Microsoft Defender for Cloud

Formerly Azure Security Center

Cloud Security.

Threat protection.

Vulnerabilities scan and problems.

Ease to use.

Security goals.

Price

SQL Vulnerability alerts

App Service malicious components

Storage Accounts malicious file detection

Security score and recommendations

Options for viewing vulnerability assessment parameters

New GUI for enabling protection for resources

Options to provide customers with monthly reports

Cloud Security Posture Management

Cloud Workload Protection Platform

Attack path analysis

Regulatory compliance

Automatic Remediation

CSPM

Flexibility in selecting particular resources rather than selecting the whole service.

detect and respond to security threats in the cloud environment, reducing the risk of data breaches and unauthorized access.

The product assists our organization dealing with sensitive data in achieving and maintaining compliance with data protection rules.

The product provides real-time visibility into the cloud environment, offering insights into ongoing security activities.

It guarantees that security teams can actively handle possible threats by delivering real-time monitoring and notifications, reducing the impact on business operations.

Granular permissions and role-based access management could improve security. This would enable organizations to control who has access to and can set specific features.

While it offers integration with various Microsoft services, expanding support for third-party cloud platforms and applications would enhance its versatility. Many organizations use multiple cloud providers, and broader compatibility would be advantageous.

The cost structure could be more transparent, especially for larger organizations with extensive cloud resources. Clearer cost breakdowns and predictions would help organizations budget more effectively.

The CSPM functionality and feature of MDC provides thorough recommendations along with their remediation steps. Some recommendations also have a 'Quick Fix' functionality that makes it a one-click fix for the resource.

The easy to use and intuitive UI of MDC is another that sets it apart from other CSPMs. It is not only the case for Azure based resources but also for AWS resources as well.

The wide array of Cloud Workload Protection Plan features provides a variety of preventative features with an exceptionally detailed logging mechanism.

The 'Attack Path Analysis' makes it very easy to find possible attack paths and vulnerable resources within the environment.

'Regulatory Compliance' is definitely an area of improvement for MDC. The complex and high number of controls within a specific framework should allow a more helpful and detailed guidelines in order to tackle them.

The limitation of options in the incident management menu of MDC has proven to be a hassle while managing security alerts. For example, an analyst cannot even provide a comment about the actions taken on an incident.

There is a missing functionality of connecting other EDR or XDR solutions to MDC which I think should be there for a CSPM tool.

The integration with Azure workloads is very good and easy to configure

It gives good insights in the security posture, compliancy, and active threats on a broad scale

It even integrates as a CSPM in multi-cloud scenarios (GWC/AWS)

The licensing structure could be better by providing possibilities for partial deployment in a subscription

The information in the dashboards are sometimes scattered, there should be a better overall view

Some parts of Defender for Cloud are expensive, some features should be moved to the standard capabilities of Azure

Easy view of vulnerabilities

Detects vulnerabilities in real-time

Saves time and reduces risk

Scalibility

Identity and access management

Automated remediation

Real Time monitoring and alerts

Integration with Non-Microsoft environments

Streamline the UI and provide user-friendly guidance

Need more customization and reporting.

Great UI

Easy to use

Good documentation

Great detection rules

UI filters are sometimes off, and does not provide necessary fields

Limited results from log data

Cloud Security.

Cloud Workload management.

Cloud Compliances.

As AI is on trend so to integrate some AI tools with it is also necessary.

To integrate Defender with some app is still difficult for beginner.

Some UI changes could be improved.

Protect Cloud Servers.

Identifies threats to storage resources.

Protects Cloud Databases.

Security Alerts.

Infrastructure Service Insights.

Reduced Log Analytics.

Adaptive application controls.

Missing OS patches.

Helps build secure cloud-based applications.

Implementation of good security posture by using free CSPM capabilities.

Early detection of potential threats to the application and the architecture.

Better training and documentation for implementing and using the tool.

Custom user policies can be implemented with more ease.

Scanning and protecting the GenAI and LLM-based applications.

Integration with OWASP LLM top-10 vulnerabilities can be very helpful.

Good scores.

Built into windows.

Cheaper than competitors.

Kind of slow.

Lacks advanced features.

Integrates with Azure AD & M365 very nicely.

Protects from malware & ransomware.

Very good dashboard providing good picture of any threats.

License model is a bit confusing based on options.

Menu options being moved around making them hard to find.

Longer ramp up time for new users of the product.

Provide security score

Provide remediation instructions

Provide security analytics

Incorporate AI in assisting with remediation

Provide better customization for alerts

Less focus on windows defender application for remediation

It's good for alerting for sure. Good for helping set up access policies. And I guess it's good for just overall cloud security posturing in general.

I guess it can be kind of confusing for some of our clients. They don't really know the full features. They don't really know how to use it or a lot of times they have it and they don't know all the features that they have available to them to use.

The log signals are excellent, so you can see who's logging in from where. Just user analytics is really great.

None. I don't know. I can't think of any.

I'd say the logging of events is quite well done and it feeds into Splunk really well. I think that's about the most experience that I've had with that or more recent experience that I've had with.

I don't know if it's necessarily related, but I know that when we're spinning up new resources that we're going to be testing, especially when they're cloud related, we've had issues configuring to the defender for cloud to work the way that we would like, but that might just be a lack of knowledge on our side on how to set it up correctly. So it takes a bit of trial and error to get everything working.

I guess it's kind of hard because I'm not the day-to-day guy in there, so we're coming away from Proofpoint, so we are trying to bundle a lot of our Microsoft subscriptions together. I would say moving away from those products, it's a good holistic solution to have a lot of Microsoft different points being able to communicate with each other and make better security decisions off of it.

So we use a lot of Elastic logging today still, and we still send some of our logs there for correlation and detailed correlations to make decisions. I would say better information on a dashboard. We were able to correlate some better stuff in Elastic. It's really probably my only thing I would say.

Continuous security posture management

Provides secure score

Provides Advance threats protection

Provides regular resource assessment

Also able to assess different vendors machine like aws gcp

Should provide free trial more than 30 days

Should assess the other resources apart from compute

Should improvise the in the server plan 1

Possibility of customizing security metrics.

Robust integrations with other Microsoft services (DCU, MSRC).

It is not easy to use.

The most common complaint is related to usability.

Automation is crucial to managing sprawl and the additional complexity that comes with it. SOC management workbooks and process automation give significant flexibility.

The Security posture score and Security Alerts are neatly centralized and offer me crucial information quickly.

Defender for Cloud avoids the common compromise of simplicity for completeness (former Azure Security Center). The security warnings and advice go into great detail while remaining current and useful.

Navigating through the Azure portal with all the flyouts may be tedious, especially when time is of the essence.

Adding cost estimates to security suggestions would be a great improvement.

For the queries and workbooks, another language must be taught; it would have been ideal to keep it close to T-SQL or something similar to avoid learning new syntax.

Generates a "secure score" that gamifies the remediation process.

Automation of some of the remediations that can be done. "Fix it" button.

Defending hybrid or other-cloud resources and easily onboarding them.

Just-in-time VM access

You need to spend time learning the platform as it's not a simple 'subscribe and start'.

Firewall manager is a bit complicated, it could be simplified and not another portal link.

Microsoft could do a better comparison job against this product and others that do similar features/overlap.

Recommendations could be more descriptive of the possible outcomes after resolution.

The UI is really clear and easy to navigate.

Sorts recommendations via Severity.

Really like the identity secure score.

Still shows an action in improvements when it's been completed.

Sometimes you end up in a new browser tab and you can't get back to the previous screen.

Endpoint security on Azure VM's

Email Security

Reporting and hunting

remediation

It can be very overwhelming when first using it. It's very comprehensive.