CSPM - Is Sentinel/Defender good enough?

We're running Azure and are considering a CSPM to help ensure that we're maintaining appropriate security for the environment.

We've implemented Sentinel and Defender (in its various forms) in Azure, but it all seems very much a do it yourself solution when it comes to detecting changes or violations of security in the space.

I'd love to hear from others who have used a CSPM, first, which one they are using, and second, do you think it is providing value …

azure cspm cybersecurity defender environment forms good running security sentinel solution space