• Home
  • Microsoft Defender for Endpoint vs. Microsoft Sentinel

Microsoft Defender for Endpoint vs Microsoft Sentinel comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Microsoft Defender for Endpoint vs. Microsoft Sentinel
September 2023
Executive Summary

We performed a comparison between Microsoft Defender for Endpoint and Microsoft Sentinel based on real PeerSpot user reviews.

Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Microsoft Defender for Endpoint vs. Microsoft Sentinel Report (Updated: September 2023).
Download the complete report
745,341 professionals have used our research since 2012.
Featured Review
Sivakumar Rathinakumar
Helps prioritize threats, offers good visibility, and saves us time
The visibility into threats that Defender for Endpoint provides is good because we are using all Microsoft products. Microsoft Defender for... Read more →
Anonymous User
It has an intuitive, user-friendly way to visualize the data
Sentinel gathers data from the organization's entire ecosystem, not just the local network. I like having the ability to investigate and respond... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The investigation aspect is the most useful. It's user friendly and has a good user interface.""Defender is stable, I haven't had any problems with viruses when using it, and it's easy to update.""The scalability is good.""One feature I like the most is vulnerability management, which shows any vulnerable software or OS present in my environment. Microsoft Defender for Endpoint provides a complete overview and also recommends the steps to mitigate the vulnerabilities or threats. Most of the other antivirus or EDR solutions generally don't provide vulnerability management. It is an add-on that Microsoft Defender for Endpoint provides.""The ransomware and malware protection is the most valuable feature.""This solution definitely increases our security posture. When you are reviewing your existing fleet or endpoints and based on the configuration that you put out of your Defender for Endpoint, you then receive a security score from Microsoft. Depending on what rules you have configured, what policies you have deployed, and what attack surface reduction rules that you have set up and deployed, it is almost gamifying information security in the sense that you are always trying to achieve a higher score. The more hardening you perform on your endpoints, the better score you receive. This generally tends to give you a better peace of mind, but also makes you secure at the same time.""Microsoft Defender for Endpoint comes pre-installed in Microsoft Windows.""The installation is straightforward."

More Microsoft Defender for Endpoint Pros →

"We are able to deploy within half an hour and we only require one person to complete the implementation.""We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place.""Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications.""The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found.""Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything.""Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible.""Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises.""The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."

More Microsoft Sentinel Pros →

Cons
"I would like to see improvement from a management perspective. We have had to depend on Intune for certain tasks.""Microsoft Defender for Endpoint could improve by providing more user-friendly dashboards. They may be complicated for some.""The scalability could be improved - I would rate it between a seven and an eight.""The solution has minimal customization options, especially compared to Mandiant, so we want to see more scope for customization. A single portal for customization would also be a welcome addition.""I have accounts for administrators and corporate employees, but I also have accounts for students. I can't split these types of accounts. I need a separate configuration for both... I need to research how I can get alerts for only the administrative machines.""Microsoft Defender for Endpoint could provide us with a more holistic approach, such as collaboration. They can provide us with an environment from where we can manage all the endpoints from one central location, such as overall management.""One thing that was lacking in Defender was web filtering. Its web filtering wasn't as comprehensive. Sophos was a little bit better than Defender for blocking URLs or installing programs.""Lacks some additional integration."

More Microsoft Defender for Endpoint Cons →

"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest.""For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons.""I would like to see more AI used in processes.""The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything...""We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days.""Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field.""They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work.""Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."

More Microsoft Sentinel Cons →

Pricing and Cost Advice
  • "We pay a yearly license for Microsoft Defender. We also have a support contract with them."
  • "The solution is free with Windows."
  • "You do not need to pay any additional costs for antivirus and anti-malware solutions for endpoint protection."
  • "The solutions price could be cheaper."
  • "Microsoft has different plans for buying this product. The price depends on the configuration of the full set of products that you buy and on the licensing program in your contract."
  • "Licensing models of Microsoft are renowned for being complex. We just purchased the whole E5 stack. With E5 licenses for users, we get access to a bunch of features that are not just related to security. I would rate them a three out of five in terms of pricing."
  • "This solution is part of an enterprise license we have."
  • "Compared to ESET, the pricing for Microsoft Defender for Endpoint is on the higher side."

    • More Microsoft Defender for Endpoint Pricing and Cost Advice →

  • "I have worked with a lot of SIEMs. We are using Sentinel three to four times more than other SIEMs that we have used. Azure Sentinel's only limitation is its price point. Sentinel costs a lot if your ingestion goes up to a certain point."
  • "Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect."
  • "For us, it is not expensive at this time, but if we start to collect all logs from our on-premise SIEM solutions, it will cost more than QRadar. If we calculate its cost over the next five or ten years, it will cost more than what we paid for QRadar."
  • "I don't know yet because they gave us a 30-day test window for free."
  • "It's costly to maintain and renew."
  • "Microsoft Sentinel is expensive."
  • "Sentinel is pretty competitive. The pricing is at the level of other SIEM solutions."
  • "It is certainly the most expensive solution. The cost is very high. We need to do an assessment using the one-month trial so that we can study the cost side. Before implementing it, we must do a careful calculation."

    • More Microsoft Sentinel Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Microsoft Security Suite solutions are best for your needs.
    See Recommendations
    745,341 professionals have used our research since 2012.
    Questions from the Community
    How is Cortex XDR compared with Microsoft Defender?
    Top Answer:Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-based… more »
    Which offers better endpoint security - Symantec or Microsoft Defender?
    Top Answer:We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution Microsoft Defender for Endpoint is a cloud-delivered endpoint security… more »
    How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
    Top Answer:The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature but… more »
    Read all 2 answers   →
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized by… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will… more »
    Read all 2 answers   →
    Ranking
    6th
    out of 35 in Microsoft Security Suite
    Views
    2,676
    Comparisons
    2,372
    Reviews
    93
    Average Words per Review
    851
    Rating
    8.1
    5th
    out of 35 in Microsoft Security Suite
    Views
    4,101
    Comparisons
    2,368
    Reviews
    68
    Average Words per Review
    1,570
    Rating
    8.3
    Comparisons
    Also Known As
    Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
    Azure Sentinel
    Learn More
    Microsoft
    Microsoft
    Overview

    Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks.

    With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to quickly investigate and respond to security incidents. It provides detailed insights into the attack timeline, enabling security teams to understand the scope and impact of an incident.

    Microsoft Defender for Endpoint also offers proactive threat hunting, allowing organizations to proactively search for and identify potential threats within their network. It integrates seamlessly with other Microsoft security solutions, such as Microsoft Defender XDR, to provide a unified and holistic security approach. With its centralized management console, organizations can easily deploy, configure, and monitor the security solution across their entire network.

    Microsoft Defender for Endpoint is a robust and scalable security solution that helps organizations protect their endpoints and data from evolving cyber threats.

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Offer
    Learn more about Microsoft Defender for Endpoint
    Learn More
    Learn more about Microsoft Sentinel
    Learn More
    Sample Customers
    Petrofrac, Metro CSG, Christus Health
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Top Industries
    REVIEWERS
    Financial Services Firm19%
    Computer Software Company16%
    Comms Service Provider7%
    Energy/Utilities Company7%
    VISITORS READING REVIEWS
    Educational Organization20%
    Computer Software Company13%
    Government8%
    Financial Services Firm7%
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Real Estate/Law Firm6%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business40%
    Midsize Enterprise17%
    Large Enterprise43%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise31%
    Large Enterprise47%
    REVIEWERS
    Small Business33%
    Midsize Enterprise20%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise16%
    Large Enterprise60%
    Buyer's Guide
    Microsoft Defender for Endpoint vs. Microsoft Sentinel
    September 2023
    Free Report: Microsoft Defender for Endpoint vs. Microsoft Sentinel
    Find out what your peers are saying about Microsoft Defender for Endpoint vs. Microsoft Sentinel and other solutions. Updated: September 2023.
    DOWNLOAD NOW
    745,341 professionals have used our research since 2012.

    Microsoft Defender for Endpoint is ranked 6th in Microsoft Security Suite with 92 reviews while Microsoft Sentinel is ranked 5th in Microsoft Security Suite with 67 reviews. Microsoft Defender for Endpoint is rated 8.2, while Microsoft Sentinel is rated 8.4. The top reviewer of Microsoft Defender for Endpoint writes "You can access all your security data and telemetry from a single pane of glass". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Microsoft Defender for Endpoint is most compared with Intercept X Endpoint, Symantec Endpoint Security, CrowdStrike Falcon, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security and Microsoft Defender for Cloud. See our Microsoft Defender for Endpoint vs. Microsoft Sentinel report.

    See our list of best Microsoft Security Suite vendors.

    We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.