We use Microsoft Defender for Identity to prevent user account-level attacks such as lateral move attacks and pass-the-hash attacks on our on-premises servers. We leverage its features to mitigate identity-related threats and monitor activities on Active Directory Domain Services and other servers.
Cloud Security Engineer at a non-tech company with 10,001+ employees
Real User
Top 5
2023-12-21T07:14:00Z
Dec 21, 2023
Microsoft Defender for Identity is like a personal security guard for our organization's identity. It keeps a close eye on how we use our identities across both on-premises and Azure Active Directory. If there is anything suspicious or unusual happening with our user accounts, it raises the alarm. It is a vital tool for ensuring the safety of our identity in a hybrid setup.
We mainly use the solution to ensure our security and to increase our security score. We want to understand the threats or attacks to help prevent them.
Learn what your peers think about Microsoft Defender for Identity. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
Defender for Identity provides intelligent authentication through conditional access policies and monitors user behavior. Defender looks at things like password changes and application use.
Our primary use for the solution is for user and entity behavior analytics. We use multiple Microsoft security products including Defender for Endpoint and Defender for Cloud. We use Defender for Cloud for our Azure VMs, but not for the multi-cloud environment, and we don't make use of its bi-directional sync capabilities. We have integrated these products, and the integration was straightforward. These solutions work natively together to deliver coordinated detection and response across our environment, which is not the case for non-Microsoft tools. These multiple Microsoft security products provide comprehensive threat protection.
I work for a university, and we use Defender for Identity for students, faculty members, researchers, etc. It's around 4,000 end-users. We have a completely Azure-based environment, and all of our users have migrated to the cloud. While we still have some on-premise users, we have synced our user base to the Azure Active Directory in the cloud. We require identity protection because most cybersecurity cases today involve identity harvesting. Microsoft Defender for Identity proved to be the best solution for providing support for malicious identity-related issues. Our entire cloud setup is protected.
The solution provides alerts when malicious actors are active and that's something most companies are missing. Quite often, malicious actors do reconnaissance for weeks, months, and on their checkout. They get a sense of the whole environment before they execute a ransomware attack. This sensor will alert users if something like that happens and it gives you time to mitigate the issues or block the attacker.
Cyber Security BA/BSA at a insurance company with 10,001+ employees
Real User
2021-03-13T00:30:29Z
Mar 13, 2021
We are looking at this solution as a trusted tenant for our network. This way, all of the data that goes through is trusted and the communication between our on-prem system and the Azure Cloud remains protected. Our only concern is when the data leaves the Azure Cloud and goes to another third-party tenant. Azure is our trusted tenant — we trust it. We're just concerned about the data when it leaves Azure and goes to another third-party tenant. For example, if you have a SaaS solution, like Salesforce, sometimes they send data to customers. In order to do this, the data has to leave the trusted cloud tenant.
Microsoft Defender for Identity integrates with Microsoft tools to monitor user activity, providing advanced threat detection and analysis using AI. It enhances proactive threat response and security visibility, making it essential for securing on-premises and cloud environments like Active Directory.Microsoft Defender for Identity offers comprehensive monitoring and AI-driven user behavior analysis. It detects threats through real-time alerts and identifies lateral movements and entity...
I am actively working with Microsoft Defender for Identity for tasks involving SQL identity endpoint management and have used it since 2019.
We use Microsoft Defender for Identity to prevent user account-level attacks such as lateral move attacks and pass-the-hash attacks on our on-premises servers. We leverage its features to mitigate identity-related threats and monitor activities on Active Directory Domain Services and other servers.
The solution is primarily used for detecting user anomalies, sign-in anomalies, user behavior analytics, and identifying business compromises.
We use the solution for PIM management, access detection, and synchronization with Intra.
Microsoft Defender for Identity is like a personal security guard for our organization's identity. It keeps a close eye on how we use our identities across both on-premises and Azure Active Directory. If there is anything suspicious or unusual happening with our user accounts, it raises the alarm. It is a vital tool for ensuring the safety of our identity in a hybrid setup.
We mainly use the solution to ensure our security and to increase our security score. We want to understand the threats or attacks to help prevent them.
Defender for Identity provides intelligent authentication through conditional access policies and monitors user behavior. Defender looks at things like password changes and application use.
Our primary use for the solution is for user and entity behavior analytics. We use multiple Microsoft security products including Defender for Endpoint and Defender for Cloud. We use Defender for Cloud for our Azure VMs, but not for the multi-cloud environment, and we don't make use of its bi-directional sync capabilities. We have integrated these products, and the integration was straightforward. These solutions work natively together to deliver coordinated detection and response across our environment, which is not the case for non-Microsoft tools. These multiple Microsoft security products provide comprehensive threat protection.
I work for a university, and we use Defender for Identity for students, faculty members, researchers, etc. It's around 4,000 end-users. We have a completely Azure-based environment, and all of our users have migrated to the cloud. While we still have some on-premise users, we have synced our user base to the Azure Active Directory in the cloud. We require identity protection because most cybersecurity cases today involve identity harvesting. Microsoft Defender for Identity proved to be the best solution for providing support for malicious identity-related issues. Our entire cloud setup is protected.
The solution provides alerts when malicious actors are active and that's something most companies are missing. Quite often, malicious actors do reconnaissance for weeks, months, and on their checkout. They get a sense of the whole environment before they execute a ransomware attack. This sensor will alert users if something like that happens and it gives you time to mitigate the issues or block the attacker.
We are looking at this solution as a trusted tenant for our network. This way, all of the data that goes through is trusted and the communication between our on-prem system and the Azure Cloud remains protected. Our only concern is when the data leaves the Azure Cloud and goes to another third-party tenant. Azure is our trusted tenant — we trust it. We're just concerned about the data when it leaves Azure and goes to another third-party tenant. For example, if you have a SaaS solution, like Salesforce, sometimes they send data to customers. In order to do this, the data has to leave the trusted cloud tenant.