Microsoft Defender for Identity vs Microsoft Purview Audit comparison

Microsoft Defender for Identity and Microsoft Purview Audit are both solutions in the Microsoft Security Suite category. Microsoft Defender for Identity is ranked #3 with an average rating of 8.8, while Microsoft Purview Audit is ranked #31 with an average rating of 8.0. Microsoft Defender for Identity holds a 6.5% mindshare in Microsoft Security Suite, compared to Microsoft Purview Audit’s 1.0% mindshare. Additionally, 100% of Microsoft Defender for Identity users are willing to recommend the solution, compared to 100% of Microsoft Purview Audit users who would recommend it.

Microsoft Defender for Iden...

Read 26 Microsoft Defender for Identity reviews

7,070 Views
4,454 Comparison Views

100% willing to recommend

Microsoft Purview Audit

Read 3 Microsoft Purview Audit reviews

1,007 Views
292 Comparison Views

100% willing to recommend

Microsoft Defender for Iden...

Microsoft Purview Audit

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Microsoft Defender for Identity and Microsoft Purview Audit based on real PeerSpot user reviews.

Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Microsoft Defender for Identity vs. Microsoft Purview Audit Report (Updated: September 2025).

Buyer's Guide

Microsoft Defender for Identity vs. Microsoft Purview Audit

September 2025

Download the complete report

Helped 869,513 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Microsoft Defender for Iden...

Ranking in Microsoft Security Suite

3rd

Average Rating

8.8

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Advanced Threat Protection (ATP) (5th), Identity Threat Detection and Response (ITDR) (3rd)

Microsoft Purview Audit

Ranking in Microsoft Security Suite

31st

Average Rating

8.0

Reviews Sentiment

5.1

Number of Reviews

Ranking in other categories

Log Management (36th)

Mindshare comparison

As of October 2025, in the Microsoft Security Suite category, the mindshare of Microsoft Defender for Identity is 6.5%, down from 7.6% compared to the previous year. The mindshare of Microsoft Purview Audit is 1.0%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Microsoft Security Suite Market Share Distribution
Product	Market Share (%)
Microsoft Defender for Identity	6.5%
Microsoft Purview Audit	1.0%
Other	92.5%

Microsoft Security Suite

Featured Reviews

Peter Arabomen

Security Engineer at Fidelity Bank Plc

Has supported hybrid identity management while integrating well with cloud directory services

The only challenge I have with Microsoft Defender for Identity is the latency. I may not put that entirely on Microsoft, because latency could be network related. At times when trying to authenticate, the prompt is delayed. We tried implementing passwordless authentication, especially for on-premises workloads, but we haven't been able to achieve that. Passwordless authentication is part of the identity functionalities, particularly when it comes to enforcing passwordless for on-premises workloads. In terms of improvements, you can't create OUs on Azure AD. Regarding giving users privileges on what they can do across different OUs, I haven't seen that feature on Microsoft Defender for Identity. Microsoft Defender for Identity needs to be able to plug into third-party applications that are not Microsoft. For instance, with a human resource application used to manage users and leave requests, when staff leaves the organization, they are first exited from that application before AD. Integration between Azure AD and third-party applications would allow automatic syncing when removing staff. The initial setup of Microsoft Defender for Identity is not hard. However, setup is one thing, and getting value from the application end-to-end is another. It can be set up and running from the first day but not functioning optimally. Initially, when we did the setup, it wasn't optimal. Over time, with continuous improvement, which we're still doing, we've gotten to a comfortable level, but there's still room for improvement.

Read full review

Matthew Hoerig

President at Trustsec Inc.

Audit function refines log retrieval and drives application assessments with evolving features

From a service assessment and authorization process perspective, when conducting an assessment on an application or system, we use controls essentially equivalent to the NIST 800-53 framework. This includes examining audit logs, data quality, and various KPIs required for log configuration. It factors into our application assessments. When producing documentation packages for application or system authorization, audit logging and monitoring are crucial parts of the assessment process. The evidence we gather includes screenshots and outputs from these tools and capabilities. For Microsoft Purview Audit specifically, we provide examples of audit function configuration and log output details, which are incorporated into our evidence documents.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature is its hybrid artificial intelligence, which gathers forensic data to track and counteract security threats, much like the CSI series in effect."

"It automates routine testing and helps automate the finding of high-value alerts."

"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."

"It is easy to set up. Based on the number of devices you would like to set up, you can use scripts, Group Policy, etc. It takes five minutes to set up."

"Defender for Identity has not affected the end-user experience."

"The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident."

"The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks."

"Auto-remediation is a valuable feature applied to Microsoft Defender for Identity, reducing the burden of investigating false positives."

More Microsoft Defender for Identity pros

"We're easily saving at least one hour per day using this solution."

"The platform has significantly enhanced our operational insight into the overall Microsoft 365 environment."

"The overall user experience with Microsoft Purview Audit is of higher quality than when it was branded as Compliance Center, and Microsoft consistently updates and evolves functionalities and the overall experience."

Cons

"Fixing the solution isn't very seamless."

"One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform to promptly alert affected users and their friends."

"The solution should provide more detailed data regarding anomaly detections."

"The impact of the sensors on the domain controllers can be quite high depending on your loads. I don't know if there's any room for improvement there, but that's one of the things that might be improved."

"And when you are working in a priority IP address, Identity is not able to know that those IPs are from the company. It sees that the IPs are from Taiwan or from Hong Kong or from India, even though they are internal IPs, resulting in a lot of false positives."

"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."

"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."

More Microsoft Defender for Identity cons

"Areas for product improvement include enhancing customization options and integrating more comprehensive compliance features."

"We are still in the early stages of leveraging Microsoft Purview Audit. Currently, it's primarily used for the audit function."

"We do have a Denial of Access happening."

Pricing and Cost Advice

"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."

"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."

"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."

"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."

"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."

Information not available

See which vendors are best for you

Use our free recommendation engine to learn which Microsoft Security Suite solutions are best for your needs.

See recommendations

869,513 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

15%

Financial Services Firm

12%

Manufacturing Company

Comms Service Provider

Financial Services Firm

16%

Computer Software Company

14%

Educational Organization

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	7
Midsize Enterprise	3
Large Enterprise	14

No data available

Questions from the Community

What do you like most about Microsoft Defender for Identity?

Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence.

See all answers

What needs improvement with Microsoft Defender for Identity?

See all answers

What is your primary use case for Microsoft Defender for Identity?

I've used Microsoft Defender for Identity primarily for provisioning users on Azure AD and Microsoft authentication. For hybrid scenarios, I integrate on-premises AD to Azure AD. We use AD Connect ...

See all answers

What is your experience regarding pricing and costs for Microsoft Purview Audit?

I'm not aware of the pricing of licensing terms.

See all answers

What needs improvement with Microsoft Purview Audit?

Areas for product improvement include enhancing customization options and integrating more comprehensive compliance features.

See all answers

What is your primary use case for Microsoft Purview Audit?

We utilize Microsoft Purview Audit for monitoring security and compliance aspects.

See all answers

Comparisons

Microsoft Entra ID Protection vs Microsoft Defender for Identity

Compared 17% of the time

Microsoft Purview Insider Risk Management vs Microsoft Defender for Identity

Compared 16% of the time

CrowdStrike Falcon vs Microsoft Defender for Identity

Compared 13% of the time

BloodHound Enterprise vs Microsoft Defender for Identity

Compared 7% of the time

Microsoft Defender for Endpoint vs Microsoft Defender for Identity

Compared 6% of the time

More Microsoft Defender for Identity Competitors

SolarWinds Kiwi Syslog Server vs Microsoft Purview Audit

Compared 9% of the time

Splunk Enterprise Security vs Microsoft Purview Audit

Compared 9% of the time

Sumo Logic Security vs Microsoft Purview Audit

Compared 9% of the time

Fortinet FortiAnalyzer vs Microsoft Purview Audit

Compared 8% of the time

Microsoft Purview eDiscovery vs Microsoft Purview Audit

Compared 8% of the time

More Microsoft Purview Audit Competitors

Product Reports

Buyer's Guide

Microsoft Defender for Identity

September 2025

Download Microsoft Defender for Identity product report

Buyer's Guide

Log Management

October 2025

Download Microsoft Purview Audit product report

Also Known As

Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity

No data available

Overview

Microsoft Defender for Identity integrates with Microsoft tools to monitor user activity, providing advanced threat detection and analysis using AI. It enhances proactive threat response and security visibility, making it essential for securing on-premises and cloud environments like Active Directory.

Microsoft Defender for Identity offers comprehensive monitoring and AI-driven user behavior analysis. It detects threats through real-time alerts and identifies lateral movements and entity tagging, ensuring robust security management. With excellent visibility via its dashboard, it supports customized detection rules and seamlessly integrates with SIEM platforms. While SecureScore and SecureScan provide robust environment security, there is room for improvement in cloud security, on-premises application integration, and remediation capabilities. Azure integration is limited, and the administrative interface could be more user-friendly. Users experience frequent false positives, affecting threat detection efficiency.

What key features stand out in Microsoft Defender for Identity?

Integration with Microsoft Tools: Ensures comprehensive protection across environments.
AI-driven Behavior Analysis: Uses artificial intelligence to analyze user actions.
Real-time Threat Detection: Provides immediate alerts to potential threats.
Lateral Movement Identification: Detects unusual lateral access among users.
Dashboards with Visibility: Offers insights into security issues with customization options.
SIEM Integration: Works seamlessly with security information and event management systems.

What benefits should users look for when reviewing Microsoft Defender for Identity?

Enhanced Threat Prioritization: Helps in effective identification and tackling of threats.
Improved Proactive Responses: Facilitates a prompt and efficient response mechanism.
Security Across Environments: Protects both on-premises and cloud-based infrastructures.
Optimized Conditional Access: Manages policies to enhance security protocol efficacy.

In specific industries such as education and finance, Microsoft Defender for Identity is crucial for securing on-premises Active Directory and Azure Active Directory environments. It effectively detects suspicious activities and manages conditional access policies, offering user and entity behavior analytics, endpoint detection and response capabilities. This helps prevent unauthorized access and strengthens overall security, making it an invaluable asset for organizations aiming to safeguard their digital infrastructure.

Microsoft

The unified auditing functionality in Microsoft 365 provides organizations with visibility into many types of audited activities across many different services in Microsoft 365. Advanced Audit helps organizations to conduct forensic and compliance investigations by increasing audit log retention required to conduct an investigation, providing access to crucial events that help determine scope of compromise, and faster access to Office 365 Management Activity API.

Microsoft

Sample Customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.

Information Not Available

Buyer's Guide

Microsoft Defender for Identity vs. Microsoft Purview Audit

September 2025

Free Report: Microsoft Defender for Identity vs. Microsoft Purview Audit

Find out what your peers are saying about Microsoft Defender for Identity vs. Microsoft Purview Audit and other solutions. Updated: September 2025.

DOWNLOAD NOW

869,513 professionals have used our research since 2012.

See our Microsoft Defender for Identity vs. Microsoft Purview Audit report.

See our list of best Microsoft Security Suite vendors.

We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.