it.

Implementation generally doesn't take a huge amount of time. Because Security Center is a service, the agents need to be installed on a virtual machine or servers. If it's an IaaS application or platform services, the log analytics need to be integrated. In an environment with about 30 or 50 servers, we could run the script and complete the onboarding of the servers into Security Center within a day, and the same is true for platform services.

But it's not just about onboarding it because Security Center also provides some recommendations, and we work on those.

I lead a team of four people who work specifically on Security Center. There are other sections of Azure Security that they work on, such as Azure Sentinel, Azure ADP, Microsoft 365 security and compliance for our portals. But for these four people, about 25 to 30 percent of their roles involves managing Security Center.

The return on investment is pretty great in terms of the feature set that Security Center provides. There are so many solutions out there that can do similar things, but at the same time, they do not have such seamless integration with other services on Azure. The return of investment is in the ease of management and the great visibility.

Pricing and licensing is a standard process. It's not as complicated as other Microsoft licensing solutions. Security Center charges $15 per resource for any workload that you onboard into it. They charge per VM or per data-base server or per application. It's not like Microsoft 365 licensing, where there are levels like E3 and E5. Security Center is pretty straightforward. With Security Center, there are no other fees in addition to the standard licensing fees.

We have other, third-party vendor solutions, but Security Center provides that seamless integration, along with some insights that other platform services do not. There aren't a lot of other vendors out there that can integrate with Azure platform services. It's the only solution that we recommend.

Other solutions include Qualys, Rapid7, Tenable, and Nessus. As system integrators, we generally recommend Security Center. But if a client has already made a huge investment in Tenable or Qualys, they will want to continue with that. If a client does switch, they will see the advantages of all the integrations and services that can all work together. They will have a single plane of control.

The seamless integration is one of the key benefits. It integrates well with the whole Azure ecosystem. A second advantage is not having to worry if Security Center will be able to scale. A third advantage is that it is an all-in-one service. You don't have to have multiple services for threat protection, for endpoint protection, for recommendations, and for compliance. This is one tool that can do a lot.

In terms of the cons of Security Center, there are a lot of things. Vulnerability management is available, but vulnerability assessment is not available within Security Center. That is a huge gap. As of now, Security Center relies on third-party tools in this area and we have to integrate it with them. There is also the lack of custom recommendations for the environment. That is a feature that would be helpful.

When it comes to endpoint solutions, Microsoft ATP is available, but some of our clients already have a solution such as CrowdStrike.

My advice is to go with Security Center. It's a really good tool and provides some good recommendations for the environment. Other tools can provide recommendations, but then we have to do them manually. Security Center does them automatically. That's one of the advantages that stands out compared to other tools. For anyone who asks, "Why Security Center?" I would tell them that if all their resources are being deployed, or all their applications are being hosted on Azure, this is the only solution, the best solution, out there.

I don't think there is much effect on end-user experience here, because whenever you talk about Security Center, the agents or tools are applicable to the underlying infrastructure rather than the end-user. For example, an application is hosted on a server or, for platform services, it's being integrated with these services. While a user is accessing these applications, Security Center just scans the data to understand what the incoming traffic is like. It provides intelligence reports such as where the traffic is coming from and what kind of data is being accessed for the end-user. Apart from that, it doesn't affect anything for the end-user.

I have a highly specific use case for Azure Defender, so I don't think I've used most of its features. We primarily use it to secure Kubernetes clusters in other cloud environments. For example, I have Kubernetes in Amazon AWS, and we're trying out Azure Defender to protect those Kubernetes clusters.

We also use Defender to scan the image repositories held in Azure Container Repository or ACR. We use Defender plus Azure ARC and Windows Defender. All three products work in conjunction to give us some security insights into our cluster.

We haven't fully implemented Azure Defender yet. Right now, we're at the POC stage. However, if people have a genuine use case, they should see its value, especially because of its cross-cloud compatibility. I don't think any other tool provides the same cross-cloud compatibility as Azure Defender combined with Arc, so that's a significant selling point for this product.

The security scorecard is something I find helpful. It tells me what's missing and identifies new vulnerabilities inside my registries. Once I publish the image, the scorecards automatically update. I don't need to constantly run a security scan for my images because the scorecards are updated by Azure periodically. That makes my job easier.

I haven't been using Azure Defender for long. It's been around three months. 

Overall, Azure Defender's availability is excellent. However, the Kubernetes security is a new offering that is still under development, so the service's availability and support are not mature at this point and definitely need improvement.

I rate Defender's scalability about eight out of 10. If you compare Azure Defender to a similar product AWS offers, there isn't much difference in scalability. The solution is able to accommodate all your requirements. I don't think I have ever reached a point where the solution couldn't scale to meet my needs. 

I deduct two points because you incur more costs as you increase usage, so it's more expensive when you have lots of logs flowing into the system. That is why I rate it eight. Otherwise, I don't see any technical issues there.

Azure's system could be more on point like AWS support. For example, if I have an issue with AWS, I create a support ticket, then I get a call or a message. With Azure support, you raise a ticket, and somebody calls back depending on their availability and the priority, which might not align with your business priority. 

I can't talk about Microsoft support generally, but I can speak to my experience specifically with Azure Defender support. I would rate it five out of 10. Maybe it's because this is a product that Azure is still developing on the side. I don't think they have made Azure Defender for Kubernetes available to the general public yet, so that could be why their support is not up to par. I don't know the reason, but I haven't had a good experience with the support.

It is just a POC, so I don't have many endpoints. The whole setup took three days for around 10 endpoints. They have an agent-based security system. It's always complex because you need to deploy the agent to all endpoints which is a lot of work to get it set up. 

We have still have not decided to implement Azure Defender because we are also trying out other products in the same line. Once the RFP process is finished, we will know which one we'll implement.

Azure Defender is definitely pricey, but their competitors cost about the same. For example, a Palo Alto solution is the same price per endpoint, but the ground strikes cost a bit more than Azure Defender. Still, it's pricey for a company like ours. Maybe well-established organizations can afford it, but it might be too costly for a startup. They should try some open-source tools. That's how it is today.

Compared to other products, Azure Defender's main advantage is native integration with all Azure services. If your company uses Active Directory and builds everything on Azure, you get it as a complete package. There's no need to buy another tool and set it up in your cloud environment. 

Everything is built into Azure, and if we go for cross-cloud development with Azure Arc, we can use most of the features. While it's possible to deploy and convert third-party applications, it is difficult to maintain, whereas Azure deployments to the cloud are always easier. Also, Microsoft is a big company, so they always provide enough support, and we trust the Microsoft brand. 

I rate Azure Defender eight out of 10. If you're looking for standard Azure Defender services like cloud posture management or application security, these features are all highly mature. Defender also has newer capabilities that they recently introduced, such as endpoint security, cross-cloud integration with Azure Arc, and Kubernetes runtime security. 

These are all new services, so potential users need to think twice before buying into it solely for these features because I don't think the support is there to encourage customers to buy the product. I don't feel confident about Microsoft's support in these particular areas. I would exercise caution before buying Defender for these particular use cases. 

We use it to manage the overall compliance of our products.

It helps you to identify the gaps in your solution and remediate them. It produces a compliance checklist against known standards such as ISO 27001, HIPAA, iTrust, etc.

Customizing some of the compliance requirements based on individual needs seems like the biggest area of improvement. There should be an option to turn specific controls on and off based on how your solution is configured.

I have been using this solution for five or six years. We have been working with it pretty much since it came out.

It is a great product. The new security features that emerge in Microsoft products can sometimes be difficult to track. It automatically flags when you don't have what you probably should have.

It is very scalable. We are a small organization with less than 10 people, and at least half of those people are in the solution at any given point in time.

Microsoft's tech support is decent. I would rate them a four out of five. We're currently dealing with a ticket mostly on the billing side, and it has been open for over a month, so I'm not going to give them a stellar rating. I feel they should have figured this out a long time ago, but they've resolved technical issues relatively quickly.

It was very easy. It was there by default. It basically turned itself on, and then they gave you a default thing. 

In terms of maintenance, typically, there is one person in there, probably per week, looking at the compliance and things that they can do to improve the bar.

It was included with the product. We looked at other solutions, but this was the most comprehensive and cost-effective one.

I would rate Azure Security Center a nine out of 10.

We use Defender for network security.

Defender for Cloud is easy to use and enables us to automate routine security tasks. We save a few hours each week. Defender's single dashboard helps us centrally manage security operations and detect threats faster.

Defender is user-friendly and provides decent visibility into threats. We use multiple solutions in the Microsoft security suite, including Sentinel and Defender for Endpoint. They integrate smoothly to offer coordinated detection and response. 

Sentinel ingests data from our entire environment, allowing us to manage everything from one place. We don't need to go to multiple places to find information. Sentinel's capabilities are quite comprehensive.

Microsoft Defender could be more centralized. For example, I still need to go to another console to do policy management. 

I have used Defender for Cloud for two years. 

I rate Microsoft Defender an eight out of ten for stability. It's highly stable.

Microsoft Defender is scalable. 

I rate Microsoft support an eight out of ten. It isn't too bad. 

Positive

Setting up Microsoft Defender is straightforward. It took us around a month to get it fully deployed. Most of the implementation consisted of onboarding. It doesn't require much maintenance after deployment because it's a cloud solution.  

I don't think we've saved more money than we've spent. Defender is expensive, but we might see a return in the long run. 

I rate Microsoft Defender a three out of ten for affordability. The price could be a little lower. 

I rate Microsoft Defender for Cloud an eight out of ten. Getting all your security solutions from a single vendor makes things easier to manage. However, the Microsoft security suite is quite expensive.