Microsoft Defender for Identity Reviews

I work for a university, and we use Defender for Identity for students, faculty members, researchers, etc. It's around 4,000 end-users. We have a completely Azure-based environment, and all of our users have migrated to the cloud. While we still have some on-premise users, we have synced our user base to the Azure Active Directory in the cloud. 

We require identity protection because most cybersecurity cases today involve identity harvesting. Microsoft Defender for Identity proved to be the best solution for providing support for malicious identity-related issues. Our entire cloud setup is protected. 

Our enterprise usage entirely depends on identity-based users. Any identity issue or attack could lead to massive data leakage in our environment. Defender for Identity is easy to use and provides precise details on the timeline to facilitate quick transfers.

Microsoft creates a database of critical vulnerabilities that they are constantly updating. Whether it's an old-fashioned or novel attack, it promptly notifies us. It may take some time to identify if it is a brand-new threat. Once it is located, it will tell us what the issue is.

We need to analyze the security features monthly and validate them. Microsoft Defender provides the correct solution for this. It will give you the proper security progressions that happen in Microsoft. We can define levels of security and prioritize security concerns, so we take action on the high-priority problems first. Regarding password resets, etc., there are less-complicated issues that don't pose a risk of data leakage, so we assign a lower priority.

It helps us be proactive because it will notify us about the preventive measures we can take. Once it flags a vulnerability, we can investigate the root cause. So that way, we can mitigate the most critical threats with this set of notifications from Defender.

Defender for Identity has affected our on-premise security because we need less identity management. Everything can be handled on the cloud. We require fewer devices for identity management, so it has reduced our hardware shortage.

It has saved us time by providing prompt notifications. We don't need to spend more time on SIEM solutions. Usually, we would require SIEM solutions or advanced log-based analysis solutions to find all the identity compromises or any identity-hijacking issues. We needed a designated person to check all these aspects with advanced threat-detection programs. We can eliminate all these challenges with the help of Microsoft Defender for Identity. It has cut the time spent on these tasks by 50 percent. 

Defender has also saved us money because we don't require traditional identity-based solutions in the firewall. We needed different identity-based solutions for the cloud, virtual machines, etc. Microsoft has this legacy proprietary feature, so we don't need other solutions. It has considerably reduced our budget by around 30 percent. It has sped up our detection and response time by about 10 percent. 

Our primary use for the solution is for user and entity behavior analytics. 

We use multiple Microsoft security products including Defender for Endpoint and Defender for Cloud.  

We use Defender for Cloud for our Azure VMs, but not for the multi-cloud environment, and we don't make use of its bi-directional sync capabilities.

We have integrated these products, and the integration was straightforward. 

These solutions work natively together to deliver coordinated detection and response across our environment, which is not the case for non-Microsoft tools. 

These multiple Microsoft security products provide comprehensive threat protection. 

Defender for Identity improved our organization; a major part of that is threat analytics. The user entity and behavior analytics, in particular, helps us a lot right now, as compromised user scenarios, such as phishing emails, are significant threats.

The solution reduced our time to detection and response. 

The use cases are for dealing with situations where a user signs on with MFA from unusual locations or malicious files are detected.

The way it has improved our organization is that we're able to get the information across and easily pull it all together in one place, to help us be secure.

It is very good to have all the threat locations that the threat actors are coming from on one dashboard. That has enabled us to run a lot more efficiently. We're able to put more time into taking action on alerts instead of setting up dashboards and having to find the relevant information.

Our Microsoft solution has saved us time because we have been able to field the alerts and see what level of urgency they have, with all the information in one spot. It has made it a lot easier to find relevant alerts and threats and take action. It has decreased our time to respond, allowing us to provide a five- to 10-minute response time for most alerts.

And with the playbooks, were able to find additional alerts, like unfamiliar sign-ons, and automate the closing of sign-ons from certain locations so that we don't get a full feed of useless data.

Microsoft Defender for Identity is like a personal security guard for our organization's identity. It keeps a close eye on how we use our identities across both on-premises and Azure Active Directory. If there is anything suspicious or unusual happening with our user accounts, it raises the alarm. It is a vital tool for ensuring the safety of our identity in a hybrid setup.

Using Microsoft Defender for Identity has saved our organization a significant amount of time. I would estimate it to be around 80%, making monitoring and security management much more efficient.

The primary use case for Microsoft Defender for Identity is to maintain control and privilege inside our organization and revoke rights when they are not needed. The solution is used to keep our organization relatively safe and is utilized extensively across its features available in E3 and E5.

The most valuable features of Microsoft Defender for Identity include its automatic remedies, possibilities for avoiding incidents, the privilege manager, and the generation of logs that facilitate a safer environment. It provides real issues directly to us without fake alerts. The visibility into threats is very good, especially with add-ons like Sentinel.

I am actively working with Microsoft Defender for Identity for tasks involving SQL identity endpoint management and have used it since 2019.

Microsoft Defender for Identity enhances the capability to detect threats effectively and provides comprehensive security by integrating its artificial intelligence algorithms. It acts like a security watchguard with a high level of threat detection parallel to a predator drone.

We mainly use the solution to ensure our security and to increase our security score. We want to understand the threats or attacks to help prevent them. 

The product has given our security posture a very big score. It is very easy to integrate with other applications, other packages, and what we have. It helps to measure and block events.