Microsoft Defender for Identity vs Morphisec comparison

Microsoft Defender for Iden...

Read 21 Morphisec reviews

4,929 Views
887 Comparison Views

100% willing to recommend

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Dec 1, 2024

Morphisec and Microsoft Defender for Identity compete in the cybersecurity sector, offering unique approaches to threat prevention and detection. Morphisec seems to have the upper hand in zero-day threat resilience due to its deterministic prevention, while Microsoft Defender for Identity excels in integration within the Microsoft ecosystem for threat detection and comprehensive security management.

Features: Morphisec provides deterministic attack prevention by blocking in-memory attacks without relying on threat detection. It integrates easily with Microsoft Defender, offering a lightweight design and single console for threat visibility. Microsoft Defender for Identity uses behavioral analytics and machine learning for advanced threat detection and integrates across Microsoft's cloud and on-premises environments to enhance the unified security experience.

Room for Improvement: Morphisec could improve its reporting capabilities, interaction frequency with customers, and false positives resolution. It also needs enhancements in dashboard functionality and broader antivirus integration. Microsoft Defender for Identity requires a more user-friendly administrative interface, reduction in false positives, and better on-premises Android detection. Direct remediation actions within the platform and simplified licensing are also needed.

Ease of Deployment and Customer Service: Morphisec is noted for its straightforward deployment and responsive customer service, although time zone differences can be challenging for some users. Microsoft Defender for Identity offers strong technical support and seamless integration within Microsoft environments, but alert verification can be time-consuming.

Pricing and ROI: Morphisec is considered cost-effective, with competitive pricing and no hidden charges, providing good ROI by reducing security management workloads. Microsoft Defender for Identity, part of the Microsoft 365 suite, offers cost benefits when bundled with other Microsoft products. Despite higher costs, its comprehensive features justify the investment for existing Microsoft ecosystem users.

To learn more, read our detailed Microsoft Defender for Identity vs. Morphisec Report (Updated: June 2026).

Microsoft Defender for Identity vs. Morphisec

Download the complete report

Helped 900,747 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Microsoft Defender for Iden...

Ranking in Advanced Threat Protection (ATP)

8th

Average Rating

8.8

Reviews Sentiment

6.8

Number of Reviews

Ranking in other categories

Microsoft Security Suite (5th), Identity Threat Detection and Response (ITDR) (3rd)

Morphisec

Ranking in Advanced Threat Protection (ATP)

31st

Average Rating

9.2

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Vulnerability Management (58th), Endpoint Protection Platform (EPP) (47th), Endpoint Detection and Response (EDR) (60th), Cloud Workload Protection Platforms (CWPP) (35th), Threat Deception Platforms (13th)

Mindshare comparison

As of June 2026, in the Advanced Threat Protection (ATP) category, the mindshare of Microsoft Defender for Identity is 3.6%, down from 5.3% compared to the previous year. The mindshare of Morphisec is 2.1%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Advanced Threat Protection (ATP) Mindshare Distribution
Product	Mindshare (%)
Microsoft Defender for Identity	3.6%
Morphisec	2.1%
Other	94.3%

Advanced Threat Protection (ATP)

Featured Reviews

Peter Arabomen

Security Engineer at Fidelity Bank Plc

Has supported hybrid identity management while integrating well with cloud directory services

The only challenge I have with Microsoft Defender for Identity is the latency. I may not put that entirely on Microsoft, because latency could be network related. At times when trying to authenticate, the prompt is delayed. We tried implementing passwordless authentication, especially for on-premises workloads, but we haven't been able to achieve that. Passwordless authentication is part of the identity functionalities, particularly when it comes to enforcing passwordless for on-premises workloads. In terms of improvements, you can't create OUs on Azure AD. Regarding giving users privileges on what they can do across different OUs, I haven't seen that feature on Microsoft Defender for Identity. Microsoft Defender for Identity needs to be able to plug into third-party applications that are not Microsoft. For instance, with a human resource application used to manage users and leave requests, when staff leaves the organization, they are first exited from that application before AD. Integration between Azure AD and third-party applications would allow automatic syncing when removing staff. The initial setup of Microsoft Defender for Identity is not hard. However, setup is one thing, and getting value from the application end-to-end is another. It can be set up and running from the first day but not functioning optimally. Initially, when we did the setup, it wasn't optimal. Over time, with continuous improvement, which we're still doing, we've gotten to a comfortable level, but there's still room for improvement.

Read full review

Rick Schibler

VP of Information Technology at Kentucky Trailer

Offers in-memory protection at a lower price than competitors

Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it. Morphisec's Moving Target Defense is critical to hardening our attack surface. If it detects something, it indicates whether it's valid. That means you've got a breach requiring investigation. It detects anomalies but doesn't necessarily point to what caused them. You still need to do that work. The solution is reasonably easy to administer. They made some changes last year, adding a cloud-based monitoring solution that makes deploying and monitoring our endpoints easy.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature is its hybrid artificial intelligence, which gathers forensic data to track and counteract security threats, much like the CSI series in effect."

"It gives you a holistic view of everything happening in your organization, and you can use it to do a lot of monitoring."

"We do not see any issues with the stability of Microsoft Defender for Identity. I can say it is 100% stable."

"In the security portfolio that we manage, Microsoft Defender for Identity is very important because it is the professional service that we sell the most."

"Microsoft is a big company."

"The integration into the Microsoft Defender ecosystem is the most valuable feature of Microsoft Defender for Identity."

"All the integration it has with different Microsoft packages, like Teams and Office, is good."

"The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks."

More Microsoft Defender for Identity pros

"Morphisec has absolutely helped save money on our security stack. The ransomware at the end of the day can cost organizations millions upon millions of dollars. Investing in tools like Morphisec is a great reduction in that cost. If I can spend $10,000 in a year to protect assets that could be ransomed for $20,000,000, that's definitely a bet that one should pursue. Morphisec absolutely it's worth the investment."

"Since we started using Morphisec, that hasn't happened even once."

"It's simple, it's easy, and it works."

"With Morphisec, at least when it does happen, I feel confident that we have in place solutions that will not only prevent it, but also let us know when something has happened."

"Morphisec makes it very easy for IT teams of any size to prevent breaches of critical systems because of the design of their tool."

"It provides full visibility into security events and from both solutions in one dashboard. I'm not a big security guy, if I have a threat that looks like there's a problem, I will ask Morphisec to dissect it for me, and tell me what might be happening. Because it tends to be all hash codes, so I can tell what's going on. They've been pretty good with that."

"Morphisec makes it very easy for IT teams of any size to prevent breaches of critical systems because of the design of their tool. When we evaluated Morphisec, the CIO and I sat and listened. What attracted us to them is the fact that it stops activity at the point of detection. That saves a lot of time because now we are not investigating and trying to trace down what to turn off. We have already prevented it, which makes it very much safer and more secure."

"We have seen it successfully block attacks that a traditional antivirus did not pick up."

More Morphisec pros

Cons

"Feedback on sync issues with the Microsoft portal highlighted its slow nature, with syncs sometimes taking eight hours."

"The areas of Microsoft Defender for Identity that can be improved include its cost, which is quite expensive when integrated into Sentinel. Additionally, there is room for improvement in its integration with non-Microsoft applications and systems."

"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."

"The solution should provide more detailed data regarding anomaly detections."

"The tracking instance needs to be configured appropriately."

"One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform to promptly alert affected users and their friends."

"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."

"I can't say that I've seen a return on investment since we have Microsoft Defender for Identity because we also have another security solution in place."

More Microsoft Defender for Identity cons

"Those are some of the features that I was looking for on my on-prem platform that they've already instituted in the cloud and that I'm sure will be instituting on their on-prem platform as well. Having to have an on-prem server required a lot of administration. Being able to push that to the cloud and have it managed up there for us is a real nice addition."

"The only area that really needs improvement is the reporting functionality."

"We have only had four attacks in the last year, "attacks" being some benign PDF from a vendor that, for some reason, were triggered. There were no actual attacks. They were just four false positives, or something lowly like adware. There have been false positives with both the on-premises solution and the cloud solution."

"In the Windows Defender integration, they have put in a report of computers that need Windows Defender updates. If those updates could be kicked off directly from the dashboard, instead of having to go to another system entirely, that would be good."

"Morphisec is a venture startup. They are still early in their growth stage. They need to get mature on their customer support and on how they interface with system tools."

"The dashboard is the area that requires the most improvement. We have about, I would say 5,500 computers currently, and searching through all of those takes some time to filter. So as soon as you apply the filter, it takes a few seconds. It crunches, it thinks, and then it brings up the clients that match."

"It would be useful for them if they had some kind of network discovery. That kind of functionality I think would give IT administrators a little bit more confidence that they have 100 percent coverage, and it gives them something to audit against. Network discovery would be one area I would definitely suggest that they put some effort into."

"Right now, it's just their auto-update feature. I know they are currently working on that."

More Morphisec cons

Pricing and Cost Advice

"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."

"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."

"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."

"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."

"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."

"Price-wise, it's on the higher side. A traditional antivirus solution is cheaper, but in terms of security and manageability, its ROI is better than a traditional antivirus. I would recommend it to anybody evaluating or considering an antivirus solution. If your system gets compromised, the cost of ransom would be a lot more. This way, it saves a lot of cost."

"We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount."

"Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version."

"Compared to their competitors, the price of Morphisec is not that high. You can easily deploy it on a large-scale or small-scale network."

"It is priced correctly for what it does. They end up doing a good deal of discounting, but I think it is priced appropriately."

"It does not have multi-tenants. If South Africa wants to show only the machines that they have, they need their own cloud incidence. It is not possible to have that in a single cloud incidence with multiple tenants in it, instead you need to have multiple cloud incidences. Then, if you have that, it will be more expensive. However, they are going to change that, which is good."

"Our licensing is tied into our contract. Because we have a long-term contract, our pricing is a little bit lower. It is per year, so we don't get charged per endpoint, but we do have a cap. Our cap is 80 endpoints. If we were to go over 80, when we renewed our contract, which is not until three years are over. Then, they would reevaluate, and say, "Well, you have more than 80 devices active right now. This is going to be the price change." They know that we are installing and replacing computers, so the numbers will be all over the place depending on whether you archive or don't archive, which is the reason why we just have to keep up on that stuff."

"Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competitive pricing saves us money in our overall security stack."

More Morphisec pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.

See recommendations

900,747 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

13%

Computer Software Company

11%

Manufacturing Company

10%

Comms Service Provider

Outsourcing Company

16%

Manufacturing Company

13%

Construction Company

11%

Financial Services Firm

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	8
Midsize Enterprise	5
Large Enterprise	15

By reviewers
Company Size	Count
Small Business	5
Midsize Enterprise	8
Large Enterprise	8

Questions from the Community

What needs improvement with Microsoft Defender for Identity?

I really would have to sit down to think about how Microsoft Defender for Identity can be improved. I didn't take stock in what needs to be improved because I appreciated having the tools right the...

See all answers

What is your primary use case for Microsoft Defender for Identity?

My main use cases for Microsoft Defender for Identity include Conditional Access, checking risky users, remediating risky users, and user sign-ins. I can easily remediate or determine what the user...

See all answers

What advice do you have for others considering Microsoft Defender for Identity?

I don't really use Microsoft Defender for Identity a lot because my new role doesn't allow me to take time to do so. I don't really use the threat intelligence feature of Microsoft Defender for Ide...

See all answers

Ask a question

Earn 20 points

Comparisons

CrowdStrike Falcon vs Microsoft Defender for Identity

Compared 7% of the time

Microsoft Entra ID Protection vs Microsoft Defender for Identity

Compared 5% of the time

SentinelOne Singularity Identity vs Microsoft Defender for Identity

Compared 4% of the time

Microsoft Defender for Office 365 vs Microsoft Defender for Identity

Compared 4% of the time

Huntress Managed ITDR vs Microsoft Defender for Identity

Compared 4% of the time

More Microsoft Defender for Identity Competitors

Symantec Endpoint Security vs Morphisec

Compared 7% of the time

CrowdStrike Falcon vs Morphisec

Compared 5% of the time

FortiCNAPP vs Morphisec

Compared 5% of the time

Halcyon vs Morphisec

Compared 4% of the time

SentinelOne Singularity Endpoint vs Morphisec

Compared 4% of the time

More Morphisec Competitors

Product Reports

Microsoft Defender for Identity

Download Microsoft Defender for Identity product report

Download Morphisec product report

Also Known As

Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity

Morphisec, Morphisec Moving Target Defense

Overview

Microsoft Defender for Identity offers real-time threat detection and protection for hybrid Active Directory environments. It integrates with Microsoft 365 components for seamless security and monitors advanced behaviors, enhancing identity protection across cloud and on-premises environments.

Microsoft Defender for Identity provides detailed threat insights and user behavior analytics to detect unauthorized access and notify anomalies. It allows setting custom detection rules, enhancing threat response automation. While it needs improvements in cloud security, SIEM integration, and access controls, users leverage its ability to mitigate identity threats like suspicious logins and ransomware. Enhanced integration with Microsoft security products ensures a coordinated threat response for identity control and privilege management.

What are the key features of Microsoft Defender for Identity?

Active Directory Federation: Seamlessly integrates with Microsoft 365 for comprehensive security.
Real-time Security Monitoring: Provides immediate insights into advanced user behaviors and potential threats.
Threat Insights: Delivers detailed analysis of threats with the ability to customize detection rules.
User Behavior Analytics: Analyzes user activities to detect anomalies and potential risks.
Identity Protection: Offers comprehensive protection in both cloud and on-premises environments.

What benefits should users expect from reviews of Microsoft Defender for Identity?

Unauthorized Access Prevention: Identifies potential unauthorized activities with advanced detection mechanisms.
Anomaly Notification: Alerts users to unexpected activities within their environments.
Threat Response Automation: Facilitates rapid response to threats with automated solutions.
Enhanced Cloud Security: Strengthens identity management across hybrid and cloud frameworks.

In specific industries, organizations implement Microsoft Defender for Identity to secure on-premises and hybrid Active Directory environments through user and entity behavior analytics, malicious activity detection, and integration with Microsoft security tools. This approach enhances security posture assessment and helps mitigate identity threats like identity harvesting and unauthorized access.

Microsoft

Morphisec enhances security with its signatureless attack prevention, integrating smoothly with Microsoft Defender. Users benefit from real-time threat detection and seamless system integration, protecting against zero-day threats and ransomware across networks.

Morphisec's security solution focuses on preventing cyber threats without requiring threat signatures or user action. Its integration with Microsoft Defender offers simplified visibility and management while delivering quick responses. Lightweight in nature, Morphisec ensures zero performance degradation and employs in-memory protection along with Moving Target Defense. This approach effectively counters zero-day threats and ransomware, maintaining a user-centric dashboard that eases administrative workloads. Morphisec's easy deployment also enables small teams to manage risks and uphold robust security measures efficiently.

What are Morphisec's key features?

Signatureless Threat Prevention: Stops attacks without threat signatures or user interaction.
Microsoft Defender Integration: Provides unified management and quick response capabilities.
In-Memory Protection: Shields against zero-day and ransomware threats efficiently.
Moving Target Defense: Minimizes exposure to in-memory attacks.
User-Friendly Dashboard: Simplifies administration by reducing burdens.
Easy Deployment: Facilitates straightforward setup for small teams.

What benefits and ROI should be considered in user reviews?

Real-Time Detection: Immediate identification of threats enhances proactive threat management.
Seamless Integration: Compatible with existing systems, reducing delay risks.
Cloud-Based Updates: Ensures current protection with minimal manual input.
Multi-Layered Security: Adds a solid last defense layer, supplementing other antivirus solutions.

Morphisec is widely used across industries like financial services, healthcare, and manufacturing to bolster defenses against malware and ransomware. Its deployment spans workstations and servers, integrating efficiently into existing infrastructures. Industries value real-time threat detection, ease of deployment, and cloud-based updates, noting its ability to identify threats missed by other antivirus solutions.

Sample Customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.

Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center

Microsoft Defender for Identity vs. Morphisec