Microsoft Defender for Identity is a comprehensive security solution that helps organizations protect their identities and detect potential threats. It leverages advanced analytics and machine learning to provide real-time visibility into user activities, enabling proactive identification of suspicious behavior.
The most valuable features of Microsoft Defender for Identity are its connection to other Microsoft security solutions such as Microsoft Sentinel, Defender for Endpoint, and Defender for Cloud Apps. This integration allows for real-time alerts and provides detailed information about incidents, user activity, and malicious events.
The ability to run KQL queries within Sentinel and access details from Defender for Identity and other solutions is also highly appreciated. Users find the entity tagging feature useful for identifying sensitive accounts and devices, as well as for detecting and monitoring potential threats.
The solution offers excellent visibility into threats and helps prioritize them across the enterprise.
It also provides security monitoring, detects suspicious user activities, and securely stores credentials to reduce the risk of compromise. The comprehensive dashboard and alert mechanism are praised for providing a clear overview and enabling efficient identification and response to security breaches.
The solution's ability to sync data bidirectionally and its integration with other Microsoft security features are highly valued.
One common issue is the high number of false positives, which can lead to wasted time and resources.
The threat intelligence and user data sometimes lack completeness, requiring users to cross-reference multiple solutions for a comprehensive understanding of an alert.
The administrative interface is considered basic compared to other centers and could be made more user-friendly.
Logs in Azure Identity are not always clear, and there is a problem with identifying internal IPs correctly, resulting in false positives.
The solution could benefit from a clearer roadmap for upcoming features and improvements, as well as better technical support. Users also express a desire for the ability to remediate issues directly from the console, as well as better alignment between Azure ID and the on-premise experience.
The solution could improve its use of group-managed access and broad-based access controls.
Defender for Identity has provided several benefits according to the reviews. It has helped in meeting client needs effectively and has proven to be a valuable solution. It offers protection against breaches and has successfully prevented any security incidents. The solution has reduced the time spent on management tasks, making it cost-effective compared to alternative options.
The pricing for Microsoft Defender for Identity varies. Some users find it affordable compared to other SIEM solutions, while others consider it expensive. The cost can be higher for those with E3 licenses and an add-on, and it is a better deal for those with E5 licenses. However, the price difference between E3 and E5 is significant. Some users mention that Defender for Identity is a little more expensive than other Microsoft products.
There are no additional costs to standard licensing, and users can deploy an infinite amount of directory sensors. It integrates directly into the security portal from Microsoft.
The primary use case of Microsoft Defender for Identity is to secure identity on on-premises Active Directory. It is also used for monitoring Active Directory activity and providing alerts for suspicious activity.
The product can be used for user and entity behavior analytics and endpoint detection and response. It integrates with other solutions and provides alerts for malicious actors, giving users time to mitigate issues or block attackers. It is utilized by organizations such as banks, universities, and various other types of companies for comprehensive threat protection and identity protection in cloud environments.
Customers have generally found the customer service and support of Microsoft Defender for Identity to be satisfactory. Some have experienced quick resolution of issues, while others have had a slight delay in response. There are mixed opinions about the technical ability of the support team, with some rating it highly and others considering it inferior. Contacting the right support group can sometimes be a challenge, however,t once connected, the support is described as excellent.
The initial setup for Microsoft Defender for Identity appears to be straightforward and relatively easy to deploy. It involves installing the sensor on the virtual machine running Active Directory. No maintenance is required on the user's side as everything is managed by the vendor.
The complexity of the setup depends on the scenario. It typically takes 45 minutes to an hour. However, if there are issues, it can take longer.
The benefits of the solution may take six to eight months to realize, as data needs to be recorded and captured.
The setup process involves ensuring that on-premise and cloud data are synced and secured. The initial setup can be completed in a matter of minutes to hours, depending on the impact on the main controllers. Communication between the domain controller and Microsoft Cloud can be challenging due to firewalls. Whitelisting URLs and checking domain controller capabilities are necessary.
Microsoft Defender for Identity is highly scalable, as it has been successfully deployed across various environments ranging from small to large. The solution has been used across both the company and client base, accommodating a significant number of endpoints.
It has been installed on multiple servers within enterprises without any issues, and the dashboard provides real-time information on the status of the Defender for Identity sensor.
The scalability of the solution is evident in organizations with a substantial number of users and endpoints. The solution is flexible enough to accommodate future growth. Additionally, the solution has been successfully deployed in various regions, demonstrating its scalability on a global scale.
Users have provided positive feedback regarding the stability of Microsoft Defender for Identity. They mention that there is minimal to no downtime or crashes, indicating a good level of stability. Some mention that the solution is extremely stable and they do not experience any bugs due to Microsoft's thorough system for checking everything. Others note the stability has been improved significantly and occasional restarts have been resolved by adjusting performance and ensuring sufficient CPU and memory. Although there are rare incidents that can affect any platform in different regions, overall, the solution appears to be stable.
With its powerful detection capabilities, it can identify various types of attacks, including brute force, pass-the-hash, and golden ticket attacks. The solution also offers rich reporting and alerting capabilities, allowing security teams to quickly respond to incidents and mitigate risks. By continuously monitoring user activities and providing actionable insights, Microsoft Defender for Identity helps organizations strengthen their security posture and safeguard their sensitive data.
Microsoft Defender for Identity was previously known as Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity.
Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.