Microsoft Defender for Identity vs Proofpoint Targeted Attack Protection comparison

Microsoft and Proofpoint are both solutions in the Advanced Threat Protection (ATP) category. Microsoft is ranked #5 with an average rating of 8.8, while Proofpoint is ranked #30. Microsoft holds a 6.4% mindshare in ATP, compared to Proofpoint’s 1.7% mindshare. Additionally, 100% of Microsoft users are willing to recommend the solution, compared to 100% of Proofpoint users who would recommend it.

Microsoft Defender for Iden...

Read 26 Microsoft Defender for Identity reviews

7,070 Views
1,485 Comparison Views

100% willing to recommend

Proofpoint Targeted Attack ...

Read 1 Proofpoint Targeted Attack Protection review

416 Views
333 Comparison Views

100% willing to recommend

Microsoft Defender for Iden...

Proofpoint Targeted Attack ...

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Microsoft Defender for Identity and Proofpoint Targeted Attack Protection based on real PeerSpot user reviews.

Find out what your peers are saying about Palo Alto Networks, Microsoft, Fortinet and others in Advanced Threat Protection (ATP).

To learn more, read our detailed Advanced Threat Protection (ATP) Report (Updated: September 2025).

Buyer's Guide

Advanced Threat Protection (ATP)

September 2025

Download the complete report

Helped 868,787 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Microsoft Defender for Iden...

Ranking in Advanced Threat Protection (ATP)

5th

Average Rating

8.8

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Microsoft Security Suite (3rd), Identity Threat Detection and Response (ITDR) (3rd)

Proofpoint Targeted Attack ...

Ranking in Advanced Threat Protection (ATP)

30th

Average Rating

7.0

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of October 2025, in the Advanced Threat Protection (ATP) category, the mindshare of Microsoft Defender for Identity is 6.4%, down from 7.8% compared to the previous year. The mindshare of Proofpoint Targeted Attack Protection is 1.7%, down from 2.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Advanced Threat Protection (ATP) Market Share Distribution
Product	Market Share (%)
Microsoft Defender for Identity	6.4%
Proofpoint Targeted Attack Protection	1.7%
Other	91.9%

Advanced Threat Protection (ATP)

Featured Reviews

Peter Arabomen

Security Engineer at Fidelity Bank Plc

Has supported hybrid identity management while integrating well with cloud directory services

The only challenge I have with Microsoft Defender for Identity is the latency. I may not put that entirely on Microsoft, because latency could be network related. At times when trying to authenticate, the prompt is delayed. We tried implementing passwordless authentication, especially for on-premises workloads, but we haven't been able to achieve that. Passwordless authentication is part of the identity functionalities, particularly when it comes to enforcing passwordless for on-premises workloads. In terms of improvements, you can't create OUs on Azure AD. Regarding giving users privileges on what they can do across different OUs, I haven't seen that feature on Microsoft Defender for Identity. Microsoft Defender for Identity needs to be able to plug into third-party applications that are not Microsoft. For instance, with a human resource application used to manage users and leave requests, when staff leaves the organization, they are first exited from that application before AD. Integration between Azure AD and third-party applications would allow automatic syncing when removing staff. The initial setup of Microsoft Defender for Identity is not hard. However, setup is one thing, and getting value from the application end-to-end is another. It can be set up and running from the first day but not functioning optimally. Initially, when we did the setup, it wasn't optimal. Over time, with continuous improvement, which we're still doing, we've gotten to a comfortable level, but there's still room for improvement.

Read full review

KrishnaChaitanya2

Information Security Specialist at Methanex Chile SpA

Dynamic runtime engine and good protection, but needs better support and a single console

We have two to three issues per month. We contact Proofpoint's customer support for these issues. I am a major point of contact for support. If I am not able to resolve an issue, we will be reaching out to them. Proofpoint can take a couple of days to get back. I also deal with other applications from Okta and Microsoft, and we get the support within a couple of hours. There is a lot of difference between a couple of hours and a couple of days. So, Proofpoint's support should be improved. Okta and Microsoft are also able to do a Zoom or video call, but Proofpoint provides support only through email communication. Only if you request, it would be a Zoom or video session.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature is its hybrid artificial intelligence, which gathers forensic data to track and counteract security threats, much like the CSI series in effect."

"The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks."

"The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud."

"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."

"It automates routine testing and helps automate the finding of high-value alerts."

"The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident."

"I would rate Microsoft Defender for Identity at nine out of ten."

"Defender for Identity has not affected the end-user experience."

More Microsoft Defender for Identity pros

"It has a dynamic runtime engine, which gives it an advantage over Prisma that has a static engine. In Prisma, we have to do additional malware analysis, which is not required in Proofpoint."

Cons

"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."

"The solution should provide more detailed data regarding anomaly detections."

"The impact of the sensors on the domain controllers can be quite high depending on your loads. I don't know if there's any room for improvement there, but that's one of the things that might be improved."

"One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform to promptly alert affected users and their friends."

"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."

"The technical support needs significant improvement. Documentation for more minor issues in the form of guides or walkthroughs could help to resolve this issue. The number of tickets raised would decrease, removing some pressure from the support team and making it easier to clear the remaining tickets."

"We observe a lot of false positives. Sometimes, when we go for a coffee break, we lock our screens. Locking the screen has a separate Windows event ID and sometimes I see it is detected as a failed login."

More Microsoft Defender for Identity cons

"We are using the TRAP console that has a Linux-based UI, which is not user-friendly. The TAP console looks very advanced. Currently, we are maintaining three different consoles, and it is sometimes hard to switch between them or try to grab the data."

Pricing and Cost Advice

"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."

"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."

"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."

"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."

"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."

Information not available

See which vendors are best for you

Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.

See recommendations

868,787 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

15%

Financial Services Firm

12%

Manufacturing Company

Government

Manufacturing Company

12%

Financial Services Firm

Healthcare Company

Transportation Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	7
Midsize Enterprise	3
Large Enterprise	14

No data available

Questions from the Community

What do you like most about Microsoft Defender for Identity?

Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence.

See all answers

What needs improvement with Microsoft Defender for Identity?

See all answers

What is your primary use case for Microsoft Defender for Identity?

I've used Microsoft Defender for Identity primarily for provisioning users on Azure AD and Microsoft authentication. For hybrid scenarios, I integrate on-premises AD to Azure AD. We use AD Connect ...

See all answers

Ask a question

Earn 20 points

Comparisons

Microsoft Entra ID Protection vs Microsoft Defender for Identity

Compared 17% of the time

Microsoft Purview Insider Risk Management vs Microsoft Defender for Identity

Compared 16% of the time

CrowdStrike Falcon vs Microsoft Defender for Identity

Compared 13% of the time

BloodHound Enterprise vs Microsoft Defender for Identity

Compared 7% of the time

Microsoft Defender for Endpoint vs Microsoft Defender for Identity

Compared 6% of the time

More Microsoft Defender for Identity Competitors

Microsoft Defender for Office 365 vs Proofpoint Targeted Attack Protection

Compared 66% of the time

IRONSCALES vs Proofpoint Targeted Attack Protection

Compared 34% of the time

More Proofpoint Targeted Attack Protection Competitors

Product Reports

Buyer's Guide

Microsoft Defender for Identity

September 2025

Download Microsoft Defender for Identity product report

Buyer's Guide

Advanced Threat Protection (ATP)

September 2025

Proofpoint Targeted Attack Protection report

Download Proofpoint Targeted Attack Protection product report

Also Known As

Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity

Targeted Attack Protection

Overview

Microsoft Defender for Identity integrates with Microsoft tools to monitor user activity, providing advanced threat detection and analysis using AI. It enhances proactive threat response and security visibility, making it essential for securing on-premises and cloud environments like Active Directory.

Microsoft Defender for Identity offers comprehensive monitoring and AI-driven user behavior analysis. It detects threats through real-time alerts and identifies lateral movements and entity tagging, ensuring robust security management. With excellent visibility via its dashboard, it supports customized detection rules and seamlessly integrates with SIEM platforms. While SecureScore and SecureScan provide robust environment security, there is room for improvement in cloud security, on-premises application integration, and remediation capabilities. Azure integration is limited, and the administrative interface could be more user-friendly. Users experience frequent false positives, affecting threat detection efficiency.

What key features stand out in Microsoft Defender for Identity?

Integration with Microsoft Tools: Ensures comprehensive protection across environments.
AI-driven Behavior Analysis: Uses artificial intelligence to analyze user actions.
Real-time Threat Detection: Provides immediate alerts to potential threats.
Lateral Movement Identification: Detects unusual lateral access among users.
Dashboards with Visibility: Offers insights into security issues with customization options.
SIEM Integration: Works seamlessly with security information and event management systems.

What benefits should users look for when reviewing Microsoft Defender for Identity?

Enhanced Threat Prioritization: Helps in effective identification and tackling of threats.
Improved Proactive Responses: Facilitates a prompt and efficient response mechanism.
Security Across Environments: Protects both on-premises and cloud-based infrastructures.
Optimized Conditional Access: Manages policies to enhance security protocol efficacy.

In specific industries such as education and finance, Microsoft Defender for Identity is crucial for securing on-premises Active Directory and Azure Active Directory environments. It effectively detects suspicious activities and manages conditional access policies, offering user and entity behavior analytics, endpoint detection and response capabilities. This helps prevent unauthorized access and strengthens overall security, making it an invaluable asset for organizations aiming to safeguard their digital infrastructure.

Microsoft

More than 90% of targeted attacks start with email—and these threats are always evolving. Proofpoint Targeted Attack Protection (TAP) helps you stay ahead of attackers with an innovative approach that detects, analyzes and blocks advanced threats before they reach your inbox. This includes ransomware and other advanced email threats delivered through malicious attachments and URLs. And zero-day threats, polymorphic malware, weaponized documents and phishing attacks. TAP provides adaptive controls to isolate the riskiest URL clicks. TAP also detects threats and risks in cloud apps, connecting email attacks related to credential theft or other attacks.

Proofpoint

Sample Customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.

Brinker Capital

Buyer's Guide

Advanced Threat Protection (ATP)

September 2025

Download Free Report

Find out what your peers are saying about Palo Alto Networks, Microsoft, Fortinet and others in Advanced Threat Protection (ATP). Updated: September 2025.

DOWNLOAD NOW

868,787 professionals have used our research since 2012.

See our list of best Advanced Threat Protection (ATP) vendors.

We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.