No more typing reviews! Try our Samantha, our new voice AI agent.

Microsoft Defender for Identity vs Morphisec comparison

Microsoft and Morphisec are both solutions in the Advanced Threat Protection (ATP) category. Microsoft is ranked #8 with an average rating of 8.7, while Morphisec is ranked #31. Microsoft holds a 3.6% mindshare in ATP, compared to Morphisec’s 2.1% mindshare. Additionally, 100% of Microsoft users are willing to recommend the solution, compared to 100% of Morphisec users who would recommend it.
Microsoft Defender for Iden...
Read 28 Microsoft Defender for Identity reviews
  • 7,343 Views
  • 2,129 Comparison Views
100% willing to recommend
Morphisec
Read 21 Morphisec reviews
  • 4,285 Views
  • 814 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Dec 1, 2024

Morphisec and Microsoft Defender for Identity compete in the cybersecurity sector, offering unique approaches to threat prevention and detection. Morphisec seems to have the upper hand in zero-day threat resilience due to its deterministic prevention, while Microsoft Defender for Identity excels in integration within the Microsoft ecosystem for threat detection and comprehensive security management.

Features: Morphisec provides deterministic attack prevention by blocking in-memory attacks without relying on threat detection. It integrates easily with Microsoft Defender, offering a lightweight design and single console for threat visibility. Microsoft Defender for Identity uses behavioral analytics and machine learning for advanced threat detection and integrates across Microsoft's cloud and on-premises environments to enhance the unified security experience.

Room for Improvement: Morphisec could improve its reporting capabilities, interaction frequency with customers, and false positives resolution. It also needs enhancements in dashboard functionality and broader antivirus integration. Microsoft Defender for Identity requires a more user-friendly administrative interface, reduction in false positives, and better on-premises Android detection. Direct remediation actions within the platform and simplified licensing are also needed.

Ease of Deployment and Customer Service: Morphisec is noted for its straightforward deployment and responsive customer service, although time zone differences can be challenging for some users. Microsoft Defender for Identity offers strong technical support and seamless integration within Microsoft environments, but alert verification can be time-consuming.

Pricing and ROI: Morphisec is considered cost-effective, with competitive pricing and no hidden charges, providing good ROI by reducing security management workloads. Microsoft Defender for Identity, part of the Microsoft 365 suite, offers cost benefits when bundled with other Microsoft products. Despite higher costs, its comprehensive features justify the investment for existing Microsoft ecosystem users.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Microsoft Defender for Identity vs. Morphisec Report (Updated: April 2026).
Buyer's Guide
Microsoft Defender for Identity vs. Morphisec
April 2026
Download the complete report
Helped 893,244 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender for Iden...
Ranking in Advanced Threat Protection (ATP)
8th
Average Rating
8.8
Reviews Sentiment
6.8
Number of Reviews
28
Ranking in other categories
Microsoft Security Suite (5th), Identity Threat Detection and Response (ITDR) (3rd)
Morphisec
Ranking in Advanced Threat Protection (ATP)
31st
Average Rating
9.2
Reviews Sentiment
7.4
Number of Reviews
21
Ranking in other categories
Vulnerability Management (59th), Endpoint Protection Platform (EPP) (48th), Endpoint Detection and Response (EDR) (59th), Cloud Workload Protection Platforms (CWPP) (36th), Threat Deception Platforms (16th)
 

Mindshare comparison

As of May 2026, in the Advanced Threat Protection (ATP) category, the mindshare of Microsoft Defender for Identity is 3.6%, down from 5.2% compared to the previous year. The mindshare of Morphisec is 2.1%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Advanced Threat Protection (ATP) Mindshare Distribution
ProductMindshare (%)
Microsoft Defender for Identity3.6%
Morphisec2.1%
Other94.3%
Advanced Threat Protection (ATP)
 

Featured Reviews

OA
Oluwa Adetunji
CyberSecurity Engineer | Information Security Management at Self Employed
Automation and threat intelligence streamline threat response and user management
In Microsoft Defender for Identity, I would appreciate improvements in providing information on conditional access. They have added more control that can be put in place, which was not present years ago. They have also integrated Azure Information Protection where policies can be configured. The Self-Service Password Reset (SSPR) allows users to reset their passwords, which is a valuable tool for remote workers. They have added more features into conditional access that integrate with other components, including SSPR and Identity Information Protection, trusted IPs, and locations. These configurations in trusted IP addresses are integrated into conditional access and control the applications I want to secure. Regarding impossible travel scenarios, I can either block the user or grant access while requesting multi-factor authentication. They should improve the automation for impossible travel detection. When connected to Wi-Fi and then to VPN, the system sometimes interprets the IP address change as impossible travel. If Microsoft could develop a feature that indicates when impossible travel is caused by VPN connections, it would prevent unnecessary password resets and session disruptions, especially for VIP users in organizations.
Read full review
Rick Schibler - PeerSpot reviewer
Rick Schibler
VP of Information Technology at Kentucky Trailer
Offers in-memory protection at a lower price than competitors
Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it. Morphisec's Moving Target Defense is critical to hardening our attack surface. If it detects something, it indicates whether it's valid. That means you've got a breach requiring investigation. It detects anomalies but doesn't necessarily point to what caused them. You still need to do that work. The solution is reasonably easy to administer. They made some changes last year, adding a cloud-based monitoring solution that makes deploying and monitoring our endpoints easy.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"In the security portfolio that we manage, Microsoft Defender for Identity is very important because it is the professional service that we sell the most."
"I would rate Microsoft Defender for Identity at nine out of ten."
"The most valuable features of Microsoft Defender for Identity include real-time information for threat detection, its inclusion of behavioral analytics, and vulnerability management."
"It automates routine testing and helps automate the finding of high-value alerts."
"The solution offers excellent visibility into threats."
"The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks."
"This solution has advanced a lot over the last few years."
"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."
More Microsoft Defender for Identity pros
"Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. It changes the memory locations of where certain applications run. If you think of Excel, opening a PDF, running an Excel macro, or opening a webpage and clicking on a link, all of those actions run in a certain area of memory. Morphisec changes the memory locations of where those run."
"Morphisec makes it very easy for IT teams of any size to prevent breaches of critical systems because of the design of their tool. When we evaluated Morphisec, the CIO and I sat and listened. What attracted us to them is the fact that it stops activity at the point of detection. That saves a lot of time because now we are not investigating and trying to trace down what to turn off. We have already prevented it, which makes it very much safer and more secure."
"It also provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. We've always had that capability with Morphisec. The more recent version appears to do that even a little bit more natively and it's given us visibility that we didn't have otherwise."
"With Morphisec, at least when it does happen, I feel confident that we have in place solutions that will not only prevent it, but also let us know when something has happened."
"Morphisec makes it very easy for IT teams of any size to prevent breaches of critical systems because of the design of their tool."
"Morphisec has enabled us to become a lot less paranoid when it comes to staff clicking on things or accessing things that they shouldn't that could infect the whole system. Our original ransomware attack that happened came from someone's Google drive and then just filtered on through that. It has put our minds at ease a lot more in running it. It's also another layer of security that has been proven to be effective for us."
"All the alerts are on the dashboard, which is quite simple and useful for us. You can easily check all the alerts that are being blocked or allowed, or whatever the action is. You can easily see that and you can take the necessary actions. You can add a PowerShell extension or any activities for blocking at your network level or for endpoints."
"Morphisec provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. Defender and Morphisec are integrated. It's important because it lowers the total cost of maintenance on the engineer's time, more or less. So the administrative time is dramatically reduced in maintaining the product. This saves an engineer around four to five hours a week."
More Morphisec pros
 

Cons

"One area that needs improvement is the number of alerts generated, leading to alert fatigue."
"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."
"The solution could be better at using group-managed access and they could replace it with broad-based access controls."
"And when you are working in a priority IP address, Identity is not able to know that those IPs are from the company. It sees that the IPs are from Taiwan or from Hong Kong or from India, even though they are internal IPs, resulting in a lot of false positives."
"The solution could be better at using group-managed access and they could replace it with broad-based access controls."
"The documentation provided by Microsoft is often seen as a waste of time."
"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."
"Microsoft should look at what competing vendors like CrowdStrike and Broadcom are doing and incorporate those features into Sentinel and Defender. At the same time, I think the intelligence inside the product is improving fast. They should incorporate more zero-trust and hybrid trust approaches. They need to build up threat intelligence based on threats and methods used in attacks on other companies."
More Microsoft Defender for Identity cons
"Morphisec is a venture startup. They are still early in their growth stage. They need to get mature on their customer support and on how they interface with system tools. For example, they need to get multifactor in place and an API for the major multi-factor systems, e.g., Okta, Duo, Ping, and Microsoft. They don't have them built in yet. They are working on them. It is just not there yet. Also, their stability, customer support, and processes need improvement, which is just part of maturity."
"Overall, I don't know 100% if it's increasing our security posture, but it does give us a nice peace of mind."
"Some of the filters for the console need improvement. There are alerts that show up and just being able to acknowledge that we've seen those and not turn them off, but dismiss them, would be a huge benefit."
"The dashboard is the area that requires the most improvement."
"It would be useful for them if they had some kind of network discovery. That kind of functionality I think would give IT administrators a little bit more confidence that they have 100 percent coverage, and it gives them something to audit against. Network discovery would be one area I would definitely suggest that they put some effort into."
"Automating reports needs improvement. I would like to have better reporting capabilities within it or automated reporting to be a little bit more dynamic."
"It would be useful for them if they had some kind of network discovery."
"Automating reports needs improvement. I would like to have better reporting capabilities within it or automated reporting to be a little bit more dynamic. That's something I know they're working on. We literally are in the process. We started the process a week and a half ago of going to their latest version, so I've not seen their latest one up and running yet."
More Morphisec cons
 

Pricing and Cost Advice

"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."
"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."
"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."
"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."
"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."
"It is an annual subscription basis per device. For the devices that we have in scope right now, it is about $25,000 a year."
"Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version."
"The pricing is definitely fair for what it does."
"Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competitive pricing saves us money in our overall security stack."
"Compared to their competitors, the price of Morphisec is not that high. You can easily deploy it on a large-scale or small-scale network."
"Our licensing is tied into our contract. Because we have a long-term contract, our pricing is a little bit lower. It is per year, so we don't get charged per endpoint, but we do have a cap. Our cap is 80 endpoints. If we were to go over 80, when we renewed our contract, which is not until three years are over. Then, they would reevaluate, and say, "Well, you have more than 80 devices active right now. This is going to be the price change." They know that we are installing and replacing computers, so the numbers will be all over the place depending on whether you archive or don't archive, which is the reason why we just have to keep up on that stuff."
"It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off."
"Price-wise, it's on the higher side. A traditional antivirus solution is cheaper, but in terms of security and manageability, its ROI is better than a traditional antivirus. I would recommend it to anybody evaluating or considering an antivirus solution. If your system gets compromised, the cost of ransom would be a lot more. This way, it saves a lot of cost."
More Morphisec pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
See recommendations
893,244 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Computer Software Company
11%
Manufacturing Company
9%
Comms Service Provider
8%
Outsourcing Company
16%
Construction Company
10%
Manufacturing Company
10%
Financial Services Firm
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise5
Large Enterprise14
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise8
Large Enterprise8
 

Questions from the Community

What needs improvement with Microsoft Defender for Identity?
I really would have to sit down to think about how Microsoft Defender for Identity can be improved. I didn't take stock in what needs to be improved because I appreciated having the tools right the...
See all answers
What is your primary use case for Microsoft Defender for Identity?
My main use cases for Microsoft Defender for Identity include Conditional Access, checking risky users, remediating risky users, and user sign-ins. I can easily remediate or determine what the user...
See all answers
What advice do you have for others considering Microsoft Defender for Identity?
I don't really use Microsoft Defender for Identity a lot because my new role doesn't allow me to take time to do so. I don't really use the threat intelligence feature of Microsoft Defender for Ide...
See all answers
Ask a question
Earn 20 points
 

Comparisons

CrowdStrike Falcon vs Microsoft Defender for Identity Logo
CrowdStrike Falcon vs Microsoft Defender for Identity
Compared 8% of the time
Microsoft Entra ID Protection vs Microsoft Defender for Identity Logo
Microsoft Entra ID Protection vs Microsoft Defender for Identity
Compared 5% of the time
Huntress Managed ITDR vs Microsoft Defender for Identity Logo
Huntress Managed ITDR vs Microsoft Defender for Identity
Compared 4% of the time
Microsoft Defender for Endpoint vs Microsoft Defender for Identity Logo
Microsoft Defender for Endpoint vs Microsoft Defender for Identity
Compared 4% of the time
SentinelOne Singularity Identity vs Microsoft Defender for Identity Logo
SentinelOne Singularity Identity vs Microsoft Defender for Identity
Compared 4% of the time
More Microsoft Defender for Identity Competitors
Halcyon vs Morphisec Logo
Halcyon vs Morphisec
Compared 5% of the time
CrowdStrike Falcon vs Morphisec Logo
CrowdStrike Falcon vs Morphisec
Compared 5% of the time
FortiCNAPP vs Morphisec Logo
FortiCNAPP vs Morphisec
Compared 5% of the time
Symantec Endpoint Security vs Morphisec Logo
Symantec Endpoint Security vs Morphisec
Compared 4% of the time
SentinelOne Singularity Endpoint vs Morphisec Logo
SentinelOne Singularity Endpoint vs Morphisec
Compared 4% of the time
More Morphisec Competitors
 

Product Reports

Buyer's Guide
Microsoft Defender for Identity
April 2026
Microsoft Defender for Identity reportDownload Microsoft Defender for Identity product report
Buyer's Guide
Morphisec
April 2026
Morphisec reportDownload Morphisec product report
 

Also Known As

Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity
Morphisec, Morphisec Moving Target Defense
 

Overview

Microsoft Defender for Identity offers real-time threat detection and protection for hybrid Active Directory environments. It integrates with Microsoft 365 components for seamless security and monitors advanced behaviors, enhancing identity protection across cloud and on-premises environments.

Microsoft Defender for Identity provides detailed threat insights and user behavior analytics to detect unauthorized access and notify anomalies. It allows setting custom detection rules, enhancing threat response automation. While it needs improvements in cloud security, SIEM integration, and access controls, users leverage its ability to mitigate identity threats like suspicious logins and ransomware. Enhanced integration with Microsoft security products ensures a coordinated threat response for identity control and privilege management.

What are the key features of Microsoft Defender for Identity?
  • Active Directory Federation: Seamlessly integrates with Microsoft 365 for comprehensive security.
  • Real-time Security Monitoring: Provides immediate insights into advanced user behaviors and potential threats.
  • Threat Insights: Delivers detailed analysis of threats with the ability to customize detection rules.
  • User Behavior Analytics: Analyzes user activities to detect anomalies and potential risks.
  • Identity Protection: Offers comprehensive protection in both cloud and on-premises environments.
What benefits should users expect from reviews of Microsoft Defender for Identity?
  • Unauthorized Access Prevention: Identifies potential unauthorized activities with advanced detection mechanisms.
  • Anomaly Notification: Alerts users to unexpected activities within their environments.
  • Threat Response Automation: Facilitates rapid response to threats with automated solutions.
  • Enhanced Cloud Security: Strengthens identity management across hybrid and cloud frameworks.

In specific industries, organizations implement Microsoft Defender for Identity to secure on-premises and hybrid Active Directory environments through user and entity behavior analytics, malicious activity detection, and integration with Microsoft security tools. This approach enhances security posture assessment and helps mitigate identity threats like identity harvesting and unauthorized access.

Microsoft

Morphisec enhances security with its signatureless attack prevention, integrating smoothly with Microsoft Defender. Users benefit from real-time threat detection and seamless system integration, protecting against zero-day threats and ransomware across networks.

Morphisec's security solution focuses on preventing cyber threats without requiring threat signatures or user action. Its integration with Microsoft Defender offers simplified visibility and management while delivering quick responses. Lightweight in nature, Morphisec ensures zero performance degradation and employs in-memory protection along with Moving Target Defense. This approach effectively counters zero-day threats and ransomware, maintaining a user-centric dashboard that eases administrative workloads. Morphisec's easy deployment also enables small teams to manage risks and uphold robust security measures efficiently.

What are Morphisec's key features?
  • Signatureless Threat Prevention: Stops attacks without threat signatures or user interaction.
  • Microsoft Defender Integration: Provides unified management and quick response capabilities.
  • In-Memory Protection: Shields against zero-day and ransomware threats efficiently.
  • Moving Target Defense: Minimizes exposure to in-memory attacks.
  • User-Friendly Dashboard: Simplifies administration by reducing burdens.
  • Easy Deployment: Facilitates straightforward setup for small teams.
What benefits and ROI should be considered in user reviews?
  • Real-Time Detection: Immediate identification of threats enhances proactive threat management.
  • Seamless Integration: Compatible with existing systems, reducing delay risks.
  • Cloud-Based Updates: Ensures current protection with minimal manual input.
  • Multi-Layered Security: Adds a solid last defense layer, supplementing other antivirus solutions.

Morphisec is widely used across industries like financial services, healthcare, and manufacturing to bolster defenses against malware and ransomware. Its deployment spans workstations and servers, integrating efficiently into existing infrastructures. Industries value real-time threat detection, ease of deployment, and cloud-based updates, noting its ability to identify threats missed by other antivirus solutions.

Morphisec
 

Sample Customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.
Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center
Buyer's Guide
Microsoft Defender for Identity vs. Morphisec
April 2026
Free Report: Microsoft Defender for Identity vs. Morphisec
Find out what your peers are saying about Microsoft Defender for Identity vs. Morphisec and other solutions. Updated: April 2026.
DOWNLOAD NOW
893,244 professionals have used our research since 2012.
See our Microsoft Defender for Identity vs. Morphisec report.
See our list of best Advanced Threat Protection (ATP) vendors.

We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.