We performed a comparison between Microsoft Defender Threat Intelligence and Microsoft Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The global review and remediation of malicious code is probably the most valuable feature."
"It just runs in the background. I don't have to worry about, making sure it's Intelligence. So, you know, this kind of makes it very easy, have to worry about installing. It is easy to use."
"Microsoft collects trillions of signals from all over the world, which is incredibly valuable. It helps us identify zero-day vulnerabilities and global threats."
"Its user-friendliness is its most valuable aspect."
"The technical support services are excellent."
"The product's anti-spam and malware-scanning features are useful. We scan email attachments, documents, and malicious codes."
"You can use it to monitor third parties and ensure they are not under threat attacks. It is beneficial in the GRC model."
"The solution blocks incoming threats on the local PC or any cloud-based threats."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"We encounter problems connecting the product deployed on the user endpoints with the servers."
"Having up-to-date documentation and real-time reflections in all portals would be beneficial to keep users informed about any changes. Additionally, the frequent changes in Microsoft's UI and the movement of features between different products in the set pose difficulties."
"It would be beneficial to enhance the pricing structure and make it more affordable."
"The tool's onboarding of users that use on-premise or hybrid environments needs to be improved."
"One area where Microsoft Defender could be improved is in its support for non-Microsoft products, particularly for systems running Linux or other open-source platforms across ecosystems."
"It's a bit complicated to manage because you have many dependencies of servers, many dependencies in queue, and so on. Entries or different endpoints, and you make different configuration topics for each one. So that's a major problem."
"Microsoft Defender Threat Intelligence is evolving and needs to fix and enhance numerous issues like stability and licensing. The continuous rebranding and licensing changes are confusing."
"The stability of the product is an area of concern where improvements are required."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The product can be improved by reducing the cost to use AI machine learning."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"One key area that can be improved is by building a strong integration with our XDR platform."
More Microsoft Defender Threat Intelligence Pricing and Cost Advice →
Microsoft Defender Threat Intelligence is ranked 16th in Microsoft Security Suite with 23 reviews while Microsoft Sentinel is ranked 5th in Microsoft Security Suite with 85 reviews. Microsoft Defender Threat Intelligence is rated 8.4, while Microsoft Sentinel is rated 8.2. The top reviewer of Microsoft Defender Threat Intelligence writes "A tool that offers endpoint protection with low maintenance costs". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Microsoft Defender Threat Intelligence is most compared with STAXX, Cisco Threat Grid, ThreatConnect Threat Intelligence Platform (TIP), VirusTotal and Splunk Mission Control, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Microsoft Defender for Cloud, Splunk Enterprise Security and Elastic Security. See our Microsoft Defender Threat Intelligence vs. Microsoft Sentinel report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
