• Home
  • Microsoft Defender for Identity vs. Microsoft Entra ID

Microsoft Defender for Identity vs Microsoft Entra ID comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo

Microsoft Defender for Identity

Read 13 Microsoft Defender for Identity reviews
5,650 views|3,124 comparisons
100% willing to recommend
Microsoft Logo

Microsoft Entra ID

Read 190 Microsoft Entra ID reviews
4,075 views|2,823 comparisons
94% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Microsoft Defender for Identity vs. Microsoft Entra ID
March 2024
Executive Summary

We performed a comparison between Microsoft Defender for Identity and Microsoft Entra ID based on real PeerSpot user reviews.

Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Microsoft Defender for Identity vs. Microsoft Entra ID Report (Updated: March 2024).
Download the complete report
768,857 professionals have used our research since 2012.
Featured Review
Bikram S.
Helps keep our endpoints safe, protecting against DDoS and brute-force attacks
It helps our organization protect employee access and prevent anyone from outside of the organization from accessing our systems. It is very... Read more →
Daison Marks
Researched Microsoft Defender for Identity but chose Microsoft Entra ID: Significantly enhanced the user experience for our employees and helped our IT administrators and department save time
During the pandemic, we were able to smoothly shift our employees to work from home. Azure Active Directory played a crucial role in ensuring the... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export.""The feature I like the most about Defender for Identity is the entity tags. They give you the ability to identify sensitive accounts, devices, and groups. You also have honeytoken entities, which are devices that are identified as "bait" for fraudulent actors.""The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud.""One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password.""The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident.""The solution offers excellent visibility into threats.""This solution has advanced a lot over the last few years.""The feature I like most is that you can create your own customized detection rules. It has a lot of default alerts and rules, but you can customize them according to your business needs."

More Microsoft Defender for Identity Pros →

"Being able to easily authenticate yourself on the MSA app is valuable. It is easy to use. Rather than receiving a code in an SMS, you can just verify that it is you. You don't have to punch in any password or any six-digit code. That's the feature that I like the most.""The two-step authentication is the most valuable.""Don't delay implementing this solution, it's the best thing you can do for your identity protection.""It's very easy to run and it's part of their ecosystem and I don't think it's going anywhere anytime soon.""I like Azure AD's conditional access policies. Microsoft Entra provides a single pane of glass for managing user access, improving the overall user experience.""I like Entra's ability to integrate the Active Directory with third-party solutions. It's straightforward. I like the ability to define third-party systems and make the AD the primary identity provider.""Overall the solution functions very well, such as the ability to access it from the cloud.""What I like about Microsoft Authenticator is that it has good features. I also like that the tool is straightforward to use. Microsoft Authenticator also has a good UI that's very simple to use. I also like that I didn't find any limitations or negative aspects from the features of the tool because Microsoft Authenticator is not an extensive application. It has a two-factor based authentication which validates the user through the password, then it approves authentication."

More Microsoft Entra ID Pros →

Cons
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further.""One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents.""Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts.""An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate.""The tracking instance needs to be configured appropriately.""When the data leaves the cloud, there are security issues.""And when you are working in a priority IP address, Identity is not able to know that those IPs are from the company. It sees that the IPs are from Taiwan or from Hong Kong or from India, even though they are internal IPs, resulting in a lot of false positives.""The impact of the sensors on the domain controllers can be quite high depending on your loads. I don't know if there's any room for improvement there, but that's one of the things that might be improved."

More Microsoft Defender for Identity Cons →

"Microsoft has so many different requirements and priorities that sometimes they don't invest all their energy into the products that you have expectations to investigate.""For the end users, it can be confusing if they have worked for another company that had the Authenticator app. It is tricky if they have already had the Authenticator app and then work somewhere else. If they have to download it again and use it again on their phone, it is something that gets complicated. I know how to get through it. They just need to uninstall and reinstall the application, but for them, sometimes, it is confusing.""The custom role creation function could be improved as it's somewhat tricky to use.""I think there is room for improvement with actually discussing, and advertising Microsoft as a an authenticator. Many people just get confused and use Google, and I think if Microsoft would make more of an effort to penetrate the market, that would be key.""The Cloud Provisioning Agent cannot provision a lot of the information that AD Connect does. For starters, the lightweight version cannot synchronize device information. If you have computers on-premises, the information about them will not be synchronized by the Cloud Provisioning Agent. In addition, if you have a user on the cloud and he changes his password, that information should be written back to the on-premises instance. But that workflow cannot be done with the lightweight agent. It can only be done with the more robust version.""At the free or basic level of service, Azure should provide identity protection features including single sign-on and multifactor authentication.""I would like to see Microsoft communicate how they intend to manage legacy applications. Right now, you still have to deploy a hosted domain server (which comes at an extra cost) if you have a legacy application that cannot sync properly with the enterprise applications and the modern applications.""We have a lot of freedom in using the Group Policy Objects and, although Group Policy Objects are part of Azure Active Directory, there are still a lot of things that can be improved, such as providing local admin rights to a user. There are various, easy ways that I can do that in the on-premises version, but in the cloud version, it is a bit difficult. You have to create a bunch of policies to make it work."

More Microsoft Entra ID Cons →

Pricing and Cost Advice
  • "You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."
  • "Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."
  • "The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."
  • "It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."

    • More Microsoft Defender for Identity Pricing and Cost Advice →

  • "The licensing cost is a bit prohibitive."
  • "The licensing is really not clear unless you are a premium client."
  • "Licensing is easy."
  • "It is a really nice tool and we have a license for the more complex model."
  • "It is not too expensive."
  • "It's really affordable."
  • "I do not have experience with pricing."
  • "Licensing fees are paid on a monthly basis and the cost depends on the number of users."

    • More Microsoft Entra ID Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Microsoft Security Suite solutions are best for your needs.
    See Recommendations
    768,857 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Microsoft Defender for Identity?
    Top Answer:Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence.
    Read all 7 answers   →
    What needs improvement with Microsoft Defender for Identity?
    Top Answer:One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents. Currently, it is mandatory to install the agent on the on-premises… more »
    Read all 7 answers   →
    What is your primary use case for Microsoft Defender for Identity?
    Top Answer:Microsoft Defender for Identity is like a personal security guard for our organization's identity. It keeps a close eye on how we use our identities across both on-premises and Azure Active Directory… more »
    Read all 7 answers   →
    How does Duo Security compare with Microsoft Authenticator?
    Top Answer:We switched to Duo Security for identity verification. We’d been using a competitor but got the chance to evaluate Duo for 30 days, and we could not be happier Duo Security is easy to configure and… more »
    What do you like most about Azure Active Directory?
    Top Answer:It is very simple. The Active Directory functions are very easy for us. Its integration with anything is very easy. We can easily do third-party multifactor authentication.
    Read all 102 answers   →
    What is your experience regarding pricing and costs for Azure Active Dire...
    Top Answer:It is worth the money.
    Read all 84 answers   →
    Ranking
    8th
    out of 36 in Microsoft Security Suite
    Views
    5,650
    Comparisons
    3,124
    Reviews
    9
    Average Words per Review
    956
    Rating
    8.9
    4th
    out of 36 in Microsoft Security Suite
    Views
    4,075
    Comparisons
    2,823
    Reviews
    90
    Average Words per Review
    878
    Rating
    8.7
    Comparisons
    Also Known As
    Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity
    Azure AD, Azure Active Directory, Azure Active Directory, Microsoft Authenticator
    Learn More
    Microsoft
    Microsoft
    Interactive Demo
    Microsoft
    Demo Not Available
    Microsoft
    Watch a demo
    Overview

    Microsoft Defender for Identity is a comprehensive security solution that helps organizations protect their identities and detect potential threats. It leverages advanced analytics and machine learning to provide real-time visibility into user activities, enabling proactive identification of suspicious behavior. 

    With its powerful detection capabilities, it can identify various types of attacks, including brute force, pass-the-hash, and golden ticket attacks. The solution also offers rich reporting and alerting capabilities, allowing security teams to quickly respond to incidents and mitigate risks. By continuously monitoring user activities and providing actionable insights, Microsoft Defender for Identity helps organizations strengthen their security posture and safeguard their sensitive data.

    Microsoft Entra ID, previously known as Azure AD (Active Directory), is Microsoft's cloud-based identity and access management (IAM) solution. Designed to help organizations of all sizes manage user identities and create an intelligent security perimeter around their cloud and on-premise resources. Microsoft Entra ID or Azure AD is integral to the Microsoft 365 and Azure ecosystems. It provides a robust set of capabilities to manage users and groups and secure access to applications in a centralized, streamlined manner.

    Microsoft Entra ID (Azure AD) is a login system, morphing into a sophisticated identity and access management (IAM) solution for the modern, hybrid workplace. Imagine a single vault for all your digital keys – that's the essence of Entra ID's identity management. It acts as a central repository for user identities, encompassing usernames, passwords, and even additional attributes like department or employee role.

    These capabilities enabled simplified administration using a unified platform for adding, modifying, and deleting user accounts. Users no longer need to remember login credentials for a plethora of applications. Entra ID streamlines access by using the same identity across various cloud services and on-premises resources (if integrated). Centralized identity management allows for stricter enforcement of security policies and password complexity requirements across the organization.

    Authentication sits at the heart of the solution, ensuring only authorized users gain access to sensitive resources. It employs a multi-pronged approach:

    • Password Authentication: The traditional method of username and password is still supported, but Entra ID encourages stronger authentication methods.
    • Multi-Factor Authentication (MFA): Adding an extra layer of security, MFA requires users to verify their identity beyond just a password – through a code sent to their phone, fingerprint recognition, or a security key.
    • Single Sign-On (SSO): This user-friendly feature eliminates the need to enter credentials repeatedly. Users sign in once to Entra ID and gain seamless access to all authorized applications, boosting productivity.
    • Conditional Access Policies: Providing granular control over how and when users can access resources. Based on conditions like user role, location, device state, and the application being accessed, Conditional Access policies help ensure that only the right people under the right conditions can access sensitive resources.
    • Seamless Integration: Seamless integration with thousands of SaaS applications, Microsoft 365, and on-premises applications via Application Proxy or third-party identity bridges.
    • Advanced Security Reports and Alerts: Sophisticated security monitoring, reporting tools, and automated alerts. These features enable to identify potential security issues, such as atypical behavior or attempted identity attacks, allowing for swift remediation actions.

    For organizations with on-premises infrastructure, Microsoft Entra ID (Azure AD) offers hybrid identity options. This allows for a smooth integration between on-premises Active Directory and Entra ID, providing a consistent identity for users across both environments. It enables organizations to leverage their existing investments in on-premises infrastructure while taking advantage of cloud scalability and flexibility.

    In conclusion, Microsoft Entra ID (Azure AD) is a comprehensive IAM solution that addresses the complex challenges of managing and securing identities in a cloud-centric world. Its blend of ease of use, security, and integration capabilities makes it an essential component of modern IT infrastructure, supporting both operational efficiency and strategic business objectives.

    Additional links:

        Sample Customers
        Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.
        Microsoft Entre ID is trusted by companies of all sizes and industries including Walmart, Zscaler, Uniper, Amtrak, monday.com, and more.
        Top Industries
        VISITORS READING REVIEWS
        Computer Software Company15%
        Financial Services Firm13%
        Government8%
        Manufacturing Company7%
        REVIEWERS
        Financial Services Firm14%
        Computer Software Company14%
        Manufacturing Company5%
        Educational Organization5%
        VISITORS READING REVIEWS
        Educational Organization26%
        Computer Software Company12%
        Financial Services Firm9%
        Government6%
        Company Size
        REVIEWERS
        Small Business17%
        Midsize Enterprise17%
        Large Enterprise67%
        VISITORS READING REVIEWS
        Small Business21%
        Midsize Enterprise16%
        Large Enterprise63%
        REVIEWERS
        Small Business33%
        Midsize Enterprise14%
        Large Enterprise53%
        VISITORS READING REVIEWS
        Small Business18%
        Midsize Enterprise34%
        Large Enterprise48%
        Buyer's Guide
        Microsoft Defender for Identity vs. Microsoft Entra ID
        March 2024
        Free Report: Microsoft Defender for Identity vs. Microsoft Entra ID
        Find out what your peers are saying about Microsoft Defender for Identity vs. Microsoft Entra ID and other solutions. Updated: March 2024.
        DOWNLOAD NOW
        768,857 professionals have used our research since 2012.

        Microsoft Defender for Identity is ranked 8th in Microsoft Security Suite with 13 reviews while Microsoft Entra ID is ranked 4th in Microsoft Security Suite with 190 reviews. Microsoft Defender for Identity is rated 9.0, while Microsoft Entra ID is rated 8.6. The top reviewer of Microsoft Defender for Identity writes "Offers robust protection from insider threats, but the customer support is poor". On the other hand, the top reviewer of Microsoft Entra ID writes "Allows users to authenticate from home and has excellent integrations in a simple, stable solution". Microsoft Defender for Identity is most compared with Microsoft Entra ID Protection, Microsoft Defender for Office 365, Microsoft Entra Verified ID, Splunk User Behavior Analytics and Microsoft Defender for Cloud Apps, whereas Microsoft Entra ID is most compared with Microsoft Intune, Google Cloud Identity, CyberArk Privileged Access Manager, Yubico YubiKey and Cisco Duo. See our Microsoft Defender for Identity vs. Microsoft Entra ID report.

        See our list of best Microsoft Security Suite vendors.

        We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.