Microsoft Defender for Cloud Apps Reviews

We utilize Microsoft Defender for Cloud Apps in conjunction with Defender for Endpoint. This enables the Cloud App to effectively block unauthorized websites for users. Additionally, it allows us to prevent users from accessing malicious sites, and we can restrict user access based on their device compliance status.

Microsoft Defender for Cloud Apps offers visibility into the usage of enterprise applications and the connections established from both authorized and unauthorized locations and devices.

Microsoft Defender for Cloud Apps, in conjunction with Defender for Endpoint, helps prioritize threats throughout our enterprise by reviewing them, identifying devices with vulnerabilities, and providing us with criticality assessments and recommendations on resolving the issues.

We utilize the complete Microsoft Defender suite, which includes Defender for Endpoint as well as Defender 365. The integration is seamless; we only need to onboard Defender for Endpoint, and it functions exceptionally well.

The integrated solutions work natively together to provide coordinated detection and response across our environment. If Defender detects a malicious email, it will notify me of the detection, block the email, and apply the same actions to all the emails that match the same criteria.

I appreciate the comprehensiveness of the threat protection offered by Microsoft security products due to their functionality and ability to integrate, which other products may not offer.

Microsoft Defender for Cloud Apps has helped improve our visibility and response time.

It helps automate the discovery of high-value alerts. The solution can identify malicious threats and subsequently block the threats while disabling the compromised account automatically.

Microsoft Defender for Cloud Apps has helped us save time through the visibility it provides.

Microsoft Defender for Cloud Apps has significantly reduced our time to detect and respond by several hours through its integration with the rest of the Microsoft Defender suite, thereby reducing our troubleshooting time.

The most valuable feature is its policy implementation. Even public websites are directed to the Microsoft Net proxy, where we can establish policies to determine whether to block, authorize, or manage devices.

Currently, we are only able to utilize the policies for blocking threats. I would prefer to have filtering options incorporated within the policies, enabling the solution to perform tasks beyond mere blocking or allowing.

I have been using Microsoft Defender for Cloud Apps for one year.

Microsoft Defender for Cloud Apps has been stable thus far.

Microsoft Defender for Cloud Apps is scalable. We are not limited by Microsoft in terms of the number of users or devices.

The initial setup is not straightforward due to the numerous meetings beforehand, and the Microsoft documentation can be overwhelming. However, once we familiarized ourselves with the interface, it started making more sense. 

The deployment process took over three months. Initially, we tested the solution to become familiar with it before deploying it to a small number of users. Once we were confident that everything was working correctly, we proceeded to deploy it to all users. Two system engineers were required for the deployment.

The implementation was completed in-house.

We have seen a return on investment with Microsoft Defender for Cloud Apps.

We utilize the Microsoft E5 licensing, which encompasses the entire Microsoft suite; however, it is costly. Furthermore, there are supplementary expenses associated with add-on modules.

I rate Microsoft Defender for Cloud Apps an eight out of ten.

Microsoft Defender for Cloud Apps promptly generates an alert upon detecting a threat. However, I do not believe it has the capability to proactively defend against potential threats.

It is deployed in one environment with 50-plus users.

No maintenance is required from our end.

I recommend that anyone evaluating Microsoft Defender for Cloud Apps should read through all of the documentation first.

We help develop and mostly support applications for clients. It creates reports for clients. It works with Microsoft SQL Server and can tell clients if they need some governance standards for user security profiles. For example, if they are using Linux VM, then there are some security updates that come up. If they haven't been updated, they get a prompt telling them, "Look at this CSV security vulnerability. It should be updated as this part of your application."

We have our main office in Lagos with other offices in the UK and America. Due to COVID, we are mostly working remotely and having meetings online. There are 55 endpoints.

Due to COVID, most of my users are remote. Because of that, we need to manage their applications and let them log on from home. They also have their own personal devices that they are using. So, we have to give them access to those.

My staff uses personal devices that seem to always have issues with malware. So, it notifies me if there is an issue. I can check their usage and the audit logs, e.g., when people logged in last and if they are logged onto a tenant, to see where the issues are. We might tell them to change their login details or reset their two-factor authentication if there is an issue.

They don't have access to the desktop Microsoft Defender Antivirus suite. I need to manage it from the cloud, where I restrict access to the account. They can download a zip file to a folder, then do whatever they want, but I don't give them freedom anymore because the users are always having issues.

When our CEO travels, someone is always trying to hack into his account. We have banned Russian IP addresses, as this is where most of the threats are coming from.

There are security settings that report and advise you on your security settings. The governance reports give you guidance on security vulnerabilities and how to remedy them.

It tells you whether something is high, middle, or low risk, giving you a risk profile. It lets you know which one to handle first.

Everything from Microsoft is integrated. You receive regular reports on them all. You can push your reports, logs, and security alerts, which are all integrated. It is crucial that these solutions work natively together to deliver coordinated detection and response across our environment.

This Microsoft security solution has helped eliminate the need to look at multiple dashboards and given us a single XDR dashboard. This is one of the main features that we like about the solution. We have one dashboard. Anybody who is a part of the security team can look at it and say, "Okay, this is what I noticed." Then, we can have a short discussion on how to remediate or enhance services.

I would give the comprehensiveness of the threat-protection that these Microsoft security products provide a high score. 

Sometimes, Microsoft sends us information and recommendations about changing all our configurations due to something they noticed. So, their reports improve our uptime availability and provide a seamless service for our clients. 

The visibility is 85%. Sometimes, it takes too long to load your page because Microsoft is having issues. There are a certain amount of hours in a day to solve and rectify issues. If you deploy this solution for a client, you need to be able to respond or rectify issues. Because if the solution goes down, your clients won't be happy with you.

We would like to get more information from the endpoint. I don't get enough detailed information right now on why something failed. There is not enough visibility.

The cost could be improved when you need to pay for anything. For example, refreshing files takes time to load, though it may be my Internet. To improve the refresh time, Microsoft says that we need to pay for a Premium license, and I don't like paying for things that help make a solution better.

I have been using it for three years.

The stability is about 95%. I have called and complained to Microsoft about the downtime.

It doesn't require any maintenance.

Sometimes it will take time for Microsoft to respond to technical issues. However, once they start working on an issue, they will try to resolve it. I would rate the technical support as eight out of 10.

Positive

We didn't use another solution prior to this one. We have always used Microsoft.

The initial deployment was straightforward. Afterward, there were issues due to licensing issues moving from Google to Microsoft. It was not free.

It took a couple of hours to make everything work to our specifications. I tried to automate as much as I could with scripts.

I migrated my clients from Google to Microsoft.

Our reaction time is now faster when eliminating problems. We see the generated reports and logs much faster than before when we have to go to different places.

It reduces support calls for internal users. For example, it reduces the number of times that internal callers contact support for password issues.

Issues that frequently used to take support an hour are now only happening every blue moon. This is largely due to the predictive trend reports from the solution.

We have seen a 35% to 45% cost reduction with this solution.

You can activate a free tier of use for a period of time.

When the SolarWinds vulnerability came up, that caused a lot of issues. Our clients got regular updates. It did a scan for them, so they didn't have to start worrying. That was the free tier. 

With the other tiers, you pay more for each feature it gives you, e.g., the security push or regulatory compliance, without you paying extra for that too, which has been advantageous.

We also use Microsoft Defender for Cloud. With other models, you need to pay for an agent, and there is a cost. I don't like spending money. So, we use the free ones a lot. We evaluate the solutions that we need to pay for on a case-by-case basis, then we can decide if we really need them at all.

Sentinel would probably be the cheapest of all SIEM and SOAR solutions. I am not paying for everything because it is hosted by Microsoft. I am not paying the infrastructure costs. The app of this solution is updated regularly. I don't have to worry about that. So, the cost is very cheap for me, except when I have to pay for specific agents. Then, I have to think about the cost.

There are costs associated with SQL Server and Linux as well as their agents.

Microsoft makes sense because it integrates with many applications and provides. However, it depends on your infrastructure.

Endpoint Security is part of the Microsoft Defender suite. We use it to manage systems and force them to update. They can also revoke access to a tenant.

Microsoft Sentinel logs all our reports. This gives us better visibility. This enables us to ingest data from our entire ecosystem. It also allows us to provide security posture reports to our clients. Before starting a contract with a business, we create a report and give that to clients, showing how we handle and solve problems. The report shows our environment and uptime. 

Sentinel enables us to investigate threats and respond holistically from one place. From there, we can now troubleshoot where the issue is coming from. This is for our endpoint or when my external users are trying to access the service. This is very important to us because it makes life easier. We don't have to start running around checking this interface with another interface and a third or fourth interface. It is a single interface and we can get more raw data than what we configured Sentinel to ingest.

The comprehensiveness of Sentinel’s security protection is very high. We don't really use other providers. We use it to connect to AWS or Google Cloud Platform infrastructure to get information on how deployed loads are performing.

I would rate them as nine out of 10.

We have multiple virtual machines that we utilize in the cloud space with different applications on them. We utilize Microsoft Defender for Cloud Apps to monitor those individual application VMs as well as, along with Sentinel, our entire Azure ecostructure.

Microsoft Defender for Cloud Apps helps me, on the executive team, to have awareness and knowledge of what is going on in the environment. If a new administrator is created or one is trying to change their authentication types when they log in, or if new software gets put in there that should not have been there, we will get notifications on that.

Microsoft Defender for Cloud Apps helps automate routine tasks and the finding of high-value alerts. We depend a lot on automation. Some of the things I saw with the XDR window at this Microsoft Event are beautiful. I would like to see that. It ties in Defender, Sentinel, and all that into one pane of glass, which has been a problem at times. We see that as moving in the right direction.

It has helped us meet compliance requirements and has saved us costs. What we have now is an acceptable value.

Cloud Apps helps with detection, but I do not have metrics for how much time it has reduced.

It does a great job of monitoring and maintaining a security baseline. For us, that is a key element. The notifications are pretty good. These are the things that are very useful.

I would like more customization of notifications. Currently, you either get everything or you get limited information. I would like to have something in between where we can customize the data that is included in notifications. That is one thing. 

The comment field also needs improvement. If you want to generate a workflow within the organization for a notification that occurs, the comment field is not visible to the next person who logs in. They should make that a little more visible. They should make the history more available to the next person I assigned a task to.

I have been using Microsoft Defender for Cloud Apps for just over a year and a half.

It is very stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

It is deployed across multiple locations and teams.

When we get a hold of the right people, it is great, but we are still trying to get a hold of the right people.

We were using another solution. It was not Azure. We switched in large part because that was a region-based company, and they ran into some issues, so we were left for a little while without a cloud environment. When I was comparing this with AWS, as an example, I picked Azure because of the general acceptance of the product in our market and in our space. I felt pretty comfortable going into it knowing that it would be there in five years or ten years as we grow.

I was involved in its deployment from an executive managerial position. It was complex. 

There were a lot of elements that were not obvious even to the point where the documentation was not keeping up with the production. So, we would hit a learning page, and the learning page would be about a prior product than the one we were looking at. It was not relevant to what was in production. My biggest recommendation for Microsoft would be that the learning pages need to be kept up-to-date and relevant to what is current in production.

We started with an integrator. We had challenges with that integrator, so we brought it in-house and finished it ourselves.

We have seen an ROI. We are a cloud service provider, so it is necessary.

Where we are right now, this is an acceptable pricing. I would like to see more transparency given to the end user. The end user given to us is via the cloud service provider. 

There are different programs and license models. Some include this, and some include that. It is all over the place. There can be a little more consistency or simplification in the pricing so that your parts list is not ten pages long, and you are not trying to determine, "If I have an E3, does this cover that?", or "Do I need to pay separately for the license?" Simplification would probably be better. 

To those evaluating the solution, I would advise knowing the goals they want to get to before they start. It can grow very quickly if you just build, but if you have a concept of where you want to end up and you stay within those constraints, then it is a great way to get there.

In terms of Microsoft Defender for Cloud Apps helping us to prioritize threats across the enterprise, we prioritize a little differently. I do not know if the solution helps with the prioritization of that, but prioritization is always important.

We get our threat intelligence from multiple sources. Microsoft Defender for Cloud Apps is one input on that, so it is hard to say whether its threat intelligence has helped prepare us for potential threats before they hit and take proactive steps.

I would rate Microsoft Defender for Cloud Apps a nine out of ten.

We primarily use Defender for Cloud Apps to authenticate users of our cloud applications. Defender validates the identity and allows the user to access the application. 

Defender helps us automate routine tasks. We can use templates to deploy various security solutions. It also consolidates our dashboards, so we can view everything from one console. 

Defender saves us time when responding to critical incidents. Typically, it takes about two or three days to find the root cause, but we can do this in four or five hours with Microsoft security solutions. Our detection time remains unchanged, but the response time is much faster. 

Defender's integration with our Identity solutions is critical in our current setup. It also integrates with Microsoft Sentinel to provide threat visibility. However, there's a delay of about 10 to 15 minutes from when Sentinel detects an incident, and it appears in Defender. We're trying to fix that. 

Defender allows us to prioritize threats across our enterprise, which is crucial. It's easy to integrate Defender with other Microsoft solutions. For example, we use Defender with Sentinel and set conditional access policies in Azure Active Directory. We're currently participating in Microsoft training to learn how to utilize these solutions better.

Defender could integrate better with multi-cloud and hybrid environments. It requires some additional configuration to ingest data from non-Azure environments and integrate it with Sentinel.

We have used Defender for Cloud Apps for a year.

Defender is stable.

Defender is scalable.

I rate Microsoft support eight out of 10. 

Positive

Defender is a cloud-based solution, but our deployment was complex because we have a massive environment. It took us about a month to fully deploy it, including testing and evaluation. I had a five-person team, including engineers, administrators, and management. There is no maintenance after deployment because it runs on Azure infrastructure.

We haven't saved money, but we save time because the integration with Microsoft products is seamless. 

Defender is costly. Still, we get a lot of features, and it's easier to integrate with our other solutions, so it's worth what we pay for it.

I rate Microsoft Defender for Cloud Apps nine out of 10. As a security architect, I would generally recommend a multi-vendor solution with a zero-trust model. However, if you are mostly using Microsoft products, it might make sense to use the Microsoft security suite because of the native integration.

We use it to protect our users' devices against attacks. 

We see stories about attacks in the news, including phishing and spam, Defender helps protect us.

It also gives us an ecosystem. We have one portal where we can manage everything. We don't need to log in to another portal to manage the devices, the antivirus, Defender, or Office. It's a single place to manage everything and that's very good.

It's very easy to install and it includes the Intune portal from Microsoft where I can control all the devices from one place. And because it's a Microsoft product, it integrates with Windows 10 and Windows 11. We don't need to buy anything else.

We have an M365 license and we have an Office admin portal. I manage all the users and licenses through the portal, making it very easy to manage. We have a lot of users coming in and going out of the company, and this makes it simple to provide licenses to people.

I would like to see them include more features in the older licenses. There are some features that are not available, such as preventing or analyzing cloud attacks. We have Defender P2 licenses and Microsoft proposed P3. If it included what was in the old package, such as the M365 license and Office, that would be very good.

I have been using Microsoft Defender for Cloud Apps (MDA) for two years.

The stability is very good. We haven't had downtime. When we receive a message that the service is down, it's only for a few minutes and then all is good. That's true for the whole Microsoft universe, since we use Outlook and Teams.

We haven't had any problems with scalability. We moved all devices from Windows 10 to 11 and it was very easy. We didn't need to test the machines. It worked very well.

We have 50 users of the solution.

The support from Microsoft is very good. Their chat system is very good because it's an alternative to phoning and it's very quick. Through the chat we quickly have someone to respond to our questions.

Positive

At first we used Panda, and after that we had McAfee. We replaced McAfee with Defender. Panda's client was very heavy on the device and, with McAfee, the benefit versus the cost was not so good.

Also, I spoke to colleagues at other companies that have implemented the solution and they said it's very simple to install.

We have seen ROI because there have been some attacks, but they have always been contained.

It's expensive because we have to pay for an M365 license and it is included in the package.

We tested Cisco Umbrella but the price was a little higher than Defender's price, and it would have been another product to install. Defender was almost "included," meaning it was easy to install.

We use it for security and compliance. We use it for alert policies on activities happening on some of our on-premises and cloud applications. We also use it to restrict some users from downloading files from OneDrive or from some of the applications that we have. In addition, we integrate it with the Azure Active Directory Conditional Access policy.

It gives our clients a sense of confidence that in case there are activities on some of their applications, they will get an alert and the issue will be mitigated, based on the action that has been set. It gives them a sense of comfort that the product helps them secure some of their applications. It depends on the admin who is managing the product. If the admin is not knowledgeable, it might be an issue. But if the admin is knowledgeable, the organization can rest assured that it is covered when it comes to malicious activities on some of its applications.

I like the alert policies because they are quite robust. It has some built-in templates that we can easily pick up. One of them is the alert for mass downloads when a particular user is running a massive download on your SharePoint site. If a user is downloading multiple files in an unusual manner you get an alert.

Another built-in alert is what we call an "impossible traveler alert." If a user logs on from a US IP address at 10:00 AM and, less than 30 minutes later, the same user shows as being logged on from an IP address in the United Kingdom, there is no way you can travel from the US to the UK in 30 minutes. That alert will be triggered.

You can also input an action to be triggered for an alert. You block the user or just alert the admin or manager of that user.

It also comes with in-depth visibility, whereby it creates a pattern. If a user has been flagged multiple times, you can see that pattern. It shows you the IP addresses from which that user has been signing in recently. And it provides you with the kind of suspicious pattern that this particular user has been using over time. So it has very robust visibility.

It also gives you a graphic interface, which is something that I enjoy. If an alert is a very high risk, you see it in red, while if it's medium, you see it in yellow. A low risk doesn't come with any color. It gives me an appreciable pattern of user activities. It covers one month in case you want to deep dive to see the login pattern for your user.

Also, we currently use Defender for Identity, Defender for Endpoint, and Defender for Microsoft 365. All of them have been integrated into our plans. It was quite easy to integrate them. It's just the click of a button to activate it and then a matter of configuring your alert policies. Defender for Cloud Apps works together with Defender for Endpoint as well as with Azure Active Directory. With the latter, you can use the Conditional Access policy to integrate them so that they work together seamlessly.

The fact that these solutions work natively together gives us the advantage of having multiple security solutions doing different things. It's very important for them to work seamlessly together.

One challenge is integrating the cloud apps with third-party and on-premises systems. We have had some scenarios where some third-party systems were not compatible with them. Apart from that, it's quite easy to integrate.

Microsoft has also been able to bring all the security features to a particular portal, so you don't have to look around. But I've heard about some negative effects as a result, as the portal is now cumbersome. You have a whole lot of products there and it makes the whole portal jumbled. It's not bad for me because I just have to go to that particular portal and check whatever I have to check.

It doesn't actually decrease the time to respond. This has been an issue with Microsoft recently. Sometimes, there is a delay when it comes to getting an alert policy email. I can't stay on the portal all day looking through alerts that have been triggered. So we create a flow whereby, if an alert is triggered, an email should be sent. Sometimes it takes two or three hours for that email to be sent. The response time, sometimes, can be very slow.

I have been using Microsoft Defender for Cloud Apps for three to four years.

Performance-wise, the stability is good, but I wouldn't say very good because of the email alert delay issue I mentioned. But when you configure action and particular parameters, the option is carried out, more or less like an automaton.

It's scalable. Once you have acquired the license, you can easily deploy it and add more users to the policies you have configured.

We run a hybrid environment. We have four sites on the domain controller. It is deployed both for users on the cloud and on-premises in different locations. We have some located in the US and some in Europe. So we have the product across multiple locations.

Some of the policies we have configured cover 500 users and one of them covers over 500 users.

I've seen an improvement, over time, in the comprehensiveness of the protection our Microsoft products provide. They are improving on the products year over year. I remember quite well when Defender for Cloud Apps started, there were limited third-party applications that you could integrate with it. But now, there are multiple options for third-party applications that you can integrate with. There are also features that have been added to it. Microsoft is working to improve on it.

We did not have a previous solution.

Since it is embedded with some of the Microsoft 365 licenses, it is like an add-on, and you can create robust configurations with it. You're getting an additional value for the license you have. To me, that is a return on investment.

The pricing is fair. One good thing about Defender for Cloud Apps is that it comes with some of the Microsoft licenses: Microsoft 365 E3 and E5. It also comes with EMS, the Enterprise Mobility & Security.

My advice would be to do an assessment of whether you actually need this particular product. Some people confuse Defender for Cloud Apps with Defender for Microsoft 365, but they are two different products. You also need to confirm if it supports the applications you want to protect because there are some applications that have yet to be integrated with it. Apart from that, it's a good product for any security admin to use.

When it comes to helping prioritize threats, it depends on the angle you're looking at the results from. It can help 50 percent. When you look at the pattern of alerts over time, it can help you prioritize. But if you're looking at it in general, it is not going to give you that visibility into prioritizing.

Defender for Cloud Apps has a little bit of automation for routine tasks, but it doesn't really give an admin automated processes. And when it comes to taking proactive steps, it's more Defender for Endpoint that helps there. Defender for Cloud Apps doesn't help you to prevent an impending attack.

If you are looking to protect your environment, you need to spend more money. I wouldn't say that this solution helps to save money. But by protecting your financial documents from fraud or from an angry worker that is about to leave, it helps in saving money, but not in terms of cutting costs.

The maintenance is not significant because you don't need to update anything. All you have to do is go to your portal and check for and investigate any alerts. Maintenance is handled by Microsoft.

And in the "best of breed versus a single vendor" debate, you should just have a single vendor. In this case you know, "Okay, it's Microsoft," and it's best to just stick with what you know. It depends on what works for you though. For somebody who is comfortable using third-party products with Microsoft, maybe that will work for them. But for me, what is comfortable is using Microsoft products.

We use Defender for Cloud Apps for shadow IT discovery and managing cloud applications. We use all Microsoft security products, including Defender for Endpoint and Sentinel. Our company has a SOC team that investigates and remediates security incidents in the Sentinel portal.

We only need one dashboard for all Microsoft security products. Sentinel acts as a central system for monitoring and investigating all security data. It's a single feed that covers many solutions.

Defender for Cloud Apps saved us about 20 to 30 percent of our time. We've also saved money. I estimate it's about a 10 percent reduction in costs, but I'm unsure. 

Shadow IT discovery is the feature I like the most. Defender for Cloud Apps provides excellent threat visibility. The solution helps us prioritize threats across our enterprise. We use all Microsoft security products. I had no problems integrating or managing them.

Microsoft's security solutions work together natively to deliver coordinated detection and response. We use Sentinel to ingest security data, which is essential. Sentinel allows us to investigate and respond to threats from one place. I like Sentinel because we can collect logs and data to identify suspicious activity in our environments and establish rules for triggering threat alerts. 

Defender for Cloud Apps is primarily useful for Azure apps. It has limited capabilities for applications based on other cloud platforms. Microsoft security products are excellent in the detection phase, but they should have more features for the response component. 

I would like to see a mobile app for managing Defender for Cloud Apps. We currently use the cloud dashboard, but it would be nice if Microsoft offered more solutions for managing the product. 

I have used Defender for Cloud Apps for one year. 

Defender for Cloud Apps is stable. 

Defender for Cloud Apps is scalable. 

I rate Microsoft's support a ten out of ten. 

Positive

Deploying Defender was a little complex, but it only took a few days. Some of the documentation isn't clear, so I'm a little confused. It doesn't require any maintenance after deployment. 

I do not think Defender for Cloud Apps is expensive.

I rate Defender for Cloud Apps a seven out of ten. It's better to go with a single vendor for all of your security products. When I introduce Defender for Cloud Apps to our customers, most of them have the license, but they do not understand the capabilities. The first thing I do is explain Defender's coverage and functionality, so they understand which features they can apply to their environment. You need to generate a list of requirements first. 

We use it in our company for threat detection. My company is into manufacturing, and our IT support is within premises. We don't do client services.

It is a SaaS solution. It is not supported on-premises. The deployment that we have is purely cloud-based.

Cloud App Security is an ever-evolving technology. It is based on artificial intelligence. It uses some data sets that capture all the tools within Office 365 package. It collects all the data majorly in the Office 365 space, and it understands the usage. Across the globe, there might be millions of Microsoft users, and it tries to capture all the data cumulatively and see any anomalies. That is how Microsoft gives you the data. They study different types of organizations in terms of how they behave, what kind of security loopholes can be found in them, and then they give you recommendations. You just implement these recommendations to secure the environment. So, what you get is a tailor-made solution where you can find all recommendations because it is based on artificial intelligence. They give you a tailor-made recommendation to improve your environment. They might recommend multifactor authentication, role-based access, etc. They provide you the classical representation on which users we can target and safeguard more.  All these things are very useful. That's how this tool is helping Microsoft customers, and this is how we have also been using it.

My company relies upon this technology. For us, it is very critical to know any attack beforehand and be prepared for it. In our environment, there are many endpoints, and many devices interact. We have an email system, a storage system, and other systems. The beauty of Cloud App Security is that it can learn data from different applications. For example, Adobe is an application that I'm integrating with Office 365. So, I can expand my horizon of search to that tool and see how that interacts with us. I will get more real-time data, and I will know more use cases about it.

Threat detection is its key feature, and that's why we use this tool. It gives an alert if a PC is attacked or there is any kind of anomaly, such as there is a spike in sending emails or we see an unauthorized website being accessed. So, it keeps us on our toes. We get to know that there is something wrong, and we can isolate the user and find any issues with it. So, threat detection is very robust in this tool.

We can integrate any SaaS-based application with it. It can scan your network and physical devices and the software that you're using. It tries to fetch cumulative data when there are any authentication-related attacks or any network-related attacks and gives us some kind of intimation. We get real-time graphical data, and then we need to do our work to solve the problems.

The product is great. The major benefit is that it is a Microsoft tool. So, if you're in a Microsoft ecosystem, this is the best tool that you can get in the market. In terms of experience, it is unlike any other tool. It is good enough to do all the jobs that other tools are doing. So, you don't need any other tool if you are using it in a Microsoft ecosystem. 

The response time could be better. It will be helpful if the alerts are even more proactive and we can see more data. Currently, the data is a little bit weak. It is not complete. I can't just see it and completely know which user or which device it is. It takes some effort and time on my part to investigate and isolate a user. It would be great if it is more user-friendly or easy for people to understand.

If it is an Office 365 product, I expect it to be in the admin center. That way I would know that this is a part of Office 365. It feels like there is a mismatch, or they are trying to separate the product or do something like that. They should have streamlined the product.

It is not always accurate. Sometimes, there could be some hiccups, and you see false positives, but security is not always reliable, and you cannot depend on one tool to give you all accurate results. It gives me a report that I can see, and if needed, I can act proactively on something. If it is a false positive, it is fine. If it is not, we know that we have done something about it.

We implemented it probably in 2019.

It is a new thing for Microsoft, and it still has a lot of room to improve.

It is completely scalable out-of-the-box. It is completely in interaction with Office 365 services. It can go up to as many users as you have. So, if you have 100,000 users, it is capable of supporting them. I have some 50,000 users, and I'm happy that it is capable of doing that. We have implemented it 100%, and we are happy with what we have got.

It is good for an enterprise company. It is not for a small-scale business. 

We don't require support frequently. I would rate them a seven out of 10. If you have a critical situation, you cannot expect them to give you a call immediately. My experience has not been so great with their paid support in terms of time. Sometimes, they don't even call you back, but when you do get support from them, they are excellent. So, you can't rely on them, and their response time can be improved, but their documentation is good enough. We can read the documentation and help ourselves.

Before this, my company had some tools, but I'm not sure about them. They probably heavily relied upon Splunk and other APM tools. They have had this tool from the time I have been here. Personally, I haven't worked on technologies outside of Microsoft.

It is very easy if you know what you're doing. You just click on the Next button multiple times, and it is complete. It is well-documented in the sense that we know what we can expect from the tool. The documentation is great, and the support is also excellent. So, my experience was very smooth, and it was done in a day.

It does not work on every license. You have to be an Enterprise customer, and you have to have a specific license to have the full benefits of it. So, you require the correct license, and you also need a certain amount of time for it to propagate. It is not immediate. Based on what we were told by Microsoft a few years ago, it takes 24 to 48 hours. They might have improved upon that. It tries to capture the complete environment details, and then it gives you a cumulative experience.

We work around the clock. We have six admins at different time zones who work with this solution.

Its pricing is on the higher side. Its price is definitely very high for a small-scale company.

As an enterprise client, we do get benefits from Microsoft. We get a discounted price because of the number of users we have in our company. We have a premier package, and with that, we do get a lot of discounts. There are no additional costs. It only comes in the top-tier packages. Generally, the top-tier license is the best license that you can get for your organization. If you want, you can buy it separately, but that's not a good idea.

This tool alone is not a great investment, but when you get it as a part of the package from Microsoft, it is good. Along with Microsoft Teams, Office, Exchange, SharePoint, and other solutions, this added feature of an extra layer of security makes a lot of sense. If you are only using this tool, and it is not in a Microsoft ecosystem, then it is not worth it.

For Office 365 environments, there is a great add-on benefit that comes with the Microsoft licensing package. If you have a Microsoft ecosystem, you can get it, and there is no need for any other tool. If you're not in a Microsoft ecosystem, don't bother buying it. It is a good competitor to other products such as Splunk. 

It has not affected our end-user experience in any way. The reason being this is an admin-oriented program, and it does not involve any end user. It just collects data from end-users and gives it to us. After that, it is up to us to act upon it. It does not do anything on its own. It is a threat detection tool, and it doesn't do anything on its own. We have to act to resolve a problem. For example, it will only say, "There is a user who is doing this. Do you want to act upon it? Yes or no?" Based on that, as an admin, we can do certain tasks remotely. The end-user will not know about it. We will see if there is a real threat, and we'll act upon it.

I would rate it a 10 out of 10. It is improving, but it still needs more improvements.