No more typing reviews! Try our Samantha, our new voice AI agent.

Microsoft Defender for Identity pros and cons

Vendor: Microsoft

4.4 out of 5

28 reviews
100% willing to recommend

Pros & Cons summary

Microsoft Defender for Identity augments visibility into identity-based attacks with real-time detection of lateral movement and credential abuse. By automating tasks and integrating with Microsoft tools like Teams, it enhances security. Utilizing AI for threat protection, it improves security posture. However, enhancements in alert tuning, agent flexibility, internal IP handling, and technical support are needed for optimal deployment and reduced false positives, along with better automation of impossible travel detection to prevent IP misinterpretation.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Microsoft Defender for Identity enhances visibility into identity-based attacks, allowing real-time detection of lateral movement and credential abuse.

Defender for Identity provides significant insights into security, improving the overall security posture of an organization.

Automated routine tasks and alert settings make Microsoft Defender for Identity efficient, easing navigation toward organizational security goals.

Integration with other Microsoft packages, like Teams, Office, and Sentinel, adds value by creating customized detection rules and alerts.

Defender for Identity utilizes hybrid artificial intelligence and forensic data to provide advanced threat protection and vulnerability management.

CONS

Microsoft Defender for Identity’s detection capability could benefit from improved alert tuning to reduce false positives.

An increase in flexibility for installing Microsoft Defender for Identity agents could enhance its deployment.

There is a need for Microsoft Defender for Identity to better handle internal IP identification to reduce false positives.

Enhancements in technical support and documentation are necessary to address minor issues efficiently.

Improvement is needed in automating impossible travel detection to prevent misinterpretation of IP address changes.

Microsoft Defender for Identity Pros review quotes

Security Engineer at Fidelity Bank Plc

Sep 11, 2025

We use AD Connect to sync on-premises AD to Azure AD, and so far, it has been effective.

Read full review

RP

Instrumentation Engineer at Toyo Engineering Corp

Jun 13, 2025

Auto-remediation is a valuable feature applied to Microsoft Defender for Identity, reducing the burden of investigating false positives.

Read full review

CM

Technology Coordinator at a educational organization with 501-1,000 employees

Nov 20, 2025

Microsoft Defender for Identity helps me automate routine tasks and find alerts that I set up to receive, so it helps me get where I'm trying to go easier and faster.

Read full review

Microsoft Defender for Identity

Free Report: Microsoft Defender for Identity Reviews and More

Learn what your peers think about Microsoft Defender for Identity. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.

899,917 professionals have used our research since 2012.

Alejandro Lagler

Manager, Collaboration Bds at C3ntro

Nov 20, 2025

In the security portfolio that we manage, Microsoft Defender for Identity is very important because it is the professional service that we sell the most.

Read full review

RK

Cloud Security & Governance at a financial services firm with 10,001+ employees

Mar 7, 2025

The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks.

Read full review

OA

CyberSecurity Engineer | Information Security Management at Self Employed

May 26, 2025

I recommend Microsoft Defender for Identity because it is easy to implement.

Read full review

ROBERT-CHRISTIAN

CTO at a tech vendor with 10,001+ employees

Apr 7, 2025

The integration into the Microsoft Defender ecosystem is the most valuable feature of Microsoft Defender for Identity.

Read full review

Information Technology Security Manager at a security firm with 51-200 employees

Mar 31, 2025

I would rate Microsoft Defender for Identity at nine out of ten.

Read full review

Owner at Alopex ONE UG

Nov 8, 2024

The most valuable feature is its hybrid artificial intelligence, which gathers forensic data to track and counteract security threats, much like the CSI series in effect.

Read full review

Dumebi Chukwuemeka

Cloud Security Engineer at a non-tech company with 10,001+ employees

Dec 21, 2023

Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence.

Read full review

Show 10 more reviews (out of 24)

Microsoft Defender for Identity Cons review quotes

Security Engineer at Fidelity Bank Plc

Sep 11, 2025

Fixing the solution isn't very seamless.

Read full review

RP

Instrumentation Engineer at Toyo Engineering Corp

Jun 13, 2025

Feedback on sync issues with the Microsoft portal highlighted its slow nature, with syncs sometimes taking eight hours.

Read full review

CM

Technology Coordinator at a educational organization with 501-1,000 employees

Nov 20, 2025

I can't say that I've seen a return on investment since we have Microsoft Defender for Identity because we also have another security solution in place.

Read full review

Microsoft Defender for Identity

Free Report: Microsoft Defender for Identity Reviews and More

Learn what your peers think about Microsoft Defender for Identity. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.

899,917 professionals have used our research since 2012.

Alejandro Lagler

Manager, Collaboration Bds at C3ntro

Nov 20, 2025

Microsoft Defender for Identity does not save me time, but I think it is the way that I secure the data.

Read full review

RK

Cloud Security & Governance at a financial services firm with 10,001+ employees

Mar 7, 2025

One area that needs improvement is the number of alerts generated, leading to alert fatigue.

Read full review

OA

CyberSecurity Engineer | Information Security Management at Self Employed

May 26, 2025

They should improve the automation for impossible travel detection. When connected to Wi-Fi and then to VPN, the system sometimes interprets the IP address change as impossible travel.

Read full review

ROBERT-CHRISTIAN

CTO at a tech vendor with 10,001+ employees

Apr 7, 2025

The areas of Microsoft Defender for Identity that can be improved include its cost, which is quite expensive when integrated into Sentinel. Additionally, there is room for improvement in its integration with non-Microsoft applications and systems.

Read full review

Information Technology Security Manager at a security firm with 51-200 employees

Mar 31, 2025

The documentation provided by Microsoft is often seen as a waste of time.

Read full review

Owner at Alopex ONE UG

Nov 8, 2024

One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform to promptly alert affected users and their friends.

Read full review

Dumebi Chukwuemeka

Cloud Security Engineer at a non-tech company with 10,001+ employees

Dec 21, 2023

One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents.

Read full review

Show 10 more reviews (out of 24)

Product Categories

Product Categories

Identity Threat Detection and Response (ITDR)

Advanced Threat Protection (ATP)

Microsoft Security Suite

Popular Comparisons

Popular Comparisons

CrowdStrike Falcon vs Microsoft Defender for Identity

Microsoft Intune vs Microsoft Defender for Identity

Microsoft Defender for Endpoint vs Microsoft Defender for Identity

Microsoft Entra ID vs Microsoft Defender for Identity

Microsoft Defender for Cloud vs Microsoft Defender for Identity

Microsoft Defender for Office 365 vs Microsoft Defender for Identity

Microsoft Sentinel vs Microsoft Defender for Identity

Varonis Platform vs Microsoft Defender for Identity

Vectra AI vs Microsoft Defender for Identity

ESET Endpoint Protection Platform vs Microsoft Defender for Identity

Cortex XSIAM vs Microsoft Defender for Identity

Palo Alto Networks WildFire vs Microsoft Defender for Identity

Anomali vs Microsoft Defender for Identity

Gigamon Deep Observability Pipeline vs Microsoft Defender for Identity

Microsoft Defender for Cloud Apps vs Microsoft Defender for Identity

See all alternatives

Product Categories

Product Categories

Identity Threat Detection and Response (ITDR)

Advanced Threat Protection (ATP)

Microsoft Security Suite

Popular Comparisons

Popular Comparisons

CrowdStrike Falcon vs Microsoft Defender for Identity

Microsoft Intune vs Microsoft Defender for Identity

Microsoft Defender for Endpoint vs Microsoft Defender for Identity

Microsoft Entra ID vs Microsoft Defender for Identity

Microsoft Defender for Cloud vs Microsoft Defender for Identity

Microsoft Defender for Office 365 vs Microsoft Defender for Identity

Microsoft Sentinel vs Microsoft Defender for Identity

Varonis Platform vs Microsoft Defender for Identity

Vectra AI vs Microsoft Defender for Identity

ESET Endpoint Protection Platform vs Microsoft Defender for Identity

Cortex XSIAM vs Microsoft Defender for Identity

Palo Alto Networks WildFire vs Microsoft Defender for Identity

Anomali vs Microsoft Defender for Identity

Gigamon Deep Observability Pipeline vs Microsoft Defender for Identity

Microsoft Defender for Cloud Apps vs Microsoft Defender for Identity

See all alternatives

Related questions

43

When evaluating Identity Threat Detection and Response (ITDR), what aspect do you think is the most important to look for?

110

Why is ITDR (Identity Threat Detection and Response) important for companies?

42

Why is Identity Threat Detection and Response (ITDR) important for companies?