Cloud Security Engineer at a non-tech company with 10,001+ employees
Real User
Top 10
2023-12-21T07:14:00Z
Dec 21, 2023
One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents. Currently, it is mandatory to install the agent on the on-premises environment, and considering if there could be more flexibility in deployment might be worth exploring.
The tracking instance needs to be configured appropriately. They need to be able to identify more vulnerabilities in order to increase the efficiency of the solution.
Microsoft should look at what competing vendors like CrowdStrike and Broadcom are doing and incorporate those features into Sentinel and Defender. At the same time, I think the intelligence inside the product is improving fast. They should incorporate more zero-trust and hybrid trust approaches. They need to build up threat intelligence based on threats and methods used in attacks on other companies.
Although the threat protection is comprehensive, the solution needs to be reevaluated when it comes to complex scenarios. There is no publicly available roadmap regarding upcoming features and improvements to the product. The product has significant limitations around acquiring device vulnerabilities, primarily because hunting queries are limited. The technical support needs significant improvement. Documentation for more minor issues in the form of guides or walkthroughs could help to resolve this issue. The number of tickets raised would decrease, removing some pressure from the support team and making it easier to clear the remaining tickets.
There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further.
Learn what your peers think about Microsoft Defender for Identity. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
Cyber Security BA/BSA at a insurance company with 10,001+ employees
Real User
2021-03-13T00:30:29Z
Mar 13, 2021
When the data leaves the cloud, there are security issues. The cloud security services and the integration with on-prem applications like SIEM, needs to be improved.
Microsoft Defender for Identity is a comprehensive security solution that helps organizations protect their identities and detect potential threats. It leverages advanced analytics and machine learning to provide real-time visibility into user activities, enabling proactive identification of suspicious behavior.
With its powerful detection capabilities, it can identify various types of attacks, including brute force, pass-the-hash, and golden ticket attacks. The solution also offers...
One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents. Currently, it is mandatory to install the agent on the on-premises environment, and considering if there could be more flexibility in deployment might be worth exploring.
The tracking instance needs to be configured appropriately. They need to be able to identify more vulnerabilities in order to increase the efficiency of the solution.
Microsoft should look at what competing vendors like CrowdStrike and Broadcom are doing and incorporate those features into Sentinel and Defender. At the same time, I think the intelligence inside the product is improving fast. They should incorporate more zero-trust and hybrid trust approaches. They need to build up threat intelligence based on threats and methods used in attacks on other companies.
Although the threat protection is comprehensive, the solution needs to be reevaluated when it comes to complex scenarios. There is no publicly available roadmap regarding upcoming features and improvements to the product. The product has significant limitations around acquiring device vulnerabilities, primarily because hunting queries are limited. The technical support needs significant improvement. Documentation for more minor issues in the form of guides or walkthroughs could help to resolve this issue. The number of tickets raised would decrease, removing some pressure from the support team and making it easier to clear the remaining tickets.
There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further.
The solution could be better at using group-managed access and they could replace it with broad-based access controls.
When the data leaves the cloud, there are security issues. The cloud security services and the integration with on-prem applications like SIEM, needs to be improved.