Microsoft Intune vs Microsoft Sentinel comparison

Microsoft Intune
Read 174 Microsoft Intune reviews
  • 7,501 Views
  • 5,351 Comparison Views
92% willing to recommend
Microsoft Sentinel
Read 88 Microsoft Sentinel reviews
  • 5,602 Views
  • 3,212 Comparison Views
93% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Microsoft Intune and Microsoft Sentinel based on real PeerSpot user reviews.

Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Microsoft Intune vs. Microsoft Sentinel Report (Updated: May 2024).
Buyer's Guide
Microsoft Intune vs. Microsoft Sentinel
May 2024
Download the complete report
Helped 793,295 peers since 2012
 

Categories and Ranking

Microsoft Intune
Ranking in Microsoft Security Suite
2nd
Average Rating
8.0
Number of Reviews
174
Ranking in other categories
Configuration Management (3rd), Remote Access (1st), Enterprise Mobility Management (EMM) (1st), Unified Endpoint Management (UEM) (1st)
Microsoft Sentinel
Ranking in Microsoft Security Suite
5th
Average Rating
8.2
Number of Reviews
88
Ranking in other categories
Security Information and Event Management (SIEM) (2nd), Security Orchestration Automation and Response (SOAR) (1st)
 

Mindshare comparison

As of July 2024, in the Microsoft Security Suite category, the mindshare of Microsoft Intune is 19.4%, up from 10.4% compared to the previous year. The mindshare of Microsoft Sentinel is 5.5%, down from 6.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Microsoft Security Suite
Unique Categories:
Configuration Management
12.2%
Remote Access
5.5%
Security Information and Event Management (SIEM)
10.9%
Security Orchestration Automation and Response (SOAR)
22.4%
 

Featured Reviews

Alex Bazay - PeerSpot reviewer
Jun 4, 2024
Streamlines operations and reduces administrative overhead and attack surface
Microsoft Intune is helping to streamline operations and minimize administrative overhead. We are using the Enterprise Application Management features of Intune Suite. It is very well designed and very well suited for Microsoft-related applications. Third-party applications can require some workaround. They do not always organically fit into the solution, but, overall, it is a great option to have visibility into what the users are using and be able to set up some policies based on that. We can allow applications or deny applications. We can manage what users can onboard. Overall, it is a great solution. We can definitely simplify and streamline some security operations. Microsoft Intune is great for securing hybrid work and protecting data on company and BYO devices. What is more important is that it is not a static product. It is not that the product is very well established and not moving anywhere. It is constantly evolving. Microsoft seems to be spending lots of resources trying to improve and bring new features. That is great. We are starting with Intune's Endpoint Privilege Management feature. It definitely impacts productivity. It is great and definitely helps a lot. It helps minimize the attack surface because you do not have elevated privileges accounts available all the time. It helps mitigate or shrink the potential impact or potential entry points into the network. Microsoft Intune has helped us to manage the accounts with elevated privileges. We are a managed service provider. We sometimes have big turnarounds on the help desk. By their job definition, many of them are supposed to have access to different clients and different sensitive areas. It helps us to mitigate and manage these accounts, and, as a result, to be more secure. We can make sure that those accounts are not being distributed very freely. We have control over their actions. We have control over what they are doing. We have full visibility and accountability.
Read full review
SI
Sep 20, 2023
Helps prioritize threats and decreases time to detect and time to respond.
The analytics rules are excellent. It's pretty easy to create them. It’s all about SQL queries that we need to deploy at the back end. The search of the logs is easy. Before, there were no archival logs. Now, in recent versions, it’s easy to bring back the logs from the archives. We can research and query the archive of logs very easily. The visibility is great. It gives good alerts. The way an analyst can go and drill down into more details is simple, The ability to threat hunt has been useful. Sentinel helps us prioritize threats across the enterprise. With it, we have a single pane for monitoring security logs. As an MSP, they just ingest all the logs into the system, and this actually leads to a hierarchy for our integrations. It’s easy to review the logs for auditing purposes. We use more than one Microsoft security product. Other team members use Intune, Microsoft CASB, and Microsoft Defender as well. It’s easy to integrate everything. You just need to enable the connector in the back end. It takes one minute. These solutions work natively together to deliver coordinated detection responses across our environment. We just integrated the Microsoft Defender logs into Sentinel. It already has the prebuilt use cases in Sentinel, including threat-hunting playbooks, and automation playbooks. It's pretty easy and ready to use out of the box. Sentinel enables us to ingest data from our entire ecosystem. That's really the high point for us. The coverage needs to be expanded. The threat landscape is getting wider and wider and so we need to monitor each and every ecosystem in our customer organization's endpoints, including the endpoints or applications for systems or on the servers or network level. It needs to be integrated on all levels, whether it’s on-premises or cloud. It is really important to have a single point of security monitoring, to have everything coordinated. Sentinel enables us to investigate threats and respond holistically from one place. For that analyst team, the Sentinel page is like a single point of investigation layer for them. Whenever an incident is created, they can just come in and get deeper into a particular investigation incident. They are able to get more information, figure out the indicators, and make recommendations to customers or internal teams to help them take action. Given its built-in UEBA and threat intelligence capabilities, the comprehensiveness of Sentinel's security protection is really nice. The UEBA can be integrated with only the AD logs. And, since they need to get integrated with the networks and the VPN layers as well, it’s useful to have comprehensive security. It can be integrated into other Microsoft security products as well. Sentinel pricing is good. The customer doesn't want to worry about the enterprise infrastructure cost in the system. They worry about the enterprise cost and the management, and operation, CAPEX, et cetera. However, in general, the customer simply needs to worry only about the usage, for example, how much data is getting sent into the system. We can still refine the data ingestion layer as well and decide what needs to be monitored and whatnot. That way, we can pay only for what we are monitoring. Our Microsoft security solution helps automate routine tasks and help automate the finding of high-value alerts. By leveraging Sentinel's automation playbook, we have automated the integrations and triage as well. This has simplified the initial investigation triage, to the point where we do not need to do any initial investigations. It will directly go on into layer two or it directly goes to the customer status. Our Microsoft security solution helped eliminate having to look at multiple dashboards and gave us one XDR dashboard. The dashboard is pretty cool. We now have a single pane of glass. A lot of customization needs to be done, however, there are predefined dashboards and a content hub. We still leverage those dashboards to get the single view into multiple days, including the log volumes or types of security monitoring or in the operation monitoring system. Sentinel saves us time. Even just the deployment, it only takes ten minutes for the could. When you have on-premises tasks that are manual, it can take hours or a day to deploy the entire setup. Integrating the log sources used also takes time. By enabling out-of-the-box tools, we can save a lot of time here and there. Also, once you leverage automation, by simply leveraging logic apps in a local kind of environment, you don’t need to know much coding. You just need knowledge of logic at the back end. The solution has saved us money. While I’m not sure of the exact commercial price, it’s likely saved about 20% to 30%. The solution decreased our time to detect and your time to respond. For time to detect, by leveraging analytic rules, we’ve been able to cut down on time. Everything is happening within minutes. We can begin remediation quickly instead of in hours.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We use a local Active Directory, but we weren't able to manage all our on-site systems without a solution like Intune, and we needed to deploy software like VPNs and other things. It's seamless now to to this through Intune."
"One of the best features is Windows Autopilot because if you change any of your devices, whatever security policies and compliance policies that applied can be easily migrated to the new devices. Windows Autopilot gives you that flexibility."
"The stability is good."
"Intune enables us to manage our devices from anywhere."
"It is a stable solution."
"It is user-friendly, and the performance is also good. It is a convenient product"
"The most valuable includes managing everything from a single console."
"It is helpful for managing devices anytime and any place without requiring dependency on the local networks."
More Microsoft Intune pros
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The analytic rule is the most valuable feature."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
More Microsoft Sentinel pros
 

Cons

"Microsoft Intune needs to improve the initial login process."
"We would like to see support for Chrome and/or devices for Chromebooks."
"They should improve its compatibility with other operating systems such as iOS and Linux. It supports Linux but they still need to work on the iOS part."
"The solution could improve by having better integration with Apple."
"The information we receive at the device level needs improvement."
"I would like the ability to install the agent on devices from suppliers, which would enable us to implement a zero-trust strategy for guest devices."
"Due to the abundance of features, there's a lot to organize, which makes managing and setting up the solution challenging. The setup is immense, and it would be good to see improvement in this area."
"The solution requires Mac support."
More Microsoft Intune cons
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The solution could be more user-friendly; some query languages are required to operate it."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"The solution should allow for a streamlined CI/CD procedure."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
More Microsoft Sentinel cons
 

Pricing and Cost Advice

"It comes as a bundle, so you do not really know what the prices are. Microsoft does not break it down to the user cost for us. It is just bundled with our E5 license."
"The pricing for Intune and the competitor products are all within the same range, there is no true advantage when it comes to cost."
"We have the business premium licenses for the solution."
"It's affordable for the protection it gives. There are no additional costs."
"The pricing for Microsoft Intune is reasonable. Our clients are satisfied."
"Microsoft Intune is a cost effective choice. It is less expensive than other products on the market."
"The pricing is not cheap, especially with inflation. They've had to increase their prices. It's not excessive, but alright."
"For organizations that are a Microsoft shop, the pricing is compelling."
More Microsoft Intune pricing and cost advice
"Sentinel's price is comparable to pretty much everything out there. None of it is cheap, but we didn't think we could save money by going a different route. Sentinel was part of our Azure expenditures, so it was easier to add the expense instead of having a completely separate vendor."
"I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
"Sentinel is expensive relative to other products of the class, so it often isn't affordable for small-scale businesses. However, considering the solution has more extensive capabilities than others, the price is not so high. Pricing is based on GBs of ingested daily data, either by a pay-as-you-go or subscription model."
"The product is costly compared to Splunk."
"Sentinel is costly compared to other solutions, but it's fair. SIEM solutions like CrowdStrike charge based on daily log volume. They generally process a set number of logs for free before they start charging. Microsoft's pricing is clearer. It's free under five gigabytes. Some of these logs we ingest have a cost, so they don't hide it. I believe the tenant pays the price, and Microsoft helps create awareness of the cost."
"Microsoft Sentinel is included in our E5 license."
"Cost-wise, Sentinel is based on the volume of information being ingested, so it can be quite pricey. The ability to use strategies to control what data is being ingested is important."
"The solution is expensive and there is a daily usage fee."
More Microsoft Sentinel pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Microsoft Security Suite solutions are best for your needs.
See recommendations
793,295 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
24%
Computer Software Company
12%
Financial Services Firm
7%
Government
7%
Computer Software Company
17%
Financial Services Firm
10%
Government
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does Microsoft Intune compare with VMware Workspace One?
Microsoft Intune is a great tool for managing a mobile device fleet while keeping access control. The solution makes it easy to control security and manage the usage of mobile apps when you have a ...
See all answers
What are the pros and cons of Microsoft Intune?
Microsoft Intune is a great configuration management tool and has a lot of good things going for it. Here are some of the things I like about it: Pros: Protected productivity: Intune gives you th...
See all answers
How does Google Cloud Identity compare with Microsoft Intune?
Microsoft Intune offers not only an easy-to-deploy data protection and productivity management solution, but also access to both Microsoft’s user community as well as around-the-clock customer s...
See all answers
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
See all answers
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
See all answers
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
See all answers
 

Comparisons

Jamf Pro vs Microsoft Intune Logo
Jamf Pro vs Microsoft Intune
Compared 17% of the time
Workspace ONE UEM vs Microsoft Intune Logo
Workspace ONE UEM vs Microsoft Intune
Compared 10% of the time
ManageEngine Endpoint Central vs Microsoft Intune Logo
ManageEngine Endpoint Central vs Microsoft Intune
Compared 8% of the time
Microsoft Entra ID vs Microsoft Intune Logo
Microsoft Entra ID vs Microsoft Intune
Compared 6% of the time
SOTI MobiControl vs Microsoft Intune Logo
SOTI MobiControl vs Microsoft Intune
Compared 5% of the time
More Microsoft Intune Competitors
AWS Security Hub vs Microsoft Sentinel Logo
AWS Security Hub vs Microsoft Sentinel
Compared 18% of the time
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Compared 12% of the time
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Compared 6% of the time
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Compared 5% of the time
Cortex XSIAM vs Microsoft Sentinel Logo
Cortex XSIAM vs Microsoft Sentinel
Compared 5% of the time
More Microsoft Sentinel Competitors
 

Product Reports

Buyer's Guide
Microsoft Intune
July 2024
Microsoft Intune reportDownload Microsoft Intune product report
Buyer's Guide
Microsoft Sentinel
July 2024
Microsoft Sentinel reportDownload Microsoft Sentinel product report
 

Also Known As

Intune, MS Intune, Microsoft Endpoint Manager
Azure Sentinel
 

Learn More

Microsoft
Microsoft
 

Overview

Microsoft Intune is a comprehensive cloud-based service that allows you to remotely manage mobile devices and mobile applications without worrying about the security of your organization’s data. Device and app management can be used on company-owned devices as well as personal devices.

In an increasingly mobile workforce, Microsoft Intune keeps your sensitive data safe while on the move. Microsoft Intune makes it possible for your team members to work anywhere using their mobile devices. Microsoft Intune provides both the flexibility and the control needed for securing all your data on the cloud, no matter where the device with the data is located.

Microsoft Intune Device Management Key Features

With Microsoft Intune Device Management you can:

  • Ensure devices and apps are compliant with your security requirements.
  • Rapidly deploy and authenticate apps on all company devices.
  • Remotely access devices to troubleshoot issues or to remove data from them.
  • Generate reports for all devices in the system.
  • Monitor the way users access and share information to protect company information.
  • Set rules and configure settings on personal and organization-owned devices to access data and networks.
  • Create user groups and device groups, allowing you to rapidly access many users and devices simultaneously.

Mobile Application Management

Mobile application management in Intune is designed to protect your organization’s data at the application level.

With Microsoft Intune Application Management you can:

  • Configure apps to run with specific settings enabled.
  • Update existing apps that are already on the device.
  • See reports on which apps are used and monitor their usage.
  • Selectively wipe organization data from apps.
  • Add mobile apps to user groups and devices.

As part of Microsoft's Enterprise Mobility + Security (EMS) suite, Intune integrates with Microsoft Entra ID for access control and with Azure Information Protection for data protection. It also integrates with Microsoft 365 Applications.

Reviews from Real Users

Microsoft Intune stands out among its competitors for a number of reasons. Two major ones are its ability to secure all devices under its management and the flexibility that the solution offers its users.

A computing services manager notes, "Its security is most valuable. It gives us a way to secure devices, not only those that are steady. We do have a few tablets and other devices, and it is a way for us to secure these devices and manage them. We know they're out there and what's their status. We can manage their life cycle and verify that they're updated properly."

The head of IT engineering at a financial services company writes, "The one feature we find most useful is the Mobile Application Manager. There are two types: we have the complete MDM and the Mobile Application Manager (MAM). We don't give our users phones, it is their own personal phone, and we need to allow them to have access to the company details on their phone. We need to create a balance between their own personal data and the company data. We deploy the Mobile Application Manager for them so that we won't be able to interfere with their own personal data."

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

 

Sample Customers

Mitchells and Buzzers, Callaway
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Buyer's Guide
Microsoft Intune vs. Microsoft Sentinel
May 2024
Free Report: Microsoft Intune vs. Microsoft Sentinel
Find out what your peers are saying about Microsoft Intune vs. Microsoft Sentinel and other solutions. Updated: May 2024.
DOWNLOAD NOW
793,295 professionals have used our research since 2012.
See our Microsoft Intune vs. Microsoft Sentinel report.
See our list of best Microsoft Security Suite vendors.

We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.