Microsoft Defender for Identity and SentinelOne Singularity Identity both compete in the threat detection and identity protection domain. While Microsoft's Defender benefits from its extensive integration across Microsoft's ecosystem, SentinelOne shines with its robust AI-driven detection capabilities and user-friendly management console.
Features: Microsoft Defender for Identity includes integration capabilities across Microsoft's ecosystem, effective threat detection and identity protection, and seamless sync between on-premises and cloud environments. SentinelOne Singularity Identity offers advanced behavioral analysis, dynamic threat detection, and a user-friendly management console that provides a unified view of potential threats.
Room for Improvement: Microsoft Defender for Identity needs improvement in sensor impact on domain controllers, integration between Azure ID and on-premises, and direct issue remediation from the console. SentinelOne Singularity Identity would benefit from enhanced endpoint management, better support structures, and additional features for precise control over web filtering and settings.
Ease of Deployment and Customer Service: Both Microsoft Defender for Identity and SentinelOne Singularity Identity support cloud and on-premises deployment options. Microsoft receives praise for knowledgeable staff but faces challenges with delayed responses, whereas SentinelOne excels in platform integration but could improve in first-level support and performance issue handling.
Pricing and ROI: Microsoft Defender for Identity is costly unless bundled yet offers significant ROI through reduced security costs and time savings. SentinelOne Singularity Identity, though seen as pricey due to cost increments, presents competitive pricing with significant ROI through its advanced detection capabilities and reduced resolution time.
The people I normally use for support are very knowledgeable, especially when they help remote in and get to where I need to go and show me much faster and help me understand what I should be doing.
The quality of support is very good, but troubleshooting can take time due to complex setups and the need to provide many logs.
Generally, the support is more effective than other providers like Oracle.
They have been responsive to our needs as integrators and those of the client.
In a Microsoft-centric organization, especially with Azure infrastructure and Office 365, Microsoft Defender for Identity is scalable.
We do not see any issues with the stability of Microsoft Defender for Identity.
Microsoft Defender for Identity is quite robust and built on Azure hyperscale infrastructure, with a 99% availability.
Having recently started using it, reliability is affirmed, but manual investigation is often performed to verify if alerts identified by auto-remediation are accurate.
If Microsoft could develop a feature that indicates when impossible travel is caused by VPN connections, it would prevent unnecessary password resets and session disruptions, especially for VIP users in organizations.
One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform.
Reducing false positives is something we've been working on with Microsoft.
There is a clear roadmap for improvements, including enhancing capabilities with AI and seamless functionality in an MSP model for deeper visibility across multiple agencies.
If they can reduce the costs, organizations will be happy, and it will compensate for using the Azure environment, which is more expensive on the infrastructure as a service side.
From an organization perspective, using E5 licenses is value for money, especially if Azure and Office 365 are already in use.
Ensuring a fair price according to market standards.
We receive an advance report of risky users, allowing us to take preemptive action before an attack causes damage to organization details.
Based on the detection of incidents, we can prevent issues, and if there are any identity-related alerts, they are prevented through a conditional access policy.
The integration into the Microsoft Defender ecosystem is the most valuable feature of Microsoft Defender for Identity.
With visibility into endpoint telemetry, SentinelOne does provide useful information to find threat actors and empowers those who are in the business of threat hunting.
| Product | Market Share (%) |
|---|---|
| Microsoft Defender for Identity | 4.5% |
| SentinelOne Singularity Identity | 1.9% |
| Other | 93.6% |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 4 |
| Large Enterprise | 14 |
| Company Size | Count |
|---|---|
| Small Business | 4 |
| Midsize Enterprise | 5 |
| Large Enterprise | 13 |
Microsoft Defender for Identity offers real-time threat detection and protection for hybrid Active Directory environments. It integrates with Microsoft 365 components for seamless security and monitors advanced behaviors, enhancing identity protection across cloud and on-premises environments.
Microsoft Defender for Identity provides detailed threat insights and user behavior analytics to detect unauthorized access and notify anomalies. It allows setting custom detection rules, enhancing threat response automation. While it needs improvements in cloud security, SIEM integration, and access controls, users leverage its ability to mitigate identity threats like suspicious logins and ransomware. Enhanced integration with Microsoft security products ensures a coordinated threat response for identity control and privilege management.
What are the key features of Microsoft Defender for Identity?In specific industries, organizations implement Microsoft Defender for Identity to secure on-premises and hybrid Active Directory environments through user and entity behavior analytics, malicious activity detection, and integration with Microsoft security tools. This approach enhances security posture assessment and helps mitigate identity threats like identity harvesting and unauthorized access.
Singularity Identity, a component of the Singularity platform, provides threat detection & response (ITDR) capabilities to defend Active Directory and domain-joined endpoints in real-time from adversaries aiming to gain persistent, elevated privilege and move covertly. Singularity Identity provides actionable, high-fidelity insight as attacks emerge from managed and unmanaged devices. It detects identity misuse and reconnaissance activity happening within endpoint processes targeting critical domain servers, service accounts, local credentials, local data, network data, and cloud data. On-agent cloaking and deception techniques slow the adversary down while providing situational awareness and halting adversarial attempts at lateral movement. Singularity Identity helps you detect and respond to identity-based attacks, providing early warning while misdirecting them away from production assets.
Singularity Identity’s primary use case is to protect credential data and disrupt identity-based attacks. The most valuable function of Singularity Identity is its ability to misdirect attackers by providing deceptive data to identity-based recon attacks. Additionally, it can hide and deny access to locally stored credentials or identity data on Active Directory domain controllers.
Singularity Identity also provides rapid detection and respond to identity attacks, capturing attack activity and feeding it directly to the Singularity platform’s Security DataLake for enterprise-wide analysis and response.
By implementing Singularity Identity, organizations benefit from enhanced security, reduced credential-related risks, and improved user productivity. It detects and responds to identity-based attacks, ensuring only authorized individuals can access critical identity data. With its cloaking capabilities to hide identity stored locally on endpoints or in the identity infrastructure and it’s ability to provide decoy results to identity-based attacks, organizations can effectively secure their sensitive or privileged identities, resulting in improved overall identity security.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
