No more typing reviews! Try our Samantha, our new voice AI agent.

Microsoft Defender for Identity vs SonicWall Capture Advanced Threat Protection comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 1, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender for Iden...
Ranking in Advanced Threat Protection (ATP)
8th
Average Rating
8.8
Reviews Sentiment
6.8
Number of Reviews
28
Ranking in other categories
Microsoft Security Suite (5th), Identity Threat Detection and Response (ITDR) (3rd)
SonicWall Capture Advanced ...
Ranking in Advanced Threat Protection (ATP)
28th
Average Rating
7.8
Reviews Sentiment
7.4
Number of Reviews
8
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Advanced Threat Protection (ATP) category, the mindshare of Microsoft Defender for Identity is 3.6%, down from 5.2% compared to the previous year. The mindshare of SonicWall Capture Advanced Threat Protection is 2.1%, up from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Advanced Threat Protection (ATP) Mindshare Distribution
ProductMindshare (%)
Microsoft Defender for Identity3.6%
SonicWall Capture Advanced Threat Protection2.1%
Other94.3%
Advanced Threat Protection (ATP)
 

Featured Reviews

Peter Arabomen - PeerSpot reviewer
Security Engineer at Fidelity Bank Plc
Has supported hybrid identity management while integrating well with cloud directory services
The only challenge I have with Microsoft Defender for Identity is the latency. I may not put that entirely on Microsoft, because latency could be network related. At times when trying to authenticate, the prompt is delayed. We tried implementing passwordless authentication, especially for on-premises workloads, but we haven't been able to achieve that. Passwordless authentication is part of the identity functionalities, particularly when it comes to enforcing passwordless for on-premises workloads. In terms of improvements, you can't create OUs on Azure AD. Regarding giving users privileges on what they can do across different OUs, I haven't seen that feature on Microsoft Defender for Identity. Microsoft Defender for Identity needs to be able to plug into third-party applications that are not Microsoft. For instance, with a human resource application used to manage users and leave requests, when staff leaves the organization, they are first exited from that application before AD. Integration between Azure AD and third-party applications would allow automatic syncing when removing staff. The initial setup of Microsoft Defender for Identity is not hard. However, setup is one thing, and getting value from the application end-to-end is another. It can be set up and running from the first day but not functioning optimally. Initially, when we did the setup, it wasn't optimal. Over time, with continuous improvement, which we're still doing, we've gotten to a comfortable level, but there's still room for improvement.
MA
Technical Manager, NOC at TEXUM JORDAN
Has a good configuration but the price should be more competitive
Our primary use case of this solution is for security.  It's a good solution but the price is high. It also has an easy configuration. The feedback that we get from our customers is that it's a good product. Our customers are mostly smaller enterprises.  The price should be more competitive.  I…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."
"It is easy to set up. Based on the number of devices you would like to set up, you can use scripts, Group Policy, etc. It takes five minutes to set up."
"The feature I like most is that you can create your own customized detection rules. It has a lot of default alerts and rules, but you can customize them according to your business needs."
"We use AD Connect to sync on-premises AD to Azure AD, and so far, it has been effective."
"The integration into the Microsoft Defender ecosystem is the most valuable feature of Microsoft Defender for Identity."
"The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident."
"This solution has advanced a lot over the last few years."
"Microsoft Defender for Identity helps me automate routine tasks and find alerts that I set up to receive, so it helps me get where I'm trying to go easier and faster."
"I would recommend this solution, as a firewall product solution that has a similar sandboxing type of thing has become quite an essential part of a security footprint."
"It also has an easy configuration. The feedback that we get from our customers is that it's a good product."
"For the past four and a half years, we haven't had any breaches or issues of any kind."
"I enjoy SonicWall as a package, with a robust firewall solution that protects against zero-day threats, optimizes network traffic for critical applications, and offers easy setup and automation for enterprises as well as small businesses."
"SonicWall came out with a new add-on; it was inexpensive to add on to the existing product that we already owned, so we added it."
"The stability of the solution is good. We haven't had any breaches or crashes. It's been very stable for us."
"Provides good protection and security."
"I like this setup for a firewall. You can set things up very easily and you can automate items as well. It's a very robust firewall solution for enterprise as well as small businesses."
 

Cons

"The tracking instance needs to be configured appropriately."
"The technical support needs significant improvement. Documentation for more minor issues in the form of guides or walkthroughs could help to resolve this issue. The number of tickets raised would decrease, removing some pressure from the support team and making it easier to clear the remaining tickets."
"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."
"One area that needs improvement is the number of alerts generated, leading to alert fatigue."
"The solution could improve how it handles on-premises Android-related attacks."
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."
"They should improve the automation for impossible travel detection. When connected to Wi-Fi and then to VPN, the system sometimes interprets the IP address change as impossible travel."
"The solution should provide more detailed data regarding anomaly detections."
"SonicWall should promote their roadmap and improve their marketing to customers."
"It does fare well against enterprise products."
"If anything at all, it would be some very minor updates that need to be done, but in terms of changes, nothing comes to mind."
"I would say the solution needs a much simpler user interface, but the functionality of the firewall is quite extensive. You need the user interface to be that way. However, if there was a way to make the user interface a little easier, that would be great."
"SonicWall had a recent layoff. This is a concern for us, because now we are missing the local presence from both the engineering and sales side."
"Sometimes customers are not aware of which protection is best for their business and SonicWall doesn't provide them with information on security features."
"Having an on-premise solution as well would be an option for some people, but they'll want to use a cloud solution for their sandboxing. Certain sites would want to keep all the checks done on an on-premise appliance. All the checking, rather than sending that up into a cloud engine."
"Could provide online training to allow customers to learn more about the product."
 

Pricing and Cost Advice

"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."
"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."
"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."
"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."
"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."
"The best deal from SonicWall is to buy the HA pair. When you buy the initial one, you receive the second one at a significant discount. If there is an event and something happens to one firewall, then you have the second firewall to roll into. For the price, it's pretty to tough to beat and not a lot of other firewall vendors offer it. You battle for a discount on both. Where with SonicWall, if you buy one, the second one is at half price. It's pretty straightforward."
"We get our value for our money."
"It's thirty dollars per user and we have 30 users."
"When you compare it with other solutions, they are cheaper and more economical."
report
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Computer Software Company
10%
Manufacturing Company
10%
Comms Service Provider
7%
Manufacturing Company
17%
Comms Service Provider
14%
Construction Company
14%
Media Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise5
Large Enterprise15
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise3
 

Questions from the Community

What needs improvement with Microsoft Defender for Identity?
I really would have to sit down to think about how Microsoft Defender for Identity can be improved. I didn't take stock in what needs to be improved because I appreciated having the tools right the...
What is your primary use case for Microsoft Defender for Identity?
My main use cases for Microsoft Defender for Identity include Conditional Access, checking risky users, remediating risky users, and user sign-ins. I can easily remediate or determine what the user...
What advice do you have for others considering Microsoft Defender for Identity?
I don't really use Microsoft Defender for Identity a lot because my new role doesn't allow me to take time to do so. I don't really use the threat intelligence feature of Microsoft Defender for Ide...
What needs improvement with SonicWall Capture Advanced Threat Protection?
SonicWall Capture Advanced Threat Protection needs to reconsider the pricing, especially in the cloud environment. The product is good overall, but the GUI needs to be more stable. I chose nine out...
What is your primary use case for SonicWall Capture Advanced Threat Protection?
My main use case for SonicWall Capture Advanced Threat Protection is that it helps us with sandboxing for analyzing and inspecting unknown files and URLs. A quick specific example of how I've used ...
What advice do you have for others considering SonicWall Capture Advanced Threat Protection?
I advise others looking into using SonicWall Capture Advanced Threat Protection to consider that it is truly helpful and very important to have great sandboxing with advanced threat protection to s...
 

Also Known As

Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity
No data available
 

Overview

 

Sample Customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.
Wonder Cement, Foster Clark Products
Find out what your peers are saying about Microsoft Defender for Identity vs. SonicWall Capture Advanced Threat Protection and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.