Microsoft Defender for Identity Reviews

Name: Microsoft Defender for Identity
Brand: Microsoft
Rating: 4.4 (21 reviews)

4.4 out of 5

21 reviews
100% willing to recommend

What is Microsoft Defender for Identity?

Microsoft Defender for Identity integrates with Microsoft tools to monitor user activity, providing advanced threat detection and analysis using AI. It enhances proactive threat response and security visibility, making it essential for securing on-premises and cloud environments like Active Directory.

Get the Microsoft Defender for Identity Buyer's Guide and find out what your peers are saying about Microsoft Defender for Identity, CrowdStrike Falcon, Microsoft Intune and more!

Microsoft Defender for Identity is the #1 ranked solution in top Identity Threat Detection and Response (ITDR) solutions, #5 ranked solution in top Advanced Threat Protection (ATP) solutions, and #7 ranked solution in top Microsoft Security Suite solutions. PeerSpot users give Microsoft Defender for Identity an average rating of 8.8 out of 10. Microsoft Defender for Identity is most commonly compared to CrowdStrike Falcon: Microsoft Defender for Identity vs CrowdStrike Falcon. Microsoft Defender for Identity is popular among the large enterprise segment, accounting for 59% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 15% of all views.

Buyer's Guide

Microsoft Defender for Identity

May 2025

Get the report

Helped 851,604 peers since 2012

Featured Microsoft Defender for Identity reviews

ROBERT-CHRISTIAN

CTO at kyndryl

The integration into the Microsoft Defender ecosystem is the most valuable feature of Microsoft Defender for Identity. It fits very nicely with all the other Defender tools, allowing for excellent collaboration among them. It also fits seamlessly into Microsoft Sentinel SIEM. Furthermore, Microsoft security solutions can save time as they allow the automation of numerous functionalities, and the reporting inside the Microsoft ecosystem is commendable.

Read full review

IlanHamoy

Information Technology Security Manager at a security firm with 51-200 employees

The most valuable features of Microsoft Defender for Identity include its automatic remedies, possibilities for avoiding incidents, the privilege manager, and the generation of logs that facilitate a safer environment. It provides real issues directly to us without fake alerts. The visibility into threats is very good, especially with add-ons like Sentinel.

Read full review

MichaelSoliman

Owner at Alopex ONE UG

I am actively working with Microsoft Defender for Identity for tasks involving SQL identity endpoint management and have used it since 2019 Microsoft Defender for Identity enhances the capability to detect threats effectively and provides comprehensive security by integrating its artificial…

Read full review

Microsoft Defender for Identity mindshare

Product category:

As of May 2025, the mindshare of Microsoft Defender for Identity in the Identity Threat Detection and Response (ITDR) category stands at 17.7%, down from 26.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Identity Threat Detection and Response (ITDR)

PeerResearch reports based on Microsoft Defender for Identity reviews

Type	Title	Date
Category	Identity Threat Detection and Response (ITDR)	May 20, 2025	Download
Product	Reviews, tips, and advice from real users	May 20, 2025	Download
Comparison	Microsoft Defender for Identity vs Microsoft Entra ID Protection	May 20, 2025	Download
Comparison	Microsoft Defender for Identity vs CrowdStrike Falcon	May 20, 2025	Download
Comparison	Microsoft Defender for Identity vs SentinelOne Singularity Identity	May 20, 2025	Download

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	14.7%	96%	128 interviews Add to research
Microsoft Intune	4.1	N/A	94%	265 interviews Add to research

Valuable Features

Microsoft Defender for Identity excels in integrating seamlessly with other Microsoft security solutions. Users highlight its Active Directory monitoring, comprehensive dashboards, and real-time threat detection. Its AI-driven analytics and seamless integration offer robust protection against identity threats while minimizing false positives. Users value its ability to automate testing, log generation, and customized detection rules. Integration with SIEM platforms like Sentinel and ease of use are also appreciated. Identity security is enhanced through privilege management and threat prioritization.

"The integration into the Microsoft Defender ecosystem is the most valuable feature of Microsoft Defender for Identity."
"I would rate Microsoft Defender for Identity at nine out of ten."
"The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks."

Room for Improvement

Users express concerns over security when data exits the cloud and desire enhanced cloud security services and SIEM integration. They note the platform's scanning nature without remediation capability and raise issues with false positives and inadequate anomaly detection details. Deficiencies are cited in threat intelligence, technical support, and documentation. Challenges in handling Android-related attacks and alert fatigue, alongside high costs and the need for improved non-Microsoft integration, are emphasized.

"The areas of Microsoft Defender for Identity that can be improved include its cost, which is quite expensive when integrated into Sentinel. Additionally, there is room for improvement in its integration with non-Microsoft applications and systems."
"The documentation provided by Microsoft is often seen as a waste of time."
"One area that needs improvement is the number of alerts generated, leading to alert fatigue."

ROI

Many organizations recognize a positive return from Microsoft Defender for Identity due to its ability to prevent incidents and speed up resolution. Its cost-effectiveness stems from reduced necessity for security-based virtual machines in cloud environments, saving time for system admins. Although quantifying exact returns can be challenging, the tool's effectiveness in identifying breaches contributes to strengthened security. Despite mixed opinions, companies note budget-friendly benefits and improved client satisfaction.

Pricing

Microsoft Defender for Identity is generally included with Microsoft 365, particularly in the E5 licensing stack, offering competitive pricing compared to other security products. While perceived as costly by some, especially when integrated with Sentinel, it remains part of bundled deals like E5 or as an add-on to E3. Regional pricing may vary, and larger organizations can find value through discounted rates or when leveraging additional Microsoft services. Some users perceive the pricing model as complex.

"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."
"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."
"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."

Popular Use Cases

Microsoft Defender for Identity is used for user and entity behavior analytics, protecting identities on-premises and in Azure Active Directory. Organizations leverage it for threat detection, monitoring Active Directory activity, and enhancing security through alerts on suspicious behavior. It assists in endpoint detection, syncs with other security tools, and improves security scores by identifying potential threats and identity anomalies, ensuring comprehensive identity protection in hybrid cloud environments.

Service and Support

Microsoft Defender for Identity users report variable support experiences. Many find Microsoft’s technical support responsive and effective, praising knowledgeable engineers and prompt solutions. Some mention delays and challenges in escalation. Support quality heavily depends on subscription level, with enterprise plans receiving more comprehensive assistance. Users note delays, particularly with first-level support, and mention occasional difficulty in contacting the appropriate support group. Defender's straightforward nature reduces support contact frequency.

Deployment

Microsoft Defender for Identity's initial setup is generally straightforward, involving downloading and installing agents on domain controllers. Most users find it easy, taking minutes to a few hours, though firewall configuration can be challenging. Typically requiring minimal personnel, the tool integrates smoothly with existing systems. It operates efficiently with low maintenance from users and benefits from Microsoft's automatic backend management. Some complexities arise with prior system removal or additional proxy configuration requirements.

Scalability

Microsoft Defender for Identity is described as highly scalable, easily adapting to various enterprise sizes and configurations. It effectively scales across large environments, including thousands of endpoints and users. It operates well in cloud settings with minimal scalability concerns, and deploying additional sensors caters to expanding needs. Users report satisfaction with scalability in Microsoft-centered organizations, boosting its suitability for diverse business environments. The capability to handle increasing demands earns high marks in scalability assessments.

Stability

Microsoft Defender for Identity is often described as stable by many users. Some experienced initial issues with sensors restarting, but performance adjustments improved stability significantly. Certain environments report occasional incidents affecting different regions, requiring service requests for investigation. However, many have experienced no downtime or crashes, noting its robust performance on Azure infrastructure with 99% availability. User ratings typically range from six to nine out of ten, indicating a generally favorable experience.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Microsoft Defender for Identity Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

15%

Financial Services Firm

13%

Government

Manufacturing Company

Comms Service Provider

Healthcare Company

University

Energy/Utilities Company

Retailer

Legal Firm

Insurance Company

Construction Company

Educational Organization

Real Estate/Law Firm

Non Profit

Outsourcing Company

Hospitality Company

Performing Arts

Wholesaler/Distributor

Media Company

Transportation Company

Logistics Company

Newspaper

Recreational Facilities/Services Company

Aerospace/Defense Firm

Pharma/Biotech Company

Marketing Services Firm

Consumer Goods Company

Compare Microsoft Defender for Identity with alternative products

Learn more about Microsoft Defender for Identity

Microsoft Defender for Identity offers comprehensive monitoring and AI-driven user behavior analysis. It detects threats through real-time alerts and identifies lateral movements and entity tagging, ensuring robust security management. With excellent visibility via its dashboard, it supports customized detection rules and seamlessly integrates with SIEM platforms. While SecureScore and SecureScan provide robust environment security, there is room for improvement in cloud security, on-premises application integration, and remediation capabilities. Azure integration is limited, and the administrative interface could be more user-friendly. Users experience frequent false positives, affecting threat detection efficiency.

What key features stand out in Microsoft Defender for Identity?

Integration with Microsoft Tools: Ensures comprehensive protection across environments.
AI-driven Behavior Analysis: Uses artificial intelligence to analyze user actions.
Real-time Threat Detection: Provides immediate alerts to potential threats.
Lateral Movement Identification: Detects unusual lateral access among users.
Dashboards with Visibility: Offers insights into security issues with customization options.
SIEM Integration: Works seamlessly with security information and event management systems.

What benefits should users look for when reviewing Microsoft Defender for Identity?

Enhanced Threat Prioritization: Helps in effective identification and tackling of threats.
Improved Proactive Responses: Facilitates a prompt and efficient response mechanism.
Security Across Environments: Protects both on-premises and cloud-based infrastructures.
Optimized Conditional Access: Manages policies to enhance security protocol efficacy.

In specific industries such as education and finance, Microsoft Defender for Identity is crucial for securing on-premises Active Directory and Azure Active Directory environments. It effectively detects suspicious activities and manages conditional access policies, offering user and entity behavior analytics, endpoint detection and response capabilities. This helps prevent unauthorized access and strengthens overall security, making it an invaluable asset for organizations aiming to safeguard their digital infrastructure.

Microsoft Defender for Identity was previously known as Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity.