Find out in this report how the two Advanced Threat Protection (ATP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Microsoft Defender for Identity vs. Microsoft Defender for Office 365 Report (Updated: June 2024).

Buyer's Guide

Microsoft Defender for Identity vs. Microsoft Defender for Office 365

June 2024

Download the complete report

Helped 793,295 peers since 2012

Categories and Ranking

Microsoft Defender for Iden...

Ranking in Advanced Threat Protection (ATP)

6th

Ranking in Microsoft Security Suite

8th

Average Rating

9.0

Number of Reviews

Ranking in other categories

Identity Threat Detection and Response (ITDR) (1st)

Microsoft Defender for Offi...

Ranking in Advanced Threat Protection (ATP)

1st

Ranking in Microsoft Security Suite

9th

Average Rating

8.4

Number of Reviews

Ranking in other categories

Email Security (1st)

Mindshare comparison

As of July 2024, in the Advanced Threat Protection (ATP) category, the mindshare of Microsoft Defender for Identity is 8.8%, down from 10.3% compared to the previous year. The mindshare of Microsoft Defender for Office 365 is 13.5%, down from 22.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Advanced Threat Protection (ATP)

Unique Categories:

Microsoft Security Suite

5.5%

Identity Threat Detection and Response (ITDR)

27.7%

Email Security

13.8%

Featured Reviews

Emeka Ndulu

Cloud Solutions Architect at a tech services company with 201-500 employees

Apr 18, 2023

Integration with other Microsoft products is simple, providing a holistic security solution

The feature I like the most about Defender for Identity is the entity tags. They give you the ability to identify sensitive accounts, devices, and groups. You also have honeytoken entities, which are devices that are identified as "bait" for fraudulent actors. Once these devices have been tagged, they give you alerts about when a malicious actor tries to explore the vulnerability that you created. You can monitor what the attacker is going after. Entity tagging is a big win for Defender for Identity. There is a connection between the cloud, Defender for Endpoint, and Defender for Cloud Apps, in addition to Defender for Identity, so that you get feedback about activity on the cloud regarding a user if he tries to move laterally in the on-premises Active Directory. It gives you visibility into threats. On the cloud, you already have Azure AD Identity Protection to secure your cloud identity. But the security of Defender for Endpoints requires certain protections for your on-premises identity. It's helpful for organizations that have quite a few on-premises entities. There aren't a lot of organizations like that now, as quite a few have already moved to the cloud, but for those that are still on-prem need that security. We also use Microsoft Defender for Endpoint and Intune. The beauty of Microsoft is that, with just a few clicks, it integrates all the security features. Signals from Defender for Identity can move to Defender for Endpoint, Defender for Cloud Apps, and Intune. That ensures that it eliminates false positives and gives you a comprehensive overview, like a map, of what a malicious actor has done. It tells you how a user moved from this device to that device, which is very good. When it comes to comprehensiveness, Microsoft has done a good job of making Defender for Identity pretty straightforward and easy to use. There are detection rules that help you identify potential attacks. Your role, as a security professional using Defender for Identity, is basically to monitor and implement a few configurations, after the initial deployment. Defender for Identity is automated, in that you can specify specific alerts or incidents to defend against. Defender for Identity, Defender for Endpoints, Defender for Office 365, and Defender for Cloud Apps all point to the Microsoft Defender Security Center. That gives you a one-stop-shop dashboard where you can see the activity for these four solutions.

Read full review

Gordon McGowan

Deputy Chief Information Officer at County of Montgomery, PA

Nov 28, 2023

Improves organizational security without the help of third-party applications

We use Microsoft Defender for Office 365 for protection. Microsoft Defender for Office 365 has improved my organization's security. It makes it easier to manage the infrastructure without the help of third-party applications. The product helped us maintain collaboration and communication during…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."

"Defender for Identity has not affected the end-user experience."

"The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud."

"All the integration it has with different Microsoft packages, like Teams and Office, is good."

"The feature I like the most about Defender for Identity is the entity tags. They give you the ability to identify sensitive accounts, devices, and groups. You also have honeytoken entities, which are devices that are identified as "bait" for fraudulent actors."

"It automates routine testing and helps automate the finding of high-value alerts."

"The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident."

"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."

More Microsoft Defender for Identity pros

"Safe attachments, safe links, policies, and the ability to protect from zero-day threats are the most valuable features."

"It gives us visibility into threats and, for endpoints, it helps us to prioritize threats. We used to have a lack of visibility, but now our time to detect and respond has decreased."

"One of the best features of the tool is its capability to aggregate insights from different workloads, basically from the Office 365 and endpoints part."

"Defender for 365 is a comprehensive cloud-based solution. The value of the cloud is that you aren't alone. Threat intelligence and analytics are shared in the cloud. We don't have to find the solution alone. If you face an unknown threat with traditional solutions like Trend Micro and Symantec, you need to open a case and send your information to them to analyze forensically and identify the source of the attack."

"The most valuable feature is the integration. It's a single console, so we don't have to switch around between multiple products. Another valuable feature is the ease of operations and maintenance."

"Microsoft Defender for Office 365 is a stable solution."

"The basic features are okay and I'm satisfied with the Defender."

"Some of the valuable features on the email side are anti-phishing, anti-malware, and Safe Links."

More Microsoft Defender for Office 365 pros

Cons

"We observe a lot of false positives. Sometimes, when we go for a coffee break, we lock our screens. Locking the screen has a separate Windows event ID and sometimes I see it is detected as a failed login."

"The solution could be better at using group-managed access and they could replace it with broad-based access controls."

"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."

"I would like to be able to do remediation from the platform because it is just a scanner right now. If you onboard a device, it shows you what is happening, but you can't use it to fix things. You need to go into the system to fix it instead."

"And when you are working in a priority IP address, Identity is not able to know that those IPs are from the company. It sees that the IPs are from Taiwan or from Hong Kong or from India, even though they are internal IPs, resulting in a lot of false positives."

"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."

"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."

"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."

More Microsoft Defender for Identity cons

"Several simulation options are available within 365, and the phishing simulation could be better."

"The pre-sales cost calculations could be more transparent."

"Configuration requires going to a lot of places rather than just accessing one tab."

"About eight months ago, we started to measure the quantity of phishing and spam that we have been receiving, and it has been increasing a lot. That means that protection for our email is not as good as we were expecting."

"Microsoft sometimes has downtime, and we'll get several incidents coming in back to back. We have a huge backlog of notifications, many of which may be false positives. However, there might be serious alerts, so we can't risk dismissing all of them at once."

"I'd like some additional features any product can give me to protect our environment in a better way."

"The phishing and spam filters could use some improvement."

"There is room for improvement in terms of reporting."

More Microsoft Defender for Office 365 cons

Pricing and Cost Advice

"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."

"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."

"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."

"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."

"I know that the product is incredibly expensive."

"Compared to other brands, Microsoft Defender for Office 365's pricing is competitive."

"It is much more expensive than using another solution because we have had to include some options and upgrade our license."

"For large enterprise organizations, they can definitely afford it, but for small and medium organizations, they might struggle to cover the expenses."

"The product is expensive."

"It's a user-base subscription."

"Defender for 365 comes in various plans and licenses, along with other Microsoft security solutions. Purchasing this kind of package or security bundle gives good value for money, and that's what I recommend."

"Microsoft Defender is expensive. I typically recommend it only if clients have the budget. Otherwise, I would suggest an alternative."

More Microsoft Defender for Office 365 pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.

See recommendations

793,295 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

15%

Financial Services Firm

14%

Government

Manufacturing Company

Computer Software Company

17%

Financial Services Firm

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Microsoft Defender for Identity?

Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence.

See all answers

What needs improvement with Microsoft Defender for Identity?

One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents. Currently, it is mandatory to install the agent on the on-premises e...

See all answers

What is your primary use case for Microsoft Defender for Identity?

Microsoft Defender for Identity is like a personal security guard for our organization's identity. It keeps a close eye on how we use our identities across both on-premises and Azure Active Directo...

See all answers

What do you like most about Microsoft Defender for Office 365?

Threat Explorer is an invaluable tool for me, and it plays a crucial role in helping me discern the origins of various email campaigns, pinpointing where they emanate from, and identifying the indi...

See all answers

What is your experience regarding pricing and costs for Microsoft Defender for Office 365?

While Microsoft Defender for Office 365 necessitates pricier E3 or E5 subscriptions, the extensive functionality offered by these licenses across various Microsoft products justifies the investment.

See all answers

What needs improvement with Microsoft Defender for Office 365?

Microsoft Defender for Cloud Apps is a very good solution that allows you to use a single port or tool to control everything happening with your organization's different cloud applications. Configu...

See all answers

Comparisons

Microsoft Entra ID Protection vs Microsoft Defender for Identity

Compared 42% of the time

Microsoft Entra Verified ID vs Microsoft Defender for Identity

Compared 9% of the time

Microsoft Defender for Endpoint vs Microsoft Defender for Identity

Compared 4% of the time

Microsoft Entra ID vs Microsoft Defender for Identity

Compared 3% of the time

Splunk User Behavior Analytics vs Microsoft Defender for Identity

Compared 3% of the time

More Microsoft Defender for Identity Competitors

Proofpoint Email Protection vs Microsoft Defender for Office 365

Compared 14% of the time

Mimecast Email Security vs Microsoft Defender for Office 365

Compared 10% of the time

Microsoft Exchange Online Protection (EOP) vs Microsoft Defender for Office 365

Compared 7% of the time

Cisco Secure Email vs Microsoft Defender for Office 365

Compared 6% of the time

Hornetsecurity 365 Total Protection vs Microsoft Defender for Office 365

Compared 3% of the time

More Microsoft Defender for Office 365 Competitors

Product Reports

Buyer's Guide

Microsoft Defender for Identity

July 2024

Download Microsoft Defender for Identity product report

Buyer's Guide

Microsoft Defender for Office 365

July 2024

Microsoft Defender for Office 365 report

Download Microsoft Defender for Office 365 product report

Also Known As

Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity

MS Defender for Office 365

Learn More

Microsoft

Overview

Microsoft Defender for Identity is a comprehensive security solution that helps organizations protect their identities and detect potential threats. It leverages advanced analytics and machine learning to provide real-time visibility into user activities, enabling proactive identification of suspicious behavior.

With its powerful detection capabilities, it can identify various types of attacks, including brute force, pass-the-hash, and golden ticket attacks. The solution also offers rich reporting and alerting capabilities, allowing security teams to quickly respond to incidents and mitigate risks. By continuously monitoring user activities and providing actionable insights, Microsoft Defender for Identity helps organizations strengthen their security posture and safeguard their sensitive data.

Microsoft Defender for Office 365 is a comprehensive security solution designed to protect organizations against advanced threats in their email, collaboration, and productivity environments. It combines the power of Microsoft's threat intelligence, machine learning, and behavioral analytics to provide real-time protection against phishing, malware, ransomware, and other malicious attacks.

With Microsoft Defender for Office 365, organizations can safeguard their email communication by detecting and blocking malicious links, attachments, and unsafe email content. It employs advanced anti-phishing capabilities to identify and prevent sophisticated phishing attacks that attempt to steal sensitive information or compromise user credentials.

This solution also offers robust protection against malware and ransomware. It leverages machine learning algorithms to analyze email attachments and URLs in real-time, identifying and blocking malicious content before it reaches users' inboxes. Additionally, it provides advanced threat-hunting capabilities, allowing security teams to proactively investigate and respond to potential threats.

Microsoft Defender for Office 365 goes beyond email protection and extends its security features to other collaboration tools like SharePoint, OneDrive, and Teams. It scans files and documents stored in these platforms, ensuring that they are free from malware and other malicious content. It also provides visibility into user activities, helping organizations detect and mitigate insider threats.

Furthermore, this solution offers rich reporting and analytics capabilities, providing organizations with insights into their security posture and threat landscape. It enables security administrators to monitor and manage security incidents, track trends, and take proactive measures to enhance their overall security posture.

Sample Customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.

Microsoft Defender for Office 365 is trusted by companies such as Ithaca College.

Buyer's Guide

Microsoft Defender for Identity vs. Microsoft Defender for Office 365

June 2024

Free Report: Microsoft Defender for Identity vs. Microsoft Defender for Office 365

Find out what your peers are saying about Microsoft Defender for Identity vs. Microsoft Defender for Office 365 and other solutions. Updated: June 2024.

DOWNLOAD NOW

793,295 professionals have used our research since 2012.

See our Microsoft Defender for Identity vs. Microsoft Defender for Office 365 report.

See our list of best Advanced Threat Protection (ATP) vendors and best Microsoft Security Suite vendors.

We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.