We performed a comparison between Microsoft Defender for Identity and Microsoft Defender for Office 365 based on real PeerSpot user reviews.
Find out in this report how the two Advanced Threat Protection (ATP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."All the integration it has with different Microsoft packages, like Teams and Office, is good."
"Defender for Identity has not affected the end-user experience."
"This solution has advanced a lot over the last few years."
"The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud."
"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."
"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."
"Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence."
"The feature I like the most about Defender for Identity is the entity tags. They give you the ability to identify sensitive accounts, devices, and groups. You also have honeytoken entities, which are devices that are identified as "bait" for fraudulent actors."
"Does a thorough job of examining email and URLs for malicious content."
"Defender helps us prioritize threats across our organization."
"The product is not resource-intensive."
"Threat Explorer is an invaluable tool for me, and it plays a crucial role in helping me discern the origins of various email campaigns, pinpointing where they emanate from, and identifying the individuals within our organization who are affected."
"The most valuable feature is the integration. It's a single console, so we don't have to switch around between multiple products. Another valuable feature is the ease of operations and maintenance."
"Threat Explorer is one of the features that I very much like because it is a real-time report that allows you to identify, analyze, and trace security attacks."
"The email protection is excellent, especially in terms of anti-phishing policies."
"The good part is that you don't have to configure it, which is very convenient."
"I would like to be able to do remediation from the platform because it is just a scanner right now. If you onboard a device, it shows you what is happening, but you can't use it to fix things. You need to go into the system to fix it instead."
"The technical support needs significant improvement. Documentation for more minor issues in the form of guides or walkthroughs could help to resolve this issue. The number of tickets raised would decrease, removing some pressure from the support team and making it easier to clear the remaining tickets."
"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."
"And when you are working in a priority IP address, Identity is not able to know that those IPs are from the company. It sees that the IPs are from Taiwan or from Hong Kong or from India, even though they are internal IPs, resulting in a lot of false positives."
"We observe a lot of false positives. Sometimes, when we go for a coffee break, we lock our screens. Locking the screen has a separate Windows event ID and sometimes I see it is detected as a failed login."
"The tracking instance needs to be configured appropriately."
"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."
"Microsoft should look at what competing vendors like CrowdStrike and Broadcom are doing and incorporate those features into Sentinel and Defender. At the same time, I think the intelligence inside the product is improving fast. They should incorporate more zero-trust and hybrid trust approaches. They need to build up threat intelligence based on threats and methods used in attacks on other companies."
"Microsoft Defender for Office 365 should be more proactive."
"The only thing they should improve is the licensing model. They should stop changing it. A year ago, the five features I mentioned were included in one product. Now, three of them are bundled into one product, and you have to pay extra for the other two. I don't mind paying extra, but I don't want them to change it every year or every six months. I need to know what I'm looking at and not worry about it next year."
"The XDR dashboard has room for improvement."
"They can improve their security in a way where a customer can know if all their attachments are safe or not to open through a report. The solution does its job perfectly, but it never reports to the customer whether those attachments have been stopped before or not."
"In some situations, it has not been able to pick impersonated emails having no attachments. Technical support definitely has a scope for improvement."
"Microsoft sometimes has downtime, and we'll get several incidents coming in back to back. We have a huge backlog of notifications, many of which may be false positives. However, there might be serious alerts, so we can't risk dismissing all of them at once."
"The company should focus on adding threats that the solution is currently unable to detect."
"The certification training for Defender for 365 needs to be deeper and incorporate Sentinel. I took all the security courses except one, and Sentinel isn't included."
More Microsoft Defender for Identity Pricing and Cost Advice →
More Microsoft Defender for Office 365 Pricing and Cost Advice →
Microsoft Defender for Identity is ranked 6th in Advanced Threat Protection (ATP) with 13 reviews while Microsoft Defender for Office 365 is ranked 1st in Advanced Threat Protection (ATP) with 41 reviews. Microsoft Defender for Identity is rated 9.0, while Microsoft Defender for Office 365 is rated 8.4. The top reviewer of Microsoft Defender for Identity writes "Offers robust protection from insider threats, but the customer support is poor". On the other hand, the top reviewer of Microsoft Defender for Office 365 writes "Allows for easy reporting of problems, valuable anti-phishing, and anti-malware support". Microsoft Defender for Identity is most compared with Microsoft Entra ID Protection, Microsoft Entra Verified ID, Splunk User Behavior Analytics, Microsoft Defender for Endpoint and Rapid7 InsightIDR, whereas Microsoft Defender for Office 365 is most compared with Proofpoint Email Protection, Mimecast Email Security, Microsoft Exchange Online Protection (EOP), Cisco Secure Email and Avanan. See our Microsoft Defender for Identity vs. Microsoft Defender for Office 365 report.
See our list of best Advanced Threat Protection (ATP) vendors and best Microsoft Security Suite vendors.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
