Try our new research platform with insights from 80,000+ expert users

Microsoft Defender for Identity vs Morphisec comparison

Microsoft and Morphisec are both solutions in the Advanced Threat Protection (ATP) category. Microsoft is ranked #5 with an average rating of 8.8, while Morphisec is ranked #34. Microsoft holds a 6.4% mindshare in ATP, compared to Morphisec’s 1.2% mindshare. Additionally, 100% of Microsoft users are willing to recommend the solution, compared to 100% of Morphisec users who would recommend it.
Microsoft Defender for Iden...
Read 26 Microsoft Defender for Identity reviews
  • 7,070 Views
  • 1,485 Comparison Views
100% willing to recommend
Morphisec
Read 21 Morphisec reviews
  • 1,975 Views
  • 178 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Dec 1, 2024

Morphisec and Microsoft Defender for Identity compete in the cybersecurity sector, offering unique approaches to threat prevention and detection. Morphisec seems to have the upper hand in zero-day threat resilience due to its deterministic prevention, while Microsoft Defender for Identity excels in integration within the Microsoft ecosystem for threat detection and comprehensive security management.

Features: Morphisec provides deterministic attack prevention by blocking in-memory attacks without relying on threat detection. It integrates easily with Microsoft Defender, offering a lightweight design and single console for threat visibility. Microsoft Defender for Identity uses behavioral analytics and machine learning for advanced threat detection and integrates across Microsoft's cloud and on-premises environments to enhance the unified security experience.

Room for Improvement: Morphisec could improve its reporting capabilities, interaction frequency with customers, and false positives resolution. It also needs enhancements in dashboard functionality and broader antivirus integration. Microsoft Defender for Identity requires a more user-friendly administrative interface, reduction in false positives, and better on-premises Android detection. Direct remediation actions within the platform and simplified licensing are also needed.

Ease of Deployment and Customer Service: Morphisec is noted for its straightforward deployment and responsive customer service, although time zone differences can be challenging for some users. Microsoft Defender for Identity offers strong technical support and seamless integration within Microsoft environments, but alert verification can be time-consuming.

Pricing and ROI: Morphisec is considered cost-effective, with competitive pricing and no hidden charges, providing good ROI by reducing security management workloads. Microsoft Defender for Identity, part of the Microsoft 365 suite, offers cost benefits when bundled with other Microsoft products. Despite higher costs, its comprehensive features justify the investment for existing Microsoft ecosystem users.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Microsoft Defender for Identity vs. Morphisec Report (Updated: September 2025).
Buyer's Guide
Microsoft Defender for Identity vs. Morphisec
September 2025
Download the complete report
Helped 869,566 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender for Iden...
Ranking in Advanced Threat Protection (ATP)
5th
Average Rating
8.8
Reviews Sentiment
6.9
Number of Reviews
26
Ranking in other categories
Microsoft Security Suite (3rd), Identity Threat Detection and Response (ITDR) (3rd)
Morphisec
Ranking in Advanced Threat Protection (ATP)
34th
Average Rating
9.2
Reviews Sentiment
7.4
Number of Reviews
21
Ranking in other categories
Vulnerability Management (64th), Endpoint Protection Platform (EPP) (54th), Endpoint Detection and Response (EDR) (61st), Cloud Workload Protection Platforms (CWPP) (31st), Threat Deception Platforms (15th)
 

Mindshare comparison

As of October 2025, in the Advanced Threat Protection (ATP) category, the mindshare of Microsoft Defender for Identity is 6.4%, down from 7.8% compared to the previous year. The mindshare of Morphisec is 1.2%, up from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Advanced Threat Protection (ATP) Market Share Distribution
ProductMarket Share (%)
Microsoft Defender for Identity6.4%
Morphisec1.2%
Other92.4%
Advanced Threat Protection (ATP)
 

Featured Reviews

Peter Arabomen - PeerSpot reviewer
Has supported hybrid identity management while integrating well with cloud directory services
The only challenge I have with Microsoft Defender for Identity is the latency. I may not put that entirely on Microsoft, because latency could be network related. At times when trying to authenticate, the prompt is delayed. We tried implementing passwordless authentication, especially for on-premises workloads, but we haven't been able to achieve that. Passwordless authentication is part of the identity functionalities, particularly when it comes to enforcing passwordless for on-premises workloads. In terms of improvements, you can't create OUs on Azure AD. Regarding giving users privileges on what they can do across different OUs, I haven't seen that feature on Microsoft Defender for Identity. Microsoft Defender for Identity needs to be able to plug into third-party applications that are not Microsoft. For instance, with a human resource application used to manage users and leave requests, when staff leaves the organization, they are first exited from that application before AD. Integration between Azure AD and third-party applications would allow automatic syncing when removing staff. The initial setup of Microsoft Defender for Identity is not hard. However, setup is one thing, and getting value from the application end-to-end is another. It can be set up and running from the first day but not functioning optimally. Initially, when we did the setup, it wasn't optimal. Over time, with continuous improvement, which we're still doing, we've gotten to a comfortable level, but there's still room for improvement.
Read full review
Rick Schibler - PeerSpot reviewer
Offers in-memory protection at a lower price than competitors
Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it. Morphisec's Moving Target Defense is critical to hardening our attack surface. If it detects something, it indicates whether it's valid. That means you've got a breach requiring investigation. It detects anomalies but doesn't necessarily point to what caused them. You still need to do that work. The solution is reasonably easy to administer. They made some changes last year, adding a cloud-based monitoring solution that makes deploying and monitoring our endpoints easy.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."
"This solution has advanced a lot over the last few years."
"We use AD Connect to sync on-premises AD to Azure AD, and so far, it has been effective."
"We do not see any issues with the stability of Microsoft Defender for Identity. I can say it is 100% stable."
"Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence."
"The feature I like the most about Defender for Identity is the entity tags. They give you the ability to identify sensitive accounts, devices, and groups. You also have honeytoken entities, which are devices that are identified as "bait" for fraudulent actors."
"I recommend Microsoft Defender for Identity because it is easy to implement."
"The solution’s alerting is fairly efficient."
More Microsoft Defender for Identity pros
"We have seen it successfully block attacks that a traditional antivirus did not pick up."
"Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it."
"It also provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. We've always had that capability with Morphisec. The more recent version appears to do that even a little bit more natively and it's given us visibility that we didn't have otherwise."
"Morphisec is a straightforward solution that is efficient and very stable."
"The simplicity of the solution, how easy it is to deploy and how small it is when deployed as an agent on a device, is probably the biggest aspect, given what it can do."
"The fact that Morphisec uses deterministic attack prevention that does not require human intervention has affected our security team's operations by making things much simpler. We don't have to really track down various alerts anymore, they've just stopped. At that point, we can go in and we can clean up whatever needs to be cleaned up. There are some things that Morphisec detects that we can't really remove, it's parts of Internet Explorer, but it's being blocked anyway. So we're happy with that."
"Morphisec also provides full visibility into security events for Microsoft Defender and Morphisec in one dashboard... in the single pane of glass provided by Morphisec, it's all right there at your fingertips: easy to access and easy to understand. And if you choose to go down further to know everything from the process to the hash behind it, you can."
"Morphisec makes it very easy for IT teams of any size to prevent breaches of critical systems because of the design of their tool. When we evaluated Morphisec, the CIO and I sat and listened. What attracted us to them is the fact that it stops activity at the point of detection. That saves a lot of time because now we are not investigating and trying to trace down what to turn off. We have already prevented it, which makes it very much safer and more secure."
More Morphisec pros
 

Cons

"The solution should provide more detailed data regarding anomaly detections."
"The solution could improve how it handles on-premises Android-related attacks."
"The areas of Microsoft Defender for Identity that can be improved include its cost, which is quite expensive when integrated into Sentinel. Additionally, there is room for improvement in its integration with non-Microsoft applications and systems."
"The impact of the sensors on the domain controllers can be quite high depending on your loads. I don't know if there's any room for improvement there, but that's one of the things that might be improved."
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."
"Microsoft should look at what competing vendors like CrowdStrike and Broadcom are doing and incorporate those features into Sentinel and Defender. At the same time, I think the intelligence inside the product is improving fast. They should incorporate more zero-trust and hybrid trust approaches. They need to build up threat intelligence based on threats and methods used in attacks on other companies."
"The documentation provided by Microsoft is often seen as a waste of time."
"Fixing the solution isn't very seamless."
More Microsoft Defender for Identity cons
"Some of the filters for the console need improvement. There are alerts that show up and just being able to acknowledge that we've seen those and not turn them off, but dismiss them, would be a huge benefit."
"The dashboard is the area that requires the most improvement. We have about, I would say 5,500 computers currently, and searching through all of those takes some time to filter. So as soon as you apply the filter, it takes a few seconds. It crunches, it thinks, and then it brings up the clients that match."
"We have discovered some bugs in the new releases that they've had to fix, so I would like to see more testing and QA on their side before they release."
"Morphisec is a venture startup. They are still early in their growth stage. They need to get mature on their customer support and on how they interface with system tools. For example, they need to get multifactor in place and an API for the major multi-factor systems, e.g., Okta, Duo, Ping, and Microsoft. They don't have them built in yet. They are working on them. It is just not there yet. Also, their stability, customer support, and processes need improvement, which is just part of maturity."
"We started in the Linux platform and we deployed to Linux. The licensing of that has been kind of confusing between Linux licensing and Windows licensing. The overall simplicity of licensing or offering an enterprise license to just cover everything and then we don't have to count needs improvement."
"We have only had four attacks in the last year, "attacks" being some benign PDF from a vendor that, for some reason, were triggered. There were no actual attacks. They were just four false positives, or something lowly like adware. There have been false positives with both the on-premises solution and the cloud solution."
"The weakest point of this product is how difficult it is to understand the reasons for an alert. This is a problem because it is hard to determine whether an attack is real or not."
"From a company standpoint, a little more interaction with the customers throughout the year might be beneficial. I would like check-ins from the Morphisec account executives about any type of Morphisec news as well as a bit more interaction with customers throughout the year to know if anything new is coming out with Morphisec, e.g., what they are working on in regards to their development roadmap. We tend not to get that up until the time that we go for a yearly renewal. So, we end up talking to people from Morphisec once a year, but it is usually at renewal time."
More Morphisec cons
 

Pricing and Cost Advice

"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."
"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."
"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."
"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."
"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."
"Compared to their competitors, the price of Morphisec is not that high. You can easily deploy it on a large-scale or small-scale network."
"It is priced correctly for what it does. They end up doing a good deal of discounting, but I think it is priced appropriately."
"Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competitive pricing saves us money in our overall security stack."
"It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off."
"The pricing is definitely fair for what it does."
"Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version."
"Price-wise, it's on the higher side. A traditional antivirus solution is cheaper, but in terms of security and manageability, its ROI is better than a traditional antivirus. I would recommend it to anybody evaluating or considering an antivirus solution. If your system gets compromised, the cost of ransom would be a lot more. This way, it saves a lot of cost."
"We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount."
More Morphisec pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
See recommendations
869,566 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
12%
Manufacturing Company
8%
Comms Service Provider
7%
Outsourcing Company
16%
Manufacturing Company
12%
Computer Software Company
9%
Financial Services Firm
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise3
Large Enterprise14
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise8
Large Enterprise8
 

Questions from the Community

What do you like most about Microsoft Defender for Identity?
Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence.
See all answers
What needs improvement with Microsoft Defender for Identity?
The only challenge I have with Microsoft Defender for Identity is the latency. I may not put that entirely on Microsoft, because latency could be network related. At times when trying to authentica...
See all answers
What is your primary use case for Microsoft Defender for Identity?
I've used Microsoft Defender for Identity primarily for provisioning users on Azure AD and Microsoft authentication. For hybrid scenarios, I integrate on-premises AD to Azure AD. We use AD Connect ...
See all answers
Ask a question
Earn 20 points
 

Comparisons

Microsoft Entra ID Protection vs Microsoft Defender for Identity Logo
Microsoft Entra ID Protection vs Microsoft Defender for Identity
Compared 17% of the time
Microsoft Purview Insider Risk Management vs Microsoft Defender for Identity Logo
Microsoft Purview Insider Risk Management vs Microsoft Defender for Identity
Compared 15% of the time
CrowdStrike Falcon vs Microsoft Defender for Identity Logo
CrowdStrike Falcon vs Microsoft Defender for Identity
Compared 13% of the time
BloodHound Enterprise vs Microsoft Defender for Identity Logo
BloodHound Enterprise vs Microsoft Defender for Identity
Compared 7% of the time
Microsoft Defender for Endpoint vs Microsoft Defender for Identity Logo
Microsoft Defender for Endpoint vs Microsoft Defender for Identity
Compared 6% of the time
More Microsoft Defender for Identity Competitors
CrowdStrike Falcon vs Morphisec Logo
CrowdStrike Falcon vs Morphisec
Compared 22% of the time
Halcyon vs Morphisec Logo
Halcyon vs Morphisec
Compared 19% of the time
SentinelOne Singularity Complete vs Morphisec Logo
SentinelOne Singularity Complete vs Morphisec
Compared 11% of the time
Hyver vs Morphisec Logo
Hyver vs Morphisec
Compared 11% of the time
Deep Instinct Prevention Platform vs Morphisec Logo
Deep Instinct Prevention Platform vs Morphisec
Compared 11% of the time
More Morphisec Competitors
 

Product Reports

Buyer's Guide
Microsoft Defender for Identity
September 2025
Microsoft Defender for Identity reportDownload Microsoft Defender for Identity product report
Buyer's Guide
Morphisec
September 2025
Morphisec reportDownload Morphisec product report
 

Also Known As

Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity
Morphisec, Morphisec Moving Target Defense
 

Overview

Microsoft Defender for Identity integrates with Microsoft tools to monitor user activity, providing advanced threat detection and analysis using AI. It enhances proactive threat response and security visibility, making it essential for securing on-premises and cloud environments like Active Directory.

Microsoft Defender for Identity offers comprehensive monitoring and AI-driven user behavior analysis. It detects threats through real-time alerts and identifies lateral movements and entity tagging, ensuring robust security management. With excellent visibility via its dashboard, it supports customized detection rules and seamlessly integrates with SIEM platforms. While SecureScore and SecureScan provide robust environment security, there is room for improvement in cloud security, on-premises application integration, and remediation capabilities. Azure integration is limited, and the administrative interface could be more user-friendly. Users experience frequent false positives, affecting threat detection efficiency.

What key features stand out in Microsoft Defender for Identity?
  • Integration with Microsoft Tools: Ensures comprehensive protection across environments.
  • AI-driven Behavior Analysis: Uses artificial intelligence to analyze user actions.
  • Real-time Threat Detection: Provides immediate alerts to potential threats.
  • Lateral Movement Identification: Detects unusual lateral access among users.
  • Dashboards with Visibility: Offers insights into security issues with customization options.
  • SIEM Integration: Works seamlessly with security information and event management systems.
What benefits should users look for when reviewing Microsoft Defender for Identity?
  • Enhanced Threat Prioritization: Helps in effective identification and tackling of threats.
  • Improved Proactive Responses: Facilitates a prompt and efficient response mechanism.
  • Security Across Environments: Protects both on-premises and cloud-based infrastructures.
  • Optimized Conditional Access: Manages policies to enhance security protocol efficacy.

In specific industries such as education and finance, Microsoft Defender for Identity is crucial for securing on-premises Active Directory and Azure Active Directory environments. It effectively detects suspicious activities and manages conditional access policies, offering user and entity behavior analytics, endpoint detection and response capabilities. This helps prevent unauthorized access and strengthens overall security, making it an invaluable asset for organizations aiming to safeguard their digital infrastructure.

Microsoft

Morphisec integrates seamlessly with platforms like Microsoft Defender, offering signatureless protection against zero-day threats and ransomware. It enhances existing endpoint solutions with minimal maintenance through its set-and-forget deployment, providing heightened security and reduced false positives.

Morphisec strengthens defense strategies by merging memory morphing and signatureless protection to effectively block zero-day attacks and ransomware. It operates efficiently within existing infrastructure, reducing system impact and maintenance needs. Users find its full visibility dashboard invaluable. Despite its strengths, cloud deployment and reporting features can be improved. Stability, alerts, and integration with other systems pose challenges for users, impacting usability and support quality.

What are Morphisec's key features?

  • Seamless Integration: Works with Microsoft Defender for comprehensive dashboard visibility
  • Memory Morphing: Hides processes to reduce attack surfaces
  • Signatureless Protection: Prevents threats without impacting performance
  • Automatic Threat Blocking: Uses inbuilt intelligence to detect risks
  • Set-and-Forget Deployment: Simplifies management and reduces maintenance

What benefits should users consider in reviews?

  • Quick Deployment: Fast setup without disrupting operations
  • Enhanced Protection: Provides an additional defense layer against advanced threats
  • Cost-Effectiveness: Works with existing licenses, minimizing extra investments
  • Improved Compatibility: Integrates smoothly with current antivirus systems
  • Minimal System Impact: Operates efficiently without overloading resources

In security-focused industries, Morphisec is crucial for protecting workstations and servers against sophisticated attacks like ransomware. Its signatureless technology offers early threat detection, while compatibility with existing systems ensures seamless integration, providing advanced protection without additional licensing costs.

Morphisec
 

Sample Customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.
Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center
Buyer's Guide
Microsoft Defender for Identity vs. Morphisec
September 2025
Free Report: Microsoft Defender for Identity vs. Morphisec
Find out what your peers are saying about Microsoft Defender for Identity vs. Morphisec and other solutions. Updated: September 2025.
DOWNLOAD NOW
869,566 professionals have used our research since 2012.
See our Microsoft Defender for Identity vs. Morphisec report.
See our list of best Advanced Threat Protection (ATP) vendors.

We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.