Microsoft Defender for Identity and Microsoft Defender Threat Intelligence both offer advanced security solutions, competing in the enterprise security category. Defender for Identity is distinguished by its seamless integration within enterprises, while Defender Threat Intelligence excels with superior real-time threat detection and monitoring.
Features: Microsoft Defender for Identity integrates with other Microsoft components, enhancing enterprise security. It offers tools like historical logging, identity security posture, and privilege escalation detection. Microsoft Defender Threat Intelligence, known for comprehensive threat monitoring, includes ease of use and sandboxing for threat analysis. It integrates effectively with Microsoft products such as Intune and Office 365.
Room for Improvement: Defender for Identity could reduce false positives and improve Azure ID integration with on-premise systems. Alert resolution within the platform remains a challenge. Threat Intelligence can expand integration with non-Microsoft products and simplify its pricing model. Both require improvements in alert noise reduction and compatibility extension.
Ease of Deployment and Customer Service: Defender for Identity offers easy deployment in public and on-premise environments but faces challenges with support speed and knowledge. Defender Threat Intelligence, deployable across hybrid clouds, receives mixed support feedback based on subscription levels. Both solutions enable robust deployment, though support quality varies.
Pricing and ROI: Defender for Identity is competitively priced within the E5 licensing suite, offering diverse licensing for enterprises and good ROI by reducing breach risks. Defender Threat Intelligence, part of Microsoft 365, is cost-effective when bundled, yet criticized for its complex licensing, particularly challenging for SMEs. Pricing and perceived value reflect the need to assess specific requirements before investing.
Generally, the support is more effective than other providers like Oracle.
The quality of support is very good, but troubleshooting can take time due to complex setups and the need to provide many logs.
Level two support is knowledgeable and knows how the product works, which is very good.
In a Microsoft-centric organization, especially with Azure infrastructure and Office 365, Microsoft Defender for Identity is scalable.
If there were some customizations available, I would rate its scalability as nine out of ten.
Microsoft Defender for Identity is quite robust and built on Azure hyperscale infrastructure, with a 99% availability.
Having recently started using it, reliability is affirmed, but manual investigation is often performed to verify if alerts identified by auto-remediation are accurate.
It provides a high level of security and avoids phishing and scam emails.
If Microsoft could develop a feature that indicates when impossible travel is caused by VPN connections, it would prevent unnecessary password resets and session disruptions, especially for VIP users in organizations.
One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform.
Reducing false positives is something we've been working on with Microsoft.
Providing code customization would help keep pace with new vulnerabilities and threats.
From the telemetry data standpoint, I would prefer Defender data to be more open in future updates.
If they can reduce the costs, organizations will be happy, and it will compensate for using the Azure environment, which is more expensive on the infrastructure as a service side.
From an organization perspective, using E5 licenses is value for money, especially if Azure and Office 365 are already in use.
the Microsoft Defender Suite is quite expensive, especially when integrated into Sentinel.
We receive an advance report of risky users, allowing us to take preemptive action before an attack causes damage to organization details.
I find the most valuable features in Microsoft Defender for Identity to be the conditional access and the rule-based access control to give users their actual role-based permission to work.
The integration into the Microsoft Defender ecosystem is the most valuable feature of Microsoft Defender for Identity.
If a new phishing attack is detected, users can report it, enabling the solution to analyze and take corrective actions.
Our threat detection is enhanced due to the AI agents in Microsoft Defender Threat Intelligence, which helps in detecting automatically.
Microsoft Defender for Identity integrates with Microsoft tools to monitor user activity, providing advanced threat detection and analysis using AI. It enhances proactive threat response and security visibility, making it essential for securing on-premises and cloud environments like Active Directory.
Microsoft Defender for Identity offers comprehensive monitoring and AI-driven user behavior analysis. It detects threats through real-time alerts and identifies lateral movements and entity tagging, ensuring robust security management. With excellent visibility via its dashboard, it supports customized detection rules and seamlessly integrates with SIEM platforms. While SecureScore and SecureScan provide robust environment security, there is room for improvement in cloud security, on-premises application integration, and remediation capabilities. Azure integration is limited, and the administrative interface could be more user-friendly. Users experience frequent false positives, affecting threat detection efficiency.
What key features stand out in Microsoft Defender for Identity?In specific industries such as education and finance, Microsoft Defender for Identity is crucial for securing on-premises Active Directory and Azure Active Directory environments. It effectively detects suspicious activities and manages conditional access policies, offering user and entity behavior analytics, endpoint detection and response capabilities. This helps prevent unauthorized access and strengthens overall security, making it an invaluable asset for organizations aiming to safeguard their digital infrastructure.
Microsoft Defender Threat Intelligence is a comprehensive security solution that provides organizations with real-time insights into the latest cyber threats. Leveraging advanced machine learning and artificial intelligence capabilities, it offers proactive threat detection and response, enabling businesses to stay one step ahead of attackers. With Microsoft Defender Threat Intelligence, organizations gain access to a vast array of threat intelligence data, including indicators of compromise (IOCs), security incidents, and emerging threats. This data is collected from a wide range of sources, such as Microsoft's global sensor network, industry partners, and security researchers, ensuring comprehensive coverage and accuracy. The solution's advanced analytics and machine learning algorithms analyze this threat intelligence data in real-time, identifying patterns, trends, and anomalies that may indicate a potential security breach. By continuously monitoring the network and endpoints, Microsoft Defender Threat Intelligence can quickly detect and respond to threats, minimizing the impact of attacks and reducing the time to remediation.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
