Skip to main content
TrustRadius
Microsoft Defender for Cloud

Microsoft Defender for Cloud
Formerly Azure Security Center

Overview

What is Microsoft Defender for Cloud?

Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for Azure, on-premises, and multicloud (Amazon AWS and Google GCP) resources.

Read more
Recent Reviews

Defender for Cloud.

8 out of 10
June 08, 2024
Incentivized
Secure Cloud Applications, and we use it to protect Cloud Workloads. We also use it in a DLP capacity to protect cloud workspaces.
Continue reading

Cloud Security Review

10 out of 10
May 20, 2024
Incentivized
It is our very working of security that you use it to protect the other company, avoid attacks. And any other use to protect the company.
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Product Demos

Getting Started with Microsoft Defender for Cloud

YouTube
Return to navigation

Product Details

What is Microsoft Defender for Cloud?

Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for Azure, on-premises, and multicloud (Amazon AWS and Google GCP) resources.
  • Defender for Cloud secure score continually assesses security posture so as to enable users to track new security opportunities and precisely report on the progress of security efforts.
  • Defender for Cloud recommendations secures workloads with step-by-step actions that protect workloads from known security risks.
  • Defender for Cloud alerts defends workloads in real-time so users can react immediately and prevent security events from developing.

Microsoft Defender for Cloud Features

  • Supported: Reduces risk with contextual security posture management
  • Supported: Helps prevent, detect, and respond quickly to threats
  • Supported: Unifies security management for DevOps
  • Supported: Offers comprehensive cloud-native security in Microsoft Defender for Cloud with Defender for APIs security capabilities, now in public preview.

Microsoft Defender for Cloud Screenshots

Screenshot of Remediation of critical issues in codeScreenshot of Cloud security benchmark mapped to industry FramworksScreenshot of Prioritization of critical risks with contextual threat analysisScreenshot of Workload protectionScreenshot of Unified DevOps VisibilityScreenshot of Visualizations to improve security posture proactively

Microsoft Defender for Cloud Video

Microsoft Defender for Cloud - Secure multicloud and hybrid environments

Microsoft Defender for Cloud Competitors

Microsoft Defender for Cloud Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows
Mobile ApplicationNo

Frequently Asked Questions

Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for Azure, on-premises, and multicloud (Amazon AWS and Google GCP) resources.

Amazon Web Services, Google Cloud Platform, and Palo Alto Networks Prisma Cloud are common alternatives for Microsoft Defender for Cloud.

The most common users of Microsoft Defender for Cloud are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(72)

Attribute Ratings

Reviews

(1-5 of 5)
Companies can't remove reviews or game the system. Here's why
June 08, 2024

Defender for Cloud.

Verified User
Executive in Information Technology
Education Management Company, 5001-10,000 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
Secure Cloud Applications, and we use it to protect Cloud Workloads. We also use it in a DLP capacity to protect cloud workspaces.
Pros and Cons
  • Protect Cloud Servers.
  • Identifies threats to storage resources.
  • Protects Cloud Databases.
  • Security Alerts.
  • Infrastructure Service Insights.
  • Reduced Log Analytics.
  • Adaptive application controls.
  • Missing OS patches.
Likelihood to Recommend
Well-Suited Scenarios: Azure-Based Workloads: Microsoft Defender for Cloud is ideal for securing workloads hosted in Azure. It provides real-time threat protection, security recommendations, and compliance checks tailored for Azure services. Hybrid Environments: It works well in hybrid cloud environments where on-premises infrastructure is connected to Azure. This ensures consistent security policies across both environments. Security Monitoring and Analytics: The platform is strong in continuous security monitoring and analytics. It's well-suited for organizations looking to gain insights into their cloud security posture and detect emerging threats. For Less appropriate scenarios: Small Organizations: Small organizations with limited cloud resources may find the extensive features of Microsoft Defender for Cloud unnecessary and complex.
Return on Investment
  • Threat Detection (Positive).
  • Security Monitoring and Analytics (Positive).
  • Limited Azure Usage (Negative).
Environment Setup
Currently our environment is only Cloud, and it is a combination of Azure and AWS.
Threat Reduction
The platform's threat detection capabilities are strong, making it suitable for organizations needing advanced threat intelligence and incident response. I'm not sure of the exact percentage, but it was helpful.
Infrastructure Savings
It does help in a sense, but we still have lots of other third-party products that can do some similar capabilities.
Alternatives Considered
Other Software Used
Users and Roles
10
Systems admins and analysts primarily
Support Headcount Required
10
Cloud Engineers and Systems Admins and Directors of Infrastructure
Business Processes Supported
  • Anti-Virus protection
  • Endpoint management
  • Security posture enhancement
Innovative Uses
  • Antivirus software
  • Offline scanning
  • Security Center
Future Planned Uses
  • Malware protection
  • web protection
  • real-time security notifications
Likelihood to Renew
10
Microsoft Defender is a trusted application that is tried and true. I experience with its effectiveness and I will continue to use it.
Products Replaced
No
Key Differentiators
  • Cloud Solutions
  • Scalability
  • Integration with Other Systems
  • Ease of Use
Scalability with not just windows applications and equipment but will work on MacOS
Evaluation Lessons Learned
Nothing to change, I would consistently stick with Microsoft Defender
June 06, 2024

A Defender of your cloud environment that rarely lets you down!

Yash Mudaliar | TrustRadius Reviewer
Yash Mudaliar
Associate Lead Security Admin
Atidan (Information Technology & Services, 201-500 employees)
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
The only term that answers all the three questions above is assessing the security posture of a cloud environment. A typical cloud environment can have a wide variety of resources which needs to go through an assessment process to make sure that the configurations of the resources are well tuned to be not vulnerable and weak enough for a cyberattack. Microsoft Defender for Cloud (MDC) makes our job easier by automating this task and generating security recommendations. It excels further by providing the associated remediations and impacts for the security recommendations.
Pros and Cons
  • The CSPM functionality and feature of MDC provides thorough recommendations along with their remediation steps. Some recommendations also have a 'Quick Fix' functionality that makes it a one-click fix for the resource.
  • The easy to use and intuitive UI of MDC is another that sets it apart from other CSPMs. It is not only the case for Azure based resources but also for AWS resources as well.
  • The wide array of Cloud Workload Protection Plan features provides a variety of preventative features with an exceptionally detailed logging mechanism.
  • The 'Attack Path Analysis' makes it very easy to find possible attack paths and vulnerable resources within the environment.
  • 'Regulatory Compliance' is definitely an area of improvement for MDC. The complex and high number of controls within a specific framework should allow a more helpful and detailed guidelines in order to tackle them.
  • The limitation of options in the incident management menu of MDC has proven to be a hassle while managing security alerts. For example, an analyst cannot even provide a comment about the actions taken on an incident.
  • There is a missing functionality of connecting other EDR or XDR solutions to MDC which I think should be there for a CSPM tool.
Likelihood to Recommend
MDC is specifically most useful if a client has an Azure presence either in hybrid or cloud only mode. Being a Microsoft native product, it leverages the unified integration of the agent with the cloud resources providing an excellent depth of details in the logs. MDC also proves to be very economical in this specific scenario when compared to other vendors like Prisma or CrowdStrike.

MDC is less likely to be of use if it the client needs a preventative solution or a HIPS solution. Even the CWPP offering in MDC is more of an auditing feature that notifies the security admin of an unusual activity but will not be able to prevent it from happening.
Return on Investment
  • Thye most positive impact is that due to the recurring nature of security recommendations in MDC, organizations are now encouraged to do a more frequent security review of their environment which used to be yearly or quarterly earlier.
  • The detailed categorization of the vulnerabilities and alerts provides organizations with more context and objectives to do a security-based investment.
  • When going for all the MDC plans most organizations have seen a surge on their expenditures which has been a very negative impact.
Environment Setup
We do have an on-premises presence with a few servers especially a DC with a firewall appliance in place. When it comes to cloud, we are only on Azure but with a wide variety of IaaS and PaaS resources including but not limited to VMs, API Management instances, WAFs, SQL and non-SQL DBs, Storage accounts etc.
Threat Reduction
Yes, it has. The number of security alerts are directly proportional to the number of insecure configurations of resources within the environment. By flagging those misconfigurations in great detail along with the required remediation steps, we were able to make our resources more secure and less prone to cyberattacks as before. Wildly speaking, we were able to cut down almost 40% security alerts in the past 6 months.
Infrastructure Savings
MDC has helped us in 3 specific category of tools - CSPM, CWPP and incident management platform. If not for MDC, we would have to acquire these products separately from different vendors giving us an economical and operational overhead. Not to forget, we are also utilizing it as an DevOps security tool replacing an IaC tool. If I were to make an assumption, it is nearly saving us about approximately 15000$/year.
Other Software Used
Users and Roles
9999
The people who use the Defender for Cloud portal are usually from the below teams or business units:
Infrastructure and Security
IT Administration
Regulatory Compliance
Customer Service and Support

There are also teams that uses the portal to create proof of concepts for on-boarding, migration or simply consultation projects for various clients.
Support Headcount Required
999
There will be a dedicated 'Customer Service & Support' (CSS) team to provide support and troubleshooting assistance for any technical or non - technical issues related to Microsoft Defender for Cloud. These people have skills ranging from agent management, vulnerability assessment, incident management, event analysis, and governance management to name a few.
Business Processes Supported
  • Most important use case will be to conduct preliminary compliance audits against a variety of compliance standards in an automated fashion for the various cloud resources.
  • Another one will be to get to know the vulnerabilities across the critical asses across the organization to remediate or at least prevent them from being exploited.
  • Improve the security of servers with the advanced workload protection features like file integrity monitoring, adaptive application control and just in time access.
  • Conduct weekly and monthly security assessments for organizations to assess their cloud security posture over time.
Innovative Uses
  • We have been able to leverage Defender for Cloud as an effective security reporting tool for the various cloud workloads using Azure Resource Graph queries.
  • We have been able to leverage Defender for Cloud as a reliable security monitoring tool using the governance and recommendations feature.
  • We have been able to leverage Defender for Cloud as a reliable code integrity testing tool for our Infrastructure as Code repositories.
Future Planned Uses
  • A part time vulnerability assessment tool
  • A tool for hardening container security
  • A tool to analyze and implement entitlement management across the cloud infrastructure
Likelihood to Renew
10
Defender for Cloud has been acceptable in terms of producing reliable security recommendations for crucial resources like SQL servers, databases, on-prem servers, containers, storage accounts etc. using which we have been able to maintain a good security hygiene as well as be informed about the vulnerabilities and security misconfigurations across these resources.
June 05, 2024

Great and comprehensive cloud security solutions in current market.

Verified User
Engineer in Information Technology
Aviation & Aerospace Company, 1001-5000 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
It is the best cloud security solutions offered by Microsoft which we are using in our organization to protects cloud environment which hosted on Microsoft Azure.
Scope : To protect cloud resources hosted on Microsoft Azure including Azure VM, databases, storage account and web applications.
Business Problems Addressed as below:
Threat Detection and response : It helps in detecting the attack such as malware infections, unauthorized access and provides alerts and then automated responses to mitigate the risks.
Identity and Access management : Helps in protecting user identities and access to azure resources.
Security Configuration management : Identify the misconfiguration that might exposes the vulnerabilities and provides recommendation.



Pros and Cons
  • Scalibility
  • Identity and access management
  • Automated remediation
  • Real Time monitoring and alerts
  • Integration with Non-Microsoft environments
  • Streamline the UI and provide user-friendly guidance
  • Need more customization and reporting.
Likelihood to Recommend
Well Suited : Ideally suited for organizations heavily invested on Microsoft Azure where it will provide security to azure resources. Also it is well suited for identity and access management in Azure. Less Appropriate : Less suitable for organization with Non-Windows environments, Multi-Cloud environments and non-azure workloads.
Return on Investment
  • Positive : Enhanced Security and reducing the risk of data breaches and cyberattack
  • Positive : Resource optimization
  • Negative : Licensing Costs
Environment Setup
We feels our organization resources on Microsoft Azure is safe and secure with the helps of Microsoft Defender for Cloud which protects and provide the security against latest cyberattack and malwares. We only have Azure environment running with windows machine.
Threat Reduction
Yes, Microsoft Defender for Cloud helps us a lot in reducing the number of threat alerts.

It helps in reducing the threat alerts via automate response actions for certain types of threats, such as isolating a compromised virtual machine or blocking a malicious IP address. This reduces the need for manual intervention and minimizes alert fatigue.

Almost it helps us in cut down the threat alerts related to critical and vulnerable to outside attacks.
Infrastructure Savings
Yes, its help in reduce the number of third party products to protect our infrastructure.
Our organization resources mostly hosted on Azure and Office365 so Microsoft Defender for Cloud is best for us and cover many of security needs within Azure environment. It saves us lots of time for us in searching of 3rd party products which provide the security and cover the security needs what we are looking for. By using Microsoft Defender for Cloud which well suited for us in windows environment which cover the security needs what we require.
Other Software Used
Users and Roles
10
Most important it will Protects our organization’s IT infrastructure and data from cyber threats. We are using this for Monitor alerts, investigate incidents, and respond to threats. It provide protection to our end points devices and respond to the threats.
Support Headcount Required
10
It need ability or skills of analyze security alerts, identify potential threats, and understand their implications. Experience in responding to and managing security incidents. Also it need Strong troubleshooting skills to resolve security-related issues and support end-users.
Business Processes Supported
  • Threat Detection and response which helps our organization to quickly detect and mitigate threats, reducing the risk of data breaches.
  • Vulnerability Management which helps us in preventing exploitation by attackers and maintain secure environment.
  • Incident response and automation this is most important and helps when ever any threats or incidents report then immediate response to the threats and reduce the response times.
Innovative Uses
  • Proactively threat analysis which helps in analyze the deep dives into logs and identify the unusual activities and login times or suspicious IP addresses.
  • With helps of defender and integrate to the business intelligence tools for visualization of data like overall security scores, risk assessments and different metric which helps in taking strategic decisions.
  • By analysis past incident data and security trends, identify the patterns which indicates increase of risk of upcoming attacks and take preventive action.
Future Planned Uses
  • With help of Defender to monitor and enforce strict access controls, so that only authenticated and authorized entities can access sensitive resources.
  • Automation of incident response so it will helps in swift and response to secutity threats.
  • With the help of Behavior Analysis which helps in detecting insider threats.
Likelihood to Renew
9
Because it provide utmost security and good threat detection and response. Also its user friendly and scalable.
June 04, 2024

Microsoft Defender for Cloud review

Verified User
Consultant in Information Technology
Information Technology & Services Company, 51-200 employees
Score 8 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Defender for Cloud is being used as a tool on one side to give insights in the security posture (CSPM) of all the workloads, have inventory of all resource, be able to query very quickly for specific resources and the specifics of those. On the other hand it is used a protection tool (CWPP) to protect the workloads in the Azure platform. It is capable to detect malicious behavior on the resources that are protected and actively alert on that.
Pros and Cons
  • The integration with Azure workloads is very good and easy to configure
  • It gives good insights in the security posture, compliancy, and active threats on a broad scale
  • It even integrates as a CSPM in multi-cloud scenarios (GWC/AWS)
  • The licensing structure could be better by providing possibilities for partial deployment in a subscription
  • The information in the dashboards are sometimes scattered, there should be a better overall view
  • Some parts of Defender for Cloud are expensive, some features should be moved to the standard capabilities of Azure
Likelihood to Recommend
When using a medium to large Azure platform it can be hard to stay in control of the configuration and security posture of all the workloads. Especially when they are developed and maintained by different teams. Defender for Cloud is a great tool to get back in control by getting a clear view of all deployed assests, what the posture is and what policies are applied to them. This way you get a better view of the current health of the environment and if any deviations have occurred. Altough it can be used in a multi-cloud scenario it is pretty limited to a CSPM point of view only
Return on Investment
  • It creates a great insight in all assets that are available
  • The CSPM makes sure that certain risk that might have been missed are addressed
  • Being able to query across the data gives great insights in threats and possible vulernabilties for CVEs
Environment Setup
At this moment it is a single-cloud , cloud-only platform. Azure is the main platform for all our workloads, we protect this with all the Defender products, including Defender for Cloud. All alerts an incidents are forwarded to Sentinel for security monitoring. The environment consists of multiple subscriptions, ranging from dev/test to acceptance, production and customer facing subscriptions
Threat Reduction
The CSPM feature really lowers the number of alerts and incidents in Sentinel. Often misconfigurations make that certain incidents will happen and have to looked in to. Now we look at the posture beforehand and try to mitigate a risk before an incident will happne. We do not have exact numbers, but a bad configured azure portal can create quite some noise in the SOC, we can easily lower the number of incidents by 10%
Infrastructure Savings
Yes, Defender for Cloud does do this for us. We now have a vulnerability scanner for example that would otherwise be a 3rd party solution. Things like asset management and attack surface management can now be done from one tool. I do not know what exactly the licensing costs will save us .. but we incorpate 4-5 tools in a single solution now (cloud asset management, vulnerability scanner, security posture, workload protection and ci/cd protection)
Alternatives Considered
Defender has the benefit of all the integration, included licensing for defender for server and being able to start small and grow.

Wiz licensing was too expensive, lacking features like an EDR making it a less favorable solution
Other Software Used
Users and Roles
10
security staff that will monitor and act upon incidents
platform management that will perform the configuration and installation task
compliancy staff who will monitor and configure the compliancy related items. Often the tasks will blend a little between the three defined roles
Support Headcount Required
2
the security consultant / architect will mostly oversee the functionality and capabilities of the defender for cloud solution.

They are security focussed, but know what the platform does, how it works and what de desired configuration should be. They have and understanding of the Azure platform, both from an infrastructural as a security perspective



Business Processes Supported
  • Security posture monitoring
  • Cloud workload protection
  • EDR deployment
Innovative Uses
  • cloud asset management > cmdb
  • Darktrace enrichment
Future Planned Uses
  • DevSecOps > Github
  • Integration with EASM
Likelihood to Renew
8
It is a great product that integrates nicely when running an Azure platform and even multi-cloud environment. Not looking for point-solutions but a suite that answers most requirements.

It is very comfortable being able to use KQL, workbooks and automation that is native to the azure platform
June 04, 2024

Powerful and cost effective security solution for the cloud.

Verified User
C-Level Executive in Professional Services
Management Consulting Company, 501-1000 employees
Score 8 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Microsoft Defender for Cloud is a very powerful security solution that provides protection for all of your devices and cloud servers and as a result we saw a significant decline in spam, phishing attempts and other online attacks after implementing it. And my personal favorite is the vault feature which gives me a totally isolated space to keep my documents which can't be accessed by others unless they have a pin and a passphrase which is given by me. Also from time to time, it runs a full system scan on our devices and provides us with security recommendations if needed.
Pros and Cons
  • Quite easy to set it up and start monitoring all your devices and cloud servers.
  • Automatically scans your devices at a fixed time interval that you can easily set within the app.
  • Again, my personal favorite, the vault feature is a fantastic way to protect your important files.
  • Just like any other security solution, it also has false positives but they are very few and occur rarely.
  • Had some issues while integrating it with google cloud.
  • Again, integrating with devices or systems that are not from microsoft may cause some issues.
Likelihood to Recommend
As we were already using Azure, Microsoft Defender for Cloud was the best choice for us. As it was much more easier to integrate with Azure and it does not cost much. Also as Microsoft is a very reputed company, they have very strong security against spam and any online threat.
Return on Investment
  • Easily integrated with our existing Azure servers.
  • Consumes less resources and runs a full system scan on fixed intervals.
  • Much cheaper and more powerful than other similar solutions.
Alternatives Considered
Users and Roles
20
Support Headcount Required
20
The people who use Microsoft Defender for Cloud are mostly security analysts and people who have a good amount of experience in handling online cloud providers like Microsoft Azure.
Business Processes Supported
  • 24/7 protection as it runs silently in the background.
  • Has a secret vault feature to protect important files and documents.
  • Provides detailed logs for further analysis by our security analysts.
Innovative Uses
  • Even though other similar security solutions could detect and provide logs about that threat, none of them provided such detailed logs as Microsoft Defender for Cloud does.
Likelihood to Renew
9
Return to navigation