Microsoft Defender for Cloud Apps Reviews

I work with Microsoft Defender for Cloud Apps by monitoring issues users have with applications, creating policies, reviewing incidents notified by Microsoft Defender, and taking measures to mitigate these issues.

Microsoft Defender for Cloud Apps is very comprehensive, providing a complete 360-degree view of applications within an organization. The tool offers a scoring system that helps track progress in securing the network and endpoints, and it alerts users to security issues in applications.

The documentation could be improved as it is not updated immediately when Microsoft makes changes. Users must wait a few weeks for the changes to be reflected in the documentation.

I have been using Microsoft Defender for Cloud Apps for maybe three years.

Deploying Microsoft Defender for Cloud Apps was easy for me, as long as there is an organized approach and a good technology partner to assist during deployment.

Microsoft Defender for Cloud Apps works very well and I have not experienced issues with stability.

Microsoft Defender for Cloud Apps is very scalable, provided you have the right subscription. Without the appropriate license, scalability is limited.

The support is excellent, and the speed of response is commendable.

Positive

I used Sophos before, and although it's a good tool, I prefer Microsoft Defender for its comprehensive integration with endpoints and firewalls.

The initial setup of Microsoft Defender for Cloud Apps was easy, especially with support from a technology partner.

We had assistance from a Microsoft partner and other companies during the implementation.

The pricing for Microsoft Defender for Cloud Apps is acceptable. If a product is of high quality, it justifies the expense.

I evaluated Sophos as an alternative solution.

No further improvements are needed for now because the suite is very complete. I give Microsoft Defender for Cloud Apps an overall rating of eight out of ten.

Other

We use the product mainly to manage the accounts for Single-Sign-On purposes.

Microsoft Entra ID has improved privilege access management for our organization. We can manage who has access to which account.

The product helps us with privileged identity management to control who has access to what and for how long.

There could be more granular roles that are out of the box included in the product. I guess it would help people who aren't as savvy. Right now, I have to create many custom models for different use cases. It would be great if roles were more geared towards specific use cases to cover multiple aspects. In a case where a role is for a security admin, it could grant roles that are needed and not too many unnecessary roles. For example, it gives the security admin some access to the compliance portal, but the executive may not need that access. So it could be more granular.

We have been using Microsoft Entra ID for three to four years.

The product's stability is pretty good. We never really encountered outages. They are very rare.

We have approximately 1000 Microsoft Entra ID users in our organization. The product has great scalability. That's why we moved to the cloud. We need more roles. It will help us a lot as it grows. Microsoft is already adding more roles within the PIM environment, but the more they add, the more users will go to the cloud.

Microsoft's support services are good. They responded quickly whenever I had questions and sent emails or reached out for anything.

Neutral

We have used Azure AD groups initially. Then, we continued grouping within the security groups and only had a designated cloud once we moved to PIM.

The initial setup could have been done better in our organization. That was one of the reasons I was hired. I had to reset and architect the whole process. It was relatively straightforward.

The product is deployed on a hybrid cloud, including Azure, GCP, and AWS clouds. It is used across a few departments, mainly within their IT realm, marketing, and other departments. But for the most part, it's just those two groups currently using it.

I implemented the product myself.

The product's pricing seems fair.

I rate Microsoft Entra ID an eight out of ten.

Set up your environment correctly first. Take your time to figure out how you want to use it, such as PIM and other use cases. Ensure you set it up properly and then create custom roles when needed. Don't overaccess people; that'd be the main advice. It keeps being upgraded by Microsoft. There are constantly new features getting added. If there's some feature you don't see now, it could be there later. We initially wanted a few features that were added later on. Thus, there's always room for growth.

The product provides a single pane of glass for managing user access for the most part. It helps manage the roles better in one area. It becomes easier to use that way. I don't know if we necessarily use verified IDs. But we typically use HRID just to enforce MFA and other processes.

Initially, the product saved a lot of time because we could create dynamic roles for people with the right access. However, as we move more to the cloud, creating more custom roles saves less time. It still has pros in terms of granular roles.

It easily saves two or three daily tasks per person or user we're onboarding. Let's say it's a good amount of time, especially with the dynamic groups. Each PIM role gets activated as well. I would say it saves 20 to 30 minutes per user account activation.

We utilize Microsoft Defender for Cloud Apps in conjunction with Defender for Endpoint. This enables the Cloud App to effectively block unauthorized websites for users. Additionally, it allows us to prevent users from accessing malicious sites, and we can restrict user access based on their device compliance status.

Microsoft Defender for Cloud Apps offers visibility into the usage of enterprise applications and the connections established from both authorized and unauthorized locations and devices.

Microsoft Defender for Cloud Apps, in conjunction with Defender for Endpoint, helps prioritize threats throughout our enterprise by reviewing them, identifying devices with vulnerabilities, and providing us with criticality assessments and recommendations on resolving the issues.

We utilize the complete Microsoft Defender suite, which includes Defender for Endpoint as well as Defender 365. The integration is seamless; we only need to onboard Defender for Endpoint, and it functions exceptionally well.

The integrated solutions work natively together to provide coordinated detection and response across our environment. If Defender detects a malicious email, it will notify me of the detection, block the email, and apply the same actions to all the emails that match the same criteria.

I appreciate the comprehensiveness of the threat protection offered by Microsoft security products due to their functionality and ability to integrate, which other products may not offer.

Microsoft Defender for Cloud Apps has helped improve our visibility and response time.

It helps automate the discovery of high-value alerts. The solution can identify malicious threats and subsequently block the threats while disabling the compromised account automatically.

Microsoft Defender for Cloud Apps has helped us save time through the visibility it provides.

Microsoft Defender for Cloud Apps has significantly reduced our time to detect and respond by several hours through its integration with the rest of the Microsoft Defender suite, thereby reducing our troubleshooting time.

The most valuable feature is its policy implementation. Even public websites are directed to the Microsoft Net proxy, where we can establish policies to determine whether to block, authorize, or manage devices.

Currently, we are only able to utilize the policies for blocking threats. I would prefer to have filtering options incorporated within the policies, enabling the solution to perform tasks beyond mere blocking or allowing.

I have been using Microsoft Defender for Cloud Apps for one year.

Microsoft Defender for Cloud Apps has been stable thus far.

Microsoft Defender for Cloud Apps is scalable. We are not limited by Microsoft in terms of the number of users or devices.

The initial setup is not straightforward due to the numerous meetings beforehand, and the Microsoft documentation can be overwhelming. However, once we familiarized ourselves with the interface, it started making more sense. 

The deployment process took over three months. Initially, we tested the solution to become familiar with it before deploying it to a small number of users. Once we were confident that everything was working correctly, we proceeded to deploy it to all users. Two system engineers were required for the deployment.

The implementation was completed in-house.

We have seen a return on investment with Microsoft Defender for Cloud Apps.

We utilize the Microsoft E5 licensing, which encompasses the entire Microsoft suite; however, it is costly. Furthermore, there are supplementary expenses associated with add-on modules.

I rate Microsoft Defender for Cloud Apps an eight out of ten.

Microsoft Defender for Cloud Apps promptly generates an alert upon detecting a threat. However, I do not believe it has the capability to proactively defend against potential threats.

It is deployed in one environment with 50-plus users.

No maintenance is required from our end.

I recommend that anyone evaluating Microsoft Defender for Cloud Apps should read through all of the documentation first.

Public Cloud

Microsoft Azure

We primarily use Microsoft Defender for Cloud to secure and provide controlled access to our applications. We have a few hosted applications in the cloud, including some of our critical applications. We need a solid firewall and security setup in the cloud to protect all those applications. Microsoft Defender for Cloud serves this purpose because it provides efficient security for our cloud applications. Its controlled auditing and other filtering setups also offer uninterrupted access to users. 

We use Defender for Identity and Defender for Cloud. Integrating the two is entirely straightforward. Once we deploy Azure or any other Microsoft services, the integration between each product is released. You can integrate Defender for Cloud and identity management with a click. Both are security features that have to work. If we get a similar log issue from Defender for Cloud, this log is automatically passed to Identity to check if there is any mismatch or identity-based concerns. It'll correlate the logs and easily identify the issues.

These solutions work together natively, each addressing a different security dimension. We prefer this identity-based solution focusing on user identity security, whereas Microsoft Defender for Cloud App concentrates on applications. Application security is the priority in this. Application security also requires identity management because users will be accessing applications based on identity rules. If the identity policies are met, it will easily access these applications hosted in the Cloud. Microsoft Defender Cloud has separate policies to maintain specific access for users based on their privileges, so it is all correlated.

It should work in correlation because we are not using a third-party product for all this security. We expect a solid correlation because everything is the legacy software of Microsoft. We are using multiple Microsoft products with Azure, including OneNote, OneCloud, etc., and every product requires security in each layer. We have numerous layers of protection in Microsoft. Each layer must be correctly oriented and governed by a set of policies so that each level satisfies the user policies and each policy forwards to the next level. So in that way, Microsoft has a different level of setups, and this Microsoft Defender for Cloud is one that last setup.

Our cloud strategy will change as we move more applications to the cloud, and all require security. As we migrate more into the cloud, our security becomes more complex. Once we have applications deployed in the cloud, it is better to have a single vendor for all the security solutions because Microsoft has a solution for each aspect of the application setup. Microsoft provides enough security features that we don't require any third-party applications. Each layer has to complement another layer. Because it is a one-vendor Microsoft solution, it's easy for us to identify and troubleshoot issues. I prefer a single solution rather than a multi-vendor solution.

Defender for Cloud Apps is an efficient option for protecting applications you use when working. They can be controlled to avoid risks or loss of information because most of our activities are pretty confidential. We don't want to share this application with many people. Since it is in the cloud, we have less control over that. After deployment, Microsoft Defender for Cloud Application maintains a stable, secure, and efficient security process in the cloud. 

It has different tools to guarantee this security, including various policies, classic control mechanisms, algorithms, and a threat database. It completely solves our security concerns about our cloud applications.

Defender helps automate security tasks. Traditionally, we would require a SIEM tool or costly antivirus software to implement this solution in the cloud. We would need a SIEM solution to analyze data. Most premium antivirus features and threat database features are included in this solution. 

Defender's dashboard has simplified our operations somewhat, but we still require different dashboards for each security setup because we continue to use traditional antivirus software for our on-premise environment. We will have multiple tabs related to security. Each layer of protection has different accounts, and you can browse the options. We need to browse the options and check everything. 

Microsoft Defender has a fantastic dashboard because every option is available in the dashboard. Most of the alerts are found in the dashboard. We just need to click on that to see their issues. Their highly rated issues can be easily checked from the dashboard. Most of the essential features are covered in the dashboard.

The solution helps us be proactive about threats because it features an updated database of the current threats that are most significant in the industry. Some of the cybersecurity threats have been mitigated by most of the antiviruses. Defender's AI-based mechanism can handle novel threats and malware, whereas many antiviruses use application signatures. 

It has saved us some time spent on configuration. Configuring on-premise and cloud applications separately is time-consuming, but Microsoft Defender for Cloud reflects configuration changes in the cloud to the on-premise applications. Everything mainly works as a single network, so it cuts the time spent on the configuration in half. Financially, it has cut our costs by about 20 percent.

It has also considerably reduced our time to detect and respond to threats. Some antivirus solutions won't catch a threat until it has reached more than half of our network. Still, Microsoft can detect a threat once it comes to the perimeter area with advanced artificial intelligence technology. Defender has reduced our detection and response time by about 60 percent. 

One of the most valuable features is auditing. Some of the other protection services have issues with auditing. Microsoft Defender for Cloud has an excellent auditing technique that helps us avoid the risk of filtering or information loss. You can use different tools to guarantee these things. It allows you to conduct an in-depth exploration of applications, users, and files that are harmful or suspicious. You can also enhance your security setup by creating personalized rules or policies that help you better control traffic in the cloud.

As administrators, we have a clear view of all the threats in the cloud. We can even restrict access or provide limited access to the users, which is an essential way to protect your information. From the dashboard, we can see all the permissions and which users are currently accessing the applications. We can constantly monitor each user and the critical applications.

Defender has a threat database that automatically updates to include the latest threats in the industry. It also helps us prioritize by categorizing the threat levels in the dashboard, so we can act accordingly. Defender tells us the high-level threats that require immediate action, whereas some simple threats can be easily mitigated or ignored. 

Microsoft has bidirectional capabilities. When any changes happen on-premises, they will also be reflected in the cloud, while changes in policies we enact in Microsoft Defender for Cloud will be completely reflected on-premises. It's a great boon. We don't need to configure every step on-premises, which is a time-consuming process.

We sometimes get errors when we create policies, which is somewhat annoying because some policies stop working due to misconfigurations. We find this challenging because it limits our options for troubleshooting an issue. 

A user policy might be disabled due to some minor issue, but it affects the policy for the entire group of users. It takes some time to troubleshoot it, find the issue, and correct it. 

I have been using Defender for Cloud Apps for six years.

Defender for Cloud Apps is completely stable.

Defender for Cloud Apps is highly scalable. I rate it 10 out of 10 for scalability.

I rate Microsoft technical support 10 out of 10. Their technical support is excellent.

Positive

The deployment was simple, and it took around two days.

The implementation strategy was straightforward because we had some on-premise policies we needed to mirror in the cloud. We already had a set of rules for each user we needed to create in our cloud application process. We need about two people to monitor security, take necessary actions against security concerns, and modify application rules.

We see a return on investment because some of these cloud apps are critical and they're restricted. We have payment-related features that require the highest security. Guaranteeing a secure environment for the app users delivers a huge return because there have been no security breaches or unauthorized access in the past few years. I would estimate the ROI is about 60 percent. 

The pricing is in the middle. It isn't too cheap or expensive compared to other antivirus or security products. It is priced according to industry standards.

I rate Defender for Cloud Apps 10 out of 10. I would recommend Defender for Cloud if you are concerned about the security of cloud applications. Azure deployments are easy to protect with Microsoft Defender for Cloud. I suggest trying Defender for Cloud for at least one application. If it works for you, you can scale up to multiple applications.

We use Microsoft Defender for Cloud Apps for endpoint management.

It is good for compliance and is effective from the standpoint of risk management.

The most effective features for data protection are data loss prevention (DLP) and data classification.

The product is very good so far, however, it would be better if it could include more up-to-date threat protection.

I have used it for almost two to three years.

The solution is stable, and I would rate it a nine out of ten.

The solution is scalable, but I would rate it between six to seven out of ten.

Microsoft technical support is very good, and I would rate it nine out of ten.

Positive

The setup process usually takes five to six hours. However, from installation to configuration, it took a lot of time in our case.

The maintenance is done by a different team, and we support that maintenance.

There is financial benefit from using the product, however, I don't have the numbers currently.

Honestly, it is expensive. I would rate the price as eight out of ten.

It is always better to contact the technical team for any feedback because they are the engineering team.

I'd rate the solution nine out of ten.

Hybrid Cloud

Other

We use Defender for Cloud Apps for shadow IT discovery and managing cloud applications. We use all Microsoft security products, including Defender for Endpoint and Sentinel. Our company has a SOC team that investigates and remediates security incidents in the Sentinel portal.

We only need one dashboard for all Microsoft security products. Sentinel acts as a central system for monitoring and investigating all security data. It's a single feed that covers many solutions.

Defender for Cloud Apps saved us about 20 to 30 percent of our time. We've also saved money. I estimate it's about a 10 percent reduction in costs, but I'm unsure. 

Shadow IT discovery is the feature I like the most. Defender for Cloud Apps provides excellent threat visibility. The solution helps us prioritize threats across our enterprise. We use all Microsoft security products. I had no problems integrating or managing them.

Microsoft's security solutions work together natively to deliver coordinated detection and response. We use Sentinel to ingest security data, which is essential. Sentinel allows us to investigate and respond to threats from one place. I like Sentinel because we can collect logs and data to identify suspicious activity in our environments and establish rules for triggering threat alerts. 

Defender for Cloud Apps is primarily useful for Azure apps. It has limited capabilities for applications based on other cloud platforms. Microsoft security products are excellent in the detection phase, but they should have more features for the response component. 

I would like to see a mobile app for managing Defender for Cloud Apps. We currently use the cloud dashboard, but it would be nice if Microsoft offered more solutions for managing the product. 

I have used Defender for Cloud Apps for one year. 

Defender for Cloud Apps is stable. 

Defender for Cloud Apps is scalable. 

I rate Microsoft's support a ten out of ten. 

Positive

Deploying Defender was a little complex, but it only took a few days. Some of the documentation isn't clear, so I'm a little confused. It doesn't require any maintenance after deployment. 

I do not think Defender for Cloud Apps is expensive.

I rate Defender for Cloud Apps a seven out of ten. It's better to go with a single vendor for all of your security products. When I introduce Defender for Cloud Apps to our customers, most of them have the license, but they do not understand the capabilities. The first thing I do is explain Defender's coverage and functionality, so they understand which features they can apply to their environment. You need to generate a list of requirements first. 

Public Cloud

Microsoft Azure

We use Defender for governance, discovery, and application awareness. It's also useful for detecting shadow IT and anomalous user behavior. 

Defender helps us control which applications are being used and gain more security insight into remote and hybrid users based on user identity and login location. You can also integrate Defender for Cloud Apps with Defender for Endpoint to extend its capabilities.  

Defender saves us time. I can't quantify that because I never track it, but it has helped me quickly discover issues and get a sense of the users' applications, locations, etc. Defender saves money because I've eliminated some tools and tasks that I previously completed manually. I can do some tasks in one hour that used to take me three. 

Defender integrates with MDE, and there's no agent, so everything happening on the endpoint is reported back to Defender. Defender for Cloud Apps is tightly integrated with Defender for Identity.

The solution provides excellent visibility into threats. I rate Defender for Cloud Apps an eight and a half out of ten for visibility. 

I use all of Microsoft's security products, and they work together natively to deliver coordinated detection and response. Each solution is outstanding by itself, and I can coordinate between them by pumping the alerts and incidents into my SIEM. 

Bidirectional sync is crucial because I'm a consultant, and I have yet to find a customer who uses only one cloud. 

We use Defender with Microsoft Sentinel, which ingests data from our entire ecosystem. This functionality is essential because I can investigate threats and respond from one place. I can respond directly from Sentinel about 50-60 percent of the time using its SOAR capabilities. 

Sentinel's built-in UEBA and threat intelligence are excellent and getting better every day. In terms of cost and ease of use, Sentinel is the best cloud SIEM and better than 90 percent of on-premise solutions. Even Google products can't compete. 

Defender for Cloud Apps could come with more configured policies out of the box. Also, integration could be easier. Integration is moderately difficult because Microsoft hasn't developed a solution that unifies device onboarding and management. You have to use Intune to manage devices and Defender for Endpoint to enforce policies. They need to fix their integration, but I believe they will straighten it out by the end of the year.

Defender has become more stable over the last year.

I've never faced any limits on scalability. 

I rate Defender's support a seven out of ten for responsiveness, but a ten out of ten for their knowledge of the product. Once you finally get someone, they're an expert. 

Positive

We switched to an all-Microsoft shop because they're integrated.

Deploying Defender is easy. You subscribe to it and enable it within your cloud tenant. I got it deployed in one day. Defender requires no maintenance because it's a SaaS product.

Defender is cheaper than the product we replaced.

Defender is built into the E5 license, so it's simple. 

I rate Microsoft Defender for Cloud Apps a nine out of ten. Give it a shot. It's easy to deploy and doing a PoC is easy, and you'll get good insights into where to direct your efforts as far as doing your mind produces.

I'm a firm believer in getting all of my security solutions from one vendor. A best-of-breed strategy introduces an entirely different security risk from integrating products that were not designed to work together. They don't produce cross-actionable intelligence insights with the products. You also need to have an expert in all of the vendors you use, and you will be in a difficult position when that person leaves until you can find a replacement.

Public Cloud

Microsoft Azure

Mainly, companies use it for end-user compute devices. 

It has provided more centralization for managing endpoint security. We have greater flexibility. We can have people manage it from anywhere. I could be working from home or on-prem. That's a great thing about the cloud. The portal is accessible anywhere in the world as long as you have an internet connection. It doesn't really limit you from where you can work or manage it.

It's an in-depth tool. It pretty much logs the events line by line, and with the portal, it just makes it searchable on a wider basis. We've got greater visibility than we used to have from historic products.

It helps to prioritize threats across the enterprise. Your AV is now your footprint, which means you can footprint files faster than you can provide a patch. That is the whole idea of security solutions these days. Sophos used to pioneer using file footprints to basically stop stuff at the front door. So, if you got an EXE or something else, such as a JavaScript file or JSP, or any nefarious malware, Trojans, they footprint the file. Such a file will get scanned and blocked. That's the whole idea of it. It can't ever execute on the machine. 

It helps automate routine tasks and the finding of high-value alerts. It allows us to pinpoint threats and automate the boring stuff. Any automation or AI is a good thing.

It eliminates having to look at multiple dashboards and gives one XDR dashboard. I've one dashboard, and it's a unit. So, there is a unified approach. 

Having everything in one place helps because the engineers don't have to log into multiple places to find something, and they can put in best practice rules quicker. If they want new ASR rules, they can put them in. One of the things that security engineers do is create alerts in there. If they want to alert for a specific threat and just create a query, they'll run it through the system, or they put an alert for specific file extensions that might execute, such as ICU.7ZZ. There are code obfuscations and file obfuscations, and they can search for those things. They'll put alerts on for them.

This centralization saves us time. Because it's all in one portal, we can search across all endpoints we manage. That's the whole idea. The automation has probably saved an engineer between 10% to 20% of the time. It's something we just plug in and leave to work. It gets tweaked every now and again. Since I have implemented it, the tickets I've got from the security department and the infrastructure have gone down to about 10% to 15%. Once the rules are in place, they're there forever or as long as the product life cycle lasts.

I am not sure if it has saved us money because that's finance-related. It's probably more about uptime if you can keep threats off the end-user devices and don't have to rebuild them. I don't recall seeing a virus on my PC here in the current client I've worked for in the last five years. If you got a virus on the device, you just have to rebuild it. I don't remember having seen any rebuilds here. They are only for new users.

It reduces the time to respond. Your portal is a few clicks away. The fourth-line engineer can assist the security department within five minutes. Generally, we just get a Teams message if they need assistance or they raise a ticket. It depends on if it's a structural change or if it's a reactive response.

On-demand scanning is the most valuable feature. In addition, it's a fairly fluid product. It syncs back to the cloud and provides metrics. It's pretty intelligent.

They need to improve the attack surface reduction (ASR) rules. In the latest version, you can implement ASR rules, which are quite useful, but you have to enable those because if they're not enabled, they flag false positives. In the Defender portal, it logs a block for WMI processes and PowerShell. Apparently, it's because ASR rules are not configured. So, you generally have to enable them to exclude, for example, WMI queries or PowerShell because they have a habit of blocking your security scanners. It's a bit weird that they have to be enabled to be configured, and it's not the other way around. Normally, you'd expect when something is not configured, it doesn't enable itself, but for the purpose of this, apparently, Microsoft has told us to enable them. So, you've got to enable them because they keep flagging and blocking products even when they're not configured. It was just an oversight in the design department when they deployed an update to the feature, but I'll live with it.

I'd like to see them automate best-practice antivirus rules. If you search Microsoft best practice antivirus exclusions, there are virus scanning recommendations for antivirus computers running Windows or Windows Server. There is a whole list to exclude the most common things, which could be anything from NTFRS, check folders, temp.DB, or EDBs. There are a lot of things for group policy extensions, exclusion, etc. This is a list of best-practice antivirus rules, but they still have to be implemented manually. In Sophos, five or six years ago, if it was a SQL Server, they automatically included the rules to exclude certain folders or file extensions when doing on-demand scanning. I'd like Microsoft to do the same.

I have been using it in my professional capacity for five years.

It's greatly stable.

It's definitely scalable. My current client has 2,000 users.

They're excellent. I would rate them a 10 out of 10.

Positive

I've previously used Symantec, which for some is the greatest product. My top two are Sophos and Microsoft Defender for antivirus or web filtering. Symantec doesn't really come close to these two.

Microsoft Defender is probably now accepted as the best product on the market for antivirus and web filtering. Five or ten years back, there were Symantec and others, but Microsoft has basically built a competitive product to rival those that used to do this kind of thing. Businesses are just happy to accept that it works. It's expensive, but it does what it says on the tin.

The legacy products, like Symantec, on servers and clients no longer work. They require a lot of manual configuration, and they also don't protect the PC or server as well as Defender, which is also more cost-effective. It's already built into your home PC's operating system. If you've got a business PC, it's built-in. With Defender for Cloud Apps or Defender Endpoint management or InTune, you've got the management of the PC, which is what this pays for.

It's cloud-based and deployed through InTune. The device has to be registered, and the device also has to be in the right license period.

The initial setup is straightforward. We use InTune to roll it out. The actual component is already on the Windows PC. It's called Windows antivirus or Defender. From the business side, by putting the devices in InTune, we can gather the metrics from the PC through Defender for Cloud Apps, or the Defender Endpoint management portal. It gives you a bit more management of the PC from that perspective.

In a reasonable deployment, it takes at least a week to deploy. The PCs have to be in InTune first to roll it out, and then, it's generally a matter of just switching on the feature.

For most businesses where I worked, it took a period of time to realize its benefits from the time of deployment. As the product got developed and became more mature, it got greater functionality in the end. It's now a mature product. The initial deployment was done when I was here, but I've been involved in enabling the maturity of the product's life cycle. There were always lots of tickets for changes regarding Microsoft Defender for Cloud Apps. It's a very intelligent product.

In terms of the number of people, sometimes, you need one person and sometimes two. Generally, you're trying to do things in the background.

It doesn't require any maintenance in particular. It's mainly just the configuration of rules and policies and then the security department does the rest and watches it.

The ROI is there. It's the uptime. You don't want end-user devices going offline. It disrupts the business for that user. Every time a user is down or the machines are being rebuilt because of a virus, it's downtime for the business. They can't do their work at that point in time. Increased uptime is always better on end-user compute devices or servers.

It has fair pricing. You pay for what you get. As far as I know, there are no costs in addition to the standard licensing fee.

It's probably one of the top three on the market. You've got Defender and then you've got Sophos, and then, I suppose the other one that comes close is probably Norton. These are probably the top three. I am not really a fan of Trend Micro products or Kaspersky.

I would recommend implementing it. It's the number one product in the market. The only thing they should automate is to put AI on their virus scanner recommendations rather than having to enable them by default. They might already have done that, but from what I've seen, generally, they do things manually.

At the moment, we are not using other Microsoft Security products. We are mainly using Defender. I have previously made use of the Defender for Cloud's bidirectional sync capabilities, which I'd rate a 10 out of 10.  

Overall, I would rate it a 10 out of 10.