I work for a university, and we use Defender for Identity for students, faculty members, researchers, etc. It's around 4,000 end-users. We have a completely Azure-based environment, and all of our users have migrated to the cloud. While we still have some on-premise users, we have synced our user base to the Azure Active Directory in the cloud.
We require identity protection because most cybersecurity cases today involve identity harvesting. Microsoft Defender for Identity proved to be the best solution for providing support for malicious identity-related issues. Our entire cloud setup is protected.
Our enterprise usage entirely depends on identity-based users. Any identity issue or attack could lead to massive data leakage in our environment. Defender for Identity is easy to use and provides precise details on the timeline to facilitate quick transfers.
Microsoft creates a database of critical vulnerabilities that they are constantly updating. Whether it's an old-fashioned or novel attack, it promptly notifies us. It may take some time to identify if it is a brand-new threat. Once it is located, it will tell us what the issue is.
We need to analyze the security features monthly and validate them. Microsoft Defender provides the correct solution for this. It will give you the proper security progressions that happen in Microsoft. We can define levels of security and prioritize security concerns, so we take action on the high-priority problems first. Regarding password resets, etc., there are less-complicated issues that don't pose a risk of data leakage, so we assign a lower priority.
It helps us be proactive because it will notify us about the preventive measures we can take. Once it flags a vulnerability, we can investigate the root cause. So that way, we can mitigate the most critical threats with this set of notifications from Defender.
Defender for Identity has affected our on-premise security because we need less identity management. Everything can be handled on the cloud. We require fewer devices for identity management, so it has reduced our hardware shortage.
It has saved us time by providing prompt notifications. We don't need to spend more time on SIEM solutions. Usually, we would require SIEM solutions or advanced log-based analysis solutions to find all the identity compromises or any identity-hijacking issues. We needed a designated person to check all these aspects with advanced threat-detection programs. We can eliminate all these challenges with the help of Microsoft Defender for Identity. It has cut the time spent on these tasks by 50 percent.
Defender has also saved us money because we don't require traditional identity-based solutions in the firewall. We needed different identity-based solutions for the cloud, virtual machines, etc. Microsoft has this legacy proprietary feature, so we don't need other solutions. It has considerably reduced our budget by around 30 percent. It has sped up our detection and response time by about 10 percent.
The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud.
Identity harvesting is the most common threat. Legacy Microsoft solutions and Amazon face the same issues in the cloud. Users don't implement other security mechanisms in the cloud. In an on-premise environment, we would have multiple security devices like firewalls and several layers of security. Cloud users are less bothered because cloud features are there and only need to be configured.
Microsoft Defender for Cloud is the best solution because all threats are completely visible, and it has a great dashboard. The dashboard displays each threat and score, so we can identify the threat rating and act efficiently to avoid compromising user identities.
We have a single sign-on feature on the cloud. If we lose a single set of identities, it can compromise the entire organization, including cloud and on-premise. The same identities are being used everywhere. The user activity has to be completely visible on the dashboard, and it has to generate a pattern. It will notify us if there is any security breach.
It is a complete monitoring set. Minor changes in the user identity can lead to data leakage. If a password is changed in the cloud, it will be reflected automatically in the on-premise. This minor change will trigger an alert in Microsoft Defender for Identity. It ensures that each cloud identity is well protected from spoofing. It has a comprehensive database of well-known spoofing techniques, enabling us to provide cloud identity protection completely.
It has a vast scope because it is completely single sign-on. In the emerging industry, we use single sign-on because users need to authenticate, but it's challenging to remember multiple passwords. Once your user signs in, you can access all the data. An identity compromise would lead to various issues and affect the data on-premises. Defender maintains a constantly updated database with the latest signatures, attack models, and threats. If it detects one threat, it will monitor the suspicious event and give us frequent alerts.
Identity protection is vital because we use an identity mechanism for everything, including firewall-related activities. The exact identity used in the cloud is used in the most complex firewalls. We require an excellent migration technique to regain this user credential if something gets compromised. Blocking this requires a massive set of procedures. Microsoft Defender comprehensively monitors identity and provides frequent alerts regarding any issue, so we don't need to think of anything else.
Defender's bidirectional sync capabilities are helpful because we need to sync data from multiple directions, including tenant-to-tenant, on-premise-to-cloud, and cloud-to-cloud syncing. As a university, we have multiple tenants, so we need to sync or access data across platforms. That way, everything is more secure, and Microsoft Defender for Cloud also provides ample security for cloud transfers.
The bidirectional sync capabilities are flawless—10 out of 10. Our on-premise Active Directory is perfectly synced with the Azure AD. Everything is synced with on-premise, and changes are reflected in minutes. If a problem with identity is addressed on the cloud, the fix will be mirrored on-premise and vice versa.
Microsoft Defender for Cloud and Identity are bundled. If we have these two solutions, we don't need to worry about anything else or third-party antivirus. Microsoft Defender for Identity acts as a link to all the Microsoft security features that require identity-based validation. Microsoft Defender instantly provides identity security for all our applications, and users need not worry about typing their passwords. Even in situations with less complex encryption mechanisms, users don't need to worry about typing in their passwords. Defender will check and monitor if there are any flaws in that, and it will let us know if there are any issues.
We're a Microsoft shop, so everything works together. If one feature isn't working, everything will be affected. If Defender isn't working, half of our Microsoft security features will be dead. Without identity security, user data can easily be compromised, and data can fall into the hands of intruders or other hackers. The solutions have to complement each other. If anything got wrong, the entire setup would have flaws.
Microsoft security has a legacy security mechanism. A while back, we might have gone with Defender for Endpoint, but Microsoft has also grown into the face of the cloud. The same Defender solution is completely maintaining cloud security. We can imagine Microsoft's vast scale and how Defender can protect the cloud environment from vulnerabilities and attacks. We are definitely delighted with Microsoft products.
The dashboard features are fantastic because it provides a comprehensive overview. It has a great alert mechanism and log inspector that tracks when users access various servers. With this kind of identity validation, we can control which servers the users can access. We have total visibility from the dashboard. We can track identity usage even if there are no issues. That is an essential advantage.
There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further.
I have used Defender for Identity for six years.
Defender for Identity is extremely stable. We don't experience any bugs because Microsoft has a three-tier system for checking everything.
Defender for Identity is completely scalable.
I rate Microsoft support 10 out of 10. The technical support is good, but we don't need it for Defender because everything is pretty straightforward.
Setting up Defender is straightforward and took two days. We require system admins to check for data mismatches. Once we implement the security, the cloud and on-premise data have to be perfectly synced. We need to ensure the on-premise data can be secured from Defender. It doesn't need maintenance after deployment. Everything happens automatically.
The return on investment is there because we don't need to add complicated security managers in the cloud where we need security-based virtual machines running Azure or other cloud platforms. It considerably reduces the time system admins spend on management. The subscription cost is cheaper than deploying a complete hardware setup. It is budget-friendly.
Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly.
I rate Defender for Identity nine out of 10. I would give it a perfect 10, except for the inability to remedy issues directly from the console. Defender for Identity is a popular product because most endpoint users already use Defender, so they will be familiar.
When dealing with single sign-on, an identity-based cloud solution is essential for all enterprises because most security concerns are related to identity. It's easy for hackers to hack into servers with compromised identities. We need a legacy enterprise product like Microsoft Defender or a close competitor like Kaspersky. If user identities are compromised, your entire infrastructure will be in danger. Even if the cost is high, you need an enterprise product like Microsoft Defender for Identity.
It's challenging to integrate solutions from multiple vendors. If we used several vendors, we would need to spend a lot of time checking to ensure they integrate correctly. We must also establish an adequate surveillance solution to monitor these different products. It's a headache for the system admins. System administrators have fewer security concerns with an all-Microsoft setup because the elements work in sync. It's easy to monitor the data from any instance, so the data is more secure and accessible.