Microsoft Defender for Identity vs Morphisec comparison

Microsoft Defender for Iden...

Read 21 Morphisec reviews

146 Views
22 Comparison Views

100% willing to recommend

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Dec 1, 2024

Morphisec and Microsoft Defender for Identity compete in the cybersecurity sector, offering unique approaches to threat prevention and detection. Morphisec seems to have the upper hand in zero-day threat resilience due to its deterministic prevention, while Microsoft Defender for Identity excels in integration within the Microsoft ecosystem for threat detection and comprehensive security management.

Features: Morphisec provides deterministic attack prevention by blocking in-memory attacks without relying on threat detection. It integrates easily with Microsoft Defender, offering a lightweight design and single console for threat visibility. Microsoft Defender for Identity uses behavioral analytics and machine learning for advanced threat detection and integrates across Microsoft's cloud and on-premises environments to enhance the unified security experience.

Room for Improvement: Morphisec could improve its reporting capabilities, interaction frequency with customers, and false positives resolution. It also needs enhancements in dashboard functionality and broader antivirus integration. Microsoft Defender for Identity requires a more user-friendly administrative interface, reduction in false positives, and better on-premises Android detection. Direct remediation actions within the platform and simplified licensing are also needed.

Ease of Deployment and Customer Service: Morphisec is noted for its straightforward deployment and responsive customer service, although time zone differences can be challenging for some users. Microsoft Defender for Identity offers strong technical support and seamless integration within Microsoft environments, but alert verification can be time-consuming.

Pricing and ROI: Morphisec is considered cost-effective, with competitive pricing and no hidden charges, providing good ROI by reducing security management workloads. Microsoft Defender for Identity, part of the Microsoft 365 suite, offers cost benefits when bundled with other Microsoft products. Despite higher costs, its comprehensive features justify the investment for existing Microsoft ecosystem users.

To learn more, read our detailed Microsoft Defender for Identity vs. Morphisec Report (Updated: June 2025).

Microsoft Defender for Identity vs. Morphisec

Download the complete report

Helped 859,129 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Microsoft Defender for Iden...

Ranking in Advanced Threat Protection (ATP)

5th

Average Rating

8.8

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Microsoft Security Suite (5th), Identity Threat Detection and Response (ITDR) (3rd)

Morphisec

Ranking in Advanced Threat Protection (ATP)

35th

Average Rating

9.2

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Vulnerability Management (65th), Endpoint Protection Platform (EPP) (55th), Endpoint Detection and Response (EDR) (62nd), Cloud Workload Protection Platforms (CWPP) (33rd), Threat Deception Platforms (16th)

Mindshare comparison

As of June 2025, in the Advanced Threat Protection (ATP) category, the mindshare of Microsoft Defender for Identity is 7.1%, down from 8.0% compared to the previous year. The mindshare of Morphisec is 1.0%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Advanced Threat Protection (ATP)

Featured Reviews

ROBERT-CHRISTIAN

CTO at kyndryl

Integration within the ecosystem enhances collaboration and automates functionalities

The integration into the Microsoft Defender ecosystem is the most valuable feature of Microsoft Defender for Identity. It fits very nicely with all the other Defender tools, allowing for excellent collaboration among them. It also fits seamlessly into Microsoft Sentinel SIEM. Furthermore, Microsoft security solutions can save time as they allow the automation of numerous functionalities, and the reporting inside the Microsoft ecosystem is commendable.

Read full review

Rick Schibler

VP of Information Technology at Kentucky Trailer

Offers in-memory protection at a lower price than competitors

Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it. Morphisec's Moving Target Defense is critical to hardening our attack surface. If it detects something, it indicates whether it's valid. That means you've got a breach requiring investigation. It detects anomalies but doesn't necessarily point to what caused them. You still need to do that work. The solution is reasonably easy to administer. They made some changes last year, adding a cloud-based monitoring solution that makes deploying and monitoring our endpoints easy.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"This solution has advanced a lot over the last few years."

"I would rate Microsoft Defender for Identity at nine out of ten."

"The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks."

"All the integration it has with different Microsoft packages, like Teams and Office, is good."

"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."

"Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence."

"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."

"The most valuable feature is its hybrid artificial intelligence, which gathers forensic data to track and counteract security threats, much like the CSI series in effect."

More Microsoft Defender for Identity pros

"Morphisec also provides full visibility into security events for Microsoft Defender and Morphisec in one dashboard... in the single pane of glass provided by Morphisec, it's all right there at your fingertips: easy to access and easy to understand. And if you choose to go down further to know everything from the process to the hash behind it, you can."

"Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. It changes the memory locations of where certain applications run. If you think of Excel, opening a PDF, running an Excel macro, or opening a webpage and clicking on a link, all of those actions run in a certain area of memory. Morphisec changes the memory locations of where those run."

"Morphisec makes it very easy for IT teams of any size to prevent breaches of critical systems because of the design of their tool. When we evaluated Morphisec, the CIO and I sat and listened. What attracted us to them is the fact that it stops activity at the point of detection. That saves a lot of time because now we are not investigating and trying to trace down what to turn off. We have already prevented it, which makes it very much safer and more secure."

"The simplicity of the solution, how easy it is to deploy and how small it is when deployed as an agent on a device, is probably the biggest aspect, given what it can do."

"The fact that Morphisec uses deterministic attack prevention that does not require human intervention has affected our security team's operations by making things much simpler. We don't have to really track down various alerts anymore, they've just stopped. At that point, we can go in and we can clean up whatever needs to be cleaned up. There are some things that Morphisec detects that we can't really remove, it's parts of Internet Explorer, but it's being blocked anyway. So we're happy with that."

"It also provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. We've always had that capability with Morphisec. The more recent version appears to do that even a little bit more natively and it's given us visibility that we didn't have otherwise."

"It provides full visibility into security events and from both solutions in one dashboard. I'm not a big security guy, if I have a threat that looks like there's a problem, I will ask Morphisec to dissect it for me, and tell me what might be happening. Because it tends to be all hash codes, so I can tell what's going on. They've been pretty good with that."

"Morphisec stops attacks without needing to know what type of threat it is, just that it is foreign. It is based on injections, so it would know when a software launches. If a software launches and something else also launches, then it would count that as anomalous and block it. Because the software looks at the code, and if it executes something else that is not related, then Morphisec would block it. That is how it works."

More Morphisec pros

Cons

"The impact of the sensors on the domain controllers can be quite high depending on your loads. I don't know if there's any room for improvement there, but that's one of the things that might be improved."

"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."

"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."

"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."

"I would like to be able to do remediation from the platform because it is just a scanner right now. If you onboard a device, it shows you what is happening, but you can't use it to fix things. You need to go into the system to fix it instead."

"The tracking instance needs to be configured appropriately."

"The documentation provided by Microsoft is often seen as a waste of time."

"The solution should provide more detailed data regarding anomaly detections."

More Microsoft Defender for Identity cons

"In the Windows Defender integration, they have put in a report of computers that need Windows Defender updates. If those updates could be kicked off directly from the dashboard, instead of having to go to another system entirely, that would be good."

"We have discovered some bugs in the new releases that they've had to fix, so I would like to see more testing and QA on their side before they release."

"Morphisec is a venture startup. They are still early in their growth stage. They need to get mature on their customer support and on how they interface with system tools. For example, they need to get multifactor in place and an API for the major multi-factor systems, e.g., Okta, Duo, Ping, and Microsoft. They don't have them built in yet. They are working on them. It is just not there yet. Also, their stability, customer support, and processes need improvement, which is just part of maturity."

"It might be a bit much to ask, but we are now beginning to use Morphisec Scout, which provides vulnerability information. At this time, it's recognizing vulnerabilities and reporting them to us, but it's not necessarily resolving them. There's still a separate manual process to resolve those vulnerabilities, primarily through upgrades. We have to do that outside of Morphisec. If Morphisec could somehow have that capability built into it, that would be very effective."

"We started in the Linux platform and we deployed to Linux. The licensing of that has been kind of confusing between Linux licensing and Windows licensing. The overall simplicity of licensing or offering an enterprise license to just cover everything and then we don't have to count needs improvement."

"I haven't been able to get the cloud deployment to work. When there's an update, I'm supposed to be able to roll it out for the cloud solution, but right now I'm continuing to use our SCCM solution to update it."

"Automating reports needs improvement. I would like to have better reporting capabilities within it or automated reporting to be a little bit more dynamic. That's something I know they're working on. We literally are in the process. We started the process a week and a half ago of going to their latest version, so I've not seen their latest one up and running yet."

"From a company standpoint, a little more interaction with the customers throughout the year might be beneficial. I would like check-ins from the Morphisec account executives about any type of Morphisec news as well as a bit more interaction with customers throughout the year to know if anything new is coming out with Morphisec, e.g., what they are working on in regards to their development roadmap. We tend not to get that up until the time that we go for a yearly renewal. So, we end up talking to people from Morphisec once a year, but it is usually at renewal time."

More Morphisec cons

Pricing and Cost Advice

"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."

"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."

"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."

"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."

"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."

"It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off."

"Our licensing is tied into our contract. Because we have a long-term contract, our pricing is a little bit lower. It is per year, so we don't get charged per endpoint, but we do have a cap. Our cap is 80 endpoints. If we were to go over 80, when we renewed our contract, which is not until three years are over. Then, they would reevaluate, and say, "Well, you have more than 80 devices active right now. This is going to be the price change." They know that we are installing and replacing computers, so the numbers will be all over the place depending on whether you archive or don't archive, which is the reason why we just have to keep up on that stuff."

"It is an annual subscription basis per device. For the devices that we have in scope right now, it is about $25,000 a year."

"It does not have multi-tenants. If South Africa wants to show only the machines that they have, they need their own cloud incidence. It is not possible to have that in a single cloud incidence with multiple tenants in it, instead you need to have multiple cloud incidences. Then, if you have that, it will be more expensive. However, they are going to change that, which is good."

"Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version."

"Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competitive pricing saves us money in our overall security stack."

"Compared to their competitors, the price of Morphisec is not that high. You can easily deploy it on a large-scale or small-scale network."

"It is priced correctly for what it does. They end up doing a good deal of discounting, but I think it is priced appropriately."

More Morphisec pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.

See recommendations

859,129 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

15%

Financial Services Firm

13%

Government

Manufacturing Company

Outsourcing Company

15%

Computer Software Company

13%

Financial Services Firm

11%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Microsoft Defender for Identity?

Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence.

See all answers

What needs improvement with Microsoft Defender for Identity?

In Microsoft Defender for Identity, I would appreciate improvements in providing information on conditional access. They have added more control that can be put in place, which was not present year...

See all answers

What is your primary use case for Microsoft Defender for Identity?

The main use cases for Microsoft Defender for Identity involve working with security and signing risk aspects. I work with conditional access, though I have not implemented this task yet.

See all answers

Ask a question

Earn 20 points

Comparisons

Microsoft Entra ID Protection vs Microsoft Defender for Identity

Compared 24% of the time

Microsoft Purview Insider Risk Management vs Microsoft Defender for Identity

Compared 13% of the time

CrowdStrike Falcon vs Microsoft Defender for Identity

Compared 9% of the time

BloodHound Enterprise vs Microsoft Defender for Identity

Compared 7% of the time

Microsoft Defender for Endpoint vs Microsoft Defender for Identity

Compared 6% of the time

More Microsoft Defender for Identity Competitors

CrowdStrike Falcon vs Morphisec

Compared 30% of the time

Halcyon vs Morphisec

Compared 15% of the time

SentinelOne Singularity Complete vs Morphisec

Compared 12% of the time

Hyver vs Morphisec

Compared 8% of the time

Cisco Secure Endpoint vs Morphisec

Compared 6% of the time

More Morphisec Competitors

Product Reports

Microsoft Defender for Identity

Download Microsoft Defender for Identity product report

Download Morphisec product report

Also Known As

Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity

Morphisec, Morphisec Moving Target Defense

Overview

Microsoft Defender for Identity integrates with Microsoft tools to monitor user activity, providing advanced threat detection and analysis using AI. It enhances proactive threat response and security visibility, making it essential for securing on-premises and cloud environments like Active Directory.

Microsoft Defender for Identity offers comprehensive monitoring and AI-driven user behavior analysis. It detects threats through real-time alerts and identifies lateral movements and entity tagging, ensuring robust security management. With excellent visibility via its dashboard, it supports customized detection rules and seamlessly integrates with SIEM platforms. While SecureScore and SecureScan provide robust environment security, there is room for improvement in cloud security, on-premises application integration, and remediation capabilities. Azure integration is limited, and the administrative interface could be more user-friendly. Users experience frequent false positives, affecting threat detection efficiency.

What key features stand out in Microsoft Defender for Identity?

Integration with Microsoft Tools: Ensures comprehensive protection across environments.
AI-driven Behavior Analysis: Uses artificial intelligence to analyze user actions.
Real-time Threat Detection: Provides immediate alerts to potential threats.
Lateral Movement Identification: Detects unusual lateral access among users.
Dashboards with Visibility: Offers insights into security issues with customization options.
SIEM Integration: Works seamlessly with security information and event management systems.

What benefits should users look for when reviewing Microsoft Defender for Identity?

Enhanced Threat Prioritization: Helps in effective identification and tackling of threats.
Improved Proactive Responses: Facilitates a prompt and efficient response mechanism.
Security Across Environments: Protects both on-premises and cloud-based infrastructures.
Optimized Conditional Access: Manages policies to enhance security protocol efficacy.

In specific industries such as education and finance, Microsoft Defender for Identity is crucial for securing on-premises Active Directory and Azure Active Directory environments. It effectively detects suspicious activities and manages conditional access policies, offering user and entity behavior analytics, endpoint detection and response capabilities. This helps prevent unauthorized access and strengthens overall security, making it an invaluable asset for organizations aiming to safeguard their digital infrastructure.

Microsoft

Morphisec integrates seamlessly with platforms like Microsoft Defender, offering signatureless protection against zero-day threats and ransomware. It enhances existing endpoint solutions with minimal maintenance through its set-and-forget deployment, providing heightened security and reduced false positives.

Morphisec strengthens defense strategies by merging memory morphing and signatureless protection to effectively block zero-day attacks and ransomware. It operates efficiently within existing infrastructure, reducing system impact and maintenance needs. Users find its full visibility dashboard invaluable. Despite its strengths, cloud deployment and reporting features can be improved. Stability, alerts, and integration with other systems pose challenges for users, impacting usability and support quality.

What are Morphisec's key features?

Seamless Integration: Works with Microsoft Defender for comprehensive dashboard visibility
Memory Morphing: Hides processes to reduce attack surfaces
Signatureless Protection: Prevents threats without impacting performance
Automatic Threat Blocking: Uses inbuilt intelligence to detect risks
Set-and-Forget Deployment: Simplifies management and reduces maintenance

What benefits should users consider in reviews?

Quick Deployment: Fast setup without disrupting operations
Enhanced Protection: Provides an additional defense layer against advanced threats
Cost-Effectiveness: Works with existing licenses, minimizing extra investments
Improved Compatibility: Integrates smoothly with current antivirus systems
Minimal System Impact: Operates efficiently without overloading resources

In security-focused industries, Morphisec is crucial for protecting workstations and servers against sophisticated attacks like ransomware. Its signatureless technology offers early threat detection, while compatibility with existing systems ensures seamless integration, providing advanced protection without additional licensing costs.

Sample Customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.

Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center

Microsoft Defender for Identity vs. Morphisec