We performed a comparison between Microsoft Defender for Identity and Microsoft Defender Threat Intelligence based on real PeerSpot user reviews.
Find out in this report how the two Advanced Threat Protection (ATP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution offers excellent visibility into threats."
"All the integration it has with different Microsoft packages, like Teams and Office, is good."
"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."
"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."
"The feature I like the most about Defender for Identity is the entity tags. They give you the ability to identify sensitive accounts, devices, and groups. You also have honeytoken entities, which are devices that are identified as "bait" for fraudulent actors."
"Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence."
"Defender for Identity has not affected the end-user experience."
"This solution has advanced a lot over the last few years."
"The product's anti-spam and malware-scanning features are useful. We scan email attachments, documents, and malicious codes."
"Microsoft collects trillions of signals from all over the world, which is incredibly valuable. It helps us identify zero-day vulnerabilities and global threats."
"The product is useful when the end user downloads malware files."
"Microsoft Defender Threat Intelligence assesses machines for vulnerabilities and gives remediations."
"It is very scalable. There are approximately 2,000 endpoints and up to 200 servers in our company."
"The user interface is pretty user-friendly."
"The tool can proactively detect potential incidents."
"They have a very transparent roadmap for the product."
"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."
"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."
"The impact of the sensors on the domain controllers can be quite high depending on your loads. I don't know if there's any room for improvement there, but that's one of the things that might be improved."
"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."
"I would like to be able to do remediation from the platform because it is just a scanner right now. If you onboard a device, it shows you what is happening, but you can't use it to fix things. You need to go into the system to fix it instead."
"When the data leaves the cloud, there are security issues."
"We observe a lot of false positives. Sometimes, when we go for a coffee break, we lock our screens. Locking the screen has a separate Windows event ID and sometimes I see it is detected as a failed login."
"It would be beneficial to enhance the pricing structure and make it more affordable."
"The price of the solution is an area of concern where improvements are required. In general, the solution's price needs to be reduced."
"The price could be improved."
"There could be AI functionality included for features like reporting and dashboard preparation."
"One area where Microsoft Defender could be improved is in its support for non-Microsoft products, particularly for systems running Linux or other open-source platforms across ecosystems."
"Microsoft itself is a major target for attacks and threats due to its size and popularity. That could be considered Microsoft's Achilles heel."
"I would like to see more AI features and capabilities."
"We encounter problems connecting the product deployed on the user endpoints with the servers."
More Microsoft Defender for Identity Pricing and Cost Advice →
More Microsoft Defender Threat Intelligence Pricing and Cost Advice →
Microsoft Defender for Identity is ranked 6th in Advanced Threat Protection (ATP) with 13 reviews while Microsoft Defender Threat Intelligence is ranked 15th in Advanced Threat Protection (ATP) with 23 reviews. Microsoft Defender for Identity is rated 9.0, while Microsoft Defender Threat Intelligence is rated 8.4. The top reviewer of Microsoft Defender for Identity writes "Offers robust protection from insider threats, but the customer support is poor". On the other hand, the top reviewer of Microsoft Defender Threat Intelligence writes "A tool that offers endpoint protection with low maintenance costs". Microsoft Defender for Identity is most compared with Microsoft Entra ID Protection, Microsoft Defender for Office 365, Microsoft Entra Verified ID, Splunk User Behavior Analytics and Microsoft Sentinel, whereas Microsoft Defender Threat Intelligence is most compared with Microsoft Sentinel, STAXX, Cisco Threat Grid, ThreatConnect Threat Intelligence Platform (TIP) and VirusTotal. See our Microsoft Defender Threat Intelligence vs. Microsoft Defender for Identity report.
See our list of best Advanced Threat Protection (ATP) vendors and best Microsoft Security Suite vendors.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.