We changed our name from IT Central Station: Here's why

Microsoft Defender for Cloud Room for Improvement

Associate Principal - Cloud Solutions at Apexon

For Kubernetes, I was using Azure Kubernetes Service (AKS). To see that whatever is getting deployed into AKS goes through the correct checks and balances in terms of affinities and other similar aspects and follows all the policies, we had to use a product called Stackrox. At a granular level, the built-in policies were good for Kubernetes, but to protect our containers from a coding point of view, we had to use a few other products. For example, from a programming point of view, we were using Checkmarx for static code analysis. For CIS compliance, there are no CIS benchmarks for AKS. So, we had to use other plugins to see that the CIS benchmarks are compliant. There are CIS benchmarks for Kubernetes on AWS and GCP, but there are no CIS benchmarks for AKS. So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product. We ended up with two different dashboards. We had Azure Security Center, and we had Stackrox that had its own dashboard. The operations team and the security team had to look at two dashboards, and they couldn't get an integrated piece. That's a drawback of Azure Security Center. Azure Security Center should provide APIs so that we can integrate its dashboard within other enterprise dashboards, such as the PowerBI dashboard. We couldn't get through these aspects, and we ended up giving Reader security permission to too many people, which was okay to some extent, but when we had to administer the users for the Stackrox portal and Azure Security Center, it became painful.

We were also using it for just-in-time access for developer VMs. Many a time, developers need certain administrative privileges to perform some actions, and that's where we had to use just-in-time privileges. Administering them out of Azure Security Center is good, but it also means that you have to give those permissions to lots of people, which is very cumbersome. So, I ended up giving permissions to the entire Ops team, which defeats the purpose and is also not acceptable at a lot of places.

These were the two use cases where I felt that I really had to get into the depth of Azure Security Center to figure out how I can use it much better.

View full review »
Global Cloud Security Architect at a consumer goods company with 5,001-10,000 employees

In the past, when you wanted to compile a list of resources that effected a vulnerability, it was kind of hard to do that. You had to use the graphic interface and write some queries for you to get that information from the Microsoft Graph API. Right now, with Microsoft Cloud Defender, they actually have that and you have access to that. Therefore, for me, it's pretty much a problem that has been solved. That was pretty much the only thing that I thought we could use. Then, yesterday, I saw that they included it. Therefore, as of now, I don't have any big issues with the product.

In the beginning, the score was shown using a points system. Now they made it into percentages, which is way better. It's hard to show you your C-level points. It required some explanation. For example, if you show them 2000 points, they're going to ask, "Okay, is this bad or good?" If you show them 75%, on the other hand, that they can understand. That's another thing that they made better as well.

View full review »
Network & Security Architect at SNP Technologies, Inc.

There is a slight gap between the real-time monitoring and real-time alerts. While Security Center has the ability to detect sophisticated attacks or understand potential threats, I feel that if the response time could be improved, that would be a good sign.

In addition, when it provides recommendations, those recommendations have a standard structure. But not all the recommendations work for a given environment. For example, if a customer is already using a third-party MFA solution, Microsoft doesn't understand that, because Microsoft looks into its own MFA and, if not, it will provide a recommendation like, "MFA is suggested as a way to improve." But there are already some great solutions out there like Okta or Duo, multi-factor authentication services. If a customer is already using Okta as an SSO in its entire environment, they will want to continue with it. But Security Center doesn't understand that and keeps making recommendations. It would help if it let us resolve a recommendation, even if it is not implemented.

Security Center provides what it calls secure score. This secure score is dependent on the recommendations. It tells you that if you resolve this recommendation, your secure score will be improved. In the case where a client is already using MFA, but the particular recommendation is not resolved, there is no improvement in the secure score. There is a huge mismatch in terms of recommendations and the alignment of secure score. MFA is just one small example, but there are many recommendations that depend on the client environment. There is room for improvement here and it would help a lot.

View full review »
Learn what your peers think about Microsoft Defender for Cloud. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
563,148 professionals have used our research since 2012.
Azure Solution Architect at a tech services company with 10,001+ employees

The team is already working on one of the latest features, which is having migration techniques right on the portal available. It's possible to use it now. That's one good new feature.

For MIM, they are still improving things on Azure Security Center. There are a few flaws in backend technologies. If you do not have the correct access to the system, you cannot access the files and most of the reported resources.

For example, a general huge storage account, which is exposed for public access. If there are ten storage accounts available, you can see the names. You can identify, those storage accounts that are supposed to be accessed from the outside, maybe, due to some feature happening behind the scenes on a storage account, and these are supposed to be exempt from the portal. You shouldn't see them again and again and this should not affect your security score overall. However, they are not easily exempted from the portal. There's no way to exempt them properly.

You cannot create custom use cases. You can use what is already present on the Microsoft side in terms of security alerts. You can, however, customize whitelisting for alerts.

View full review »
Senior DevSecOps Engineer at a consumer goods company with 11-50 employees

This product has a lot of features but to get the best out of it, it requires a lot of insight into Azure itself. An example of this is customizing Azure Logic Apps to be able to send the right logs to Security Center.

The overview provides you with good information, but if you want more details, there is a lot more customization to do, which requires knowledge of the other supporting solutions. You can get the best out of it, but then you will also need to do a lot of work.

Improvements are needed with respect to how it integrates the subscriptions in various Azure accounts. You can have a lot of accounts, but you don't get detailed information. Specifically, it gives you overall score statistics, although it's not very intuitive, especially when you want to see information from individual subscriptions.

For example, if there are five subscriptions sending traffic to Azure Security Center, it gives you the summary of everything. If you want to narrow it down to one particular subscription and then get deep into the events, you really have to do some work. This is where they could improve.

In terms of narrowing things down, per account, it is not granular enough. In general, it gives you good summaries of what is happening everywhere, with consolidated views. You're able to get this information on your dashboard. But, if you wanted to narrow down per subscription, you don't want to have to jump into the subscriptions and then look at them one by one. Simply, we should be able to get more insights from within Azure Security Center. It's possible, but this is where it requires a lot more customization.

View full review »
Cloud Architect at a legal firm with 5,001-10,000 employees

Consistency is the area where the most improvement is needed. For example, there are some areas where the UI is not uniform across the board. You can create exemptions, but not everywhere are the exemptions the same. In some areas, we can do quick fixes, but that is not true across the board. So in general, consistency is the number one item that needs attention.

View full review »
SOC Manager at a tech services company with 10,001+ employees

Most of the time, we are looking for more automation, e.g., looking to ensure that the real-time risk, threat, and impact are being identified by Microsoft. With the Signature Edition, there is an awareness of the real risks and threats. However, there are a lot of things where we need to go back to Microsoft, and say, "Are you noticing these kinds of alerts as well? Do we have any kind of solution for this?" This is where I find that Microsoft could be more proactive.

View full review »
Senior Consultant at a recruiting/HR firm with 51-200 employees

We would like to have better transparency as to how the security score is calculated because as it is now, it is difficult to understand. We showed it to a couple of our clients, and they had trouble understanding it and an explanation or breakdown is not readily available. The score includes different weightage for certain controls. For example, if there is a "Control A" and it has a weight of 10 then it would affect the score more than "Control B", which has a weight of five. Being able to see the weights that are assigned to each control would be an improvement.

View full review »
JJ
Cyber Security Consultant at a tech services company with 10,001+ employees

Agent features need to be improved. They support agents through Azure Arc or Workbench. Sometimes, we are not able to get correct signals from the machines on which we have installed these agents. We are not able to see how many are currently reporting to Azure Security Center, and how many are currently not reporting. For example, we have 1,000 machines, and we have enrolled 1,000 OMS agents on these machines to collect the log. When I look at the status, even though at some places, it shows that it is connected, but when I actually go and check, I'm not getting any alerts from those. There are some discrepancies on the agent, and the agent features are not up to the mark.

Sometimes, we are getting backdated logs, and there could be more correlation.

View full review »
DD
Senior Architect at a tech services company with 10,001+ employees

From a business point of view, the only drawback is that Azure or Microsoft need to come up with flexible pricing/licensing. Then, I would rate it 10 out of 10.

View full review »
Senior Project Engineer at a tech services company with 10,001+ employees

Azure Security Center takes a long time to update, compared to the on-premises version of Microsoft Defender. It has most of the features for monitoring end-user machines for security updates or malicious activity but, for example, the latest DAT files are slow to arrive compared to Microsoft Defender.

View full review »
OB
Security Consulting, Manager at a computer software company with 1,001-5,000 employees

There is no perfect product in the world and there are always features that can be added. Innovation is something that is always on the table.

View full review »
JJ
System Administrator at a tech services company with 201-500 employees

The solution is quite complex. A lot of the different policies that actually get applied don't pertain to every client. If you need to have something open for a client application to work, then you get dinged for having a port open or having an older version of TLS available. 

Even though the TLS is only allotted for a single application, single box, and everything else is completely up to date, it just gives us an inaccurate reporting of how secure the environment actually is.

The solution could use a bit more granularity.

View full review »
MK
Cloud Security Design Lead at a retailer with 1,001-5,000 employees

I'm quite active on the Azure product blogs. We're able to provide recommendations to Microsoft and they work together with Azure towards achieving them. One of the issues with the product is that it's not possible to write or edit any capability. For example, if there is a false positive detection on the security center, the only option I have is to flag it off. I can dismiss the alert, but there is no option to provide comments or reviews, so that somebody else looking into the portal can brief them. 

I'd like to see some additional features that would include an option for the security team to provide comments on the alerts and also to improve the recommendations. I would like to see them fine tuned. We're also getting a lot of false positive alerts and Azure can reduce that using the Microsoft AI and ML feature.

View full review »
Managing Partner at Digitaiken

I felt that there was disconnection in terms of understanding the UI. The communication for moving from the old UI to the new UI could be improved. It was a bit awkward.

View full review »
DB
Sr Cybersecurity Engineer at a computer software company with 10,001+ employees

Pricing could be improved. There are limited options based on pricing for the government.

The initial setup could be simplified.

In the next release, I would like to see more development in the area of NECES scanning or Splunk, or Universal Forwarding. 

View full review »
Founder & CEO at Cloud Steroids

The solution could improve by being more intuitive and easier to use requiring less technical knowledge.

In a future release, the solution could improve by providing more automation and clarity in the autoanalysis. When we provide our customers with a Microsoft solution for security, Microsoft has to go beyond the basic expectations to impress the customers.

View full review »
Senior Analyst Security and Compliance at a insurance company with 5,001-10,000 employees

We built our hierarchy incorrectly and we're struggling now with some of the features that are up there. Once we straighten our hierarchy out, we are going to applied policies, whether it's through Security Center or any other thing. It's going to be a lot easier once our hierarchy is fixed.

We need to apply things in a certain place and then we realize that we need to apply them to the subscription as well. And next thing we know we also need to apply it to another subscription, it's unmanageable. We're applying different policies across all our different subscriptions, which is fine, but at 21 subscriptions you can have over a dozen policies. We're trying to skinny that down to four or five policies. It's not a defect in a Security Center. It's a defect in how we built it.

View full review »
DP
CEO at a non-profit with 11-50 employees

Customizing some of the compliance requirements based on individual needs seems like the biggest area of improvement. There should be an option to turn specific controls on and off based on how your solution is configured.

View full review »
FN
Cyber Security Analyst at a security firm with 11-50 employees

As an analyst, there is no way to configure or create a playbook to automate the process of flagging suspicious domains. Azure Defender does not have this capability and that is one of the features that is very crucial. 

When we receive an alert on suspicious domains, we have to do it manually. We go to VirusTotal, or AlienVault to confirm. It would be useful to have it done automatically.

View full review »
SV
Cloud Architect at a pharma/biotech company with 10,001+ employees

Azure Security Center should be more easily understood by a non-technical person. It's more about the security before getting into the product.

It needs to be simplified and made more user-friendly for a non-technical person.

In the next release, I would like to see a better dashboard and more integration with IT sales Management.

View full review »
NB
Cyber & Cloud Security Leader at a computer software company with 1,001-5,000 employees

From a compliance standpoint, they can include some more metrics and some specific compliances such as GDPR.

View full review »
PW
Senior Security Architect at a transportation company with 5,001-10,000 employees

I think that the documentation and implementation guides could be improved. It would make the implementation process easier.

View full review »
Learn what your peers think about Microsoft Defender for Cloud. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
563,148 professionals have used our research since 2012.