Microsoft Defender for Identity and ThreatLocker Zero Trust Endpoint Protection Platform compete in the cybersecurity category. ThreatLocker seems to have an edge due to its versatility in application control and zero-trust implementation.
Features: Microsoft Defender for Identity robustly integrates with Microsoft tools, providing comprehensive threat monitoring through user behavior analytics and centralized threat alerts. It seamlessly works with Microsoft’s security suite, which is advantageous for organizations using Microsoft's ecosystem. ThreatLocker offers application control with features like allowlisting and ring-fencing, enabling strong endpoint protection and detailed activity monitoring adaptable to various access management needs.
Room for Improvement: Microsoft Defender for Identity needs better alignment between Azure and on-premises environments and faces challenges with false positives and sensor impacts. It also lacks direct remediation capabilities from the console. ThreatLocker can enhance its staggered policy distribution to prevent network saturation, improve its user interface, and offer more flexible training. Its technical support response times could also be quicker.
Ease of Deployment and Customer Service: Microsoft Defender for Identity benefits from seamless integration with Microsoft systems, simplifying deployment in hybrid cloud settings, though technical support quality varies by tier. ThreatLocker is praised for its straightforward deployment process and generally positive customer service and technical support, though it occasionally sees delays during non-working hours.
Pricing and ROI: Microsoft Defender for Identity is reasonably priced, especially as part of the E5 license, offering value through integration benefits and incident prevention. ThreatLocker provides cost-effective pricing compared to other security tools, offering flexibility and customization for managed service providers. Users find ThreatLocker’s pricing more transparent and adaptable.
If something were to happen without ThreatLocker, the cost would be huge, and thus, having it is definitely worth it.
The main return on investment is peace of mind, knowing that with ThreatLocker on any endpoint, it will almost always block all malicious code or exploits, even zero-day exploits.
It keeps malware, Trojans, and ransomware at bay.
Generally, the support is more effective than other providers like Oracle.
The quality of support is very good, but troubleshooting can take time due to complex setups and the need to provide many logs.
The people I normally use for support are very knowledgeable, especially when they help remote in and get to where I need to go and show me much faster and help me understand what I should be doing.
They have been very responsive, helpful, and knowledgeable.
I would rate their customer support a ten out of ten.
Their support is world-class.
In a Microsoft-centric organization, especially with Azure infrastructure and Office 365, Microsoft Defender for Identity is scalable.
I started off with just the servers, and within a month and a half, I set up the entire company with ThreatLocker.
It seems to primarily operate on the endpoints rather than at a central location pushing out policies.
I would rate it a ten out of ten for scalability.
Microsoft Defender for Identity is quite robust and built on Azure hyperscale infrastructure, with a 99% availability.
We do not see any issues with the stability of Microsoft Defender for Identity.
Having recently started using it, reliability is affirmed, but manual investigation is often performed to verify if alerts identified by auto-remediation are accurate.
For five years, we have not had a problem.
Once deployed, it downloads the policies locally, so even if the computer doesn't have internet, it doesn't matter.
It has been very stable, reliable, and accessible.
If Microsoft could develop a feature that indicates when impossible travel is caused by VPN connections, it would prevent unnecessary password resets and session disruptions, especially for VIP users in organizations.
One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform.
Reducing false positives is something we've been working on with Microsoft.
Controlling the cloud environment, not just endpoints, is crucial.
This is problematic when immediate attention is needed.
Comprehensive 24-hour log monitoring is a valuable enhancement for both business and enterprise-level users.
If they can reduce the costs, organizations will be happy, and it will compensate for using the Azure environment, which is more expensive on the infrastructure as a service side.
Ensuring a fair price according to market standards.
From an organization perspective, using E5 licenses is value for money, especially if Azure and Office 365 are already in use.
After conversations with other partners, it became clear we underpriced it initially, which caused most of our issues.
We are moving towards the Unified solution, where they basically bundle everything together, providing us better stability with the ability to bring in new product offerings without having to go back to the customer and say, 'This is going to cost you.'
I had a really good deal at the time, and it continues to be cost-effective.
We receive an advance report of risky users, allowing us to take preemptive action before an attack causes damage to organization details.
The most valuable feature is its hybrid artificial intelligence, which gathers forensic data to track and counteract security threats, much like the CSI series in effect.
The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks.
ThreatLocker Zero Trust Endpoint Protection Platform's ability to block access to unauthorized applications has been excellent.
It protects our customers.
The major benefit is fewer breaches overall, as nothing can be run without prior approval. This helps my company protect its data and secure itself effectively.
| Product | Market Share (%) |
|---|---|
| ThreatLocker Zero Trust Endpoint Protection Platform | 2.7% |
| Microsoft Defender for Identity | 4.5% |
| Other | 92.8% |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 4 |
| Large Enterprise | 14 |
| Company Size | Count |
|---|---|
| Small Business | 32 |
| Midsize Enterprise | 4 |
| Large Enterprise | 3 |
Microsoft Defender for Identity offers real-time threat detection and protection for hybrid Active Directory environments. It integrates with Microsoft 365 components for seamless security and monitors advanced behaviors, enhancing identity protection across cloud and on-premises environments.
Microsoft Defender for Identity provides detailed threat insights and user behavior analytics to detect unauthorized access and notify anomalies. It allows setting custom detection rules, enhancing threat response automation. While it needs improvements in cloud security, SIEM integration, and access controls, users leverage its ability to mitigate identity threats like suspicious logins and ransomware. Enhanced integration with Microsoft security products ensures a coordinated threat response for identity control and privilege management.
What are the key features of Microsoft Defender for Identity?In specific industries, organizations implement Microsoft Defender for Identity to secure on-premises and hybrid Active Directory environments through user and entity behavior analytics, malicious activity detection, and integration with Microsoft security tools. This approach enhances security posture assessment and helps mitigate identity threats like identity harvesting and unauthorized access.
ThreatLocker Zero Trust Endpoint Protection Platform empowers organizations with application control, selective elevation, and ring-fencing to enhance security and prevent unauthorized access.
ThreatLocker provides comprehensive security management using application allowlisting to ensure only approved software operates across servers and workstations. The platform's centralized management simplifies security processes by consolidating multiple tools, and its robust capabilities align with zero-trust strategies by actively blocking unauthorized applications and ensuring compliance. Users note intuitive features such as mobile access, helpful training resources, and responsive support, which effectively reduce operational costs and help desk inquiries. The managed service providers prefer ThreatLocker to maintain network integrity by preventing malicious scripts and unauthorized access attempts. However, users identify room for growth in training and support flexibility, the interface, and certain technical challenges like network saturation from policy updates.
What are the most important features?Organizations utilize ThreatLocker for application allowlisting, ensuring only authorized software operates to prevent unauthorized access efficiently. Deployed across servers and workstations, its features support zero-trust principles and are favored by managed service providers for application management and network integrity.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
