This product assessment is based on a synthesis of 9 recent reviews analyzing Microsoft Sentinel across multiple dimensions of product satisfaction. Microsoft Sentinel is primarily used as a Security Information and Event Management (SIEM) and within Security Operations Centers (SOC) to centralize security alerting and threat detection. A significant portion of reviewers (6 of 9) report a positive business impact, often citing the ability to scale their business and build new service lines around the platform. Reviewers appreciate its ability to integrate with a wide array of data sources, including Microsoft 365 services. However, a notable concern, voiced by 3 of 9 reviewers, revolves around integration and interface issues, specifically difficulties with dashboard usability and integrating various products and network logs. While many appreciate the AI and machine learning capabilities for threat detection, some reviewers express skepticism about the tangible impact and transparency of these features.

Pros

Strong integration capabilities, particularly with Microsoft products like Microsoft Defender, allowing for seamless data ingestion and correlation.
Effective automated threat response capabilities, enabling immediate, pre-configured actions against incoming attacks.
Scalability, allowing businesses to build entire service lines around the platform and expand their security operations.
Improved threat detection through AI and machine learning, reducing false positives and enhancing overall detection capabilities.
Faster investigation processes due to intuitive investigation tools like the graph view, which facilitates deeper problem analysis.

Cons

Complex integration and interface, leading to difficulties with dashboard usability and integrating various products and network logs.
Complexity in setting up automation and permissions, requiring specialized knowledge and effort.
Potential lack of transparency regarding the functionality and impact of AI in driving threat detection.
Pricing model and licensing complexity, which may be a barrier for mid-size and large companies.
Limited clarity on the tangible benefits of AI/ML features for some users, leading to skepticism about their effectiveness.

Do you use Microsoft Sentinel’s AI, machine learning, and analytics for threat detections? How do you use these features? What have you accomplished with these features?

From 9 reviews

Summary

This analysis examines 9 recent product reviews to understand how users employ Microsoft Sentinel's AI, machine learning, and analytics for threat detection. Several reviewers highlighted the benefits of using AI to detect unusual or suspicious activity, reduce false positives by correlating data from various sources, and improve overall detection capabilities (4 of 9 reviews). However, a smaller subset of reviewers expressed skepticism about the tangible impact of Microsoft's AI in driving threat detection, with some indicating a lack of transparency regarding its functionality (2 of 9 reviews).

Top Quotes

AI for threat detection

“Yes, we use Microsoft Sentinel’s smart AI tools to catch unusual or suspicious activity that might be difficult to spot otherwise.”

Limited AI impact

“To answer that question very specifically as it's written. I don't see Microsoft AI actually driving threat detection.”

How do you use Microsoft Sentinel’s investigation tools? How has it impacted your investigation process?

From 9 reviews

Summary

This report analyzes 9 recent reviews to understand how users are leveraging Microsoft Sentinel's investigation tools and the impact on their investigation processes. Reviewers highlight that the tools contribute to a faster investigation process. Specifically, 3 of 9 reviewers indicated that Microsoft Sentinel's investigation tools have made the investigation process faster. Complementing this, 2 of 9 reviewers noted that the tools also make the investigation process easier, particularly praising features like the graph view for diving deeper into problems. These tools enable users to quickly address security incidents, reducing the need for manual forensic analysis.

Top Quotes

Faster investigation process

“Again, it's reduced the time it takes to do an investigation.”

Easier investigation process

“Yeah, so we use the list view a lot with the incidents, but also the graph view where we dive deeper into a problem. It made it easier. Yeah, certainly the graph made it easier.”

What are the different sources from which you pull data into Microsoft Sentinel?

From 9 reviews

Summary

This report synthesizes 9 recent product reviews to identify the data sources that users connect to Microsoft Sentinel. Reviewers commonly mention the ability to integrate various data sources (3 of 9 reviewers). A similar number of reviewers (3 of 9) specifically cited Microsoft 365 data sources as being among those integrated. The reviewers appreciate the wide array of sources that can be connected, ranging from cloud applications and on-prem devices to firewalls and endpoints.

Top Quotes

Microsoft 365 data sources

“We are importing data into Microsoft Sentinel from a number of sources, including our firewalls, Azure, Microsoft 365, and even our on-site servers.”

Various data sources

“We are importing data into Microsoft Sentinel from a number of sources, including our firewalls, Azure, Microsoft 365, and even our on-site servers.”

What positive or negative impact (i.e. Return on Investment or ROI) has Microsoft Sentinel had on your overall business objectives?

From 9 reviews

Summary

This report synthesizes 9 recent reviews to assess the return on investment (ROI) of Microsoft Sentinel. Reviewers most frequently cite a positive business impact (6 of 9 reviews). Several reviewers highlight that Sentinel has enabled them to scale their business and build entire business lines around the platform. Two reviewers specifically mentioned reduced costs, citing less manual work and the potential for needing fewer or less specialized personnel to monitor dashboards. One reviewer noted improved threat detection since integrating with Sentinel, leading to a better customer experience.

Related topics

Positive Business Impact Reduced Costs

Top Quotes

Positive Business Impact

“Good return on investment”

Reduced Costs

“Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.”

Describe how you use Microsoft Sentinel in your organization. What are the business problems the product addresses and what is the scope of your use case?

From 9 reviews

Summary

This report synthesizes 9 recent product reviews to understand how organizations are using Microsoft Sentinel and the business problems it addresses. A primary use case revolves around threat detection and alerting, mentioned by 5 of the 9 reviewers, with users leveraging Sentinel to proactively identify and respond to potential security incidents across diverse environments. Three reviewers specifically mentioned using Sentinel as a central Security Information and Event Management (SIM) or within a Security Operations Center (SOC) to aggregate and correlate security alerts. Additionally, 2 of the 9 reviewers highlighted its application as a managed service, indicating its utility in providing security solutions for clients.

Top Quotes

Threat detection and alerts

“We track all our systems to protect them from any threats with Microsoft Sentinel.”

Use as a SIM/SOC

“Sentinel for us is the core sim engine. That is where all my event logs get correlated and it is the nerve hub of my security operation center.”

Managed service use case

“Internally we use it to gain visibility around threats within the organization, but primarily we consult with other organizations to deploy and implement Sentinel.”

Please provide some detailed examples of areas where Microsoft Sentinel has room for improvement.

From 9 reviews

Summary

This report analyzes 9 recent reviews to identify areas where Microsoft Sentinel could be improved. A significant portion of reviewers, 3 of 9, raised concerns regarding integration and interface issues, noting difficulties with dashboard usability and the complexity of integrating various products and collecting network logs. Two reviewers mentioned the complexity involved in setting up automation and permissions. The pricing model and licensing also drew attention from 2 reviewers, who suggested that simplification and price model changes could benefit mid-size and large companies.

Top Quotes

Integration and Interface Issues

“Dashboard is not very good. Some of the interfaces and the integration needs so much more work.”

Complexity and Setup

“Setting up automation is complicated”

Pricing and Licensing

“The licensing could be a little bit simpler”

Please provide some detailed examples of things that Microsoft Sentinel does particularly well.

From 9 reviews

Summary

This report analyzes 9 recent product reviews to identify areas where Microsoft Sentinel is perceived to perform well. A key strength highlighted by reviewers is its integration capabilities (4 of 9 reviews). Several reviewers also praised its automated threat response capabilities (2 of 9 reviews). The integration with other Microsoft products, especially Microsoft Defender, appears to be a notable advantage. The automated threat response is valued for its ability to take immediate, pre-configured actions against incoming attacks, ensuring continuous protection regardless of human oversight.

Top Quotes

Integration capabilities

“Integration I think was above average for most of the devices as well as the user interface is good.”

Automated threat response

“Automatic response to threats”

Reviews

53 Reviews

Smart features that save time

Rating: 9 out of 10

May 23, 2025

Use Cases and Deployment Scope

We track all our systems to protect them from any threats with Microsoft Sentinel. Before Microsoft Sentinel, it was challenging to monitor our systems and fix security issues and threats fast and in time to keep our data safe. Faster alerts are easy to obtain, and we can react and correct them more quickly to protect our data.

Pros

Keeps Everything in one place
Smart threat detection
Automatic response to threats
Clear visuals and reports

Cons

Setting up automation is complicated
Too many alerts at first
complicated permissions setup

Likelihood to Recommend

We use it because when a user sees the suspicious activity on his account, Microsoft Sentinel gives alerts to the user's system and the admin system as well. When a user of one of our systems clicked a spam email, that email was trying to install a virus on our server, but Microsoft Sentinel gave an alert to the user and admin both, so that is why our team was able to fix that issue with Microsoft Sentinel very fast. However, it will not be the best option for you if your team is utilizing every feature but you are on a tight budget.

Ian Stuebe

Project Manager in Information Technology at Apex Warehouse Systems (51-200 employees)

Vetted Review

3 years of experience

Sentinel Review

Rating: 8 out of 10

Incentivized

May 6, 2025

Use Cases and Deployment Scope

We mainly use it for another company tennet. They're mostly Microsoft, so we have to go inside their tenants. I know there is some products within out company that do use Microsoft as well, but we primarily use it for our other tenant.

Pros

Detections
Breakdowns
Point to blank

Cons

One of the things I would like to see differently is bringing it all in together. Cause I have to go to Azure and I have to go to other products and a lot of that can get confusing really fast. I would just like to have one kind of singular home point where I can go to different products.

Likelihood to Recommend

Quarantining detections are really relevant and being able to investigate particularly what someone has done. What's not so relevant is product security or not even product security. Endpoint security and management of users, I would say.

Verified User

Analyst in Information Technology (10,001+ employees)

Vetted Review

2 years of experience

Microsoft Sentinel Review

Rating: 10 out of 10

Incentivized

May 6, 2025

Use Cases and Deployment Scope

Internally we use it to gain visibility around threats within the organization, but primarily we consult with other organizations to deploy and implement Sentinel. We have a managed service built around Sentinel. So we use Sentinel as part of our managed XDR solution that we've developed with Microsoft.

Pros

Well, that's a good question. It does a lot, well, probably my engineers would be better positioned to answer that question, but it correlates really well. Security orchestration, it highlights risks in the organization, provides insights to our analysts to respond to threats and it implements well.

Cons

The licensing could be a little bit simpler

Likelihood to Recommend

Scenarios where it's best suited would be organizations looking to consolidate on a platform, gain better visibility of threats in their environment, reduce the amount of time it takes to search for and respond. And then scenarios where it's less appropriate. Well, I guess anything where you're not collecting, where you need to collect large amounts of information to make quick decisions.

Richard Dornhart

National Security Practice Manager in Sales at Data#3 (1001-5000 employees)

Vetted Review

Reseller

5 years of experience

Microsoft Sentinel Review

Rating: 9 out of 10

Incentivized

April 30, 2025

Use Cases and Deployment Scope

We use it as a central SIM to collect all of these security alerts from our customers. It overcomes the fact that you need some sort of way to centrally collect it, so the SIM will be your central collector.

Pros

I think the unification integration really, really works well with Microsoft Defender.

Cons

I would say it could improve in collecting network logs better at a lower cost with better integration, easier integration. So the support for collection of network logs would be something they should approve.

Likelihood to Recommend

If a company has a Microsoft First strategy and is very much already in the cloud, then Sentinel is well positioned.

Verified User

Director in Information Technology (201-500 employees)

Vetted Review

6 years of experience

Microsoft Sentinel Review

Rating: 9 out of 10

Incentivized

April 30, 2025

Use Cases and Deployment Scope

The business problem is that you have a lot of threats that could come from the cloud and also on premise on really any device that is logging into your domain as company. So with Sentinel you could be aware of any signal that could mean or could imply that you are under an attack. So you could correlate several events from several devices or from several kind of inputs to identify a threat. And if you have this configure on the Pro, you could take action or send an alert to the responsible

Pros

I think that you have a lot of, for example, an incoming attack you could release on real time and if you configure an action that must be taken, you could be sure that the action will be taken automatically no matter the time or no matter if someone is checking the platform exactly at that moment.

Cons

I think that the price is always a consideration because it's based on consumption. So a change in the price model will be a good point for mid-size and large companies.

Likelihood to Recommend

I think that the pro is well suited for a complex environment for a big organization that has people that has a mid-size cybersecurity team in place. And it's less appropriate if you are a not so big company because the budget could be important. Barrier to adopt it right on the right way

Verified User

Representative in Sales (11-50 employees)

Vetted Review

2 years of experience

Microsoft Sentinel Review

Rating: 10 out of 10

Incentivized

April 30, 2025

Use Cases and Deployment Scope

Sentinel is an CM two to monitoring and send alerts for the incident information security alerts and consolidate many source to detect many threats and many alerts

Pros

It's not having capacity to integrate or ingest many source of the information like to XDR and servers and many products to security firewalls on all firewalls. And they have capability to integrate via all? Yes, the mean the API with another tools.

Cons

I think in some case don't have too easy to integrate some products. It's less products to integrate or many source of information, but it's the minimal.

Likelihood to Recommend

When the customers have all products of the Microsoft or they have an suite like to Microsoft 365, they have an close to the benefits, the less cost to ingest these sources and it's an I scenario, less appropriate. Maybe when they have an G Suite or another cloud products, it's not too easy to implement.

Verified User

Manager in Sales (51-200 employees)

Vetted Review

4 years of experience

Microsoft Sentinel Review

Rating: 10 out of 10

Incentivized

April 30, 2025

Use Cases and Deployment Scope

The primary use case for us is as a managed service for our clients. We maintain dozens of instances in our client's Azure environments for them, and then we build detection rules, manage the configuration for them, and then respond to incidents with it.

Pros

It is extensible into other Azure services for customization, so it is very flexible towards adaptation and customization and support for building customizations.

Cons

I would like better capabilities and customizations. The UBA modules or behavioral analytics, there's some stuff there. It's not particularly well documented and we've had to figure it out on our own and it's continuing to get better, but it's been around for a long time without a lot of change. It's just recently been changing and improving, but I'd like to see UBA become more customizable and clear on how it operates.

Likelihood to Recommend

I think for all medium and large organizations, I don't have any solutions where it doesn't make a lot of sense because of its flexibility. I work primarily in medium and very large size companies and it's very good there because it's flexible and adaptable as I mentioned previously. But for small companies, which I don't do a lot of business with, there's sort of easy buttons for a lot of things. So people are able to get comfortable with it pretty quickly. So I don't have a lot of problems in that sense.

Verified User

C-Level Executive (201-500 employees)

Vetted Review

6 years of experience

Microsoft Sentinel Review

Rating: 6 out of 10

Incentivized

April 30, 2025

Use Cases and Deployment Scope

Sentinel for us is the core sim engine. That is where all my event logs get correlated and it is the nerve hub of my security operation center.

Pros

What has worked well for me and my company is this is a SaaS product, so the access and the availability from that perspective is significantly high. Integration I think was above average for most of the devices as well as the user interface is good.

Cons

Dashboard is not very good. Some of the interfaces and the integration needs so much more work.

Likelihood to Recommend

The product is well suited if you have a large Microsoft ecosystem, their platforms solutions are that is what you use, which we do. I think where it is less suited is where the ecosystem is broader. And if you have less than 25% or 30% of Microsoft's capabilities deployed in your environment.

Rajesh Kumar

Senior Vice President in Information Technology at EXL Service (10,001+ employees)

Vetted Review

1 year of experience

Microsoft Sentinel Review

Rating: 10 out of 10

Incentivized

April 29, 2025

Use Cases and Deployment Scope

At an organization we've deployed this as one of our edge security components, so any edge traffic that comes through our system has to basically propagate through the central lab. Product scope is pretty wide because it's a lot of our API traffic.

Pros

I would say the user experience is pretty good. It integrates very well with our Kubernetes systems.

Cons

I honestly can't think anything at this point.

Likelihood to Recommend

Well suited for a organization that has a lot of traffic coming in and is busy. You can't really scan every single request that comes in, so this product is really great for that. And less appropriate would be if you have very small traffic, small number of requests coming in.

Verified User

Professional in Information Technology (10,001+ employees)

Vetted Review

2 years of experience

Great Improvement in Our Security after Adapting to Microsoft Sentinel

Rating: 9 out of 10

Incentivized

February 20, 2025

Use Cases and Deployment Scope

Microsoft Sentinel has helped us in Automated threat detection and action. Helped us to boost our security. Increased efficiency and security.

Pros

Well suited for remote and on site protection
Automated Threat Detection and Action
Virus Scanning

Cons

Better Price Range for small medium buisness
Would like to see better User Interface
Some kinda small dashboard to monitor

Likelihood to Recommend

Very well suited for remote and on site security services. I remember after switching to Microsoft Sentinel, we were able to catch some threats that previous vendor couldn't find. Really experience matters.

Himanshu Pawar

Manager in Sales at Alorica (51-200 employees)

Vetted Review

2 years of experience

Loading Reviews List....