No more typing reviews! Try our Samantha, our new voice AI agent.

Microsoft Defender for Identity vs Rapid7 InsightIDR comparison

The compared Microsoft and Rapid7 solutions aren't in the same category. Microsoft is ranked #3 in ITDR , with an average rating of 8.7, and holds a 8.9% mindshare in the category. Rapid7 is ranked #25 in SIEM , with an average rating of 7.0, and holds a 2.1% mindshare. Additionally, 100% of Microsoft users are willing to recommend the solution, compared to 96% of Rapid7 users who would recommend it.
Microsoft Defender for Iden...
Read 28 Microsoft Defender for Identity reviews
  • 7,667 Views
  • 3,603 Comparison Views
100% willing to recommend
Rapid7 InsightIDR
Read 32 Rapid7 InsightIDR reviews
  • 10,529 Views
  • 5,370 Comparison Views
96% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Microsoft Defender for Identity and Rapid7 InsightIDR based on real PeerSpot user reviews.

Find out what your peers are saying about CrowdStrike, Microsoft, Huntress and others in Identity Threat Detection and Response (ITDR).

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Identity Threat Detection and Response (ITDR) Report (Updated: May 2026).
Buyer's Guide
Identity Threat Detection and Response (ITDR)
May 2026
Download the complete report
Helped 899,324 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender for Iden...
Average Rating
8.8
Reviews Sentiment
6.8
Number of Reviews
28
Ranking in other categories
Advanced Threat Protection (ATP) (8th), Microsoft Security Suite (5th), Identity Threat Detection and Response (ITDR) (3rd)
Rapid7 InsightIDR
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
32
Ranking in other categories
Security Information and Event Management (SIEM) (25th), User Entity Behavior Analytics (UEBA) (12th), Endpoint Detection and Response (EDR) (47th), Threat Deception Platforms (6th), Extended Detection and Response (XDR) (28th)
 

Mindshare comparison

While both are Network Security Systems solutions, they serve different purposes. Microsoft Defender for Identity is designed for Identity Threat Detection and Response (ITDR) and holds a mindshare of 8.9%, down 17.4% compared to last year.
Rapid7 InsightIDR, on the other hand, focuses on Security Information and Event Management (SIEM), holds 2.1% mindshare, down 2.6% since last year.
Identity Threat Detection and Response (ITDR) Mindshare Distribution
ProductMindshare (%)
Microsoft Defender for Identity8.9%
CrowdStrike Falcon12.2%
Huntress Managed ITDR6.3%
Other72.6%
Identity Threat Detection and Response (ITDR)
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Rapid7 InsightIDR2.1%
Splunk Enterprise Security7.3%
IBM Security QRadar5.3%
Other85.3%
Security Information and Event Management (SIEM)
 

Featured Reviews

Peter Arabomen - PeerSpot reviewer
Peter Arabomen
Security Engineer at Fidelity Bank Plc
Has supported hybrid identity management while integrating well with cloud directory services
The only challenge I have with Microsoft Defender for Identity is the latency. I may not put that entirely on Microsoft, because latency could be network related. At times when trying to authenticate, the prompt is delayed. We tried implementing passwordless authentication, especially for on-premises workloads, but we haven't been able to achieve that. Passwordless authentication is part of the identity functionalities, particularly when it comes to enforcing passwordless for on-premises workloads. In terms of improvements, you can't create OUs on Azure AD. Regarding giving users privileges on what they can do across different OUs, I haven't seen that feature on Microsoft Defender for Identity. Microsoft Defender for Identity needs to be able to plug into third-party applications that are not Microsoft. For instance, with a human resource application used to manage users and leave requests, when staff leaves the organization, they are first exited from that application before AD. Integration between Azure AD and third-party applications would allow automatic syncing when removing staff. The initial setup of Microsoft Defender for Identity is not hard. However, setup is one thing, and getting value from the application end-to-end is another. It can be set up and running from the first day but not functioning optimally. Initially, when we did the setup, it wasn't optimal. Over time, with continuous improvement, which we're still doing, we've gotten to a comfortable level, but there's still room for improvement.
Read full review
SohailHyder - PeerSpot reviewer
SohailHyder
Head Of Cyber Security at Super Secure
Has supported compliance needs for mid-sized organizations but lacks customization and advanced integration
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm. If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled. Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Microsoft Defender for Identity helps me automate routine tasks and find alerts that I set up to receive, so it helps me get where I'm trying to go easier and faster."
"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."
"The most valuable feature is its hybrid artificial intelligence, which gathers forensic data to track and counteract security threats, much like the CSI series in effect."
"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."
"Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence."
"The integration into the Microsoft Defender ecosystem is the most valuable feature of Microsoft Defender for Identity."
"In the security portfolio that we manage, Microsoft Defender for Identity is very important because it is the professional service that we sell the most."
"I think that for a defensive view, it can give most administrators absolutely amazing insight into what's happening in the network that they probably never had before."
More Microsoft Defender for Identity pros
"Log search allows us to dive deep into aggregated logs and query all event types at once.​"
"Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log."
"I like that it's a cloud-based solution."
"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."
"The solution is easy to use, and the interface is intuitive."
"Features for user behavior analytics and the rules for attack review are good."
"The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily."
"The solution is very stable and works very well for what I need it to do."
More Rapid7 InsightIDR pros
 

Cons

"Microsoft Defender for Identity does not save me time, but I think it is the way that I secure the data."
"The tracking instance needs to be configured appropriately."
"And when you are working in a priority IP address, Identity is not able to know that those IPs are from the company. It sees that the IPs are from Taiwan or from Hong Kong or from India, even though they are internal IPs, resulting in a lot of false positives."
"One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform to promptly alert affected users and their friends."
"Microsoft should look at what competing vendors like CrowdStrike and Broadcom are doing and incorporate those features into Sentinel and Defender. At the same time, I think the intelligence inside the product is improving fast. They should incorporate more zero-trust and hybrid trust approaches. They need to build up threat intelligence based on threats and methods used in attacks on other companies."
"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."
"We observe a lot of false positives. Sometimes, when we go for a coffee break, we lock our screens. Locking the screen has a separate Windows event ID and sometimes I see it is detected as a failed login."
"The solution could be better at using group-managed access and they could replace it with broad-based access controls."
More Microsoft Defender for Identity cons
"If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is."
"The searching feature in Rapid7 InsightIDR needs to evolve"
"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
"The integration capabilities of the solution have certain shortcomings where improvements are required."
"Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."
"The dashboard is an area that could be simplified. For management, it should be clear and the files should be there."
"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."
"Inability to get access to compliance reports within the solution."
More Rapid7 InsightIDR cons
 

Pricing and Cost Advice

"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."
"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."
"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."
"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."
"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."
"​Accurately predict your licensing counts as this is a subscription based product.​"
"The pricing and licensing are competitive."
"Rapid7 InsightIDR charges us based on the endpoints we connect to."
"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."
"​I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability.​"
"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."
"The solution has a mid-range price point in the market"
"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."
More Rapid7 InsightIDR pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Identity Threat Detection and Response (ITDR) solutions are best for your needs.
See recommendations
899,324 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Computer Software Company
11%
Manufacturing Company
10%
Comms Service Provider
7%
Manufacturing Company
9%
Financial Services Firm
9%
Computer Software Company
8%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise5
Large Enterprise15
By reviewers
Company SizeCount
Small Business21
Midsize Enterprise5
Large Enterprise6
 

Questions from the Community

What needs improvement with Microsoft Defender for Identity?
I really would have to sit down to think about how Microsoft Defender for Identity can be improved. I didn't take stock in what needs to be improved because I appreciated having the tools right the...
See all answers
What is your primary use case for Microsoft Defender for Identity?
My main use cases for Microsoft Defender for Identity include Conditional Access, checking risky users, remediating risky users, and user sign-ins. I can easily remediate or determine what the user...
See all answers
What advice do you have for others considering Microsoft Defender for Identity?
I don't really use Microsoft Defender for Identity a lot because my new role doesn't allow me to take time to do so. I don't really use the threat intelligence feature of Microsoft Defender for Ide...
See all answers
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
See all answers
What is your experience regarding pricing and costs for Rapid7 InsightIDR?
The product pricing is very cheap.
See all answers
What needs improvement with Rapid7 InsightIDR?
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature...
See all answers
 

Comparisons

CrowdStrike Falcon vs Microsoft Defender for Identity Logo
CrowdStrike Falcon vs Microsoft Defender for Identity
Compared 7% of the time
Microsoft Entra ID Protection vs Microsoft Defender for Identity Logo
Microsoft Entra ID Protection vs Microsoft Defender for Identity
Compared 5% of the time
SentinelOne Singularity Identity vs Microsoft Defender for Identity Logo
SentinelOne Singularity Identity vs Microsoft Defender for Identity
Compared 4% of the time
Microsoft Defender for Office 365 vs Microsoft Defender for Identity Logo
Microsoft Defender for Office 365 vs Microsoft Defender for Identity
Compared 4% of the time
Huntress Managed ITDR vs Microsoft Defender for Identity Logo
Huntress Managed ITDR vs Microsoft Defender for Identity
Compared 4% of the time
More Microsoft Defender for Identity Competitors
Microsoft Sentinel vs Rapid7 InsightIDR Logo
Microsoft Sentinel vs Rapid7 InsightIDR
Compared 4% of the time
Splunk Enterprise Security vs Rapid7 InsightIDR Logo
Splunk Enterprise Security vs Rapid7 InsightIDR
Compared 4% of the time
Vectra AI vs Rapid7 InsightIDR Logo
Vectra AI vs Rapid7 InsightIDR
Compared 3% of the time
Adlumin Security Operations vs Rapid7 InsightIDR Logo
Adlumin Security Operations vs Rapid7 InsightIDR
Compared 3% of the time
IBM Security QRadar vs Rapid7 InsightIDR Logo
IBM Security QRadar vs Rapid7 InsightIDR
Compared 3% of the time
More Rapid7 InsightIDR Competitors
 

Product Reports

Buyer's Guide
Microsoft Defender for Identity
May 2026
Microsoft Defender for Identity reportDownload Microsoft Defender for Identity product report
Buyer's Guide
Rapid7 InsightIDR
May 2026
Rapid7 InsightIDR reportDownload Rapid7 InsightIDR product report
 

Also Known As

Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity
InsightIDR
 

Overview

Microsoft Defender for Identity offers real-time threat detection and protection for hybrid Active Directory environments. It integrates with Microsoft 365 components for seamless security and monitors advanced behaviors, enhancing identity protection across cloud and on-premises environments.

Microsoft Defender for Identity provides detailed threat insights and user behavior analytics to detect unauthorized access and notify anomalies. It allows setting custom detection rules, enhancing threat response automation. While it needs improvements in cloud security, SIEM integration, and access controls, users leverage its ability to mitigate identity threats like suspicious logins and ransomware. Enhanced integration with Microsoft security products ensures a coordinated threat response for identity control and privilege management.

What are the key features of Microsoft Defender for Identity?
  • Active Directory Federation: Seamlessly integrates with Microsoft 365 for comprehensive security.
  • Real-time Security Monitoring: Provides immediate insights into advanced user behaviors and potential threats.
  • Threat Insights: Delivers detailed analysis of threats with the ability to customize detection rules.
  • User Behavior Analytics: Analyzes user activities to detect anomalies and potential risks.
  • Identity Protection: Offers comprehensive protection in both cloud and on-premises environments.
What benefits should users expect from reviews of Microsoft Defender for Identity?
  • Unauthorized Access Prevention: Identifies potential unauthorized activities with advanced detection mechanisms.
  • Anomaly Notification: Alerts users to unexpected activities within their environments.
  • Threat Response Automation: Facilitates rapid response to threats with automated solutions.
  • Enhanced Cloud Security: Strengthens identity management across hybrid and cloud frameworks.

In specific industries, organizations implement Microsoft Defender for Identity to secure on-premises and hybrid Active Directory environments through user and entity behavior analytics, malicious activity detection, and integration with Microsoft security tools. This approach enhances security posture assessment and helps mitigate identity threats like identity harvesting and unauthorized access.

Microsoft

Rapid7 InsightIDR is a cloud-based security information and event management solution known for its user behavior analytics, offering rapid detection and response capabilities while facilitating seamless integration across systems.

Rapid7 InsightIDR is designed to enhance threat detection and investigation through its efficient user behavior analytics and advanced threat intelligence framework. The platform's cloud-based deployment ensures rapid setup and comprehensive event monitoring across diverse IT environments, including endpoints and Office 365. Its intuitive interface supports seamless data collection, honing in on threat detection through honeypot utilization and intelligent alerting. However, it is noted for lacking some customization features and better integration, especially with Microsoft and ITSMs.

What are the key features of Rapid7 InsightIDR?
  • User Behavior Analytics: Detects threats by analyzing patterns and anomalies.
  • Cloud Deployment: Enables quick setup and scalability.
  • Comprehensive Monitoring: Monitors events across systems and platforms like Office 365.
  • Honeypots and Alerting: Utilizes honeypots to reduce false positives and alert fatigue.
  • Threat Intelligence Framework: Supports effective threat hunting and remediation.
What benefits should users consider in reviews when evaluating Rapid7 InsightIDR?
  • Enhanced Detection: Improves threat detection with user behavior analysis.
  • Easy Integration: Integrates across systems for a streamlined security approach.
  • Rapid Response: Facilitates quick action against identified threats.
  • Operational Efficiency: Offers a cohesive view of security operations.

Rapid7 InsightIDR is prominently used in security operation centers to manage events, detect threats, and respond effectively. Industries apply it for network behavior monitoring, compliance, and vulnerability management. Companies integrate it with security tools to boost threat investigation, ensuring full SIEM functionalities and robust log management capacities. Its application spans behavioral and intrusion analytics, aiding in monitoring and addressing malicious activities.

Rapid7
 

Sample Customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.
Liberty Wines, Pioneer Telephone, Visier
Buyer's Guide
Identity Threat Detection and Response (ITDR)
May 2026
Download Free Report
Find out what your peers are saying about CrowdStrike, Microsoft, Huntress and others in Identity Threat Detection and Response (ITDR). Updated: May 2026.
DOWNLOAD NOW
899,324 professionals have used our research since 2012.

We monitor all Identity Threat Detection and Response (ITDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.