Try our new research platform with insights from 80,000+ expert users

Microsoft Defender for Identity vs Symantec Advanced Threat Protection comparison

Microsoft and Broadcom are both solutions in the Advanced Threat Protection (ATP) category. Microsoft is ranked #5 with an average rating of 8.8, while Broadcom is ranked #19 with an average rating of 8.7. Microsoft holds a 6.4% mindshare in ATP, compared to Broadcom’s 2.0% mindshare. Additionally, 100% of Microsoft users are willing to recommend the solution, compared to 91% of Broadcom users who would recommend it.
Microsoft Defender for Iden...
Read 26 Microsoft Defender for Identity reviews
  • 7,070 Views
  • 1,485 Comparison Views
100% willing to recommend
Symantec Advanced Threat Pr...
Read 16 Symantec Advanced Threat Protection reviews
  • 534 Views
  • 417 Comparison Views
91% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Dec 1, 2024

Symantec Advanced Threat Protection and Microsoft Defender for Identity compete in the cybersecurity category. While both offer robust solutions, Microsoft Defender for Identity seems to have the upper hand due to its seamless integration with Microsoft ecosystems and effective cloud security features.

Features: Symantec Advanced Threat Protection offers real-time threat analysis, integration with SIEM products, and strong network protection features. Microsoft Defender for Identity excels in identity protection, real-time behavioral analytics, and integration with Microsoft 365 components, ensuring security across both on-premises and cloud environments.

Room for Improvement: Symantec could enhance its graphical threat representation, flexibility, and cloud capabilities. Microsoft Defender for Identity needs better data correlation for anomaly detection, reduced false positives, and improvements in sensor load management.

Ease of Deployment and Customer Service: Symantec supports varied deployments but has faced inconsistent support quality, particularly post-acquisition. Microsoft Defender provides excellent cloud environment support with responsive technical assistance, earning positive user reviews.

Pricing and ROI: Symantec offers competitive pricing, although costs fluctuate with user licenses. Microsoft’s inclusion in the Microsoft 365 suite, especially for E5 license holders, makes it a cost-effective option with valuable bundled features, enhancing perceived value over Symantec.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Microsoft Defender for Identity vs. Symantec Advanced Threat Protection Report (Updated: September 2025).
Buyer's Guide
Microsoft Defender for Identity vs. Symantec Advanced Threat Protection
September 2025
Download the complete report
Helped 868,787 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender for Iden...
Ranking in Advanced Threat Protection (ATP)
5th
Average Rating
8.8
Reviews Sentiment
6.9
Number of Reviews
26
Ranking in other categories
Microsoft Security Suite (3rd), Identity Threat Detection and Response (ITDR) (3rd)
Symantec Advanced Threat Pr...
Ranking in Advanced Threat Protection (ATP)
19th
Average Rating
7.8
Reviews Sentiment
7.1
Number of Reviews
16
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of October 2025, in the Advanced Threat Protection (ATP) category, the mindshare of Microsoft Defender for Identity is 6.4%, down from 7.8% compared to the previous year. The mindshare of Symantec Advanced Threat Protection is 2.0%, up from 2.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Advanced Threat Protection (ATP) Market Share Distribution
ProductMarket Share (%)
Microsoft Defender for Identity6.4%
Symantec Advanced Threat Protection2.0%
Other91.6%
Advanced Threat Protection (ATP)
 

Featured Reviews

Peter Arabomen - PeerSpot reviewer
Has supported hybrid identity management while integrating well with cloud directory services
The only challenge I have with Microsoft Defender for Identity is the latency. I may not put that entirely on Microsoft, because latency could be network related. At times when trying to authenticate, the prompt is delayed. We tried implementing passwordless authentication, especially for on-premises workloads, but we haven't been able to achieve that. Passwordless authentication is part of the identity functionalities, particularly when it comes to enforcing passwordless for on-premises workloads. In terms of improvements, you can't create OUs on Azure AD. Regarding giving users privileges on what they can do across different OUs, I haven't seen that feature on Microsoft Defender for Identity. Microsoft Defender for Identity needs to be able to plug into third-party applications that are not Microsoft. For instance, with a human resource application used to manage users and leave requests, when staff leaves the organization, they are first exited from that application before AD. Integration between Azure AD and third-party applications would allow automatic syncing when removing staff. The initial setup of Microsoft Defender for Identity is not hard. However, setup is one thing, and getting value from the application end-to-end is another. It can be set up and running from the first day but not functioning optimally. Initially, when we did the setup, it wasn't optimal. Over time, with continuous improvement, which we're still doing, we've gotten to a comfortable level, but there's still room for improvement.
Read full review
TapabrataSamanta - PeerSpot reviewer
Reliable platform with effective integration capabilities
Our primary use case for the product is to provide advanced threat protection to our clients, primarily in the banking and financial sectors Symantec ATP has been beneficial in ensuring robust security for our clients. Its effectiveness in detecting and mitigating threats has improved customer…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I recommend Microsoft Defender for Identity because it is easy to implement."
"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."
"The solution offers excellent visibility into threats."
"This solution has advanced a lot over the last few years."
"The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks."
"The feature I like the most about Defender for Identity is the entity tags. They give you the ability to identify sensitive accounts, devices, and groups. You also have honeytoken entities, which are devices that are identified as "bait" for fraudulent actors."
"The most valuable feature is its hybrid artificial intelligence, which gathers forensic data to track and counteract security threats, much like the CSI series in effect."
"The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud."
More Microsoft Defender for Identity pros
"You don't have to buy a separate email security platform. You can enable that using their endpoint, and I like that. You don't have to have two agents running on the same box."
"Real-time threat analysis is quick and takes action on threats immediately."
"Currently we have 800-plus nodes connected with this solution, without any issues. The solution is scalable."
"The technical support services are excellent."
"The Application Control code and the easy integration are valuable features."
"The great advantage in using this product is it creates multiple services."
"The product integrates well with our systems, and we have not encountered any problems."
"Endpoint to network protects the line."
More Symantec Advanced Threat Protection pros
 

Cons

"Microsoft should look at what competing vendors like CrowdStrike and Broadcom are doing and incorporate those features into Sentinel and Defender. At the same time, I think the intelligence inside the product is improving fast. They should incorporate more zero-trust and hybrid trust approaches. They need to build up threat intelligence based on threats and methods used in attacks on other companies."
"Feedback on sync issues with the Microsoft portal highlighted its slow nature, with syncs sometimes taking eight hours."
"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."
"And when you are working in a priority IP address, Identity is not able to know that those IPs are from the company. It sees that the IPs are from Taiwan or from Hong Kong or from India, even though they are internal IPs, resulting in a lot of false positives."
"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."
"The impact of the sensors on the domain controllers can be quite high depending on your loads. I don't know if there's any room for improvement there, but that's one of the things that might be improved."
"One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform to promptly alert affected users and their friends."
"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."
More Microsoft Defender for Identity cons
"The support for new OSs and older OSs could be a little tighter. They need to be more upfront about what protection services they're going to provide on new OSs. I haven't seen the Windows 11 version out yet. It is either already released in Beta, or the Beta will be released soon. There could be a little bit more advanced updates on what they're doing to help protect Windows 11 environments. They can let us know in advance so that we know it is going to be protected. We can't roll out the new OS without putting end-point protection on it. So, they should tell us what is their support model for that, and what are they doing to protect Windows 11. They're not telling me, and that's a criticism. The same issue is applicable to all the other antivirus tools. It is not just Symantec; all of them have this problem."
"There are limits with respect to blocking files by hash value or blocking IP addresses, and these limits should be removed."
"Scalability could be better."
"One area for improvement could be the pricing model."
"There are some ‎features that would add value to this product. One of them would be a graphical presentation of threats that the system has encountered."
"The administration interface needs a lot of improvement. It should be UI based, and simple. They need to improve it. It's pretty much not that friendly compared to what we were using as Bitdefender before. It's okay but is improving, actually."
"It should be able to collect information if the agent is disabled."
"The security features need to be improved."
More Symantec Advanced Threat Protection cons
 

Pricing and Cost Advice

"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."
"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."
"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."
"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."
"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."
"Pricing is good. It is nice to have a great product at a fair price."
"Symantec Advanced Threat Protection's pricing is comparable."
"Symantec Endpoint Protection has an average price."
"The price is quite expensive."
"The pricing of this solution is inexpensive and affordable."
report
See which vendors are best for you
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
See recommendations
868,787 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
12%
Manufacturing Company
7%
Government
7%
University
11%
Manufacturing Company
11%
Financial Services Firm
10%
Retailer
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise3
Large Enterprise14
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise3
Large Enterprise13
 

Questions from the Community

What do you like most about Microsoft Defender for Identity?
Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence.
See all answers
What needs improvement with Microsoft Defender for Identity?
The only challenge I have with Microsoft Defender for Identity is the latency. I may not put that entirely on Microsoft, because latency could be network related. At times when trying to authentica...
See all answers
What is your primary use case for Microsoft Defender for Identity?
I've used Microsoft Defender for Identity primarily for provisioning users on Azure AD and Microsoft authentication. For hybrid scenarios, I integrate on-premises AD to Azure AD. We use AD Connect ...
See all answers
What do you like most about Symantec Advanced Threat Protection?
Symantec Endpoint Protection provides end-to-end protection. Along with antivirus protection, it has a lot of key areas, including intrusive prevention, firewall features, and application and devic...
See all answers
What is your experience regarding pricing and costs for Symantec Advanced Threat Protection?
The price is quite expensive because a different entity has taken over the company.
See all answers
What needs improvement with Symantec Advanced Threat Protection?
One area for improvement could be the pricing model. Future releases could further enhance integration capabilities with other platforms and simplify the licensing model to compete more with Micros...
See all answers
 

Comparisons

Microsoft Entra ID Protection vs Microsoft Defender for Identity Logo
Microsoft Entra ID Protection vs Microsoft Defender for Identity
Compared 17% of the time
Microsoft Purview Insider Risk Management vs Microsoft Defender for Identity Logo
Microsoft Purview Insider Risk Management vs Microsoft Defender for Identity
Compared 16% of the time
CrowdStrike Falcon vs Microsoft Defender for Identity Logo
CrowdStrike Falcon vs Microsoft Defender for Identity
Compared 13% of the time
BloodHound Enterprise vs Microsoft Defender for Identity Logo
BloodHound Enterprise vs Microsoft Defender for Identity
Compared 7% of the time
Microsoft Defender for Endpoint vs Microsoft Defender for Identity Logo
Microsoft Defender for Endpoint vs Microsoft Defender for Identity
Compared 6% of the time
More Microsoft Defender for Identity Competitors
Palo Alto Networks WildFire vs Symantec Advanced Threat Protection Logo
Palo Alto Networks WildFire vs Symantec Advanced Threat Protection
Compared 40% of the time
CyberArk Privileged Access Manager vs Symantec Advanced Threat Protection Logo
CyberArk Privileged Access Manager vs Symantec Advanced Threat Protection
Compared 22% of the time
Trellix Network Detection and Response vs Symantec Advanced Threat Protection Logo
Trellix Network Detection and Response vs Symantec Advanced Threat Protection
Compared 22% of the time
Cisco Secure Network Analytics vs Symantec Advanced Threat Protection Logo
Cisco Secure Network Analytics vs Symantec Advanced Threat Protection
Compared 17% of the time
More Symantec Advanced Threat Protection Competitors
 

Product Reports

Buyer's Guide
Microsoft Defender for Identity
September 2025
Microsoft Defender for Identity reportDownload Microsoft Defender for Identity product report
Buyer's Guide
Symantec Advanced Threat Protection
September 2025
Symantec Advanced Threat Protection reportDownload Symantec Advanced Threat Protection product report
 

Also Known As

Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity
No data available
 

Overview

Microsoft Defender for Identity integrates with Microsoft tools to monitor user activity, providing advanced threat detection and analysis using AI. It enhances proactive threat response and security visibility, making it essential for securing on-premises and cloud environments like Active Directory.

Microsoft Defender for Identity offers comprehensive monitoring and AI-driven user behavior analysis. It detects threats through real-time alerts and identifies lateral movements and entity tagging, ensuring robust security management. With excellent visibility via its dashboard, it supports customized detection rules and seamlessly integrates with SIEM platforms. While SecureScore and SecureScan provide robust environment security, there is room for improvement in cloud security, on-premises application integration, and remediation capabilities. Azure integration is limited, and the administrative interface could be more user-friendly. Users experience frequent false positives, affecting threat detection efficiency.

What key features stand out in Microsoft Defender for Identity?
  • Integration with Microsoft Tools: Ensures comprehensive protection across environments.
  • AI-driven Behavior Analysis: Uses artificial intelligence to analyze user actions.
  • Real-time Threat Detection: Provides immediate alerts to potential threats.
  • Lateral Movement Identification: Detects unusual lateral access among users.
  • Dashboards with Visibility: Offers insights into security issues with customization options.
  • SIEM Integration: Works seamlessly with security information and event management systems.
What benefits should users look for when reviewing Microsoft Defender for Identity?
  • Enhanced Threat Prioritization: Helps in effective identification and tackling of threats.
  • Improved Proactive Responses: Facilitates a prompt and efficient response mechanism.
  • Security Across Environments: Protects both on-premises and cloud-based infrastructures.
  • Optimized Conditional Access: Manages policies to enhance security protocol efficacy.

In specific industries such as education and finance, Microsoft Defender for Identity is crucial for securing on-premises Active Directory and Azure Active Directory environments. It effectively detects suspicious activities and manages conditional access policies, offering user and entity behavior analytics, endpoint detection and response capabilities. This helps prevent unauthorized access and strengthens overall security, making it an invaluable asset for organizations aiming to safeguard their digital infrastructure.

Microsoft

Symantec Advanced Threat Protection is a single unified solution that uncovers, prioritizes, and remediates advanced attacks. The product fuses intelligence from endpoint, network, and email control points, as well as Symantec’s massive global sensor network, to stop threats that evade individual security products. It leverages your existing Symantec Endpoint Protection and Symantec Email Security.cloud investments, so it does not require the deployment of any new agents. You can deploy a new installation of Symantec Advanced Threat Protection and start to discover suspicious activity in under an hour. Using the proven technology in Symantec Insight reputation based detection, Symantec SONAR behavioral analysis with the new Symantec Cynic sandbox and file analysis platform, Symantec Advanced Threat Protection provides better detection and prioritization than other vendors, allowing security analysts to “zero in” on just those specific security events of importance.

Broadcom
 

Sample Customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.
ECI
Buyer's Guide
Microsoft Defender for Identity vs. Symantec Advanced Threat Protection
September 2025
Free Report: Microsoft Defender for Identity vs. Symantec Advanced Threat Protection
Find out what your peers are saying about Microsoft Defender for Identity vs. Symantec Advanced Threat Protection and other solutions. Updated: September 2025.
DOWNLOAD NOW
868,787 professionals have used our research since 2012.
See our Microsoft Defender for Identity vs. Symantec Advanced Threat Protection report.
See our list of best Advanced Threat Protection (ATP) vendors.

We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.