We performed a comparison between Microsoft Defender for Identity and Microsoft Defender Threat Intelligence based on real PeerSpot user reviews.
Find out in this report how the two Advanced Threat Protection (ATP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The feature I like most is that you can create your own customized detection rules. It has a lot of default alerts and rules, but you can customize them according to your business needs."
"This solution has advanced a lot over the last few years."
"The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident."
"All the integration it has with different Microsoft packages, like Teams and Office, is good."
"Defender for Identity has not affected the end-user experience."
"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."
"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."
"It is easy to set up. Based on the number of devices you would like to set up, you can use scripts, Group Policy, etc. It takes five minutes to set up."
"The product’s most valuable feature is the ability to provide threat detection and protection simultaneously."
"You can use it to monitor third parties and ensure they are not under threat attacks. It is beneficial in the GRC model."
"The tool is managed from the cloud, because of which the maintenance is very low."
"It just runs in the background. I don't have to worry about, making sure it's Intelligence. So, you know, this kind of makes it very easy, have to worry about installing. It is easy to use."
"The product's anti-spam and malware-scanning features are useful. We scan email attachments, documents, and malicious codes."
"The technical support services are excellent."
"I value how Threat Intelligence integrates with the different platforms in Microsoft."
"The most valuable aspects are its integration capabilities with other Microsoft products like Intune, Office 365, and Azure cloud applications."
"Microsoft should look at what competing vendors like CrowdStrike and Broadcom are doing and incorporate those features into Sentinel and Defender. At the same time, I think the intelligence inside the product is improving fast. They should incorporate more zero-trust and hybrid trust approaches. They need to build up threat intelligence based on threats and methods used in attacks on other companies."
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."
"The technical support needs significant improvement. Documentation for more minor issues in the form of guides or walkthroughs could help to resolve this issue. The number of tickets raised would decrease, removing some pressure from the support team and making it easier to clear the remaining tickets."
"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."
"And when you are working in a priority IP address, Identity is not able to know that those IPs are from the company. It sees that the IPs are from Taiwan or from Hong Kong or from India, even though they are internal IPs, resulting in a lot of false positives."
"When the data leaves the cloud, there are security issues."
"The tracking instance needs to be configured appropriately."
"The solution could be better at using group-managed access and they could replace it with broad-based access controls."
"The price point is something they can improve slightly for those who don't have an M 365 E5."
"The price of the solution is an area of concern where improvements are required. In general, the solution's price needs to be reduced."
"It would be beneficial to enhance the pricing structure and make it more affordable."
"I would like to see more integration with other solutions. For example, integration well with Microsoft but not with other solutions."
"There could be AI functionality included for features like reporting and dashboard preparation."
"The software is expensive."
"One area where Microsoft Defender could be improved is in its support for non-Microsoft products, particularly for systems running Linux or other open-source platforms across ecosystems."
"Having up-to-date documentation and real-time reflections in all portals would be beneficial to keep users informed about any changes. Additionally, the frequent changes in Microsoft's UI and the movement of features between different products in the set pose difficulties."
More Microsoft Defender for Identity Pricing and Cost Advice →
More Microsoft Defender Threat Intelligence Pricing and Cost Advice →
Microsoft Defender for Identity is ranked 6th in Advanced Threat Protection (ATP) with 13 reviews while Microsoft Defender Threat Intelligence is ranked 14th in Advanced Threat Protection (ATP) with 27 reviews. Microsoft Defender for Identity is rated 9.0, while Microsoft Defender Threat Intelligence is rated 8.4. The top reviewer of Microsoft Defender for Identity writes "Offers robust protection from insider threats, but the customer support is poor". On the other hand, the top reviewer of Microsoft Defender Threat Intelligence writes "A tool that offers endpoint protection with low maintenance costs". Microsoft Defender for Identity is most compared with Microsoft Entra ID Protection, Microsoft Defender for Office 365, Microsoft Entra Verified ID, Splunk User Behavior Analytics and Microsoft Defender for Endpoint, whereas Microsoft Defender Threat Intelligence is most compared with Microsoft Sentinel, STAXX, Cisco Threat Grid, VirusTotal and ThreatConnect Threat Intelligence Platform (TIP). See our Microsoft Defender Threat Intelligence vs. Microsoft Defender for Identity report.
See our list of best Advanced Threat Protection (ATP) vendors and best Microsoft Security Suite vendors.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.