Honest question, what's the biggest difference between #DefenderForIdentity and regular #Defender (security.microsoft.com)? So far the only thing I've actually found different is #DFI has the User Access Control listed, and generates some reports. Am I missing something?