Microsoft Defender for Cloud Reviews

We had multiple use cases at my previous company. I changed companies during their implementation stages of this solution. From what I saw, the solution has a good use case for SIEM.

It helped improve my previous organization's security posture. Their previous solution was running separately in each region. That has now been centralized by moving to the cloud. This was a huge change for their operations because they used to have multiple vendors managing their SIEM. Now, that has been consolidated under a single vendor. This consolidation has improved response times.

We saw improvement from a regulatory compliance perspective due to having a single dashboard.

I felt that there was disconnection in terms of understanding the UI. The communication for moving from the old UI to the new UI could be improved. It was a bit awkward.

I have been using Azure Security Center for five to six years. I was using it as my previous organization up until six months ago.

The stability was good.

The solution was very much scalable.

Overall, there were around 150,000 users beginning to use it at the organization.

We didn't use technical support directly from Microsoft. We used the third-parties' support.

We were previously using multiple solutions that integrated with SAP. For example, one region would be running QRadar and another region would be using Symantec. Each region of the company was just running it in silo mode off their internal Exchange. As part of centralizing a global solution, we chose to go with Azure Security Center, because our on-prem solution was not really working for us. This is why we started using Azure Security Center.

The initial setup was easy; it was not complex.

The deployment took a month.

The transition went well. I didn't see any challenges.

The setup was done by a third-party vendor, Fujitsu, who was very good. There was also another vendor, Microland, who had good knowledge and helped us with building it.

Not too many people were needed for the transition between solutions. I am unsure of the number of people needed because multiple activities were being run during the process, e.g., SharePoint migration.

The solution helped out management a lot. It reduced about 50% of the time needed to spend on this after implementation.

The organization saved money by consolidating into one solution instead of two or three. 

Microsoft's licensing and pricing are sometimes complicated. If someone is new to Microsoft's licensing, they might have difficulty with it.

We might have looked at other competitors. However, Azure Security Center was attractive because of its licensing, which was packaged with the Office 365 licensing, as well as the fact that it is a single solution.

I liked the centralization that it offered. However, I am cautious about the licensing part because I am unsure how you would manage the solution if it wasn't bundled.

When we started, our team didn't make a clear roadmap, which slowed us down. I recommend that you clearly define your roadmap before getting started.

The solution is very good. I would rate it as eight out of 10.

I work as a SOC manager. We use it for incident security, incident monitoring, threat analysis, and looking at remediation or suppression.

Most use cases that come from Microsoft are all automated. Even before any manual effort, the tool is designed in such a way that it just does the threat analysis. It gives us exactly what the incident alert is all about: 

• The priority
• The threat 
• The impact
• The risk
• How it can be mitigated. 

Those are the key features of this particular tool.

The solution has features that have definitely helped improve our security posture.

One important security feature is the incident alerts. Now, with all these cyberattacks, there are a lot of incident alerts that get triggered. It is very difficult to keep monitoring everything automatically, instead our organization is utilizing the automated use case that we get from Microsoft. That has helped bring down the manual work for a lot of things. The automation tool does the following (when human interaction is needed): 

• Identifies what kind of an alert is it. 
• Whether we have to dismiss it. 
• When we need to take any action so the team can do it appropriately. 

This is one of its key benefits.

It is easy to use based on my experience. If a newcomer comes in, it is just a matter of time to just learn it because it is not that difficult.

Most of the time, we are looking for more automation, e.g., looking to ensure that the real-time risk, threat, and impact are being identified by Microsoft. With the Signature Edition, there is an awareness of the real risks and threats. However, there are a lot of things where we need to go back to Microsoft, and say, "Are you noticing these kinds of alerts as well? Do we have any kind of solution for this?" This is where I find that Microsoft could be more proactive.

I have been using it for more than nine years.

We have not had issues with tool usage or any hiccups.

There are certain glitches, which are areas of improvement, thus we continuously keep working with Microsoft. Microsoft does acknowledge this, because it's a learning experience for Microsoft as well. They always expect feedback and improvements on their tools, as it is a collaboration effort between Microsoft and the client.

I work for an organization with more than 50,000 users. Under security alone, we have 5,000-plus users. On my team, we have around 400 people who are looking at it.

There are different roles in the company: project management, security operations (the red and blue teams), and pen testing. I lead a security operations center team, where we have L1, L2, L3, and L4 capabilities. All these come under the same umbrella of the security operations center, and they are all rolled up to the Chief Information Security Officer as part of security. 

An ongoing improvement for both Microsoft as well as for my organization: We need to work together. Sometimes, the solution doesn't work so we reach out to Microsoft Enterprise support for any help or assistance. If there is any feedback or improvement, then we work together, but they definitely have helped most of the time.

There are certain gray areas. We constantly work with Microsoft to notice whether there is something that only we, as a client, face. Or, if there are other clients who have the same kind of situation, issues, or scenarios where they need help. 

I would rate Azure Security Center anywhere between five to six out of 10. Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time.

We use Microsoft Defender and Splunk. We primarily went with Azure Security Center because of client requirements.

The initial setup is pretty easy and straightforward. 

To deploy just Azure Security Center, it took three to four hours. However, there are a lot of things that it depends on.

Different clients have different requirements. If the client says, "We are using Azure Security Center. We want to use Microsoft technology or products." We will go with that. There are clients who are using Cisco products as well. 

The solution architect usually designs it, taking into consideration the initial setup guide, playbook, and documentation. 

We don't use consultants for the deployment.

It has global licensing. It comes with multiple licenses since there are around 50,000 people (in our organization) who look at it.

For organizations who have an on-prem environment and are planning to move to a cloud-based solution, Azure Security Center is definitely one of the best tools that they can use. Year-over-year, I can see a lot of differences and improvements that Microsoft has definitely implemented, in terms of risk analysis, threat impact, and risk impact.

Most of the time, for any action that is performed within an organization or environment, if there is a risk or threat analysis, it is the security operation center who gets to know about it. The end user doesn't get affected at any cost unless there is a ransomware or cyberattack.

I wouldn't say that this is the only tool or product that has helped us out. There are a lot of technologies that Microsoft has come up with, which all together have made a difference. From a score of one to 10 for overall security, I would rate Azure Security Center somewhere between a seven to eight. This is not the only tool that my team depends on. There are other tools, but in terms of threat analysis and threat impact, this particular tool has definitely helped us.

We use a lot of Microsoft technologies, not only Azure Security Center. Apart from Azure Security Center, we use the playbook. We are also moving forward with Azure IoT Central and Log Analytics, which is a SIEM tool. So, I have Azure Security Center, Azure Advanced Threat Protection, Windows Defender, Log Analytics, and Azure IoT Central. 

Using Azure Security Center, there are a lot of things that get automated. So, I am not dependent completely on Azure Security Center. It is a collaboration of different tools and technologies to achieve the end result. That is why I am saying seven to eight out of 10, because I am not dependent on a particular tool. It is also one of the tools that is definitely helpful for checking risk analysis, but there are other tools as well.

I would rate Azure Security Center as seven to eight of 10. If you talk about Microsoft products, I would rate it anywhere between eight to nine out of 10.

We are working for a major client in the UK. So, we are moving all the products of clients from their on-premises environment to the cloud. One of the biggest challenges we face, “Once the infrastructure is created in the cloud, how can we make sure that the infrastructure is secure enough?” For that purpose, we are using Azure Security Center, which gives us all the security loopholes and vulnerabilities for our infrastructure. That has been helpful for us.

We use the Azure Security Center to scan the entire infrastructure from a security point of view. It gives us all the vulnerabilities, observations, etc. It reports most of the critical issues.

From an organization or security audit point of view, there are few tools available in the market. The output or score of Azure Security Center has really helped the organization from a business point of view by showing that we are secure enough with all our data, networks, or infrastructure in Azure. This helps the organization from a business point of view to promote the score, e.g., we are secure enough because this is our score in Azure Security Center.

We are using it from a security point of view. If there is a threat or vulnerability, the solution will immediately scan, report, or alert us to those issues.

We are using most of the good services in Azure:

• The load balancing options
• Firewall
• Application Gateway
• Azure AD. 

I value Azure Security Center the most from a security point of view. Everybody is concerned about moving data or infrastructure to the cloud. This solution proves that we are secure enough for that infrastructure, which is why I really value the Azure Security Center. We are secure in our infrastructure.

This is a platform as a service provided by Azure. We don't need to install or maintain Azure Security Center. It is a ready-made service available in Azure. This is one of the main things that we like. If you look at similar tools, we have to install, maintain, and update services. Whereas, Azure Security Center manages what we are using. This is a good feature that has helped us a lot.

From a business point of view, the only drawback is that Azure or Microsoft need to come up with flexible pricing/licensing. Then, I would rate it 10 out of 10.

We have been using it in production for the last three years. I have been part of the cloud migration team for Azure Cloud for the last two years.

We started using Azure Cloud from the initial version. Every week or month, there are updates in Azure. For the last three years, we have been using the latest version.

Whenever we increase the number of our resources, Azure Security Center easily copes with it. Since this is a ready-made service, it will automatically scale.

We are working with around 100 to 150 major clients in the UK. Each client has 200 to 500 users.

From an overall infrastructure point of view, we have a five member team.

We are getting adequate support and documentation from Microsoft. We are a Premium customer of Microsoft, so we are getting support in terms of documentation and manual support.

We were using this service from the onset.

This is a PaaS service. It is a ready-made service available in Azure Cloud. It is very easy to use and set up because you are using the platform. We don't want to maintain this service from our end. 

There are different models when it comes to the cloud:

• Infrastructure as a service
• Platform as a service
• Software as a service.

We are using sort of a hybrid, both infrastructure as a service and platform as a service. 

We are using our own team for the deployment.

We consume or subscribe to the service. Azure takes care of the maintenance and deployment, and we don't need to worry about it.

We are securing our customers' infrastructure using Azure Security Center. That internally helps their overall organization meet their goal/score on security.

So far, the feedback from the customer and our team have been really positive. We are very happy and getting return on investment from this product.

Its pricing is a little bit high in terms of Azure Security Center, but the good thing is that we don't need to maintain and deploy it. So, while the pricing is high, it is native to Azure which is why we prefer using this tool.

One of the main challenges that we have been facing with Azure Security Center is the cost. The costs are really a complex calculation, e.g., to calculate the monthly costs. Azure is calculating on an hourly basis for use of the resource. Because of this, we found it really complex to promote what will be our costs for the next couple of months. I think if Azure could reduce the complex calculation and come up with straightforward cost mapping that would be very useful from a product point of view.

Other than Azure Security Center, we did not find a single tool which could analyze all our infrastructure or resources in Azure Cloud.

We were mainly looking for products or tools native to Azure. The other tools that we evaluated were not native to Azure. Azure Security Center is natively attached to Azure. Because other tools were not natively supporting Azure, then we would have to maintain and deploy them separately.

So far, we have received very positive feedback from the team and customers. Because it is a single tool where we list all the problems or vulnerabilities, we are happy as a team. The customer is also happy.

End users are not interacting with Azure Security Center. This is a back-end service that evaluates security.

There are no other good tools in Azure, other than Azure Security Center, which will evaluate and alert you to security vulnerabilities and threats. So, if somebody is really concerned about the security of their infrastructure in Azure, I suggest you use Azure Security Center. The features that it provides from a security point of view are amazing.

I would rate the product as a seven or eight (out of 10) because it is really helping us to improve our security standards.

I use this solution in two different scenarios. The first is for the security and monitoring of Azure accounts. Another is for SIEM integration and the Azure Gateway WAF. Essentially, it's a one-stop solution where you can integrate all of the other Azure security products. This means that instead of maybe going to Firewall Manager, Azure Defender, or WAF, you can have all of them send statistics or logs to Azure Security Center, and you can do your analysis from there.

This product helps us with regulatory compliance.

With respect to improving our security posture, it helps us to understand where we are in terms of compliance. We can easily know when we are below the standard because of the scores it calculates.

It helps us with alerts. You're able to automatically channel these alerts to emails and get the team readily looking into the issue.

We don't need a distributed team looking at the various security solutions. Instead, they just look into Azure Security Center and then get everything from one place.

It also supports multiple cloud integration, where you can add other clouds like AWS and GCP. However, we don't use that feature. 

The most valuable feature is the help with regulatory compliance, as it gives us security scores and the CVE details.

Centralized management is another feature that is key for me.

This product has a lot of features but to get the best out of it, it requires a lot of insight into Azure itself. An example of this is customizing Azure Logic Apps to be able to send the right logs to Security Center.

The overview provides you with good information, but if you want more details, there is a lot more customization to do, which requires knowledge of the other supporting solutions. You can get the best out of it, but then you will also need to do a lot of work.

Improvements are needed with respect to how it integrates the subscriptions in various Azure accounts. You can have a lot of accounts, but you don't get detailed information. Specifically, it gives you overall score statistics, although it's not very intuitive, especially when you want to see information from individual subscriptions.

For example, if there are five subscriptions sending traffic to Azure Security Center, it gives you the summary of everything. If you want to narrow it down to one particular subscription and then get deep into the events, you really have to do some work. This is where they could improve.

In terms of narrowing things down, per account, it is not granular enough. In general, it gives you good summaries of what is happening everywhere, with consolidated views. You're able to get this information on your dashboard. But, if you wanted to narrow down per subscription, you don't want to have to jump into the subscriptions and then look at them one by one. Simply, we should be able to get more insights from within Azure Security Center. It's possible, but this is where it requires a lot more customization.

I have been using Azure Security Center for approximately two years.

In terms of stability and availability, Security Center is very good. It doesn't change. Because it's cloud-based, you don't actually have to manage infrastructure to get it up. If you are using the SIEM portion of it, it's what you are sending to it that will determine what you get out of it.

If you are using a hybrid solution from your own site then you have to make sure that your internet connection to the cloud is reliable. Your VPNs that are pushing data have to be stable, as well. Also, if you are using a third-party solution, you have to manage your keys well. But in terms of it being stable, I would say it's highly available and highly stable.

This solution is very scalable. You can integrate as many subscriptions as possible. They could be Azure subscriptions, AWS accounts, GCP, and other resources. Because it's cloud-based, I have not actually encountered any limits.

I know that with cloud providers when there are limits, you can request an increase, but in terms of how many, I have not seen any limitations so far. As such, I would say it's highly scalable.

We are using it a lot. For Azure, there are 20-plus subscriptions. We don't really use it for AWS accounts. Instead, we prefer to use AWS Security Hub on AWS, so we don't push AWS account data there. But for Azure, we used it for at least 20 subscriptions.

We have a distributed team. I have used it for the past two years in the company, and it's a huge organization. In the whole of the organization, Microsoft Azure is used as the main cloud. AWS was also used, but that was mostly for specific projects. In terms of the number of people using it, I estimate it is between 50 and 100.

Microsoft support is very good, although it may depend on the kind of support you have. We have enterprise-level support, so any time we needed assistance, there was a solution architect to work with us.

With the highest support level, we had sessions with Microsoft engineers and they were always ready to help. I don't know the other levels of support, but ours was quite good.

We began with the Security Center because it was for projects on Azure.

The initial setup is somewhat straightforward and of medium complexity. Especially when it comes to integrating subscriptions, I would not say that it's complex. At the same time, it is not as simple as just pressing the Next button several times. There are knowledge prerequisites before you can set it up fully and properly.

Setting this solution up was an ongoing project where we kept integrating subscription after subscription. If you know what you're doing, in a couple of days, or even a few minutes, you can get going.

If you need to build the knowledge as you go, it's something you could do in one day. You would integrate one subscription, and then start getting feedback. It's plug and play, in that sense.

The company has seen great returns on investment with this solution. In terms of security, you want to match the spending with how effective it is. Top management generally wants more reports. They want statistics and an analysis of what is happening. For example, reports need to say "We had this number of attempts on our systems."

As additional functionality, it's also able to support the business in terms of knowing and reporting the relevant statistics.

This solution is more cost-effective than some competing products. My understanding is that it is based on the number of integrations that you have, so if you have fewer subscriptions then you pay less for the service.

We did not evaluate anything else before choosing this product.

For example, we are now considering different products for SEIM integration. One of them is Palo Alto Prisma Cloud. However, the price is too expensive when compared to Azure. It is also a multi-cloud product, although, in the beginning, it didn't support AWS and GCP. It now has support for those cloud providers, as well as additional features that Azure doesn't have.

My advice for anybody who is implementing this product is to start building knowledge about it. Go to the Microsoft documentation and learn about it. As much as they show all of its great functionalities, you really need knowledge of other supporting resources that work with Azure Security Center, because it is just like a hub. It's what you push into it and how you customize it that determines what you get.

This means that if you don't have knowledge of Firewall Manager and you just want to use Security Center, it becomes a problem for you. This is something that you need to know. So, I advise people to get a holistic knowledge of all of the supporting resources that work with Azure Security Center to be able to maximize its value.

If you are looking to build on Azure then I would recommend the Security Center, mainly because of the cost and you will immediately get all of the functionality that you need.

The biggest lesson that I learned from using this product is that you don't get the best value right out of the box. You need further customization and configuration. The capabilities are there but if you don't have a dedicated security team with good technical know-how, such as scripting skills, or being able to work with the Logic App, or maybe the basic functionalities of security, then when you want more in-depth details into your subscriptions, it will become a problem.

I would rate this solution a seven out of ten.

We use the solution internally.

Azure Security Center works with Azure Defender. Azure Defender is used for identifying the vulnerabilities and loopholes inside our system that we can deploy on multiple layers either from the subscription level, the source level, or on the devices. You can connect multiple devices to this. That's not specific to only servers. You can connect with ER80 as well as SQL servers. Most of the services are covered within the Microsoft Defender.

We find two things inside the Azure Security Center to be quite valuable. One is the recommendations, and the second is the regulatory compliance. Both help to keep everything running smoothly. This will give you the security score as well. You can try to get the highest security score, which is 100%. You can get there just from the recommendations from Microsoft. Not all the recommendations will be applicable on the enrollment side.

Regulatory compliance is PCI compliance. There are multiple compliance options you can follow.

Azure Defender helps improve our security posture. You enable it for each and every server. It is a monthly-based subscription and about $15 per month per server. You can see right on there that the vulnerability is automatically run with the help of a Messages scanner. Messages is running behind Azure Defender. It automatically runs and scans, and that will show up on your portal. You do have to take any necessary steps to run recommendations. Either you can see if any energy port is open, for example, if RDP is open, it will realize, “Okay, just close RDP for outside work." These kinds of recommendations are very helpful from the Azure Security Center.

You have inventory on Azure Security Center, as well as Workbooks. You can create Workbooks. These are automatic playbooks where you can see the entire dashboard. If you prepare a monthly report, or a weekly report, it's better to create it in Azure Security Center instead of Workbooks with the help of JSON, or use drag and drop as an option. That will help you to keep updated more on things.

Inside Azure Security Center, with Workbooks, you can create your own workbooks according to your users. If you have a system update setting inside Azure, with the help of an automation account, if you click it, inside the system update Workbook, you can see all the systems which are taking updates. If that is updated, you can see whether the system is compliant with updates. All the reports are visible. You can see reports on the basis of subscriptions or on the basis of resources if you want.

Azure Security Center does not affect the end-user experience in any way. End users don't feel its presence in the organization.

The solution offers collaborative services. If you enable Azure Defender for servers or any services, basically, you can automatically subscribe for Azure Defender for Endpoints, which is easy.

You can install the EDR on each and every server. That will give you all of the process logs and what a user is doing. You can tell if a URL is open on your system, for example.

You can remediate with automation as well if you want to. That's for malware or any malicious files if they are present on the system. It will detect using the intelligence of the Defender Endpoint. You can take hybrid action on an alert, you can take a fully automated action, or you can take 100% manual action.

With Defender Endpoint, if you find out if one system is compromised, you can actually separate it from the network. If you have to deal with ransomware. If one system is affected by ransomware, you can remove the system from the network.

There is a security alert inside Defender that's per the recommendations and activities that happen inside your network. You will see security events there. If you do not have any other SIEM solution in your environment, you can leverage this. 

The team is already working on one of the latest features, which is having migration techniques right on the portal available. It's possible to use it now. That's one good new feature.

For MIM, they are still improving things on Azure Security Center. There are a few flaws in backend technologies. If you do not have the correct access to the system, you cannot access the files and most of the reported resources.

For example, a general huge storage account, which is exposed for public access. If there are ten storage accounts available, you can see the names. You can identify, those storage accounts that are supposed to be accessed from the outside, maybe, due to some feature happening behind the scenes on a storage account, and these are supposed to be exempt from the portal. You shouldn't see them again and again and this should not affect your security score overall. However, they are not easily exempted from the portal. There's no way to exempt them properly.

You cannot create custom use cases. You can use what is already present on the Microsoft side in terms of security alerts. You can, however, customize whitelisting for alerts.

I've been using the solution for four years now. For one year, I have been working as an architect on Azure Security Center.

The stability is 99.9%. I never have seen any failure. Sometimes you find the service is slow. However, that could be related to an internet connection or something else. Every service has downtime. There is very, very minimal downtime here. I haven't faced any challenges in four years.

The scalability is very good. You don't need to put any extra agent or anything from your side. Everything is automated. It's the easiest security feature, which you can get from Microsoft.

For every project, an architect from the Microsoft side is assigned to the team. You can directly connect with them. You can also create a technical ticket. They will respond immediately. If the issue requires a certain level of severity, you will get a call directly. If it's not as serious and they email you, however, you do not respond to their email, they will call you. Otherwise, they will keep communicating via emails.

I'm in India. When I open a ticket, it may be assigned to the Indian parties and they take time to remediate your problems. If I am routed to the senior team of Microsoft, they won't take much time. They give you new solutions quickly. It's a good thing. 

We do use Azure Sentinel. I'm also familiar with Google Cloud Platform, GCP. It's a bit complex as the structure is not as good as Microsoft. Microsoft, from top-down, offers a management group, subscriptions, and tenants under one group. Inside that resource group, you will find resources. That is easy. On the other hand, inside GCP, there are folders inside folders. Then you can create multiple folders inside one folder. That makes things very complex. There are not too many security solutions available on GCP. I do not have too much experience with GCP, however, given the experience I have, according to that, GCP isn't as good.

You can handle many things on Azure with the UI. There's no need to go for the PowerShell if you don't know it. If you know PowerShell best, you can use it if you want to. If you want any report from the GCP, however, you'll have to first understand the shell scripting. It's hard to find projects due to the way GCP is laid out. There's too much complexity.

The solution is very easy to deploy. This is automatically installed on the Portal. There is no need to install anything on the Portal. There are just a few buttons inside the settings if you want to enable the Defender, et cetera. That will automatically install on all the servers. The agents are already present.

The solution takes six seconds to deploy. If you are on the Portal, you can do it in seconds. The first remediation will show within 30 minutes due to the fact that the scan takes time. The message takes a little bit of time to scan the entire infrastructure. That completely depends on how big a company's infrastructure is.

If there is another service, such as Azure Sentinel, you need to install agents on all the machines. If there is a Linux machine, you have to install the OMS agents. However, that's not the case over here.

One person can easily handle maintenance. A single person handles both Azure and Sentinel. Ours is a small environment. 

In terms of ROI for Azure Security Center, the solution offers basic security features, which Microsoft is providing. That's the main thing. There's no need to go and get any technical team to handle anything. If you know a little bit about the security, you just go and toggle the button and you install it on all the servers and services. With this product, you will start getting recommendations and security alerts. 

In contrast, if you go on any other products, you need a specialized team for security, especially. You need a complete specialized team for different services and for different actions. It's better to use Azure Security Center. There's no need to go and install anything and it's offering good security.

The licensing cost per server is $15 per month. This is the same for SQL which is also $15 per server. It covers the Defender licensing as well. According to my experience, it's a good deal.

I worked on all the Defenders, ten now, and, right now, we are more focused on Azure Defender, which is a part of the Azure Security Center on the Azure Portal. Defender is actually deployed on servers including other staff services, second path services, servers and community, and SQL databases. On each of these, you can deploy Defender.

This product is a Saas solution that is automatically updated from the Microsoft side. Any clients will not need to update manually.

If you have a hybrid cloud network or hybrid environment inside your organization, this solution will still work for you.

I'd rate the solution at an eight out of ten.

When it comes to Microsoft, the education surrounding Azure services and training is very easily available online without having to make any calls. If you want to join their webinars, you can join. If you want to get any certification, it is almost free for everyone. For a student they offer the training at 50% or 40% of the cost, or if you work at a good company. I did not pay anything for any certification. I have eight certifications from Microsoft. 

There were many use cases. We were monitoring auto IT applications and creating internal processes to understand which ones were going to be allowed and which were going to be blocked. We created the policies internally. 

It's an IT tool to monitor employees' usage on the internet and of web apps. We created policies so that, for example, when employees reached certain websites, like games, they would be blocked. We created a message for the email that they would receive, and there were links for whom to contact if they needed to override it. We created all the processes behind it.

From a security perspective, it reduced the amount of risk for employees, contractors, and users who might try to go to dangerous sites, as we blocked them. It helped us to identify dangerous sites so that we could make decisions on blocking them or not.

The effect on time to detection using Microsoft Defender for Cloud was very positive. The policies we created were providing information as threats arrived. When someone clicked on a website or on a link that was dangerous, it detected that and our team was able to control the situation right away. It was very highly effective because they got a live notification as soon as it happened. It improved things very positively.

It also had a positive effect on time to respond. As soon as an alert was received or something potentially dangerous happened, a process behind the scenes that we created helped them to react immediately.

The first valuable feature was the fact that it gave us a list of everything that users were surfing on the web. Having the list, we could make decisions about those sites. 

Second, it tried to categorize the apps, from riskier to less risky, with a behind-the-scenes algorithm. Even though we didn't use that, it was a starting point for our first review of the applications. We started with the riskiest ones and decided whether each one should be blocked or not. The fact that it provided a risk rating was very valuable. 

And it's very easy to use. Those are the top three.

Six months to a year ago, which was the last time I used the solution, the algorithm that was designed to define whether or not a site is dangerous or not needed to be improved. It didn't have enough variables to make the decision. 

Another thing that could be improved was that they could recommend processes on how to react to alerts, or recommend best practices based on how other organizations do things if they receive an alert about XYZ. 

Also, the complexity in the amount of information for this process could be reduced to facilitate those of us who are implementing and using the system, and guide us as to exactly what is needed.

I used Microsoft Defender for Cloud for a year and a half.

The stability was very high. We never had any issues with it.

With Microsoft products, you can keep adding more information if needed. For the purposes of the tool, it covers everything.

We never used their technical support.

We didn't replace anything with this solution. It was something we added to what was already in place. Our threat department continued to use all the products that it had been using. This one was additional and brought more alerts.

The initial setup was straightforward because the platform was already in place. It comes with the system and you just activate it.

The first phase was creating all of the policies. Then we did a total review of the more than 10,000 apps and we started categorizing them in a different way than the tool does. It was a challenge because what the tool recommended was different from what we wanted to implement. We created our own policies.

We used a security consultant to help us, but that was for the processes we put in place, not for the tool, per se. It was along the lines of, "Okay, when we receive this, what do we do?" They helped us create policies and told us what the best practices are; everything that the tool doesn't give you.

It's very expensive in terms of the need to maintain it actively. You need a group of people in the organization to do the job because if the tool is sending information, a bunch of alerts on policies that we created, and nobody is reviewing it, it is doing nothing. Once you create policies, you have to have a very established group that, based on the design of all of the policies, will follow a process to take action on each of them. Some of them were very complex and some of them were very simple. Some of them were automated and others were escalated, depending on the danger. So it can be very complex, depending on how you implement it in your organization.

The tool doesn't solve the problem, it just gives you the information so that you can solve the problem. Solving the problem takes a lot of resources, a lot of time and, it turns out, money. So it's expensive.

I don't think it saves time because it discovers things that would never have been discovered in any other way.

I work on micro-segmentation for my master's thesis, and I was looking for ways to implement micro-segmentation using Defender. I work on the assumption that small businesses can't implement expensive virtualization solutions, so I'm looking for alternatives to implement micro-segmentation for their network security.

I use the latest version of the solution.

It's a test deployment. I created the entire network. It's more like a laboratory setup.

The solution does what I want it to do. If you're already on Microsoft, this solution comes bundled with it. It's seamlessly integrated, and it improves security because I can determine who can access what applications and who or what my applications communicate with. It improves the transparency and visibility of the traffic in and out of the network of each workload on my system.

The benefits were realized almost immediately.

Compared to other products, it hasn't helped save SOC time or increase efficiency. I'm focused on micro-segmentation, so compared to other products, it wasn't built for that, but it can be adapted to it.

I'm not sure that the effect on my overall time for detection can be measured, but for non-threats, it's almost effective. The notification system is effective too. It lets me know as soon as there's a problem.

I use this solution to natively support Azure. It works seamlessly on the Azure platform because it's a Microsoft app. Its setup is similar, so if you already have a Microsoft account, it just flows into it.

It's very important to me that the solution has the ability to protect hybrid and multi-cloud environments. 

I'm looking to implement the solution in SMEs that might use different environments. Most SMEs don't have the resources to own their infrastructure entirely, so I can't really predict what environment they will be used in, therefore, I need a solution that is flexible enough to work in multiple environments, both online and offline. The only limiting factor is that I can not this solution use on platforms that aren't Microsoft.

The single pane of glass view is very important for me. It's great to be able to see everything at once and go where I need to very quickly. It's also easy to use if you've used any Microsoft product before. It allows me to see everything I want at a glance. I didn't think it was important until I started to use it, and then I realized how convenient it was.

For micro-segmentation, the unified portal has had an effect on my cloud security posture, but it's a lot of work because I have to configure the rules individually. It's difficult to compare this solution to a product like NSX or any other specialized micro-segmentation product, but because I'm trying to get a solution for small businesses that have about 10 PCs or 10 systems at the most.

It effectively defends against known threats. It also updates regularly, so the threat signatures are updated regularly, but I don't know how often the database is updated on Microsoft, so I can't really quantify its effectiveness against either zero-day threats or new threats.

I've only tried it on Azure cloud and it's effective. I've only used it on a single-cloud structure.

Right now, I'm setting rules for incoming and outgoing traffic for different applications.

From my own perspective, they just need a product that is tailored to micro-segmentation so I can configure rules for multiple systems at once and manage it. Instead of having to set up individual rules for individual applications, there should be a system that can allow me to set up multiple rules at once and can automatically update the rules as the infrastructure changes.

The solution is stable.

In general, the scalability is good. It wasn't built for my use case, which is micro-segmentation. If I had 100 systems, it would be a lot of work for me.

I have not had to call or get in touch with them, but there's a lot of documentation online. I've found a lot of what I need without having to contact anyone.

The documentation is excellent. There's a lot from Microsoft and other providers. I think it's a fairly popular system.

It was straightforward. I was the only person that deployed and tested the solution.

Initial deployment took a day, but the initial configuration rule setting took a while because it was my first time using the system.

The first step was to set up the cloud, install some test applications that I needed to protect, and then configure rules for traffic between the applications, and then between the application and external networks.

The solution doesn't really require any maintenance. It's fairly automatic. Once it's up and running, it pretty much works.

The cost is fair. There aren't any costs in addition to the standard licensing fee.

I didn't evaluate other options because I use this solution for thesis research. I researched which solution was the most used cloud and picked Azure.

I would rate this solution six out of ten. 

As a perimeter defense system, I would rate the solution a seven. As a micro-segmentation system or application, I would rate it a four.

As a perimeter defense solution, it's excellent. As a micro-segmentation product, it's not so great, especially if you have a lot of systems. It's not the product's fault because I don't think that's what it was built for.

We have a managed detection and response solution, a type of SOC/SIEM/SOAR product, and we are adding data sources to our solution. We want to have data for our Azure cloud environment as well, so we use Microsoft Defender for Cloud as one of the sources for our Azure environment.

We use it as an extra way to gain trust for our environment. We have purposely secured the total Azure cloud environment with firewalls, application gateways, et cetera, but we also want to have trust in our resource groups. That's an extra line of defense we have for our security.

It helps our teams to have more security awareness because, first of all, they have to think about setting up Defender for Cloud, and the cost of Defender for Cloud is borne by those teams. So they are more aware of protecting their own environments.

It also helps automate routine tasks and the finding of high-value alerts because the alerts sit in the data source itself. It's easier to prioritize alerts.

The main advantage is the detection and response. Threat intelligence helps you prepare for potential threats before they hit. If something is there, we will detect it. And there are special teams threat-hunting through the data.

We have our data sources everywhere, on endpoints and in the cloud. When we find something anywhere, we can act everywhere, because it's an integrated solution. It gives us more possibilities to take action automatically.

We like the security aspect. Most importantly, it's an integrated solution. We not only have Defender for Cloud, but we also have Defender for Endpoint, Defender for Office 365, and Defender for Identity. It's an integrated, holistic solution. In our MDR solution, it's not a Microsoft Sentinel SOC, rather we have a third-party SOC/SIEM and they also do threat hunting for us.

It's really easy to integrate these products. It's just an interface, the Microsoft Graph Security API. We can collect all the data and forward it to our solution. We don't only use Microsoft products as a data source, but all kinds of security products. We have data about our firewalls, our gateways, and our event collections from Windows, but also from Unix.

Sometimes, it's very difficult to determine when I need Microsoft Defender for Cloud for a special resource group or certain kinds of products. That's not an issue directly with the product, though.

I have been using Microsoft Defender for Cloud for less than a year.

It's a very stable solution. I haven't heard of any problems.

It is a scalable solution.

We use it across multiple regions including Europe and Oceania. We have multiple solutions for our data analysis and system development platforms. Our web shops are using it. It's used for almost everything in the cloud. We have about 2,000 endpoints.

Microsoft's technical support is fine. We don't have any issues with it.

Positive

We have a lot of other products, like McAfee, but we are changing everything to Microsoft Defender. We are switching because, enterprise-wide, we want to have one standard for everything to make everything easier to manage. And we want all the data it delivers to be the same. We want one view of the truth for everything.

It's very easy to deploy. That is the least of any problems. It's just a simple yes or no in the cloud. It took 10 seconds.

We have an Enterprise Agreement with Microsoft but we also have a Cloud Service Provider contract with several parties so we can easily get the licenses we need. It's very easy to install. It's almost by default.

The solution itself doesn't require maintenance in the traditional way, but everything we're doing with it is about innovation. We are trying to innovate each platform, and each solution. Innovation is an ongoing business process.

It hasn't saved us money, as it's a cost to our company, but we're safe. It's the same as insurance: If there are no burglars then you don't need it. So it doesn't save costs but it might save you costs if something happens. Safety will cost money, but it shouldn't be too much.

The pricing is very difficult because every type of Defender for Cloud has its own metrics and pricing. If you have a Cloud for Key Vault, the pricing is different than it is for storage. Every type has its own pricing list and rules.

We don't use the full capabilities of Defender for Cloud so I don't know if it is the same as Defender for Endpoint. That solution is autonomous and acts on incidents immediately, based on playbooks for a type of incident behavior. Defender for Endpoint is capable of acting immediately when an attacker wants to encrypt a disk, for instance. I don't know if Defender for Cloud has the same capabilities, but it should.

In the discussion about going with a best-of-breed strategy or a single vendor's security suite, we have a mix. My thought is that I would like to have at least two big vendors, rather than one for everything. That way they can challenge each other.

Overall, I'm happy with Defender for Cloud. We're just at the beginning of using it but we want to extend our own solutions with Defender for Cloud as much as possible.