We performed a comparison between CrowdStrike Falcon and Microsoft Defender for Identity based on real PeerSpot user reviews.
Find out in this report how the two Identity Threat Detection and Response (ITDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Its integration capability is valuable. It integrates easily with any OS."
"CrowdStrike Falcon's most valuable feature is the fact that it's not getting in the way of our workforce and their workflow."
"Enables us to understand what processes are running on the system, what registry keys have been enabled."
"Their endpoint is pretty flawless. There is no lag on the machines at all. Even though I have a good overview of all the machines, that's pretty much the most valuable feature of CrowdStrike Falcon."
"The Protect functionality on the laptops provides great visibility into what's occurring, and the cloud management of the platform is what we needed."
"The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment."
"The most useful feature is that we do not need to install or keep signature files. Regular scanning that consumes a lot of computer resources is not needed."
"I like Falcon's threat detection and endpoint investigation features. It's a user-friendly solution."
"It is easy to set up. Based on the number of devices you would like to set up, you can use scripts, Group Policy, etc. It takes five minutes to set up."
"The solution offers excellent visibility into threats."
"The feature I like most is that you can create your own customized detection rules. It has a lot of default alerts and rules, but you can customize them according to your business needs."
"Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence."
"It automates routine testing and helps automate the finding of high-value alerts."
"The feature I like the most about Defender for Identity is the entity tags. They give you the ability to identify sensitive accounts, devices, and groups. You also have honeytoken entities, which are devices that are identified as "bait" for fraudulent actors."
"Defender for Identity has not affected the end-user experience."
"The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident."
"They don't really have anything when it comes to scanning attachments."
"Too many false positives."
"CrowdStrike needs to quit making up stuff about its features and functionality to bash its competition."
"They respond quickly on the weekdays, but the weekend response times are slower."
"The malware analysis could be improved, as that's what we use the solution for the most and that change would make it a better EDR tool."
"A year and a half ago or more, if you put in a support request by email, then it wasn't timely addressed. It could be a day to three days before you received a response, which was a bit frustrating. There was a lot of customer feedback around this issue, which has been greatly refined."
"They should provide us with good visibility for everything."
"The biggest issue with Falcon as a standalone product is it doesn't have very much reporting."
"I would like to be able to do remediation from the platform because it is just a scanner right now. If you onboard a device, it shows you what is happening, but you can't use it to fix things. You need to go into the system to fix it instead."
"And when you are working in a priority IP address, Identity is not able to know that those IPs are from the company. It sees that the IPs are from Taiwan or from Hong Kong or from India, even though they are internal IPs, resulting in a lot of false positives."
"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."
"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."
"When the data leaves the cloud, there are security issues."
"We observe a lot of false positives. Sometimes, when we go for a coffee break, we lock our screens. Locking the screen has a separate Windows event ID and sometimes I see it is detected as a failed login."
"The tracking instance needs to be configured appropriately."
"The solution could be better at using group-managed access and they could replace it with broad-based access controls."
More Microsoft Defender for Identity Pricing and Cost Advice →
CrowdStrike Falcon is ranked 3rd in Identity Threat Detection and Response (ITDR) with 107 reviews while Microsoft Defender for Identity is ranked 1st in Identity Threat Detection and Response (ITDR) with 13 reviews. CrowdStrike Falcon is rated 8.8, while Microsoft Defender for Identity is rated 9.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Microsoft Defender for Identity writes "Offers robust protection from insider threats, but the customer support is poor". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and Trend Vision One, whereas Microsoft Defender for Identity is most compared with Microsoft Entra ID Protection, Microsoft Defender for Office 365, Microsoft Entra Verified ID, Splunk User Behavior Analytics and Microsoft Defender for Endpoint. See our CrowdStrike Falcon vs. Microsoft Defender for Identity report.
See our list of best Identity Threat Detection and Response (ITDR) vendors.
We monitor all Identity Threat Detection and Response (ITDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
