Microsoft Defender for Identity Reviews

We use Microsoft Defender for Identity to prevent user account-level attacks such as lateral move attacks and pass-the-hash attacks on our on-premises servers. We leverage its features to mitigate identity-related threats and monitor activities on Active Directory Domain Services and other servers.

Microsoft Defender for Identity has significantly improved our environment's security by preventing identity-related attacks. We don't face financial losses from security breaches because the product provides robust protection.

The most valuable features of Microsoft Defender for Identity include real-time information for threat detection, its inclusion of behavioral analytics, and vulnerability management. These features help prevent various attacks and monitor user account activities effectively.

The solution could improve how it handles on-premises Android-related attacks. Without Microsoft Defender, it can be challenging to check which accounts are compromised and to analyze activities on on-premises servers. Enhancing this capability would make it even more effective.

I have been using Microsoft Defender for Identity for the past three years.

With three years of experience, I have never faced any issues or errors with Microsoft Defender for Identity. It is very stable and has performed exceptionally well in our environment.

I would rate the scalability of Microsoft Defender for Identity as a ten because it is robust and suitable for various environments, including small, medium, and enterprise businesses.

The technical support from Microsoft is excellent. I would rate it a ten because the support engineers are very knowledgeable and provide solutions promptly, ensuring that issues are resolved in a timely manner.

Positive

The initial setup is easy, especially with Microsoft's continuous improvements in the reporting feature. It is user-friendly and efficient.

The pricing of Microsoft Defender for Identity is affordable and competitive compared to other security products. The option to purchase specific features rather than a full license makes it convenient and cost-effective.

I'd rate the solution ten out of ten. 

Microsoft uses machine learning to analyze data over longer periods and identify anomalies. This approach is beneficial because it helps us understand user behavior over time rather than just focusing on immediate actions.

We handle alerts by investigating them using Defender Advanced Hunting, which provides more data to help us understand the issues. Additionally, we can use the incident page associated with the alert to access detailed information about the problem.

There are issues with the alerts in Microsoft Defender for identity-related intra-protection detection anomalies. The alerts are missing some data, which makes it difficult to determine the exact sign-in event associated with the alert. For instance, if we see a sign-in from a different country, we want to correlate this with the sign-in events recorded in our system and Microsoft. The alert in Defender does not provide the necessary details to match it directly with the corresponding sign-in event. To address this, we need to refer to Defender Protection events, where we can find the IP and sign-in ID associated with the event.

It would be beneficial if Microsoft developed the Microsoft Graph API for Advanced Hunting to facilitate more automation. Currently, the schema is not very well-defined, which limits automation possibilities. Additionally, improvements could be made to enhance queries, such as obtaining the full path of a process, which is available in EDR. Addressing these areas would significantly improve functionality and integration.

Occasionally, we've encountered issues with the API, such as when we cannot access the data and receive a 500 Internal Server Error. This has happened several times over the past few days.

I rate the solution’s stability an eight out of ten.

We experienced issues with Defender not responding about a year ago during a weekend. I’ve heard similar reports from other companies as well. Despite reaching out to Microsoft through forums and support tickets, it took a long time to get answers, and the response did not address the problem.

Neutral

Microsoft Defender consolidates various functionalities on a single dashboard, including incidents, alerts, Advanced Hunting, and PC onboarding details. This integration is very helpful, allowing us to view all relevant information in one place. Previously, managing these tasks required navigating multiple pages, which was less efficient. The current setup streamlines the workflow and makes it easier to work with the platform.

It’s a good product. I appreciate having all the necessary services for my company in one place. Defender provides various security services, including Identity services, which is very valuable.

Overall, I rate the solution an eight out of ten.