Microsoft Defender for Identity vs Proofpoint Targeted Attack Protection comparison

Microsoft and Proofpoint are both solutions in the Advanced Threat Protection (ATP) category. Microsoft is ranked #5 with an average rating of 8.8, while Proofpoint is ranked #30. Microsoft holds a 6.4% mindshare in ATP, compared to Proofpoint’s 1.7% mindshare. Additionally, 100% of Microsoft users are willing to recommend the solution, compared to 100% of Proofpoint users who would recommend it.

Microsoft Defender for Iden...

Read 26 Microsoft Defender for Identity reviews

7,070 Views
1,485 Comparison Views

100% willing to recommend

Proofpoint Targeted Attack ...

Read 1 Proofpoint Targeted Attack Protection review

416 Views
333 Comparison Views

100% willing to recommend

Microsoft Defender for Iden...

Proofpoint Targeted Attack ...

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Microsoft Defender for Identity and Proofpoint Targeted Attack Protection based on real PeerSpot user reviews.

Find out what your peers are saying about Palo Alto Networks, Microsoft, Fortinet and others in Advanced Threat Protection (ATP).

To learn more, read our detailed Advanced Threat Protection (ATP) Report (Updated: September 2025).

Buyer's Guide

Advanced Threat Protection (ATP)

September 2025

Download the complete report

Helped 868,787 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Microsoft Defender for Iden...

Ranking in Advanced Threat Protection (ATP)

5th

Average Rating

8.8

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Microsoft Security Suite (3rd), Identity Threat Detection and Response (ITDR) (3rd)

Proofpoint Targeted Attack ...

Ranking in Advanced Threat Protection (ATP)

30th

Average Rating

7.0

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of October 2025, in the Advanced Threat Protection (ATP) category, the mindshare of Microsoft Defender for Identity is 6.4%, down from 7.8% compared to the previous year. The mindshare of Proofpoint Targeted Attack Protection is 1.7%, down from 2.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Advanced Threat Protection (ATP) Market Share Distribution
Product	Market Share (%)
Microsoft Defender for Identity	6.4%
Proofpoint Targeted Attack Protection	1.7%
Other	91.9%

Advanced Threat Protection (ATP)

Featured Reviews

Peter Arabomen

Security Engineer at Fidelity Bank Plc

Has supported hybrid identity management while integrating well with cloud directory services

The only challenge I have with Microsoft Defender for Identity is the latency. I may not put that entirely on Microsoft, because latency could be network related. At times when trying to authenticate, the prompt is delayed. We tried implementing passwordless authentication, especially for on-premises workloads, but we haven't been able to achieve that. Passwordless authentication is part of the identity functionalities, particularly when it comes to enforcing passwordless for on-premises workloads. In terms of improvements, you can't create OUs on Azure AD. Regarding giving users privileges on what they can do across different OUs, I haven't seen that feature on Microsoft Defender for Identity. Microsoft Defender for Identity needs to be able to plug into third-party applications that are not Microsoft. For instance, with a human resource application used to manage users and leave requests, when staff leaves the organization, they are first exited from that application before AD. Integration between Azure AD and third-party applications would allow automatic syncing when removing staff. The initial setup of Microsoft Defender for Identity is not hard. However, setup is one thing, and getting value from the application end-to-end is another. It can be set up and running from the first day but not functioning optimally. Initially, when we did the setup, it wasn't optimal. Over time, with continuous improvement, which we're still doing, we've gotten to a comfortable level, but there's still room for improvement.

Read full review

KrishnaChaitanya2

Information Security Specialist at Methanex Chile SpA

Dynamic runtime engine and good protection, but needs better support and a single console

We have two to three issues per month. We contact Proofpoint's customer support for these issues. I am a major point of contact for support. If I am not able to resolve an issue, we will be reaching out to them. Proofpoint can take a couple of days to get back. I also deal with other applications from Okta and Microsoft, and we get the support within a couple of hours. There is a lot of difference between a couple of hours and a couple of days. So, Proofpoint's support should be improved. Okta and Microsoft are also able to do a Zoom or video call, but Proofpoint provides support only through email communication. Only if you request, it would be a Zoom or video session.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."

"The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks."

"The solution’s alerting is fairly efficient."

"We use AD Connect to sync on-premises AD to Azure AD, and so far, it has been effective."

"Auto-remediation is a valuable feature applied to Microsoft Defender for Identity, reducing the burden of investigating false positives."

"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."

"I would rate Microsoft Defender for Identity at nine out of ten."

"The feature I like most is that you can create your own customized detection rules. It has a lot of default alerts and rules, but you can customize them according to your business needs."

More Microsoft Defender for Identity pros

"It has a dynamic runtime engine, which gives it an advantage over Prisma that has a static engine. In Prisma, we have to do additional malware analysis, which is not required in Proofpoint."

Cons

"The solution could improve how it handles on-premises Android-related attacks."

"The solution could be better at using group-managed access and they could replace it with broad-based access controls."

"When the data leaves the cloud, there are security issues."

"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."

"I would like to be able to do remediation from the platform because it is just a scanner right now. If you onboard a device, it shows you what is happening, but you can't use it to fix things. You need to go into the system to fix it instead."

"One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform to promptly alert affected users and their friends."

"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."

More Microsoft Defender for Identity cons

"We are using the TRAP console that has a Linux-based UI, which is not user-friendly. The TAP console looks very advanced. Currently, we are maintaining three different consoles, and it is sometimes hard to switch between them or try to grab the data."

Pricing and Cost Advice

"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."

"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."

"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."

"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."

"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."

Information not available

See which vendors are best for you

Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.

See recommendations

868,787 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

15%

Financial Services Firm

12%

Manufacturing Company

Government

Manufacturing Company

12%

Financial Services Firm

Healthcare Company

Transportation Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	7
Midsize Enterprise	3
Large Enterprise	14

No data available

Questions from the Community

What do you like most about Microsoft Defender for Identity?

Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence.

See all answers

What needs improvement with Microsoft Defender for Identity?

See all answers

What is your primary use case for Microsoft Defender for Identity?

I've used Microsoft Defender for Identity primarily for provisioning users on Azure AD and Microsoft authentication. For hybrid scenarios, I integrate on-premises AD to Azure AD. We use AD Connect ...

See all answers

Ask a question

Earn 20 points

Comparisons

Microsoft Entra ID Protection vs Microsoft Defender for Identity

Compared 17% of the time

Microsoft Purview Insider Risk Management vs Microsoft Defender for Identity

Compared 16% of the time

CrowdStrike Falcon vs Microsoft Defender for Identity

Compared 13% of the time

BloodHound Enterprise vs Microsoft Defender for Identity

Compared 7% of the time

Microsoft Defender for Endpoint vs Microsoft Defender for Identity

Compared 6% of the time

More Microsoft Defender for Identity Competitors

Microsoft Defender for Office 365 vs Proofpoint Targeted Attack Protection

Compared 66% of the time

IRONSCALES vs Proofpoint Targeted Attack Protection

Compared 34% of the time

More Proofpoint Targeted Attack Protection Competitors

Product Reports

Buyer's Guide

Microsoft Defender for Identity

September 2025

Download Microsoft Defender for Identity product report

Buyer's Guide

Advanced Threat Protection (ATP)

September 2025

Proofpoint Targeted Attack Protection report

Download Proofpoint Targeted Attack Protection product report

Also Known As

Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity

Targeted Attack Protection

Overview

Microsoft Defender for Identity integrates with Microsoft tools to monitor user activity, providing advanced threat detection and analysis using AI. It enhances proactive threat response and security visibility, making it essential for securing on-premises and cloud environments like Active Directory.

Microsoft Defender for Identity offers comprehensive monitoring and AI-driven user behavior analysis. It detects threats through real-time alerts and identifies lateral movements and entity tagging, ensuring robust security management. With excellent visibility via its dashboard, it supports customized detection rules and seamlessly integrates with SIEM platforms. While SecureScore and SecureScan provide robust environment security, there is room for improvement in cloud security, on-premises application integration, and remediation capabilities. Azure integration is limited, and the administrative interface could be more user-friendly. Users experience frequent false positives, affecting threat detection efficiency.

What key features stand out in Microsoft Defender for Identity?

Integration with Microsoft Tools: Ensures comprehensive protection across environments.
AI-driven Behavior Analysis: Uses artificial intelligence to analyze user actions.
Real-time Threat Detection: Provides immediate alerts to potential threats.
Lateral Movement Identification: Detects unusual lateral access among users.
Dashboards with Visibility: Offers insights into security issues with customization options.
SIEM Integration: Works seamlessly with security information and event management systems.

What benefits should users look for when reviewing Microsoft Defender for Identity?

Enhanced Threat Prioritization: Helps in effective identification and tackling of threats.
Improved Proactive Responses: Facilitates a prompt and efficient response mechanism.
Security Across Environments: Protects both on-premises and cloud-based infrastructures.
Optimized Conditional Access: Manages policies to enhance security protocol efficacy.

In specific industries such as education and finance, Microsoft Defender for Identity is crucial for securing on-premises Active Directory and Azure Active Directory environments. It effectively detects suspicious activities and manages conditional access policies, offering user and entity behavior analytics, endpoint detection and response capabilities. This helps prevent unauthorized access and strengthens overall security, making it an invaluable asset for organizations aiming to safeguard their digital infrastructure.

Microsoft

More than 90% of targeted attacks start with email—and these threats are always evolving. Proofpoint Targeted Attack Protection (TAP) helps you stay ahead of attackers with an innovative approach that detects, analyzes and blocks advanced threats before they reach your inbox. This includes ransomware and other advanced email threats delivered through malicious attachments and URLs. And zero-day threats, polymorphic malware, weaponized documents and phishing attacks. TAP provides adaptive controls to isolate the riskiest URL clicks. TAP also detects threats and risks in cloud apps, connecting email attacks related to credential theft or other attacks.

Proofpoint

Sample Customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.

Brinker Capital

Buyer's Guide

Advanced Threat Protection (ATP)

September 2025

Download Free Report

Find out what your peers are saying about Palo Alto Networks, Microsoft, Fortinet and others in Advanced Threat Protection (ATP). Updated: September 2025.

DOWNLOAD NOW

868,787 professionals have used our research since 2012.

See our list of best Advanced Threat Protection (ATP) vendors.

We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.