Try our new research platform with insights from 80,000+ expert users

Microsoft Defender for Identity vs Morphisec comparison

Microsoft and Morphisec are both solutions in the Advanced Threat Protection (ATP) category. Microsoft is ranked #8 with an average rating of 8.7, while Morphisec is ranked #31. Microsoft holds a 4.1% mindshare in ATP, compared to Morphisec’s 1.9% mindshare. Additionally, 100% of Microsoft users are willing to recommend the solution, compared to 100% of Morphisec users who would recommend it.
Microsoft Defender for Iden...
Read 28 Microsoft Defender for Identity reviews
  • 6,602 Views
  • 1,651 Comparison Views
100% willing to recommend
Morphisec
Read 21 Morphisec reviews
  • 2,766 Views
  • 498 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Dec 1, 2024

Morphisec and Microsoft Defender for Identity compete in the cybersecurity sector, offering unique approaches to threat prevention and detection. Morphisec seems to have the upper hand in zero-day threat resilience due to its deterministic prevention, while Microsoft Defender for Identity excels in integration within the Microsoft ecosystem for threat detection and comprehensive security management.

Features: Morphisec provides deterministic attack prevention by blocking in-memory attacks without relying on threat detection. It integrates easily with Microsoft Defender, offering a lightweight design and single console for threat visibility. Microsoft Defender for Identity uses behavioral analytics and machine learning for advanced threat detection and integrates across Microsoft's cloud and on-premises environments to enhance the unified security experience.

Room for Improvement: Morphisec could improve its reporting capabilities, interaction frequency with customers, and false positives resolution. It also needs enhancements in dashboard functionality and broader antivirus integration. Microsoft Defender for Identity requires a more user-friendly administrative interface, reduction in false positives, and better on-premises Android detection. Direct remediation actions within the platform and simplified licensing are also needed.

Ease of Deployment and Customer Service: Morphisec is noted for its straightforward deployment and responsive customer service, although time zone differences can be challenging for some users. Microsoft Defender for Identity offers strong technical support and seamless integration within Microsoft environments, but alert verification can be time-consuming.

Pricing and ROI: Morphisec is considered cost-effective, with competitive pricing and no hidden charges, providing good ROI by reducing security management workloads. Microsoft Defender for Identity, part of the Microsoft 365 suite, offers cost benefits when bundled with other Microsoft products. Despite higher costs, its comprehensive features justify the investment for existing Microsoft ecosystem users.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Microsoft Defender for Identity vs. Morphisec Report (Updated: March 2026).
Buyer's Guide
Microsoft Defender for Identity vs. Morphisec
March 2026
Download the complete report
Helped 884,933 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender for Iden...
Ranking in Advanced Threat Protection (ATP)
8th
Average Rating
8.8
Reviews Sentiment
6.8
Number of Reviews
28
Ranking in other categories
Microsoft Security Suite (5th), Identity Threat Detection and Response (ITDR) (3rd)
Morphisec
Ranking in Advanced Threat Protection (ATP)
31st
Average Rating
9.2
Reviews Sentiment
7.4
Number of Reviews
21
Ranking in other categories
Vulnerability Management (57th), Endpoint Protection Platform (EPP) (49th), Endpoint Detection and Response (EDR) (61st), Cloud Workload Protection Platforms (CWPP) (34th), Threat Deception Platforms (21st)
 

Mindshare comparison

As of March 2026, in the Advanced Threat Protection (ATP) category, the mindshare of Microsoft Defender for Identity is 4.1%, down from 5.3% compared to the previous year. The mindshare of Morphisec is 1.9%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Advanced Threat Protection (ATP) Mindshare Distribution
ProductMindshare (%)
Microsoft Defender for Identity4.1%
Morphisec1.9%
Other94.0%
Advanced Threat Protection (ATP)
 

Featured Reviews

OA
Oluwa Adetunji
CyberSecurity Engineer | Information Security Management at Self Employed
Automation and threat intelligence streamline threat response and user management
In Microsoft Defender for Identity, I would appreciate improvements in providing information on conditional access. They have added more control that can be put in place, which was not present years ago. They have also integrated Azure Information Protection where policies can be configured. The Self-Service Password Reset (SSPR) allows users to reset their passwords, which is a valuable tool for remote workers. They have added more features into conditional access that integrate with other components, including SSPR and Identity Information Protection, trusted IPs, and locations. These configurations in trusted IP addresses are integrated into conditional access and control the applications I want to secure. Regarding impossible travel scenarios, I can either block the user or grant access while requesting multi-factor authentication. They should improve the automation for impossible travel detection. When connected to Wi-Fi and then to VPN, the system sometimes interprets the IP address change as impossible travel. If Microsoft could develop a feature that indicates when impossible travel is caused by VPN connections, it would prevent unnecessary password resets and session disruptions, especially for VIP users in organizations.
Read full review
Rick Schibler - PeerSpot reviewer
Rick Schibler
VP of Information Technology at Kentucky Trailer
Offers in-memory protection at a lower price than competitors
Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it. Morphisec's Moving Target Defense is critical to hardening our attack surface. If it detects something, it indicates whether it's valid. That means you've got a breach requiring investigation. It detects anomalies but doesn't necessarily point to what caused them. You still need to do that work. The solution is reasonably easy to administer. They made some changes last year, adding a cloud-based monitoring solution that makes deploying and monitoring our endpoints easy.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is easy to set up. Based on the number of devices you would like to set up, you can use scripts, Group Policy, etc. It takes five minutes to set up."
"The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks."
"The integration into the Microsoft Defender ecosystem is the most valuable feature of Microsoft Defender for Identity."
"The most valuable features of Microsoft Defender for Identity include real-time information for threat detection, its inclusion of behavioral analytics, and vulnerability management."
"The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident."
"All the integration it has with different Microsoft packages, like Teams and Office, is good."
"Defender for Identity has not affected the end-user experience."
"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."
More Microsoft Defender for Identity pros
"Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it."
"Morphisec has enabled us to become a lot less paranoid when it comes to staff clicking on things or accessing things that they shouldn't that could infect the whole system. Our original ransomware attack that happened came from someone's Google drive and then just filtered on through that. It has put our minds at ease a lot more in running it. It's also another layer of security that has been proven to be effective for us."
"We have seen it successfully block attacks that a traditional antivirus did not pick up."
"Morphisec is a straightforward solution that is efficient and very stable."
"Since using Morphisec we have seen a downturn in attacks because Morphisec protects us versus Defenders and whatnot that are signature-based. I know we have not had any issues with ransomware or other zero-day attacks that we've seen with machines that, all of a sudden, have become before we instituted the product. Now the machine had to be re-imaged and there was a loss of data because something was on the machine. You couldn't really determine what was on the machine because nothing was picking it up. The products we were using weren't picking it up."
"Morphisec stops attacks without needing to know what type of threat it is, just that it is foreign. It is based on injections, so it would know when a software launches. If a software launches and something else also launches, then it would count that as anomalous and block it. Because the software looks at the code, and if it executes something else that is not related, then Morphisec would block it. That is how it works."
"The fact that Morphisec uses deterministic attack prevention that does not require human intervention has affected our security team's operations by making things much simpler. We don't have to really track down various alerts anymore, they've just stopped. At that point, we can go in and we can clean up whatever needs to be cleaned up. There are some things that Morphisec detects that we can't really remove, it's parts of Internet Explorer, but it's being blocked anyway. So we're happy with that."
"The biggest feature is that it hides everything from your operating system that's running in-memory from anything to try to run against it. That's the most unique thing that's on the market. There's nothing else out there that's quite like that. That's a big selling point and why we went with it. It does exactly what the design does. If you can't find it, you can't execute against it."
More Morphisec pros
 

Cons

"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."
"The areas of Microsoft Defender for Identity that can be improved include its cost, which is quite expensive when integrated into Sentinel. Additionally, there is room for improvement in its integration with non-Microsoft applications and systems."
"When the data leaves the cloud, there are security issues."
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."
"Fixing the solution isn't very seamless."
"One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform to promptly alert affected users and their friends."
"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."
"Microsoft should look at what competing vendors like CrowdStrike and Broadcom are doing and incorporate those features into Sentinel and Defender. At the same time, I think the intelligence inside the product is improving fast. They should incorporate more zero-trust and hybrid trust approaches. They need to build up threat intelligence based on threats and methods used in attacks on other companies."
More Microsoft Defender for Identity cons
"We have discovered some bugs in the new releases that they've had to fix, so I would like to see more testing and QA on their side before they release."
"It would be nice if they could integrate Morphisec with other traditional antivirus solutions beyond Microsoft Defender. That is probably my biggest gripe."
"If anything, tech support might be their weakest link. The process of getting someone involved sometimes takes a little time. It seems to me that they should have all the data they need to let me know whether an alert is legitimate or not, but they tend to need a lot of information from me to get to the bottom of something. It usually takes a little longer than I would expect."
"Right now, it's just their auto-update feature. I know they are currently working on that. When they release a new version of the threat prevention platform, I do have to update that, rolling out to every computer. They have said, "From version 5, you would be able to do an auto-update." While this is very minor, that is the only thing that I would say needs to be upgraded. It would just make life a lot easier for other IT teams. However, I have simplified the process, so all I need to do is just download one file."
"Some of the filters for the console need improvement. There are alerts that show up and just being able to acknowledge that we've seen those and not turn them off, but dismiss them, would be a huge benefit."
"I haven't been able to get the cloud deployment to work. When there's an update, I'm supposed to be able to roll it out for the cloud solution, but right now I'm continuing to use our SCCM solution to update it."
"The only area that really needs improvement is the reporting functionality. Gathering the detailed information that is in the system for an executive, or for me as a director, could be better. Some of the interface and reporting aspects are a little bit dated. They're working on it."
"We wanted to have multi-tenants in their cloud platform, so every entity can look into their own systems and not see other systems in other entities. I have a beta version on that now. I would like them to incorporate that in the cloud solution."
More Morphisec cons
 

Pricing and Cost Advice

"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."
"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."
"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."
"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."
"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."
"We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount."
"It is an annual subscription basis per device. For the devices that we have in scope right now, it is about $25,000 a year."
"Our licensing is tied into our contract. Because we have a long-term contract, our pricing is a little bit lower. It is per year, so we don't get charged per endpoint, but we do have a cap. Our cap is 80 endpoints. If we were to go over 80, when we renewed our contract, which is not until three years are over. Then, they would reevaluate, and say, "Well, you have more than 80 devices active right now. This is going to be the price change." They know that we are installing and replacing computers, so the numbers will be all over the place depending on whether you archive or don't archive, which is the reason why we just have to keep up on that stuff."
"Compared to their competitors, the price of Morphisec is not that high. You can easily deploy it on a large-scale or small-scale network."
"The pricing is definitely fair for what it does."
"It does not have multi-tenants. If South Africa wants to show only the machines that they have, they need their own cloud incidence. It is not possible to have that in a single cloud incidence with multiple tenants in it, instead you need to have multiple cloud incidences. Then, if you have that, it will be more expensive. However, they are going to change that, which is good."
"Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version."
"It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off."
More Morphisec pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
See recommendations
884,933 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Computer Software Company
11%
Manufacturing Company
9%
Comms Service Provider
8%
Outsourcing Company
18%
Manufacturing Company
11%
Financial Services Firm
8%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise4
Large Enterprise14
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise8
Large Enterprise8
 

Questions from the Community

What needs improvement with Microsoft Defender for Identity?
I really would have to sit down to think about how Microsoft Defender for Identity can be improved. I didn't take stock in what needs to be improved because I appreciated having the tools right the...
See all answers
What is your primary use case for Microsoft Defender for Identity?
My main use cases for Microsoft Defender for Identity include Conditional Access, checking risky users, remediating risky users, and user sign-ins. I can easily remediate or determine what the user...
See all answers
What advice do you have for others considering Microsoft Defender for Identity?
I don't really use Microsoft Defender for Identity a lot because my new role doesn't allow me to take time to do so. I don't really use the threat intelligence feature of Microsoft Defender for Ide...
See all answers
Ask a question
Earn 20 points
 

Comparisons

CrowdStrike Falcon vs Microsoft Defender for Identity Logo
CrowdStrike Falcon vs Microsoft Defender for Identity
Compared 10% of the time
Microsoft Purview Insider Risk Management vs Microsoft Defender for Identity Logo
Microsoft Purview Insider Risk Management vs Microsoft Defender for Identity
Compared 9% of the time
Microsoft Entra ID Protection vs Microsoft Defender for Identity Logo
Microsoft Entra ID Protection vs Microsoft Defender for Identity
Compared 7% of the time
BloodHound Enterprise vs Microsoft Defender for Identity Logo
BloodHound Enterprise vs Microsoft Defender for Identity
Compared 5% of the time
Microsoft Defender for Endpoint vs Microsoft Defender for Identity Logo
Microsoft Defender for Endpoint vs Microsoft Defender for Identity
Compared 5% of the time
More Microsoft Defender for Identity Competitors
Halcyon vs Morphisec Logo
Halcyon vs Morphisec
Compared 7% of the time
CrowdStrike Falcon vs Morphisec Logo
CrowdStrike Falcon vs Morphisec
Compared 6% of the time
FortiCNAPP vs Morphisec Logo
FortiCNAPP vs Morphisec
Compared 5% of the time
Deep Instinct Prevention Platform vs Morphisec Logo
Deep Instinct Prevention Platform vs Morphisec
Compared 5% of the time
SentinelOne Singularity Complete vs Morphisec Logo
SentinelOne Singularity Complete vs Morphisec
Compared 4% of the time
More Morphisec Competitors
 

Product Reports

Buyer's Guide
Microsoft Defender for Identity
March 2026
Microsoft Defender for Identity reportDownload Microsoft Defender for Identity product report
Buyer's Guide
Morphisec
March 2026
Morphisec reportDownload Morphisec product report
 

Also Known As

Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity
Morphisec, Morphisec Moving Target Defense
 

Overview

Microsoft Defender for Identity offers real-time threat detection and protection for hybrid Active Directory environments. It integrates with Microsoft 365 components for seamless security and monitors advanced behaviors, enhancing identity protection across cloud and on-premises environments.

Microsoft Defender for Identity provides detailed threat insights and user behavior analytics to detect unauthorized access and notify anomalies. It allows setting custom detection rules, enhancing threat response automation. While it needs improvements in cloud security, SIEM integration, and access controls, users leverage its ability to mitigate identity threats like suspicious logins and ransomware. Enhanced integration with Microsoft security products ensures a coordinated threat response for identity control and privilege management.

What are the key features of Microsoft Defender for Identity?
  • Active Directory Federation: Seamlessly integrates with Microsoft 365 for comprehensive security.
  • Real-time Security Monitoring: Provides immediate insights into advanced user behaviors and potential threats.
  • Threat Insights: Delivers detailed analysis of threats with the ability to customize detection rules.
  • User Behavior Analytics: Analyzes user activities to detect anomalies and potential risks.
  • Identity Protection: Offers comprehensive protection in both cloud and on-premises environments.
What benefits should users expect from reviews of Microsoft Defender for Identity?
  • Unauthorized Access Prevention: Identifies potential unauthorized activities with advanced detection mechanisms.
  • Anomaly Notification: Alerts users to unexpected activities within their environments.
  • Threat Response Automation: Facilitates rapid response to threats with automated solutions.
  • Enhanced Cloud Security: Strengthens identity management across hybrid and cloud frameworks.

In specific industries, organizations implement Microsoft Defender for Identity to secure on-premises and hybrid Active Directory environments through user and entity behavior analytics, malicious activity detection, and integration with Microsoft security tools. This approach enhances security posture assessment and helps mitigate identity threats like identity harvesting and unauthorized access.

Microsoft

Morphisec delivers signatureless endpoint-specific protection, effectively blocking zero-day threats and ransomware without affecting performance, making it a preferred choice for enhancing security strategies.

Morphisec empowers users by providing comprehensive protection against advanced threats with its innovative signatureless and in-memory security features. Its seamless integration with Microsoft Defender ensures complete visibility and automatic threat blocking through a unified dashboard. The Moving Target Defense technology enhances deployment efficiency while its lightweight design maintains system performance. Despite some challenges in cloud deployment and feature updates, users find value in its ease of use and minimal administrative effort.

What are the key features of Morphisec?
  • Signatureless Protection: Blocks threats without relying on signatures, ensuring up-to-date defense.
  • In-Memory Protection: Prevents attacks targeting system memory to safeguard endpoints.
  • Zero-Day Threat Blocking: Offers proactive defense against undiscovered threats.
  • Unified Dashboard: Provides comprehensive security event visibility and integration with Microsoft Defender.
  • Lightweight Design: Ensures smooth operation without system performance issues.
What benefits can users expect when evaluating Morphisec?
  • Enhanced Security: Strengthens defense layers against ransomware and memory attacks.
  • Seamless Integration: Works alongside existing antivirus solutions like Microsoft Defender.
  • Minimal Administration: Requires low maintenance due to its set-and-forget nature.
  • Automatic Updates: Keeps protection current without manual intervention.
  • Broad Coverage: Suitable for desktops, servers, and cloud platforms.

In industries with high security needs, deploying Morphisec adds a robust defense against advanced threats. Its compatibility with antivirus solutions and cloud platforms makes it adaptable to diverse environments, ensuring effective threat mitigation and detection.

Morphisec
 

Sample Customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.
Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center
Buyer's Guide
Microsoft Defender for Identity vs. Morphisec
March 2026
Free Report: Microsoft Defender for Identity vs. Morphisec
Find out what your peers are saying about Microsoft Defender for Identity vs. Morphisec and other solutions. Updated: March 2026.
DOWNLOAD NOW
884,933 professionals have used our research since 2012.
See our Microsoft Defender for Identity vs. Morphisec report.
See our list of best Advanced Threat Protection (ATP) vendors.

We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.