Try our new research platform with insights from 80,000+ expert users
Microsoft Sentinel Logo

Microsoft Sentinel pros and cons

Vendor: Microsoft
4.1 out of 5
Badge Ranked 1
Leave a review

Pros & Cons summary

Microsoft Sentinel offers seamless integration with the Microsoft ecosystem, enhancing security with SOAR capabilities for threat management in a unified platform. Its machine learning enhances threat intelligence while its cloud-native approach supports diverse data sources affordably. Despite its advantages, Sentinel's limited third-party integration, complex pricing, inadequate documentation, steep learning curve, and automation limitations can pose challenges, deterring users unfamiliar with advanced Microsoft features like KQL, thereby impacting its accessibility and comprehensive support.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Microsoft Sentinel offers seamless integration with the Microsoft ecosystem, enhancing security and streamlining operations.
The SOAR capability is a standout feature, allowing for comprehensive threat detection, investigation, and response, all within a unified platform.
Machine learning and artificial intelligence capabilities significantly improve threat intelligence and security efficiency.
Microsoft Sentinel's cloud-native approach provides robust support for a wide range of data sources, including third-party vendors.
Cost-effectiveness and affordability make Microsoft Sentinel an attractive choice for organizations looking to optimize their security infrastructure without high expenses.

CONS

Microsoft Sentinel's integration with third-party applications is limited, requiring more out-of-the-box connectors, especially for SaaS platforms.
The complexity of its pricing and cost can deter users, as many find it confusing and costly, especially with additional services.
Users face challenges with Azure Sentinel's documentation and technical support, which is not comprehensive enough for those unfamiliar with Microsoft products.
The learning curve is steep due to the requirement for advanced knowledge in using features like KQL, playbooks, and lack of intuitive onboarding.
Automation capabilities in Microsoft Sentinel could be enhanced, including better integration with security products and improved playbook features for ease of use.
 

Microsoft Sentinel Pros review quotes

MD
MarkDarwish
CEO at Danastar Professional Services, LLC
Jan 23, 2021
We have no complaints about the features or functionality.
Read full review
reviewer1404306 - PeerSpot reviewer
reviewer1404306
SOC Analyst at a wholesaler/distributor with 10,001+ employees
Feb 12, 2021
The pricing of the product is excellent.
Read full review
reviewer1342566 - PeerSpot reviewer
reviewer1342566
System Engineer at a tech vendor with 5,001-10,000 employees
Feb 24, 2021
In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store
Read full review
Buyer's Guide
Microsoft Sentinel
March 2026
Free Report: Microsoft Sentinel Reviews and More
Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
DOWNLOAD NOW
885,286 professionals have used our research since 2012.
reviewer1537419 - PeerSpot reviewer
reviewer1537419
Domain Architect at a government with 5,001-10,000 employees
Apr 12, 2021
Free ingestion for Azure logs (with E5 licence)
Read full review
SI
Sami Isoaho
Principal Cloud Architect at Viria Security Oy
Jun 3, 2021
The UI-based analytics are excellent.
Read full review
it_user1604991 - PeerSpot reviewer
it_user1604991
Senior Microsoft 365 Consultant at The Collective Consulting
Jul 12, 2021
Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents.
Read full review
reviewer1655235 - PeerSpot reviewer
reviewer1655235
Director - Technology Risk & Cyber at a financial services firm with 10,001+ employees
Aug 23, 2021
It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things.
Read full review
it_user1691883 - PeerSpot reviewer
it_user1691883
Information Security Lead at Enerjisa Üretim
Oct 12, 2021
It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us.
Read full review
SM
Sean Moore
Lead Azure Sentinel Architect at a financial services firm with 10,001+ employees
Oct 14, 2021
The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance.
Read full review
reviewer1681203 - PeerSpot reviewer
reviewer1681203
Sr. Microsoft Solutions Specialist at a tech vendor with 1,001-5,000 employees
Oct 15, 2021
One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service.
Read full review
Show 10 more reviews (out of 105)
 

Microsoft Sentinel Cons review quotes

MD
MarkDarwish
CEO at Danastar Professional Services, LLC
Jan 23, 2021
I would like to be able to monitor applications outside of the Azure Cloud.
Read full review
reviewer1404306 - PeerSpot reviewer
reviewer1404306
SOC Analyst at a wholesaler/distributor with 10,001+ employees
Feb 12, 2021
The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to.
Read full review
reviewer1342566 - PeerSpot reviewer
reviewer1342566
System Engineer at a tech vendor with 5,001-10,000 employees
Feb 24, 2021
They could use some kind of workbook. There is some limitation doing the editing and creating the workbook.
Read full review
Buyer's Guide
Microsoft Sentinel
March 2026
Free Report: Microsoft Sentinel Reviews and More
Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
DOWNLOAD NOW
885,286 professionals have used our research since 2012.
reviewer1537419 - PeerSpot reviewer
reviewer1537419
Domain Architect at a government with 5,001-10,000 employees
Apr 12, 2021
They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization.
Read full review
SI
Sami Isoaho
Principal Cloud Architect at Viria Security Oy
Jun 3, 2021
The on-prem log sources still require a lot of development.
Read full review
it_user1604991 - PeerSpot reviewer
it_user1604991
Senior Microsoft 365 Consultant at The Collective Consulting
Jul 12, 2021
The solution should allow for a streamlined CI/CD procedure.
Read full review
reviewer1655235 - PeerSpot reviewer
reviewer1655235
Director - Technology Risk & Cyber at a financial services firm with 10,001+ employees
Aug 23, 2021
Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification.
Read full review
it_user1691883 - PeerSpot reviewer
it_user1691883
Information Security Lead at Enerjisa Üretim
Oct 12, 2021
They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us.
Read full review
SM
Sean Moore
Lead Azure Sentinel Architect at a financial services firm with 10,001+ employees
Oct 14, 2021
If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies.
Read full review
reviewer1681203 - PeerSpot reviewer
reviewer1681203
Sr. Microsoft Solutions Specialist at a tech vendor with 1,001-5,000 employees
Oct 15, 2021
I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used.
Read full review
Show 10 more reviews (out of 105)

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Security Orchestration Automation and Response (SOAR)
Microsoft Security Suite
AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Microsoft Sentinel Logo
CrowdStrike Falcon vs Microsoft Sentinel
Microsoft Intune vs Microsoft Sentinel Logo
Microsoft Intune vs Microsoft Sentinel
Microsoft Defender for Endpoint vs Microsoft Sentinel Logo
Microsoft Defender for Endpoint vs Microsoft Sentinel
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Microsoft Entra ID vs Microsoft Sentinel Logo
Microsoft Entra ID vs Microsoft Sentinel
Splunk Enterprise Security vs Microsoft Sentinel Logo
Splunk Enterprise Security vs Microsoft Sentinel
Microsoft Defender for Cloud vs Microsoft Sentinel Logo
Microsoft Defender for Cloud vs Microsoft Sentinel
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel Logo
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel
Darktrace vs Microsoft Sentinel Logo
Darktrace vs Microsoft Sentinel
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Cribl vs Microsoft Sentinel Logo
Cribl vs Microsoft Sentinel
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Microsoft Defender XDR vs Microsoft Sentinel Logo
Microsoft Defender XDR vs Microsoft Sentinel
Microsoft Purview Data Governance vs Microsoft Sentinel Logo
Microsoft Purview Data Governance vs Microsoft Sentinel
Azure Key Vault vs Microsoft Sentinel Logo
Azure Key Vault vs Microsoft Sentinel
See all alternatives

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Security Orchestration Automation and Response (SOAR)
Microsoft Security Suite
AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Microsoft Sentinel Logo
CrowdStrike Falcon vs Microsoft Sentinel
Microsoft Intune vs Microsoft Sentinel Logo
Microsoft Intune vs Microsoft Sentinel
Microsoft Defender for Endpoint vs Microsoft Sentinel Logo
Microsoft Defender for Endpoint vs Microsoft Sentinel
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Microsoft Entra ID vs Microsoft Sentinel Logo
Microsoft Entra ID vs Microsoft Sentinel
Splunk Enterprise Security vs Microsoft Sentinel Logo
Splunk Enterprise Security vs Microsoft Sentinel
Microsoft Defender for Cloud vs Microsoft Sentinel Logo
Microsoft Defender for Cloud vs Microsoft Sentinel
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel Logo
Cortex XDR by Palo Alto Networks vs Microsoft Sentinel
Darktrace vs Microsoft Sentinel Logo
Darktrace vs Microsoft Sentinel
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Cribl vs Microsoft Sentinel Logo
Cribl vs Microsoft Sentinel
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Microsoft Defender XDR vs Microsoft Sentinel Logo
Microsoft Defender XDR vs Microsoft Sentinel
Microsoft Purview Data Governance vs Microsoft Sentinel Logo
Microsoft Purview Data Governance vs Microsoft Sentinel
Azure Key Vault vs Microsoft Sentinel Logo
Azure Key Vault vs Microsoft Sentinel
See all alternatives
Related questions
  • 39
What are your approaches on Azure Sentinel content deployment automation?
  • 92
Which is better - Azure Sentinel or AWS Security Hub?
  • 187
Which solution do you prefer: Microsoft Sentinel or Palo Alto Networks Cortex XSOAR?
  • 99
What is a better choice, Splunk or Azure Sentinel?
  • 155
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 121
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 96
What are the main differences between Nessus and Arcsight?
  • 107
What's The Best Way to Trial SIEM Solutions?
  • 135
Which is the best SIEM solution for a government organization?
  • 458
What is the difference between IT event correlation and aggregation?