We performed a comparison between Microsoft Defender for Identity and SentinelOne Singularity Identity based on real PeerSpot user reviews.
Find out in this report how the two Advanced Threat Protection (ATP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."All the integration it has with different Microsoft packages, like Teams and Office, is good."
"The solution offers excellent visibility into threats."
"Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence."
"It is easy to set up. Based on the number of devices you would like to set up, you can use scripts, Group Policy, etc. It takes five minutes to set up."
"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."
"The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident."
"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."
"Defender for Identity has not affected the end-user experience."
"The biggest value for us is getting a much better picture of what our risks are."
"The incident and threat logs are great."
"The protection provided by SentinelOne Singularity Identity is the most valuable feature."
"All the features within the XDR are valuable as a whole for our organization."
"The threat detection capability is the most valuable feature."
"Behind the scenes, SentinelOne has real people who evaluate problems and mark them as false positives. That's what I find most helpful."
"They have different levels of support. We have the highest level where they are constantly checking all the endpoints. If at any certain point, they identify that a computer has been triggered by a virus, a link, or something else, they would automatically tell us that within 15 seconds. If they notice something, they automatically send us an email saying that they noticed something in the computer, and they are going to block it."
"The most valuable feature of SentinelOne Singularity Identity is its ability to detect based on behavior rather than just static signatures."
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."
"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."
"I would like to be able to do remediation from the platform because it is just a scanner right now. If you onboard a device, it shows you what is happening, but you can't use it to fix things. You need to go into the system to fix it instead."
"The impact of the sensors on the domain controllers can be quite high depending on your loads. I don't know if there's any room for improvement there, but that's one of the things that might be improved."
"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."
"The solution could be better at using group-managed access and they could replace it with broad-based access controls."
"We observe a lot of false positives. Sometimes, when we go for a coffee break, we lock our screens. Locking the screen has a separate Windows event ID and sometimes I see it is detected as a failed login."
"When the data leaves the cloud, there are security issues."
"The first-level support has room for improvement."
"The primary reason for this discontent is that we frequently encounter performance issues with our servers."
"The root cause of automation could be better."
"A lot of those features came from an acquisition of a different company."
"Sometimes I get kicked out of the console. I don't know why."
"Our engineers are dealing with issues to add exclusions to the antivirus for custom applications."
"SentinelOne Singularity Identity could be more user-friendly."
"The solution's query resolution time could be reduced further, and a faster resolution could be provided."
More Microsoft Defender for Identity Pricing and Cost Advice →
More SentinelOne Singularity Identity Pricing and Cost Advice →
Microsoft Defender for Identity is ranked 6th in Advanced Threat Protection (ATP) with 13 reviews while SentinelOne Singularity Identity is ranked 12th in Advanced Threat Protection (ATP) with 14 reviews. Microsoft Defender for Identity is rated 9.0, while SentinelOne Singularity Identity is rated 8.6. The top reviewer of Microsoft Defender for Identity writes "Offers robust protection from insider threats, but the customer support is poor". On the other hand, the top reviewer of SentinelOne Singularity Identity writes "It offers deep and continuous visibility into our attack surface". Microsoft Defender for Identity is most compared with Microsoft Entra ID Protection, Microsoft Defender for Office 365, Microsoft Entra Verified ID, Splunk User Behavior Analytics and Varonis Datalert, whereas SentinelOne Singularity Identity is most compared with Qualys VMDR, Tenable Vulnerability Management, Microsoft Defender for Office 365, SailPoint IdentityIQ and Claroty Platform. See our Microsoft Defender for Identity vs. SentinelOne Singularity Identity report.
See our list of best Advanced Threat Protection (ATP) vendors and best Identity Threat Detection and Response (ITDR) vendors.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.