Try our new research platform with insights from 80,000+ expert users

Microsoft Defender for Identity vs Symantec Advanced Threat Protection comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 1, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender for Iden...
Ranking in Advanced Threat Protection (ATP)
8th
Average Rating
8.8
Reviews Sentiment
6.8
Number of Reviews
28
Ranking in other categories
Microsoft Security Suite (4th), Identity Threat Detection and Response (ITDR) (3rd)
Symantec Advanced Threat Pr...
Ranking in Advanced Threat Protection (ATP)
21st
Average Rating
7.8
Reviews Sentiment
7.1
Number of Reviews
16
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of January 2026, in the Advanced Threat Protection (ATP) category, the mindshare of Microsoft Defender for Identity is 4.5%, down from 5.4% compared to the previous year. The mindshare of Symantec Advanced Threat Protection is 1.9%, up from 1.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Advanced Threat Protection (ATP) Market Share Distribution
ProductMarket Share (%)
Microsoft Defender for Identity4.5%
Symantec Advanced Threat Protection1.9%
Other93.6%
Advanced Threat Protection (ATP)
 

Featured Reviews

RK
Cloud Security & Governance at a financial services firm with 10,001+ employees
Protect on-premises and hybrid environments with advanced threat detection and seamless integration
Our Active Directory implementation is a hybrid one. The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks. It identifies lateral movements, privilege escalations, and alerts on potential attacks. The tool is also used for security posture assessment. The seamless integration with other Microsoft solutions within our Microsoft-centric environment is also a major advantage.
TapabrataSamanta - PeerSpot reviewer
Lead Architect at Zones
Reliable platform with effective integration capabilities
Our primary use case for the product is to provide advanced threat protection to our clients, primarily in the banking and financial sectors Symantec ATP has been beneficial in ensuring robust security for our clients. Its effectiveness in detecting and mitigating threats has improved customer…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Microsoft Defender for Identity helps me automate routine tasks and find alerts that I set up to receive, so it helps me get where I'm trying to go easier and faster."
"The feature I like most is that you can create your own customized detection rules. It has a lot of default alerts and rules, but you can customize them according to your business needs."
"We use AD Connect to sync on-premises AD to Azure AD, and so far, it has been effective."
"The most valuable features of Microsoft Defender for Identity include real-time information for threat detection, its inclusion of behavioral analytics, and vulnerability management."
"The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks."
"The most valuable feature is its hybrid artificial intelligence, which gathers forensic data to track and counteract security threats, much like the CSI series in effect."
"We do not see any issues with the stability of Microsoft Defender for Identity. I can say it is 100% stable."
"The solution offers excellent visibility into threats."
"They manage to solve detection quite nicely. There is some rather elaborate detection compared to other providers."
"The incident management on the solution is very good. You get a lot of detailed information about an incident. You also get a lot of documentation in connection with the CVI or integration."
"Symantec Endpoint Protection provides end-to-end protection. Along with antivirus protection, it has a lot of key areas, including intrusive prevention, firewall features, and application and device control."
"Technical support is very responsive. You just have to open a ticket. They respond in a timely manner. Their response is good. I'm satisfied."
"Endpoint to network protects the line."
"You don't have to buy a separate email security platform. You can enable that using their endpoint, and I like that. You don't have to have two agents running on the same box."
"Real-time threat analysis is quick and takes action on threats immediately."
"Technical support has been helpful and responsive."
 

Cons

"The areas of Microsoft Defender for Identity that can be improved include its cost, which is quite expensive when integrated into Sentinel. Additionally, there is room for improvement in its integration with non-Microsoft applications and systems."
"The documentation provided by Microsoft is often seen as a waste of time."
"They should improve the automation for impossible travel detection. When connected to Wi-Fi and then to VPN, the system sometimes interprets the IP address change as impossible travel."
"We observe a lot of false positives. Sometimes, when we go for a coffee break, we lock our screens. Locking the screen has a separate Windows event ID and sometimes I see it is detected as a failed login."
"The impact of the sensors on the domain controllers can be quite high depending on your loads. I don't know if there's any room for improvement there, but that's one of the things that might be improved."
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."
"I can't say that I've seen a return on investment since we have Microsoft Defender for Identity because we also have another security solution in place."
"The solution could be better at using group-managed access and they could replace it with broad-based access controls."
"The support has dropped down to a five out of ten."
"It also needs network-based threat protection for shared folders and files."
"Not ideal for advanced threat protection."
"The product's support services need improvement."
"The administration interface needs a lot of improvement. It should be UI based, and simple. They need to improve it. It's pretty much not that friendly compared to what we were using as Bitdefender before. It's okay but is improving, actually."
"They could enhance the solution to work across all devices, including Android, iOS, and Mac, and make it more user-friendly."
"One area for improvement could be the pricing model."
"There are limits with respect to blocking files by hash value or blocking IP addresses, and these limits should be removed."
 

Pricing and Cost Advice

"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."
"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."
"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."
"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."
"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."
"The pricing of this solution is inexpensive and affordable."
"Symantec Advanced Threat Protection's pricing is comparable."
"The price is quite expensive."
"Symantec Endpoint Protection has an average price."
"Pricing is good. It is nice to have a great product at a fair price."
report
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
881,114 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Computer Software Company
12%
Manufacturing Company
8%
Comms Service Provider
7%
University
9%
Manufacturing Company
9%
Financial Services Firm
9%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise4
Large Enterprise14
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise3
Large Enterprise13
 

Questions from the Community

What needs improvement with Microsoft Defender for Identity?
I really would have to sit down to think about how Microsoft Defender for Identity can be improved. I didn't take stock in what needs to be improved because I appreciated having the tools right the...
What is your primary use case for Microsoft Defender for Identity?
My main use cases for Microsoft Defender for Identity include Conditional Access, checking risky users, remediating risky users, and user sign-ins. I can easily remediate or determine what the user...
What advice do you have for others considering Microsoft Defender for Identity?
I don't really use Microsoft Defender for Identity a lot because my new role doesn't allow me to take time to do so. I don't really use the threat intelligence feature of Microsoft Defender for Ide...
What is your experience regarding pricing and costs for Symantec Advanced Threat Protection?
The price is quite expensive because a different entity has taken over the company.
What needs improvement with Symantec Advanced Threat Protection?
One area for improvement could be the pricing model. Future releases could further enhance integration capabilities with other platforms and simplify the licensing model to compete more with Micros...
What is your primary use case for Symantec Advanced Threat Protection?
Our primary use case for the product is to provide advanced threat protection to our clients, primarily in the banking and financial sectors.
 

Also Known As

Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity
No data available
 

Overview

 

Sample Customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.
ECI
Find out what your peers are saying about Microsoft Defender for Identity vs. Symantec Advanced Threat Protection and other solutions. Updated: December 2025.
881,114 professionals have used our research since 2012.