What advice do you have for others considering Microsoft Defender for Identity?

I'd rate the solution ten out of ten.

The solution uses machine learning to detect if a user has never used a certain service provider or public IP address. The tool picks that up as an anomaly. Then, the user gets flagged that it's a potentially risky sign-in. You get alerted about that, and then you need to investigate. From a business perspective and brand image, the solution helps quite a lot by responding to incidents quickly. The solution’s alerting is fairly efficient. The solution has built-in automation that can automatically disrupt attacks and block or disable accounts. The solution's cost savings are probably hard to gauge as we haven't used another product in the past. The solution integrates seamlessly with the other Microsoft tools we have. Microsoft Copilot for Security is an additional product that Microsoft has released for enhanced AI capabilities over the Microsoft Defender stack. It comes with additional licensing. I would recommend the solution to other users. Overall, I rate the solution an eight out of ten.

Microsoft Defender consolidates various functionalities on a single dashboard, including incidents, alerts, Advanced Hunting, and PC onboarding details. This integration is very helpful, allowing us to view all relevant information in one place. Previously, managing these tasks required navigating multiple pages, which was less efficient. The current setup streamlines the workflow and makes it easier to work with the platform. It’s a good product. I appreciate having all the necessary services for my company in one place. Defender provides various security services, including Identity services, which is very valuable. Overall, I rate the solution an eight out of ten.

I recommend the solution. Overall, I rate the solution an eight out of ten.

Microsoft Defender for Identity helps us prioritize threats effectively, especially concerning lateral movements within our network. In the context of hybrid identity, where we synchronize users from the local Active Directory to the cloud, the solution prevents unauthorized lateral movements by detecting and addressing breaches. It is particularly crucial in safeguarding our on-premises environment, ensuring that any suspicious activities or attempts to move laterally are promptly identified and mitigated. I have integrated multiple Microsoft security products, and the recent move to the Microsoft Defender portal has made it much more seamless. Formerly, each product had its portal, but now I can view everything in one place. This integration, including products like Microsoft Defender for Identity, cloud apps, and endpoints, provides a more comprehensive and efficient approach to security monitoring. To ensure a watertight security posture, integrating all these solutions is crucial for a holistic and superior defense against threats. Microsoft Defender for Identity is designed to automate responses and remediation for high-security threats. The system can be configured based on organizational policies. Some choose automatic responses, while others prefer manual intervention for investigation and approval before remediation. It is flexible and adaptable to different security postures and business requirements. Using Microsoft Defender for Identity has not only helped in detecting threats but also in preventing them proactively. The system is designed to not just respond but to actively block known and unknown threats. When encountering a new threat, it takes note of it and stores the information in the Threat Intelligence Workspace, ensuring continuous updates and preparedness for evolving threat landscapes. Microsoft Defender for Identity has eliminated the need to juggle multiple dashboards. The unified Microsoft Defender portal consolidates all dashboards for endpoints, Office 365, and cloud apps into one place, simplifying and streamlining monitoring efforts. Using Microsoft Defender for Identity not only saves our company money but also safeguards our reputation and valuable data. It is a significant cost-saving measure in the broader context of security and risk management. Microsoft Defender for Identity has decreased the time to detect and increased the time to respond, contributing to a more efficient and responsive security posture. Overall, I would rate Microsoft Defender for Identity a solid ten out of ten. Microsoft has invested significantly in security, and the product continually improves. The commitment to innovation and enhancements makes it an excellent choice for securing identity and maintaining a robust security posture. Microsoft's commitment to security and innovation makes it a compelling choice, even in the context of considering best-of-breed solutions.

I'm a customer. I'd rate the solution nine out of ten. It's covering all of our major vulnerabilities and threats without giving an inch. It's a one-stop solution. It can detect any type of suspicious activity, whether internal or external, and provides historical logs.

I rate Microsoft Defender for Identity nine out of 10. My advice to new users is to learn the product. Microsft has courses you can take. They offer one that covers all their security solutions. It only takes a day and is the best way to learn how to use the product.

I rate the solution seven out of ten. My advice to those considering the product is that it's great. We have yet to test complex scenarios in an open-source environment, but our findings and results have been promising so far. At the same time, the customer support is very poor, and the tool is expensive. Whether Defender for Identity saves us time is still an open question. We need to conduct more testing, especially around complex scenarios, though I believe it will save us time. There was a greater level of complexity involved in the products we previously used. Our team members were less familiar with them, creating a need for education, training, and experience. However, many staff are already familiar with Microsoft and Windows, so for those people to work with Defender is a much simpler proposition. We have yet to onboard services such as Salesforce running in different clouds, primarily GCP and AWS. When we onboard them into Defender for Cloud and Defender for Identity, we may discover some vulnerabilities or weaknesses there, but as of now, that is unclear. We intend to run tests and find any weaknesses if they are there. We currently don't use the solution's automation.

I rate Defender for Identity nine out of 10. I would give it a perfect 10, except for the inability to remedy issues directly from the console. Defender for Identity is a popular product because most endpoint users already use Defender, so they will be familiar. When dealing with single sign-on, an identity-based cloud solution is essential for all enterprises because most security concerns are related to identity. It's easy for hackers to hack into servers with compromised identities. We need a legacy enterprise product like Microsoft Defender or a close competitor like Kaspersky. If user identities are compromised, your entire infrastructure will be in danger. Even if the cost is high, you need an enterprise product like Microsoft Defender for Identity. It's challenging to integrate solutions from multiple vendors. If we used several vendors, we would need to spend a lot of time checking to ensure they integrate correctly. We must also establish an adequate surveillance solution to monitor these different products. It's a headache for the system admins. System administrators have fewer security concerns with an all-Microsoft setup because the elements work in sync. It's easy to monitor the data from any instance, so the data is more secure and accessible.

I'm an integrator and consultant. With the current versions I'm working on, I clarified today that it was up to date. Whatever the latest version is, is the one I am working on. I don't keep track of the version numbers. It's a cloud-based solution. No on-premise components are required. I'd rate the solution at a nine out of ten. I'd advise new users to check their firewalls and make sure they whitelist them, alongside the appropriate URLs. Make sure to enlist a tool to measure if the center can run on your domain controller as well. Any company should have this tool or a similar tool to it. It's very important to understand if there is a malicious actor in the environment. You can't live without this tool like this in this day and age.

Microsoft is a big company. They have put a lot of effort into their cloud solutions. They're the way of the future. They have done a lot to catch up with what Amazon did. This solution has advanced a lot over the last few years. It integrates very well with Office 365. For this reason, I think it's the way of the future. Overall, on a scale from one to ten, I would give this solution a rating of eight.