CrowdStrike Falcon Identity Protection
Capability scores
Methodology →- Authentication
- 3.5
- SSO & Federation
- 3.0
- Authorization
- 4.0
- Lifecycle & Provisioning
- 2.5
- MFA & Passwordless
- 3.5
- Governance & Audit
- 4.0
- Developer Experience
- 3.0
- Deployment Flexibility
- 3.5
- Pricing Transparency
- 2.5
- Support & Ecosystem
- 4.5
Scored 0–5 against a published rubric. Independent analysis, no vendor sponsorship.
Overview
CrowdStrike Falcon Identity Protection extends the Falcon platform from endpoints into identity, detecting credential-based attacks across Active Directory and Entra ID. It is a module of a broader security platform rather than a standalone product, and benefits from CrowdStrike's threat intelligence and scale.
Capability deep-dive
The advantage is correlation. Because Falcon already sees endpoint and workload activity, identity threats like Pass-the-Hash, Kerberoasting, and lateral movement are analyzed with full context, and the platform can trigger risk-based step-up MFA in real time when behavior looks anomalous. Coverage of hybrid AD and Entra ID is strong, and the unified console plus shared threat intel are clear strengths. The trade-offs: the real value shows up when you run the wider Falcon platform, so standalone adoption is less common, and it emphasizes detection and conditional enforcement over directory hardening and recovery. Onboarding benefits from existing CrowdStrike deployment.
Pricing
Quote-based and not published, sold as a module within Falcon platform bundles. Pricing scales with users and the broader Falcon licensing you carry. Expect enterprise sales engagement and annual commitments.
Bottom line
Strong fit for Falcon customers wanting identity detection unified with endpoint telemetry and real-time MFA enforcement, less compelling as a standalone directory-recovery tool.