Microsoft Defender for Identity and Microsoft Defender Threat Intelligence compete in the cybersecurity domain, each offering distinct advantages. Defender for Identity seems to have an upper hand in identity protection, whereas Defender Threat Intelligence excels in threat detection and integration with Microsoft security tools.
Features: Microsoft Defender for Identity integrates seamlessly with Active Directory, providing security monitoring and real-time alerts for identity security and detecting privilege escalation and lateral movement. In contrast, Microsoft Defender Threat Intelligence focuses on real-time threat detection, offers comprehensive threat intelligence, and integrates well with other Microsoft security tools to block threats and deliver insights into malicious activities.
Room for Improvement: For Microsoft Defender for Identity, users encounter false positives and limited console-based remediation capabilities. Improved administrative interfaces and better integration between on-premises and cloud environments are also desired. On the other hand, Microsoft Defender Threat Intelligence users report issues related to stability, licensing, and integration with non-Microsoft platforms. They seek advanced automation features and support across diverse OS environments.
Ease of Deployment and Customer Service: Microsoft Defender for Identity is flexible across various environments but presents mixed experiences in customer support, ranging from knowledgeable assistance to slow response times. Microsoft Defender Threat Intelligence offers similar deployment versatility but also receives varied feedback regarding support, with some users noting responsiveness and others facing delays and complexities, particularly with enterprise plans. Both solutions could improve support consistency.
Pricing and ROI: Microsoft Defender for Identity is considered expensive, especially for users with E3 licenses, though it delivers positive ROI due to its comprehensive identity protection. It forms part of a costly suite, but the return on investment is viewed positively. Conversely, Microsoft Defender Threat Intelligence is often bundled within an E5 license, making it part of a broader ecosystem. While some justify the pricing based on insightful threat detection, others find it expensive as a standalone product. Both solutions are seen as cost-effective when bundled with other Microsoft products, offering enhanced security and management efficiency.
It's a value-for-money product.
Generally, the support is more effective than other providers like Oracle.
The quality of support is very good, but troubleshooting can take time due to complex setups and the need to provide many logs.
The people I normally use for support are very knowledgeable, especially when they help remote in and get to where I need to go and show me much faster and help me understand what I should be doing.
Level two support is knowledgeable and knows how the product works, which is very good.
I would give Microsoft an eight for their technical support.
In a Microsoft-centric organization, especially with Azure infrastructure and Office 365, Microsoft Defender for Identity is scalable.
If there were some customizations available, I would rate its scalability as nine out of ten.
Microsoft Defender for Identity is quite robust and built on Azure hyperscale infrastructure, with a 99% availability.
We do not see any issues with the stability of Microsoft Defender for Identity.
Having recently started using it, reliability is affirmed, but manual investigation is often performed to verify if alerts identified by auto-remediation are accurate.
It provides a high level of security and avoids phishing and scam emails.
If Microsoft could develop a feature that indicates when impossible travel is caused by VPN connections, it would prevent unnecessary password resets and session disruptions, especially for VIP users in organizations.
One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform.
Reducing false positives is something we've been working on with Microsoft.
Providing code customization would help keep pace with new vulnerabilities and threats.
The main area of improvement for Microsoft Defender Threat Intelligence is related to how information is conveyed.
From the telemetry data standpoint, I would prefer Defender data to be more open in future updates.
If they can reduce the costs, organizations will be happy, and it will compensate for using the Azure environment, which is more expensive on the infrastructure as a service side.
Ensuring a fair price according to market standards.
From an organization perspective, using E5 licenses is value for money, especially if Azure and Office 365 are already in use.
We receive an advance report of risky users, allowing us to take preemptive action before an attack causes damage to organization details.
The most valuable feature is its hybrid artificial intelligence, which gathers forensic data to track and counteract security threats, much like the CSI series in effect.
The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks.
If it wasn't for that real-time threat detection on the vulnerability, I think we would not have survived the attack.
One of the best features is that it provides a certain level of customization, allowing us to set our spam confidence levels.
Our threat detection is enhanced due to the AI agents in Microsoft Defender Threat Intelligence, which helps in detecting automatically.
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 4 |
| Large Enterprise | 14 |
| Company Size | Count |
|---|---|
| Small Business | 17 |
| Midsize Enterprise | 2 |
| Large Enterprise | 15 |
![Recorded Future vs Microsoft Defender Threat Intelligence [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/lnzn8i8v5sbixszk5srhcdxj3v1s.png?_a=BACAGSGT){kind=small}
![VirusTotal vs Microsoft Defender Threat Intelligence [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/2pZTEpqhMzEjME5vY6eEcJGT.jpg?_a=BACAGSGT){kind=small}
![Anomali vs Microsoft Defender Threat Intelligence [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/ardthpa85bnmy4ogjbmzbd7duh7x.jpg?_a=BACAGSGT){kind=small}
Microsoft Defender for Identity offers real-time threat detection and protection for hybrid Active Directory environments. It integrates with Microsoft 365 components for seamless security and monitors advanced behaviors, enhancing identity protection across cloud and on-premises environments.
Microsoft Defender for Identity provides detailed threat insights and user behavior analytics to detect unauthorized access and notify anomalies. It allows setting custom detection rules, enhancing threat response automation. While it needs improvements in cloud security, SIEM integration, and access controls, users leverage its ability to mitigate identity threats like suspicious logins and ransomware. Enhanced integration with Microsoft security products ensures a coordinated threat response for identity control and privilege management.
What are the key features of Microsoft Defender for Identity?In specific industries, organizations implement Microsoft Defender for Identity to secure on-premises and hybrid Active Directory environments through user and entity behavior analytics, malicious activity detection, and integration with Microsoft security tools. This approach enhances security posture assessment and helps mitigate identity threats like identity harvesting and unauthorized access.
Microsoft Defender Threat Intelligence [EOL] offers comprehensive security by integrating with Microsoft platforms, retaining data within tenants, and providing real-time threat detection and collaboration. It's designed for both enterprise and SMB environments.
Microsoft Defender Threat Intelligence enhances cybersecurity operations by integrating with Azure Sentinel and Microsoft products like Intune and Azure. Its capabilities in endpoint, email, and cloud security ensure robust protection against a wide range of threats. With global threat data, anti-spam features, and customization options, it addresses threat prevention and vulnerability management. Seamless scaling and proactive incident prevention make it a reliable choice for enterprises looking for collaborative, efficient security management.
What are the key features of Microsoft Defender Threat Intelligence?Microsoft Defender Threat Intelligence is crucial for industries that value data retention and comprehensive threat analyses in safeguarding their operations. Financial institutions, healthcare providers, and technology firms implement this solution to secure their environments by updating security protocols and ensuring compliance with various industry standards. The focus on integration and customization helps these organizations adapt to evolving cybersecurity threats effectively.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
![Microsoft Defender Threat Intelligence [EOL] vs. Microsoft Defender for Identity report](https://www.peerspot.com/assets/media/images/icons/pdf-c33db68f.svg){kind=icon}
