We performed a comparison between Microsoft Defender Threat Intelligence and Microsoft Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The technical support services are excellent."
"The product's anti-spam and malware-scanning features are useful. We scan email attachments, documents, and malicious codes."
"The product is useful when the end user downloads malware files."
"The solution blocks incoming threats on the local PC or any cloud-based threats."
"They have a very transparent roadmap for the product."
"It just runs in the background. I don't have to worry about, making sure it's Intelligence. So, you know, this kind of makes it very easy, have to worry about installing. It is easy to use."
"You can use it to monitor third parties and ensure they are not under threat attacks. It is beneficial in the GRC model."
"The tool is managed from the cloud, because of which the maintenance is very low."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"We have no complaints about the features or functionality."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Free ingestion for Azure logs (with E5 licence)"
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"It takes time for the support team to understand the issue, and they then respond with a delay at times, which causes a lot of trouble."
"I would like to see more integration with other solutions. For example, integration well with Microsoft but not with other solutions."
"The software is expensive."
"The stability of the product is an area of concern where improvements are required."
"Technical support could be a bit better."
"Microsoft itself is a major target for attacks and threats due to its size and popularity. That could be considered Microsoft's Achilles heel."
"One area where Microsoft Defender could be improved is in its support for non-Microsoft products, particularly for systems running Linux or other open-source platforms across ecosystems."
"There could be AI functionality included for features like reporting and dashboard preparation."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"There is room for improvement in entity behavior and the integration site."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"We'd like also a better ticketing system, which is older."
"The reporting could be more structured."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
More Microsoft Defender Threat Intelligence Pricing and Cost Advice →
Microsoft Defender Threat Intelligence is ranked 16th in Microsoft Security Suite with 24 reviews while Microsoft Sentinel is ranked 6th in Microsoft Security Suite with 85 reviews. Microsoft Defender Threat Intelligence is rated 8.4, while Microsoft Sentinel is rated 8.2. The top reviewer of Microsoft Defender Threat Intelligence writes "A tool that offers endpoint protection with low maintenance costs". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Microsoft Defender Threat Intelligence is most compared with STAXX, Cisco Threat Grid, ThreatConnect Threat Intelligence Platform (TIP), VirusTotal and Splunk Mission Control, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Elastic Security. See our Microsoft Defender Threat Intelligence vs. Microsoft Sentinel report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
