Try our new research platform with insights from 80,000+ expert users
Microsoft Defender for Identity Logo

Microsoft Defender for Identity Reviews

Vendor: Microsoft
4.4 out of 5
Badge Leader
Leave a review

What is Microsoft Defender for Identity?

Microsoft Defender for Identity integrates with Microsoft tools to monitor user activity, providing advanced threat detection and analysis using AI. It enhances proactive threat response and security visibility, making it essential for securing on-premises and cloud environments like Active Directory.

Get the Microsoft Defender for Identity Buyer's Guide and find out what your peers are saying about Microsoft Defender for Identity, CrowdStrike Falcon, Microsoft Intune and more!
Microsoft Defender for Identity is the #3 ranked solution in top Identity Threat Detection and Response (ITDR) solutions, #4 ranked solution in top Microsoft Security Suite solutions, and #6 ranked solution in top Advanced Threat Protection (ATP) solutions. PeerSpot users give Microsoft Defender for Identity an average rating of 8.8 out of 10. Microsoft Defender for Identity is most commonly compared to CrowdStrike Falcon: Microsoft Defender for Identity vs CrowdStrike Falcon. Microsoft Defender for Identity is popular among the large enterprise segment, accounting for 58% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 15% of all views.
Buyer's Guide
Microsoft Defender for Identity
August 2025
Get the report
Helped 866,088 peers since 2012

Featured Microsoft Defender for Identity reviews

Read more reviews

Microsoft Defender for Identity mindshare

Product category:
Identity Threat Detection and Respons...
As of August 2025, the mindshare of Microsoft Defender for Identity in the Identity Threat Detection and Response (ITDR) category stands at 15.9%, down from 24.5% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Identity Threat Detection and Response (ITDR) Market Share Distribution
ProductMarket Share (%)
Microsoft Defender for Identity15.9%
CrowdStrike Falcon16.0%
Microsoft Entra ID Protection13.0%
Other55.1%
Identity Threat Detection and Response (ITDR)

PeerResearch reports based on Microsoft Defender for Identity reviews

TypeTitleDate
CategoryIdentity Threat Detection and Response (ITDR)Aug 28, 2025Download
ProductReviews, tips, and advice from real usersAug 28, 2025Download
ComparisonMicrosoft Defender for Identity vs Microsoft Entra ID ProtectionAug 28, 2025Download
ComparisonMicrosoft Defender for Identity vs CrowdStrike FalconAug 28, 2025Download
ComparisonMicrosoft Defender for Identity vs SentinelOne Singularity IdentityAug 28, 2025Download
Suggested products
TitleRatingMindshareRecommending
CrowdStrike Falcon4.316.0%96%132 interviewsAdd to research
Microsoft Intune4.1N/A94%298 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Microsoft Defender for Identity excels with features like seamless integration with other Microsoft tools, comprehensive monitoring, and entity tagging. The platform provides real-time behavioral analytics and threat intelligence. Plural uses praise its automated threat response and customizable detection rules. The security dashboard offers visibility into threats, and the hybrid AI helps manage vulnerabilities effectively. Convenient bidirectional syncing supports both cloud and on-premises systems, allowing users to address identity security issues swiftly and efficiently.
  • "We do not see any issues with the stability of Microsoft Defender for Identity. I can say it is 100% stable."
  • "Auto-remediation is a valuable feature applied to Microsoft Defender for Identity, reducing the burden of investigating false positives."
  • "I recommend Microsoft Defender for Identity because it is easy to implement."

Room for Improvement

Microsoft Defender for Identity experiences issues with cloud security integration, lacks direct remediation, and generates numerous false positives. Administrative interfaces and technical support are insufficient. Logs and alerts lack clarity, and threat intelligence is incomplete. The setup process is complex. Improvements are needed in anomaly detection, documentation, and non-Microsoft system integration. Users desire better automation for conditional access and travel detection, along with enhanced flexibility in agent deployment and mobile platform integration within Teams.
  • "Feedback on sync issues with the Microsoft portal highlighted its slow nature, with syncs sometimes taking eight hours."
  • "They should improve the automation for impossible travel detection. When connected to Wi-Fi and then to VPN, the system sometimes interprets the IP address change as impossible travel."
  • "The areas of Microsoft Defender for Identity that can be improved include its cost, which is quite expensive when integrated into Sentinel. Additionally, there is room for improvement in its integration with non-Microsoft applications and systems."

ROI

Most users note that Microsoft Defender for Identity offers a notable return on investment by preventing incidents and enabling faster resolution of security issues. Many find it budget-friendly compared to the expense of deploying complete hardware setups. Some mention the time saved for system administrators and emphasize its ability to identify and eliminate breaches. They note that it satisfies client needs. However, determining an ROI can be challenging if effects aren't measured.

Pricing

Enterprise users find Microsoft Defender for Identity reasonably priced as part of Microsoft 365, especially when bundled with the E5 license. It offers value compared to standalone SIEM solutions and includes no extra setup costs beyond standard licensing. While some users cite it as more costly than other Microsoft products and recommend discounted E5 licenses for cost-effectiveness, others appreciate the ability to purchase specific features. Overall, it's considered affordable and competitive within its market segment.
  • "Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."
  • "It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."
  • "The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."

Popular Use Cases

Organizations primarily utilize Microsoft Defender for Identity for monitoring and securing Active Directory environments, both on-premises and in the cloud. They leverage its user and entity behavior analytics to detect anomalies, pinpoint threats like lateral moves, and respond to identity-related attacks. Users report that its integration with other Microsoft security tools enhances threat detection and prevention, safeguarding identity systems against malicious activities, and ensuring privileged access control while maintaining a secure hybrid infrastructure.

Service and Support

Microsoft Defender for Identity's customer service is mixed. Some find the technical team responsive and knowledgeable, especially for corporate and premium plans, resulting in excellent assistance. However, others report delays, particularly with lower-tier subscriptions or general support. Concerns exist over difficulties reaching appropriate support groups. While some rate support highly due to quick resolutions, others criticize it for slow responses and lack of expertise. Feedback varies based on user interaction frequency and subscription level.

Deployment

Microsoft Defender for Identity's initial setup is generally straightforward, often requiring minimal time and effort. Installation involves downloading and installing agents on domain controllers. Some organizations noted that firewalls and proxy settings could complicate configuration. It primarily runs in the cloud, minimizing maintenance needs for users. Most found it user-friendly and efficient, though some suggested improvements for environments using proxy servers. Overall, setup requires minimal personnel, often just one or two individuals.

Scalability

Microsoft Defender for Identity is noted for its strong scalability, suitable for a wide range of environments from small to large enterprises. Users report seamless deployment and robust performance across multiple locations and thousands of endpoints. The cloud-based nature ensures effortless scaling, and it's effective for both centralized and decentralized infrastructures. Many commend its capacity to support future growth, managing extensive networks with numerous users, while others mention its lightweight nature that easily adapts to various deployment needs.

Stability

Microsoft Defender for Identity is highly stable, with most users reporting no major issues or downtime. Many commend its recent improvements and robust performance on Azure infrastructure, though some mention occasional sensor restarts that require attention. Several rate its stability between seven and nine out of ten. Certain users noticed minor imperfections in sensor deployment, necessitating intervention. Overall, confidence in its stability is high, with acknowledgments of consistent performance and reliability.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Microsoft Defender for Identity Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business7
Midsize Enterprise3
Large Enterprise13
By reviewers
By visitors reading reviews
Company SizeCount
Small Business337
Midsize Enterprise191
Large Enterprise733
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
13%
Manufacturing Company
7%
Government
7%
Comms Service Provider
6%
Healthcare Company
5%
University
5%
Legal Firm
4%
Retailer
4%
Energy/Utilities Company
3%
Construction Company
3%
Insurance Company
3%
Outsourcing Company
3%
Performing Arts
2%
Educational Organization
2%
Non Profit
2%
Real Estate/Law Firm
2%
Media Company
2%
Transportation Company
2%
Hospitality Company
2%
Wholesaler/Distributor
2%
Newspaper
1%
Recreational Facilities/Services Company
1%
Pharma/Biotech Company
1%
Logistics Company
1%
Aerospace/Defense Firm
1%
Marketing Services Firm
1%
Consumer Goods Company
1%

Compare Microsoft Defender for Identity with alternative products

Go!

Learn more about Microsoft Defender for Identity

Microsoft Defender for Identity offers comprehensive monitoring and AI-driven user behavior analysis. It detects threats through real-time alerts and identifies lateral movements and entity tagging, ensuring robust security management. With excellent visibility via its dashboard, it supports customized detection rules and seamlessly integrates with SIEM platforms. While SecureScore and SecureScan provide robust environment security, there is room for improvement in cloud security, on-premises application integration, and remediation capabilities. Azure integration is limited, and the administrative interface could be more user-friendly. Users experience frequent false positives, affecting threat detection efficiency.

What key features stand out in Microsoft Defender for Identity?
  • Integration with Microsoft Tools: Ensures comprehensive protection across environments.
  • AI-driven Behavior Analysis: Uses artificial intelligence to analyze user actions.
  • Real-time Threat Detection: Provides immediate alerts to potential threats.
  • Lateral Movement Identification: Detects unusual lateral access among users.
  • Dashboards with Visibility: Offers insights into security issues with customization options.
  • SIEM Integration: Works seamlessly with security information and event management systems.
What benefits should users look for when reviewing Microsoft Defender for Identity?
  • Enhanced Threat Prioritization: Helps in effective identification and tackling of threats.
  • Improved Proactive Responses: Facilitates a prompt and efficient response mechanism.
  • Security Across Environments: Protects both on-premises and cloud-based infrastructures.
  • Optimized Conditional Access: Manages policies to enhance security protocol efficacy.

In specific industries such as education and finance, Microsoft Defender for Identity is crucial for securing on-premises Active Directory and Azure Active Directory environments. It effectively detects suspicious activities and manages conditional access policies, offering user and entity behavior analytics, endpoint detection and response capabilities. This helps prevent unauthorized access and strengthens overall security, making it an invaluable asset for organizations aiming to safeguard their digital infrastructure.

Microsoft Defender for Identity was previously known as Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity.

Microsoft Defender for Identity customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.

Related questions

  • 16
When evaluating Identity Threat Detection and Response (ITDR), what aspect do you think is the most important to look for?
  • 47
Why is ITDR (Identity Threat Detection and Response) important for companies?
  • 12
Why is Identity Threat Detection and Response (ITDR) important for companies?

Product Categories

Product Categories
Identity Threat Detection and Response (ITDR)
Advanced Threat Protection (ATP)
Microsoft Security Suite

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Microsoft Defender for Identity Logo
CrowdStrike Falcon vs Microsoft Defender for Identity
Microsoft Intune vs Microsoft Defender for Identity Logo
Microsoft Intune vs Microsoft Defender for Identity
Microsoft Defender for Endpoint vs Microsoft Defender for Identity Logo
Microsoft Defender for Endpoint vs Microsoft Defender for Identity
Microsoft Defender for Office 365 vs Microsoft Defender for Identity Logo
Microsoft Defender for Office 365 vs Microsoft Defender for Identity
Microsoft Sentinel vs Microsoft Defender for Identity Logo
Microsoft Sentinel vs Microsoft Defender for Identity
Microsoft Entra ID vs Microsoft Defender for Identity Logo
Microsoft Entra ID vs Microsoft Defender for Identity
Microsoft Defender for Cloud vs Microsoft Defender for Identity Logo
Microsoft Defender for Cloud vs Microsoft Defender for Identity
Varonis Platform vs Microsoft Defender for Identity Logo
Varonis Platform vs Microsoft Defender for Identity
Microsoft Defender for Cloud Apps vs Microsoft Defender for Identity Logo
Microsoft Defender for Cloud Apps vs Microsoft Defender for Identity
Cortex XSIAM vs Microsoft Defender for Identity Logo
Cortex XSIAM vs Microsoft Defender for Identity
Palo Alto Networks WildFire vs Microsoft Defender for Identity Logo
Palo Alto Networks WildFire vs Microsoft Defender for Identity
Microsoft Entra ID Protection vs Microsoft Defender for Identity Logo
Microsoft Entra ID Protection vs Microsoft Defender for Identity
Securonix Next-Gen SIEM vs Microsoft Defender for Identity Logo
Securonix Next-Gen SIEM vs Microsoft Defender for Identity
Palo Alto Networks VM-Series vs Microsoft Defender for Identity Logo
Palo Alto Networks VM-Series vs Microsoft Defender for Identity
Trend Micro Deep Discovery vs Microsoft Defender for Identity Logo
Trend Micro Deep Discovery vs Microsoft Defender for Identity
See all alternatives
 
Microsoft Defender for Identity Reviews Summary
Author infoRatingReview Summary
Cloud Security & Governance at a financial services firm with 10,001+ employees4.0We use Microsoft Defender for Identity to protect our on-premises and hybrid Active Directory, focusing on advanced threat detection and security posture assessment. Despite its strengths, reducing alert fatigue remains necessary as we enhance integration with Azure AD.
CyberSecurity Engineer | Information Security Management at Self Employed5.0I find Microsoft Defender for Identity valuable for its conditional access and role-based permissions. It saves time but could improve in automation for impossible travel detection, particularly with VPNs, to reduce unnecessary disruptions and enhance security.
Instrumentation Engineer at Toyo Engineering Corp4.0We're testing Microsoft Defender for Identity, which auto-remediates incidents, saving investigation time and offering preemptive security. It identifies and mitigates threats from different IPs efficiently. We're in the initial phase, using it alongside Microsoft Azure.
CTO at a tech vendor with 10,001+ employees4.0I use Microsoft Defender for Identity as part of the Defender suite to manage identities. Its seamless integration with other tools is valuable, though it’s expensive with Sentinel and could improve integration with non-Microsoft systems. No ROI seen yet.
Deputy Manager at Servion Global Solutions5.0I’ve used Microsoft Defender for Identity for over four years, and it’s stable, scalable, and effective with valuable threat analytics and reporting. Setup was smooth with support from Microsoft's fast track team, and I have no complaints.
Information Technology Security Manager at a security firm with 51-200 employees4.5We use Microsoft Defender for Identity to manage organizational privileges and enhance security, appreciating its automatic remedies and threat visibility, especially with Sentinel. While its features are valuable, better documentation for technical users is needed for optimal application.
Owner at Alopex ONE UG5.0I use Microsoft Defender for Identity primarily for SQL identity endpoint management. Its most valuable feature is its hybrid AI for tracking security threats. I recommend integrating an admin app within Teams for mobile access to attack information.
Principle Architect at LiveRoute4.0I've used Microsoft Defender for Identity for three years and find it essential for deep analytics in hybrid environments, though setup is manual and time-consuming. Its integration, scalability, and reporting are impressive, and I recommend it frequently.