This analysis focuses on the experiences of six reviewers in the Professional, Scientific, and Technical Services industry using Microsoft Sentinel's investigation tools. These firms, often handling sensitive client data and intellectual property, prioritize efficient and thorough incident response. The reviews suggest a positive impact on investigation workflows, with a focus on speed and ease of use. While the sample size is small, the consistency in highlighting these benefits suggests they align well with the needs of Professional, Scientific, and Technical Services organizations.

Pros

For Professional, Scientific, and Technical Services firms, a positive business impact often translates to enhanced service offerings and the ability to scale operations efficiently. Sentinel appears to contribute to this by improving threat detection and streamlining security monitoring processes. Four out of five reviewers specifically mentioned a positive impact on their business objectives.
For Professional, Scientific, and Technical Services firms, rapid incident response is crucial to minimize potential data breaches and maintain client trust. Three of the six reviewers specifically noted that Microsoft Sentinel's investigation tools accelerated their processes. This speed improvement directly translates to reduced downtime and quicker resolution of security threats, mitigating potential financial and reputational damage.
For Professional, Scientific, and Technical Services firms, acting as a managed service provider or supporting multiple clients, a centralized SIEM/SOC is crucial. Microsoft Sentinel allows these firms to aggregate and correlate security logs from diverse client environments, providing a unified view for threat detection and incident response. This consolidation streamlines operations and improves efficiency in managing security across multiple clients.
For Professional, Scientific, and Technical Services firms, effective integration is crucial for aggregating security data from diverse systems, including cloud platforms, on-premise infrastructure, and specialized tools. The ability to seamlessly integrate with existing systems minimizes disruption and ensures comprehensive security coverage. Three of the six reviewers specifically praised Sentinel's integration capabilities, suggesting it aligns well with the heterogeneous IT environments common in this sector.
Professional, Scientific, and Technical Services firms often require their security analysts to handle complex investigations with limited resources. Two of the six reviewers indicated that Microsoft Sentinel's tools simplified these investigations. This ease of use is particularly valuable for teams that may not have dedicated forensic specialists, allowing them to quickly identify and address security incidents without extensive manual analysis.

Cons

For Professional, Scientific, and Technical Services firms, seamless integration with existing network infrastructure and diverse data sources is crucial. Many firms rely on specialized software and data streams, so a SIEM's ability to ingest and correlate data from these sources is paramount. The challenges reported by reviewers regarding integration and interface usability could lead to increased operational overhead and delayed threat detection, directly impacting the firm's ability to protect sensitive client data and intellectual property.
Cost predictability is a key consideration for Professional, Scientific, and Technical Services firms, especially given the project-based nature of much of their work. Unpredictable SIEM costs can strain project budgets and impact profitability. The concerns raised by 2 of 6 reviewers regarding Sentinel's consumption-based pricing model suggest a need for careful evaluation of data volume and potential cost implications for these firms.

How do you use Microsoft Sentinel’s investigation tools? How has it impacted your investigation process?

From 6 reviews

Summary

Top Quotes

Faster investigation process

“Again, it's reduced the time it takes to do an investigation.”

Easier investigation process

“Yeah, so we use the list view a lot with the incidents, but also the graph view where we dive deeper into a problem. It made it easier. Yeah, certainly the graph made it easier.”

What are the different sources from which you pull data into Microsoft Sentinel?

From 6 reviews

Summary

This analysis reflects the experiences of a small sample of Professional, Scientific, and Technical Services users (6 reviews) regarding data sources for Microsoft Sentinel. These firms, often handling sensitive client data and intellectual property, prioritize comprehensive security monitoring across diverse environments. The reviews suggest a focus on integrating data from both Microsoft 365 services and a variety of other sources, reflecting the hybrid IT landscapes common in this industry. Two of the six reviewers specifically mentioned pulling data from Microsoft 365 sources, while another two highlighted the importance of integrating data from various sources, including firewalls, endpoints, and cloud environments. Given the project-based nature of much of the work in this sector, and the corresponding need to secure diverse and evolving IT assets, the ability to ingest data from a wide range of sources appears particularly relevant.

Top Quotes

Microsoft 365 data sources

“So all of the M 365 sources.”

Various data sources

“So a number of sources, a firewall, endpoints, cloud, lot of data goes into the system.”

What positive or negative impact (i.e. Return on Investment or ROI) has Microsoft Sentinel had on your overall business objectives?

From 5 reviews

Summary

This analysis reflects the experiences of a small sample of Professional, Scientific, and Technical Services users (5 reviews) regarding the business impact of Microsoft Sentinel. Given the small sample size, findings should be considered directional rather than definitive. A primary concern for firms in this sector revolves around profitability and scalability, often achieved through efficient service delivery and optimized resource allocation. Four of the five reviewers (80%) reported a positive business impact from Sentinel, citing improvements in threat detection, scalability, and overall security monitoring. These benefits are particularly relevant for firms that manage sensitive client data or intellectual property, where robust security measures are paramount.

Related topics

Positive Business Impact

Top Quotes

Positive Business Impact

“Sentinel provides numerous opportunities for us to drive those services. Yeah, profitability is our objective and it helps us achieve that.”

Describe how you use Microsoft Sentinel in your organization. What are the business problems the product addresses and what is the scope of your use case?

From 6 reviews

Summary

This analysis synthesizes six recent reviews of Microsoft Sentinel from users in the Professional, Scientific, and Technical Services industry. These reviewers, likely supporting clients with complex IT and security needs, highlight Sentinel's role as a central Security Information and Event Management (SIEM) and Security Operations Center (SOC) solution. A significant portion, 3 of 6 reviewers, explicitly mention using Sentinel in this capacity. The ability to consolidate and correlate security alerts from various sources to detect threats is another key benefit, noted by 2 of 6 reviewers. This is particularly relevant for firms in this industry who often manage diverse client environments and need a centralized view of potential security incidents.

Top Quotes

Use as a SIM/SOC

“Sentinel for us is the core sim engine. That is where all my event logs get correlated and it is the nerve hub of my security operation center.”

Threat detection and alerts

“The business problem is that you have a lot of threats that could come from the cloud and also on premise on really any device that is logging into your domain as company. So with Sentinel you could be aware of any signal that could mean or could imply that you are under an attack.”

Please provide some detailed examples of areas where Microsoft Sentinel has room for improvement.

From 6 reviews

Summary

This analysis reflects the experiences of a small sample of Microsoft Sentinel users (6) within the Professional, Scientific, and Technical Services industry. These firms often handle sensitive client data and intellectual property, making robust security information and event management (SIEM) a critical need for compliance and competitive advantage. Reviewers in this sector voiced concerns about integration complexities and pricing models. Specifically, 3 of 6 reviewers mentioned challenges with integrating Sentinel with existing network infrastructure and various data sources, which can be a significant hurdle for firms relying on diverse, specialized tools. Additionally, 2 of 6 reviewers expressed reservations about the pricing structure, noting its potential impact on budget predictability, especially for mid-sized and large companies.

Top Quotes

Integration and Interface Issues

“Dashboard is not very good. Some of the interfaces and the integration needs so much more work.”

Pricing and Licensing

“The licensing could be a little bit simpler”

Please provide some detailed examples of things that Microsoft Sentinel does particularly well.

From 6 reviews

Summary

This analysis reflects the experiences of a small sample of Professional, Scientific, and Technical Services users (6 reviews). These firms often manage complex IT environments with diverse systems, so integration and security are paramount. The reviews suggest that Microsoft Sentinel's integration capabilities stand out, with 3 of 6 reviewers highlighting it as a strength. This is a critical factor for Professional, Scientific, and Technical Services firms needing to consolidate security data from various sources, including cloud platforms and on-premise systems. Given the sensitive nature of data many firms handle, Sentinel's ability to unify security information across their infrastructure is a notable advantage.

Related topics

Integration capabilities

Top Quotes

Integration capabilities

“Integration I think was above average for most of the devices as well as the user interface is good.”

Reviews

27 Reviews

Professional, Scientific, and Technical Services

Microsoft Defender Threat Intelligence

Rating: 10 out of 10

Incentivized

August 30, 2025

Use Cases and Deployment Scope

We use it to get an overview of our overall security posture and for an easy way to apply Microsoft best practices.

The main use of it is also to find and report phishing and bad actor emails that we receive in our organization.

It is very easy to open defender and immediately see if something has been compromised or if a certain user is not up to date with security standards.

Pros

Easy interface to immediately look at security posture
Many different tools to use and many blades of features
Email reporting

Cons

There is so many features that sometimes it is hard to find what you need as you need to dig deep and get redirected
There could be better training or more intuitive design
I do not like how I get redirected sometimes and if there are multiple accounts logged into the browser sometimes it opens the wrong account and I get stuck in a loop that I must sign out of all accounts and try again

Likelihood to Recommend

If you are already using Entra ID and the Microsoft Suite is it very easy to use Microsoft Defender Threat Intelligence as it is built-in. For example, when looking at emails that are reported as phish, you can easily open up Defender and report the email to Microsoft with the click of a button with no additional work.

Verified User

Technician in Information Technology (Information Technology & Services company, 1-10 employees)

Vetted Review

2 years of experience

Microsoft Sentinel feels so futuristic

Rating: 8 out of 10

Incentivized

July 23, 2025

Use Cases and Deployment Scope

Microsoft Sentinel is used as log management and SIEM tool , the tool replaces legacy on prem SIEMs having all your logs in the cloud.
the tool solves security monitoring and threat hunting problems.
it also enables an integrated automation solution (logic apps) from within the solution it self .
the connectors (log source integrations )usually comes with multiple detection rules and dashboards

Pros

Very good UI
Very good support to MS log sources
Good Threat hunting module
Automation through logic apps

Cons

Having less rapid changes of terminologies
Having less rapid changes in documentation
Having better documentation for connectors

Likelihood to Recommend

A cloud environment with good amount of MS solution.
No regulations that prevent from having the logs on the cloud.
having engineers with kql expertise.
its also provide a very flexible pricing structure where you can increase your allocated MPS as you go , so its suited if the environment is still not sure how much they went to invest into a SIEM solution

Mohamad Islam Hamadieh

SOC Engineer in Engineering at Dell technology (Computer & Network Security, 10,001+ employees)

Vetted Review

5 years of experience

View profile

Well done Microsoft Sentinel - great Product

Rating: 9 out of 10

Incentivized

July 14, 2025

Use Cases and Deployment Scope

Its integrated into a SOC to provide real-time visibility, reduce alert fatigue, and improve mean time to resolution (MTTR) - which we are achieving via custom playbooks. Monitor login activities, network traffic, and endpoint behavior to detect anomalies like brute-force attacks or compromised accounts. We have also found that our posture improved by 30% within the first month.

Pros

Single pane view to monitor and respond
Easy way to do Threat hunting
ease of investigating findings

Cons

More templates for customers
Cost is an issue - complex licensing
Bring the community more into the ecosystem

Likelihood to Recommend

Microsoft Sentinel excels in centralized monitoring, AI-driven threat detection, and automation, but improvements in cost transparency, user experience, third-party integrations, and support for emerging technologies could make it even more effective. Addressing these areas would enhance its appeal for small-to-medium businesses, large enterprises, and organizations with complex or specialized IT environments.

Verified User

Consultant in Information Technology (Computer & Network Security company, 201-500 employees)

Vetted Review

6 years of experience

Microsoft Sentinel Review

Rating: 10 out of 10

Incentivized

May 6, 2025

Use Cases and Deployment Scope

Internally we use it to gain visibility around threats within the organization, but primarily we consult with other organizations to deploy and implement Sentinel. We have a managed service built around Sentinel. So we use Sentinel as part of our managed XDR solution that we've developed with Microsoft.

Pros

Well, that's a good question. It does a lot, well, probably my engineers would be better positioned to answer that question, but it correlates really well. Security orchestration, it highlights risks in the organization, provides insights to our analysts to respond to threats and it implements well.

Cons

The licensing could be a little bit simpler

Likelihood to Recommend

Scenarios where it's best suited would be organizations looking to consolidate on a platform, gain better visibility of threats in their environment, reduce the amount of time it takes to search for and respond. And then scenarios where it's less appropriate. Well, I guess anything where you're not collecting, where you need to collect large amounts of information to make quick decisions.

Richard Dornhart

National Security Practice Manager in Sales at Data#3 (Information Technology & Services, 1001-5000 employees)

Vetted Review

Reseller

5 years of experience

Microsoft Sentinel Review

Rating: 9 out of 10

Incentivized

April 30, 2025

Use Cases and Deployment Scope

We use it as a central SIM to collect all of these security alerts from our customers. It overcomes the fact that you need some sort of way to centrally collect it, so the SIM will be your central collector.

Pros

I think the unification integration really, really works well with Microsoft Defender.

Cons

I would say it could improve in collecting network logs better at a lower cost with better integration, easier integration. So the support for collection of network logs would be something they should approve.

Likelihood to Recommend

If a company has a Microsoft First strategy and is very much already in the cloud, then Sentinel is well positioned.

Verified User

Director in Information Technology (Information Technology & Services company, 201-500 employees)

Vetted Review

6 years of experience

Microsoft Sentinel Review

Rating: 9 out of 10

Incentivized

April 30, 2025

Use Cases and Deployment Scope

The business problem is that you have a lot of threats that could come from the cloud and also on premise on really any device that is logging into your domain as company. So with Sentinel you could be aware of any signal that could mean or could imply that you are under an attack. So you could correlate several events from several devices or from several kind of inputs to identify a threat. And if you have this configure on the Pro, you could take action or send an alert to the responsible

Pros

I think that you have a lot of, for example, an incoming attack you could release on real time and if you configure an action that must be taken, you could be sure that the action will be taken automatically no matter the time or no matter if someone is checking the platform exactly at that moment.

Cons

I think that the price is always a consideration because it's based on consumption. So a change in the price model will be a good point for mid-size and large companies.

Likelihood to Recommend

I think that the pro is well suited for a complex environment for a big organization that has people that has a mid-size cybersecurity team in place. And it's less appropriate if you are a not so big company because the budget could be important. Barrier to adopt it right on the right way

Verified User

Representative in Sales (Information Technology & Services company, 11-50 employees)

Vetted Review

2 years of experience

Microsoft Sentinel Review

Rating: 10 out of 10

Incentivized

April 30, 2025

Use Cases and Deployment Scope

Sentinel is an CM two to monitoring and send alerts for the incident information security alerts and consolidate many source to detect many threats and many alerts

Pros

It's not having capacity to integrate or ingest many source of the information like to XDR and servers and many products to security firewalls on all firewalls. And they have capability to integrate via all? Yes, the mean the API with another tools.

Cons

I think in some case don't have too easy to integrate some products. It's less products to integrate or many source of information, but it's the minimal.

Likelihood to Recommend

When the customers have all products of the Microsoft or they have an suite like to Microsoft 365, they have an close to the benefits, the less cost to ingest these sources and it's an I scenario, less appropriate. Maybe when they have an G Suite or another cloud products, it's not too easy to implement.

Verified User

Manager in Sales (Information Technology & Services company, 51-200 employees)

Vetted Review

4 years of experience

Microsoft Sentinel Review

Rating: 6 out of 10

Incentivized

April 30, 2025

Use Cases and Deployment Scope

Sentinel for us is the core sim engine. That is where all my event logs get correlated and it is the nerve hub of my security operation center.

Pros

What has worked well for me and my company is this is a SaaS product, so the access and the availability from that perspective is significantly high. Integration I think was above average for most of the devices as well as the user interface is good.

Cons

Dashboard is not very good. Some of the interfaces and the integration needs so much more work.

Likelihood to Recommend

The product is well suited if you have a large Microsoft ecosystem, their platforms solutions are that is what you use, which we do. I think where it is less suited is where the ecosystem is broader. And if you have less than 25% or 30% of Microsoft's capabilities deployed in your environment.

Rajesh Kumar

Senior Vice President in Information Technology at EXL Service (Information Technology & Services, 10,001+ employees)

Vetted Review

1 year of experience

Microsoft Sentinel Review

Rating: 10 out of 10

Incentivized

April 29, 2025

Use Cases and Deployment Scope

At an organization we've deployed this as one of our edge security components, so any edge traffic that comes through our system has to basically propagate through the central lab. Product scope is pretty wide because it's a lot of our API traffic.

Pros

I would say the user experience is pretty good. It integrates very well with our Kubernetes systems.

Cons

I honestly can't think anything at this point.

Likelihood to Recommend

Well suited for a organization that has a lot of traffic coming in and is busy. You can't really scan every single request that comes in, so this product is really great for that. And less appropriate would be if you have very small traffic, small number of requests coming in.

Verified User

Professional in Information Technology (Information Technology & Services company, 10,001+ employees)

Vetted Review

2 years of experience

Great Improvement in Our Security after Adapting to Microsoft Sentinel

Rating: 9 out of 10

Incentivized

February 20, 2025

Use Cases and Deployment Scope

Microsoft Sentinel has helped us in Automated threat detection and action. Helped us to boost our security. Increased efficiency and security.

Pros

Well suited for remote and on site protection
Automated Threat Detection and Action
Virus Scanning

Cons

Better Price Range for small medium buisness
Would like to see better User Interface
Some kinda small dashboard to monitor

Likelihood to Recommend

Very well suited for remote and on site security services. I remember after switching to Microsoft Sentinel, we were able to catch some threats that previous vendor couldn't find. Really experience matters.

Himanshu Pawar

Manager in Sales at Alorica (Information Technology & Services, 51-200 employees)

Vetted Review

2 years of experience

Loading Reviews List....