Microsoft Sentinel Reviews

Name: Microsoft Sentinel
Brand: Microsoft
Rating: 4.1 (98 reviews)

4.1 out of 5

98 reviews
93% willing to recommend

What is Microsoft Sentinel?

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

Get the Microsoft Sentinel Buyer's Guide and find out what your peers are saying about Microsoft Sentinel, CrowdStrike Falcon, Microsoft Intune and more!

Microsoft Sentinel is the #1 ranked solution in SOAR tools, #3 ranked solution in top Security Information and Event Management (SIEM) solutions, #5 ranked solution in top AI-Powered Cybersecurity Platforms solutions, and #6 ranked solution in top Microsoft Security Suite solutions. PeerSpot users give Microsoft Sentinel an average rating of 8.2 out of 10. Microsoft Sentinel is most commonly compared to CrowdStrike Falcon: Microsoft Sentinel vs CrowdStrike Falcon. Microsoft Sentinel is popular among the large enterprise segment, accounting for 57% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 15% of all views.

Helped 865,985 peers since 2012

Featured Microsoft Sentinel reviews

Ivan Angelov

Project Executive at synergyc

My security team has been using Microsoft Sentinel for around two years. We also have Bastion and SolarWinds as part of our monitoring tools. We use a three-way tool, alongside Microsoft Sentinel, in our environment The most valuable features for us include threat collection, threat detection,…

Read full review

Rob Wille

Solutions Architect at a tech vendor with 201-500 employees

The features that I or my customers consider most valuable within Microsoft Sentinel include the ability to query, the integration with the rest of the Defender and the Microsoft suites, and the workbooks and dashboards. The ability to query is valuable to us because it allows you to drill down to specific information that you need and even drill down further from there. It really helps you get at the information, especially from an investigative perspective, that you need. With the workbook dashboards, once you find a good information set or data set, let you flip that around and turn it into a dashboard so it can be repeatable and visible to other folks in the organization. Microsoft Sentinel's ability to correlate data from multiple sources enhances our threat detection capabilities beyond what is a simple data lake solution by filtering out the noise and consolidating the signal down to a meaningful level that is easier to investigate and see. It allows us to truly see what is going on and gives us that focused visibility. It does provide actionable data, not just visibility, as it can provide insights beyond what a normal data stream could give you. The integration of security functionalities such as SIEM, SOAR, TIP, and UEBA in Microsoft Sentinel is well-executed, particularly the seamless integration of UEBA. However, there is confusion between UEBA and Defender for Identity that needs to be explored further. Microsoft has defined the XDR level, but from an MSSP perspective, the SOAR capability is integrated adequately, while customers might not fully utilize it yet due to marketing factors. Creating an awareness campaign for these integrations would be beneficial. The impact of Microsoft Sentinel on our advanced hunting abilities has been significant because it allows us to really hone in from an investigative perspective and dive deeper into investigations. Even without access to a customer's environment, we capture a lot of data and can drill down on specifics like when and from where emails were sent, what their content was, and so on. It provides us with a complete attack story and history. Up until recently, the MITRE ATT&CK integration in Microsoft Sentinel was based on an older version, rendering it less meaningful, but now with the upgrade to the latest version, it allows us to map our threat intelligence efficiently to the MITRE framework, which has been beneficial. I would highlight the new case management feature as great. Its presence gives Microsoft Sentinel an edge as many other SIEMs have had mature case management capabilities. Additionally, as it becomes part of the Defender portal, the journey and integration narrative between Sentinel and the complete Defender XDR should be better defined, especially since more customers opt for Sentinel only. Having a great CX team within Microsoft enhances the experience, although having a distracted account manager lessens focus on critical details for customer needs. A lot of the automation inside Sentinel comes with inside actually rolling out brand new Sentinel environments. We utilize that a lot and it might go beyond just Sentinel, for example, utilizing templates in Azure and templates elsewhere to actually deploy out. A good scenario is when customer environments have multi tenancy. Being able to roll out those additional tenants with the automation has been huge. We went from it taking 20 hours to build a tenant to a matter of two to four hours. That's a 75% savings. The SOC optimization is a big part of what we do. We have to manage our own costs, however, we have built in automations for reporting to trigger when data is exposed. I have one customer that had 225 GBs a day when onboarded, and now we're down to 110 GBs. As far as our reporting, it does help everything become more efficient.

Read full review

Miroslav Karnik

IT Consultant at MAN Truck & Bus SE

Custom workbooks are valuable. It is one of the crucial points in dealing with potential security threats in an automated way without requiring too much manpower. Our security department is not big. With the custom workbooks, we are able to immediately respond by auto-isolating the devices, and after that, our technical team or security team can look into it. It helps us to solve issues with a small bunch of people behind it. We can gather all security events in one platform and react to all these events. We have the integration through various connectors to Intune, Entra ID, etc. We have a single pane of glass for collecting all the information.

Read full review

Microsoft Sentinel mindshare

Product category:

As of August 2025, the mindshare of Microsoft Sentinel in the Security Information and Event Management (SIEM) category stands at 6.6%, down from 8.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM) Market Share Distribution
Product	Market Share (%)
Microsoft Sentinel	6.6%
Wazuh	11.8%
Splunk Enterprise Security	9.4%
Other	72.2%

Security Information and Event Management (SIEM)

PeerResearch reports based on Microsoft Sentinel reviews

Type	Title	Date
Category	Security Information and Event Management (SIEM)	Aug 27, 2025	Download
Product	Reviews, tips, and advice from real users	Aug 27, 2025	Download
Comparison	Microsoft Sentinel vs Splunk Enterprise Security	Aug 27, 2025	Download
Comparison	Microsoft Sentinel vs Wazuh	Aug 27, 2025	Download
Comparison	Microsoft Sentinel vs IBM Security QRadar	Aug 27, 2025	Download

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	4.7%	96%	132 interviews Add to research
Microsoft Intune	4.1	N/A	94%	298 interviews Add to research

Valuable Features

Microsoft Sentinel's most valuable features include seamless integration with Microsoft and third-party products, allowing centralized log management. Its AI and automation capabilities enhance threat detection and quick incident response. The use of Kusto Query Language (KQL) facilitates detailed data queries. It's cloud-native, reducing infrastructure costs and enabling easy scalability. Sentinel's analytics provide deep visibility into security events across cloud and on-prem environments, improving threat prioritization and user behavior monitoring. The automation feature significantly boosts efficiency and reduces false positives.

"The integration between them is good and straightforward, the documentation is excellent, and we do not have any problems."
"Microsoft Sentinel stands out mainly for its signal-to-noise reduction; LogRhythm required numerous AI rules to reach a similar level of noise reduction."
"It's a great product."

Room for Improvement

Microsoft Sentinel requires better user-friendliness, especially for non-Microsoft integrations. The documentation needs improvement, and a more streamlined interface could enhance usability. Performance issues, especially with log ingestion and alert delays, are noted by users. The pricing structure is seen as prohibitive for smaller businesses. Enhanced AI capabilities and expanded automation are requested. Users are seeking more out-of-the-box connectors and advanced analytics tools, alongside improved support for third-party SIEM systems and traditional on-premise environments.

"In terms of improvements, pricing, licensing, and overall cost could be better."
"The integration challenges arise from both sides; Google tends to be noisy, and we find only ten analytic rules out of the box, necessitating the use of Defender for Cloud for alerts, which indicates a need for better documentation during deployment."
"The three challenges we have are outside of the Microsoft ecosystem. In New Zealand, there are customers that run dual stack, running Microsoft but also competitor products, EDR software, cloud security software, and other tooling."

ROI

Organizations note mixed financial outcomes with Microsoft Sentinel. Some say costs initially increased, but improvements in security processes provided long-term value. The platform's efficiency, integration, and automation helped reduce headcount and operating times, saving money. Others highlight challenges in measuring returns but acknowledge better security and compliance. Positive ROI is observed from cost savings on infrastructure and staff reduction, seamless integration, and enhanced threat detection. Each organization's experience in ROI varies significantly.

Pricing

Microsoft Sentinel offers pricing models that are often seen as costly and complex by enterprises. Its consumption-based model charges based on data ingestion, leading to variability depending on usage. Pricing is influenced by log volume, storage needs, and additional features such as Logic Apps. A 50% discount may apply for consuming 100GB/day or more. While some organizations appreciate the flexibility and integration with other Microsoft services, smaller entities find it expensive compared to alternatives.

"Pricing for Microsoft Sentinel could always be lower, but it's workable. The ingestion costs for the data analytics is usually the highest cost, but the licensing per Microsoft Sentinel is fairly straightforward and transparent."
"We only pay for the amount of data we bring in, which is fair."
"It is consumption-based pricing. It is an affordable solution."

Popular Use Cases

Organizations use Microsoft Sentinel for security management, threat detection, and log analysis. It integrates with multiple data sources to provide centralized logging and automated incident response. Sentinel supports Security Operations Centers, helping monitor cloud and hybrid environments by leveraging machine learning for threat intelligence. It enables cross-environment threat tracking, alert correlation, and detection rule customization, improving security posture and easing SOC workloads. It is also aligned with managed security service providers for customer support.

Service and Support

Microsoft Sentinel support is generally responsive and efficient, especially with higher-tier plans. Users appreciate quick ticket resolutions and informed assistance. Some feedback includes challenges with initial support levels and navigating documentation. Premium support tends to receive more favorable comments. Many rely on forums for additional help, and while some users find the support excellent, others note room for improvement, particularly in response time and technical expertise.

Deployment

Microsoft Sentinel's setup is generally straightforward, particularly within cloud environments. Many find it easy to deploy quickly, often within minutes or hours. Complexity increases when integrating diverse or on-premises resources. Documentation aids in setup, yet challenges arise in onboarding data and using specific query languages. Previous experience with Microsoft tools is beneficial. Setup typically involves few people, and maintenance is minimal since Microsoft manages updates, yet customization requires additional expertise.

Scalability

Microsoft Sentinel offers impressive scalability, easily handling increased workloads due to its cloud-based infrastructure. Customers appreciate its automatic scaling, managed by Microsoft, without concerns for manual adjustments. Users mention cost considerations as scaling increases, but the system adapts well to varying demands across organizations of different sizes. Its cloud foundation ensures flexible growth, aligning with user needs and operating seamlessly without performance issues, supporting significant data volumes and diverse geographic regions.

Stability

Microsoft Sentinel is highly stable, with users reporting minimal performance issues. Instances of downtime are rare and often result from wider Azure platform challenges rather than Sentinel itself. Some stability concerns arise during complex custom configurations, yet standard setups perform reliably. Users praise its uptime, with availability often surpassing 99.9%. Though certain data connectors occasionally require reconnection or deprecation, the platform remains dependable and consistent across varied deployment environments.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Microsoft Sentinel Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	34
Midsize Enterprise	19
Large Enterprise	37

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	1607
Midsize Enterprise	1033
Large Enterprise	3463

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

15%

Financial Services Firm

11%

Manufacturing Company

Government

Comms Service Provider

University

Retailer

Educational Organization

Healthcare Company

Insurance Company

Energy/Utilities Company

Construction Company

Non Profit

Media Company

Real Estate/Law Firm

Legal Firm

Transportation Company

Outsourcing Company

Hospitality Company

Wholesaler/Distributor

Performing Arts

Recreational Facilities/Services Company

Consumer Goods Company

Pharma/Biotech Company

Marketing Services Firm

Logistics Company

Aerospace/Defense Firm

Compare Microsoft Sentinel with alternative products

Learn more about Microsoft Sentinel

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Microsoft Sentinel was previously known as Azure Sentinel.

Microsoft Sentinel customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

Julia Miller

Community Director at PeerSpot

Top SIEM Solutions & Success Stories: Strengthening Cybersecurity in Diverse Industries

What are your approaches on Azure Sentinel content deployment automation?

Which is better - Azure Sentinel or AWS Security Hub?

Which solution do you prefer: Microsoft Sentinel or Palo Alto Networks Cortex XSOAR?

What is a better choice, Splunk or Azure Sentinel?

What Solution for SIEM is Best To Be NIST 800-171 Compliant?

When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?

What are the main differences between Nessus and Arcsight?

What's The Best Way to Trial SIEM Solutions?

Which is the best SIEM solution for a government organization?

What is the difference between IT event correlation and aggregation?

Product Categories

Security Information and Event Management (SIEM)

Security Orchestration Automation and Response (SOAR)

Microsoft Security Suite

AI-Powered Cybersecurity Platforms

Popular Comparisons

CrowdStrike Falcon vs Microsoft Sentinel

Microsoft Intune vs Microsoft Sentinel

Wazuh vs Microsoft Sentinel

Microsoft Defender for Endpoint vs Microsoft Sentinel

Splunk Enterprise Security vs Microsoft Sentinel

Microsoft Entra ID vs Microsoft Sentinel

Microsoft Defender for Cloud vs Microsoft Sentinel

Darktrace vs Microsoft Sentinel

Microsoft Defender XDR vs Microsoft Sentinel

IBM Security QRadar vs Microsoft Sentinel

Microsoft Purview Data Governance vs Microsoft Sentinel

Cortex XDR by Palo Alto Networks vs Microsoft Sentinel

Azure Key Vault vs Microsoft Sentinel

Elastic Security vs Microsoft Sentinel

Azure Firewall vs Microsoft Sentinel

See all alternatives

Microsoft Sentinel Reviews Summary
Author info	Rating	Review Summary
Solutions Architect at a tech vendor with 201-500 employees	4.5	As a Solutions Architect, I find Microsoft Sentinel valuable for its integration capabilities and automation, enhancing threat detection and investigative depth. It provides cost savings and efficiency compared to previous solutions like LogRhythm, though improvements are needed in AWS and GCP integrations.
IT Consultant at MAN Truck & Bus SE	5.0	We transitioned to Microsoft Sentinel for improved cloud security and integration with Microsoft Intune and Entra ID. Its custom workbooks streamline threat response efficiently. Although potential AI enhancements are intriguing, cost remains a consideration compared to other solutions.
Director, Strategic Alliances at Armor Defense Inc.	4.0	We use Microsoft Sentinel as an MDR provider for its cloud-native capabilities, valuable data connectors, and comprehensive visibility across environments. It boosts customer engagement and data transparency while integrating well with Microsoft Azure and previous investments.
senior cyber security at a tech services company with 201-500 employees	4.0	I use Microsoft Sentinel for security incident management, benefiting from its unified SecOps dashboard and seamless integration with Microsoft products. However, the pricing tiers can be complicated, and there’s a need for more out-of-the-box data collectors.
Architect at a wholesaler/distributor with 201-500 employees	4.5	I use Microsoft Sentinel for SIEM, logging, threat intelligence, and threat hunting. It's enhanced our detection capabilities and centralized our logging, offering cost savings and efficiency over other products. However, pricing and licensing could be improved.
Chief Operating Officer at a tech services company with 51-200 employees	4.5	As a managed security service provider, I rely on Microsoft Sentinel for its cloud-native SIEM features, seamless integration, and automation, improving our efficiency significantly. Challenges remain in integrating beyond Microsoft's ecosystem, yet the ROI is evident.
Project Executive at synergyc	4.0	My security team has used Microsoft Sentinel for two years alongside Bastion and SolarWinds. Its valuable features include threat collection, detection, and response. We prefer other solutions for basic monitoring due to cost, though Sentinel promises better ROI long-term.
Systems Emgineer at a non-profit with 1-10 employees	4.5	We use Microsoft Sentinel as our main SIEM suite for alerts and automation, which integrates well with Microsoft Defender XDR. While Sentinel's automation improves threat-hunting, integrations with some tools like Meraki firewalls and Syslogs need enhancement.

Microsoft Sentinel Reviews

What is Microsoft Sentinel?

Featured Microsoft Sentinel reviews

Microsoft Sentinel mindshare

PeerResearch reports based on Microsoft Sentinel reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Microsoft Sentinel with alternative products

Learn more about Microsoft Sentinel

Microsoft Sentinel customers

Related articles

Related questions

Product Categories

Popular Comparisons