Overview
Product Information on Microsoft Defender for Identity
What is Microsoft Defender for Identity?
Microsoft Defender for Identity Pricing
Overall experience with Microsoft Defender for Identity
“Enhanced Threat Detection in Active Directory With Improved Microsoft Integration”
“Integrated Threat Detection in Defender for Identity for Microsoft-centric environments.”
About Company
Company Description
Microsoft enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more. Microsoft is dedicated to advancing human and organizational achievement. Microsoft Security helps protect people and data against cyberthreats to give peace of mind.
Company Details
Do You Manage Peer Insights at Microsoft?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
User Sentiment About Microsoft Defender for Identity
Reviewer Insights for: Microsoft Defender for Identity
Deciding Factors: Microsoft Defender for Identity Vs. Market Average
Performance of Microsoft Defender for Identity Across Market Features
Microsoft Defender for Identity Likes & Dislikes
1. Active Directory focused detection. The detections around threats like lateral movement of credential theft were strong and gave us visibility we didn't have previously, to the point where we found real bad actors threats within the first month as a result. 2. Good context within Microsoft Defender XDR. Alerts come in with timelines and excellent context which enables faster triage without the pain points of engaging in raw log hunting. 3. Integration with the rest of the Microsoft Security stack made correlation clean and reduced much of the tool and context switching that came come from having disparate tools.
The best feature is the strong identity-based threat detection. The behavioral analytics engine does an excellent job of detecting attacks such as Pass-the-Hash, Golden Ticket attacks, as well as identifying suspicious lateral movement. The attack timeline and entity mapping make it very easy to understand how an incident unfolded and can significantly speed up investigations. Another positive for MDI is its seamless integration with the Microsoft Security Ecosystem, embedded within Defender XDR, a truly unified experience can be achieved across endpoints, email, cloud apps and identities. Finally, its very low maintenance once setup. From an admin perspective, its heavily reliant on simple sensor deployment on domain controllers with minimal infrastructure maintenance and updates.
Its seamless integration with Microsoft's security ecosystem provides visibility into on-prem and cloud environments. Its capability to analyze massive number of signals on a daily basis allows org to quickly identify and detect complex identity-based attacks and features like automated response can perform the pre-defined response for such attacks without human intervention.
1. Initial setup can be painful if you don't have a solid understanding of your Active Directory topology, otherwise it's far too easy to scope sensors improperly or even misread alerts. 2. While detection is strong, the native one-click remediation actions are quite a bit lighter than what I've seen from other tools. Manual playbooks or custom created automated remediations are still required. 3. Pricing was reasonable given the number of identities and DCs we were working with, but it's still something to consider if you still have a small AD footprint still.
One of the biggest drawbacks is the lack of use outside of Microsoft environments. While this is great within our Microsoft stack, we are left looking at other vendors for Identity protection among many of our other platforms. Also, during setup and onboarding, the platform can become very noisy with a lot of false-positive alerts. You will find that a lot of time needs to be allocated to tuning alerts in the early days to make best use of your analysts time. Finally, the flexibility and granular controls you would expect from a Microsoft solution are not present here. This is very much an off-the-shelf product with little room to customise if your environment has a particular niche.
If the service is not configured properly, it can create an overwhelming number of alerts that can lead to many false-positive alerts. Although it integrates seamlessly with Microsoft services and platforms, it has limited integration capability with third parties.
Top Microsoft Defender for Identity Alternatives
Peer Discussions
Microsoft Defender for Identity Reviews and Ratings
- It Security & Risk Management Associate<50M USDEnergy and UtilitiesReview Source
Integrated Threat Detection in Defender for Identity for Microsoft-centric environments.
The overall experience for admins in Microsoft Defender for Identity (MDI) is streamlined, intelligent and very well integrated, especially for Microsoft-centric environments. Administrators are now able to access this through the unified security portal, making it very easy to administer, review alerts and customise. This interface is very much designed with SOC users in mind, well done Microsoft! - CLOUD APPLICATION SECURITY ENGINEERGov't/PS/EdEducationReview Source
Enhanced Threat Detection in Active Directory With Improved Microsoft Integration
We have deployed Defender for Identity to cover our hybrid identities that exist within our on-prem AD instance and our Entra environment. In practice, it's been a net win due to its ability to spot identity driven attacks within Active Directory. The tradeoff on this was due to the initial alert volume for normal user behavior, so the value depends on your willingness to own and manage the tool internally. - IT SECURITY & RISK MANAGEMENT ASSOCIATE50M-1B USDServices (non-Government)Review Source
Seamless Integration With Microsoft Ecosystem Enhances Hybrid Identity Security Monitoring
Microsoft ITDR has proven to be an effective and robust solution to strengthen the identity security posture for organizations. It easily integrates with other Microsoft security platforms like Defender or Entra that can provide you with real-time threat detection and will also provide you with visibility across hybrid environments. - Network And Security Engineer50M-1B USDServices (non-Government)Review Source
Tool Integrates with Security Systems to Enhance Identity Protection and Monitoring
For over 5 years now, Microsoft Defender for Identity has consistently proven to be a highly effective tool for detecting and responding to threats, keeping both user identities and our organization’s environment safe and protected.The tool uses machine learning and advanced analytics to identify suspected malicious behavior and anomalies which helps us to know them at an early stage before any serious damage is caused to our network.Also seamlessly integrates wtih other Microsoft Defender tools and security systems which significantly simplifies the whole process of monitoring and protection. - Forensic Analyst<50M USDIT ServicesReview Source
MS Defender Operates Quietly in Background While Alerting to Potential Threats
My experience with MS Defender was smooth and seamless. I see it running in the background most of the time and I infrequently pull it up to see how things are going. Also when there are scans, I always know what's going on and if I have any threats to deal with.