Microsoft Defender for Identity

Score7.7 out of 10

11 Reviews and Ratings

What is Microsoft Defender for Identity?

Microsoft Defender for Identity (formerly Azure Advanced Threat Protection, also known as Azure ATP) is a cloud-based security solution that leverages on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at the organization.

Categories & Use Cases

Arjan Stijntjes View profile

Security Consultant in Information Technology at Nedscaper (51-200 employees employees)

Use Cases and Deployment Scope

Microsoft Defender for Identity is being used to complete the view of the threats in the XDR suite. We see often a broad scope of incidents and alerts, Microsoft Defender for Identity helps us to see the lateral movements and escalations to get a clear view of what is happening in the infrastructure after a possible breach

Pros

detect threats and suspicious activities
pro-active measurements on possible breaches
identity security posture

Cons

setup can be complicated, with AD complexity
Sometimes the load on DCs is pretty high, leading to performance issues
Better tuning options for preventing false-positive/bening alerts

Return on Investment

Cost impact was pretty high
Learning curve, needed time (money) for training
Greatly improved detections and gives more insights

Alternatives Considered

Vectra Protect

Other Software Used

Microsoft Defender External Attack Surface Management, Microsoft Defender for Cloud, Microsoft Defender Threat Intelligence

IBM Security QRadar SIEM

Rapid7 InsightIDR

Splunk User Behavior Analytics